[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Notes about identifier - locator separator
Pekka Nikander wrote:
This has been discussed to an extend in the other messages, but one
additional comment: It is sometimes enough to carry a single source
locator in the TCP SYN packet; the rest can be sent later.
What comes to the applications that use getpeername etc and send
the address in the protocol, personally I don't care too much
about the (apparently rare) cases where something gets broken.
In most cases the recipient will know the identifier already,
and is able to do the mapping.
Erik Nordmark wrote:
This depends on whether there are datagram'ish functions which need the
identifier.
Right. The way we do HIP today is that we allow bypassing it.
It is actually better to bypass HIP if you are doing a DNS query,
trying to synchronize clocks with NTP, or something else like that.
In our vision, HIP (or something similar) is only used if you
need host-to-host security or session continuity in the face
of network outages or mobility. That is, if you are likely
to converse with the same host for a longer time, it makes sense
to pay the performance penalty you have to do in order to set up
the ID -> locator mapping state, and if you don't, you use locators
as proxy IDs.
For instance, if ESP/AH want to operate with SAs bound to
the identifiers then it seems like the TCP SYN needs both a source
identifier (for ESP/AH) and a source locator (so that TCP can respond
without having to do the mapping from identifier to locator on the 1st packet).
I don't understand how this is related to datagram'ish functions,
but you are right, sending a TCP syn requires both the ID and
the locator. However, I as far as I can understand, the source
network could supply the locator, if that is desired. (Note that I
am not saying that it was desired, I'm just saying that it probably
could be done in that way.)
... I do imagine that something like Distributed Hash Tables (DHT)
could be used to implement identifier->locator mapping, if really
needed.
Do you have a reference?
I haven't found *the* paper about DHTs yet,
here are a couple:
Sylvia Ratnasamy, Scott Shenker and Ion Stoica,
"Routing Algorithms for DHTs: Some Open Questions",
IPTPS'02, http://www.cs.rice.edu/Conferences/IPTPS02/174.pdf
Emil Sit and Robert Morris, "Security Considerations for
Peer-to-Peer Distributed Hash Tables", IPTPS'02,
http://www.cs.rice.edu/Conferences/IPTPS02/173.pdf
Maybe there is somebody on the list who knows DHTs better?
--Pekka Nikander