Re: [Mip4] Re: Request for text proposal for your scenario

At 07:58 AM 9/25/2003 -0400, Henrik Levkowetz wrote:
>Hi Gopal,
>
>Wednesday 24 September 2003, Gopal wrote:
> > I think you are thinking "remote access". Think of it as using IPsec
> > instead of L2 encryption in 802.11
> >   case with IPsec terminating at the edge and FA/HA proving mobility.
>
>I only say that there is much more text required to explain
>this scenario.  I'm still not sure I understand it, and I definitely
>don't have any understanding of what it contributes to the problem
>statement.

I think Jayshree and myelf will re-do the write up to provide more 
details.I will re-do the writeup and send it again.

>More comments below.
>
> > At 09:30 AM 9/24/2003 -0400, Henrik Levkowetz wrote:
> > >Hi Gopal and Jayshree,
> > >
> > >         So, I think we still need some changes in this text, because to
> > >be frank I still don't understand this. The figure below shows the
> > >VPN domain and the forign network as being adjacent, with no internet
> > >in between; is that right? In that case, it seems to me this is a
> > >roaming within the corporate network scenario, rather than a general
> > >roaming scenario.
>
>I still miss an answer to above question.

Sorry, I thought my later comment addressed this.

This pertains more to the corporate network sceanrio. I will re-write the 
section and send it out.

> > >Second, the handovers referred to, are these between different FA's
> > >in the corporate network, or going out to the public internet?
> >
> > within the corporate network. when dealing with the public internet it is
> > more involved and yet another layer.
>
>Ok, then the text needs to point out that, and also explain why we are
>looking at this case at all.

Will make changes to the text.

> > >Third, this scenario seems very contrieved, (but this is maybe
> > >because I dont't really understand it?) - it seems to me we could
> > >scare up 20 different unrealistic scenarios of the same sort, so
> > >I don't understand why we want to pick and include this particular
> > >one at all??  It seems to me that adding this scenario makes the
> > >draft more confusing rather than more understandable.
> >
> > Hopefully mis-understanding and less contrived :-)
>
>I'm still not convinced. *Please* provide text which actually
>communicates what this is all about to the un-initiated reader.

I think Jayshree and myelf will re-do the write up to provide more 
details.I will re-do the writeup and send it again.

Thanks
Gopal

>         Henrik
>
>
> > -Gopal
> >
> >
> > >         Henrik
> > >
> > >Tuesday 23 September 2003, Gopal wrote:
> > > >
> > > > Farid,
> > > >
> > > > The text Jayshree sent looks good. I just made minor edits. Here is the
> > > > text below:
> > > >
> > > >
> > > > 2.6 Combined VPN Gateway and MIPv4 FA
> > > >
> > > > MIPv4 FA and the VPN Gateway are running on the same physical machine.
> > > >
> > > >
> > > >       ..Foreign Network............VPN Domain..(Intranet).....
> > > >       .                         .                            .
> > > >       .  +----+              +-----+    +-------+  +-------+ .
> > > >       .  |MNs |              | FA  |    | Router|  | HAs   | .
> > > >       .  |away|<============>| +   |    | 1..n  |  |       | .
> > > >       .  |    |              | VPN |    +-------+  +-------+ .
> > > >       .  |    |              | GW  |                         .
> > > >       .  +----+              +-----+   +-------+  +-------+  .
> > > >       .                         .      |  CN   |  | MNs   |  .
> > > >       .                         .      | 1..n  |  | home  |  .
> > > >       .                         .      +-------+  +-------+  .
> > > >       .                         .                            .
> > > >       ........................................................
> > > >
> > > > In this scenario, the mipv4 tunnel is running inside the IPSec-ESP
> > > > between the
> > > > MN and the FA/VPN Gateway.This scenario
> > > >   IPsec being used to protect the data over the wireless network.
> > > >
> > > > For end-to-end security model, the VPN
> > > > Gateway
> > > > must
> > > > protect the IP traffic originating at the MN. Since the point of
> > > > attachment
> > > > changes corresponding to the movement of the MN, it is essential that
> > > > the
> > > > VPN
> > > > tunnel security association must be refreshed after each IP subnet
> > > > handoff.
> > > >
> > > > Hence, this scenario is not practical
> > > > where the mobility is involved for
> > > > the
> > > > real-time applications due to the performance implications.
> > > >
> > > >
> > > > Thanks
> > > > Gopal
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > At 03:22 PM 9/23/2003 -0700, Adrangi, Farid wrote:
> > > > >Any update on this?  What should we do next?
> > > > >--Farid
> > > > >
> > > > >-----Original Message-----
> > > > >From: Jayshree Bharatia [mailto:jayshree@nortelnetworks.com]
> > > > >Sent: Tuesday, September 16, 2003 11:02 AM
> > > > >To: 'Gopal Dommety'
> > > > >Cc: 'mccap@lucent.com'; 'henrik@levkowetz.com'; Adrangi, Farid
> > > > >Subject: RE: Request for text proposal for your scenario
> > > > >
> > > > >Gopal,
> > > > >
> > > > >Appreciate if you can make appropriate changes to the proposed text:
> > > > >
> > > > >Thanks,
> > > > >Jayshree
> > > > >
> > > > >-------------
> > > > >Proposed text:
> > > > >
> > > > >2.6 Combined VPN Gateway and MIPv4 FA
> > > > >
> > > > >MIPv4 FA and the VPN Gateway are running on the same physical machine.
> > > > >
> > > > >
> > > > >      ..Foreign Network............VPN Domain..(Intranet).....
> > > > >      .                         .                            .
> > > > >      .  +----+              +-----+    +-------+  +-------+ .
> > > > >      .  |MNs |              | FA  |    | Router|  | HAs   | .
> > > > >      .  |away|<============>| +   |    | 1..n  |  |       | .
> > > > >      .  |    |              | VPN |    +-------+  +-------+ .
> > > > >      .  |    |              | GW  |                         .
> > > > >      .  +----+              +-----+   +-------+  +-------+  .
> > > > >      .                         .      |  CN   |  | MNs   |  .
> > > > >      .                         .      | 1..n  |  | home  |  .
> > > > >      .                         .      +-------+  +-------+  .
> > > > >      .                         .                            .
> > > > >      ........................................................
> > > > >
> > > > >In this scenario, the mipv4 tunnel is running inside the IPSec-ESP
> > > > >between
> > > > >the
> > > > >MN and the FA/VPN Gateway. For end-to-end security model, the VPN
> > > > >Gateway
> > > > >must
> > > > >protect the IP traffic originating at the MN. Since the point of
> > > > >attachment
> > > > >changes corresponding to the movement of the MN, it is essential that
> > > > >the
> > > > >VPN
> > > > >tunnel security association must be refreshed after each IP subnet
> > > > >handoff.
> > > > >Hence, this scenario is not practical where the mobility is 
> involved for
> > > > >the
> > > > >real-time applications due to the performance implications.
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > Sent: Monday, September 15, 2003 4:39 PM
> > > > > > To: 'Gopal Dommety'; Adrangi, Farid
> > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com
> > > > > > Subject: RE: Request for text proposal for your scenario
> > > > > >
> > > > > >
> > > > > > Gopal,
> > > > > >
> > > > > > I was in the impression that you will modify the text.
> > > > > > Anyway, I won't able to do much today but let me try tomorrow
> > > > > > and send you the text...
> > > > > >
> > > > > > Regards,
> > > > > > Jayshree
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Gopal Dommety [mailto:gdommety@cisco.com]
> > > > > > > Sent: Monday, September 15, 2003 2:03 PM
> > > > > > > To: Adrangi, Farid; Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com
> > > > > > > Subject: RE: Request for text proposal for your scenario
> > > > > > >
> > > > > > >
> > > > > > > Jayshree,
> > > > > > >
> > > > > > > Can you massage the text that you sent to fit what I was
> > > > > > referring to.
> > > > > > >
> > > > > > > -Gopal
> > > > > > >
> > > > > > > At 04:08 PM 9/11/2003 -0700, Adrangi, Farid wrote:
> > > > > > >
> > > > > > > >Hi Gopal,
> > > > > > > >Ok.  I guess my interpretation of your scenario was not 
> accurate!
> > > > > > > >Maybe the best thing is that you and Jayshree propose a text 
> that
> > > > > > > >*clearly* articulates the scenario and its problems.
> > > > > > Would that be
> > > > > > > >possible? Thanks a bunch. BR,
> > > > > > > >Farid
> > > > > > > >
> > > > > > > >-----Original Message-----
> > > > > > > >From: Gopal Dommety [mailto:gdommety@cisco.com]
> > > > > > > >Sent: Thursday, September 11, 2003 3:43 PM
> > > > > > > >To: Adrangi, Farid; Jayshree Bharatia
> > > > > > > >Cc: mccap@lucent.com; henrik@levkowetz.com
> > > > > > > >Subject: RE: Request for text proposal for your scenario
> > > > > > > >
> > > > > > > >Farid,
> > > > > > > >
> > > > > > > >I am not suggesting a solution. I am confused by your
> > > > > > > >inferences...comments inline to the best of my confusion.
> > > > > > > >
> > > > > > > >
> > > > > > > > >1) MN may be several hops away from the VPN/FA
> > > > > > > >
> > > > > > > >I was talking about one hop away. the multiple hops is
> > > > > > > interesting. The
> > > > > > > >deployment scenarios of one hop and multiple hop solutions 
> could be
> > > > > > > >very
> > > > > > > >
> > > > > > > >different.
> > > > > > > >
> > > > > > > >
> > > > > > > > >2) FA advertisement is done inside the IPsec tunnel 
> established
> > > > > > > > >between the MN and VPN/FA.
> > > > > > > >
> > > > > > > >It is possible.. but then we are going into solution space.
> > > > > > > >
> > > > > > > > >3) MN roaming in a foreign network cannot be place behind
> > > > > > > a FA.  For
> > > > > > > > >example, the following picture is not possible:
> > > > > > > > >
> > > > > > > > >MN ---FA----one or hops----FA/VPN1
> > > > > > > > >
> > > > > > > > >4) VPN1/FA could also be your remote access VPN.  So, the
> > > > > > > picture can
> > > > > > > >be
> > > > > > > > >simplified as follows
> > > > > > > > >
> > > > > > > > >MN ----one or more hops -----FA/VPN ---Intranet
> > > > > > > > >
> > > > > > > > >Note: I get frighten when I see nested IPsec tunnels, in
> > > > > > > particular
> > > > > > > > >established by different IPsec client software running on
> > > > > > > the client
> > > > > > > > >device!!!
> > > > > > > > >
> > > > > > > > >So, since the scenario does not support #3 above, then the 
> only
> > > > > > > > >problem that we have is with SA refreshes when the MN
> > > > > > changes its
> > > > > > > > >point of attachment.  Is my understanding correct?
> > > > > > > > >
> > > > > > > > >BR,
> > > > > > > > >FArid
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >-----Original Message-----
> > > > > > > > >From: Gopal Dommety [mailto:gdommety@cisco.com]
> > > > > > > > >Sent: Thursday, September 11, 2003 10:58 AM
> > > > > > > > >To: Jayshree Bharatia; Adrangi, Farid
> > > > > > > > >Cc: mccap@lucent.com; henrik@levkowetz.com
> > > > > > > > >Subject: RE: Request for text proposal for your scenario
> > > > > > > > >
> > > > > > > > >Hello Farid, Henrick and Jayashree,
> > > > > > > > >
> > > > > > > > >the scenario I was referring to  is as followis:
> > > > > > > > >
> > > > > > > > >MN---------|VPN/FA|-----------------[VPN2]---------HA
> > > > > > > > >
> > > > > > > > >VPN1 Provides Encryption/decryption for the link and
> > > > > > access to the
> > > > > > > > >visiting domain.
> > > > > > > > >VPN 2 is optional for remote access.
> > > > > > > > >
> > > > > > > > >Thanks
> > > > > > > > >Gopal
> > > > > > > > >
> > > > > > > > >At 10:52 AM 9/11/2003 -0500, Jayshree Bharatia wrote:
> > > > > > > > >
> > > > > > > > > >Hello Farid,
> > > > > > > > > >
> > > > > > > > > >I would think that there may or may not be IPSec tunnel
> > > > > > > between the
> > > > > > > >MN
> > > > > > > > >and
> > > > > > > > > >the FA/VPN. If there is, than it will have similar issue as
> > > > > > > > > >discussed
> > > > > > > > >in
> > > > > > > > > >the proposed text. If there is no IPSec, the traffic will be
> > > > > > > > >unprotected
> > > > > > > > > >between these two entities.
> > > > > > > > > >
> > > > > > > > > >Regards,
> > > > > > > > > >Jayshree
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Adrangi, Farid
> > > > > > > > > >
> > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com]
> > > > > > > > > > > Sent: Wednesday, September 10, 2003 4:32 PM
> > > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com;
> > > > > > gdommety@cisco.com
> > > > > > > > > > > Subject: RE: Request for text proposal for your scenario
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Thanks Jayshree.  Couple of clarifications:
> > > > > > > > > > >
> > > > > > > > > > > From your description, it is my understanding that
> > > > > > > there is only
> > > > > > > > > > > one IPsec tunnel, and that is between the FA/VPN in
> > > > > > > the foreign
> > > > > > > > > > > and the VPN GW in the VPN domain.  In other words, No 
> IPsec
> > > > > > > > > > > tunnel between the MN and the VPN GW in VPN domain
> > > > > > and hence
> > > > > > > > > > > data traffic between the MN and the FA is not
> > > > > > > protected.  Is my
> > > > > > > > > > > understanding correct?  I will have more 
> questions/comments
> > > > > > > > > > > based on your answers.  Thanks for the text and
> > > > > > > hopefully we can
> > > > > > > > > > > wrap this up this week. BR, Farid
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > From: Jayshree Bharatia
> > > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetw 
> orks.c
> > > > > > > > >om
> > > > > > > >]
> > > > > > > > > > > Sent: Wednesday, September 10, 2003 12:15 PM
> > > > > > > > > > > To: Adrangi, Farid
> > > > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com;
> > > > > > gdommety@cisco.com
> > > > > > > > > > > Subject: RE: Request for text proposal for your scenario
> > > > > > > > > > >
> > > > > > > > > > > Hi Farid,
> > > > > > > > > > >
> > > > > > > > > > > The following is my proposed text for the co-located
> > > > > > > FA-VPN GW
> > > > > > > > > > > scenario.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > Reagrds,
> > > > > > > > > > > Jayshree
> > > > > > > > > > > ---------------------
> > > > > > > > > > >
> > > > > > > > > > > 2.6 Combined VPN Gateway and MIPv4 FA
> > > > > > > > > > >
> > > > > > > > > > > MIPv4 FA and the VPN Gateway are running on the
> > > > > > same physical
> > > > > > > > >machine.
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >      ..Foreign Network...             .....VPN
> > > > > > > > >Domain..(Intranet)....
> > > > > > > > > > >      .                  .             .
> > > > > > > > >.
> > > > > > > > > > >      .  +----+  +-----+ .           +----+     +-------+
> > > > > > > >+-------+
> > > > > > > > >.
> > > > > > > > > > >      .  |MNs |  | FA  | .           | VPN|     |
> > > > > > > Router|  | HAs
> > > > > > > >|
> > > > > > > > >.
> > > > > > > > > > >      .  |away|  | +   | .<=========>| GW |     | 
> 1..n  |  |
> > > > > > > >|
> > > > > > > > >.
> > > > > > > > > > >      .  |    |  | VPN | .           |    |     +-------+
> > > > > > > >+-------+
> > > > > > > > >.
> > > > > > > > > > >      .  |    |  | GW  | .           |    |
> > > > > > > > >.
> > > > > > > > > > >      .  +----+  +-----+ .           +----+     +-------+
> > > > > > > >+-------+
> > > > > > > > >.
> > > > > > > > > > >      .                  .             .        |  CN
> > > > > > >  |  | MNs
> > > > > > > >|
> > > > > > > > >.
> > > > > > > > > > >      ....................             .        | 1..n
> > > > > > >  |  | home
> > > > > > > >|
> > > > > > > > >.
> > > > > > > > > > >                                       .        +-------+
> > > > > > > >+-------+
> > > > > > > > >.
> > > > > > > > > > >                                       .
> > > > > > > > >.
> > > > > > > > > > >
> > > > > > > > >...............................
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > In this scenario, two VPN gateways are involved where
> > > > > > > the FA is
> > > > > > > > > > > considered to be the trusted entity. The mipv4 tunnel
> > > > > > > is running
> > > > > > > > > > > inside the IPSec-ESP. For end-to-end security model, 
> the VPN
> > > > > > > > > > > Gateway within the VPN Domain must protect the IP traffic
> > > > > > > > > > > originating at the MN. Since the point of
> > > > > > attachment changes
> > > > > > > > > > > corresponding to the movement of the MN, it is
> > > > > > essential that
> > > > > > > > > > > the VPN tunnel security association must be refreshed
> > > > > > > after each
> > > > > > > > > > > IP subnet handoff. Hence, this scenario is not
> > > > > > > practical where
> > > > > > > > > > > the mobility is involved due to performance
> > > > > > > implications for the
> > > > > > > > > > > real-time applications.
> > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Adrangi, Farid
> > > > > > > > > >
> > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com]
> > > > > > > > > > > > Sent: Wednesday, September 03, 2003 7:54 PM
> > > > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com;
> > > > > > > gdommety@cisco.com
> > > > > > > > > > > > Subject: Request for text proposal for your scenario
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Hello Jayshree,
> > > > > > > > > > > > Could you please propose a text for the scenario
> > > > > > > that you want
> > > > > > > > > > > > to be added to the problem-statement draft? BR, Farid
> > > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Jayshree Bharatia
> > > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetw 
> orks.c
> > > > > > > > >om
> > > > > > > >]
> > > > > > > > > > > > Sent: Wednesday, August 06, 2003 12:13 PM
> > > > > > > > > > > > To: Adrangi, Farid
> > > > > > > > > > > > Cc: mip4@ietf.org
> > > > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft
> > > > > > > > > > > >
> > > > > > > > > > > > Hello Farid,
> > > > > > > > > > > >
> > > > > > > > > > > > Please see my reply below.
> > > > > > > > > > > >
> > > > > > > > > > > > Thanks,
> > > > > > > > > > > > Jayshree
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Adrangi, Farid
> > > > > > > > > >
> > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com]
> > > > > > > > > > > > Sent: Sunday, August 03, 2003 11:50 PM
> > > > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > > > > > > > Cc: mip4@ietf.org
> > > > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > Hello Jayshree,
> > > > > > > > > > > > Thanks for following up on this.  You, Gopal, and I
> > > > > > > had a very
> > > > > > > > > > > > brief conversation on this during IETF-57 - but I
> > > > > > > am not sure
> > > > > > > > > > > > if we derived any conclusion on whether or not we 
> should
> > > > > > > > > > > > include this scenario.  To be frank, I don't quite
> > > > > > > understand
> > > > > > > > > > > > the point behind adding this scenario because,
> > > > > > > > > > > > -          It seems to present a solution to a specific
> > > > > > > > > > > > deployment model
> > > > > > > > > > > > rather than a deployment scenario
> > > > > > > > > > > > [JB] My understanding is different from yours so please
> > > > > > > > > > > > elaborate what you mean by deployment model vs 
> deployment
> > > > > > > > > > > > scenario in this particular context.
> > > > > > > > > > > >
> > > > > > > > > > > > -          I don't quite see the advantages of  a 
> combined
> > > > > > > > > > > > VPN+FA if it
> > > > > > > > > > > > does
> > > > > > > > > > > > not support FA traversal and it does not avoid IPsec
> > > > > > > > > > > > renegotiation when MN moves from one subnet to 
> another -
> > > > > > > > > > > > perhaps you can elaborate on this? [JB] I think
> > > > > > regardless
> > > > > > > > > > > > this scenario has any advantages or not, it is one 
> of the
> > > > > > > > > > > > probable scenario which has potential issues (as 
> you have
> > > > > > > > > > > > indicated earlier).
> > > > > > > > > > > >
> > > > > > > > > > > > -          Furthermore, Scenarios in section 2 of
> > > > > > > the problem
> > > > > > > > > > > > statement
> > > > > > > > > > > > draft represents combinations of MIPv4 HA and VPN 
> gateway
> > > > > > > > > > > > placement - adding this scenario is going to change
> > > > > > > semantics
> > > > > > > > > > > > of the section 2. [JB] I am not sure what you mean by
> > > > > > > > > > > > semantics change here. Do you think documenting
> > > > > > this in new
> > > > > > > > > > > > subsection (2.6) is a problem?
> > > > > > > > > > > >
> > > > > > > > > > > > I have no problem adding this scenario to the draft
> > > > > > > - I just
> > > > > > > > > > > > wanted to make sure that we clearly understand the
> > > > > > > reasons for
> > > > > > > > > > > > adding this scenario to the problem statement
> > > > > > draft. Design
> > > > > > > > > > > > team members and interested individuals are welcome
> > > > > > > to express
> > > > > > > > > > > > their opinion on this.
> > > > > > > > > > > >
> > > > > > > > > > > > Best regards,
> > > > > > > > > > > > Farid
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > >  The   following   sub-sections   introduce   five
> > > > > > > > >representative
> > > > > > > > > > > >    combinations of MIPv4 HA and VPN gateway placement.
> > > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Jayshree Bharatia
> > > > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetw 
> orks.c
> > > > > > > > >om
> > > > > > > >]
> > > > > > > > > > > > Sent: Thursday, July 31, 2003 1:44 PM
> > > > > > > > > > > > To: Adrangi, Farid
> > > > > > > > > > > > Cc: 'mip4@ietf.org'
> > > > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft
> > > > > > > > > > > >
> > > > > > > > > > > > Hello Farid,
> > > > > > > > > > > >
> > > > > > > > > > > > As per our earlier discussion during IETF-57, my
> > > > > > > understanding
> > > > > > > > > > > > is that you will include the scenario of
> > > > > > co-existed FA with
> > > > > > > > > > > > the VPN gateway in the VPN Problem
> > > > > > > > > > > Statement draft.
> > > > > > > > > > > >
> > > > > > > > > > > > I agree that this particular scenario has problems 
> and it
> > > > > > > > > > > > won't work if the MN is behind an FA in the
> > > > > > foreign subnet.
> > > > > > > > > > > > But again, this is a problem statement draft.
> > > > > > > Hence, I believe
> > > > > > > > > > > > that this is the appropriate document for 
> mentioning this
> > > > > > > > > > > > scenario.
> > > > > > > > > > > >
> > > > > > > > > > > > Thanks,
> > > > > > > > > > > > Jayshree
> > > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Adrangi, Farid
> > > > > > > > > >
> > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com]
> > > > > > > > > > > > Sent: Monday, April 07, 2003 2:58 PM
> > > > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH]
> > > > > > > > > > > > Cc: 'mobile-ip@sunroof.eng.sun.com'
> > > > > > > > > > > > Subject: RE: Comments on VPN Problem Statement 
> Draft Hello
> > > > > > > > > > > > Jayshree This is a good point - I knew someone
> > > > > > was to bring
> > > > > > > > > > > > this up! At the time of writing these scenarios, we 
> (the
> > > > > > > > > > > > design team) actually discussed this and concluded this
> > > > > > > > > > > > scenario would fall into a solution space.  Maybe
> > > > > > > we did not
> > > > > > > > > > > > make the right decision and we should rethink 
> this.  But,
> > > > > > > > > > > > before we take this discussion further please allow
> > > > > > > me to ask
> > > > > > > > > > > > you a few questions about the details of the
> > > > > > > scenario (VPN+FA)
> > > > > > > > > > > > that you have in mind .  Are you thinking to 
> broadcast FA
> > > > > > > > > > > > advertisements through the IPsec tunnel to the
> > > > > > MN?  If so,
> > > > > > > > > > > > how will this work if MN is already behind an FA in the
> > > > > > > > > > > > foreign subnet? Or, If you had something
> > > > > > different in mind,
> > > > > > > > > > > > perhaps you can elaborate on that. Best regards, Farid
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > -----Original Message-----
> > > > > > > > > > > > From: Jayshree Bharatia
> > > > > > > > > >
> > > > > > > >
> > > > > > > >[<mailto:jayshree@nortelnetworks.com>>
> > > > > > > >mailto:jayshree@nortelnetworks.c
> > > > > > > > >om
> > > > > > > >]
> > > > > > > > >,
> > > > > > > > > > > > Sent: Friday, April 04, 2003 3:14 PM
> > > > > > > > > > > > To: 'farid.adrangi@intel.com'
> > > > > > > > > > > > Cc: 'mobile-ip@sunroof.eng.sun.com'
> > > > > > > > > > > > Subject: Comments on VPN Problem Statement Draft
> > > > > > > > > > > >
> > > > > > > > > > > > Hello Farid,
> > > > > > > > > > > > This draft
> > > > > > > (draft-ietf-mobileip-vpn-problem-statement-req-01)
> > > > > > > > > > > > currently misses one scenario were the FA is
> > > > > > > co-existed with
> > > > > > > > > > > > the VPN Gateway. I would think that there are no 
> technical
> > > > > > > > > > > > issues supporting this scenario. It will be good
> > > > > > if you can
> > > > > > > > > > > > add this scenario in the draft (perhaps as section
> > > > > > > > > > > > 2.6?)
> > > > > > > > > > > > for completeness.
> > > > > > > > > > > > Thanks,
> > > > > > > > > > > > Jayshree
> > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > >
> > >
>
>

_______________________________________________
Mip4 mailing list
Mip4@ietf.org
https://www.ietf.org/mailman/listinfo/mip4