2004-12-01 hip proxy patrik salmela. 2004-12-01 2 contents background: id-locator split hip why a...
TRANSCRIPT
![Page 1: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/1.jpg)
2004-12-01
HIP proxy
Patrik Salmela
![Page 2: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/2.jpg)
2004-12-01 2
Contents
Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype Performance Conclusions
![Page 3: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/3.jpg)
2004-12-01 3
Background: ID – locator split
Currently:IP address serves 2 purposesLocator POW:
• Node moves -> new locator: OKIdentifier POW:
• Node moves -> new identifier: NOT OKIdentifier requirements:
• Stay constant regardless of location and time
![Page 4: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/4.jpg)
2004-12-01 4
Background (cont.)Some ID – locator split solutions
GSE proposal for IPv6 Part of address serves as ID, constant
FARA Framework for designing new architectures
PeerNet DHT and peer-to-peer thinking
I3
IDs registered at I3 servers HIP
![Page 5: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/5.jpg)
2004-12-01 5
The HIP way
ID-locator split• IDID: HI (-> HIT / LSI) locatorlocator: IP address• Packets sent to IDID, routed using locatorlocator
Security• IPsec ESP, SAs created during base exchange
Mobility• Connections between IDs (HITs)• Location update messages
Multihoming• Packets sent to IDID, the routing is irrelevant
The ID is the base for all these features
![Page 6: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/6.jpg)
2004-12-01 6
HIP (cont.)
![Page 7: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/7.jpg)
2004-12-01 7
Why a HIP proxy?
More HIP hosts -> more use for HIP It will take time for HIP to spread A HIP proxy enables HIP between legacy
hosts and HIP hosts
Legacy host HIP hostHIP proxy
HIPIPsec ESP
![Page 8: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/8.jpg)
2004-12-01 8
Why a HIP proxy (cont.)
Promotes HIP• New possibilities to use HIP
Can be used as ”try-then-buy” for HIP• Easier to enable HIP for hosts in a network
• In the long run an all HIP solution is better; less configuration, more freedom/features
• If satisfied by services provided by HIP (proxy) -> upgrade to a HIP host/network
![Page 9: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/9.jpg)
2004-12-01 9
Restrictions for a HIP proxy
No security between proxy and legacy host• Solution: Proxy on the border of a private network
HIP host unaware of proxy, security problem• Solution: Add indication into base exchange
Legacy hosts cannot use all HIP features• Solution: Upgrade to HIP host
![Page 10: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/10.jpg)
2004-12-01 10
Functionality of a HIP proxy
Assign, and use, HITs for legacy hosts
HIP connection from HIP host also possible
![Page 11: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/11.jpg)
2004-12-01 11
The prototype HIP proxy
FreeBSD 5.2, Ericsson Finland’s HIP impl.
IPv6 only
No HIP modified DNS -> HIT-IP mappings in configuration file
Proxy between two small LANs
Uses ip6fw and divert6
![Page 12: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/12.jpg)
2004-12-01 12
The prototype (cont.)
Packets diverted to proxy for processing
All packets coming from priv. net.• Locate HIT-IP mappings
• Replace IP addresses with HITs
Packets from pub. net. with HITs in header• Locate HIT-IP mappings
• Replace HITs with IP addresses
![Page 13: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/13.jpg)
2004-12-01 13
Performance
Using proxy
Using
HIP
Conn. Avg. RTT
(20 pkts.)
No
No
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
Yes
Yes
Yes
Yes
1
2
1
2
1
2
4
8
0,624ms
0,616ms
0,698ms
0,684ms
0,851ms
0,832ms
0,822ms
0,872ms
+ ~12% (0,070ms) (proxy)
+ ~22% (0,150ms) (IPsec)
![Page 14: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/14.jpg)
2004-12-01 14
Performance (cont.)
Using proxy
Using
HIP
Hosts/ list
Avg. RTT
(20 pkts.)
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
10
50
100
500
1000
0,676ms
0,693ms
0,705ms
0,730ms
0,770ms
If the host lists are long:• Configuration file difficult to manage• (probably) very much traffic through the proxy-> Delay from looking up mappings is not the main problem
![Page 15: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/15.jpg)
2004-12-01 15
Further work
IP version independent HIP proxy• Work in progress…
Improve proxy configuration• E.g. check if configuration file has been
edited
![Page 16: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/16.jpg)
2004-12-01 16
Conclusions
HIP proxy prototype intended as proof-of-concept
• concept proven
Can be used as base for new, improved, version
HIP proxy can be used as a stepping stone when going legacy -> HIP
![Page 17: 2004-12-01 HIP proxy Patrik Salmela. 2004-12-01 2 Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype](https://reader038.vdocuments.us/reader038/viewer/2022100509/56649f2e5503460f94c47ee4/html5/thumbnails/17.jpg)
2004-12-01 17
Comments / Questions?