[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-van-beijnum-multi6-odt-00.txt
- To: Multi6 <multi6@ops.ietf.org>
- Subject: Re: I-D ACTION:draft-van-beijnum-multi6-odt-00.txt
- From: Brian E Carpenter <brc@zurich.ibm.com>
- Date: Wed, 14 Jan 2004 07:55:30 +0100
- Organization: IBM
- References: <200401122104.QAA19034@ietf.org>
Two comments.
1. It seems to me that if you ignore the way each of them is described, there
is actually a very strong resemblance between ODT and NOID. In effect they both
treat the first address used for a session as the ID, and dynamically switch
to using alternative addresses as the locator, with a stateful shim concealing
the switch from upper layer protocols. Am I confused?
The only real difference is that NOID turns out to need a rewrite OK/Not OK flag
in the IP header and ODT doesn't, but it does need an ODT protocol exchange.
(Which has the consequence that ODT claims to work for IPv4 too.)
If NOID didn't include the case of a router doing the rewrite in flight, it
wouldn't need that flag anyway. So the crude description of ODT is as a
degenerate case of NOID.
I think the security issues are therefore very similar too. In fact
the discussion between Iljitsch and Marcelo would largely apply to
NOID.
2. One remark that I really don't understand:
> 8 Tunnel Creation
...
> 1. Host A announces its addresses to host B
>
> The addresses may be of different address families. Each address is
> accompanied by preference information. In order to not unnecessarily
> trigger NAT incompatibility, a "current source address" address
> family is used to refer to the source address in the IP packet,
> which may have been rewritten.
Firstly, we aren't designing for IPv6 NATs, so this would only apply
to the IPv4 case, right? But in any case, I don't see how it helps. You
can't tell by looking at an address whether it's been rewritten, so
you can't tell if it's OK for checksum purposes. So the fact that you
know an address *might* have been rewritten is no use, as far as I can see.
The only useful information is to know for sure what the address was at
the source, without even caring whether it has been rewritten in the
active IP header. And in ODT (as in NOID) that information is in local
state at the destination.
Brian