IETF Logo Mail Archive

Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01

jouni korhonen <jouni.nospam@gmail.com> Thu, 11 June 2009 06:03 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 372AD3A6899 for <dime@core3.amsl.com>; Wed, 10 Jun 2009 23:03:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MvGP2PbidyMo for <dime@core3.amsl.com>; Wed, 10 Jun 2009 23:03:43 -0700 (PDT)
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com [209.85.220.213]) by core3.amsl.com (Postfix) with ESMTP id DA6E83A67A7 for <dime@ietf.org>; Wed, 10 Jun 2009 23:03:42 -0700 (PDT)
Received: by fxm9 with SMTP id 9so1287026fxm.37 for <dime@ietf.org>; Wed, 10 Jun 2009 23:03:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=W0YFPpLPKeRu6Cu4FNteIJSuNmSm6upPYalY4QOHHFE=; b=L9z33Eg0Q0S0qV1lsI/IW7sFpPHoKUskltERszZFdnnl+3h5emeZodaNJEWb+/ZmRd nIBfGOsFuKAdeKqBF10Zs7MXiHb04BtIIgSith/HqQ29UfFN0rFkSTAnVhpELJLLsaZI zEYoiIIa42PNcu2YImeb3vwC/seh9PgHfbpoE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=QuhjxO4+ImpRP1ufm9qh8cfCkeOC5tSd5Mmb+hdzOJ7ctWQm/Ot3X6mt27EnrMW3rr QY2iZnxroTi96gW4VFxIGxTtoULau/JHmui2PU7/AxlvK0I0G+XNP9ZYvMFF1BtdhF/7 wHRV+uNCxyyMCJCnnHKfYIqclewK5Ipp1YPzY=
Received: by 10.204.117.16 with SMTP id o16mr2097316bkq.100.1244700226666; Wed, 10 Jun 2009 23:03:46 -0700 (PDT)
Received: from a88-114-166-189.elisa-laajakaista.fi (a88-114-166-189.elisa-laajakaista.fi [88.114.166.189]) by mx.google.com with ESMTPS id 28sm8412200fkx.54.2009.06.10.23.03.45 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 10 Jun 2009 23:03:46 -0700 (PDT)
Message-Id: <2FA145BF-2534-4A2A-A878-C50A6B3C0087@gmail.com>
From: jouni korhonen <jouni.nospam@gmail.com>
To: Vijay Devarapalli <dvijay@gmail.com>
In-Reply-To: <f1f4dcdc0906101449m6e72475s82ac408f9af15505@mail.gmail.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 11 Jun 2009 09:03:45 +0300
References: <20090610092653.601A33A6E07@core3.amsl.com> <1CE00542-32BF-4344-884C-CCDC763FA853@gmail.com> <f1f4dcdc0906101449m6e72475s82ac408f9af15505@mail.gmail.com>
X-Mailer: Apple Mail (2.935.3)
Cc: dime@ietf.org
Subject: Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jun 2009 06:03:44 -0000

Hi Vijay,


On Jun 11, 2009, at 12:49 AM, Vijay Devarapalli wrote:

> Hi Jouni,
>
> I have a comment on the "VPN Gateway feature". There is no document
> that describes what it means for a Mobile IPv6 home agent to act as a
> VPN gateway. The IKEv2 exchange between the MN and the HA [RFC 4877
> and 5026] already supports mutual authentication, address assignment
> and setting up of tunnel mode ESP SAs. Are you referring to this as
> VPN mode? But isn't this regular Home agent functionality?

The "VPN mode" is when you use HA IKEv2/IPsec functionality purely for  
conventional VPN remote access purposes without any mobility. That  
type of deployment is shortly referenced in draft-ietf-dime-mip6-split  
Section 4.1. I recall this functionality was originally requested by  
Gerardo.

>
>
> Or is there a separate IPsec VPN that is first setup and then Mobile
> IPv6 is run on top of the IPsec tunnels?

As shortly described in split document:

    In some deployment scenarios, the HA may also act as an IKEv2
    Responder for a conventional IPsec VPN access.  The challenge in  
this
    case is that the IKEv2 responder may not know if IKEv2 is used for
    Mobile IPv6 service or for IPsec VPN access service.  A network
    operator needs to be aware of this limitation.  One solution already
    supported by IKEv2 is to use different responder identities when
    operating as a conventional IPsec VPN gateway or as a HA.  The MN  
can
    then indicate the preferred responder type using the appropriate IDr
    payload in the IKE_AUTH message.

But yeah, now that feature bits are taken into a separate document,  
the connection between the above and the new feature bit is rather  
weak. Either we need more text and/or reference in the draft-korhonen- 
dime-feature-bits or just remove the bit all together. Since the  
difference between conventional IKEv2 IPsec VPN gateway part and HA's  
IKEv2 IPsec functionality is rather small, I would keep the feature  
bit and enhance the text instead.

Jouni


>
>
> Vijay
>
> On Wed, Jun 10, 2009 at 2:55 AM, jouni  
> korhonen<jouni.nospam@gmail.com> wrote:
>> Hi all,
>>
>> I have updated the additional feature bits draft. I did remove some  
>> stuff so
>> that the draft now only reserves MIP6-Feature-Vector flag bits and  
>> nothing
>> more. I'll forward the draft soon to RFC editor so if anyone has  
>> comments,
>> please be quick :)
>>
>> Cheers,
>>        Jouni
>>
>> Begin forwarded message:
>>
>>> From: IETF I-D Submission Tool <idsubmission@ietf.org>
>>> Date: June 10, 2009 12:26:53 PM GMT+03:00
>>> To: jouni.nospam@gmail.com
>>> Subject: New Version Notification for
>>>  draft-korhonen-dime-mip6-feature-bits-01
>>>
>>>
>>> A new version of I-D, draft-korhonen-dime-mip6-feature-bits-01.txt  
>>> has
>>> been successfuly submitted by Jouni Korhonen and posted to the IETF
>>> repository.
>>>
>>> Filename:        draft-korhonen-dime-mip6-feature-bits
>>> Revision:        01
>>> Title:           Diameter MIP6 Feature Vector Additional Bit  
>>> Allocations
>>> Creation_date:   2009-06-10
>>> WG ID:           Independent Submission
>>> Number_of_pages: 5
>>>
>>> Abstract:
>>> During the Mobile IPv6 Split Scenario bootstrapping the Mobile IPv6
>>> Home Agent and the Authentication, Authorization, and Accounting
>>> server may exchange a set of authorized mobility capabilities.  This
>>> document defines new mobility capability flags that are used to
>>> authorize per Mobile Node route optimization, Multiple Care-of
>>> Address and user plane traffic encryption support.  Furthermore,  
>>> this
>>> document also defines a capability flag of indicating whether the
>>> Home Agent is authorized to act as a stand alone Virtual Private
>>> Network gateway.
>>>
>>>
>>>
>>> The IETF Secretariat.
>>>
>>>
>>
>> _______________________________________________
>> DiME mailing list
>> DiME@ietf.org
>> https://www.ietf.org/mailman/listinfo/dime
>>

v2.23.0 | Report a Bug | By Email