RE: [Mip4] RE: Request for text proposal for your scenario
"Adrangi, Farid" <farid.adrangi@intel.com> Mon, 29 September 2003 07:36 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29344 for <mip4-archive@odin.ietf.org>; Mon, 29 Sep 2003 03:36:33 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3sZj-0003Ir-Js for mip4-archive@odin.ietf.org; Mon, 29 Sep 2003 03:36:09 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h8T7a7HR012691 for mip4-archive@odin.ietf.org; Mon, 29 Sep 2003 03:36:07 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3sZj-0003Ic-2y for mip4-web-archive@optimus.ietf.org; Mon, 29 Sep 2003 03:36:07 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29304 for <mip4-web-archive@ietf.org>; Mon, 29 Sep 2003 03:36:00 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3sZg-00028e-00 for mip4-web-archive@ietf.org; Mon, 29 Sep 2003 03:36:04 -0400
Received: from ietf.org ([132.151.1.19] helo=optimus.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 1A3sZg-00028a-00 for mip4-web-archive@ietf.org; Mon, 29 Sep 2003 03:36:04 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3sZe-0003FQ-80; Mon, 29 Sep 2003 03:36:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1A3sZB-0003ET-QE for mip4@optimus.ietf.org; Mon, 29 Sep 2003 03:35:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id DAA29291 for <mip4@ietf.org>; Mon, 29 Sep 2003 03:35:26 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 1A3sZ9-00028J-00 for mip4@ietf.org; Mon, 29 Sep 2003 03:35:31 -0400
Received: from hermes.py.intel.com ([146.152.216.3]) by ietf-mx with esmtp (Exim 4.12) id 1A3sZ8-000284-00 for mip4@ietf.org; Mon, 29 Sep 2003 03:35:30 -0400
Received: from petasus.py.intel.com (petasus.py.intel.com [146.152.221.4]) by hermes.py.intel.com (8.11.6-20030918-01/8.11.6/d: outer.mc, v 1.83 2003/09/05 14:45:27 rfjohns1 Exp $) with ESMTP id h8T7U4s04053 for <mip4@ietf.org>; Mon, 29 Sep 2003 07:30:04 GMT
Received: from orsmsxvs041.jf.intel.com (orsmsxvs041.jf.intel.com [192.168.65.54]) by petasus.py.intel.com (8.11.6-20030918-01/8.11.6/d: inner.mc, v 1.35 2003/05/22 21:18:01 rfjohns1 Exp $) with SMTP id h8T7YV523798 for <mip4@ietf.org>; Mon, 29 Sep 2003 07:34:31 GMT
Received: from orsmsx332.amr.corp.intel.com ([192.168.65.60]) by orsmsxvs041.jf.intel.com (NAVGW 2.5.2.11) with SMTP id M2003092900345724404 ; Mon, 29 Sep 2003 00:34:57 -0700
Received: from orsmsx410.amr.corp.intel.com ([192.168.65.64]) by orsmsx332.amr.corp.intel.com with Microsoft SMTPSVC(5.0.2195.5329); Mon, 29 Sep 2003 00:34:57 -0700
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
Subject: RE: [Mip4] RE: Request for text proposal for your scenario
Date: Mon, 29 Sep 2003 00:34:57 -0700
Message-ID: <96D13222E704DC4D868F0009F0EE53E10AC0E7@orsmsx410.jf.intel.com>
Thread-Topic: [Mip4] RE: Request for text proposal for your scenario
Thread-Index: AcOCxX1znoC65gZgRcWAmrn4FIdr5wDk412w
From: "Adrangi, Farid" <farid.adrangi@intel.com>
To: Gopal Dommety <gdommety@cisco.com>, Jayshree Bharatia <jayshree@nortelnetworks.com>
Cc: mccap@lucent.com, henrik@levkowetz.com, mip4@ietf.org
X-OriginalArrivalTime: 29 Sep 2003 07:34:57.0636 (UTC) FILETIME=[2EC63240:01C3865C]
Content-Transfer-Encoding: quoted-printable
Sender: mip4-admin@ietf.org
Errors-To: mip4-admin@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
-----Original Message----- From: Gopal Dommety [mailto:gdommety@cisco.com] Sent: Wednesday, September 24, 2003 10:58 AM To: Adrangi, Farid; Jayshree Bharatia Cc: mccap@lucent.com; henrik@levkowetz.com; mip4@ietf.org Subject: Re: [Mip4] RE: Request for text proposal for your scenario At 06:25 AM 9/24/2003 -0700, Adrangi, Farid wrote: >Thanks Gopal. IMO, the scenario lacks some details. For example, > >1) does this scenario allow MN to work in non-colocated mode? That is, > >MN ---FA---VPN/FA ---Intranet yes...But the figure you drew is not correct...It could be as follows.. MN -----VPN/FA ---Intranet Farid> The figure that I drew makes sense if you assume that MN can be attached to the Internet. Actually, I should've drawn like this: MN---FA---Internet---VPN/FA ---Intranet But, reading other mails, I guess your scenario covers only corporate networks so you should make that very clear in your proposed text. >2) What is the role of FA on the VPN gateway? In other words, what is >the difference between > >MN -----VPN/FA ------Intranet (your scenario) >And >MN -------VPN -------Intranet FA can be optionally used for Mobility (I think you left out HA in your figure) Farid> Ok, I left out HA in the above diagram. But, the question is that how does FA help with mobility here? >However, if others are okay with the text as it is, then I'll go ahead >and add it. > >BR, >Farid > > >-----Original Message----- >From: Gopal Dommety [mailto:gdommety@cisco.com] >Sent: Tuesday, September 23, 2003 6:01 PM >To: Adrangi, Farid; Jayshree Bharatia >Cc: mccap@lucent.com; henrik@levkowetz.com; mip4@ietf.org >Subject: RE: Request for text proposal for your scenario > > >Farid, > >The text Jayshree sent looks good. I just made minor edits. Here is the >text below: > > >2.6 Combined VPN Gateway and MIPv4 FA > >MIPv4 FA and the VPN Gateway are running on the same physical machine. > > > ..Foreign Network............VPN Domain..(Intranet)..... > . . . > . +----+ +-----+ +-------+ +-------+ . > . |MNs | | FA | | Router| | HAs | . > . |away|<============>| + | | 1..n | | | . > . | | | VPN | +-------+ +-------+ . > . | | | GW | . > . +----+ +-----+ +-------+ +-------+ . > . . | CN | | MNs | . > . . | 1..n | | home | . > . . +-------+ +-------+ . > . . . > ........................................................ > >In this scenario, the mipv4 tunnel is running inside the IPSec-ESP >between the >MN and the FA/VPN Gateway.This scenario > IPsec being used to protect the data over the wireless network. > >For end-to-end security model, the VPN >Gateway >must >protect the IP traffic originating at the MN. Since the point of >attachment >changes corresponding to the movement of the MN, it is essential that >the >VPN >tunnel security association must be refreshed after each IP subnet >handoff. > >Hence, this scenario is not practical >where the mobility is involved for >the >real-time applications due to the performance implications. > > >Thanks >Gopal > > > > > >At 03:22 PM 9/23/2003 -0700, Adrangi, Farid wrote: > >Any update on this? What should we do next? > >--Farid > > > >-----Original Message----- > >From: Jayshree Bharatia [mailto:jayshree@nortelnetworks.com] > >Sent: Tuesday, September 16, 2003 11:02 AM > >To: 'Gopal Dommety' > >Cc: 'mccap@lucent.com'; 'henrik@levkowetz.com'; Adrangi, Farid > >Subject: RE: Request for text proposal for your scenario > > > >Gopal, > > > >Appreciate if you can make appropriate changes to the proposed text: > > > >Thanks, > >Jayshree > > > >------------- > >Proposed text: > > > >2.6 Combined VPN Gateway and MIPv4 FA > > > >MIPv4 FA and the VPN Gateway are running on the same physical machine. > > > > > > ..Foreign Network............VPN Domain..(Intranet)..... > > . . . > > . +----+ +-----+ +-------+ +-------+ . > > . |MNs | | FA | | Router| | HAs | . > > . |away|<============>| + | | 1..n | | | . > > . | | | VPN | +-------+ +-------+ . > > . | | | GW | . > > . +----+ +-----+ +-------+ +-------+ . > > . . | CN | | MNs | . > > . . | 1..n | | home | . > > . . +-------+ +-------+ . > > . . . > > ........................................................ > > > >In this scenario, the mipv4 tunnel is running inside the IPSec-ESP > >between > >the > >MN and the FA/VPN Gateway. For end-to-end security model, the VPN > >Gateway > >must > >protect the IP traffic originating at the MN. Since the point of > >attachment > >changes corresponding to the movement of the MN, it is essential that > >the > >VPN > >tunnel security association must be refreshed after each IP subnet > >handoff. > >Hence, this scenario is not practical where the mobility is involved >for > >the > >real-time applications due to the performance implications. > > > > > > > -----Original Message----- > > > From: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > Sent: Monday, September 15, 2003 4:39 PM > > > To: 'Gopal Dommety'; Adrangi, Farid > > > Cc: mccap@lucent.com; henrik@levkowetz.com > > > Subject: RE: Request for text proposal for your scenario > > > > > > > > > Gopal, > > > > > > I was in the impression that you will modify the text. > > > Anyway, I won't able to do much today but let me try tomorrow > > > and send you the text... > > > > > > Regards, > > > Jayshree > > > > > > > -----Original Message----- > > > > From: Gopal Dommety [mailto:gdommety@cisco.com] > > > > Sent: Monday, September 15, 2003 2:03 PM > > > > To: Adrangi, Farid; Bharatia, Jayshree [RICH1:2H13:EXCH] > > > > Cc: mccap@lucent.com; henrik@levkowetz.com > > > > Subject: RE: Request for text proposal for your scenario > > > > > > > > > > > > Jayshree, > > > > > > > > Can you massage the text that you sent to fit what I was > > > referring to. > > > > > > > > -Gopal > > > > > > > > At 04:08 PM 9/11/2003 -0700, Adrangi, Farid wrote: > > > > > > > > >Hi Gopal, > > > > >Ok. I guess my interpretation of your scenario was not accurate! > > > > >Maybe the best thing is that you and Jayshree propose a text that > > > > >*clearly* articulates the scenario and its problems. > > > Would that be > > > > >possible? Thanks a bunch. BR, > > > > >Farid > > > > > > > > > >-----Original Message----- > > > > >From: Gopal Dommety [mailto:gdommety@cisco.com] > > > > >Sent: Thursday, September 11, 2003 3:43 PM > > > > >To: Adrangi, Farid; Jayshree Bharatia > > > > >Cc: mccap@lucent.com; henrik@levkowetz.com > > > > >Subject: RE: Request for text proposal for your scenario > > > > > > > > > >Farid, > > > > > > > > > >I am not suggesting a solution. I am confused by your > > > > >inferences...comments inline to the best of my confusion. > > > > > > > > > > > > > > > >1) MN may be several hops away from the VPN/FA > > > > > > > > > >I was talking about one hop away. the multiple hops is > > > > interesting. The > > > > >deployment scenarios of one hop and multiple hop solutions could >be > > > > >very > > > > > > > > > >different. > > > > > > > > > > > > > > > >2) FA advertisement is done inside the IPsec tunnel established > > > > > >between the MN and VPN/FA. > > > > > > > > > >It is possible.. but then we are going into solution space. > > > > > > > > > > >3) MN roaming in a foreign network cannot be place behind > > > > a FA. For > > > > > >example, the following picture is not possible: > > > > > > > > > > > >MN ---FA----one or hops----FA/VPN1 > > > > > > > > > > > >4) VPN1/FA could also be your remote access VPN. So, the > > > > picture can > > > > >be > > > > > >simplified as follows > > > > > > > > > > > >MN ----one or more hops -----FA/VPN ---Intranet > > > > > > > > > > > >Note: I get frighten when I see nested IPsec tunnels, in > > > > particular > > > > > >established by different IPsec client software running on > > > > the client > > > > > >device!!! > > > > > > > > > > > >So, since the scenario does not support #3 above, then the only > > > > > >problem that we have is with SA refreshes when the MN > > > changes its > > > > > >point of attachment. Is my understanding correct? > > > > > > > > > > > >BR, > > > > > >FArid > > > > > > > > > > > > > > > > > > > > > > > >-----Original Message----- > > > > > >From: Gopal Dommety [mailto:gdommety@cisco.com] > > > > > >Sent: Thursday, September 11, 2003 10:58 AM > > > > > >To: Jayshree Bharatia; Adrangi, Farid > > > > > >Cc: mccap@lucent.com; henrik@levkowetz.com > > > > > >Subject: RE: Request for text proposal for your scenario > > > > > > > > > > > >Hello Farid, Henrick and Jayashree, > > > > > > > > > > > >the scenario I was referring to is as followis: > > > > > > > > > > > >MN---------|VPN/FA|-----------------[VPN2]---------HA > > > > > > > > > > > >VPN1 Provides Encryption/decryption for the link and > > > access to the > > > > > >visiting domain. > > > > > >VPN 2 is optional for remote access. > > > > > > > > > > > >Thanks > > > > > >Gopal > > > > > > > > > > > >At 10:52 AM 9/11/2003 -0500, Jayshree Bharatia wrote: > > > > > > > > > > > > >Hello Farid, > > > > > > > > > > > > > >I would think that there may or may not be IPSec tunnel > > > > between the > > > > >MN > > > > > >and > > > > > > >the FA/VPN. If there is, than it will have similar issue as > > > > > > >discussed > > > > > >in > > > > > > >the proposed text. If there is no IPSec, the traffic will be > > > > > >unprotected > > > > > > >between these two entities. > > > > > > > > > > > > > >Regards, > > > > > > >Jayshree > > > > > > > > -----Original Message----- > > > > > > > > From: Adrangi, Farid > > > > > > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > > > > > > Sent: Wednesday, September 10, 2003 4:32 PM > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com; > > > gdommety@cisco.com > > > > > > > > Subject: RE: Request for text proposal for your scenario > > > > > > > > > > > > > > > > > > > > > > > > Thanks Jayshree. Couple of clarifications: > > > > > > > > > > > > > > > > From your description, it is my understanding that > > > > there is only > > > > > > > > one IPsec tunnel, and that is between the FA/VPN in > > > > the foreign > > > > > > > > and the VPN GW in the VPN domain. In other words, No >IPsec > > > > > > > > tunnel between the MN and the VPN GW in VPN domain > > > and hence > > > > > > > > data traffic between the MN and the FA is not > > > > protected. Is my > > > > > > > > understanding correct? I will have more >questions/comments > > > > > > > > based on your answers. Thanks for the text and > > > > hopefully we can > > > > > > > > wrap this up this week. BR, Farid > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > From: Jayshree Bharatia > > > > > > > > > > > > > > > > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.c > > > > > >om > > > > >] > > > > > > > > Sent: Wednesday, September 10, 2003 12:15 PM > > > > > > > > To: Adrangi, Farid > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com; > > > gdommety@cisco.com > > > > > > > > Subject: RE: Request for text proposal for your scenario > > > > > > > > > > > > > > > > Hi Farid, > > > > > > > > > > > > > > > > The following is my proposed text for the co-located > > > > FA-VPN GW > > > > > > > > scenario. > > > > > > > > > > > > > > > > > > > > > > > > Reagrds, > > > > > > > > Jayshree > > > > > > > > --------------------- > > > > > > > > > > > > > > > > 2.6 Combined VPN Gateway and MIPv4 FA > > > > > > > > > > > > > > > > MIPv4 FA and the VPN Gateway are running on the > > > same physical > > > > > >machine. > > > > > > > > > > > > > > > > > > > > > > > > ..Foreign Network... .....VPN > > > > > >Domain..(Intranet).... > > > > > > > > . . . > > > > > >. > > > > > > > > . +----+ +-----+ . +----+ +-------+ > > > > >+-------+ > > > > > >. > > > > > > > > . |MNs | | FA | . | VPN| | > > > > Router| | HAs > > > > >| > > > > > >. > > > > > > > > . |away| | + | .<=========>| GW | | 1..n | >| > > > > >| > > > > > >. > > > > > > > > . | | | VPN | . | | +-------+ > > > > >+-------+ > > > > > >. > > > > > > > > . | | | GW | . | | > > > > > >. > > > > > > > > . +----+ +-----+ . +----+ +-------+ > > > > >+-------+ > > > > > >. > > > > > > > > . . . | CN > > > > | | MNs > > > > >| > > > > > >. > > > > > > > > .................... . | 1..n > > > > | | home > > > > >| > > > > > >. > > > > > > > > . +-------+ > > > > >+-------+ > > > > > >. > > > > > > > > . > > > > > >. > > > > > > > > > > > > > >............................... > > > > > > > > > > > > > > > > > > > > > > > > In this scenario, two VPN gateways are involved where > > > > the FA is > > > > > > > > considered to be the trusted entity. The mipv4 tunnel > > > > is running > > > > > > > > inside the IPSec-ESP. For end-to-end security model, the >VPN > > > > > > > > Gateway within the VPN Domain must protect the IP traffic > > > > > > > > originating at the MN. Since the point of > > > attachment changes > > > > > > > > corresponding to the movement of the MN, it is > > > essential that > > > > > > > > the VPN tunnel security association must be refreshed > > > > after each > > > > > > > > IP subnet handoff. Hence, this scenario is not > > > > practical where > > > > > > > > the mobility is involved due to performance > > > > implications for the > > > > > > > > real-time applications. > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Adrangi, Farid > > > > > > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > > > > > > > Sent: Wednesday, September 03, 2003 7:54 PM > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > > > > > > > Cc: mccap@lucent.com; henrik@levkowetz.com; > > > > gdommety@cisco.com > > > > > > > > > Subject: Request for text proposal for your scenario > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hello Jayshree, > > > > > > > > > Could you please propose a text for the scenario > > > > that you want > > > > > > > > > to be added to the problem-statement draft? BR, Farid > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Jayshree Bharatia > > > > > > > > > > > > > > > > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.c > > > > > >om > > > > >] > > > > > > > > > Sent: Wednesday, August 06, 2003 12:13 PM > > > > > > > > > To: Adrangi, Farid > > > > > > > > > Cc: mip4@ietf.org > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > > > > > > > > > > > > > Hello Farid, > > > > > > > > > > > > > > > > > > Please see my reply below. > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > Jayshree > > > > > > > > > -----Original Message----- > > > > > > > > > From: Adrangi, Farid > > > > > > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > > > > > > > Sent: Sunday, August 03, 2003 11:50 PM > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > > > > > > > Cc: mip4@ietf.org > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > > > > > > > > > > > > > > > > > > > > > > Hello Jayshree, > > > > > > > > > Thanks for following up on this. You, Gopal, and I > > > > had a very > > > > > > > > > brief conversation on this during IETF-57 - but I > > > > am not sure > > > > > > > > > if we derived any conclusion on whether or not we should > > > > > > > > > include this scenario. To be frank, I don't quite > > > > understand > > > > > > > > > the point behind adding this scenario because, > > > > > > > > > - It seems to present a solution to a specific > > > > > > > > > deployment model > > > > > > > > > rather than a deployment scenario > > > > > > > > > [JB] My understanding is different from yours so please > > > > > > > > > elaborate what you mean by deployment model vs >deployment > > > > > > > > > scenario in this particular context. > > > > > > > > > > > > > > > > > > - I don't quite see the advantages of a >combined > > > > > > > > > VPN+FA if it > > > > > > > > > does > > > > > > > > > not support FA traversal and it does not avoid IPsec > > > > > > > > > renegotiation when MN moves from one subnet to another - > > > > > > > > > perhaps you can elaborate on this? [JB] I think > > > regardless > > > > > > > > > this scenario has any advantages or not, it is one of >the > > > > > > > > > probable scenario which has potential issues (as you >have > > > > > > > > > indicated earlier). > > > > > > > > > > > > > > > > > > - Furthermore, Scenarios in section 2 of > > > > the problem > > > > > > > > > statement > > > > > > > > > draft represents combinations of MIPv4 HA and VPN >gateway > > > > > > > > > placement - adding this scenario is going to change > > > > semantics > > > > > > > > > of the section 2. [JB] I am not sure what you mean by > > > > > > > > > semantics change here. Do you think documenting > > > this in new > > > > > > > > > subsection (2.6) is a problem? > > > > > > > > > > > > > > > > > > I have no problem adding this scenario to the draft > > > > - I just > > > > > > > > > wanted to make sure that we clearly understand the > > > > reasons for > > > > > > > > > adding this scenario to the problem statement > > > draft. Design > > > > > > > > > team members and interested individuals are welcome > > > > to express > > > > > > > > > their opinion on this. > > > > > > > > > > > > > > > > > > Best regards, > > > > > > > > > Farid > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The following sub-sections introduce five > > > > > >representative > > > > > > > > > combinations of MIPv4 HA and VPN gateway placement. > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Jayshree Bharatia > > > > > > > > > > > > > > > > > > > > >[<mailto:jayshree@nortelnetworks.com>mailto:jayshree@nortelnetworks.c > > > > > >om > > > > >] > > > > > > > > > Sent: Thursday, July 31, 2003 1:44 PM > > > > > > > > > To: Adrangi, Farid > > > > > > > > > Cc: 'mip4@ietf.org' > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft > > > > > > > > > > > > > > > > > > Hello Farid, > > > > > > > > > > > > > > > > > > As per our earlier discussion during IETF-57, my > > > > understanding > > > > > > > > > is that you will include the scenario of > > > co-existed FA with > > > > > > > > > the VPN gateway in the VPN Problem > > > > > > > > Statement draft. > > > > > > > > > > > > > > > > > > I agree that this particular scenario has problems and >it > > > > > > > > > won't work if the MN is behind an FA in the > > > foreign subnet. > > > > > > > > > But again, this is a problem statement draft. > > > > Hence, I believe > > > > > > > > > that this is the appropriate document for mentioning >this > > > > > > > > > scenario. > > > > > > > > > > > > > > > > > > Thanks, > > > > > > > > > Jayshree > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Adrangi, Farid > > > > > > > > > > [<mailto:farid.adrangi@intel.com>mailto:farid.adrangi@intel.com] > > > > > > > > > Sent: Monday, April 07, 2003 2:58 PM > > > > > > > > > To: Bharatia, Jayshree [RICH1:2H13:EXCH] > > > > > > > > > Cc: 'mobile-ip@sunroof.eng.sun.com' > > > > > > > > > Subject: RE: Comments on VPN Problem Statement Draft >Hello > > > > > > > > > Jayshree This is a good point - I knew someone > > > was to bring > > > > > > > > > this up! At the time of writing these scenarios, we (the > > > > > > > > > design team) actually discussed this and concluded this > > > > > > > > > scenario would fall into a solution space. Maybe > > > > we did not > > > > > > > > > make the right decision and we should rethink this. >But, > > > > > > > > > before we take this discussion further please allow > > > > me to ask > > > > > > > > > you a few questions about the details of the > > > > scenario (VPN+FA) > > > > > > > > > that you have in mind . Are you thinking to broadcast >FA > > > > > > > > > advertisements through the IPsec tunnel to the > > > MN? If so, > > > > > > > > > how will this work if MN is already behind an FA in the > > > > > > > > > foreign subnet? Or, If you had something > > > different in mind, > > > > > > > > > perhaps you can elaborate on that. Best regards, Farid > > > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > From: Jayshree Bharatia > > > > > > > > > > > > > > > > >[<mailto:jayshree@nortelnetworks.com>> > > > > >mailto:jayshree@nortelnetworks.c > > > > > >om > > > > >] > > > > > >, > > > > > > > > > Sent: Friday, April 04, 2003 3:14 PM > > > > > > > > > To: 'farid.adrangi@intel.com' > > > > > > > > > Cc: 'mobile-ip@sunroof.eng.sun.com' > > > > > > > > > Subject: Comments on VPN Problem Statement Draft > > > > > > > > > > > > > > > > > > Hello Farid, > > > > > > > > > This draft > > > > (draft-ietf-mobileip-vpn-problem-statement-req-01) > > > > > > > > > currently misses one scenario were the FA is > > > > co-existed with > > > > > > > > > the VPN Gateway. I would think that there are no >technical > > > > > > > > > issues supporting this scenario. It will be good > > > if you can > > > > > > > > > add this scenario in the draft (perhaps as section > > > > > > > > > 2.6?) > > > > > > > > > for completeness. > > > > > > > > > Thanks, > > > > > > > > > Jayshree > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >_______________________________________________ >Mip4 mailing list >Mip4@ietf.org >https://www.ietf.org/mailman/listinfo/mip4 _______________________________________________ Mip4 mailing list Mip4@ietf.org https://www.ietf.org/mailman/listinfo/mip4
- [Mip4] RE: Request for text proposal for your sce… Gopal Dommety
- [Mip4] Re: Request for text proposal for your sce… Adrangi, Farid
- [Mip4] Re: Request for text proposal for your sce… Adrangi, Farid
- RE: [Mip4] Re: Request for text proposal for your… Jayshree Bharatia
- [Mip4] RE: Request for text proposal for your sce… Gopal Dommety
- [Mip4] RE: Request for text proposal for your sce… Adrangi, Farid
- [Mip4] Re: Request for text proposal for your sce… Henrik Levkowetz
- [Mip4] RE: Request for text proposal for your sce… Jayshree Bharatia
- Re: [Mip4] Re: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] RE: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Henrik Levkowetz
- Re: [Mip4] RE: Request for text proposal for your… Henrik Levkowetz
- Re: [Mip4] RE: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Gopal Dommety
- Re: [Mip4] Re: Request for text proposal for your… Henrik Levkowetz
- RE: [Mip4] RE: Request for text proposal for your… Adrangi, Farid