[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: old GSE idea

On Wednesday, April 16, 2003, at 07:53  AM, Iljitsch van Beijnum wrote:
On woensdag, apr 16, 2003, at 15:40 Europe/Amsterdam, Brian E Carpenter wrote:

I think we should fly up one level and discuss a hypothetical
world in which addresses in A000::/3 are deemed to be mutable
in flight between bits 3 and 47 inclusive.

Lovely idea.


See what it does
to TCP, SCTP and IPSEC for example.

Well, break them... The TCP/UDP checksum should be easy enough to fix,
Right. Either change the pseudo-header checksum to incorporate only the top 3 and lower 80 or set the 45 bits of the global locator to some constant value. The latter approach allows for use of existing IPv6 code, but makes figuring out the source of a (non-malicious) DoS and/or the source of an ICMP unreachable message at the end point a bit challenging (malicious DoS would likely have a spoofed locator).

IPsec AH not much harder. The real problem is that if I have a session with a001::1 and suddenly packets start coming in from a002::1, how do I know these belong to the same session? This can be fixed by making the bottom 64/80 bits should be globally unique, or by informing the other side of all possible values that may appear in those 45 bits beforehand.
I think the simplest solution is to make the lower 64 bits globally unique. Treat the endpoint ID as a key into a distributed database of one or more locators associated with that endpoint ID. The endpoint need not (ever) know the full destination address, that is, the DNS lookup of the end point host name would only return (top 3, lower 80). The core/edge boundary packet forwarder takes the destination end point identifier of the outgoing packet, looks up (simple hash would work) the locators associated with that end point, picks one of the locators based on some administrative policy (e.g., AS hop count), rewrites the locator into the destination address and sends the packet on its way.

As long as we're flying up levels, why not go up one more and compare different multiple-PA approaches?
One reason I like the GSE concept is that it removes the topology change induced renumbering problem from end sites, providing (in addition to multi-homing), number portability, at least from the perspective of end users (yes, non-tier 1 ISPs will need to renumber their infrastructure should they decide to change upstreams, but this wouldn't affect their customers).

The other approaches that do not separate locator from identifier don't address this problem (to my knowledge, pointers to documents where they do greatly appreciated).

From my perspective, the "real" problems with the GSE concept, at least historically, have been dealing with the distributed endpoint ID/locator map and the fear that GSE would make insertion attacks easier. Given the state of routing security (that is, the ability to insert pretty much any prefix into the routing system) I personally do not believe the latter concern is significantly worsened by something like GSE and, in any event, this issue would be addressed by deployment of IPSEC.

With respect to dealing with a distributed database, there are two broad approaches, pushing the data out (e.g., the way routiing tables are propagated) or pulling the data in (e.g., the way the DNS works). Both have advantages and disadvantages, but this given existence of solutions to this problem, this part seems solvable to me.

Rgds,
-drc