[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RRG] Re: Three other points about Six/One
Brian:
> How does Six/One interact with IPsec? We understand that shim6 runs
> under IPsec, so has no impact, except for the tricky case of
> bump-in-the-wire IPsec. Is it the same for Six/One? (BITW is only one
> instance of middleboxes interfering with traffic; there are others
> to consider too.)
Like Shim6, Six/One operates at the border between the IP routing
sub-layer and the IP endpoint sub-layer. I.e., Six/One runs beneath
IPsec and won't conflict.
Another nice property of Six/One is that it makes it easy for
middleboxes to track local and remote hosts depite address changes.
This facilitates even the use of bump-in-the-wire IPsec. Middleboxes
can track a host in the local edge network by masking the routing prefix
in the host's addresses. They can track a correspondent host in a
remote edge network based on the /local/ host's address (with masked
routing prefix) and the context ID that the local host has chosen for
the correspondent host.
> You don't mention TCP checksums. Again, is there any impact?
TCP checksums are likewise not affected by Six/One because Six/One
operates beneath TCP.
> How does Six/One deal with SCTP? For shim6, we concluded that there
> needs to be an API that allows SCTP to switch off the shim. Will SCTP
> be able to switch off Six/One?
One way for SCTP and Six/One to interoperate would be to allow SCTP to
deactive Six/One. To facilitate network-side address rewrites, SCTP
will have to use the host's complete address bunch, not just some of the
addresses included in the bunch.
An alternative approach, which I currently prefer, is for SCTP to
disable only address rewriting at Six/One level. Six/One would
then still add context IDs to packets. The advantage of this latter
approach is that middleboxes can use the context ID to identify hosts
across address changes, as described above for bump-in-the-stack IPsec.
- Christian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg