[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The cost of crypto in end-host multi-homing (was Re: The stateof IPv6 multihoming development)



Peter Tattam wrote:
What about if we turn the process around backward.  The site which decides the
other end is unreachable starts a fresh exchange on the new address pair
(although it is still a secondary address and no new addresses may be
introduced) with a separate nonce for each unused destination address (as seen
by the host originating packets).  The new nonce has to be cryptographically
strong enough to be unguessable.

i.e.

5. Bob sees Alice is not responding to the primary address and sends a new MH
   SYN-Secondary to the secondary address, but with new originating nonce.

6. Alice responds with a MH SYN-Secondary ACK-Secondary (with same addresses
   as before). (original nonce or new nonce???)

7. Bob sends MH ACK-Secondary as with MH ACK-primary.

We add some extra signals...

for Primary MH address establishment we use as before..

SYN-primary and ACK-primary control signals (like SYN and ACK bits in TCP).

for each Secondary MH address establishment we use two new signals..

SYN-secondary and ACK-secondary control signals


A SYN secondary must be ignored if there is no MH state with the primary
address in the ESTABLISHED state.  Also, I think the address list should match
exactly the same as the primary address.

Would that solve the problems?
Maybe.  I'd have to see a much more specific description before
I could analyze it for possible holes.  But as a quick evaluation,
maybe the address list + the existense of a higher layer context
would work well enough.

But, IMHO, we are now going too far into a transport specific
solution space.  There are other problems with transport-only
solutions, like consistency between different parallal transport
connections, the amount of signalling when changing from primary
to secondary etc.

I fully support Iljitsch in the call for an architectural discussion.
That was the reason why I chimed in:  instead of trying to hack
end-host multi-homing support into TCP or IP, maybe it would be
the right time to consider a new name space.  And if not, taking
a good look at SCTP, as Brian suggested, might be the right road.

--Pekka Nikander