[hipl-users] Re: HIPL modifications renders IPv6 forwarding unstable?
- From: Miika Komu <miika@xxxxxx>
- To: "Peder Chr. Norgaard" <Peder.Chr.Norgaard@xxxxxxxxxxxx>
- Date: Thu, 9 Jun 2005 12:00:52 +0300 (EEST)
On Tue, 7 Jun 2005, Peder Chr. Norgaard wrote:
> On Mon, 6 Jun 2005, Miika Komu wrote:
>
> > On Mon, 6 Jun 2005, Peder Chr. Norgaard wrote:
> >
> > > =09It was therefore quite a disappointment to fire up the current
> > > version - patch number 72, based on 2.6.11 kernel. As a host it works
> > > reasonably well. But as a router it is a catastrophy, and as we are
> > > working mostly with Ad-Hoc network where all nodes are routers this is not
> > > so good.
> >
> > I am sorry to hear that.
>
> So am I - I have to do a presentation next week of end-to-end security
> solutions, and would have loved to demonstrate that HIP is easier to use
> than - say - an IKE based solution using racoon. I will still claim it,
> of course - but I cannot demonstrate it on a running system.
Our goal is to mature the implementation in a way or another.
> > > make sure that it has some routes (static routes are fine) and send
> > > traffic through. Very soon the ND caches on the interfaces start
> > > degrading and traffic stops. And you don't need to activate HIP for this
> > > - it happens even if the HIP module is not loaded, and the /etc/hip/hosts
> > > file is empty, and "hipconf add hi default" has not been invoked.
> >
> > If HIP module is not loaded, any of the HIP modifications should not be
> > effective.
>
> Well, "should not" is not the same as "are not". My guess is that some of
> the hooks you have placed in the code - the modifications protected by
> CONFIG_HIP or CONFIG_HIP_MODULE of which there are quite a number - have
> unintended side effects.
I have filed a bug report based on your comments:
http://hipl.hiit.fi/bugzilla/show_bug.cgi?id=70
Mika gave a comment about a potential bug fix. Maybe it works for you.
Currently, we are scheduled to complete the BEET patch by the end of this
month, so we don't any extra time until then.
> Actually, I have a bit more information for you that I forgot in the first
> mailing. First, I have only seen the problem on "real" nodes - I work
> mostly with user-mode-linux nodes, and I have never seen the problem in
> the user-mode-linux version - the HIPL user-mode-linux works just fine as
> a router. This is the main reason that I have not discovered this earlier.
We have been usually working with virtual nodes that do not even act as
routers, so have not checked out the interaction with routing.
> Second, I reported that IPv6 forwarding degrades in a kernel configured
> and compiled for HIP but not activated for HIP. I should have added that
> when HIP is activated, I have observed that forwarding stops completely.
> This is not something I have spent a long time investigating, however - I
> think I have only observed it once or twice.
Ok. Try out the fix suggested by Mika?
> > > =09Sorry to have to report this; the HIPL project is very exiting but
> > > I think that you might wish to increase your QA somehow.
> >
> > We are in the middle of discussion on how we should continue to provide
> > QA in the future.
>
> Sounds like a winner. Perhaps you could borrow some of the tools that the
> USAGI guys use? For the result of your project to gain broad acceptance
> it is truly important that the modifications do not degrade existing
> features or performance.
Seems like a good idea. So far, we have been mainly concerned on making
only HIP to work and we have not spend time to see what it may break.
Thanks for your feedback.
--
Miika Komu miika@xxxxxx http://www.iki.fi/miika/
Other related posts:
