[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: State of play with Shim6 documents

To: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>
Subject: Re: State of play with Shim6 documents
From: Erik Nordmark <erik.nordmark@sun.com>
Date: Mon, 12 Mar 2007 14:26:07 -0700
Cc: Geoff Huston <gih@apnic.net>, shim6-wg <shim6@psg.com>, kurtis@kurtis.pp.se
In-reply-to: <77F357662F8BFA4CA7074B0410171B6D01A2FBB5@XCH-NW-5V1.nw.nos.boeing.com>
References: <77F357662F8BFA4CA7074B0410171B6D01A2FBB5@XCH-NW-5V1.nw.nos.boeing.com>
User-agent: Thunderbird 1.5.0.5 (X11/20060911)

Henderson, Thomas R wrote:

Besides the fragmentation issue, the way it is defined now, it seems
burdensome to implementations that want to implement the shim6 control
plane as a user-space daemon (as opposed to defining a separate protocol
number for shim6 control messages).  My reading of IPv6 raw sockets
semantics suggests that they cannot be used.

from RFC 3542:
"With IPv6 raw sockets will be
   used for ICMPv6 and to read and write IPv6 datagrams containing a
   Next Header field that the kernel does not process."

This is not the case for shim6 since the kernel does process the payload
extension header in the data plane.

Under current definition, how should a user-space shim6 implementation
use IPv6 sockets API to get only the control messages?  If there isn't

an easy way, should we consider to separate the protocol numbers?


Thomas,

Are you saying that the *only* thing that prevents a complete shim6user-space implementation using standard APIs is the fact that shim6uses a single protocol number? I find that very hard to believe since Idon't know of any standard APIs that allow me to insert the transmitside data plane of shim6 in the transmit path. The API RFCs clearlydon't have such a mechanism, nor does the socket standard from the opengroup. Thus a user space shim6 implementation would require somenon-standard extensions and/or modifications to the stack. Given that, Isuspect one can figure out how to handle the above issue as well.

The reason for using a single protocol number for shim6 is to increasethe probability of uniform handling by existing firewalls. With a singleprotocol number existing firewalls would probably either let all suchpackets through, or block all of them. If we chose to instead usemultiple protocol numbers there is the danger that some packets (such asthe context establishment packets) make it through the firewall whileothers (such as the payload packets) are blocked. That possibility addsa new failure mode which is hard to deal with, especially if the probemessages get the same firewall treatment as the context establishmentpackets.


   Erik

Follow-Ups:
- Re: State of play with Shim6 documents
  - From: Shinta Sugimoto <shinta@sfc.wide.ad.jp>
- RE: State of play with Shim6 documents
  - From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>

References:
- RE: State of play with Shim6 documents
  - From: "Henderson, Thomas R" <thomas.r.henderson@boeing.com>

Prev by Date: Cross-Reviews of draft-ietf-nemo-multihoming-issues
Next by Date: RE: State of play with Shim6 documents
Previous by thread: Re: State of play with Shim6 documents
Next by thread: RE: State of play with Shim6 documents
Index(es):
- Date
- Thread