[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RRG] Six/One Router: Provider-Independence, IPv4/IPv6 Interworking, Backwards-Compatibility
Six/One Router and Proxy Shim6 use similar techniques -- such as
packet extension headers, unilateral NAT'ing, DNS proxying --, but the
way these are put together is different in the following aspects:
(1) The use of unilateral and bilateral address translation in Six/
One Router, instead of Proxy Shim6's combination of "implicit"
tunneling (where the inner tunnel header is replaced by an index to
state in the proxies) and unilateral address translation, enables
packet exchanges where one address is translated bilaterally and the
other unilaterally. This is useful when a host contacts a peer by
locator (which it may have gotten via a referral), although both hosts
are in upgraded edge networks and would better use IDs. The end-to-
end semantics of the initiator's ID can then be retained through
bilateral translation, whereas the responders ID can necessarily be
translated only unilaterally. Proxy Shim6 does not allow this case in
its current version.
(2) The pure use of address translation also enables seamless
integration of the IPv4/IPv6 interworking techniques currently
developed in v6ops [M-NAT, SHANTI], because those are also based on
address translation. This means that you can also allow IPv6 hosts to
communicate with IPv4 hosts. (Of course, you are still bound by the
well-known limits of translation-based IPv4/IPv6 interworking
techniques, but v6ops is working on improving them.)
(3) For packet exchanges between upgraded edge networks, Six/One
Router carries all translation state in extension headers. This
improves robustness in the presence of handovers or failovers between
Six/One routers. Proxy Shim6 depends on state kept in proxies (I
called it "implicit" tunneling above), so for a handover or failover
to work, a new proxy must somehow learn the state in the previous proxy.
(4) Six/One routers are located on-path (on edge network border
links), whereas Shim6 proxies are in general off-path. The advantage
of off-path proxies is that traffic from multiple providers can go via
a single proxy. But this requires special routes and tunnels within
an edge network to ensure that traffic goes via a proxy and via the
right provider. Six/One Router does not depend on special routes or
(5) Six/One Router verifies ID-to-locator mappings via the mapping
resolution system rather than through cryptographic properties of IP
addresses [HBA, CGA] as in Proxy Shim6. This makes address
configuration less complex, provides higher flexibility (e.g., it also
enables use of Stateless Address Autoconfiguration), and allows sites
to keep their existing addresses when upgrading to Six/One Router.
Having said this, I believe that Proxy Shim6 could well be modified
such that it supports the above-mentioned features of Six/One Router.
Given that Proxy Shim6 and Six/One Router already share many
techniques, the necessary modifications seem quite feasible.
On Mar 5, 2008, at 2:39 , Brian E Carpenter wrote:
I'm wondering what is the high-level conceptual gap between
this proposal and Proxy Shim6 (draft-bagnulo-pshim6-02.txt).
They seem to be aiming at a very similar result, except that
Proxy Shim6 doesn't rely on any new map beyond what is
implied by certain DNS RRs. They're both forms of what
I've thought of as "architected NAT" since the original
to unsubscribe send a message to firstname.lastname@example.org with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg