[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shim6 proxies

To: Scott Leibrand <sleibrand@internap.com>
Subject: Re: Shim6 proxies
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Mon, 17 Apr 2006 17:22:20 -0700
Cc: marcelo bagnulo braun <marcelo@it.uc3m.es>, shim6@psg.com
In-reply-to: <Pine.LNX.4.58.0603301131490.15884@sleibrand-ibm.acs.internap.com>
References: <Pine.LNX.4.58.0603271434050.29315@sleibrand-ibm.acs.internap.com> <be3431f1f15b52f98dc22e4edeba3aa2@it.uc3m.es> <Pine.LNX.4.58.0603301131490.15884@sleibrand-ibm.acs.internap.com>
User-agent: Thunderbird 1.5 (X11/20060113)

Scott Leibrand wrote:

If you're going to do a full proxy, you have to go all the way IMO.  That
means that for whatever locators the end hosts use, whether they have
multiple locators are not, have to be assumed to be fixed for the session,
just like ULIDs.  The shim6 proxy would then intercept all shim6 control
traffic to that IP, and perform the shim functions on behalf of the host.
It would have a bunch of its own locators, which would make up the locator
set.  It could also include the ULID as one of those locators, and
intercept traffic to that IP with shim6 headers, or I suppose it could
treat the host's IP as a non-routable identifier for shim6 purposes and
just use its own locators in the locator set.  Either way, the proxy would
process all shim6-tagged traffic for the host, de-shim it as normal, and
then pass the traffic along to the host's IP instead of passing it up to
the ULP.

I think such a proxy could be built, but instead of relying on somecomplex DHCPv6 coordination of the address assigned to a host, it ismuch much easier to build and deploy and as IPv6 NAT + shim6 proxy.

Thus the host picks an single IPv6 address just like today (usingstateless address autoconfig or DHCPv6) and the NAT maintains a 1-1mapping between those local addresses and a ULID (and HBA/CGA parameterset); thus the NAT doesn't need to mess with the port numbers.


The proxy then does all of shim6 on behalf of the host.

One disadvantage with this approach is that the proxy becomes a singlepoint of failure for a TCP connection. But since the 1-1 mapping can befixed it can be more easily shared across a pair such NATting proxiesthan today's IPv4 NATs that rewrite port numbers.Another disadvantage is that you probably need a two-faced DNS(different answers for internal queries than external ones) so thatsite-internal traffic can use whatever local IPv6 addresses (ULAs?) thatare assigned to the hosts.A third disadvantage is that things which don't work through NAT mightnot work through such a proxy.

So I don't think such a proxy is desirable long-term, even though it canbe valuable as part of a transition to shim6.

And as I said, the alternative that Marcelo has been talking about wherethe DHCPv6 address assignment to the host is coordinated with the shim6proxy is a lot more complex.

Thus asking what traffic engineering influence can be accomplished witha locator rewrite by the routers is still a very important question inmy mind when it comes to the longer-term direction.


   Erik

Follow-Ups:
- Re: Shim6 proxies
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- Shim6 proxies
  - From: Scott Leibrand <sleibrand@internap.com>
- Re: Shim6 proxies
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: Shim6 proxies
  - From: Scott Leibrand <sleibrand@internap.com>

Prev by Date: Re: Shim6 failure recovery after garbage collection
Next by Date: Re: Shim6 proxies
Previous by thread: Re: Shim6 proxies
Next by thread: Re: Shim6 proxies
Index(es):
- Date
- Thread