[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: old GSE idea
On Wednesday, April 16, 2003, at 07:53 AM, Iljitsch van Beijnum wrote:
On woensdag, apr 16, 2003, at 15:40 Europe/Amsterdam, Brian E
I think we should fly up one level and discuss a hypothetical
world in which addresses in A000::/3 are deemed to be mutable
in flight between bits 3 and 47 inclusive.
Right. Either change the pseudo-header checksum to incorporate only
the top 3 and lower 80 or set the 45 bits of the global locator to some
constant value. The latter approach allows for use of existing IPv6
code, but makes figuring out the source of a (non-malicious) DoS and/or
the source of an ICMP unreachable message at the end point a bit
challenging (malicious DoS would likely have a spoofed locator).
See what it does
to TCP, SCTP and IPSEC for example.
Well, break them... The TCP/UDP checksum should be easy enough to fix,
IPsec AH not much harder. The real problem is that if I have a session
with a001::1 and suddenly packets start coming in from a002::1, how do
I know these belong to the same session? This can be fixed by making
the bottom 64/80 bits should be globally unique, or by informing the
other side of all possible values that may appear in those 45 bits
I think the simplest solution is to make the lower 64 bits globally
unique. Treat the endpoint ID as a key into a distributed database of
one or more locators associated with that endpoint ID. The endpoint
need not (ever) know the full destination address, that is, the DNS
lookup of the end point host name would only return (top 3, lower 80).
The core/edge boundary packet forwarder takes the destination end point
identifier of the outgoing packet, looks up (simple hash would work)
the locators associated with that end point, picks one of the locators
based on some administrative policy (e.g., AS hop count), rewrites the
locator into the destination address and sends the packet on its way.
As long as we're flying up levels, why not go up one more and compare
different multiple-PA approaches?
One reason I like the GSE concept is that it removes the topology
change induced renumbering problem from end sites, providing (in
addition to multi-homing), number portability, at least from the
perspective of end users (yes, non-tier 1 ISPs will need to renumber
their infrastructure should they decide to change upstreams, but this
wouldn't affect their customers).
The other approaches that do not separate locator from identifier don't
address this problem (to my knowledge, pointers to documents where they
do greatly appreciated).
From my perspective, the "real" problems with the GSE concept, at least
historically, have been dealing with the distributed endpoint
ID/locator map and the fear that GSE would make insertion attacks
easier. Given the state of routing security (that is, the ability to
insert pretty much any prefix into the routing system) I personally do
not believe the latter concern is significantly worsened by something
like GSE and, in any event, this issue would be addressed by deployment
With respect to dealing with a distributed database, there are two
broad approaches, pushing the data out (e.g., the way routiing tables
are propagated) or pulling the data in (e.g., the way the DNS works).
Both have advantages and disadvantages, but this given existence of
solutions to this problem, this part seems solvable to me.