[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Second shim

To: shim6-wg <shim6@psg.com>
Subject: Second shim
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Wed, 12 Oct 2005 11:55:34 +0200
Cc: Daniel Karrenberg <daniel.karrenberg@ripe.net>, Tony Hain <alh-ietf@tndh.net>

I had a conversation with Tony Hain and Daniel Karrenberg yesterday,where we discussed the issues with the shim and very short-livedsessions such as single packet UDP request/reply interactions.

This ties in with the "failure of the initially chosen locators"issue that we talked about. I think it was Daniel who brought up theneed for a "second shim" that sits between the application and thetransport protocol that could handle this need.

I think that makes a lot of sense. The current shim is all aboutkeeping ULP sessions flowing within the constraint of keeping theULIDs stable. But in a single packet interaction there is no need tokeep ULIDs "stable": you can just try different source/dest addressesand retry the transaction until it works.

I think the current presumption is that the application itself woulddo this. However, for what the shim as it is now _does_ do, the ideais that the shim's activities are completely hidden from applicationsand ULPs. So it makes sense to consider the possibilities of allowingcurrent applications using current APIs to survive initial failures.

I'm not talking about single packet UDP stuff anymore: for ourpurposes, a TCP connection establishment is pretty much also anexchange of a handful of packets. It's only after the sessionestablishes and the application starts sending/receiving data thatTCP and the like are constrained by the requirement that theaddresses remain stable. However, at this point the shim as currentlyintended can take over so that's not a problem.

It would work as follows. The "second shim" intercepts sessionestablishement requests (bind(), connect() and the like) along withthe sending of UDP packets (sendto(), sendmsg()). The second shimthen first tries the requested action using the addresses supplied bythe application and/or RFC 3484 address selection mechanisms. Whenthis action times out, the second shim looks up additional addresses(see below) and tries all source/dest combinations until somethingworks. At that point the whole thing is handed back to the callingapplication and the second shim gets out of the way.

Finding additional addresses is a challenge of its own, but a goodstart would be o look up the destination address supplied by theapplication in the DNS, and then look up all AAAA records for theresulting name. Whether these addresses are all present on the samehost or they are for different hosts implementing the same service isof no importance at this point.

There is the slight caveat that hosts will now connect to a differentaddress than they thought they were connecting to. A weak version ofthe second shim would leave the destination address untouched butonly cycle through the available source addresses if the applicationspecifies IN6ADDR_ANY (yes, yes, I know, this doesn't exist as such).In practice we'll probably want some management hooks that allow theadministrator to specify whcih application/protocols get whichtreatment.

Thoughts?

Follow-Ups:
- Re: Second shim
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Second shim
  - From: Jari Arkko <jari.arkko@piuha.net>

Prev by Date: Re: shim header in every shimmed packet
Next by Date: Re: shim header in every shimmed packet
Previous by thread: shim header in every shimmed packet
Next by thread: Re: Second shim
Index(es):
- Date
- Thread