[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt

To: Brian E Carpenter <brc@zurich.ibm.com>
Subject: Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Tue, 2 Nov 2004 16:38:22 +0100
Cc: Multi6 <multi6@ops.ietf.org>, Erik Nordmark <erik.nordmark@sun.com>
In-reply-to: <4185F340.2080701@zurich.ibm.com>
References: <200410191148.HAA14355@ietf.org> <4180E82C.302@zurich.ibm.com> <4182B26D.2050306@sun.com> <496A5E72-2AA5-11D9-AB06-000D93ACD0FE@it> <4185F340.2080701@zurich.ibm.com>


El 01/11/2004, a las 9:26, Brian E Carpenter escribió:

marcelo bagnulo braun wrote:
Good news. This is wrong (and I didn't realise it when analyzing NOID). Flow Labels are not unique on their own and cannot be used for anything on their own. You must always lookup a 3tuple.But if the received {Flow Label, Source Locator, Dest Locator} is in the set {Flow Label, {Source Locators}, {Dest Locators}} corresponding to a particular {Flow Label, Source ULID, Dest ULID} 3tuple, the shim *knows* that it is a multi6 packet.
If the {flow label, src locator, dst locator} is used to identify the state then you are right. But that prevents a possible optimization with changing locator sets (think mobility) by requiring that multi6 signaling be complete to tell the peer of the new locator before that locator can be used as the source.
well, but in this case, there is also some security information nneded to authenticate the new locator, so the receiver will have additional information for the demux of this packet i guess.
Exactly. I'm kind of assuming we have something like HBA in place,
so prior knowledge of all locators is needed anyway.

Just one additional nit... note that HBAs are particularly restrictive in this aspect, since all locators need to be known a priori. However, even if you use alternative schemes that don't impose such restriction, like CGAs, you still need to add security information at least in the same packet that carries the new locator. So even if not all locators need to be known a priori, packets with new locators will have to carry additional information to validate the locator (e.g. a signature with the private key associated to a cga)

regards, marcelo

   Brian

------------------------------------------
Please note that my former email address
mbagnulo@ing.uc3m.es is no longer in use
Please send mail to:
marcelo at it dot uc3m dot es
------------------------------------------

Follow-Ups:
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Erik Nordmark <erik.nordmark@sun.com>

References:
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Erik Nordmark <erik.nordmark@sun.com>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
  - From: Brian E Carpenter <brc@zurich.ibm.com>

Prev by Date: Re: Some comments on draft-ietf-multi6-v4-multihoming-02.txt
Next by Date: Re: Few comments on draft-ietf-multi6-architecture-02
Previous by thread: Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
Next by thread: Re: I-D ACTION:draft-nordmark-multi6dt-shim-00.txt
Index(es):
- Date
- Thread