Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01
Behcet Sarikaya <behcetsarikaya@yahoo.com> Wed, 17 June 2009 19:39 UTC
Return-Path: <behcetsarikaya@yahoo.com>
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3949F28C2E5 for <dime@core3.amsl.com>; Wed, 17 Jun 2009 12:39:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[AWL=-0.647, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idvVbLI2wJSK for <dime@core3.amsl.com>; Wed, 17 Jun 2009 12:39:05 -0700 (PDT)
Received: from n64.bullet.mail.sp1.yahoo.com (n64.bullet.mail.sp1.yahoo.com [98.136.44.189]) by core3.amsl.com (Postfix) with SMTP id 74D123A6A2B for <dime@ietf.org>; Wed, 17 Jun 2009 12:38:50 -0700 (PDT)
Received: from [69.147.84.144] by n64.bullet.mail.sp1.yahoo.com with NNFMP; 17 Jun 2009 19:39:00 -0000
Received: from [67.195.9.82] by t6.bullet.mail.sp1.yahoo.com with NNFMP; 17 Jun 2009 19:39:00 -0000
Received: from [67.195.9.99] by t2.bullet.mail.gq1.yahoo.com with NNFMP; 17 Jun 2009 19:39:00 -0000
Received: from [127.0.0.1] by omp103.mail.gq1.yahoo.com with NNFMP; 17 Jun 2009 19:36:12 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 795609.9455.bm@omp103.mail.gq1.yahoo.com
Received: (qmail 70681 invoked by uid 60001); 17 Jun 2009 19:39:00 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1245267540; bh=xcsac6OfOc2sito/n4yNggBdLXzq7E9rrDZHjsT5HtA=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=daYGJBznm8rFMUACEJjbjiSs1VbtzvmSzp+gNcdQsvbWF1ZHd6L39DZ5bugj9CagS0tn8nzRz4GY7phTWYsJyunUw3mw62uObpWooGZMiIXUnpII+Ry4g8YnuN8592Ur5SjbCsWYSx45HRsTnPFf38lkSBx3z8DquBJM9IbXdg0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=vdY5vGQhvRc1cnvNhPIRuYXTW26WJaYD1owr6OiNoL/i6CowtsC7CUmJyD2T1O83kqTrzPKM06iT6uOnpH/OuyXYXUcnyU/PgvjUqSODuA/XrgYYjJ30ce+qsY51pvFhpiYwsHIWAm6e/BUPA6Ce/6Re0eVKRhugaz+gFDMJ8X8=;
Message-ID: <505836.70599.qm@web111413.mail.gq1.yahoo.com>
X-YMail-OSG: JJymww4VM1nRbbfcvY9.MNf7uNPKjzQfwfrX84Ce5FC7QT9GfRcLV6cIMgGCnNuUrDu4RTbJvZpFVIbQPiv.jq6dVHV4hxg_vziMfQb_rHdJuoUQVVJiCp5S..U8ZA1joaEQAXVBdDCTcp4pqE8ayvoUsYgMNLO7u4ZuPfxIs8XRo2LwiP9ZOZfLqnTRiQk7ZTU3BVK0etU6mT68XEb0wYDVwdvi7x1iCsHrFVp1131J2uBAoH.WedlTnLM0EHCuyAKFsLU0_EKb8MLNDGW8ipHeZqvdknlNv5XSrub4jvousYWGho4VbfHB1CFI4jAdkbZsXKSch3ELdB039TyCbpI-
Received: from [206.16.17.212] by web111413.mail.gq1.yahoo.com via HTTP; Wed, 17 Jun 2009 12:39:00 PDT
X-Mailer: YahooMailRC/1277.43 YahooMailWebService/0.7.289.15
References: <20090610092653.601A33A6E07@core3.amsl.com> <1CE00542-32BF-4344-884C-CCDC763FA853@gmail.com> <f1f4dcdc0906101449m6e72475s82ac408f9af15505@mail.gmail.com> <2FA145BF-2534-4A2A-A878-C50A6B3C0087@gmail.com> <f1f4dcdc0906151732l54a30412ubcbd6c4b883e74b5@mail.gmail.com> <5CC059D9-6113-49A3-9748-9F4562A248CC@gmail.com>
Date: Wed, 17 Jun 2009 12:39:00 -0700
From: Behcet Sarikaya <behcetsarikaya@yahoo.com>
To: jouni korhonen <jouni.nospam@gmail.com>, Vijay Devarapalli <dvijay@gmail.com>
In-Reply-To: <5CC059D9-6113-49A3-9748-9F4562A248CC@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dime@ietf.org
Subject: Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Behcet Sarikaya <sarikaya@ieee.org>
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2009 19:39:06 -0000
Hi Jouni, I have no comment on your points below except this one: Well.. feature in a sense that you have both functionalities in the same box anyway. Stretching my memory on the requirements, this came from the cases where an I-WLAN PDG and a HA were to be bundled together. I don't think ePDG and HA can be bundled together in 3GPP architecture. HA is at the PDN Gateway an entity above PDG. Regards, Behcet ----- Original Message ---- From: jouni korhonen <jouni.nospam@gmail.com> To: Vijay Devarapalli <dvijay@gmail.com> Cc: dime@ietf.org Sent: Tuesday, June 16, 2009 5:27:44 AM Subject: Re: [Dime] Fwd: New Version Notification for draft-korhonen-dime-mip6-feature-bits-01 Hi Vijay, On Jun 16, 2009, at 3:32 AM, Vijay Devarapalli wrote: > Hi Jouni, > > On Wed, Jun 10, 2009 at 11:03 PM, jouni korhonen<jouni.nospam@gmail.com> wrote: >> Hi Vijay, >> >> >> On Jun 11, 2009, at 12:49 AM, Vijay Devarapalli wrote: >> >>> Hi Jouni, >>> >>> I have a comment on the "VPN Gateway feature". There is no document >>> that describes what it means for a Mobile IPv6 home agent to act as a >>> VPN gateway. The IKEv2 exchange between the MN and the HA [RFC 4877 >>> and 5026] already supports mutual authentication, address assignment >>> and setting up of tunnel mode ESP SAs. Are you referring to this as >>> VPN mode? But isn't this regular Home agent functionality? >> >> The "VPN mode" is when you use HA IKEv2/IPsec functionality purely for >> conventional VPN remote access purposes without any mobility. > > Again, what does this mean? When you run IKEv2 as described in RFC > 4877 and 5026, you are creating tunnel mode security associations for > a *Mobile IPv6 tunnel*. In the "VPN" mode, does the mobile node switch > of the Mobile IPv6 stack? VPN mode is plain RFC4306 + 4303 etc. You end up implementing that machinery there in any case, so why not allow using a HA as a VPN gateway as well. In this case, there is no mobility involved. > > Or does the Home Agent behave an IPsec VPN gateway for pure IPsec > clients, i.e., there is no Mobile IPv6 stack on these clients. Yes. > > >> That type of >> deployment is shortly referenced in draft-ietf-dime-mip6-split Section 4.1. >> I recall this functionality was originally requested by Gerardo.. > > It doesn't make sense to me. :) This looks more like co-locating a > Mbile IPv6 home agent and an IPsec VPN gateway and supporting both > Mobile IPv6 mobile nodes and plain IPsec clients at the same time. Yes, it is about co-location. To me it makes sense as much as IKEv2+IPsec with MIP6 ;) > > > There has to be more to this scenario than just the short paragraph in > draft-ietf-dime-mip6-split. Yes, agree. > > >>> Or is there a separate IPsec VPN that is first setup and then Mobile >>> IPv6 is run on top of the IPsec tunnels? >> >> As shortly described in split document: >> >> In some deployment scenarios, the HA may also act as an IKEv2 >> Responder for a conventional IPsec VPN access. The challenge in this >> case is that the IKEv2 responder may not know if IKEv2 is used for >> Mobile IPv6 service or for IPsec VPN access service. A network >> operator needs to be aware of this limitation. One solution already >> supported by IKEv2 is to use different responder identities when >> operating as a conventional IPsec VPN gateway or as a HA. The MN can >> then indicate the preferred responder type using the appropriate IDr >> payload in the IKE_AUTH message. >> >> But yeah, now that feature bits are taken into a separate document, the >> connection between the above and the new feature bit is rather weak. Either >> we need more text and/or reference in the draft-korhonen-dime-feature-bits >> or just remove the bit all together. Since the difference between >> conventional IKEv2 IPsec VPN gateway part and HA's IKEv2 IPsec functionality >> is rather small, I would keep the feature bit and enhance the text instead. > > It is not "rather small" in my opinion. I don't understand how > supporting plain IPsec clients can be a feature on a Mobile IPv6 home > agent. :) Well.. feature in a sense that you have both functionalities in the same box anyway. Stretching my memory on the requirements, this came from the cases where an I-WLAN PDG and a HA were to be bundled together. Jouni > > > Vijay > >> >> Jouni >> >> >>> >>> >>> Vijay >>> >>> On Wed, Jun 10, 2009 at 2:55 AM, jouni korhonen<jouni.nospam@gmail.com> >>> wrote: >>>> >>>> Hi all, >>>> >>>> I have updated the additional feature bits draft. I did remove some stuff >>>> so >>>> that the draft now only reserves MIP6-Feature-Vector flag bits and >>>> nothing >>>> more. I'll forward the draft soon to RFC editor so if anyone has >>>> comments, >>>> please be quick :) >>>> >>>> Cheers, >>>> Jouni >>>> >>>> Begin forwarded message: >>>> >>>>> From: IETF I-D Submission Tool <idsubmission@ietf.org> >>>>> Date: June 10, 2009 12:26:53 PM GMT+03:00 >>>>> To: jouni.nospam@gmail.com >>>>> Subject: New Version Notification for >>>>> draft-korhonen-dime-mip6-feature-bits-01 >>>>> >>>>> >>>>> A new version of I-D, draft-korhonen-dime-mip6-feature-bits-01.txt has >>>>> been successfuly submitted by Jouni Korhonen and posted to the IETF >>>>> repository. >>>>> >>>>> Filename: draft-korhonen-dime-mip6-feature-bits >>>>> Revision: 01 >>>>> Title: Diameter MIP6 Feature Vector Additional Bit Allocations >>>>> Creation_date: 2009-06-10 >>>>> WG ID: Independent Submission >>>>> Number_of_pages: 5 >>>>> >>>>> Abstract: >>>>> During the Mobile IPv6 Split Scenario bootstrapping the Mobile IPv6 >>>>> Home Agent and the Authentication, Authorization, and Accounting >>>>> server may exchange a set of authorized mobility capabilities. This >>>>> document defines new mobility capability flags that are used to >>>>> authorize per Mobile Node route optimization, Multiple Care-of >>>>> Address and user plane traffic encryption support. Furthermore, this >>>>> document also defines a capability flag of indicating whether the >>>>> Home Agent is authorized to act as a stand alone Virtual Private >>>>> Network gateway. >>>>> >>>>> >>>>> >>>>> The IETF Secretariat. >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> DiME mailing list >>>> DiME@ietf.org >>>> https://www.ietf.org/mailman/listinfo/dime >>>> >> >> _______________________________________________ DiME mailing list DiME@ietf.org https://www.ietf.org/mailman/listinfo/dime
- [Dime] Fwd: New Version Notification for draft-ko… jouni korhonen
- Re: [Dime] Fwd: New Version Notification fordraft… Qin Wu
- Re: [Dime] Fwd: New Version Notification fordraft… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Vijay Devarapalli
- Re: [Dime] Fwd: New Version Notification for draf… Vijay Devarapalli
- Re: [Dime] Fwd: New Version Notification fordraft… Qin Wu
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Vijay Devarapalli
- Re: [Dime] Fwd: New Version Notification for draf… Vijay Devarapalli
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Behcet Sarikaya
- Re: [Dime] Fwd: New Version Notification for draf… jouni
- Re: [Dime] Fwd: New Version Notification fordraft… Jinwei Xia
- Re: [Dime] Fwd: New Version Notification fordraft… Jinwei Xia
- Re: [Dime] Fwd: New Version Notification fordraft… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Behcet Sarikaya
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Julien Bournelle
- Re: [Dime] Fwd: New Version Notification for draf… jouni korhonen
- Re: [Dime] Fwd: New Version Notification for draf… Julien Bournelle
- Re: [Dime] Fwd: New Version Notification for draf… Behcet Sarikaya
- Re: [Dime] Fwd: New Version Notification for draf… jouni
- Re: [Dime] Fwd: New Version Notification for draf… Julien Bournelle