Re: draft-ietf-shim6-proto-06 : Context confusion

[marcelo bagnulo braun <marcelo@it.uc3m.es>]

Hi Sebastien,

sorry for the long delay and thank you for your feedback

i think you raise an interesting point here....
below...

El 08/11/2006, a las 14:27, Sébastien Barré escribió:

> Hi,
>
> I think that in the previous mail, I had not well in mind the fact 
> that the only way for a host to have multiple own context tags is to 
> first drop one context, then create a new one with the same context 
> tag, so that in any case, there is only one possible context for the 
> context tag, with still the possibility of having packets arriving to 
> the newly created context, but addressed to the dropped context.
>
> With this in mind, I understand better the interest of having 
> non-overlapping locators sets. This way we can work as if the two (or 
> more) locator sets were corresponding to different machines.
>
> But in this case the following sentence should probably be adapted a 
> bit (section 7.6):
> ----
> The confusion can be detected when I2/I2bis/R2 is received since we
>  require that those messages MUST include a sufficiently large set of
>  locators in a Locator List option that the peer can determine whether
>  or not two contexts have the same host as the peer by comparing if
>  there is any common locators in Ls(peer).
> ----
> Now, we could consider the case of a single host with multiple 
> disjoint locator sets being seen by its pair as multiple hosts. This 
> is without problem except a little subtlety. Here is the adapted 
> example of the previous mail :
> ----
> 1. host A has two contexts with host B, one with the set of locators 
> <A1,B1/B2> and CTx, the other with <A2,B3/B4> and CTy.

this situation is not supported in the current spec

in section 7.6.  Context confusion it is stated that:

   The confusion can be detected when I2/I2bis/R2 is received since we
   require that those messages MUST include a sufficiently large set of
   locators in a Locator List option that the peer can determine whether
   or not two contexts have the same host as the peer by comparing if
   there is any common locators in Ls(peer).

since B1/B2 is disjoint with B3/B4, this would be not complying with 
the aforementioned MUST in the draft

However, i think it is a valid question whether we should or not 
support this type of configuration...

I mean, this means that all pair of locator sets of all shim6 contexts 
of a host must be non disjoint

In other words, that if we take all the possible pairs of locators sets 
of existing contexts in a host, all of these must be non disjoint.

So, a scenario where a host B has 4 addresses B1,B2,B3,B4, it is not 
possible that B establishes a context with B1,B2 and another context 
with B3,B4, since they would be disjoint.

I may agree that this is an overkill and that we should lift this 
limitation

An option to support this situation would be as you mention below, to 
include the locator pair besides the context tag in the processing of 
the incoming payload packets.
However, this by itself it is not enough to completely remove the need 
for the limitation above.

The limitation above is oriented to prevent the case of host merging. 
This is the case when two contexts initially have disjoint contexts and 
then through an update message, a locator is added to one of the 
context, resulting in a non disjoint locator set with an existing 
context.

consider the  following case
the context A1,B1/B2 is created and B assigns CTx to this context
B looses the context
The context A2,B3/B4 is created and B reuses CTx
As you mention, this can be addressed if we add the locator pair and 
the context tag to process payload packets.

Now what happen if B add locator B1 to the second context and A adds A1 
to the second context?

the result is that A will have two contexts:
A1,B1/B2 and
A1,A2,B1/B3/B4 both with the same CT(peer)=CTx, so when A sends packets 
with the first context, they will flow with addresses A1,B1 and context 
CTx, fiting the second context and we have the problem again.


So as i see it, there are two different scenarios that are not 
supported today and that we can update the spec to support:

- scenario 1: i call it virtual hosts. the supported feature here is to 
support the case of establishing context with the same peer with 
disjoint locator sets. For instance the scenario above where host A has 
locators A1 and A2 and host B has locators B1, B2, B3, B4 and to be 
able to estbalish two contexts A1,B1/B2 and another context with 
A2,B3/B4. In this case A and B would have something like two virtual 
hosts and they cannot merge. i.e. it is not possible that B adds B1 to 
the second context

-scenario 2: host merging. In this case it is possible that B adds B1 
to the second context

In order to support scenario 1, we would need to process incoming 
payload packets considering both the context tag and the locator pair 
and we would need to soften the MUST included above to soemthing like: 
If two context have disjoint locator sets at the moment of the context 
establishemnt, then they must always be disjoint. We need to phrase 
this very precisely, in order to be able to cope with loosing contexts 
and so on. (another way to describe it would be to include a section 
about virtual hosts, meaning that it is possible to support virtual 
hosts as long as they don't merge)

In order to support scenario 2 we need to modify quite a few things in 
the spec. In particular what do we do when the hosts merge through an 
UPDATe message and what do we do with the resulting contexts if they 
have the same context tag allocated. This would be quite hard to 
support. One option would be to renogotiate the context tag, but this 
would be quite complex. the other option would be to refuse the update 
messge, but we woud need to define a message to reject an UPDATe 
message.

So, imho, we may consider supporting the first case of virtual hosts 
(it would imply some rewriting of the spec though) but i don't think 
that it would be good idea to support the  second case, of merging 
hosts....

opinions?

Regards, marcelo



> 2. After some time, host B drops the first context.
> 3. Now he wants to create another one : <A1,B3/B4> with CTx.
> ----
>
> When A receives the I2 message from B, it is not able (as should be) 
> to detect that it is speaking with the same host, as the locator sets 
> are disjoint. As a consequence, the context in A with CT(peer)=CTx 
> will not be discarded. We are now in the situation of A possibly 
> sending packets to both the discarded context <A1,B1/B2> and the newly 
> created one <A1, B3/B4>, using CTx in both cases.
> IMHO, this can be detected by B, and should be stated in the draft as 
> another case of confusion detection (in fact both confusion and 
> context loss detection). For this to be done, section 12.1 could be 
> slightly changed, to say that a receiver MUST NOT assume that a packet 
> with the shim6 payload extension header and a context tag matching 
> with a context is really attached to the context. Rather, to verify 
> this, the source locator must be checked against Ls(peer) :
> o if the source locator is included in Ls(peer), usual translation is 
> done.
> o if the source locator is not included in Ls(peer), then probably 
> this packet belongs to an old, dropped context, and an R1bis message 
> MUST be sent in this case, in order to recover the previously 
> discarded context (in my example <A1,B1/B2>).
>
> I hope this proposal is clearer and more realistic than the one 
> described in my previous mail.
>
> Thanks for any comment,
>
> Sébastien.