[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proxy shim with hash in upper address bits?

To: Iljitsch van Beijnum <iljitsch@muada.com>
Subject: Re: proxy shim with hash in upper address bits?
From: marcelo bagnulo braun <marcelo@it.uc3m.es>
Date: Fri, 13 Jul 2007 11:03:55 +0200
Cc: shim6-wg <shim6@psg.com>, RAM Mailing List <ram@iab.org>
In-reply-to: <5544034C-9139-4E6B-A6A7-DBE087BCF37A@muada.com>
References: <2D647210-AF54-4B24-9FBA-A7865B4F4325@muada.com> <3DB9629A-0C1D-4D8E-B779-5D6686DC9F69@it.uc3m.es> <5544034C-9139-4E6B-A6A7-DBE087BCF37A@muada.com>


El 12/07/2007, a las 23:04, Iljitsch van Beijnum escribió:

[crossposted, please prune as required. RAM people, please look atthe bottom of the message]
On 11-jul-2007, at 15:23, marcelo bagnulo braun wrote:
After reading Marcelo's draft about a proxy implementation ofshim6 a while ago I was somewhat disheartened: this is extremelyhard to do, mostly because an unsuspecting host would need toreceive an HBA-compatible address.
why do you think so?... you can deal with this doing dhcpdelegation of the HBAs/CGAs? (you would be breaking statelessaddress autoconf, but i guess the same would happen if you need areasonable amount of bits in the prefix to carry cryptoinformation...)
You're right, if you can get the hosts to create only HBA addressesby use of DHCPv6 or some other mechanism, that would work. Notethought that most of today's IPv6 hosts don't support DHCPv6address assignment so this may not be a suitable solution for truelegacy IPv6 support.
Obviously stateless autoconf would have to work with the bits inthe upper part of the address or this would be an exercise infutility.
Yes, creating a crypto prefix for the identifier namespace wouldbean option for dealing with this, but i guess it would break SAA
SAA?


stateless address auto configuration

Another, possibly even harder to solve, problem with proxy shim iswhat happens when a host behind the proxy want to talk to a non-shim host.


it depends what type of idetifiers are you using

if you are using routable identifiers, then you don't have problem

if you are not using routble ids, then you are in trouble andbackward compatibility woudl require either configuring routableaddress to hosts (in addition of the non routable ids) or some formof nat

But quite possibly, we can solve this if we can make proxy shiminteroperable with a LISP-like approach. So the user of theportable space would implement a shim proxy cq ETR/ITR which wouldobviously be able to talk to other shim proxy/ETR/ITR devices aswell as to any host that supports shim6. Hosts that don't implementshim6 would have to reach hosts behind a proxy through ETRs thatare deployed by their ISPs or possibly by the sellers of theportable address space.

how does this solve the backward compatibility problem? I mean youstill need to deploy ETR/ITR in the remote site, so if you do that,you may well deploy any other box i.e a pproxy shim

Bottom line: proxy shim, shim6, lisp, you-name-it, they all requiresupport from both ends involved in the communication (either host ora box next to the host (proxy, TR)) (and the multihoming benefitsonly apply to the path between the two multihoming aware boxes)


Regards, marcelo

Follow-Ups:
- Re: proxy shim with hash in upper address bits?
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

References:
- proxy shim with hash in upper address bits?
  - From: Iljitsch van Beijnum <iljitsch@muada.com>
- Re: proxy shim with hash in upper address bits?
  - From: marcelo bagnulo braun <marcelo@it.uc3m.es>
- Re: proxy shim with hash in upper address bits?
  - From: Iljitsch van Beijnum <iljitsch@muada.com>

Prev by Date: Re: proxy shim with hash in upper address bits?
Next by Date: Re: proxy shim with hash in upper address bits?
Previous by thread: Re: proxy shim with hash in upper address bits?
Next by thread: Re: proxy shim with hash in upper address bits?
Index(es):
- Date
- Thread