IETF Logo Mail Archive

Re: [shim6] Unknown locator [WG Last Call fordraft-ietf-shim6-multihome-shim-api]

Miika Komu <miika.komu@hiit.fi> Sat, 19 December 2009 18:21 UTC

Return-Path: <miika.komu@hiit.fi>
X-Original-To: shim6@core3.amsl.com
Delivered-To: shim6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 657E23A6AA0 for <shim6@core3.amsl.com>; Sat, 19 Dec 2009 10:21:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.568
X-Spam-Level:
X-Spam-Status: No, score=-0.568 tagged_above=-999 required=5 tests=[AWL=-1.957, BAYES_00=-2.599, FRT_STOCK2=3.988]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gqdqjQt81i-I for <shim6@core3.amsl.com>; Sat, 19 Dec 2009 10:21:12 -0800 (PST)
Received: from argo.otaverkko.fi (argo.otaverkko.fi [212.68.0.2]) by core3.amsl.com (Postfix) with ESMTP id 1EA5F3A69E8 for <shim6@ietf.org>; Sat, 19 Dec 2009 10:21:12 -0800 (PST)
Received: from ip104.infrahip.net (cs27096138.pp.htv.fi [89.27.96.138]) by argo.otaverkko.fi (Postfix) with ESMTP id 03DD525ED0F; Sat, 19 Dec 2009 20:20:55 +0200 (EET)
Message-ID: <4B2D1987.7050802@hiit.fi>
Date: Sat, 19 Dec 2009 19:20:55 +0100
From: Miika Komu <miika.komu@hiit.fi>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
References: <D20B2D29-D285-43A0-A1F8-AA12055059B5@apnic.net><4B246C43.903000 3@gmail.com><541EE6CB2B85BE4389E2910C9B4BC77E01C40860EC@ESGSCCMS0002.eapac.ericsson.se><4B269750.8040505@gmail.com> <541EE6CB2B85BE4389E2910C9B4BC77E01C40C6E71@ESGSCCMS0002.eapac.ericsson.se> <7CC566635CFE364D87DC5803D4712A6C4C1CAF19AD@XCH-NW-10V.nw.nos.boeing.com>
In-Reply-To: <7CC566635CFE364D87DC5803D4712A6C4C1CAF19AD@XCH-NW-10V.nw.nos.boeing.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Kristian Slavov <kristian.slavov@ericsson.com>, "shim6@ietf.org" <shim6@ietf.org>, "miika@iki.fi" <miika@iki.fi>
Subject: Re: [shim6] Unknown locator [WG Last Call fordraft-ietf-shim6-multihome-shim-api]
X-BeenThere: shim6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: miika.komu@hiit.fi
List-Id: SHIM6 Working Group Mailing List <shim6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/shim6>
List-Post: <mailto:shim6@ietf.org>
List-Help: <mailto:shim6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/shim6>, <mailto:shim6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Dec 2009 18:21:14 -0000

Henderson, Thomas R wrote:

Hi,

>> After re-thinking, I think we need to handle two cases: 1)
>> application sending data with unknown source/destination
>> locator, 2) application requesting for using unknown
>> source/destination locator.
>>
>> As to the former case, the multihoming shim sub-layer must
>> reject the request and send an error message to the
>> application.  The reason is simply because the packet with
>> unknown source locator will be dropped by the peer and
>> sending packet to unknown destination locator should be
>> prohibited for security reasons.
> 
> Can you clarify what you mean by 1)?  I thought that applications sent data to identifiers in this framework.

I think this means that e.g. application has cached a ULID (HIT, etc) 
and starts just sending data to it.

>> As to the latter case, the multihoming shim sub-layer should
>> do the following:
>>
>> In response to the request for using unknown source locator:
>>
>> - check if the requested source locator is available on any
>> of the local interface
> 
> (I would add that "available" means that it is configured on some interface and it satisfies whatever requirements are placed on its usage by the shim, such as hba).

Right.

>> - if the source locator is available, then the multihoming
>> shim sub-layer MAY initiate procedure to update its own
>> locator list with the peer
> 
> By specifying as a MAY, applications will have a hard time relying on it being available.  Applications may know best about what locators they want to use with the shim.  I'd rather see API that supported two cases:  1) locators provided as hints to the shim (where the MAY would apply), and 2) locators provided as application policy that should not be ignored; i.e. the connection should perhaps fail if the locators provided cannot be used

This could be returned in the return value of setsockopt().

At least in HIP, an unkown source locator could trigger an UPDATE with 
LOCATOR parameter being sent. An unknown peer locator, could trigger an 
ECHO_REQUEST being sent. Thomas, is the latter part going to be included 
in the new revision of RFC5206 (this was also mentioned in different 
context in the cross-family handover paper)?

(Shinta: I don't think we need to go this detailed with the API draft)

>> In response to the request for using unknown destination
>> locator, the situation is a bit tricky because it means that
>> the application somehow knows another locator (IP address) to
>> reach the peer while the multihoming shim sub-layer does not.
>>  I am not sure if we have such a case in reality, but in
> 
> this seems to me to be potentially a very common case for locator- and shim-aware applications

HIP needs this. I would assume that the application is giving hints 
because the system is unable to find a locator matching to the ULID. So, 
just saying "no" does not work for HIP even though it may work for 
routable ULIDs in SHIM6.

To be more specific, the native API for HIP assumes that the SHIM layer 
can cache locators in the following sections:

http://tools.ietf.org/html/draft-ietf-hip-native-api-09
4.1.1. HIP Wildcard Addresses
4.2.1. Resolver Usage
4.6. Explicit Handling of Locators

The native API for HIP is in IESG evaluation, so I think it would be 
nice to resolve this issue quickly.

>> theory, I think the multihoming shim sub-layer must reject
>> the request at least in the case of SHIM6.  In the case of
>> HIP, I am clarifying this with HIP experts what to do.
> 
> For HIP, I would suggest to accept it.  I think it will probably be a common case because it allows the application to provide locators to HIP so that HIP doesn't have to do an address lookup based on the HIT.

+1. I think it should be technically feasible check in the SHIM socket 
handler if the socket is bound to a AF_INET6 or or AF_HIP socket.

> I suggest to clarify what is meant by "unknown locator" perhaps in the terminology section.  I think that what is meant by the text is that there is an existing context and a locator is provided that was not announced in the context handshake or subsequent signaling.  However, what about providing a locator before any context is set up?  In this case, all locators are potentially "unknown" at this stage.  I think it is a very important piece of the API for HIP to be able to have an application associate a destination locator with a destination HIT (and also source locator for policy or reachability purposes) before the HIP handshake starts.  For shim6, before context is set up, it seems that identifiers are initial contact locators too. In this case, it should be defined what should be the behavior if bind(address) conflicts with SHIM_LOC_LOCAL_SEND or if connect(address) conflicts with SHIM_LOC_PEER_SEND.

v2.23.0 | Report a Bug | By Email