[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Flow label versus Extension header - protocol itself




El 05/05/2005, a las 1:37, Greg Daley escribió:

Hi Marcelo,

marcelo bagnulo braun wrote:
[cut]


Yes, this is the case.  If the existing 3697 (sender side) allocation
for flow labels is used, then explicit signaling to add each
<source,dest,label> to a multihoming context has to precede packet
delivery.

Maybe i am missing something here, but this is the case, independently of the mechanisms you choose to carry the context tag, because of security issues....
I mean when a node is adding a new locator into an established shim context, it must send an explicity message, informing of that new locator and including security information in order to validate this new locator. In this exchange used to add and verify the new locator, the receiver could inform the transmitter about the new flow label value (if needed)
So i would say that explicit signaling when adding a new locator is always needed.

Yes, it's always needed, but the time ordering of the packets to do the signalling may not be strict.

If the upper layer protocol is ESP with authentication (or AH), for
example, it will be possible to identify that the flow belongs to an
upper-layer data stream because of the SPI, and the fact that the
packet authenticates using the right HMAC.


Are you considering the situation where the verification of the new locator is done through IPSec?


I mean, so far, i think we had considered the case where the addition of new locators had its own security mechanism (different from IPSec) and that there was an explicit signalling message for adding new locators to the set, and that these messages carry their own authentication information.
I mean, i think it is important to properly define what scenarios are we considering...


This may not be palatable to all, but the possibility is there
(and may be dismissed later).

Packets sent before the signaling wouldn't be guaranteed to get
through, but if the actual signaling took computation time

Well, i my understanding data packets carrying new lcoators that have not been added to the locator set through proper signaling will be discarded... I mean this is similar to MIP RO, a CN won't understna packets coming from a CoA before the BU binding the new CoA to the HoA has been received and verified, right?


(or a longer, reliable signaling path), this is an optimization
which would work well for some data.

Please note that if strict ordering of signaling before packet
arrival is required, then receiver side flow label allocation
isn't required itself for ensuring decodability just based on
the IPv6 header.

I ma not sure i agree here

 Only unique-to-sender label allocation is
needed to avoid label collision,

right, but the problem here is how to deal with the case where the sender runs out of flow label values and he needs to start re-using flow labels. In this case, the receiver based flow label allocation mechanism that you suggested seems to provide an elegant solution to this problem.


regards, marcelo

since no label selected on the
host will collide with its own (going to any of its destinations),
and the <source, label> pair is sufficient to identify it
to the receiver.






a possible question would be if it would be possible to include the signalling in the same packet that carry the new locator as source address... i guess this depends on how you define the packet processing, but i guess it may be possible in any case.

I'm not really fond of piggybacking data.

It's possible of course but has potential issues with MTU.

Separate signaling is also much easier to describe and
implement.

Greg