[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comments on draft-ietf-shim6-proto-03



Shinta Sugimoto wrote:
Hello,

Let me post my comments on draft-ietf-shim6-proto-03.  I have not read
the whole document yet, but here are my comments/questions from Section
1 to Section 14.  Some are editorial, some are technical.  I will
continue to read rest of the document and send more comments later.

Thanks for your comments and sorry for the tardy response.
I've used your comments as an indication where we can make the document more clear, and I've applied your typo fixes.

   o  No extra roundtrip for setup; deferred setup.

I am not sure what does the above (fourth) bullet mean.  Does
"deferred setup" mean context establishment follows the IP transaction
based on the ULID pair ?

What it means (and I'll clarify the document) is that we don't require some extra shim6 handshake before TCP/UDP/etc packets can flow. Instead normal TCP/UDP/whatever packets can flow and later and in parallel the shim6 context can be setup.

I am not sure if there is semantic difference between "load balancing"
and "load spreading", but the former sounds more familiar to me.

I'll switch back to "balancing" since that is more common.

One can make a distinction between "balance" as a way to enforce a particular split (e.g., a 50/50 balance), and the techniques in shim6 to have different connections (from the same or different hosts) pick at random between multiple destination addresses doesn't ensure "balance" - a single connection might represent the bulk of the traffic. Hence I used "spreading" for this for loose concept.

Section 1.4 talks about relation to IP Multicast as above.  While I
agree that applying SHIM6 to the sender of IP Multicast does not seem
reasonable (in a sense that it requires sender to establish context
with all the receivers, which is unrealistic) it might be worth taking
a look at applicability of SHIM6 to the receiver node.  As typical
scenario of IP multicast would be that the sender node is stationary
and receiver spreads in the network. It is more likely that receiver
changes its locator frequently than sender.

The approach doesn't prevent the receiver of multicast to change its locators, since the receiver is not explicitly identified; the destination address is a multicast address and not the unicast locator of the receiver.

In general, I agree with what is stated in Section 1.5 about renumbering
implications.  Particularly, we should consider how a host treats the
ULID which becomes unavailable.  In such case, at least the ULID should
be removed from the physical interface and marked as
"still-in-use-but-to-be-soon-removed."  The active connection which is
based on the ULID may continue but the ULID should not be used for new
connections.

I see the text is missing the introductory material which explains that the "locator role" of the IPv6 address can be renumbered away; it is the "ULID role" which raises the issue. I'll start the section as:
<t>As stated above, this approach does not try to make communication
survive renumbering in the general case.</t>

<t>When a host is renumbered, the effect is that one or more locators become
invalid, and zero or more locators are added to the host's network interface.
This means that the set of locators that is used in the shim will change,
which the shim can handle as long as not all the original locators become
invalid at the same time.</t>

<t>But IP addresses are also used as ULID, and making the communication
survive locators becoming invalid can potentially cause some confusion at the
upper layers. <old text>

IMHO, it would be good to mention that IP addresses to be specified in
selector information of security policy should be ULID (if locator agility
is required).  I expect that even IKEv1/IKEv2 would also be possible to
run over SHIM6, for instance.

I'll add something.

1.7  Traffic Engineering

   At the time of this writing it is not clear what requirements for
   traffic engineering make sense for the shim6 protocol, since the
   requirements must both result in some useful behavior as well as be
   implementable using a host-to-host locator agility mechanism like
   shim6.  What is clear that whatever they are, shim6 will not be able
   to provide identical capabilities to traffic engineering using BGP
   and Provide Independent IP addresses.

It was not clear to me what the above paragraph means.
Could someone elaborate more on this ?

Let me know if this is more clear:

Inherent in a scalable multihoming mechanism that separates locators from identifiers is that each host ends up with multiple locators. This means that at least for initial contact, it is the remote peer that needs to select which peer locator to try first. In the case of shim6 this is performed by applying RFC 3484 address selection.

This is quite different than the common case of IPv4 multihoming where the site has a single IP address prefix, since in that case the peer performs no destination address selection.

Thus in "single prefix multihoming" the site, and in many cases its upstream ISPs, can use BGP to exert some control of the ingress used to reach the site. This capability can't easily be recreated in "multiple prefix multihoming" such as shim6.

...[snip]...
   Current locator pair Each end of the context has a current locator
                       pair which is used to send packets to be peer.
                       The two ends might use different current locator
                       pairs though.

Is this true ?  My understanding is that the two ends (I and R) must
have exactly the same current locator pair for the bi-directional
context.  Otherwise, I guess receiver node maybe confused when it
tries to demux the receiving packet.  Could someone help me clarify ?

They can be different. The locator *sets* known by the two ends will be the same, but each end can independently decide to switch over to use a different locator pair for the packets it is sending.

The receiver uses the set of locator pairs for the demux in combination with the context tag. For the data packets the 47-bit context tag is all the receiver needs to check for demuxing.

   Forked Instance Identifier (FII) In order to handle context forking,
                       a context is identified by a ULID-pair and a
                       forked context identifier.  The default context
                       has a FII of zero.

Is any specific data type defined for FII (eg. unsigned int) ?

Presumably a future ULP-to-SHIM6 API document will define the exact data type. Presumably one doesn't have to support a lot of forked contexts, thus a 32-bit FII would certainly be sufficient.

   o  Some heuristic on A or B (or both) determine that it might make
      sense to make this communication robust against locator failures.
      For instance, this heuristic might be that more than 50 packets

s/heuristic/heuristics/

Singular form is without the 's' AFAIK.

   o  In addition to failures detected based on end-to-end observations,
      one endpoint might be know for certain that one or more of its

s/know/known/

s/be// is even better

I think this is an interesting issue.  Assuming that node A sends packet
to B traversing the tunneling agent C; if the packet from node A happens
to be tunneled by C to B, we have several choices how to apply SHIM6.
I think the consequence would be depending on which entities establish
context.  Let me expand it a little bit more.

a) If A and B establish SHIM6 context, a packet received by node B would
look like:

	[Outer IP header]
		src=C, dst=B
	[Inner IP header]
src=L(A), dst=L(B) [Shim6 Extension header]
	...(Payload)...

b) If C and B establish SHIM6 context, a packet received by node B would
look like:

	[Outer IP header]
		src=L(C), dst=L(B)
	[Shim6 Extension header]
	[Inner IP header]
src=A, dst=B ...(Payload)...

Yes, those options do exist.
b) is basically applying a shim to the tunnel itself, and perhaps there will be some use for this in some cases.

   In most cases IP-in-IP tunnels are used as a routing technique, thus
   it makes sense to apply them on the locators which means that the
   sender would insert the shim6 header after any IP-in-IP
   encapsulation; this is what occurs naturally when routers apply IP-
   in-IP encapsulation.

I would like to have clarification which case a) or b) does the above
sentence means.  IMHO, both a) and b) should be possible.  b) is slightly
complex in a sense that SHIM6 packet processing takes place after
forwarding is done (at the router, namely node C in this case) at the
IP layer however it remains logical.  Any comments ?

For Mobile IPv6 tunnels (which was on my mind when writing the above) it makes sense to apply the shim above the tunneling layer. So the text does refer to case a), even if that's hard to see from reading it.

I'll use your text to more clearly state the options.


7.4  Context confusion


...[snip]...

   The requirement is that the old context which used the context tag
   MUST be removed; it can no longer be used to send packets.

Yes, but we should note one thing: Even if a node receives I1 message
with a duplicated context tag proposed by the other end, receiver node
should not delete old context until the context establishment is
successfully done.

Yes, I think that text exists in the detailed descriptions in 7.7 etc, but it makes sense to add it in 7.4 as well.


   o  If the state is ESTABLISHED, it means that the Initiator has lost
      the context information for this context and it is trying to
      establish a new one.  In this case, the host MUST update the
      existing context and replace CT(peer) with the Initiator Context
      Tag included in the I1 message and then reply with an R2 message,
      including the associated state information.  In this case the host
      MUST look for any other (old) context with a matching CT(peer) as
      specified in Section 7.12.  This completes the I1 processing, with
      the context state being unchanged.

Same as my previous comment, but I believe the above rule is not good
because it may allow malicious node to send false I1 message (by possibly
spoofing the source IP address) and delete corresponding context.

Correct. I think Marcelo had found this, but not send it to the mailing list. Basically we shouldn't update CT(peer) until after a 3-way handshake.

   If at least one of the above verification fails, then it silently
   discard the packet and it has completed the I2 processing.

IMHO, it is better to rephrase above paragraph as below:
"If any of the above verification fails, the host MUST silently discard
the packet and complete the I2 processing."

Yes, that's better.

7.12  Match for Context Confusion

   When the host receives an I2, I2bis, or R2 it MUST look for a

similar (might be same) comment again, but I believe the verification
discussed here should be applied for I2bis and R2 message.  For I2
message, if the CT looks different from the one appeared on I1 message,
the I2 message should be considered invalid.

I don't understand the case. There is no state created on the reception of the I1. But the initiator can't change the CT because it is included in the verifier option computation. So what case do you think is problematic?


I understand it is necessary to restore the original packet included in
the ICMP error message.  Besides, I wonder if there is any kind of ICMP
error message to which SHIM6 protocol stack should react (e.g. changing
state of corresponding context).  For instance, if the node receives
host unreach, should the corresponding host pair context be torn down ?

The draft-ietf-shim6-failure-detection-03.txt document treats those as hints. In any case, they are not used to fail the shim6 context/ULID but a hint that the destination locator is unreachable.


Better to replace "5 minutes" with certain protocol constant
(i.e. MINIMUM_CONTEXT_TIMEOUT).

I don't know if this needs to be a constant; different implementations can pick different values based on their judgement of how long their applications might use a context when there is no connected socket. For instance, an implementation that uses different APIs than the socket API might be able to know all the references applications retain to remote IP addresses, in which case it can tear things down immediately when the last reference is gone.
So I think 5 minutes is an example.

11.1  Sending ULP Payload after a Switch

What about the next header field in the IPv6 protocol header ? I believe
that SHIM6 should override the next header field of IPv6 protocol header
when locator switch is performed.  The new protocol value for SHIM6
(IPPROTO_SHIM6 ?) is to be assigned by IANA.  Is my understanding
correct ?

You're correct. I've added that description.

   Erik