Re: [Int-area] [MEXT] Rethink on Mobile IPv6

Hello Basavaraj,

I also think we need to do some rethinking.

To be brief:
- I think we need to allow network operators to
   utilize security mechanisms they deem appropriate,
   whether or not standardized by the IETF.

- I think we need to allow network operators to
   utilize tunneling mechanisms they deem appropriate,
   whether or not standardized by the IETF.

I'm happy to break down the specification
into components (such as route optimization, etc.).
I'll even volunteer to hack the text.  But I do
not think this is a major stumbling block.
After all, the mobile node is the one initiating
route optimization.  If the home agent does not
support it, there is no route optimization --
in other words, this function is trivially
controllable by operators.

I'm concerned because I know that Mobile IP
offers very high-performance mobility management
and session persistence -- yet, in one SDO
after another we see suboptimal, slow signaling
for clunky interworking schemes that don't even
support VoIP very well.

Something is wrong.  I have a hard time believing
that the operators insist that their customers
cannot have the best available.  It's much more likely
that they don't see a comfortable evolutionary
path because of the limited security and tunneling
options available with RFC 3775.

Regards,
Charlie P.

On 3/3/2010 7:55 AM, Basavaraj.Patil@nokia.com wrote:
>
> Mobile IPv6 (RFC3775) has been an RFC since 2004, and Dual-stack
> Mobile IPv6 (RFC5555) since 2009. Implementations of the protocol has
> been lacklustre to say the least. Several SDOs have considered MIP6
> and DSMIP6 as a solution for interworking and mobility between
> different access technologies and only 3GPP has adopted it in a very
> limited manner for Rel 8 (for use on the S2c interface) with the
> likelihood of it being actually deployed quite low (IMO).
>
> While there are many reasons that can be attributed to the lack of
> implementations and use, one that I would like to raise is the the
> concern with the overly complex security model that MIP6/DSMIP6 relies
> on today. MIP6/DSMIP6 requires IPsec and IKE/IKEv2 (RFC3776/4877) to
> secure the signaling between the MN and HA. The fundamental purpose of
> MIP6/DSMIP6 is to provide mobility to hosts. At a very high level the
> MIP6/DSMIP6 protocol boils down to the ability to setup a tunnel
> between the MN and HA and update the MN tunnel end-point whenever
> there is a change in the associated IP address (CoA). The signaling to
> establish the tunnel needs to be secure. But using a protocol like
> IKEv2 and IPsec to achieve this security is just an overkill. It
> increases the complexity of the implementation as a result of many
> factors that have been captured in I-D:
> draft-patil-mext-mip6issueswithipsec and discussed in the MEXT WG
> meetings.
>
> Given the objective of the protocol is to enable IP mobility for hosts,
> it should focus on doing that well in a manner that makes it easy to
> implement/adopt/deploy/scale. My opinion as a result of implementation
> experience is that MIP6/DSMIP6 can be significantly simplified,
> especially the security architecture. The protocol as specified
> currently in RFC3775/RFC5555 is a kitchensink of features. Getting back
> to basics of simply establishing a tunnel between the MN and HA and
> managing that tunnel is all that is needed and would potentially see
> the light of day in the real world.
>
> You may want to call it as Mobile IPv6-lite if you wish. But I do
> believe that a simplification of the protocol is needed without which
> I fear it will remain an academic exercise with many years spent in
> developing a spec. I hope the working group and people who are
> involved in mobility related work would consider undertaking such an
> effort in the IETF.
>
> -Basavaraj
>
> _______________________________________________
> MEXT mailing list
> MEXT@ietf.org
> https://www.ietf.org/mailman/listinfo/mext
>