SHIM6 Working Group K. Park Internet-Draft H. Cho Intended status: Informational Seoul National University Expires: April 19, 2007 I. Jang T. You S. Lee ETRI/PEC Oct 16, 2006 Implementing SHIM6 Protocol draft-park-shim6-implementation-00.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 19, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract The SHIM6 protocol is a conceptual sublayer (hereafter "shim") for providing multihoming. This document reports the current status of the implementation for the shim6 protocol. The implementation is done on a IPv6-enabled Linux machine. Park, et al. Expires April 19, 2007 [Page 1] Internet-Draft SHIM Implementation Oct 2006 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Overview . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Netfilter . . . . . . . . . . . . . . . . . . . . . . . . 3 2.3. Iptables and libipq . . . . . . . . . . . . . . . . . . . 4 3. Implementing SHIM6 Protocol . . . . . . . . . . . . . . . . . 5 3.1. Initial Contact . . . . . . . . . . . . . . . . . . . . . 5 3.2. Reachability Protocol . . . . . . . . . . . . . . . . . . 5 4. Data Structures . . . . . . . . . . . . . . . . . . . . . . . 5 4.1. Connection Table . . . . . . . . . . . . . . . . . . . . . 5 4.2. Local Table . . . . . . . . . . . . . . . . . . . . . . . 7 4.3. Peer Table . . . . . . . . . . . . . . . . . . . . . . . . 8 4.4. Used Parameters . . . . . . . . . . . . . . . . . . . . . 9 4.4.1. Shim6 Core Operation . . . . . . . . . . . . . . . . . 9 4.4.2. Shim6 REAP . . . . . . . . . . . . . . . . . . . . . . 10 5. Future Works . . . . . . . . . . . . . . . . . . . . . . . . . 10 6. Security consideration . . . . . . . . . . . . . . . . . . . . 10 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Intellectual Property and Copyright Statements . . . . . . . . . . 13 Park, et al. Expires April 19, 2007 [Page 2] Internet-Draft SHIM Implementation Oct 2006 1. Introduction This document is about the implementation for the shim6 protocol. Since the implementation is not yet completed, we report the current status of the implementation. Our implementation is mainly based on the following documents: Level 3 multihoming shim protocol [I-D.CORE] and Failure Detection and Locator Pair Exploration Protocol for IPv6 Multihoming [I-D.REAP]. Shim6 protocol is implemented on IPv6- enabled Linux machine. This document is structured as follows: Section 2 describes the architecture of our implementation. Next, section 3 shows how we implemented the protocol and section 4 is about the data structures we used. Our future works are described in section 5. 2. Architecture 2.1. Overview ------------------------ | Upper Layer Protocol | ------------------------ --------------------------- -------------------- | | | shim6 shim layer |---------> shim6 deamon process | -------------------- | | --------------------------- ---- |IP| ---- Figure 1: Architecture overview The implementation is mainly based on the protocol specified in [I-D.CORE] and [I-D.REAP]. Our target system is Linux ver. 2.6.16.19 with netfilter and iptables ver. 1.3.5. We use the standard queue handler for IPv6 [4], which is distributed with the kernel. Packets will be queued for userspace processing by libipq library. 2.2. Netfilter Netfilter supports 5 hooks in the network stack. A Packet Traversing the Netfilter System [3]: Park, et al. Expires April 19, 2007 [Page 3] Internet-Draft SHIM Implementation Oct 2006 ---> (1) ---> [ROUTE] ---> (3) ---> (4) ---> | ^ | | | [ROUTE] v | (2) (5) | ^ | | v | +------------------+ | Local Process | +------------------+ (1) NF_IP_PRE_ROUTING hook: A packet is passed to the netfilter framework (2) NF_IP_LOCAL_IN hook: If the packet is destined for the local process, the netfilter framework is called before being passed to the process (if any). (3) NF_IP_FORWARD hook: If the packet is destined to pass to another interface, the netfilter fame work is called. (4) NF_IP_POST_ROUTING hook: The packet passes a final netfilter hook before being put on the wire again. (5) NF_IP_LOCAL_OUT hook: A packet is created locally. We will hook packets at the point of NF_IP_LOCAL_IN(2) and NF_IP_LOCAL_OUT(5) for Shim6 protocol. Append Shim6 extension header and change IP addresses via mapping table at NF_IP_LOCAL_IN. At NF_IP_LOCAL_OUT, decode Shim6 extension header and change IP address to its ULID. Signaling information are carryed on Shim6 extension header. 2.3. Iptables and libipq Iptables apply rules to the netfilter. There are MATCH, TARGET, and TABLE. MATCH filters packets to mangle. TARGET modifies the packets according to the TABLE. Netfilter hooks all packets from NF_IP_LOCAL_IN and send the packets to the shim6 target. Shim6 target will append shim6 extension header and mangle the source/ destination address referring the MANGLE table. Libipq is a development library for iptables userspace packet queuing [4]. Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back Park, et al. Expires April 19, 2007 [Page 4] Internet-Draft SHIM Implementation Oct 2006 into the kernel. These packets may also be modified in userspace prior to reinjection back into the kernel. 3. Implementing SHIM6 Protocol 3.1. Initial Contact When two hosts make a connection, the state of the both hosts is READY. After receiving 50 packets, a host sends I1 message to the other host and goes into I1_SENT state. If the protocol of the connection is TCP-like, each host receives 50 packets nearly at the same time due to the ACK message. To prevent shim6 executed twice, if a host that is not an initiator of the connection and the host is in I1_SENT state receives I1 message, it ignores the message. The initiator sends R1 message in response to I1 message. Exchange of I1 and R1 message implies that both hosts support shim6 protocol. If I1_SENT state expires, this means that the peer host does not support shim6. Current locator sets of the host are piggybacked in I2 and R2 message. Then the hosts go into ESTABLISHED state. 3.2. Reachability Protocol REAP is roughly devided into two parts; Failure Detection and Alternative Address Pair Exploration. Failure detection is a mechanism to detect a failure when a currently used pair of addresses (or interfaces) between two communication hosts has failed. When a failure occurs, hosts trigger Alternative Address Pair Exploration to pick another pair of addresses (or interfaces). Specifically, when a host decides to explore for an alternative address, it sends a set of Probe messages to the peer until it gets an Probe message from the peer. 4. Data Structures 4.1. Connection Table The format of the connection table is as follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Park, et al. Expires April 19, 2007 [Page 5] Internet-Draft SHIM Implementation Oct 2006 | | + + | Local IP Address | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Peer IP Address | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | lport | pport | TS | Proto | CNT | STATE | Init | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | keepalive | lastsend |isvalid| rsvd | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Local IP Address This is an IP address of the local host Peer IP Address This is an IP address of the peer host lport This is a port number of the local host pport This is a port number of the peer host TS This is a 8-bit field time stamp when the last packet has arrived from the peer host Proto This is a protocol number of the connection CNT This is a counter that counts received packets STATE This is a state of the local host Init This indicates whether this host is a initiator of the connection. Park, et al. Expires April 19, 2007 [Page 6] Internet-Draft SHIM Implementation Oct 2006 keepalive This field is used to indicate keepalive timeout in REAP. lastsend This filed is used to indicate send timeout in REAP. isvalid This filed is used to indicate the current connection is valid. rsvd Reserved for future use. When a connection is established, end-hosts maintain a connection table to store the context information of the connection. 4.2. Local Table The format of the local table is as follows: Park, et al. Expires April 19, 2007 [Page 7] Internet-Draft SHIM Implementation Oct 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Local ULID | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Local IP Address | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | pref |isvalid| reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Local ULID This is an ULID of the local host Local IP Address This is an IP address of the local host pref This is a preference of the IP address isvalid This field is used to indicate the IP address is valid. A host automatically generates local table when shim6 protocol is initiated. 4.3. Peer Table The format of the peer table is as follows: Park, et al. Expires April 19, 2007 [Page 8] Internet-Draft SHIM Implementation Oct 2006 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | Peer IP Address | + + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | pref |isvalid| reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Peer IP Address This is an IP address of the peer host pref This is a preference of the IP address isvalid This field is used to indicate the IP address is valid. Peer table is generated after receiving R2 message. 4.4. Used Parameters 4.4.1. Shim6 Core Operation I1_RETRIES_MAX = 4 I1_TIMEOUT = 4 seconds NO_R1_HOLDDOWN_TIME = 1 min ICMP_HOLDDOWN_TIME = 10 min I2_TIMEOUT = 4 seconds I2_RETRIES_MAX = 2 I2bis_TIMEOUT = 4 seconds I2bis_RETRIES_MAX = 2 VALIDATOR_MIN_LIFETIME = 30 seconds Park, et al. Expires April 19, 2007 [Page 9] Internet-Draft SHIM Implementation Oct 2006 UPDATE_TIMEOUT = 4 seconds 4.4.2. Shim6 REAP Send Timeout = 10 seconds Keepalive Timeout = 3 seconds Initial Probe Timeout = 0.5 seconds Number of Initial Probes = 4 probes Max Probe Timeout = 60 seconds 5. Future Works We are looking forward to co-work with other teams implementing shim6 protocol. Please send comments related to the implementation and this document to the author's e-mail address. 6. Security consideration This document has no direct impact on Internet infrastructure security. 7. References [1] Nordmark, E. and M. Bagnulo, "Level 3 multihoming shim protocol", draft-ietf-shim6-proto-05 (work in progress), May 2006. [2] Arkko, J. and I. Beijnum, "Failure Detection and Locator Pair Exploration Protocol for IPv6 Multihoming", draft-ietf-shim6-failure-detection-03 (work in progress), December 2005. [3] "netfilter-hacking-HOWTO.a4.ps, http://www.netfilter.org/". [4] "http://www.cs.princeton.edu/~nakao/libipq.htm". Park, et al. Expires April 19, 2007 [Page 10] Internet-Draft SHIM Implementation Oct 2006 Authors' Addresses Kunwoo Park Seoul National University Multimedia Communications Lab., Seoul National Univ. Shillim-dong, Kwanak-gu Seoul 151-744 Korea Phone: +82-2-880-1832 Fax: +82-2-872-2045 Email: kwpark@mmlab.snu.ac.kr Hosik Cho Seoul National University Multimedia Communications Lab., Seoul National Univ. Shillim-dong, Kwanak-gu Seoul 151-744 Korea Phone: +82-2-880-9147 Fax: +82-2-876-7170 Email: hscho@mmlab.snu.ac.kr Indong Jang ETRI/PEC 161, Gajeong-Dong, Yuseong-Gu Daejeon 305-350 Korea Phone: +82 42 860 4978 Fax: +82 42 861 5404 Email: indoi@etri.re.kr Taewan You ETRI/PEC 161, Gajeong-Dong, Yuseong-Gu Daejeon 305-350 Korea Phone: +82 42 860 4996 Fax: +82 42 861 5404 Email: twyou@etri.re.kr Park, et al. Expires April 19, 2007 [Page 11] Internet-Draft SHIM Implementation Oct 2006 Seungyun Lee ETRI/PEC 161, Gajeong-Dong, Yuseong-Gu Daejeon 305-350 Korea Phone: +82 42 860 5508 Fax: +82 42 861 5404 Email: syl@etri.re.kr Park, et al. Expires April 19, 2007 [Page 12] Internet-Draft SHIM Implementation Oct 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Park, et al. Expires April 19, 2007 [Page 13]