Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
Vijay Devarapalli <vijayd@iprg.nokia.com> Tue, 30 August 2005 19:03 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EABOH-00070P-44; Tue, 30 Aug 2005 15:03:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EABOF-000700-5a for mip4@megatron.ietf.org; Tue, 30 Aug 2005 15:03:23 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00726 for <mip4@ietf.org>; Tue, 30 Aug 2005 15:03:21 -0400 (EDT)
Received: from darkstar.iprg.nokia.com ([205.226.5.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EABPq-0001v4-0u for mip4@ietf.org; Tue, 30 Aug 2005 15:05:02 -0400
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id j7UITU123867; Tue, 30 Aug 2005 11:29:30 -0700
X-mProtect: <200508301829> Nokia Silicon Valley Messaging Protection
Received: from manisht.iprg.nokia.com (205.226.2.40, claiming to be "[205.226.2.40]") by darkstar.iprg.nokia.com smtpd7ZEJxB; Tue, 30 Aug 2005 11:29:29 PDT
Message-ID: <4314AD19.9090702@iprg.nokia.com>
Date: Tue, 30 Aug 2005 12:01:45 -0700
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
User-Agent: Mozilla Thunderbird 1.0.6-1.4.1 (X11/20050719)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Kent Leung (kleung)" <kleung@cisco.com>
Subject: Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
References: <2979E38DD6FC6544B789C8DAD7BAFC52923F11@xmb-sjc-235.amer.cisco.com>
In-Reply-To: <2979E38DD6FC6544B789C8DAD7BAFC52923F11@xmb-sjc-235.amer.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 156eddb66af16eef49a76ae923b15b92
Content-Transfer-Encoding: 7bit
Cc: sami.vaarala@iki.fi, Jari Arkko <jari.arkko@piuha.net>, mip4@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org
Kent Leung (kleung) wrote: > I agree with Sami. > > 1) x-MIP solution should go forth as it directly addressed the problem > statement, RFC 4093. > > 2) Now, there is the effort to provide a solution that can avoid the > extra tunnel overhead on the airlink and layering on the MN for data > traffic. which solution? draft-devarapalli-mip4-mobike-connectivity-00.txt is definitely not targeting this. it is only addressing a scenario where IKEv2 IPsec VPNs with MOBIKE support are used. it is doing this because there are some immediate use cases. however, I would support an effort to define requirements for a more optimal solution involving MIPv4 and *any kind* of VPN gateway and encourage MIPv4 WG to look into an optimal solution. Vijay > For #2, assuming this is the new requirement/problem statement to > support VPN traversal, one possible solution is MOBIKE while another is > x-MIP with optimization. MOBIKE requires changes to VPN GW and can't > work with FAs. X-MIP w/optimization don't have these restrictions. > It's worth defining the requirements of the long-term solution. > > Kent > > >>-----Original Message----- >>From: mip4-bounces@ietf.org [mailto:mip4-bounces@ietf.org] On >>Behalf Of Sami Vaarala >>Sent: Sunday, August 28, 2005 7:30 AM >>To: Jari Arkko >>Cc: mip4@ietf.org >>Subject: Re: [Mip4] review of >>draft-devarapalli-mip4-mobike-connectivity-00.txt >> >>Hi, >> >> >>>>The problem I see w.r.t. to using IKEv2/MOBIKE is that it >> >>does not, >> >>>>alone, match the current problem statement. The >> >>assumption made in >> >>>>draft-ietf-mip4-vpn-problem-statement-03.txt is that existing >>>>deployed VPN infrastructure should be used (see e.g. >>>>Section 5.1). >>>> >>>> >>> >>>Yes. I still view that as the main and most urgent use case, so the >>>problem statement is OK. However, I believe we are also at >> >>a situation >> >>>where we can see future deployments (particularly those based on >>>IKEv2) start to do new things. I don't see a problem with >> >>pursuing two >> >>>tracks simultaneously. Its not like they would be two redundant >>>solutions, its more like points in different stages of evolution. >> >>Right, I agree. And I agree we can pursue two tracks at the >>same time. However, given that these two tracks have so much >>in common, it doesn't seem useful to specify them in two >>seemginly separate specifications. Given the way the >>solutions are specified, x-MIP + IKEv1 vs. MOBIKE + IKEv2 are >>just two different access modes. >>The overall approach, the intranet detection, etc, are all same. >> >>But stepping back a little, if we relax either the "existing VPN" >>or "minimal MIPv4 changes" assumptions, we get a number of >>different solutions. For instance: >> >> - A *very* straightforward way of getting mobility without x-MIP >> (and just IKEv1+IPsec) is just to use the "implicit ESP update" >> mechanism already deployed by some vendors. I believe a similar >> mechanism is used in the MIPv6 + IPsec draft. This is rather >> simple to implement and does away with the x-MIP overhead >> completely. >> >> - We could specify IKEv1 mobility extensions to allow more or less >> the same effect albeit with more vendor effort. Vijay's draft's >> Appendix has a suggestion for this. >> >> - Looking at x-MIP, we can also eliminate x-MIP overhead >>completely >> by defining an optimization extension between the MN >>and the x-HA. >> This approach retains FA support, while eliminating all x-MIP >> overhead in non-FA scenarios. The rough approach was >>described in >> draft-vaarala-mip4-optudp-00 [*]. >> >> - A very important concern in practice is managing the keys and >> authentication in a dual MIP or MOBIKE+MIP solution. Should we >> define something to make this easier? >> >>At least to me it's not at all clear which avenue would >>produce the best possible solution - minimal changes, maximum >>impact, and maximum generality (especially). So going past >>absolute minimum changes (dual >>MIP) needs more thought on what criteria we should apply to solutions. >> >> >>>>If we decide that there is no deployment issue w.r.t. MIPv4 and >>>>already deployed VPNs, we should IMO take a larger view of >> >>improving >> >>>>MIPv4/VPN coexistence. Minimizing overlap between the two >> >>mechanisms >> >>>>would give a much better solution. For instance, there is >> >>room for >> >>>>improvement in MIPv4 packet overhead, MIPv4/VPN compression >>>>interactions, and integrated MIPv4/VPN packet authentication. >>>> >>> >>>I believe we will eventually get there. Probably step by step, >>>however. I view Vijay's draft one of those steps... eliminating one >>>unnecessary level in the stack. >>>Or are you arguing that we should spend more time thinking >> >>what to do, >> >>>if we discard the no-changes-at-all assumption? >> >>I think we should work on defining what the longer term goal is w.r.t. >>IPsec and MIPv4 integration. I don't think it's clear people >>agree what that goal should be. And proposing, discussing, >>and comparing solutions beyond dual MIP is difficult at the >>moment, because we have nothing to compare them against. >> >>As far as dual MIP is concerned, going forward with it would >>be useful as a baseline and as documenting existing practice >>(as far as I know, some people are deploying it, although I'm >>not sure at what scale). >>But if we agree on working on a better long-term solution, >>that would of course be preferable to working on a limited >>dual MIP solution. >> >>Best, >> >>-Sami >> >>[*] >>http://users.tkk.fi/~svaarala/publications/draft-vaarala-mip4- >>optudp-00.txt >> >> >>-- >>Mip4 mailing list: Mip4@ietf.org >> Web interface: https://www1.ietf.org/mailman/listinfo/mip4 >> Charter page: http://www.ietf.org/html.charters/mip4-charter.html >>Supplemental site: http://www.mip4.org/ >> > > -- Mip4 mailing list: Mip4@ietf.org Web interface: https://www1.ietf.org/mailman/listinfo/mip4 Charter page: http://www.ietf.org/html.charters/mip4-charter.html Supplemental site: http://www.mip4.org/
- [Mip4] review of draft-devarapalli-mip4-mobike-co… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- [Mip4] Re: review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)