Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]
marcelo bagnulo braun <marcelo@it.uc3m.es> Thu, 02 March 2006 15:19 UTC
Envelope-to: shim6-data@psg.com
Delivery-date: Thu, 02 Mar 2006 15:20:23 +0000
Mime-Version: 1.0 (Apple Message framework v623)
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Message-Id: <c324b368e79fed112b0ee1efd636d461@it.uc3m.es>
Content-Transfer-Encoding: quoted-printable
Cc: shim6 <shim6@psg.com>
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Subject: Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt]
Date: Thu, 02 Mar 2006 17:19:42 +0200
To: Erik Nordmark <erik.nordmark@sun.com>
Hi Erik, I think the draft is very useful and provides very good insight of these interesting issues. Allow me to do some comments. About full id/locator split in shim6 In section 2.1 it is stated that Since we are likely to have applications communicate to both hosts which have an IP identifier and those which only have the IP locators, it is highly desirable to be able to have a syntactic means to tell an IP identifier apart from an IP locator. A reasonable approach is to allocate a small subset of the IPv6 address space [23] to be non-routable IP identifiers, in a similar means to the KHI approach [24]. The desired semantics of an IP identifier is to be a name that refers to an instance of the IP protocol. Hence it should not be bound to a particular network interface. Also, it is desirable for the identifier to be long term stable, for instance ensuring that the identifier survives renumbering. As we will discuss below, for application referrals to work using 128-bit IP "addresses" as handles for another host, there has to be an efficient and scalable way to look up an identifier and find the locators. An obvious way to get scalability is to do hierarchical allocation of the identifiers, since this allows for a scalable, hierarchical organization of a lookup system and also ensures that the identifiers are unique. While it certainly isn't the only possibility, in order to work out a complete picture, this document suggests such a hierarchical allocation, in such a way that at least 64 bits of the identifier is left to each site to allocate. (With 64 bits we can use CGA to "prove" identifier ownership as a way to prevent redirection attacks from off-path attackers.) all the above conditions seem to be fulfilled by ULAs, but they are not mentioned anywhere (only in the references) did you have something different in mind or ULAs are a good candidate for this? In sections 2.4 and 2.5 the handling of referrals is presented. I guess that an additional problem that shows up in the case that ids are not valid locators is the support of legacy hosts. I mean, since the ones that are passing ulid information are the applications, it is possible that the ulid ends up in a legacy host that does not implement the shim and that is not able to translate the id into a locator, even if the directory service is available. So, even with this approach, the referral case still presents some issues imho In section 2.6 Design Alternatives it is stated If the identifiers are placed in the DNS using AAAA records, then the lookup for the AAAA record set (to find the identifier) might also return a list of locators. another alternative that probably would result in similar behaviour would be that the identifier is included in the identifier record, but that the same query that returns the ID record also returns the locator set associated to this identifier in the additional information field Such information would be delivered by the resolver to the shim process which would store it for when the packet addressed to the identifier arrives Such a list can potentially be useful to avoid the ip6.arpa lookup to find the locators. But relying on this means that the reverse lookup from the identifier will only be used in uncommon cases such as: o The shim6 context state having been garbage collected too early, and the upper-layer protocol sends down a packet with a destination ULID which is a non-routable identifier. o Application callbacks, referrals, and long-lived application handles [27] that are IP addresses. For this reason it makes sense to be more consistent and always rely on the reverse lookup when the context is established. I fail to understand this point. I mean avoiding extra DNS lookups is good, since it reduces latency and load to the servers. why do we want to impose this? just to make sure that the reverse information is in place i.e. that the reverse tree is properly populated? i think this is an expensive price to pay for this and i would rather prefer that those that have the reverse tree poorly populated simply have problems with the referrals rather than imposing a penalty to all shim communications About using v4 locators I think that supporting v4 locators would be very valuable for the protocol. I would suggest to move this to a separate document and adopt it. (maybe it could be included in the base spec since it seems quite trivial to do) The option proposed for this in the draft is: When CGA is used to prevent redirection attacks in shim6, there is no constraint on the locators that are used apart from host B must know its own locators so it can pass it them to host A. In particular, we can use IPv4 addresses as locators; this doesn't require anything more than defining how an IPv4 address is carried in the 128-bit fields in the Locator List option. I wonder if it wouldn't be better to change the verification method field to a generic Flag field and use some bits there to specify the address family, what do you think? w.r.t. NAT i guess that an additional consideration is how does the host detects its own addresses in order to include them in its own locator set and communicate them to the peer. Of course, shim should be able to detect private addresses and not include them in the Ls(local) IMHO a reasonable trade-off would be now to specify how IPv4 addresses could be used as locators when no nat is involved and leave the nat support for further study About TE and source address rewriting by exit routers In section 1.2 it is stated that o With ULIDs that are non-routable identifiers, there will most likely be only one identifier for the destination as well as the source. Thus the role of RFC 3484 is largely removed. But there is an additional step of looking up the identifier to find the locator, and at that point in time it makes sense to consider traffic engineering for selecting the initial locator pair. The point here, i guess is that RFC3484 is used today to select addresses for initial contact. As those addresses are going to be used both as ULIDs and locator, then RFC3484 is currently used to select both. In the case that we use a ULID that it is not a locator, then which mechanism are we going to use to select each of them, In the draft it is assumed that a single identifier will be available for an endpoint. I don't see the need to have more than one, but i guess it would make sense to consider the case, but we can probably deffer this till later. However, it seems reasonable to have more than one locator. The question would be at this point why not use RFC3484 (or RFC3484bis) to select among the multiple locator pair combinations? In other words, i don't see that the role of RFC3484 removed, but rather that RFC3484 is used to perform locator pair selection rather than ULID pair selection... does this makes sense? Moreover, i would wonder if it didn't make sense to use RFC3484 to select locators after a failure i.e. to select the locators to explore after a failure is detected using RFC3484 for that, or even if we have multiple address pairs that are working as locators, to use RFC3484 to select which one among them to use to rehome the communication. It would also make sense imho to explore the relation between RFC3484 and the locator preference option. I mean, the preference option is used by the local host to inform the peer about its preferences when the peer selects the locator to use. RFC3484 is about which of the local locators will the local host use for communication. Probably, there these two are somehow related i.e. in many cases probably the local host would want that these two criteria are similar i guess Essentially, the question is whether RFC3484 is a good candidate for locator selection and how this relates to the preference information available in SHIM. in section 3. Traffic Engineering Support The traffic engineering pieces that might be desirable and that are easy to implement in this model are outlined in this section. If the ULID is a routable locator, then it makes sense to recommend that applications use DNS SRV records for the initial (non-shimmed) contact, and also provide at least a DHCPv6 option by which a site administrator can control what each host in the site uses in the shim6 Locator Preference option. In the case when the ULID is a non-routable identifier, a different set of mechanisms are desirable. Instead of using DNS SRV records for the lookup of the domain name of the peer, we want similar control when looking up an identifier to find the set of locators. I guess that the information in SRV records is about the peer's preferences about its own locators The same thing w.r.t. the preference information received in the preference option of the shim protocol however, the local host may also have some policy w.r.t. which locator prefer when there are multiple of them for a given destiantion. I guess that the local preferences will be expressed in the RFC3484 table I guess that an additional issue to consider would be the interaction between remote policy information obtained through SRV/preference option and the local policy information in rfc3484 policy table later on in section 3.1 Recommending use of DNS SRV In shim6 as specified, the host rely on existing DNS mechanisms, such as AAAA records or any other mechanism, to find a list of locators to try. When AAAA records are used, there is no mechanism for the destination site to express any ranking for primary/fallback, or any mechanism to spread load across the paths that are represented by the locators, since the AAAA resource record set is treated as a set with no implied order. This is not strictly true, i believe I mean, rfc3484 preserves the order of the received locator list if no rules apply So, if for the local host all the addresses are equal, then the order in which the locators are returned by the DNS is preserved, and the app is likely to pick the first one So, changing the order in which DNS returns the locator list would likely result in some form of load sharing AFAIK Perhaps if the order is always the same, a behaviour similar to primary backup could be achieved. I agree though that using SRV records would result in a more fine grained well documented behaviour In sections 3.4 and section 3.5 a mechanisms for supporting source address rewriting by hosts is presented. I have two comments w.r.t. to the mechanisms presented: First, i think that the idea to carry the Sent Locator Pair and Received Locator pair options to discover and allow coordination between routers and hosts is very clever. As i understand it the main focus is putted in the case where host A learns through this option new locators of its own. However, it may be case that a host receives a payload packet with a new locator from its peer i.e. the source locator is not included in Ls(peer). In this case, it will accept the packet since the CT match, but it cannot use it to send packets until a CGA/HBA verification of this locator is presented by the peer. However, when it sends the new locator in the received locator option, the peer should sent an Update request the includes the new locator signed with CGA. I am not sure if this is what is expressed in the last bullet of section 3.4... Second, i think that the presented mechanisms are potentially very useful for rewriting payload packets, but i really don't think it worth the effort to rewrite the source address of the shim control message. I mean, they are a fairly reduced amount of packets, so i guess that they don't really affect TE considerations. Supporting this adds additional complexity to a protocol which is already fairly complex imho. I mean, i guess it can be done as you present in the draft, but i don't think we win much with allowing rewriting of these few packet and we would be adding much complexity. I would keep it just for data packets and not for signalling packets regards, marcelo El 01/03/2006, a las 21:45, Erik Nordmark escribió: > > > -------- Original Message -------- > Subject: I-D ACTION:draft-nordmark-shim6-esd-00.txt > Date: Tue, 28 Feb 2006 15:50:02 -0500 > From: Internet-Drafts@ietf.org > Reply-To: internet-drafts@ietf.org > To: i-d-announce@ietf.org > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > > > Title : Extended Shim6 Design for ID/loc split and > Traffic Engineering > Author(s) : E. Nordmark > Filename : draft-nordmark-shim6-esd-00.txt > Pages : 25 > Date : 2006-2-28 > > The Shim6 protocol provides for locator agility while satisfying the > 'first, do no harm' security requirements. This document outlines > some extensions to Shim6 that in addition provides complete > separation between identifiers and locators, and allows routers to > rewrite the locators in the shim6 packets as a way to provide > traffic > engineering information to the hosts. > > The document also outlines a simple extension to allow shim6, with a > CGA upper-layer ID, to operate using IPv4 addresses as locators. > > The purpose of this outline is to stimulate discussions. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-nordmark-shim6-esd-00.txt > > To remove yourself from the I-D Announcement list, send a message to > i-d-announce-request@ietf.org with the word unsubscribe in the body of > the message. > You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announce > to change your subscription settings. > > > Internet-Drafts are also available by anonymous FTP. Login with the > username > "anonymous" and a password of your e-mail address. After logging in, > type "cd internet-drafts" and then > "get draft-nordmark-shim6-esd-00.txt". > > A list of Internet-Drafts directories can be found in > http://www.ietf.org/shadow.html > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > Internet-Drafts can also be obtained by e-mail. > > Send a message to: > mailserv@ietf.org. > In the body type: > "FILE /internet-drafts/draft-nordmark-shim6-esd-00.txt". > > NOTE: The mail server at ietf.org can return the document in > MIME-encoded form by using the "mpack" utility. To use this > feature, insert the command "ENCODING mime" before the "FILE" > command. To decode the response(s), you will need "munpack" or > a MIME-compliant mail reader. Different MIME-compliant mail readers > exhibit different behavior, especially when dealing with > "multipart" MIME messages (i.e. documents which have been split > up into multiple messages), so check your local documentation on > how to manipulate these messages. > > > Below is the data which will enable a MIME compliant mail reader > implementation to automatically retrieve the ASCII version of the > Internet-Draft. > > Content-Type: text/plain > Content-ID: <2006-2-28145153.I-D@ietf.org> > > > _______________________________________________ > I-D-Announce mailing list > I-D-Announce@ietf.org > https://www1.ietf.org/mailman/listinfo/i-d-announce >
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Scott Leibrand
- RE: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Henderson, Thomas R
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Erik Nordmark
- RE: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Henderson, Thomas R
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Erik Nordmark
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Erik Nordmark
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Erik Nordmark
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun
- [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.txt] Erik Nordmark
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… Scott Leibrand
- Re: [Fwd: I-D ACTION:draft-nordmark-shim6-esd-00.… marcelo bagnulo braun