As of 17th July 2008, the HIP relay mechanisms is under implementation. Therefore, the forwarding mechanisms presented herein do not work. Only the relay service registration works.
Abstract
In this section, we show how to use the relay server to establish a HIP connection between two HIP hosts using the "conntest-server" connection test server and the "conntest-client-hip" connection test client.
Before you test the relay mechanisms, you should have run the base exchange once without the relay server to get familiar how the "/etc/hosts" and "/etc/hip/hosts" files are configured. Please see Chapter 9, Testing a HIP connection between two locally connected hosts for information on how to run a base exchange without the relay server. Also, before you can test the relay mechanism, the configuration file must be edited appropriately, see the section called “The RVS and HIP Relay Configuration File” for more information.
The HIP relay server is intended to be a foolproof method to contact the responder. When the responder has registered to the HIP relay, the responder can be contacted regardless of the network address translators en route between the initiator and the responder. The HIP relay server provides a stable IP address for the responder and forwards all HIP control packets to the current location of the responder.
The idea is that R wants to be reachable on Host Identity Protocol but R is located behind a NAT device that performs address dependent mapping. The only way to reach R, is to relay all HIP control traffic via a HIP relay. How R finds out that it is behind a NAT device that performs address dependent mapping is irrelevant in this context and is therefore beyond scope.
In this section, we show how to use the HIP relay server to establish a HIP connection between two HIP hosts using the "test/conntest-server" connection test server and the "test/conntest-client-hip" connection test client.
Base exchange via the relay server
First, the "/etc/hosts" and "/etc/hip/hosts" files are configured. Please notice that you can leave all non-HIP-related values in "/etc/hosts" intact. The configuration of these files is identical with the RVS test case, thus if you have already tested the RVS and you are using the same HIP hosts to test the HIP relay, you don't have to edit these files at all but can start testing the connection establishment right away. If you haven't tested the RVS mechanism, and thus need to configure the files to test the relay mechanism, please see RVS configuration for instructions.
You are now ready to test the actual connection establishment. You will need two shells open on each host, one for the HIP daemon and other for the hipconf tool:
Start HIP daemon at each host:
hipd/hipd
At the relay server, we have to indicate that we are willing to offer relay service:
tools/hipconf add service relay
At the responder, we have to register to the relay server:
tools/hipconf add server relay <RELAY-HIT> <RELAY-IP> <LIFETIME-IN-SECONDS>
This will launch a base exchange i.e. establish a HIP SA between the relay server and the responder. Please use the default HIT of the relay server ("tools/hipconf get hi default" at the relay server). The <LIFETIME-IN-SECONDS> value represents the number of seconds we would like our service registration to last, but it is not necessarily the number of seconds we are granted the service.
At the responder, start a server listening for incoming connections (5000 is an example port number):
test/conntest-server tcp 5000
At the initiator, start a connection test client:
test/conntest-client-hip <RESPONDER-HOSTNAME> tcp 5000
At the initiator, type some text and press CTRL + d. If everything works as it should, the typed text should now be echoed at the responder.
Server side commands i.e. commands run on the relay server.
To cancel the relay service (without killing the HIP daemon) type:
tools/hipconf del service relay
This will delete all existing relay server registrations and remove the relay service from the offered services.
To reinitialize the relay service after modifications to the configuration file (without killing the HIP daemon) type:
tools/hipconf reinit service relay
The changes that you have made to the configuration file affect the clients registering after the reinitialization.
Client side commands i.e. commands run on the responder (relay server client).
To cancel the registration to the relay service type:
tools/hipconf del server relay <RELAY-HIT> <RELAY-IP>
This will send a HIP message asking for relay service cancellation to the relay server.
The relay service implementation is based on version 04 of the Internet Draft: Basic HIP Extensions for Traversal of Network Address Translators and RFC 5203: Host Identity Protocol (HIP) Registration Extension.
At the time of writing this section, the UPDATE packet implementation of HIPL was under heavy renovation. Therefore the relay extension does not have UPDATE packet support. Effectively this means that the current relay service implementation uses base exchange packets to signal any changes in the service status.
For example, when you register to the relay service and then cancel the service, the HIP daemon will launch a base exchange for both the service registration and the service cancellation. According to RFC 5203 the service cancellation should use UPDATE packets since there already is a HIP connection between the client and the server.
The responder does not yet store the granted service lifetime anywhere.
17th of July 2008