[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GSE, Six/One, and Beyond --- Re: [RRG] GSE?
Folks,
some of you were wondering about the conceptual differences between
GSE [1] and (host-based) Six/One [2]. Here is a short comparison.
[1] http://tools.ietf.org/html/draft-ietf-ipngwg-gseaddr
[2] http://tools.ietf.org/html/draft-vogt-rrg-six-one
Six/One addresses four main deficiencies in GSE:
- ID uniqueness -- GSE uses flat 64-bit IDs, for which global
uniqueness is hard to enforce. If chosen autonomously and
randomly, IDs would collide with non-negligible probability given
only 64 random bits. Central allocation would help, but would be
hard to enforce also. Since IDs don't have topological meaning,
it would be facile to forgo the allocation procedure. This is
exactly what happens today with MAC addresses.
- ID/locator binding -- GSE does not securely bind IDs to locators.
This enables ID hijacking, even if the attacker is not on the
path towards the ID.
- Transparency to hosts -- In GSE, hosts are unaware of which
providers their packets go through. Provider awareness would
enable hosts to suggest a provider, or to recognize when a
provider changes. E.g., a peer-to-peer application could select
topologically close peers. And transport protocols could optimize
flow/congestion control in the presence of path changes.
- API changes -- GSE changes the properties of addresses, from the
application perspective, relative to classic IPv6. It hence
requires changes to the IPv6 API.
How Six/One mitigates these issues:
- ID uniqueness -- Six/One uses standard IPv6 addresses as IDs, which
can more easily be kept globally unique: Centrally allocated
address prefixes separate the ID spaces of different networks, and
the address suffixes need to be unique only locally within a
network. The ID prefix is either provider-allocated and routable,
or provider-independent and random (ULA prefix). In the former
case, the ID prefix cannot easily be spoofed because it is
topology-dependent. Collisions can then occur only between IDs of
the same edge network, which to avoid is both facile and in the
very interest of the edge network. In the latter case, the ID
prefix adds enough random bits to make collisions improbable.
- ID/locator binding -- Six/One secures ID/locator bindings via
cryptographically generated address bunches. This is a method for
self-signing the binding. Alternatives would be (i) to bind the
addresses via a certified public-key signature (Noel's proposal),
or (ii) to store the mappings in a trusted lookup service so that
a packet receiver can verify the mapping by checking that it
exists in the lookup service. Both alternatives allow for
arbitrary addresses, perhaps assigned by DHCP.
- Transparency to hosts -- Six/One ensures that source and destination
address prefixes in packets exchanged between edge networks are
always allocated to the providers through which the packets go.
(The prefixes may be rewritten by a router in order to achieve
this.) This enables hosts to suggest providers for which the path
to a peer is shortest. Hosts do this automatically in many cases
given that the standard address selection algorithm [3] prefers
addresses with common prefixes. Hosts also recognize provider
changes and can therefore assist transport protocols in coping
with the implied path change.
- API changes -- Six/One does not change the behavior of IPv6 from the
application perspective, hence does not require API changes.
[3] http://tools.ietf.org/html/rfc3484
Hope this was useful.
- Christian
--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg