[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Design decisions made at the interim SHIM6 WG meeting
El 27/10/2005, a las 17:08, Iljitsch van Beijnum escribió:
On 27-okt-2005, at 15:29, marcelo bagnulo braun wrote:
I don't think "decisions" is the right word here... These are more
like suggestions by the chairs.
sorry, but i disagree here.
The points below were accepted by most of the people in the room (i
certainly accepted most of them)
It's important that the wg participants that weren't at the interim
meeting determine the merit of all of these points themselves so the
wg can come to rough consensus rather than just say "well most people
that were in Amsterdam agreed so it must be the right decision".
absolutely agree
but we do agree that most people that were in amsterdam agreed on this
points, right?
The real point is what happens when the address pair selected by
either the application or RFC 3484 doesn't work. How do we handle
this case?
the idea, (and i think this is was this decision point is about) is
that we need an update to rfc 3484 to deal with this.
What RFC does is two things:
1. select source and destination addresses
2. tell application programmers to cycle through all destination
addresses
kind of agree...
i would say that rfc3484 does:
- it passes an ordered list of destiantion addresses to the app and
requires that the app should cycle through all of them until finds one
that is reachable
- it selects a source address for a given destiantion address when the
app does not select one
Any modifications to these won't help if an application, with help
from RFC 3484 or its successor, selects an address pair that isn't
reachable and then DOESN'T cycle through all source/destination
combinations.
well, first of all, rfc3484 should state that the app should cycle not
only through all the destination addresses but through all possible
pairs of source destiantion address pairs available.
This is the minimum change that rfc3484 would require
of course i agree that we should do better and try to help with apps
that don't cycle through all the possible address pairs
Most IPv4 applications don't cycle through all destination addresses,
and a significant number of IPv6 applications doesn't either. I don't
see applications cycle through all source/dest pairs because that's
very hard to do right.
not really understand what is the part that you think it is hard....
i can think of soem difficulties, but i would like to see if we are
considering the same problems here...
So either we have three choices:
1. adopt the "second shim" to do this for the application
2. make it possible to repair the situation where there is no
reachability between the ULIDs from the start.
3. update RFC 3484 and wait for all applications to be updated
I believe 3. won't work in practice and if it did, it would be a huge
duplication of effort as all applications would have to implement the
same functionality. Remember that we chose to make the shim such that
unmodified applications can benefit from it.
Ok, let me explain how i see it:
I think we could have 3 approaches (which can be complementary i.e.
does not have to be one or the other)
- first approach is to let the app take care of everything
i.e. inform the app about all src and dst address and let
the app try all the possible combinations.
This is the minimum change to rfc3484 bis, i.e. state that
apps SHOULD retry with all possible src,dst pairs
A possible optimization for this, would be that the rfc3484
delivers an ordered list of address pairs (similar than current
rfc3484 delivers a ordered list of dst address, the rfc3484bis
would deliver to the app an ordered list of address pairs (based
on rules for prefering one address pair over the other)
[an alternative to this that would be more compatible with current
rfc3484 would that for a given dst address, rfc3484bis would
provide an ordered list or src addresses for this dst address]
- a second approach would be similar to the current case where the
app does not select the src address. In this case, the rfc3484bis
src address selection mechanism would need to use a different
src address each time the apps retries.
In this case the responsible for retrying is still the app, and
the app needs to be informed that it needs to retry several
times with the same dst address, so that the rfc3484bis would
use different src address for this dst address. In order to
do this we could define an notification at the api level
to allow rfc3484bis mechanisms to inform the app that no more
src addresses are available to retry with and that we will be
recycling to ones that have already been tried (so that the
app can give up or use a different dst address)
- a third approach would be to allow rfc3484bis to handle
retrials itself when the src address is left unspecified by the app
In this case, when an app tries to open a socket with an
unspecified src address, rfc3484bis would try to send packets with
different src addresses until it finds one that it is working.
the main difficulty is how rfc3484bis can determine that
a src address is working (in the previous approaches, this was
left up to the app, which knew when a address pair was working
and when it wasn't, it retried to send the packet again)
In this case, the goal would be to leave rfc3484bis to determine
when a src address (or an address pair) is working.
I guess that if we assume that rfc3484bis will only handle
bidirectional paths, we can assume that if we receive a packet
with src address IP1 and dst address IP2m then we can say that
the address pair with src=IP2 and dst=IP1 is working as an
outgoing address pair.
Using this, rfc3484bis can cache information about address pairs
contained in received packets, to determine address pairs that
are working. In this case, rfc3484bis would send a packet using
a given address pair, and if no packets are received from this
address pair in a given period, it could retry to send the packet
using a different address pair until it finds one that
receives traffic back, or it gives up
Now, this third approach is at best very debatable.
I think that the first two approaches make sense and that it would be
useful to incoporate information about incoming address pairs as a hint
to select outgoing address pairs that are working.
I have no problem with a shim header for demultiplexing in cases
where demultiplexing would otherwise be very hard or impossible. For
instance, in the case of several extension headers, an explicit shim
header makes it possible to indicate which headers see modified
addresses and which headers see unmodified addresses unambiguously.
However, I think it's a very bad idea to have a shim header in EVERY
packet with rewritten addresses, because there are cases where the
shim context can be determined from information that's already in
the packet unambiguously so an extra header is unnecessary.
[...]
this is the point of debate: whether this extension should be
mandatory in the base spec or not.
my opinion about this, is that this would be indeed quite complex.
As I've explained before: this can be exceedingly simple. We just need
signalling message, or a field in an existing signalling message, so
that a host can tell its correspondent that it doesn't want to see the
shim header for packets with rewritten addresses within this context.
If the sender simply honors this option then we're done in the base
spec.
i guess that the point is that we don't want to include this bit unless
we know that we know how to make this extension work in a simple way
Deciding when a host can safely set this option is more complex of
course, but THAT part can be an experimental extension. (I'll write a
draft shortly.) However, it's essential that the capability to
suppress the shim header is in there from the start, or implementing
the logic to enable this capability will be so hard to get off the
ground (then both ends would need to be updated rather than just the
receiver) that probably nobody is going to bother etc etc.
I mean i like the idea but i am afraid that when we try to define the
details, the result will be complex. If not i would certainly support
this
How about this: I'll write the draft about how this would work in
practice (i.e., when a host can demultiplex without the shim header)
and after that we make the final decision?
this works perfectly for me
(also i would be glad to work in the draft with you if you want)
That would be after Vancouver, though.
4. Use a 32 bit context field with no checksum, and 15 reserved
bits and a
1 bit flag to indicate control / payload. Note potential DOS
risks
If we know there are risks today, maybe it makes more sense to make
the tag variable size (to be negotiated between the peers) rather
than fixed?
what about making it fixed of 47 bits from the start?
Then there is no room for extensions, and some implementations may be
more confortable with 32 bit math.
* Adopt HIP parameter format for options; HIP parameter format
defines length in bytes but guarantees 64-bit alignment.
I don't want this alignment. It wastes space, it's an implementation
headache and it buys us nothing.
i think that this is a small price to pay to allow future convergence
with hip that is anther protocol somehow related with shim6
No, I don't see how this makes sense. It just makes the decision
making much more complex as the needs of two different mechanisms must
be aligned first.
not sure i understand what you mean here...
in the meeting we agreed that this is basically all that was to be done
in order to provide hip compatibility (no other consderations will be
made w.r.t. hip compatibility afaiu)
Forking is a bad idea, it increases the complexity of the shim
manifold while pretty much the same functionality can also be
provided in a different way.
i guess it depends on how you handle it... i mean for me, i see it
just as multiple contexts with the same ulid pair, but with different
context tag. In this view, it doesn't seems very complex, it is just
multiple contexts..., am i missing something?
With forking, a context is no longer uniquely identified by a ULID
pair.
right, ulid pair plus context tag defines the context
This means the context id must be carried along everywhere.
not sure what you mean by everywhere...
packets do you mean?
One place where this is inconvenient is between the application, that
specifies certain ToS requirements, and the shim. The transport
protocol that sits in the middle must now somehow "color" all packets
with the right context information so the shim knows what to do with
the packet. IIRC there are also signalling complexities.
right but this is what it seems that apps want, right? the capability
of selecting the locator pair to be used for carrying the traffic (at
least this is what i understood this was all about)
18. Use a statically specified in the initial protocol
specification of
(10) seconds.
This means that senders must transmit something (data, keepalive)
every 10 seconds, right? So the receiver needs to wait a bit LONGER
than 10 seconds to time out.
as i recall it, 10 seconds was the time of 3 packets i.e. a node is
expected to send packets every 3 seconds, so if 3 packets are
missing, then we have a problem detected.
I think every 3 seconds is excessive. So in my draft I just wait 12 -
15 seconds at the receiver (10 seconds that the sender uses + margin
for RTT and jitter), and then initiate the full reachability
exploration. This will first do a packet with the currently used
address pair but after a very short timeout it will start to explore
alternate address pairs.
This means the full exploration may be triggered when omly two packets
are dropped, which is a bit aggressive, but on the other hand it means
only an FBD keepalive every 10 seconds rather than every 3 seconds so
I think this makes sense.
i think that 10 sec was just a value that was somehow appropriate.. i
don't have a problem with 15 or 20 secs neither...
regards, marcelo