Re: [nbs] NBS and TCP connection identification

[Jan M <jmgm@iki.fi>]

Hi,

See the question at the bottom....

On Oct 14, 2010, at 6:28 PM, Javier Ubillos wrote:

> On Thu, 2010-10-14 at 08:45 +0300, Jan M wrote:
>> Hi Christian,
>> 
>> On Oct 13, 2010, at 9:19 PM, Christian Vogt wrote:
>> 
>>>> If there was a host at certain IP A (obtained via DHCP) with synthesized name A when the next host (different) gets the same IP A from DHCP will it have the same name A?  What should the peer be able to determine from this name and how will it know that it is different or same instance as the previous?
>>> 
>>> Yes, if DHCP hands out the same IP address to different hosts sequentially, and if those hosts are both legacy, the hosts' synthesized names will look the same.  But this is in line with the semantics of a synthesized name:  A synthesized name refers to the host that used the encoded IP address at the time of session initiation.  By implication, synthesized names are good only throughout a session -- for session identification across address changes.  Synthesized names cannot be used to re-identify a host across sessions.
>>> 
>>> Does this make sense?
>> 
>> Actually I don't see how this could work for either session identification. If the host initiates the session with RFC1918 address behind the NAT then the peer sees synthesized name NAT.in-addr.arpa and client thinks it is RFC1918.in-addr.arpa. Now it tries to use this name on the other interface it has and it sends to the peer "Hi, I'm RFC1918.in-addr.arpa I would like to add V.X.Y.Z. address to the existing RFC1918.in-addr.arpa session" but the peer has only session NAT.in-addr.arpa so it wont be able to identify the session or am I missing something? So I guess you need some network support to resolve that the name of the session is actually NAT.in-addr.arpa not RFC1918.in-addr.arpa?
>> 
>> Additionally the session identification comes even more complex when you have multiple hosts behind the as not all can identify themselves as NAT.example.com or how do you plan to avoid situation where multiple hosts are saying that "Hi I'm NAT.in-addr.arpa and I would like to add address to address on port 80" so how would the peer know which session to associate new address as the source port is probably not usable as you can't count on it to be same all session to be added?
> 
> 
> Consider the synthesized name an arbitrary label. Completely irrelevant
> for the communication.
> 
> Assume that host A is behind a NAT,
> and assume that we're talking TCP.
> 
> Host A has  |  Host B has
> IP(A)       |  IP(B)
> Port(A)     |  Port(B)
> Name(A)     |  Name(B)
> 
> When Host A sends a packet to B, and only receives Bs address in a
> literal manner, the packet on the network is still sent to
> IP(B):TcpPort(B). The names Name(A) & Name(B) are added in an extension
> header, but for the network, it is considered payload only.
> 
> When it arrives at Host B, Name(A) will be used as a sessionlabel with
> no particular semantics. The label will never be derived to an IP, hence
> there is no risk that the IP changes owner. This is all managed by
> name-based sockets (e.g. by the shim6 extension).
> 
> Conversely, when the reply from Host B to A is sent, it follows normal
> IP+NAT protocol. The names are, from a network perspective, just
> payload.
> 
> What _could_ be an issue to be solved, is what happens when labels
> collide. But I don't think this will be a major problem, as long as each
> socket is well isolated from other sockets.


Are you saying that the labels wouldn't be derived from the addresses? Earlier Christian said that they would? If not then how do you generate the label and ensure that it is unique enough? Is the label a hash of something or what are the semantics? 

Is the plan to generate this session label also in the case where the peer has a FQDN or not? If not then again I guess that would mean that you have two different ways of naming sockets depending whether the FQDN was know or not when the socket was bound?

    Jan