Re: [Hipsec] Segmentation within HIP

Mon, 28 Mar 2016 17:46:40 -0700 

Please see:

draft-hares-i2nsf-ssls-00-02.txt
Sue Hares and I are working on a whole session layer architecture where chunking and frag/reassem are parts of the session layer. The work we are doing there, definitely would easily apply to HIP. Actually you need more that a bit. Really 7 (this is what I did in IEEE 802.15.9), but 6 work. 

I would be interested in sitting down with you at IETF on this.

This week I am busy with my youngest son's wedding (tomorrow night).

On 03/25/2016 06:49 PM, Derek Fawcus wrote:

Recently I've been working on middlebox s/w:  Firewalls and NAT.

One thing this has brought home to me is just how unreliable
fragmentation is on the current Internet.  NAT will often
simply break it (such that they can not be reassembled) or
just discard them,  and firewalls are often set up to block them.

As such,  almost every protocol now would seem to need protocol
level segmentation/fragmentation,  rather than depend up IP
level fragmentation.

It struck me that it should be quite simple to extend HIP to
support such.

1) Add a Controls bit which advertises that the sender supports
    segmentation.
2) Define a new parameter,  numbered 1 such that it is first in
    the parameters,  and is critical.
    Within the parameter have a seqno/identifier, offset and
    more segments / final segment bit, possibly also a total
    size field.  Define some simple reassembly rules,  similar
    to those for IP fragments, such that one could reassemble
    a HIP packet larger than 2008 bytes if desired (how big?).
3) Possibly also define a none critical parameter within the
    non signed,  non MACed range which advertises the max size
    packet the sender is willing to reassemble.  In fact I guess
    this might remove the need to use a Controls bit,  since it
    would imply the sender can reassemble.

Then have a rule that once one party has seen the other party
advertise the segmentation capability within the current BEX
session, it is free to make use of segmentation towards that peer.

Thoughts?

DF

_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec



_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec

Reply via email to