Re: [Dime] Review of draft-korhonen-dime-pmip6-03.txt
<jouni.korhonen@teliasonera.com> Thu, 14 August 2008 05:24 UTC
Return-Path: <dime-bounces@ietf.org>
X-Original-To: dime-archive@megatron.ietf.org
Delivered-To: ietfarch-dime-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 981A63A68B9; Wed, 13 Aug 2008 22:24:16 -0700 (PDT)
X-Original-To: dime@core3.amsl.com
Delivered-To: dime@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8133B3A67F3 for <dime@core3.amsl.com>; Wed, 13 Aug 2008 22:24:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.66
X-Spam-Level:
X-Spam-Status: No, score=-3.66 tagged_above=-999 required=5 tests=[AWL=2.589, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ce--9DqH3MOc for <dime@core3.amsl.com>; Wed, 13 Aug 2008 22:24:14 -0700 (PDT)
Received: from sehan001bb.han.telia.se (sehan001bb.han.telia.se [131.115.18.152]) by core3.amsl.com (Postfix) with ESMTP id 112E73A68B9 for <dime@ietf.org>; Wed, 13 Aug 2008 22:24:13 -0700 (PDT)
Received: from SEHAN021MB.tcad.telia.se ([131.115.18.160]) by sehan001bb.han.telia.se with Microsoft SMTPSVC(6.0.3790.1830); Thu, 14 Aug 2008 07:24:10 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 14 Aug 2008 07:24:10 +0200
Message-ID: <59D7431DE2527D4CB0F1EFEDA5683ED302C7D631@SEHAN021MB.tcad.telia.se>
In-Reply-To: <489F4445.3000304@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Dime] Review of draft-korhonen-dime-pmip6-03.txt
Thread-Index: Acj7IP9RrubrBCAOQfSHg5hCrcwVKQCRPo7g
References: <129C432B-7E81-45F2-9AEA-60631858073A@iki.fi> <3E2C3D74-A80F-46FF-9BB8-042B2CF6F1D1@iki.fi> <59D7431DE2527D4CB0F1EFEDA5683ED302C7D5C4@SEHAN021MB.tcad.telia.se> <489F4445.3000304@gmx.net>
From: jouni.korhonen@teliasonera.com
To: Hannes.Tschofenig@gmx.net
X-OriginalArrivalTime: 14 Aug 2008 05:24:10.0650 (UTC) FILETIME=[FB4FE7A0:01C8FDCD]
Cc: dime@ietf.org
Subject: Re: [Dime] Review of draft-korhonen-dime-pmip6-03.txt
X-BeenThere: dime@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dime>
List-Post: <mailto:dime@ietf.org>
List-Help: <mailto:dime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dime-bounces@ietf.org
Errors-To: dime-bounces@ietf.org
Hi Hannes, Further replies inline. I cut those parts away we already resolved. > -----Original Message----- > From: Hannes Tschofenig [mailto:Hannes.Tschofenig@gmx.net] > Sent: 10. elokuuta 2008 22:41 > To: Korhonen, Jouni /TeliaSonera Finland Oyj > Cc: dime@ietf.org > Subject: Re: [Dime] Review of draft-korhonen-dime-pmip6-03.txt [snip] > >> * I was also lacking sementic of the PMIP6-DHCP-Address AVP a bit. > >> How does the information flow look like? > >> > > > > The AAA may return a DHCP (4 or 6) server address to the MAG. THis > > would be useful in deployments where the MAG implements a > DHCP Relay. > > So the MAG receives the DHCP Server address over the MAG-AAA > > interface, > > and uses the server address for *this* subscriber/realm > when relaying > > DHCP requests. > > > I am just wondering why the AAA server controls which DHCP server is > contacted by the DHCP relay. > Have you checked with the DHC folks to see what they think > about this idea? It is for centralizing the configuration. Say, my MAGs serve +50 realms and each of those would have a different DHCP server. Now if I need to make any change to server addressing (renumber existing, add a new one or a remove one) I would need to configure all MAGs one by one. We already do the same centralized management for LMAs and HAs. > >> * MIP6-Agent-Info AVP > >> > >> The description currently does not provide enough information why > >> this > >> AVP is needed. > >> What happens when an entity receives this AVP? > >> Why would one send it? > >> > > > > This is one way of doing dynamic LMA discovery. So the AAA > knows which > > LMA to assign for the authenticating subscriber. MAG uses > > it to figure > > out the LMA where to send subsequent PBUs.. > > > > > Maybe we could provide this additional piece of information in the > document. Ack. [snip] > >> The following text seems a bit fuzzy to me: > >> > >> " > >> The Diameter response messages MAY contain Framed-IPv6-Prefix > >> and/or > >> Framed-IPv4-Address AVPs. For example a local Diameter proxy > >> MAY add > >> those in order to advertise locally available prefixes and > >> addresses > >> as well [16]. It is also possible that PMIPv6 mobility > support is > >> not allowed for a subscription. In this case, a MAG may still > >> provide normal IP connectivity to the MN using, for > example, local > >> address pools. > >> " > >> > >> What is the semantic of the Framed-IPv6-Prefix in > relationship to the > >> other > >> addresses being defined in this document? > >> > > > > I am not sure if this is valid anymore but the originally > the reason > > was the following: > > > > It was discussed whether it would make sense to allow PMIP-based > > mobility > > for some prefixes and for some not. So the prefixes with mobility > > would be > > signaled using PMIP specific AVPs where as prefixes without > > mobility would > > use Framed-IPv6-Prefix AVPs. MAG/NAS could then treat prefixes > > differently > > (note that how the MN would know the difference is not > solved yet.. > > there > > has been RA/RS based proposals around). > > > > > So, has the discussion concluded already? > Where are these discussions taking place? There was some discussion and I-Ds in NetLMM and later in the unofficial NetExt bar BoF. > >> * LMA-to-MAG > >> > >> The text at the beginning of the sentence is repeated again in > >> Section > >> 6.2. > >> > >> > >> You write: > >> > >> " > >> The identity SHOULD be the same as > >> used on the MAG to HAAA interface, but in a case those > identities > >> differ the HAAA MUST have a mechanism of mapping the MN > >> identity used > >> on the MAG to HAAA interface to the identity used on > the LMA to > >> HAAA > >> interface. > >> " > >> > >> In what cases are they different? > >> > > > > One example.. the MN authenticates (over the MAG-AAA > interface) using > > some EAP-method that provides identity hiding. So the identity the > > MAG/NAS puts into the User-Name AVP for the access authentication > > could be then different from what gets used in a PBU as the MN-ID. > > The LMA would use the identity taken from the PBU MN-ID when > > communicating > > with the AAA over the LMA-AAA interface. So the identities could > > potentially > > be different and the AAA must be able to map them as one > internally > > in that > > case. If some deployment uses the same identity in all > cases & places, > > fine.. but that must not restrict the flexibility of the AAA > > interfaces. > > > > That's an interesting issue with respect to security. Could you enlighten me what issue? > I have not followed the security discussions in NETLMM > regarding PMIPv6 > but I recall that there was once a discussion whether the > security for > the PMIPv6 signaling is based on a MN-basis (similar to MIPv6) or > independent of the user. > > What is the discussion status? I think what I had above is on slightly different topic. The security in RFC5213 is between MAG and LMA, not per MN. If that is what you are asking.. [snap] Cheers, Jouni _______________________________________________ DiME mailing list DiME@ietf.org https://www.ietf.org/mailman/listinfo/dime
- [Dime] Review of draft-korhonen-dime-pmip6-03.txt Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Dime] Review of draft-korhonen-dime-pmip6-03… jouni.korhonen
- Re: [Dime] Review of draft-korhonen-dime-pmip6-03… jouni.korhonen