Upload
kathleen-anne-barnett
View
215
Download
1
Embed Size (px)
Citation preview
1HIP research group
HIP-RG meeting, IETF 61
November 12, 2004
Tom Henderson{[email protected]}
Pekka Nikander{[email protected]}
2HIP research group
Agenda• 5 min Agenda bashing • 5 min RG status update• 20 min Report from HIP and Related Architectures workshop • 15 min HIP Experiment Report
- draft-irtf-hip-experiment-00.txt
• 10 min New types of locators• 15 min HIP Resolution and Rendezvous Problem Description
- draft-eggert-hiprg-rr-prob-desc-00.txt
• 15 min NAT and Firewall Traversal for HIP - draft-tschofenig-hiprg-hip-natfw-traversal-00.txt
• 15 min Exchanging Host Identities in SIP - draft-tschofenig-hiprg-host-identities-00.txt
- 30 min Open mike discussion on HIP deployment or other topics
3HIP research group
RG status update
• Mailing list: – http://honor.trusecure.com/mailman/listinfo/hipsec-rg
• Supplemental web page:– http://hiprg.piuha.net/
• Charter– Evaluate benefit/impact of deploying HIP– Prepare report to IESG
• Modus operandi: Gain experience on HIP deployment– Experiment with software– Analyze HIP in context of real networks
4HIP research group
RG drafts
Several have asked whether we can have RG documents?
• We are chartered for at least one such document– HIP Experiment Report
• We can add more based on RG consensus
• Note: IRTF presently considering review and approval procedures for having a RG documents track
5HIP research group
Report on HIP Workshop
6HIP research group
Logistics
• Held on November 6• By invitation only, based on white paper
submittal and other considerations• 20 attendees
– author from each submitted white paper– academic researchers from other projects (i3,
NewArch, Delegation-Oriented Architecture, NIMROD)
– RG chairs from Routing RG and DTN RG– IETF HIP, SIP, NSIS, MobIKE representation
7HIP research group
1. Applying and deploying an ID/locator split– changing and managing applications and hosts– dealing with legacy infrastructure and middleboxes– introducing new infrastructure
2. Overlays, rendezvous, middleboxes, and delegation– advanced middleboxes and firewalls– advanced resolution and indirection
3. General architectural directions– late binding– encouragement of middleboxes in architecture– approaches (FARA, HIP, i3, NIMROD, multi6, etc.)
Sessions
8HIP research group
Session 1: Deployment
• Assume that users and networks want to deploy ID/locator separation
• How to “cross the chasm” between architecture and reality (Early Adopters)?
Architecturesand specs
Deployed systemsand workableinfrastructure
9HIP research group
Session 1 organization
1. Host: Implementing and managing an ID/locator split– host and application concerns
2. Network: Making it work in today’s networks– firewalls– middleboxes (existing NATs)– (resolution) infrastructure
3. Incentives: Application/user incentives for deployment– what are the killer apps?
10HIP research group
Session 1: Conclusions
• Managing HIP is not a trivial task– HIP makes explicit some design choices that
were implicit
• We have probably not paid enough attention to middlebox traversal– a key deployment concern
• No killer applications identified– Road Warrior and SIP explored– a framework for middlebox traversal?– or is HIP still a solution in search of a problem?
HIP research group
Session 2: advanced infrastructure
•Maybe just one protocol (like in i3)•Maybe separated protocols (like HIP and ESP)•Maybe additional protocols–Registration, middle box internal, …
12HIP research group
Session 2: Open questions
• Rendezvous: overlay routing or name resolution?
• Bootstrap: how to find an infrastructure node?
• Layer 3.5 routing:– How much state in packet vs middle boxes?– How is the middle box state managed?– Effects of asymmetric routing?
• What are the limiting and decisive factors?
13HIP research group
Session 2: Open questions (2)
• Address hiding and DDoS protection• Combination of different types of middle
boxes?• Operations and management issues?
– Debugging the system
• Dangers of having any centralization– Aim for decentralised infrastructure?
• How to manage free riding?
14HIP research group
Session 3: Architecture
• Discussion on other identifier types– Identity-Based Cryptography (Boneh-Franklin)– flat identifiers (i3)
• Discussion of “what is HIP?”– A lot of functionality/features being
overloaded into HIP– e.g. mobility management
• Other architectural comments– late-binding of locators to identity
15HIP research group
Summary of workshop
• General value seen for HIP as “lowest location-independent identity in the stack”– are specific benefits enough to warrant
deployment?
• Recognize that HIP includes:A: public key to identifier binding (inherent)B: identifier binding to locators– Consider whether these can be separated, and
different choices for A– Consider more carefully what is the “core HIP”
16HIP research group
Summary of workshop (2)
• How to coherently incorporate middle boxes?– Enumeration of what are the options– Discussion on legacy middle boxes and NATs
• Killer apps? – NAT, FW, IPv4/v6 transition– or are there none?
• Making configuration and management user-friendly is a hard problem
17HIP research group
Experiment Report
18HIP research group
Experiment report
draft-irtf-hip-experiment-00.txt
• Intended to capture consensus for the IESG:– What are benefits and consequences of
deploying HIP, or other ID/locator split?– What modifications to HIP are recommended?
• Contributions needed from early adopters and implementors
19HIP research group
Current skeleton outline
1. Scope2. HIP Architectural Overview3. HIP Architectural/Deployment Impact
– on hosts (stack, APIs, management)– on infrastructure (DNS, firewall/NAT, advanced
overlays)
4. HIP Experience– management, NAT traversal, scaling, deploying
infrastructure, impact on applications, implementation experience, ...
20HIP research group
Presentation of RG draft submissions
21HIP research group
Software status
22HIP research group
Software status
• Three current, public implementations of HIP available:– HIPL (HIP for Linux) (Helsinki HIIT)– FreeBSD HIP (Ericsson NomadicLab) – User-space Linux-based daemon (Boeing)
• Max OS X and Windows XP under development• Boeing HIP testing server:
– http://hipserver.mct.phantomworks.org
• HIP infrastructure on PlanetLab (HIIT)– hi3 and OpenDHT integration
23HIP research group
Software plans
When can you start using HIP?• For bleeding edge types-- now• For early adopters (clean install, more
user-friendly management)– maybe 6 months
• we would like feedback on HIP usability and management (of current implementations)
24HIP research group
Questions to RG
• Do you favor continuing to meet on Friday afternoon of IETF?
• How many people intend to experiment with HIP once software is more available?
25HIP research group
Open mike