[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Shim6 proxies
This topic has been discussed several times on this ml.
My understanding of this topic is that there can be basically two
flavors of proxy-like devices:
- on one hand, a proxy that basically performs locator selection on
behalf of the host. In this case, the security functions are still end
to end, but the locator selection is performed by another device,
likely a router, that has more information about available routes
and/or is managed by the network admins. This is basically what is
described in draft-nordmark-shim6-esd-00. This seems an architecturally
clean approach, since the locator selection function can be cleanly off
loaded from the host itself, as long as the security remains e2e.
- on the other hand, there is the full proxy. this was discussed
several times (most of times by Iljitsch). In this case, there is a
proxy that establishes shim contexts on behalf of a non-shim capable
node. In this case, the proxy performs all the functions of the shim.
Now, this seems to be an useful tool, especially for facilitating the
deployment and providing some benefits of the shim to legacy hosts.
However there seems to be certain questions that need to be answered in
this scenario. For instance, does the host has one or many addresses? i
mean is the host aware that it has multiple addresses or not? depending
on the assumption here, different problems appear. Let's start by this
point... what did you have in mind for this?
El 27/03/2006, a las 22:54, Scott Leibrand escribió:
Has there been any consideration of the interaction of the proposed
protocol with a potential shim6 proxy? I'm thinking it would be quite
useful to be able to place a device on-path near one end of a TCP
connection (i.e. on the default router), and have the device perform
functions (and possibly other multihoming duties) on behalf of one or
host(s) behind it.