IETF Logo Mail Archive

Re: [shim6] Unknown locator [WG Last Call fordraft-ietf-shim6-multihome-shim-api]

"Henderson, Thomas R" <thomas.r.henderson@boeing.com> Sat, 19 December 2009 16:34 UTC

Return-Path: <thomas.r.henderson@boeing.com>
X-Original-To: shim6@core3.amsl.com
Delivered-To: shim6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E4EBC3A67B3 for <shim6@core3.amsl.com>; Sat, 19 Dec 2009 08:34:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XL7fLtvuiNRW for <shim6@core3.amsl.com>; Sat, 19 Dec 2009 08:34:07 -0800 (PST)
Received: from stl-smtpout-01.boeing.com (stl-smtpout-01.boeing.com [130.76.96.56]) by core3.amsl.com (Postfix) with ESMTP id CDBF63A681C for <shim6@ietf.org>; Sat, 19 Dec 2009 08:34:07 -0800 (PST)
Received: from stl-av-01.boeing.com (stl-av-01.boeing.com [192.76.190.6]) by stl-smtpout-01.ns.cs.boeing.com (8.14.0/8.14.0/8.14.0/SMTPOUT) with ESMTP id nBJGXicX009914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Sat, 19 Dec 2009 10:33:44 -0600 (CST)
Received: from stl-av-01.boeing.com (localhost [127.0.0.1]) by stl-av-01.boeing.com (8.14.0/8.14.0/DOWNSTREAM_RELAY) with ESMTP id nBJGXiSe025503; Sat, 19 Dec 2009 10:33:44 -0600 (CST)
Received: from XCH-NWHT-07.nw.nos.boeing.com (xch-nwht-07.nw.nos.boeing.com [130.247.25.111]) by stl-av-01.boeing.com (8.14.0/8.14.0/UPSTREAM_RELAY) with ESMTP id nBJGXhEG025489 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=OK); Sat, 19 Dec 2009 10:33:44 -0600 (CST)
Received: from XCH-NW-10V.nw.nos.boeing.com ([130.247.25.85]) by XCH-NWHT-07.nw.nos.boeing.com ([130.247.25.111]) with mapi; Sat, 19 Dec 2009 08:33:43 -0800
From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
To: 'Shinta Sugimoto' <shinta.sugimoto@ericsson.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Date: Sat, 19 Dec 2009 08:33:42 -0800
Thread-Topic: Unknown locator [WG Last Call fordraft-ietf-shim6-multihome-shim-api]
Thread-Index: Acp89uTD7ECcjlo5R5yeHzsVKcuvLwCLbuFgAGVeWiA=
Message-ID: <7CC566635CFE364D87DC5803D4712A6C4C1CAF19AD@XCH-NW-10V.nw.nos.boeing.com>
References: <D20B2D29-D285-43A0-A1F8-AA12055059B5@apnic.net><4B246C43.903000 3@gmail.com><541EE6CB2B85BE4389E2910C9B4BC77E01C40860EC@ESGSCCMS0002.eapac.ericsson.se><4B269750.8040505@gmail.com> <541EE6CB2B85BE4389E2910C9B4BC77E01C40C6E71@ESGSCCMS0002.eapac.ericsson.se>
In-Reply-To: <541EE6CB2B85BE4389E2910C9B4BC77E01C40C6E71@ESGSCCMS0002.eapac.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "shim6@ietf.org" <shim6@ietf.org>, Kristian Slavov <kristian.slavov@ericsson.com>, "miika@iki.fi" <miika@iki.fi>
Subject: Re: [shim6] Unknown locator [WG Last Call fordraft-ietf-shim6-multihome-shim-api]
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2009 16:34:09 -0000

> >
> > Well, I don't quite understand how an extra locator provided
> > by the upper layer can ever pass the CGA/HBA test. So I don't
> > really understand the unknown locator mechanism, I guess.
> > Maybe it can never work in the case of SHIM6 or HIP but might
> > work with some other kind of shim?

I think it will work with HIP, perhaps not with shim6.  My original read of the draft was that this case of the shim rejecting a locator provided by the application was covered by returning an error EINVALIDLOCATOR (see the very end of Section 5 of the draft).

It seemed to me that the open issue in practice is to be able to pass the knowledge of a new possible locator that was provided by the application to the shim layer, and might then need to be communicated via some kind of upcall to a user-space daemon doing reachability tests, etc.  However, such an upcall is outside the scope of this draft.

>
> After re-thinking, I think we need to handle two cases: 1)
> application sending data with unknown source/destination
> locator, 2) application requesting for using unknown
> source/destination locator.
>
> As to the former case, the multihoming shim sub-layer must
> reject the request and send an error message to the
> application.  The reason is simply because the packet with
> unknown source locator will be dropped by the peer and
> sending packet to unknown destination locator should be
> prohibited for security reasons.

Can you clarify what you mean by 1)?  I thought that applications sent data to identifiers in this framework.

>
> As to the latter case, the multihoming shim sub-layer should
> do the following:
>
> In response to the request for using unknown source locator:
>
> - check if the requested source locator is available on any
> of the local interface

(I would add that "available" means that it is configured on some interface and it satisfies whatever requirements are placed on its usage by the shim, such as hba).

> - if the source locator is available, then the multihoming
> shim sub-layer MAY initiate procedure to update its own
> locator list with the peer

By specifying as a MAY, applications will have a hard time relying on it being available.  Applications may know best about what locators they want to use with the shim.  I'd rather see API that supported two cases:  1) locators provided as hints to the shim (where the MAY would apply), and 2) locators provided as application policy that should not be ignored; i.e. the connection should perhaps fail if the locators provided cannot be used

>
> In response to the request for using unknown destination
> locator, the situation is a bit tricky because it means that
> the application somehow knows another locator (IP address) to
> reach the peer while the multihoming shim sub-layer does not.
>  I am not sure if we have such a case in reality, but in

this seems to me to be potentially a very common case for locator- and shim-aware applications

> theory, I think the multihoming shim sub-layer must reject
> the request at least in the case of SHIM6.  In the case of
> HIP, I am clarifying this with HIP experts what to do.

For HIP, I would suggest to accept it.  I think it will probably be a common case because it allows the application to provide locators to HIP so that HIP doesn't have to do an address lookup based on the HIT.

I suggest to clarify what is meant by "unknown locator" perhaps in the terminology section.  I think that what is meant by the text is that there is an existing context and a locator is provided that was not announced in the context handshake or subsequent signaling.  However, what about providing a locator before any context is set up?  In this case, all locators are potentially "unknown" at this stage.  I think it is a very important piece of the API for HIP to be able to have an application associate a destination locator with a destination HIT (and also source locator for policy or reachability purposes) before the HIP handshake starts.  For shim6, before context is set up, it seems that identifiers are initial contact locators too. In this case, it should be defined what should be the behavior if bind(address) conflicts with SHIM_LOC_LOCAL_SEND or if connect(address) conflicts with SHIM_LOC_PEER_SEND.

- Tom

v2.23.0 | Report a Bug | By Email