Re: [Mip4] Summing up: draft-ietf-mip4-mobike-connectivity-01.txt
Vijay Devarapalli <vijay.devarapalli@azairenet.com> Wed, 20 December 2006 00:20 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwpC4-0003px-7Y; Tue, 19 Dec 2006 19:20:24 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GwpC3-0003ps-MT for mip4@ietf.org; Tue, 19 Dec 2006 19:20:23 -0500
Received: from mail2.azairenet.com ([66.92.223.6]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GwpC2-0003ba-7A for mip4@ietf.org; Tue, 19 Dec 2006 19:20:23 -0500
Received: from [127.0.0.1] ([66.92.223.6]) by mail2.azairenet.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 19 Dec 2006 16:20:21 -0800
Message-ID: <458881C4.9060401@azairenet.com>
Date: Tue, 19 Dec 2006 16:20:20 -0800
From: Vijay Devarapalli <vijay.devarapalli@azairenet.com>
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: McCann Peter-A001034 <pete.mccann@motorola.com>, "Narayanan, Vidya" <vidyan@qualcomm.com>, Hans Sjostrand <hans@ipunplugged.com>
Subject: Re: [Mip4] Summing up: draft-ietf-mip4-mobike-connectivity-01.txt
References: <BE4B07D4197BF34EB3B753DD34EBCD130133C9B2@de01exm67.ds.mot.com>
In-Reply-To: <BE4B07D4197BF34EB3B753DD34EBCD130133C9B2@de01exm67.ds.mot.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 20 Dec 2006 00:20:21.0248 (UTC) FILETIME=[A2A6A800:01C723CC]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cd26b070c2577ac175cd3a6d878c6248
Cc: 'Mobile IPv4 Mailing List' <mip4@ietf.org>
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Errors-To: mip4-bounces@ietf.org
McCann Peter-A001034 wrote:
> Here is an attempted round-up of the issues that have been discussed:
>
> 1. Use of an FA
>
> If the MN is on the trusted network, then an FA can be used.
> There was a proposal from Vidya to put in the following text:
>
> "If the MN is moving from an untrusted network, it needs to first
> acquire an IP address, try
> reaching the HA with it; if the HA is not reachable, use that
> address as the VPN
> tunnel outer address; if it is reachable, either operate in CCoA
> mode or then use an FA
> and re-register with the FA. OTOH, if the MN is moving from a
> trusted network, it may
> use an FA first; determine that the HA is unreachable, subsequently
> acquire an IP
> address and set up a VPN. "
>
> However, there was a complaint that this might be over-specification.
> Can the MN attempt to use an FA before it determines that it is on a
> trusted network? It seems to me that this is ok, the Registration Reply
> will contain the MN-HA Authenticator if the FA can reach the HA,
> otherwise
> the MN will get no response or a response that fails the Authentication
> check.
> Personally I don't see the difference between the case of starting on an
> untrusted
> network vs. starting on the trusted network: the procedure could be the
> same.
Currently the draft already says
3.1.2. Access mode: 'f'
This access mode is standard Mobile IPv4 [2] with a foreign agent
care-of address. The mobile node can use this mode only when it
detects that it is connected to an internal trusted network and also
detects a foreign agent on the access network.
This addresses part of Hans' concerns about using
Internet FAs.
Now coming to the mobile node's behavior, there seems
to be consensus for the mobile node to always configure
a CoA, check reachability to the i-HA and and if
connected to a trusted network, may use a FA if one
available on the trusted access network. If we agree on
this, I can propose some text.
> 2. Bypass VPN for Registration Requests
>
> There was discussion on whether it is feasible to bypass a VPN tunnel
> for the Registration Request. I think the discussion concluded that
> it was possible, but perhaps some text needs to be added describing
> the SAD. Does anyone have some concrete text to propose?
I don't think any text is needed. You can bypass the
SPD using either a higher priority SPD entry with
source address set to the local IP address or using
some implementation specific mechanisms.
> 3. Security considerations for exposing the Registration Request
>
> This one seems pretty simple, there is a short list of concerns that
> could be written into the draft. Vijay, can you draft some text?
Sent updated text this morning.
Narayanan, Vidya wrote:
> One issue that I think is still open is support for multiple
> interfaces (simultaneous bindings clarification).
The mobile should be able to use simultaneous bindings.
I wasn't planning to prohibit it.
Vijay
--
Mip4 mailing list: Mip4@ietf.org
Web interface: https://www1.ietf.org/mailman/listinfo/mip4
Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/
- [Mip4] Summing up: draft-ietf-mip4-mobike-connect… McCann Peter-A001034
- RE: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Narayanan, Vidya
- Re: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Henrik Levkowetz
- Re: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Vijay Devarapalli
- Re: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Hans Sjostrand
- Re: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Vijay Devarapalli
- Re: [Mip4] Summing up: draft-ietf-mip4-mobike-con… Vijay Devarapalli