IETF Logo Mail Archive

Re: [Hipsec] Selection of LSI address block

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Thu, 20 August 2009 20:49 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFF7A28C15F for <hipsec@core3.amsl.com>; Thu, 20 Aug 2009 13:49:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.106
X-Spam-Level:
X-Spam-Status: No, score=-6.106 tagged_above=-999 required=5 tests=[AWL=0.493, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TQPhZZlNtUG5 for <hipsec@core3.amsl.com>; Thu, 20 Aug 2009 13:49:54 -0700 (PDT)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id 60BC028C176 for <hipsec@ietf.org>; Thu, 20 Aug 2009 13:49:49 -0700 (PDT)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id n7KKnEtG013696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 20 Aug 2009 15:49:19 -0500 (CDT)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id n7KKnExS028841; Thu, 20 Aug 2009 15:49:14 -0500 (CDT)
Received: from XCH-NWBH-11.nw.nos.boeing.com (xch-nwbh-11.nw.nos.boeing.com [130.247.55.84]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id n7KKn56o028580; Thu, 20 Aug 2009 15:49:14 -0500 (CDT)
Received: from XCH-NW-5V1.nw.nos.boeing.com ([130.247.55.44]) by XCH-NWBH-11.nw.nos.boeing.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 20 Aug 2009 13:49:12 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 20 Aug 2009 13:49:11 -0700
Message-ID: <77F357662F8BFA4CA7074B0410171B6D0A8B7264@XCH-NW-5V1.nw.nos.boeing.com>
In-Reply-To: <4A8D2557.4060705@htt-consult.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Hipsec] Selection of LSI address block
Thread-Index: AcohgS95UaY1iJZhRnWDassD525O4wALimiQ
References: <4A8CF111.5010901@hiit.fi> <4A8D2557.4060705@htt-consult.com>
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: Robert Moskowitz <rgm@htt-consult.com>, miika.komu@hiit.fi
X-OriginalArrivalTime: 20 Aug 2009 20:49:12.0526 (UTC) FILETIME=[AC4356E0:01CA21D7]
Cc: hipsec@ietf.org
Subject: Re: [Hipsec] Selection of LSI address block
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Aug 2009 20:49:55 -0000

 

> -----Original Message-----
> From: Robert Moskowitz [mailto:rgm@htt-consult.com] 
> Sent: Thursday, August 20, 2009 3:29 AM
> To: miika.komu@hiit.fi
> Cc: hipsec@ietf.org
> Subject: Re: [Hipsec] Selection of LSI address block
> 
> Miika Komu wrote:
> > Ahrenholz, Jeffrey M wrote:
> >
> > Hi,
> >
> >>> We have discussed using 127.0.0.0 for LSIs, say 
> 127.100.0.0/16, but 
> >>> will that really work?
> >>
> >> in the OpenHIP software we have a macro IN_LOOP() to check 
> if an IPv4
> >> address is equal to (INADDR_LOOPBACK >> IN_CLASSA_NSHIFT), i.e. if 
> >> the top bits equal 127
> >> (see /usr/include/netinet/in.h on Linux)
> >>
> >> I wonder if other applications use similar techniques to check for
> >> loopback addresses? Using 127.100.0.0/16 would be 
> problematic in that
> >> case.
> >
> > many apps probably (?) just check 127.0.0.0/8 which could be a big 
> > problem for HIP. I would prefer getting a slot from 
> 1.0.0.0/x address 
> > space to avoid such problems. We have been experimenting with the 
> > 1.0.0.0/x address space without any problems. 
> 
> Then we need to make an official request from IANA.
> 
> 
> It should come from our chairs. But some text from our 
> developers as to 
> why 127 won't work MAY be of value.
> 

For use within the host only, I think it would be nice to get an
allocation for this type of usage, but I don't think it is strictly
required.  It seems to me that the main requirement for LSIs is to use a
range of 32-bit numbers that can be distinguished from destination IP
addresses reachable from the host, but that are not in the range of
special IP addresses (224/8, 127/8) that might be checked by
applications.  The other consideration is that some other overlay on the
host is not using those same numbers (i.e. they need to be locally
deconflicted).  Use of private address space or just squatting on some
other prefix like within 240/8 should also work and be permitted in the
specifications (i.e. should be a matter of local deployments). 

For use within a larger scope, such as a site, an address range in an
existing private address block might be the best choice.

If there is a request for special allocation, it might help to note that
the need is more general than HIP and that other overlays could use
this; i.e. maybe something like an "HID" (host identifier) prefix for
IPv4, of which HIP is one use case.

Tom

v2.30.2 | Report a Bug | By Email | System Status