El 01/03/2007, a las 22:25, Deguang Le escribió:
Hi Marcelo, Thanks you very much for your detailed explaination. :-) Please see my responses inline, which still have some questions. bagnulo braun schrieb:Hi Deguang, thanks for the comments see below.. El 01/03/2007, a las 12:14, Deguang Le escribió:Hi Marcelo, all,I read through the insightful draft and I have some questions and comments on Section 3 as follows:To my understanding, the proposed approach employs two kinds of IP addressing: the PI addressing and CMULA addressing, then the PI is used as the locator and CMULA is used as the ULID separately. Right?P-shim uses two types of addresses: First type: CMULAs which are provider independent as ULIDs Second type: PA addresses that are used as locators.So, PA addresses are used as locators, no globally routable PI addresses are used in P-shim in any caseIf it is right, I wonder why we need to use a special IP addressing (i.e. the CMULA) as the ULID.see aboveHowever, I don't understand why the proposed approach has to employ the CMULA as the ULID rather than use one of the locators as the ULID as specified in the base shim6 protocol (draft-ietf-shim6-proto-07.txt)?
you could use a locator of course, but this depends on what features you want to obtain i am assuming that locators will be PA in order to make the routing system scale and there we don't want to use routable PI addresses So if you use a PA addresss as ULID, then you need to renumber when you change ISPs and this may lead to provider lock in
So if the site has no problem with that, no problem it can use PA addesses as locators as it is in the basic shim6 approach and p-shim works
however, if the site wants to achieve provider independence through p-shim then it shouldn't configure any provider dependent addressses in the host, in order to reduce the renumbering costs in a changing provider event
this includes the ULIDsthat is why CMULAs that are provider independetn but that do not contaminate the global bgp routing table are used as ULIDs
this has a cost, since in order to support this, additional efferts are needed. I will send an email summarizing all the costs involved in supporting this provider independence in p-shim
as i mention above, if the site is not interested in provider independence, and only wants p.shim for facilitating deployment or to obtain centrally enforced TE, then it can use p-shim wihtout requiring some of the mechanisms
Doesn't the base shim6 protocol (draft-ietf-shim6-proto-07.txt) specifies to use the locator as the Upper Layer Identifier (ULID)?this refers to the non shim6 capable hosts inside a multihomed site (or that are served by a P-shim box) Hosts that are not served by a P-shim6 box cannot be configured with a CMULA because it is not routableI am confused by the following sentence:*Hosts within the multihomed site are IPv6 hosts without any shim6 support and they are configured only with a single address containing the CMULA prefix.* Since the non-shim6 capable hosts are only assigned with a single address containing the CMULA prefix, is it feasible to put these non-shim6 capable hosts in any place of the Internet and not necessary to put them in a multihomed site?Consider the situation where the non-shim6 capable host accesses to the Internet through a single provider and is configured only with a single globally routable IP address. Then, is the P-SHIM6 box in the proposed approach still able to serve this kind of host?
yes, the site will need a p-shim box in the site (or the isp) even in this case, p-shim can provide a couple of benefits:- support for multihoming fault tolerance capabilities when communicating with a multihomed site that has shim6 - provider independence, since it could use CMULAs in the hosts and the renumbering costs would be reduced
becasue we cannot place CMULAs in AAAA records because if we did so, CMULAs would be returned to hosts and hosts (that are not aware of CMULAs and that are not served by a P-shim6) may try to send packets to this CMULA which is non globally routableWe only need to put the P-SHIM6 in a multihomed site. Right?It is not clear for me how the new *ULID RR* is specified in the existing DNS.I am not sure whether the CMULA is stored in the "ULID RR" or "AAAA RR" on earth, because the following contexts presented in section 3 seem not consistent: PA addresses are published in AAAA RR while *CMULAs are published in a new ULID RR*. The reply is processed by the DNS ALG of the multihomed site and only *the CMULA is returned to H1 in a AAAA RR*.Yes, because a host behind a P-shim, it can use a CMULA as a destiantion address becuase such packet will be intercepted by the P.shim box and the CMULA will be replaced by a gloablly routable PA addressSo, the host behind a P-shim box makes a DNS queryThe DNS server returns the CMULA in the ULID RR and the routable address in the AAAA RR (this is so becuase the DNS server doesn't know if the host that is asking is behind a P-shim6 or not) The DNS component of the P-shim box processes the DNS reply and presentes the CMULA in a AAAA RR to the host behind the P-shim. the host behind the p-shim sends a packet with the CMULA as dest address, which in turn is intercepted by the P-shim box, which establishes the shim context with the peer and replaces the CMULA address by a valid routable locatorIf the destination host (i.e. the peer) does not have the CMULA (e.g. If H2 is a multihomed host as well as is shim6 capable, and all the assigned IP addresses of H2 are PA addresses from its providers), then what does it happen? How does the P-SHIM6 box works or how is the procedure of DNS query peroformed?
in this case there is no need for the DNS ALG and the reply from the DNS is returned untouched to the source host behind the p-shim one of the PA addresses returned in the DNS query will be used as ULID for that context
regards, marcelo
Thanks!Because the CMULA of H2, which should belong to the H2's site, is not globally routable, I don't think the first packet with the CMULA of H2 in the destination address field can be routed from the H1 to the S-SHIM6 box in H1's site. :-)because the P-shim must be located in the path between the host that it is serving and the internetThe following statement is not clear to me:*When H1 sends the first packet addressed to the CMULA of H2, the packet is intercepted and processed by the P- Shim6 box of the multihomed site. * How could the P-SHIM6 intercept the first packet addressed to the CMULA of H2?Does the H1 send the first packet to the CMULA of H2 directly using the common IP routing or does the H1 need to send the first packet to the P-SHIM6 at first?it uses the common ip routing, but the p-shim must be placed on the path between the host it serves and the internet, this can be achieved by configuring the p-shim box to inject a route to the CMULA prefix, so it sinks all the packets with a CMULA as a destiantion addressWhat do you think?Does the establishment of SHIM6 context is prior to the establishment of TCP connection?i cannot but agree with this comment, but i am not sure what is that you would like me to detail more... perhaps with the above clarifications, it is clearer how this works, but let me know if it is not and i can try to make an example...Section 3 provides an example to explain how the proposed approach would work. However, it is not clear for me how a ULP connection (e.g. a TCP connection) could be established between the H1 and H2 through a P-SHIM6. I think it is important to describe how ULP connection is established and preserved through the P-SHIM6. :-)Thanks! Cheers, Deguangthanks, marceloCheers, Deguang marcelo bagnulo braun schrieb:Hi,i have included in this draft some level of detail on how to do proxies in shim6, in order to support unmodified hosts, allow some middle boxes to perform egress path selection and provide PI identifiers, so that we can have an idea of how this would look like in the shim approachComments are welcome Regards, marcelo Inicio mensaje reenviado:De: Internet-Drafts@ietf.org Fecha: 27 de febrero de 2007 21:50:02 GMT+01:00 Para: i-d-announce@ietf.org Cc: Asunto: I-D ACTION:draft-bagnulo-pshim6-00.txt Responder a: internet-drafts@ietf.org A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Proxy Shim6 (P-Shim6) Author(s) : M. Bagnulo Filename : draft-bagnulo-pshim6-00.txt Pages : 22 Date : 2007-2-27This draft discusses extensions to the shim6 architecture to supportshim6 proxies that would allow the provision of the following capabilities: o Provide Upper Layer Identifier portability. o Provide Traffic Engineering policy enforcement.o Off-load of the shim6 context management from the actual peers ofthe communication. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bagnulo-pshim6-00.txtTo remove yourself from the I-D Announcement list, send a message to i-d-announce-request@ietf.org with the word unsubscribe in the body ofthe message.You can also visit https://www1.ietf.org/mailman/listinfo/I-D-announceto change your subscription settings. Internet-Drafts are also available by anonymous FTP. Login with the username "anonymous" and a password of your e-mail address. After logging in, type "cd internet-drafts" and then "get draft-bagnulo-pshim6-00.txt". A list of Internet-Drafts directories can be found in http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt Internet-Drafts can also be obtained by e-mail. Send a message to: mailserv@ietf.org. In the body type: "FILE /internet-drafts/draft-bagnulo-pshim6-00.txt". NOTE: The mail server at ietf.org can return the document in MIME-encoded form by using the "mpack" utility. To use this feature, insert the command "ENCODING mime" before the "FILE" command. To decode the response(s), you will need "munpack" ora MIME-compliant mail reader. Different MIME-compliant mail readersexhibit different behavior, especially when dealing with "multipart" MIME messages (i.e. documents which have been splitup into multiple messages), so check your local documentation onhow to manipulate these messages. Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. Content-Type: text/plain Content-ID: <2007-2-27120849.I-D@ietf.org> _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/i-d-announce