[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shim header in every shimmed packet
- To: shim6-wg <shim6@psg.com>
- Subject: shim header in every shimmed packet
- From: Iljitsch van Beijnum <iljitsch@muada.com>
- Date: Wed, 12 Oct 2005 10:34:42 +0200
We had a very productive interim meeting in Amsterdam this weekend.
But maybe it was even a bit _too_ productive... I have some other
stuff to say but let me get the main thing out of the way in a
message of its own.
If you read Erik's proto-00 draft you'll find a mechanism that uses
the flow label and the next header / protocol field to indicate that
the shim is active, demux the context (we seem to have settled on
this word for "shim session") and find where in the protocol chain
the virtual shim header is located. Although I believe that this use
of the flow label isn't inherently incompatible with the way it's
currently defined, this mechanism does have the potential to get
rather complex when all corner cases are considered. So it makes
sense to look for something simpler.
And of course, it doesn't get any simpler than simply putting in an
explicit shim6 header with the context tag in every shimmed packet.
This is what's on the table now.
I think a shim header is the right choice in certain cases. For
instance, when there is a protocol chain, having the shim header
somehwere in there not only serves to make demultiplexing possible,
but it also explicitly indicates the order of the processing, so
there can be no confusion. Or when a host uses several ULIDs with the
same set of locators.
However, I think it's a bad idea to mandate a shim header in all
cases. When a receiver knows it can rewrite locators into the right
ULIDs without a shim header being present, it should be possible to
suppress the header. One way this could happen is when a host has
multiple ULIDs, but the locator sets for these ULIDs don't overlap,
such as when ULID A1 has B1 as a locator, and ULID B2 has A2 as a
locator, then there is never any ambiguity whether an incoming packet
should be rewritten or not. If there are no issues with header
ordering (like in the very common case when the IPv6 header is
immediately followed by a TCP or UDP header) and the source locator +
destination ULID identify the context, the source address can also be
rewritten.
So in these cases it makes sense to suppress the shim header. Now
obviously it may be tricky to determine exactly when the receiver
will or won't need the shim header, but the good part is that we
don't have to figure that out now. What I'm arguing for is a
capability that allows a receiver to let the sender know it doesn't
need the shim header for a certain context (when there are no
extension headers). So the only thing we need is specify a capability
bit in the initial shim exchange that signals this, and require that
implementatiosn suppress the shim header when the bit indicates this
is desired.
In the interim meeting, it was argued that something like this should
be an experimental extension to the shim. I believe that's not good
enough: it needs to be a mandatory part of the base spec in order to
be useful. This is why: if it's an extension, this means additional
work to implement it. With the complexity of an IP stack and the
upgrade cycles in the most widely used operating systems being the
way they are, this means it takes a VERY long time to implement new
capabilities. And since both ends need to implement this, the chances
of being able to use such an extension within a reasonable timeframe
are very low. As such, implementers will very likely put this at the
bottom of their list. Also, in the mean time firewall makers will get
used to the shim header being there, and things may break if it
suddenly goes away. So I'm 95% sure that if shim header suppression
isn't in the core spec, it will never fly.
The question is of course whether saving 8 bytes on shimmed packets
is worth the trouble relative to the added complexity of having
packets with or without the header. It looks that to a large degree,
this is a matter of personal taste. We're essentially increasing
overhead on IPv6 by at least 1% (7.7% to 8.7% for two 1500 byte TCP
packets + an ACK). But we're seeing more protocols that use small
packets these days, where the increase in overhead is much higher.
For instance, VoIP with 20 ms samples compressed to 32 kbps with 20
bytes RTP overhead means 80 bytes data with 60 bytes (75%) overhead.
Adding 8 bytes increases the overhead by 10% to 85% and makes the
packet 5.7% larger.
This essentially means we're taking between 1 and 5.7 % of peoples
bandwidth away (when the shim is in effect). For anything other than
bandwidth something like this would be inconceivable. I think it's
the wrong thing to do for bandwidth too, as long as we can avoid it.
Practically, it's already difficult to sell people on increasing the
overhead for every IP packet by 20 bytes when moving to IPv6. Another
8 bytes isn't going to help here if we want people to use shim
multihoming rather than existing BGP style multihoming. The argument
is that the overhead would only be present when there is a failure,
but I don't believe it will play out that way in practice: people
will want to use the shim even when there is no outage for traffic
engineering purposes.
Considering all of this, I think adding a bit and a single insert
shim header / don't insert shim header decision into the core spec
and therefore (presumably) all implementations isn't too much to ask.
Iljitsch