Multihoming with HIP by wuxiangyu


									  Multihoming with HIP

         IETF 57, Vienna

Pekka Nikander, Ericsson Research
           Presentation outline
•   What is Host Identity Protocol (HIP)?
•   How would it change multihoming situation?
•   Ideas for site-multihoming with legacy hosts
•   Current status of HIP development
•   Summary
   Introducing a new name space
 • A new Host Identity name space
    – flat, non-routable, secure name space
    – Host Identifier = self generated Public Key
 • Sockets are bound to Host Identifiers (HIs)
 • HIs dynamically bound to one or more IP addresses

Process          Socket               Process       Socket

End-point                             End-point     Host ID

Location         IP address           Location      IP address
        HIP vs. Current situation
• Hosts identified with Public Keys, not IP addresses
• Applications see the Host Identifier, not IP addresses
   – No changes needed to applications
• Hosts may easily have multiple IP addresses (v4/v6)
   – The kernel must select which one(s) to use
      • large freedom on when and where to make the choice
• When used with ESP, no growth in packet size
   – ESP SPI acts as a short hand for a <HI,HI> pair
• Makes end-host multi-homing and mobility trivial
   – Public Keys make security much easier as in e.g. MIPv6
• Bridges applications between IPv4 and IPv6
              Site multi-homing
              with legacy hosts
Legacy IP
      host          HIP proxy           HIP host

                  Current status
• Four interoperating HIP implementations
   – one IPv4 only, one IPv6 only, two both v4 and v6
   – two implement mobility, none multi-homing yet
       • mobility between v4 and v6 works!
   – Linux, FreeBSD, Python (user level)
• Base protocol close to Experimental
   – draft-moskowitz-hip-arch-03.txt
   – draft-moskowitz-hip-07.txt
• Work needed on mobility, multi-homing, NAT traversal
   – draft-nikander-hip-mm-00.txt
   – draft-nikander-hip-nat-XX.txt (to appear)
• A multi-address solution
• An end-to-end solution
  – Legacy site multi-homing possible with a proxy
• Solves only the naming aspect of multi6
  – No specific solutions for address selection / TE / ...
• Introduces a new, cryptographic name space
  – Sockets bound to HIs, not IP addresses
  – HIs dynamically bound to one or more IP addrs
• Four existing, interoperating implementations

To top