IETF Logo Mail Archive

Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt

Vijay Devarapalli <vijayd@iprg.nokia.com> Tue, 30 August 2005 19:03 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EABOH-00070P-44; Tue, 30 Aug 2005 15:03:25 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EABOF-000700-5a for mip4@megatron.ietf.org; Tue, 30 Aug 2005 15:03:23 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA00726 for <mip4@ietf.org>; Tue, 30 Aug 2005 15:03:21 -0400 (EDT)
Received: from darkstar.iprg.nokia.com ([205.226.5.69]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EABPq-0001v4-0u for mip4@ietf.org; Tue, 30 Aug 2005 15:05:02 -0400
Received: (from root@localhost) by darkstar.iprg.nokia.com (8.11.0/8.11.0-DARKSTAR) id j7UITU123867; Tue, 30 Aug 2005 11:29:30 -0700
X-mProtect: <200508301829> Nokia Silicon Valley Messaging Protection
Received: from manisht.iprg.nokia.com (205.226.2.40, claiming to be "[205.226.2.40]") by darkstar.iprg.nokia.com smtpd7ZEJxB; Tue, 30 Aug 2005 11:29:29 PDT
Message-ID: <4314AD19.9090702@iprg.nokia.com>
Date: Tue, 30 Aug 2005 12:01:45 -0700
From: Vijay Devarapalli <vijayd@iprg.nokia.com>
User-Agent: Mozilla Thunderbird 1.0.6-1.4.1 (X11/20050719)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Kent Leung (kleung)" <kleung@cisco.com>
Subject: Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
References: <2979E38DD6FC6544B789C8DAD7BAFC52923F11@xmb-sjc-235.amer.cisco.com>
In-Reply-To: <2979E38DD6FC6544B789C8DAD7BAFC52923F11@xmb-sjc-235.amer.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 156eddb66af16eef49a76ae923b15b92
Content-Transfer-Encoding: 7bit
Cc: sami.vaarala@iki.fi, Jari Arkko <jari.arkko@piuha.net>, mip4@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org

Kent Leung (kleung) wrote:
> I agree with Sami.
> 
> 1) x-MIP solution should go forth as it directly addressed the problem
> statement, RFC 4093.
> 
> 2) Now, there is the effort to provide a solution that can avoid the
> extra tunnel overhead on the airlink and layering on the MN for data
> traffic.

which solution? draft-devarapalli-mip4-mobike-connectivity-00.txt
is definitely not targeting this. it is only addressing a scenario
where IKEv2 IPsec VPNs with MOBIKE support are used. it is doing
this because there are some immediate use cases.

however, I would support an effort to define requirements for a
more optimal solution involving MIPv4 and *any kind* of VPN
gateway and encourage MIPv4 WG to look into an optimal solution.

Vijay

> For #2, assuming this is the new requirement/problem statement to
> support VPN traversal, one possible solution is MOBIKE while another is
> x-MIP with optimization.  MOBIKE requires changes to VPN GW and can't
> work with FAs.  X-MIP w/optimization don't have these restrictions.
> It's worth defining the requirements of the long-term solution.
> 
> Kent 
> 
> 
>>-----Original Message-----
>>From: mip4-bounces@ietf.org [mailto:mip4-bounces@ietf.org] On 
>>Behalf Of Sami Vaarala
>>Sent: Sunday, August 28, 2005 7:30 AM
>>To: Jari Arkko
>>Cc: mip4@ietf.org
>>Subject: Re: [Mip4] review of 
>>draft-devarapalli-mip4-mobike-connectivity-00.txt
>>
>>Hi,
>>
>>
>>>>The problem I see w.r.t. to using IKEv2/MOBIKE is that it 
>>
>>does not, 
>>
>>>>alone, match the current problem statement.  The 
>>
>>assumption made in 
>>
>>>>draft-ietf-mip4-vpn-problem-statement-03.txt is that existing 
>>>>deployed VPN infrastructure should be used (see e.g.
>>>>Section 5.1).
>>>> 
>>>>
>>>
>>>Yes. I still view that as the main and most urgent use case, so the 
>>>problem statement is OK. However, I believe we are also at 
>>
>>a situation 
>>
>>>where we can see future deployments (particularly those based on
>>>IKEv2) start to do new things. I don't see a problem with 
>>
>>pursuing two 
>>
>>>tracks simultaneously. Its not like they would be two redundant 
>>>solutions, its more like points in different stages of evolution.
>>
>>Right, I agree.  And I agree we can pursue two tracks at the 
>>same time.  However, given that these two tracks have so much 
>>in common, it doesn't seem useful to specify them in two 
>>seemginly separate specifications.  Given the way the 
>>solutions are specified, x-MIP + IKEv1 vs. MOBIKE + IKEv2 are 
>>just two different access modes.
>>The overall approach, the intranet detection, etc, are all same.
>>
>>But stepping back a little, if we relax either the "existing VPN"
>>or "minimal MIPv4 changes" assumptions, we get a number of 
>>different solutions.  For instance:
>>
>>    - A *very* straightforward way of getting mobility without x-MIP
>>      (and just IKEv1+IPsec) is just to use the "implicit ESP update"
>>      mechanism already deployed by some vendors.  I believe a similar
>>      mechanism is used in the MIPv6 + IPsec draft.  This is rather
>>      simple to implement and does away with the x-MIP overhead
>>      completely.
>>
>>    - We could specify IKEv1 mobility extensions to allow more or less
>>      the same effect albeit with more vendor effort.  Vijay's draft's
>>      Appendix has a suggestion for this.
>>
>>    - Looking at x-MIP, we can also eliminate x-MIP overhead 
>>completely
>>      by defining an optimization extension between the MN 
>>and the x-HA.
>>      This approach retains FA support, while eliminating all x-MIP
>>      overhead in non-FA scenarios.  The rough approach was 
>>described in
>>      draft-vaarala-mip4-optudp-00 [*].
>>
>>    - A very important concern in practice is managing the keys and
>>      authentication in a dual MIP or MOBIKE+MIP solution.  Should we
>>      define something to make this easier?
>>
>>At least to me it's not at all clear which avenue would 
>>produce the best possible solution - minimal changes, maximum 
>>impact, and maximum generality (especially).  So going past 
>>absolute minimum changes (dual
>>MIP) needs more thought on what criteria we should apply to solutions.
>>
>>
>>>>If we decide that there is no deployment issue w.r.t. MIPv4 and 
>>>>already deployed VPNs, we should IMO take a larger view of 
>>
>>improving 
>>
>>>>MIPv4/VPN coexistence.  Minimizing overlap between the two 
>>
>>mechanisms 
>>
>>>>would give a much better solution.  For instance, there is 
>>
>>room for 
>>
>>>>improvement in MIPv4 packet overhead, MIPv4/VPN compression 
>>>>interactions, and integrated MIPv4/VPN packet authentication.
>>>>
>>>
>>>I believe we will eventually get there. Probably step by step, 
>>>however. I view Vijay's draft one of those steps... eliminating one 
>>>unnecessary level in the stack.
>>>Or are you arguing that we should spend more time thinking 
>>
>>what to do, 
>>
>>>if we discard the no-changes-at-all assumption?
>>
>>I think we should work on defining what the longer term goal is w.r.t.
>>IPsec and MIPv4 integration.  I don't think it's clear people 
>>agree what that goal should be.  And proposing, discussing, 
>>and comparing solutions beyond dual MIP is difficult at the 
>>moment, because we have nothing to compare them against.
>>
>>As far as dual MIP is concerned, going forward with it would 
>>be useful as a baseline and as documenting existing practice 
>>(as far as I know, some people are deploying it, although I'm 
>>not sure at what scale).
>>But if we agree on working on a better long-term solution, 
>>that would of course be preferable to working on a limited 
>>dual MIP solution.
>>
>>Best,
>>
>>-Sami
>>
>>[*]
>>http://users.tkk.fi/~svaarala/publications/draft-vaarala-mip4-
>>optudp-00.txt
>>
>>
>>--
>>Mip4 mailing list: Mip4@ietf.org
>>    Web interface: https://www1.ietf.org/mailman/listinfo/mip4
>>     Charter page: http://www.ietf.org/html.charters/mip4-charter.html
>>Supplemental site: http://www.mip4.org/
>>
> 
> 


-- 
Mip4 mailing list: Mip4@ietf.org
    Web interface: https://www1.ietf.org/mailman/listinfo/mip4
     Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/

v2.23.0 | Report a Bug | By Email