IETF Logo Mail Archive

Re: Shim6 proxies

Erik Nordmark <erik.nordmark@sun.com> Tue, 18 April 2006 00:25 UTC

Envelope-to: shim6-data@psg.com
Delivery-date: Tue, 18 Apr 2006 00:25:13 +0000
Message-ID: <444431DD.9020607@sun.com>
Date: Mon, 17 Apr 2006 17:25:01 -0700
From: Erik Nordmark <erik.nordmark@sun.com>
User-Agent: Thunderbird 1.5 (X11/20060113)
MIME-Version: 1.0
To: Brian E Carpenter <brc@zurich.ibm.com>
CC: marcelo bagnulo braun <marcelo@it.uc3m.es>, Scott Leibrand <sleibrand@internap.com>, shim6@psg.com
Subject: Re: Shim6 proxies
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit

Brian E Carpenter wrote:
> Excuse front posting but these comments are quite general.
> 
> What Scott is describing is essentially full offload of the
> shim and the bottom part of the stack. We'd actually end
> up with two IP stacks - one in the host which just sends
> packets to the offload device, and a second one in the
> offload device which has a shim on top of it. I'd want to
> see a complete architecture for that including a demonstration
> that the security architecture of shim6 isn't damaged,
> and analysis of the trust model and threat model
> between the host and the offload device. But if it can be
> done, it has a very nice property - it actually offers
> a practical way to implement something that works much like
> 8+8. The offload device will be state-heavy though; it will
> need to carry state per session for every host it's supporting.

FWIW I think draft-nordmark-shim6-esd is more in the spirit of a 8+8 
implementation (as 16+16); 8+8/GSE has the property that the host that 
initiates communication has multiple destination addresses to choose 
between. Once packets start flowing in 8+8/GSE/16+16, the routers have 
the opportunity to influence the addresses by rewriting the source locator.

    Erik

v2.23.0 | Report a Bug | By Email