[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: state loss detection

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: state loss detection
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Wed, 13 Jul 2005 07:01:32 -0700
Cc: shim6 <shim6@psg.com>
In-reply-to: <69AFCCB1-E9BD-4E3A-B627-9C314B1BBA7D@muada.com>
References: <69AFCCB1-E9BD-4E3A-B627-9C314B1BBA7D@muada.com>
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050323)

Iljitsch van Beijnum wrote:

Hi,
It just occurred to me that the state loss problem may not be as intractable as we thought.

FWIW I don't think it is intractable. An error message "no shim6 context" and 8 or so protocol numbers is all that's needed to do this without any byte overhead in the shim6 data packets.

The problem is that when (for instance) a host taking part in the shim6 protocol reboots, and it sees shimmed packets when it gets back on its feet again, it gets confused. If the packets that are rewritten by the shim only have their addresses rewritten, the checksum on those packets will be invalid, the packet will be dropped and the source host doesn't get to hear about it so the failure won't be detected until there is a timeout.

However, as I wrote in a draft a while ago, it may be a good idea to rewrite the checksum too, in order to avoid confusing firewalls and the like unnecessarily, and to maintain compatibility with NICs that do checksum offloading. (Although I'm not familiar with ones that do this for IPv6.)

I see a few problems with this: 1) The transport checksum no longer protects against packet misdelivery to another IP address. Thus in the odd case that the shim6 state has been lost, but there is some transport state which matches the IP address fields and port numbers, the packet will potentially be accepted by the transport (subject to sequence number checks in the case of TCP).

2) Rewriting the transport checksum is hard when the packet is protected by IPsec. It is "just" an implementation chore in the normal case of a host doing shim6, but if you ever want to have shim6 proxies/middleboxes (to help with a transition to shim6) then this becomes intractable.

3) Transport protocols unknown to the shim6 implementor (could be implemented in some unrelated kernel patch, or in user space using raw sockets) would need to trigger a shim6 state refresh in this case. But the implementor of that (user level?) transport protocol might not be aware of shim6.

   Erik

Follow-Ups:
- Re: state loss detection
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- state loss detection
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: I-D ACTION:draft-ietf-shim6-failure-detection-00.txt
Next by Date: SHIM6 WG Agenda
Previous by thread: state loss detection
Next by thread: Re: state loss detection
Index(es):
- Date
- Thread