[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design decisions made at the interim SHIM6 WG meeting




El 27/10/2005, a las 17:08, Iljitsch van Beijnum escribió:

On 27-okt-2005, at 15:29, marcelo bagnulo braun wrote:

I don't think "decisions" is the right word here... These are more like suggestions by the chairs.

sorry, but i disagree here.
The points below were accepted by most of the people in the room (i certainly accepted most of them)

It's important that the wg participants that weren't at the interim meeting determine the merit of all of these points themselves so the wg can come to rough consensus rather than just say "well most people that were in Amsterdam agreed so it must be the right decision".


absolutely agree

but we do agree that most people that were in amsterdam agreed on this points, right?

The real point is what happens when the address pair selected by either the application or RFC 3484 doesn't work. How do we handle this case?

the idea, (and i think this is was this decision point is about) is that we need an update to rfc 3484 to deal with this.

What RFC does is two things:

1. select source and destination addresses
2. tell application programmers to cycle through all destination addresses


kind of agree...
i would say that rfc3484 does:
- it passes an ordered list of destiantion addresses to the app and requires that the app should cycle through all of them until finds one that is reachable - it selects a source address for a given destiantion address when the app does not select one

Any modifications to these won't help if an application, with help from RFC 3484 or its successor, selects an address pair that isn't reachable and then DOESN'T cycle through all source/destination combinations.

well, first of all, rfc3484 should state that the app should cycle not only through all the destination addresses but through all possible pairs of source destiantion address pairs available.

This is the minimum change that rfc3484 would require

of course i agree that we should do better and try to help with apps that don't cycle through all the possible address pairs


Most IPv4 applications don't cycle through all destination addresses, and a significant number of IPv6 applications doesn't either. I don't see applications cycle through all source/dest pairs because that's very hard to do right.


not really understand what is the part that you think it is hard....
i can think of soem difficulties, but i would like to see if we are considering the same problems here...

So either we have three choices:

1. adopt the "second shim" to do this for the application
2. make it possible to repair the situation where there is no reachability between the ULIDs from the start.
3. update RFC 3484 and wait for all applications to be updated

I believe 3. won't work in practice and if it did, it would be a huge duplication of effort as all applications would have to implement the same functionality. Remember that we chose to make the shim such that unmodified applications can benefit from it.


Ok, let me explain how i see it:

I think we could have 3 approaches (which can be complementary i.e. does not have to be one or the other)
- first approach is to let the app take care of everything
  i.e. inform the app about all src and dst address and let
  the app try all the possible combinations.
  This is the minimum change to rfc3484 bis, i.e. state that
  apps SHOULD retry with all possible src,dst pairs
  A possible optimization for this, would be that the rfc3484
  delivers an ordered list of address pairs (similar than current
  rfc3484 delivers a ordered list of dst address, the rfc3484bis
  would deliver to the app an ordered list of address pairs (based
  on rules for prefering one address pair over the other)
  [an alternative to this that would be more compatible with current
  rfc3484 would that for a given dst address, rfc3484bis would
  provide an ordered list or src addresses for this dst address]

- a second approach would be similar to the current case where the
  app does not select the src address. In this case, the rfc3484bis
  src address selection mechanism would need to use a different
  src address each time the apps retries.
  In this case the responsible for retrying is still the app, and
  the app needs to be informed that it needs to retry several
  times with the same dst address, so that the rfc3484bis would
  use different src address for this dst address. In order to
  do this we could define an notification at the api level
  to allow rfc3484bis mechanisms to inform the app that no more
  src addresses are available to retry with and that we will be
  recycling to ones that have already been tried (so that the
  app can give up or use a different dst address)

- a third approach would be to allow rfc3484bis to handle
  retrials itself when the src address is left unspecified by the app
  In this case, when an app tries to open a socket with an
  unspecified src address, rfc3484bis would try to send packets with
  different src addresses until it finds one that it is working.
  the main difficulty is how rfc3484bis can determine that
  a src address is working (in the previous approaches, this was
  left up to the app, which knew when a address pair was working
  and when it wasn't, it retried to send the packet again)
  In this case, the goal would be to leave rfc3484bis to determine
  when a src address (or an address pair) is working.
  I guess that if we assume that rfc3484bis will only handle
  bidirectional paths, we can assume that if we receive a packet
  with src address IP1 and dst address IP2m then we can say that
  the address pair with src=IP2 and dst=IP1 is working as an
  outgoing address pair.
  Using this, rfc3484bis can cache information about address pairs
  contained in received packets, to determine address pairs that
  are working. In this case, rfc3484bis would send a packet using
  a given address pair, and if no packets are received from this
  address pair in a given period, it could retry to send the packet
  using a different address pair until it finds one that
  receives traffic back, or it gives up

Now, this third approach is at best very debatable.
I think that the first two approaches make sense and that it would be useful to incoporate information about incoming address pairs as a hint to select outgoing address pairs that are working.



I have no problem with a shim header for demultiplexing in cases where demultiplexing would otherwise be very hard or impossible. For instance, in the case of several extension headers, an explicit shim header makes it possible to indicate which headers see modified addresses and which headers see unmodified addresses unambiguously.

However, I think it's a very bad idea to have a shim header in EVERY packet with rewritten addresses, because there are cases where the shim context can be determined from information that's already in the packet unambiguously so an extra header is unnecessary.

[...]

this is the point of debate: whether this extension should be mandatory in the base spec or not.

my opinion about this, is that this would be indeed quite complex.

As I've explained before: this can be exceedingly simple. We just need signalling message, or a field in an existing signalling message, so that a host can tell its correspondent that it doesn't want to see the shim header for packets with rewritten addresses within this context. If the sender simply honors this option then we're done in the base spec.


i guess that the point is that we don't want to include this bit unless we know that we know how to make this extension work in a simple way

Deciding when a host can safely set this option is more complex of course, but THAT part can be an experimental extension. (I'll write a draft shortly.) However, it's essential that the capability to suppress the shim header is in there from the start, or implementing the logic to enable this capability will be so hard to get off the ground (then both ends would need to be updated rather than just the receiver) that probably nobody is going to bother etc etc.

I mean i like the idea but i am afraid that when we try to define the details, the result will be complex. If not i would certainly support this

How about this: I'll write the draft about how this would work in practice (i.e., when a host can demultiplex without the shim header) and after that we make the final decision?


this works perfectly for me

(also i would be glad to work in the draft with you if you want)

That would be after Vancouver, though.

4. Use a 32 bit context field with no checksum, and 15 reserved bits and a 1 bit flag to indicate control / payload. Note potential DOS risks

If we know there are risks today, maybe it makes more sense to make the tag variable size (to be negotiated between the peers) rather than fixed?

what about making it fixed of 47 bits from the start?

Then there is no room for extensions, and some implementations may be more confortable with 32 bit math.

     * Adopt HIP parameter format for options; HIP parameter format
       defines length in bytes but guarantees 64-bit alignment.

I don't want this alignment. It wastes space, it's an implementation headache and it buys us nothing.

i think that this is a small price to pay to allow future convergence with hip that is anther protocol somehow related with shim6

No, I don't see how this makes sense. It just makes the decision making much more complex as the needs of two different mechanisms must be aligned first.


not sure i understand what you mean here...
in the meeting we agreed that this is basically all that was to be done in order to provide hip compatibility (no other consderations will be made w.r.t. hip compatibility afaiu)

Forking is a bad idea, it increases the complexity of the shim manifold while pretty much the same functionality can also be provided in a different way.

i guess it depends on how you handle it... i mean for me, i see it just as multiple contexts with the same ulid pair, but with different context tag. In this view, it doesn't seems very complex, it is just multiple contexts..., am i missing something?

With forking, a context is no longer uniquely identified by a ULID pair.

right, ulid pair plus context tag defines the context

 This means the context id must be carried along everywhere.

not sure what you mean by everywhere...
packets do you mean?

One place where this is inconvenient is between the application, that specifies certain ToS requirements, and the shim. The transport protocol that sits in the middle must now somehow "color" all packets with the right context information so the shim knows what to do with the packet. IIRC there are also signalling complexities.


right but this is what it seems that apps want, right? the capability of selecting the locator pair to be used for carrying the traffic (at least this is what i understood this was all about)

18. Use a statically specified in the initial protocol specification of
    (10) seconds.

This means that senders must transmit something (data, keepalive) every 10 seconds, right? So the receiver needs to wait a bit LONGER than 10 seconds to time out.

as i recall it, 10 seconds was the time of 3 packets i.e. a node is expected to send packets every 3 seconds, so if 3 packets are missing, then we have a problem detected.

I think every 3 seconds is excessive. So in my draft I just wait 12 - 15 seconds at the receiver (10 seconds that the sender uses + margin for RTT and jitter), and then initiate the full reachability exploration. This will first do a packet with the currently used address pair but after a very short timeout it will start to explore alternate address pairs.

This means the full exploration may be triggered when omly two packets are dropped, which is a bit aggressive, but on the other hand it means only an FBD keepalive every 10 seconds rather than every 3 seconds so I think this makes sense.


i think that 10 sec was just a value that was somehow appropriate.. i don't have a problem with 15 or 20 secs neither...


regards, marcelo