Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-mext-nemo-v4traversal
Alexandru Petrescu <alexandru.petrescu@gmail.com> Mon, 23 February 2009 10:48 UTC
Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4CE13A6874 for <mext@core3.amsl.com>; Mon, 23 Feb 2009 02:48:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.177
X-Spam-Level:
X-Spam-Status: No, score=-2.177 tagged_above=-999 required=5 tests=[AWL=0.072, BAYES_00=-2.599, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XFg812wkO1cG for <mext@core3.amsl.com>; Mon, 23 Feb 2009 02:48:22 -0800 (PST)
Received: from cirse-out.extra.cea.fr (cirse-out.extra.cea.fr [132.166.172.106]) by core3.amsl.com (Postfix) with ESMTP id 493453A69DB for <mext@ietf.org>; Mon, 23 Feb 2009 02:48:22 -0800 (PST)
Received: from nephilia.intra.cea.fr (nephilia.intra.cea.fr [132.166.88.33]) by cirse.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-1.2) with ESMTP id n1NAmPGi021407; Mon, 23 Feb 2009 11:48:25 +0100
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by nephilia.intra.cea.fr (8.13.8/8.13.8) with ESMTP id n1NAmPoj001023; Mon, 23 Feb 2009 11:48:25 +0100 (envelope-from alexandru.petrescu@gmail.com)
Received: from [127.0.0.1] ([132.166.133.173]) by muguet1.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.1) with ESMTP id n1NAmNi9025566; Mon, 23 Feb 2009 11:48:25 +0100
Message-ID: <49A27EF7.9030105@gmail.com>
Date: Mon, 23 Feb 2009 11:48:23 +0100
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: Christian.Kaas-Petersen@tieto.com
References: <C5C31D81.B953%hesham@elevatemobile.com> <C5C47C6D.23064%basavaraj.patil@nokia.com> <D3CFEF84287B46408A7F0405EE7C545701C81EC3@corvette.eu.tieto.com>
In-Reply-To: <D3CFEF84287B46408A7F0405EE7C545701C81EC3@corvette.eu.tieto.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: mext@ietf.org, Basavaraj.Patil@nokia.com
Subject: Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-mext-nemo-v4traversal
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Feb 2009 10:48:23 -0000
Side note about Mobile IPv6 bootstrapping... not sure about the DSMIPv6 aspect. Christian.Kaas-Petersen@tieto.com a écrit : > It is not clear to me, that RFC 3775 allows the exchange of Mobile > Prefix Solicitations and Mobile Prefix Advertisements during > bootstrapping. If a mobile node is booting in a foreign network, and > has no home address, it has not yet made any registration with a > home agent, then certainly the home agent has no way to send > unsolicited MPA to a mobile node (RFC 3775 sec 6.8). I agree. I think MN would discover the HA (DHAAD to anycast address, derived from the home prefix) before sending the MPS (Mobile Prefix Sol'n) to a specific HA address. Once the MN has the HA address, and receives the MPA (Mobile Prefix Adv't) it can derive its Home Address from the prefix in MPA; probably this prefix is the same as the prefix initially used to form the HA anycast address, except MN is now sure to have the latest info. > Should the mobile node attempt to send a MPS to the home agent, it is > a requirement the Home Address destination option is included in an > ESP protected packet (RFC 3775 sec 6.7), which means it must have a > home address. That's why I fail to understand how MPS/MPA can be > used for bootstrapping, because the home address is required. WEll, if the HA and MN don't have an SA, then they could run a dynamic key formation (IKE?) right after the DHAAD phase. I think this would permit to protect the MPS/MPA exchange, without necessarily MN to have a HoA. Alex > In my view, this does not change with DSMIP, except that the home > address is no longer stored in a destination option but in the > (inner) IPv6 source address. Because the mobile node already knows > its IPv6 home address, I should think it a valid functionality to ask > the home agent of any updates in the IPv6 home prefixes. > > Christian > > >> -----Original Message----- From: mext-bounces@ietf.org >> [mailto:mext-bounces@ietf.org] On Behalf Of >> Basavaraj.Patil@nokia.com Sent: 20. februar 2009 22:28 To: >> hesham@elevatemobile.com; mext@ietf.org Subject: Re: [MEXT] FW: >> DISCUSS and COMMENT: draft-ietf-mext-nemo-v4traversal >> >> >> Hi Hesham, >> >> After looking at your proposed text, I must say that I am not >> totally convinced. >> >> Stepping back from the specific issue raised by Pasi for a moment, >> - Do we really need to have the capability to obtain the prefix >> from the HA when the MN does not have IPv6 connectivity to the HA? >> While I recognize the fact that this mechanism is specified in >> RFC3775 as a means by which the MN can obtain the prefix from the >> HA to bootstrap, I don't believe it has much value. Since other >> bootstrapping mechanisms have been developed, I do not see the need >> for obtaining the prefix from the HA by an MN using the prefix >> solicitation mechanism, especially in the case where the MN is >> attached via IPv4 only. Hence I would suggest removing this feature >> entirely from the DSMIP6 I-D. I do not see any harm in not having >> the capability to do prefix solicitation when attached via an IPv4 >> only network. >> >> -Raj >> >> >> On 2/18/09 9:30 PM, "ext Hesham Soliman" <hesham@elevatemobile.com> >> wrote: >> >>> Folks, >>> >>> Please take a look the Pasi's comment below and my response >> and let me >>> know if anyone has comments on this before I submit the draft. >>> This should be the final comment on the doc. Does the text in >> section 3.2 >>> make sense? If not, does the explanation below make sense? >> If not please suggest text. >>> >>>> Section 3.2: >>>>> Securing these messages requires the mobile node to have a >>>>> security association with the home agent, using IPsec >> (AH or ESP) >>>>> and based on the mobile node's IPv4 care-of address as >>>>> described in [RFC3775]. Since the mobile node needs to >> encapsulate all IPv6 >>>>> traffic sent to the home agent into IPv4 while located in an >>>>> IPv4-only visited network, this SA would match all >> packets if the >>>>> selectors were based on the information in the outer header. >>>> This looks strange (when using tunnel mode IPsec, the selectors >>>> select the packets to be protected before the outer header >> is added >>>> -- so the last sentence is weird) -- what are the IPsec >> SPD entries, >>>> and what does the resulting packet look like? >>>> >>> => I was confused by the snippet above and then went back >> to see why I >>> added this a long time ago. Basically the scenario here is >> that a MN >>> can send the prefix solicitation and receive advertisement from >>> its HA, while located in a foreign link. These messages may be >> sent before >>> a home address is allocated. So, if a MN is located in an IPv4 >>> network, it would have to negotiate the SA using IPv4 and >> it's IPv4 address is one of the selectors. >>> The inner IPv6 packet would probably contain a link local >> in the src >>> address since there is no global IPv6 address available to >> the MN. In >>> 3775/6, the (un-encapsulated message) is protected by a >> transport mode >>> SA. In DSMIP, if we do a transport mode SA on the outer >> header, then >>> this SA would apply to all traffic since everything is >> tunnelled back >>> to the HA. And the outer header is identical for all packets. >>> >>> Does this make sense to you? If so, I can clarify the text >> according >>> to this logic. If not, please let me know what I missed. >>> >>> Hesham >>> >>> >>> _______________________________________________ MEXT mailing list >>> MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext >> _______________________________________________ MEXT mailing list >> MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext >> > _______________________________________________ MEXT mailing list > MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext >
- [MEXT] FW: DISCUSS and COMMENT: draft-ietf-mext-n… Hesham Soliman
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Basavaraj.Patil
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Christian.Kaas-Petersen
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Alexandru Petrescu
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Alexandru Petrescu
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Hesham Soliman
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Hesham Soliman
- Re: [MEXT] FW: DISCUSS and COMMENT: draft-ietf-me… Basavaraj.Patil