[Mip4] RE: Request for text proposal for your scenario
Gopal Dommety <gdommety@cisco.com> Thu, 11 September 2003 19:58 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11514 for <mip4-archive@odin.ietf.org>; Thu, 11 Sep 2003 15:58:28 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xXZr-0005Qb-ML for mip4-archive@odin.ietf.org; Thu, 11 Sep 2003 15:58:04 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8BJw3Tp020861 for mip4-archive@odin.ietf.org; Thu, 11 Sep 2003 15:58:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xXZr-0005QO-GU for mip4-web-archive@optimus.ietf.org; Thu, 11 Sep 2003 15:58:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11503 for <mip4-web-archive@ietf.org>; Thu, 11 Sep 2003 15:57:57 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19xXZp-0005mZ-00 for mip4-web-archive@ietf.org; Thu, 11 Sep 2003 15:58:01 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19xXZp-0005mV-00 for mip4-web-archive@ietf.org; Thu, 11 Sep 2003 15:58:01 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xXZp-0005Q9-2r; Thu, 11 Sep 2003 15:58:01 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19xXYw-0005PL-B1 for mip4@optimus.ietf.org; Thu, 11 Sep 2003 15:57:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA11472 for <mip4@ietf.org>; Thu, 11 Sep 2003 15:57:00 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19xXYu-0005m5-00 for mip4@ietf.org; Thu, 11 Sep 2003 15:57:04 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx with esmtp (Exim 4.12) id 19xXYt-0005lj-00 for mip4@ietf.org; Thu, 11 Sep 2003 15:57:04 -0400
Received: from gdommety-w2k01.cisco.com (dhcp-128-107-163-214.cisco.com [128.107.163.214]) by sj-core-3.cisco.com (8.12.6/8.12.6) with ESMTP id h8BJuVS5004404; Thu, 11 Sep 2003 12:56:32 -0700 (PDT)
Message-Id: <4.3.2.7.2.20030911125033.02a64ee8@mira-sjcm-3.cisco.com>
X-Sender: gdommety@mira-sjcm-3.cisco.com
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Thu, 11 Sep 2003 12:51:09 -0700
To: Jayshree Bharatia <jayshree@nortelnetworks.com>, "'Adrangi, Farid'" <farid.adrangi@intel.com>
From: Gopal Dommety <gdommety@cisco.com>
Cc: mccap@lucent.com, henrik@levkowetz.com, mip4@ietf.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Subject: [Mip4] RE: Request for text proposal for your scenario
Sender: mip4-admin@ietf.org
Errors-To: mip4-admin@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Hello Farid, Henrick and Jayashree, the scenario I was referring to is as followis: MN---------|VPN/FA|-----------------[VPN2]---------HA VPN1 Provides Encryption/decryption for the link and access to the visiting domain. VPN 2 is optional for remote access. In fact, I would say let us omit this VPN2. Thanks Gopal At 10:52 AM 9/11/2003 -0500, Jayshree Bharatia wrote: >Hello Farid, > >I would think that there may or may not be IPSec tunnel between the MN and >the FA/VPN. If there is, than it will have similar issue as discussed in >the proposed text. If there is no IPSec, the traffic will be unprotected >between these two entities. > >Regards, >Jayshree > > -----Original Message----- > > From: Adrangi, Farid > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > Sent: Wednesday, September 10, 2003 4:32 PM > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > Cc: mccap@lucent.com; henrik@levkowetz.com; gdommety@cisco.com > > Subject: RE: Request for text proposal for your scenario > > > > > > Thanks Jayshree. Couple of clarifications: > > > > From your description, it is my understanding that there is > > only one IPsec tunnel, and that is between the FA/VPN in the > > foreign and the VPN GW in the VPN domain. In other words, No > > IPsec tunnel between the MN and the VPN GW in VPN domain and > > hence data traffic between the MN and the FA is not > > protected. Is my understanding correct? I will have more > > questions/comments based on your answers. Thanks for the > > text and hopefully we can wrap this up this week. BR, Farid > > > > > > -----Original Message----- > > From: Jayshree Bharatia > [<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.com] > > Sent: Wednesday, September 10, 2003 12:15 PM > > To: Adrangi, Farid > > Cc: mccap@lucent.com; henrik@levkowetz.com; gdommety@cisco.com > > Subject: RE: Request for text proposal for your scenario > > > > Hi Farid, > > > > The following is my proposed text for the co-located FA-VPN > > GW scenario. > > > > > > Reagrds, > > Jayshree > > --------------------- > > > > 2.6 Combined VPN Gateway and MIPv4 FA > > > > MIPv4 FA and the VPN Gateway are running on the same physical machine. > > > > > > ..Foreign Network... .....VPN Domain..(Intranet).... > > . . . . > > . +----+ +-----+ . +----+ +-------+ +-------+ . > > . |MNs | | FA | . | VPN| | Router| | HAs | . > > . |away| | + | .<=========>| GW | | 1..n | | | . > > . | | | VPN | . | | +-------+ +-------+ . > > . | | | GW | . | | . > > . +----+ +-----+ . +----+ +-------+ +-------+ . > > . . . | CN | | MNs | . > > .................... . | 1..n | | home | . > > . +-------+ +-------+ . > > . . > > ............................... > > > > > > In this scenario, two VPN gateways are involved where the FA > > is considered to be the trusted entity. The mipv4 tunnel is > > running inside the IPSec-ESP. For end-to-end security model, > > the VPN Gateway within the VPN Domain must protect the IP > > traffic originating at the MN. Since the point of attachment > > changes corresponding to the movement of the MN, it is > > essential that the VPN tunnel security association must be > > refreshed after each IP subnet handoff. Hence, this scenario > > is not practical where the mobility is involved due to performance > > implications for the real-time applications. > > > > > -----Original Message----- > > > From: Adrangi, Farid > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > Sent: Wednesday, September 03, 2003 7:54 PM > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > Cc: mccap@lucent.com; henrik@levkowetz.com; gdommety@cisco.com > > > Subject: Request for text proposal for your scenario > > > > > > > > > > > > Hello Jayshree, > > > Could you please propose a text for the scenario that you > > > want to be added to the problem-statement draft? > > > BR, > > > Farid > > > > > > -----Original Message----- > > > From: Jayshree Bharatia > [<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.com] > > > Sent: Wednesday, August 06, 2003 12:13 PM > > > To: Adrangi, Farid > > > Cc: mip4@ietf.org > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > Hello Farid, > > > > > > Please see my reply below. > > > > > > Thanks, > > > Jayshree > > > -----Original Message----- > > > From: Adrangi, Farid > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > Sent: Sunday, August 03, 2003 11:50 PM > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > Cc: mip4@ietf.org > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > > > > Hello Jayshree, > > > Thanks for following up on this. You, Gopal, and I had a > > > very brief conversation on this during IETF-57 - but I am not > > > sure if we derived any conclusion on whether or not we should > > > include this scenario. To be frank, I don't quite understand > > > the point behind adding this scenario because, > > > - It seems to present a solution to a specific > > > deployment model > > > rather than a deployment scenario > > > [JB] My understanding is different from yours so please > > > elaborate what you mean by deployment model vs deployment > > > scenario in this particular context. > > > > > > - I don't quite see the advantages of a combined > > > VPN+FA if it > > > does > > > not support FA traversal and it does not avoid IPsec > > > renegotiation when MN moves from one subnet to another - > > > perhaps you can elaborate on this? [JB] I think regardless > > > this scenario has any advantages or not, it is one of the > > > probable scenario which has potential issues (as you have > > > indicated earlier). > > > > > > - Furthermore, Scenarios in section 2 of the problem > > > statement > > > draft represents combinations of MIPv4 HA and VPN gateway > > > placement - adding this scenario is going to change semantics > > > of the section 2. [JB] I am not sure what you mean by > > > semantics change here. Do you think documenting this in new > > > subsection (2.6) is a problem? > > > > > > I have no problem adding this scenario to the draft - I just > > > wanted to make sure that we clearly understand the reasons > > > for adding this scenario to the problem statement draft. > > > Design team members and interested individuals are welcome to > > > express their opinion on this. > > > > > > Best regards, > > > Farid > > > > > > > > > > > > > > > > > > The following sub-sections introduce five representative > > > combinations of MIPv4 HA and VPN gateway placement. > > > > > > -----Original Message----- > > > From: Jayshree Bharatia > [<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.com] > > > Sent: Thursday, July 31, 2003 1:44 PM > > > To: Adrangi, Farid > > > Cc: 'mip4@ietf.org' > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > Hello Farid, > > > > > > As per our earlier discussion during IETF-57, my > > > understanding is that you will include the scenario of > > > co-existed FA with the VPN gateway in the VPN Problem > > Statement draft. > > > > > > I agree that this particular scenario has problems and it > > > won't work if the MN is behind an FA in the foreign subnet. > > > But again, this is a problem statement draft. Hence, I > > > believe that this is the appropriate document for mentioning > > > this scenario. > > > > > > Thanks, > > > Jayshree > > > > > > -----Original Message----- > > > From: Adrangi, Farid > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > Sent: Monday, April 07, 2003 2:58 PM > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > Cc: 'mobile-ip@sunroof.eng.sun.com' > > > Subject: RE: Comments on VPN Problem Statement Draft > > > Hello Jayshree > > > This is a good point - I knew someone was to bring this up! > > > At the time of writing these scenarios, we (the design team) > > > actually discussed this and concluded this scenario would > > > fall into a solution space. Maybe we did not make the right > > > decision and we should rethink this. But, before we take > > > this discussion further please allow me to ask you a few > > > questions about the details of the scenario (VPN+FA) that you > > > have in mind . Are you thinking to broadcast FA > > > advertisements through the IPsec tunnel to the MN? If so, > > > how will this work if MN is already behind an FA in the > > > foreign subnet? Or, If you had something different in mind, > > > perhaps you can elaborate on that. Best regards, Farid > > > > > > > > > -----Original Message----- > > > From: Jayshree Bharatia > [<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.com], > > > Sent: Friday, April 04, 2003 3:14 PM > > > To: 'farid.adrangi@intel.com' > > > Cc: 'mobile-ip@sunroof.eng.sun.com' > > > Subject: Comments on VPN Problem Statement Draft > > > > > > Hello Farid, > > > This draft (draft-ietf-mobileip-vpn-problem-statement-req-01) > > > currently misses one scenario were the FA is co-existed with > > > the VPN Gateway. I would think that there are no technical > > > issues supporting this scenario. It will be good if you can > > > add this scenario in the draft (perhaps as section > > > 2.6?) > > > for completeness. > > > Thanks, > > > Jayshree > > > > > > > > _______________________________________________ Mip4 mailing list Mip4@ietf.org https://www.ietf.org/mailman/listinfo/mip4
- [Mip4] RE: Request for text proposal for your sce… Gopal Dommety
- [Mip4] Re: Request for text proposal for your sce… Adrangi, Farid
- [Mip4] Re: Request for text proposal for your sce… Adrangi, Farid
- RE: [Mip4] Re: Request for text proposal for your… Jayshree Bharatia
- [Mip4] RE: Request for text proposal for your sce… Gopal Dommety
- [Mip4] RE: Request for text proposal for your sce… Adrangi, Farid
- [Mip4] Re: Request for text proposal for your sce… Henrik Levkowetz
- [Mip4] RE: Request for text proposal for your sce… Jayshree Bharatia
- Re: [Mip4] Re: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] RE: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Henrik Levkowetz
- Re: [Mip4] RE: Request for text proposal for your… Henrik Levkowetz
- Re: [Mip4] RE: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Henrik Levkowetz
- RE: [Mip4] RE: Request for text proposal for your… Adrangi, Farid