Chapter 7. Testing a HIP connection between two locally connected hosts

Table of Contents

Testing a HIP connection with an IPv4-only application
Testing a HIP connection with an IPv6 application
IPv4 and IPv6 interoperability

We will show in this section how to connect two hosts using HIP. We assume two machines called crash and oops that are in the same network. Crash is the one that starts a communication against oops.

Both machines are used through this whole document as examples even though you probably have your own naming and addressing conventions. It is possible to use IPv4 addresses as well as IPv6 addresses on-wire.

We will show how to test IPv4 and IPv6 applications. Meanwhile IPv6 applications use the HIT identifier, IPv4-only applications use the LSI identifier. This is an IPv4 address in the range 1.0.0.0/8. Firstly, we explain how to configure HIPL when we want to use IPv4 applications. Secondly, we introduce some tests with IPv6 applications. To finalize, we discuss the interoperability between IPv4 and IPv6 applications using HIP.

Testing a HIP connection with an IPv4-only application

Initial configuration. 

We have different mechanism for mapping the HIT-LSI information. We can choose whatever of the next possibilities. The user can introduce manually the LSI or this can be created automatically by the hip daemon. It should be noticed that the address interval between 1.0.0.1 - 1.0.0.4 is already in use by the hipd, so the user must choose a free LSI. These four LSIs are the local LSIs assigned with the four local HITs.

crash:

  • Add the information in /etc/hip/hosts

    • OOPS_HIT oops

    • OOPS_LSI oops Optional! If it's not defined, it would be created by the daemon

  • Add the information with tools/hipconf add map

    • hipconf add map OOPS_HIT OOPS_IP [OOPS_LSI]

If the command hipconf add map is not executed, we must add the peer IP in the file /etc/hosts

  • OOPS_IP oops

Apart from starting the hipd process, the hipfw process must be also started in both machines, oops and crash. Notice that hipfw must be started always after hipd!

  • cd somewhere/hipl

  • hipd/hipd # (to start as a background daemon process, add -b flag)

  • firewall/hipfw -l (to start the firewall with LSI support enabled)

Beforehand the following rules must be added in the file /etc/hip/firewall.conf

crash:

  • INPUT -src_hit OOPS_HIT ACCEPT

  • OUTPUT -dst_hit OOPS_HIT ACCEPT

oops:

  • INPUT -dst_hit OOPS_HIT ACCEPT

  • OUTPUT -src_hit OOPS_HIT ACCEPT

Running the application. 

Once we have finished the step before and started running hipd and hipfw, we can run the application. If the LSI has been generated automatically, we can check its value with tools/hipconf get ha OOPS_HIT or tools/hipconf get ha all. Afterwards, we start running the application, e.g.:

  • ping OOPS_LSI

  • ssh OOPS_LSI

  • nc OOPS_LSI -u 5555 # oops must be running nc -l -u -p 5555