--- 1/draft-ietf-shim6-multihome-shim-api-09.txt 2009-10-27 00:12:39.000000000 +0100 +++ 2/draft-ietf-shim6-multihome-shim-api-10.txt 2009-10-27 00:12:39.000000000 +0100 @@ -1,22 +1,22 @@ SHIM6 Working Group M. Komu Internet-Draft HIIT Intended status: Informational M. Bagnulo -Expires: January 14, 2010 UC3M +Expires: April 29, 2010 UC3M K. Slavov S. Sugimoto, Ed. Ericsson - July 13, 2009 + October 26, 2009 Socket Application Program Interface (API) for Multihoming Shim - draft-ietf-shim6-multihome-shim-api-09 + draft-ietf-shim6-multihome-shim-api-10 Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -25,21 +25,21 @@ and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. - This Internet-Draft will expire on January 14, 2010. + This Internet-Draft will expire on April 29, 2010. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights @@ -56,73 +56,78 @@ equipped with a conceptual sub-layer (hereafter "shim") inside the IP layer that maintains mappings between identifiers and locators. Examples of the shim are SHIM6 and HIP. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. System Overview . . . . . . . . . . . . . . . . . . . . . . . 6 4. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 7 - 5. Socket Options for Multihoming Shim Sub-Layer . . . . . . . . 9 + 5. Socket Options for Multihoming Shim Sub-layer . . . . . . . . 9 5.1. SHIM_ASSOCIATED . . . . . . . . . . . . . . . . . . . . . 13 5.2. SHIM_DONTSHIM . . . . . . . . . . . . . . . . . . . . . . 14 - 5.3. SHIM_HOT_STANDBY . . . . . . . . . . . . . . . . . . . . . 15 - 5.4. SHIM_PATHEXPLORE . . . . . . . . . . . . . . . . . . . . . 15 + 5.3. SHIM_HOT_STANDBY . . . . . . . . . . . . . . . . . . . . 15 + 5.4. SHIM_PATHEXPLORE . . . . . . . . . . . . . . . . . . . . 15 5.5. SHIM_LOC_LOCAL_PREF . . . . . . . . . . . . . . . . . . . 16 - 5.6. SHIM_LOC_PEER_PREF . . . . . . . . . . . . . . . . . . . . 17 + 5.6. SHIM_LOC_PEER_PREF . . . . . . . . . . . . . . . . . . . 17 5.7. SHIM_LOC_LOCAL_RECV . . . . . . . . . . . . . . . . . . . 18 - 5.8. SHIM_LOC_PEER_RECV . . . . . . . . . . . . . . . . . . . . 19 + 5.8. SHIM_LOC_PEER_RECV . . . . . . . . . . . . . . . . . . . 19 5.9. SHIM_LOC_LOCAL_SEND . . . . . . . . . . . . . . . . . . . 19 - 5.10. SHIM_LOC_PEER_SEND . . . . . . . . . . . . . . . . . . . . 21 - 5.11. SHIM_LOCLIST_LOCAL . . . . . . . . . . . . . . . . . . . . 21 + 5.10. SHIM_LOC_PEER_SEND . . . . . . . . . . . . . . . . . . . 21 + 5.11. SHIM_LOCLIST_LOCAL . . . . . . . . . . . . . . . . . . . 21 5.12. SHIM_LOCLIST_PEER . . . . . . . . . . . . . . . . . . . . 23 - 5.13. SHIM_APP_TIMEOUT . . . . . . . . . . . . . . . . . . . . . 23 + 5.13. SHIM_APP_TIMEOUT . . . . . . . . . . . . . . . . . . . . 23 5.14. SHIM_DEFERRED_CONTEXT_SETUP . . . . . . . . . . . . . . . 24 - 5.15. Error Handling . . . . . . . . . . . . . . . . . . . . . . 25 - 6. Ancillary Data for Multihoming Shim . . . . . . . . . . . . . 25 - 6.1. Get Locator Information from Incoming Packet . . . . . . . 27 - 6.2. Specify Locator Information for Outgoing Packet . . . . . 27 - 6.3. Notification from Application to Multihoming Shim . . . . 27 + 5.15. Applicability . . . . . . . . . . . . . . . . . . . . . . 25 + 5.16. Error Handling . . . . . . . . . . . . . . . . . . . . . 25 + 6. Ancillary Data for Multihoming Shim Sub-layer . . . . . . . . 26 + 6.1. Get Locator from Incoming Packet . . . . . . . . . . . . 27 + 6.2. Set Locator for Outgoing Packet . . . . . . . . . . . . . 27 + 6.3. Notification from Application to Multihoming Shim + Sub-layer . . . . . . . . . . . . . . . . . . . . . . . . 27 + 6.4. Applicability . . . . . . . . . . . . . . . . . . . . . . 28 7. Data Structures . . . . . . . . . . . . . . . . . . . . . . . 28 7.1. Placeholder for Locator Information . . . . . . . . . . . 28 7.1.1. Handling Locator behind NAT . . . . . . . . . . . . . 29 - 7.2. Path Exploration Parameter . . . . . . . . . . . . . . . . 30 - 7.3. Feedback Information . . . . . . . . . . . . . . . . . . . 30 - 8. Implications for Existing Socket API Extensions . . . . . . . 31 - 9. Resolving Conflicts with Preference Values . . . . . . . . . . 32 - 9.1. Implicit Forking . . . . . . . . . . . . . . . . . . . . . 32 - 10. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 33 - 10.1. Naming at Socket Layer . . . . . . . . . . . . . . . . . . 33 - 10.2. Additional Requirements from Applications . . . . . . . . 33 - 10.3. Issues of Header Conversion among Different Address - Family . . . . . . . . . . . . . . . . . . . . . . . . . . 33 - 10.4. Handling of Unknown Locator Provided by Application . . . 34 - 11. Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 - 11.1. Changes from version 00 to version 01 . . . . . . . . . . 34 - 11.2. Changes from version 01 to version 02 . . . . . . . . . . 34 - 11.3. Changes from version 02 to version 03 . . . . . . . . . . 35 - 11.4. Changes from version 03 to version 04 . . . . . . . . . . 35 - 11.5. Changes from version 04 to version 05 . . . . . . . . . . 35 - 11.6. Changes from version 05 to version 06 . . . . . . . . . . 35 - 11.7. Changes from version 06 to version 07 . . . . . . . . . . 35 - 11.8. Changes from version 07 to version 08 . . . . . . . . . . 35 - 11.9. Changes from version 08 to version 09 . . . . . . . . . . 35 - 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 35 - 13. Security Considerations . . . . . . . . . . . . . . . . . . . 36 - 14. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 36 - 15. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 36 - 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 37 - 16.1. Normative References . . . . . . . . . . . . . . . . . . . 37 - 16.2. Informative References . . . . . . . . . . . . . . . . . . 37 - Appendix A. Context Forking . . . . . . . . . . . . . . . . . . . 38 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 40 + 7.2. Path Exploration Parameter . . . . . . . . . . . . . . . 30 + 7.3. Feedback Information . . . . . . . . . . . . . . . . . . 31 + 8. System Requirements . . . . . . . . . . . . . . . . . . . . . 32 + 9. Implications for Existing Socket API Extensions . . . . . . . 32 + 10. Resolving Conflicts with Preference Values . . . . . . . . . . 33 + 10.1. Implicit Forking . . . . . . . . . . . . . . . . . . . . 33 + 11. Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . 34 + 11.1. Naming at Socket Layer . . . . . . . . . . . . . . . . . 34 + 11.2. Additional Requirements from Applications . . . . . . . . 34 + 11.3. Issues of Header Conversion among Different Address + Family . . . . . . . . . . . . . . . . . . . . . . . . . 34 + 11.4. Handling of Unknown Locator Provided by Application . . . 35 + 12. Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 + 12.1. Changes from version 00 to version 01 . . . . . . . . . . 35 + 12.2. Changes from version 01 to version 02 . . . . . . . . . . 35 + 12.3. Changes from version 02 to version 03 . . . . . . . . . . 36 + 12.4. Changes from version 03 to version 04 . . . . . . . . . . 36 + 12.5. Changes from version 04 to version 05 . . . . . . . . . . 36 + 12.6. Changes from version 05 to version 06 . . . . . . . . . . 36 + 12.7. Changes from version 06 to version 07 . . . . . . . . . . 36 + 12.8. Changes from version 07 to version 08 . . . . . . . . . . 36 + 12.9. Changes from version 08 to version 09 . . . . . . . . . . 36 + 12.10. Changes from version 09 to version 10 . . . . . . . . . . 36 + 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 37 + 14. Security Considerations . . . . . . . . . . . . . . . . . . . 37 + 15. Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . 37 + 16. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 37 + 17. References . . . . . . . . . . . . . . . . . . . . . . . . . . 38 + 17.1. Normative References . . . . . . . . . . . . . . . . . . 38 + 17.2. Informative References . . . . . . . . . . . . . . . . . 38 + Appendix A. Context Forking . . . . . . . . . . . . . . . . . . . 39 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 41 1. Introduction HIP and SHIM6 have a commonality in their protocol design in the sense that the semantic roles of an IP address, i.e., an identifier and a locator, are distinguished. Separation of identifier and locator is done by introducing a "shim" inside the IP layer which maintains mapping of the identifier and associated locators. This design principle is called "identifier/locator separation" and the shim is referred to as a "shim sub-layer" in this document. @@ -167,23 +172,23 @@ multihomed environments. In addition, this document aims to provide necessary information for developers of multihoming shim protocols to implement API for enabling advanced locator management. 2. Terminology This section provides terminology used in this document. Basically most of the terms used in this document are taken from the following documents: - o SHIM6 Protocol Specification[I-D.ietf-shim6-proto] + o SHIM6 Protocol Specification[RFC5533] o HIP Architecture[RFC4423] - o Reachability Protocol (REAP)[I-D.ietf-shim6-failure-detection] + o Reachability Protocol (REAP)[RFC5534] In this document, the term "IP" refers to both IPv4 and IPv6, unless the protocol version is specifically mentioned. The following are definitions of terms frequently used in this document: o Endpoint identifier (EID) - The identifier used by the application to specify the endpoint of a given communication. Applications may handle EIDs in various ways such as long-lived connections, callbacks, and referrals[I-D.ietf-shim6-app-refer]. * In the case of SHIM6, an identifier called a ULID serves as an @@ -192,27 +197,26 @@ serves as an EID. A Host Identifier is derived from the public key of a given host. For the sake of backward compatibility with the sockets API, the Host Identifier is represented in a form of hash of public key. o Locator - The IP address actually used to deliver IP packets. Locators are present in the source and destination fields of the IP header of a packet on the wire. * List of locators - A list of locators associated with an EID. There are two lists of locators stored in a given context. One is associated with the local EID and the other is associated - with the remote EID. As defined in [I-D.ietf-shim6-proto], the - list of locators associated with an EID 'A' is denoted as - Ls(A). + with the remote EID. As defined in [RFC5533], the list of + locators associated with an EID 'A' is denoted as Ls(A). * Preferred locator - The (source/destination) locator currently used to send packets within a given context. As defined in - [I-D.ietf-shim6-proto], the preferred locator of a host 'A' is - denoted as Lp(A). + [RFC5533], the preferred locator of a host 'A' is denoted as + Lp(A). o Shim - The conceptual sub-layer inside the IP layer which maintains mappings between EIDs and locators. An EID can be associated with more than one locator at a time when the host is multihomed. The term 'shim' does not refer to a specific protocol but refers to the conceptual sub-layer inside the IP layer. o Identifier/locator adaptation - The adaptation performed at the shim sub-layer which may end up re-writing the source and/or destination addresses of an IP packet. In the outbound packet processing, the EID pair is converted to the associated locator @@ -235,21 +239,21 @@ (faulty operation). o Working address pair - The address pair is considered to be "working" if the packet can safely travel from the source to the destination where the packet contains the first address from the pair as the source address and the second address from the pair as the destination address. If reachability is confirmed in both directions, the address pair is considered to be working bi- directionally. o Reachability protocol (REAP) - The protocol for detecting failure and exploring reachability in a multihomed environment. REAP is - defined in [I-D.ietf-shim6-failure-detection]. + defined in [RFC5534]. 3. System Overview Figure 1 illustrates the system overview. The shim sub-layer and REAP component exist inside the IP layer. Applications use the sockets API defined in this document to interface with the shim sub- layer and the transport layer for locator management, failure detection, and path exploration. It may also be possible that the shim sub-layer interacts with the @@ -293,22 +297,21 @@ * It should be possible to set a list of source and/or destination locators within a given context: Ls(local) and Ls(remote). * It should be possible to get a list of source and/or destination locators within a given context: Ls(local) and Ls(remote). o Notification from applications to the shim sub-layer about the status of the communication. The notification occurs in an event- based manner. Applications and/or upper layer protocols may provide positive feedbacks or negative feedbacks to the shim sub- - layer. Note that these feedbacks are mentioned in - [I-D.ietf-shim6-failure-detection]]: + layer. Note that these feedbacks are mentioned in [RFC5534]]: * Applications and/or upper layer protocols (e.g., TCP) may provide positive feedbacks to the shim sub-layer informing that the communication is going well. * Applications and/or upper layer protocols (e.g., TCP) may provide negative feedbacks to the shim sub-layer informing that the communication status is not satisfactory. TCP may detect a problem when it does not receive any expected ACK message from the peer. Besides, a receipt of an ICMP error message could be a clue for the application to detect problems. The REAP module @@ -353,21 +356,21 @@ * Apply shim. The application should be able to explicitly request the shim sub-layer to apply multihoming support. * Don't apply shim. The application should be able to request the shim sub-layer not to apply the multihoming support but to apply normal IP processing at the IP layer. o An application should be able to know if the communication is now being served by the shim sub-layer or not. o An application should be able to use a common interface to access an IPv4 locator and an IPv6 locator. -5. Socket Options for Multihoming Shim Sub-Layer +5. Socket Options for Multihoming Shim Sub-layer In this section, socket options that are specific to the shim sub- layer are defined. Table 1 shows a list of the socket options that are specific to the multihoming shim sub-layer. An application may use these socket options for a given socket either by the getsockopt() system call or by the setsockopt() system call. All of these socket options are defined at level SOL_SHIM. @@ -471,21 +474,21 @@ | SHIM_CONTEXT_DEFERRED_SETUP | o | o | Get or set the | int | | | | | parameter which | | | | | | indicates | | | | | | whether | | | | | | deferred | | | | | | context setup | | | | | | is supported or | | | | | | not. | | +-----------------------------+-----+-----+-----------------+-------+ - Table 1: Socket options for multihoming shim + Table 1: Socket options for multihoming shim sub-layer *1: Pointer to a shim_locator which is defined in Section 7. *2: Pointer to shim_locator data structure. *3: Pointer to an array of shim_locator. *4: Pointer to a shim_pathexplore which is defined in Section 7. Figure 2 illustrates how the shim specific socket options fit into @@ -1015,21 +1018,21 @@ The SHIM_APP_TIMEOUT option is used to get or set the timeout value for application to detect failure. Hence this option is effective only when there is a shim context associated with the socket. The data type of the option value is an integer. The value indicates the period of timeout in seconds to send a REAP Keepalive message since the last outbound traffic. By default, the option value is set to 0, meaning that the option is disabled. When the option is disabled, the REAP mechanism follows its default value of Send - Timeout value as specified in [I-D.ietf-shim6-failure-detection] + Timeout value as specified in [RFC5534] If the timeout value specified is longer than the Send Timeout configured in the REAP component, the REAP Keepalive message should be suppressed. An error ENOENT will be returned when there is no context associated with the socket. For example, an application can set the timeout value by using the socket option as follows. @@ -1079,43 +1082,57 @@ For example, an application can get the option value as follows. int optval; int len; len = sizeof(optval); getsockopt(fd, SOL_SHIM, SHIM_DEFERRED_CONTEXT_SETUP, &optval, &len); -5.15. Error Handling +5.15. Applicability + + All the socket options for the multihoming shim sub-layer are + applicable only to connected sockets. The reason behind this + restriction is that it is necessary for the multihoming shim layer to + identify a target multihoming shim context when an application gives + preference value(s) by a socket option for the multihoming shim sub- + layer. Multihoming shim contexts are, by definition, identified by a + pair of EIDs. Therefore, it is possible for the multihoming shim + sub-layer to identify the target context only when the source and + destination IP addresses of the application session are known. When + any socket options for the multihoming shim sub-layer is set for an + unconnected socket, EINVAL error code MUST be returned. + +5.16. Error Handling If successful, getsockopt() and setsockopt() return 0; otherwise, the functions return -1 and set errno to indicate an error. The following are new error values defined for some shim specific socket options indicating that the getsockopt() or setsockopt() finished incompletely: EINVALIDLOCATOR This indicates that at least one of the necessary validations inside the shim sub-layer for the specified locator has failed. In case of SHIM6, there are two kinds of verifications required for security reasons prior to sending an IP packet to the peer's new locator; one is the return routability (check if the peer is actually willing to receive data with the specified locator) and the other one is the verification based on crypto identifier - mechanisms [RFC3972], [I-D.ietf-shim6-hba]. + mechanisms [RFC3972], [RFC5535]. -6. Ancillary Data for Multihoming Shim +6. Ancillary Data for Multihoming Shim Sub-layer In this section, the definition and the usage of the ancillary data - specific to multihoming shim are provided. + specific to multihoming shim sub-layer are provided. As defined in the Posix standard, sendmsg() and recvmsg() input a msghdr structure as their arguments. These system calls can handle control information along with data. Figure 3 shows the msghdr structure which is defined in . The member msg_control holds a pointer to the buffer where the shim specific ancillary data objects can be stored in addition to other ancillary data objects. struct msghdr { caddr_t msg_name; /* optional address */ @@ -1152,73 +1169,78 @@ | SHIM_LOC_LOCAL_SEND | o | | *1 | | SHIM_LOC_PEER_SEND | o | | *1 | | SHIM_FEEDBACK | o | | shim_feedback{} | +---------------------+-----------+-----------+-----------------+ Table 2: Shim specific ancillary data *1: cmsg_data[] should include padding (if necessary) and a single sockaddr_in{}/sockaddr_in6{}. - It should be noted that the above ancillary data can only be handled - by a UDP or a raw socket and not by a TCP socket. This is because - there is no one-to-one mapping between a single send/receive - operation and a TCP segment being transmitted/received. - -6.1. Get Locator Information from Incoming Packet +6.1. Get Locator from Incoming Packet An application can get locator information from the received IP packet by specifying the shim specific socket options for the socket. When SHIM_LOC_LOCAL_RECV and/or SHIM_LOC_PEER_RECV socket options are set, the application can retrieve local and/or remote locator from the ancillary data. -6.2. Specify Locator Information for Outgoing Packet +6.2. Set Locator for Outgoing Packet An application can specify the locators to be used for transmitting an IP packet by sendmsg(). When the ancillary data of cmsg_type SHIM_LOC_LOCAL_SEND and/or SHIM_LOC_PEER_SEND are specified, the application can explicitly specify the source and/or the destination locators to be used for the communication over the socket. - In addition, the application can specify the outgoing interface by - SHIM_IF_SEND ancillary data. The ancillary data should contain the - interface identifier of the physical interface over which the - application expects the packet to be transmitted. - Note that the effect is limited to the datagram transmitted by the sendmsg(). If the specified locator pair is verified, the shim sub-layer overrides the locators of the IP packet. An error EINVALIDLOCATOR will be returned when validation of the specified locator failed. -6.3. Notification from Application to Multihoming Shim +6.3. Notification from Application to Multihoming Shim Sub-layer An application may provide feedbacks to the shim sub-layer about the communication status. Such feedbacks are particularly useful for the shim sub-layer in the absence of REAP mechanism to monitor the reachability status of the currently used locator pair in a given shim context. The notification can be made by sendmsg() specifying a new ancillary data called SHIM_FEEDBACK. The ancillary data can be handled by specifying SHIM_FEEDBACK option in cmsg_type. An error ENOENT will be returned when there is no context associated with the socket. - See Section 7.3 for details of the data structure to be used. Note - that this specification does not specify the exact behavior of the - shim sub-layer when a feedback is given by an application. + See Section 7.3 for details of the data structure to be used. + + It is outside the scope of this document how the shim sub-layer would + react when a feedback is provided by an application. + +6.4. Applicability + + It is important to note that the ancillary data specified in this + section are applicable only to datagram-oriented sockets (e.g., UDP + sockets or raw sockets) and that they are not applicable to stream- + oriented sockets (e.g., TCP sockets). The reason behind this + restriction is that there is no one-to-one mapping between a single + send or receive operation and a TCP segment being transmitted or + received. + + Due to the above restriction and the restriction addressed in + Section 5.15, SHIM_LOC_LOCAL_RECV or SHIM_LOC_PEER_RECV socket + options are, in practice, applicable only to connected UDP sockets. 7. Data Structures In this section, data structures specifically defined for the multihoming shim sub-layer are introduced. These data structures are either used as a parameter for setsockopt()/getsockopt() (as mentioned in Section 5) or as a parameter for ancillary data to be processed by sendmsg()/recvmsg() (as mentioned in Section 6). 7.1. Placeholder for Locator Information @@ -1324,34 +1345,34 @@ uint8_t pe_keepaliveto; /* Keepalive Timeout */ uint16_t pe_initprobeto; /* Initial Probe Timeout */ uint32_t pe_reserved; /* reserved */ }; Figure 6: path explore structure pe_probenum Indicates the number of initial probe messages to be sent. Default value of this parameter should follow what is specified in - [I-D.ietf-shim6-failure-detection]. + [RFC5534]. pe_keepaliveto Indicates timeout value for detecting a failure when the host does not receive any packets for a certain period of time while there is outbound traffic. When the timer expires, path exploration procedure will be carried out by sending a REAP Probe message. Default value of this parameter should follow what is specified in - [I-D.ietf-shim6-failure-detection]. + [RFC5534]. pe_initprobeto Indicates retransmission timer of REAP Probe message in milliseconds. Note that this timer is applied before exponential back-off is started. A REAP Probe message for the same locator pair may be retransmitted. Default value of this parameter should - follow what is specified in [I-D.ietf-shim6-failure-detection]. + follow what is specified in [RFC5534]. pe_reserved A reserved field for future extension. By default, the field should be initialized to zero. 7.3. Feedback Information As mentioned in Section 6.3, applications can inform the shim sub- layer about the status of unicast reachability of the locator pair currently in use. The feedback information can be handled by using ancillary data called SHIM_FEEDBACK. A new data structure named @@ -1378,21 +1400,37 @@ * 1: Unable to connect. There is no unidirectional reachability between the locator pair in question. * 2: Unsatisfactory. The application is not satisfied with the unidirectional reachability between the locator pair in question. * 3: Satisfactory. There is satisfactory unidirectional reachability between the locator pair in question. reserved Reserved field. Must be ignored by the receiver. -8. Implications for Existing Socket API Extensions +8. System Requirements + + As discussed in Section 5, all the socket options for multihoming + shim sub-layer are applicable only to connected sockets. To break + this down into system requirements, the operating system (kernel) + should be able to establish and maintain an association between a + socket instance and one or more multihoming shim context. It is, + however, outside the scope of this document how the operating system + would establish and maintain associations between sockets and + multihoming shim contexts. An association can be established on + creation of a multihoming shim context, or at any stage. On creation + of a shim context, the multihoming shim sub-layer on the initiator + side should be aware of the triggering packet and it should be + possible to figure out the originating socket. It is more difficult + to establish an association on the responder side. + +9. Implications for Existing Socket API Extensions Some of the socket options defined in this document are overlapping with existing sockets API and care should be taken for the usage not to confuse with the overlapping features. The socket options for requesting specific locators to be used for a given transaction (SHIM_LOC_LOCAL_PREF and SHIM_LOC_PEER_PREF) are semantically similar to the existing sockets API (IPV6_PKTINFO). The socket options for obtaining the locator information from the received IP packet (SHIM_LOC_LOCAL_RECV and SHIM_LOC_PEER_RECV) are @@ -1411,287 +1449,293 @@ incoming packets. This information is stored in ancillary data being IPV6_PKTINFO specified as cmsg_type. Existing sockets API should continue to work above the shim sub-layer, that is, the IP addresses handled in IPV6_PKTINFO should be EIDs, not the locators. Baseline is that the above existing sockets API (IP_RECVDSTADDR and IPV6_PKTINFO) is assumed to work above the multihoming shim sub- layer. In other words, the IP addresses those socket options deal with are EIDs rather than locators. -9. Resolving Conflicts with Preference Values +10. Resolving Conflicts with Preference Values Since the multihoming shim API allows application to specify preference value for the context which is associated with the socket instance, there may be a conflict with preference values specified by different applications. For instance, application A and B may establish communication with the same EID pair while both applications have different preference in their choice of local locator. SHIM6 supports a notion of context forking in which a context is split when there is a conflict with preference values specified by multiple applications. Thus, context forking can simply resolve the conflicting situation which may be caused by the use of socket options for multihoming shim sub-layer. -9.1. Implicit Forking +10.1. Implicit Forking Socket options defined in Section 5 may cause conflicting situation when the target context is shared by multiple applications. In such case, socket handler should inform the shim sub-layer that context forking is required. In SHIM6, when a context is forked, an unique identifier called Forked Instance Identifier (FII) is assigned to the newly forked context. The forked context is then exclusively associated with the socket through which non-default preference value was specified. The forked context is maintained by the multihoming shim sub-layer during the lifetime of associated socket instance. When the socket is closed, the multihoming shim sub-layer SHOULD delete associated context. In this way, garbage collection can be carried out to cleanup unused forked contexts. Upon garbage collection, every forked context SHOULD be checked if there is no socket (process) associated with the context. If there is none, the forked context should be deleted. When a forked context is torn down, SHIM6 should notify the peer about the deletion of forked context. As opposed to socket options, context forking MUST NOT be triggered - by any use of ancillary data that is specific to multihoming shim as - defined in Section 6. + by any use of ancillary data that is specific to multihoming shim + sub-layer as defined in Section 6. -10. Discussion +11. Discussion In this section, open issues are introduced. -10.1. Naming at Socket Layer +11.1. Naming at Socket Layer The getsockname() and getpeername() system calls are used to obtain the 'name' of an endpoint which is actually a pair of IP address and port number assigned to a given socket. getsockname() is used when an application wants to obtain the local IP address and port number assigned for a given socket instance. getpeername() is used when an application obtains the remote IP address and port number. The above is based on a traditional system model of the sockets API where an IP address is expected to play both the role of identifier and the role of locator. In a system model where a shim sub-layer exists inside the IP layer, both getsockname() and getpeername() deal with identifiers, namely EIDs. In this sense, the shim sub-layer serves to (1) hide locators and (2) provide access to the identifier for the application over the legacy socket APIs. -10.2. Additional Requirements from Applications +11.2. Additional Requirements from Applications At the moment, it is not certain if following requirements are common in all the multihomed environments (SHIM6 and HIP). These are mainly identified during discussions made on SHIM6 WG mailing list. o The application should be able to set preferences for the locators, local and remote ones, and also to the preferences of the local locators that will be passed to the peer. -10.3. Issues of Header Conversion among Different Address Family +11.3. Issues of Header Conversion among Different Address Family The shim sub-layer performs identifier/locator adaptation. Therefore, in some cases, the whole IP header can be replaced with new IP header of a different address family (e.g. conversion from IPv4 to IPv6 or vice versa). Hence, there is an issue how to make the conversion with minimum impact. Note that this issue is common in other protocol conversion such as SIIT[RFC2765]. As addressed in SIIT specification, some of the features (IPv6 routing headers, hop-by-hop extension headers, or destination headers) from IPv6 are not convertible to IPv4. In addition, notion of source routing is not exactly the same in IPv4 and IPv6. Hence, there is a certain limitation in protocol conversion between IPv4 and IPv6. The question is how should the shim sub-layer behave when it faces with limitation problem of protocol conversion. Should we introduce new error something like ENOSUITABLELOCATOR ? -10.4. Handling of Unknown Locator Provided by Application +11.4. Handling of Unknown Locator Provided by Application There might be a case where application provides the shim layer new locator with the SHIM_LOC_*_PREF socket options or SHIM_LOC_*_SEND ancillary data. Then there is a question how should the shim sub- layer treat the new locator informed by the application. In principle, locator information are exchanged by the shim protocol. However, there might be a case where application acquires information about the locator and prefers to use it for its communication. -11. Changes +12. Changes -11.1. Changes from version 00 to version 01 +12.1. Changes from version 00 to version 01 The followings are changes from version 00 to version 01: o Define shim_locator{} data type which is a placeholder for locator. o Define shim_pathexplore{} data type in which a set of REAP parameters are stored. o Remove descriptions about "stickiness" of socket options. o Deprecate SHIM_IF_RECV and SHIM_IF_SEND socket options. o Give default value and how to disable given socket option. -11.2. Changes from version 01 to version 02 +12.2. Changes from version 01 to version 02 The followings are changes from version 01 to version 02: o Add section describing context forking. o Rephrase conclusion section. o Separate normative references from informative references. o Remove texts from discussion section that are not relevant to the contents of the document. o Add section describing change history (this section). -11.3. Changes from version 02 to version 03 +12.3. Changes from version 02 to version 03 The followings are changes from version 02 to version 03: o Add an Appendix section describing the issue of context forking. -11.4. Changes from version 03 to version 04 +12.4. Changes from version 03 to version 04 The followings are changes from version 03 to version 04: o Updated reference. o Correct typo and grammatical errors. -11.5. Changes from version 04 to version 05 +12.5. Changes from version 04 to version 05 The followings are changes from version 04 to version 05: o Added definition of SHIM_FEEDBACK ancillary data. o Added an example of code using the SHIM_LOCLIST_LOCAL o Added SHIM_LOC_LOCAL_SEND and SHIM_LOC_PEER_SEND socket options. -11.6. Changes from version 05 to version 06 +12.6. Changes from version 05 to version 06 The followings are changes from version 04 to version 05: o Updated references. -11.7. Changes from version 06 to version 07 +12.7. Changes from version 06 to version 07 The followings are changes from version 06 to version 07: o Resolved editorial issues. -11.8. Changes from version 07 to version 08 +12.8. Changes from version 07 to version 08 No changes are made except for updates of the references. -11.9. Changes from version 08 to version 09 +12.9. Changes from version 08 to version 09 The followings are changes from version 08 to version 09: o Updated texts for Section 1 and Section 5 according to the comments provided by Samu Varjonen. - o Made it clear that downgrading the multihome shim support (i.e., + o Made it clear that downgrading the multihoming shim support (i.e., specifying value 1 with the SHIM_DONTSHIM socket option) is only allowed before the socket is connected. o Updated locator information (shim_locator{}) so that it can contain a locator behind NAT. -12. IANA Considerations +12.10. Changes from version 09 to version 10 + + The followings are changes from version 09 to version 10: + + o Addressed applicability of socket options and ancillary data for + the multihoming shim sub-layer. + o Addressed system requirements. + o Removed unnecessary description about deprecated socket option + (SHIM_IF_RECV). + +13. IANA Considerations This document contains no IANA consideration. -13. Security Considerations +14. Security Considerations This document does not specify any security mechanism for the shim sub-layer. Fundamentally, the shim sub-layer has a potential to impose security threats, as it changes the source and/or destination IP addresses of the IP packet being sent or received. Therefore, the basic assumption is that the security mechanism defined in each protocol of the shim sub-layer is strictly applied. -14. Conclusion +15. Conclusion In this document, the Application Program Interface (API) for multihoming shim sub-layer is specified. The sockets API allows applications to have additional control of the locator management and interface to the REAP mechanism inside the multihoming shim sub- layer. Socket options for multihoming shim sub-layer can be used by getsockopt() and/or setsockopt() system calls. Besides, applications can use some ancillary data that are specific to multihoming shim sub-layer to get locator from received packet or to set locator for outgoing packet. From an architectural point of view, the sockets API provides extends the existing sockets API framework in the face of ID/Locator separation. With regard to API that relate to IP address management, it is assured that existing sockets API continue to work above the shim sub-layer dealing with identifiers, while multihoming shim API deals with locators. -15. Acknowledgments +16. Acknowledgments Authors would like to thank Jari Arkko who participated in the discussion that lead to the first version of this document, and Tatuya Jinmei who thoroughly reviewed the early version of this draft and provided detailed comments on sockets API related issues. Thomas Henderson provided valuable comments especially from HIP perspectives. Authors sincerely thank to the following people for their help to improve this document: Samu Varjonen and Dmitriy Kuptsov. -16. References -16.1. Normative References - - [I-D.ietf-shim6-failure-detection] - Arkko, J. and I. Beijnum, "Failure Detection and Locator - Pair Exploration Protocol for IPv6 Multihoming", - draft-ietf-shim6-failure-detection-13 (work in progress), - June 2008. +17. References - [I-D.ietf-shim6-proto] - Bagnulo, M. and E. Nordmark, "Level 3 multihoming shim - protocol", draft-ietf-shim6-proto-12 (work in progress), - February 2009. +17.1. Normative References [POSIX] "IEEE Std. 1003.1-2001 Standard for Information Technology -- Portable Operating System Interface (POSIX). Open group Technical Standard: Base Specifications, Issue 6, http://www.opengroup.org/austin", December 2001. [RFC3542] Stevens, W., Thomas, M., Nordmark, E., and T. Jinmei, "Advanced Sockets Application Program Interface (API) for IPv6", RFC 3542, May 2003. [RFC4423] Moskowitz, R. and P. Nikander, "Host Identity Protocol (HIP) Architecture", RFC 4423, May 2006. -16.2. Informative References + [RFC5533] Bagnulo, M. and E. Nordmark, "Level 3 multihoming shim + protocol", RFC 5533, June 2009. + + [RFC5534] Arkko, J. and I. Beijnum, "Failure Detection and Locator + Pair Exploration Protocol for IPv6 Multihoming", RFC 5534, + June 2009. + +17.2. Informative References [I-D.ietf-hip-nat-traversal] Komu, M., Henderson, T., Tschofenig, H., Melen, J., and A. Keranen, "Basic HIP Extensions for Traversal of Network Address Translators", Internet - Draft draft-ietf-hip-nat-traversal-08, June 2009. + Draft draft-ietf-hip-nat-traversal-09, October 2009. [I-D.ietf-shim6-app-refer] Nordmark, E., "Shim6 Application Referral Issues", draft-ietf-shim6-app-refer-00 (work in progress), July 2005. - [I-D.ietf-shim6-hba] - Bagnulo, M., "Hash Based Addresses (HBA)", - draft-ietf-shim6-hba-05 (work in progress), December 2007. - [RFC2765] Nordmark, E., "Stateless IP/ICMP Translation Algorithm (SIIT)", RFC 2765, February 2000. [RFC3972] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005. [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. + [RFC5535] Bagnulo, M., "Hash Based Addresses (HBA)", RFC 5535, + June 2009. + Appendix A. Context Forking In this section, an issue concerning context forking and its relation to the multihoming shim API are discussed. SHIM6 supports a notion of context forking. A peer may decide to fork a context for certain reason (e.g. upper layer protocol prefers to use different locator pair than the one defined in available context). The procedure of forking context is done similar to the normal context establishment, performing the 4-way message exchange. @@ -1816,11 +1860,11 @@ Phone: +358 9 299 3286 Email: kristian.slavov@ericsson.com Shinta Sugimoto (editor) Nippon Ericsson K.K. Koraku Mori Building 1-4-14, Koraku, Bunkyo-ku Tokyo 112-0004 Japan Phone: +81 3 3830 2241 - Email: shinta.sugimoto@ericsson.com + Email: shinta@sfc.wide.ad.jp