[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Hipsec] Selection of LSI address block

To: "Robert Moskowitz" <rgm at htt-consult.com>, <miika.komu at hiit.fi>
Subject: Re: [Hipsec] Selection of LSI address block
From: "Henderson, Thomas R" <thomas.r.henderson at boeing.com>
Date: Thu, 20 Aug 2009 13:49:11 -0700
Cc: hipsec at ietf.org
Delivered-to: hipsec at core3.amsl.com
In-reply-to: <4A8D2557.4060705 at htt-consult.com>
List-archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-help: <mailto:hipsec-request@ietf.org?subject=help>
List-id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-post: <mailto:hipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
References: <4A8CF111.5010901 at hiit.fi> <4A8D2557.4060705 at htt-consult.com>
Thread-index: AcohgS95UaY1iJZhRnWDassD525O4wALimiQ
Thread-topic: [Hipsec] Selection of LSI address block

> -----Original Message-----
> From: Robert Moskowitz [mailto:rgm at htt-consult.com] 
> Sent: Thursday, August 20, 2009 3:29 AM
> To: miika.komu at hiit.fi
> Cc: hipsec at ietf.org
> Subject: Re: [Hipsec] Selection of LSI address block
> 
> Miika Komu wrote:
> > Ahrenholz, Jeffrey M wrote:
> >
> > Hi,
> >
> >>> We have discussed using 127.0.0.0 for LSIs, say 
> 127.100.0.0/16, but 
> >>> will that really work?
> >>
> >> in the OpenHIP software we have a macro IN_LOOP() to check 
> if an IPv4
> >> address is equal to (INADDR_LOOPBACK >> IN_CLASSA_NSHIFT), i.e. if 
> >> the top bits equal 127
> >> (see /usr/include/netinet/in.h on Linux)
> >>
> >> I wonder if other applications use similar techniques to check for
> >> loopback addresses? Using 127.100.0.0/16 would be 
> problematic in that
> >> case.
> >
> > many apps probably (?) just check 127.0.0.0/8 which could be a big 
> > problem for HIP. I would prefer getting a slot from 
> 1.0.0.0/x address 
> > space to avoid such problems. We have been experimenting with the 
> > 1.0.0.0/x address space without any problems. 
> 
> Then we need to make an official request from IANA.
> 
> 
> It should come from our chairs. But some text from our 
> developers as to 
> why 127 won't work MAY be of value.
> 

For use within the host only, I think it would be nice to get an
allocation for this type of usage, but I don't think it is strictly
required.  It seems to me that the main requirement for LSIs is to use a
range of 32-bit numbers that can be distinguished from destination IP
addresses reachable from the host, but that are not in the range of
special IP addresses (224/8, 127/8) that might be checked by
applications.  The other consideration is that some other overlay on the
host is not using those same numbers (i.e. they need to be locally
deconflicted).  Use of private address space or just squatting on some
other prefix like within 240/8 should also work and be permitted in the
specifications (i.e. should be a matter of local deployments). 

For use within a larger scope, such as a site, an address range in an
existing private address block might be the best choice.

If there is a request for special allocation, it might help to note that
the need is more general than HIP and that other overlays could use
this; i.e. maybe something like an "HID" (host identifier) prefix for
IPv4, of which HIP is one use case.

Tom

Follow-Ups:
- Re: [Hipsec] Selection of LSI address block
  - From: Miika Komu

References:
- Re: [Hipsec] Selection of LSI address block
  - From: Miika Komu
- Re: [Hipsec] Selection of LSI address block
  - From: Robert Moskowitz

Prev by Date: [Hipsec] The workgroup rechartering process
Next by Date: [Hipsec] draft-ietf-hip-native-api-09-pre
Previous by thread: Re: [Hipsec] Selection of LSI address block
Next by thread: Re: [Hipsec] Selection of LSI address block
Index(es):
- Date
- Thread