Re: [Hipsec] Relaying to non-hip aware servers

Miika Komu <miika.komu@ericsson.com> Tue, 27 September 2016 14:02 UTC

Return-Path: <miika.komu@ericsson.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6360012B1E4 for <hipsec@ietfa.amsl.com>; Tue, 27 Sep 2016 07:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8yS4Th13SrGt for <hipsec@ietfa.amsl.com>; Tue, 27 Sep 2016 07:02:06 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C61D12B1D6 for <hipsec@ietf.org>; Tue, 27 Sep 2016 07:02:05 -0700 (PDT)
X-AuditID: c1b4fb3a-ab7ff7000000099a-f9-57ea7bdab08e
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.183.33]) by (Symantec Mail Security) with SMTP id 46.F6.02458.ADB7AE75; Tue, 27 Sep 2016 16:02:04 +0200 (CEST)
Received: from [131.160.51.22] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.35) with Microsoft SMTP Server id 14.3.301.0; Tue, 27 Sep 2016 16:02:01 +0200
To: Robert Moskowitz <rgm@htt-consult.com>, hip WG <hipsec@ietf.org>
References: <a1c2517a-1e06-7ae9-284d-79a172d8a3c5@htt-consult.com>
From: Miika Komu <miika.komu@ericsson.com>
Organization: Ericsson AB
Message-ID: <5a42438c-fcb6-d74f-b590-7f310a9d5447@ericsson.com>
Date: Tue, 27 Sep 2016 17:02:01 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <a1c2517a-1e06-7ae9-284d-79a172d8a3c5@htt-consult.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090006080404020904030500"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrALMWRmVeSWpSXmKPExsUyM2K7ou6d6lfhBj82SFtMXTSZ2aJh3WdG ByaP3ZOa2D2WLPnJFMAUxWWTkpqTWZZapG+XwJXx7dRM1oINZhW/roo0MO427mLk4JAQMJHY 8VCli5GLQ0hgPaPEmpUrmSCc1YwSV2ZOYOxi5OQQFjCXOLCtjQ3EFhFwkdizbDE7iC0k4CSx rWM5C4jNJqAlserOdWYQm19AUmJDw24wm1fAXmLW9GdgvSwCqhLPn9wAs0UFIiRuPexggagR lDg58wmYzSngLPHqwTFWkCOYBboZJdY+3sMKcqmQgIrExWPBExj5ZyFpmYWsDCTBLGArcWfu bmYIW1ti2cLXULa1xIxfB9kgbEWJKd0P2SFsU4nXRz8yQtjGEsvW/WVbwMixilG0OLW4ODfd yEgvtSgzubg4P08vL7VkEyMw7A9u+W21g/Hgc8dDjAIcjEo8vAnAeBBiTSwrrsw9xKgCNOfR htUXGKVY8vLzUpVEeM8VA6V5UxIrq1KL8uOLSnNSiw8xSnOwKInzmq28Hy4kkJ5YkpqdmlqQ WgSTZeLglGpg3FSVzdAvup9JTHyD+tMzLl+rJipfXKy1VVjBp3VCTmTy9ahVMxf8nnh23rfL ux9P/NH9ptczTSNc0fn81ahjO1YdZH/5z+hw66fG6/qTnANbNX+nx6jWpov6ns0IvHXra2Ob p1vvrN5oqcuiQm1hazx/R0/WqUjZ8oT7oyDzszO3zM9n11qHKLEUZyQaajEXFScCANPOGWiD AgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/hipsec/IQ5IWOW5JGA-I1Z6MTsmd6HATVo>
Subject: Re: [Hipsec] Relaying to non-hip aware servers
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2016 14:02:10 -0000

Hi Robert,

On 09/27/2016 04:46 PM, Robert Moskowitz wrote:
> Where did we describe connections from a mobile hip-aware host to a
> legacy non-HIP 'stable' server.
>
> I thought it was HIPBONE (as it is not what HIP nat traversal is about),
> but I am not seeing this function there.
>
> Basically, the Mobile host has its HIP SA with a relay that decapsulates
> the ESP traffic onto legacy Internet.
>
> This can cause some nasty routing scenarios unless the HIP host can
> treat a group of relays as multihome interfaces or the like and use the
> best relay for any connection.  Which would drive TCP/UDP crazy though?
>
> I recall through the window, darkly, that we had these discussions. But
> my search foo is weak and I am not finding them.

proxy HIP:

https://tools.ietf.org/html/draft-melen-hip-proxy-02
https://tools.ietf.org/html/draft-irtf-hiprg-proxies-05