Re: Shim6 proxies

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

Hi Scott,

This topic has been discussed several times on this ml.

My understanding of this topic is that there can be basically two 
flavors of proxy-like devices:
- on one hand, a proxy that basically performs locator selection on 
behalf of the host. In this case, the security functions are still end 
to end, but the locator selection is performed by another device, 
likely a router, that has more information about available routes 
and/or is managed by the network admins. This is basically what is 
described in draft-nordmark-shim6-esd-00. This seems an architecturally 
clean approach, since the locator selection function can be cleanly off 
loaded from the host itself, as long as the security remains e2e.
- on the other hand, there is the full proxy. this was discussed 
several times (most of times by Iljitsch). In this case, there is a 
proxy that establishes shim contexts on behalf of a non-shim capable 
node. In this case, the proxy performs all the functions of the   shim. 
Now, this seems to be an useful tool, especially for facilitating the 
deployment and providing some benefits of the shim to legacy hosts. 
However there seems to be certain questions that need to be answered in 
this scenario. For instance, does the host has one or many addresses? i 
mean is the host aware that it has multiple addresses or not? depending 
on the assumption here, different problems appear. Let's start by this 
point... what did you have in mind for this?

Regards, marcelo

El 27/03/2006, a las 22:54, Scott Leibrand escribió:

> Has there been any consideration of the interaction of the proposed 
> shim6
> protocol with a potential shim6 proxy?  I'm thinking it would be quite
> useful to be able to place a device on-path near one end of a TCP
> connection (i.e. on the default router), and have the device perform 
> shim6
> functions (and possibly other multihoming duties) on behalf of one or 
> more
> host(s) behind it.
>
> -Scott