Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
Sami Vaarala <sami.vaarala@iki.fi> Sun, 28 August 2005 13:07 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9Msc-0005Ss-36; Sun, 28 Aug 2005 09:07:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9MsW-0005Sj-5u for mip4@megatron.ietf.org; Sun, 28 Aug 2005 09:07:16 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17272 for <mip4@ietf.org>; Sun, 28 Aug 2005 09:07:14 -0400 (EDT)
Received: from ns2.academica.fi ([217.64.177.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E9Mtd-000375-O3 for mip4@ietf.org; Sun, 28 Aug 2005 09:08:27 -0400
Received: from [82.133.140.118] (ip82-133-140-118.adsl.academica.fi [82.133.140.118]) by ns2.academica.fi (Postfix) with ESMTP id 61B11257025; Sun, 28 Aug 2005 16:03:37 +0300 (EEST)
Message-ID: <4311CA83.9000306@iki.fi>
Date: Sun, 28 Aug 2005 17:30:27 +0300
From: Sami Vaarala <sami.vaarala@iki.fi>
User-Agent: Debian Thunderbird 1.0.2 (X11/20050602)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
References: <4309EE00.4030503@piuha.net> <430A0992.6030900@iki.fi> <431183D2.7080509@piuha.net>
In-Reply-To: <431183D2.7080509@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Content-Transfer-Encoding: 7bit
Cc: mip4@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sami.vaarala@iki.fi
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org
Hi, >> The problem I see w.r.t. to using IKEv2/MOBIKE is that it does >> not, alone, match the current problem statement. The assumption >> made in draft-ietf-mip4-vpn-problem-statement-03.txt is that >> existing deployed VPN infrastructure should be used (see e.g. >> Section 5.1). >> >> > Yes. I still view that as the main and most urgent > use case, so the problem statement is OK. However, > I believe we are also at a situation where we can > see future deployments (particularly those based on > IKEv2) start to do new things. I don't see a problem > with pursuing two tracks simultaneously. Its not > like they would be two redundant solutions, its more > like points in different stages of evolution. Right, I agree. And I agree we can pursue two tracks at the same time. However, given that these two tracks have so much in common, it doesn't seem useful to specify them in two seemginly separate specifications. Given the way the solutions are specified, x-MIP + IKEv1 vs. MOBIKE + IKEv2 are just two different access modes. The overall approach, the intranet detection, etc, are all same. But stepping back a little, if we relax either the "existing VPN" or "minimal MIPv4 changes" assumptions, we get a number of different solutions. For instance: - A *very* straightforward way of getting mobility without x-MIP (and just IKEv1+IPsec) is just to use the "implicit ESP update" mechanism already deployed by some vendors. I believe a similar mechanism is used in the MIPv6 + IPsec draft. This is rather simple to implement and does away with the x-MIP overhead completely. - We could specify IKEv1 mobility extensions to allow more or less the same effect albeit with more vendor effort. Vijay's draft's Appendix has a suggestion for this. - Looking at x-MIP, we can also eliminate x-MIP overhead completely by defining an optimization extension between the MN and the x-HA. This approach retains FA support, while eliminating all x-MIP overhead in non-FA scenarios. The rough approach was described in draft-vaarala-mip4-optudp-00 [*]. - A very important concern in practice is managing the keys and authentication in a dual MIP or MOBIKE+MIP solution. Should we define something to make this easier? At least to me it's not at all clear which avenue would produce the best possible solution - minimal changes, maximum impact, and maximum generality (especially). So going past absolute minimum changes (dual MIP) needs more thought on what criteria we should apply to solutions. >> If we decide that there is no deployment issue w.r.t. MIPv4 and >> already deployed VPNs, we should IMO take a larger view of >> improving MIPv4/VPN coexistence. Minimizing overlap between >> the two mechanisms would give a much better solution. For >> instance, there is room for improvement in MIPv4 packet overhead, >> MIPv4/VPN compression interactions, and integrated MIPv4/VPN >> packet authentication. >> > I believe we will eventually get there. Probably step > by step, however. I view Vijay's draft one of those > steps... eliminating one unnecessary level in the stack. > Or are you arguing that we should spend more time thinking > what to do, if we discard the no-changes-at-all > assumption? I think we should work on defining what the longer term goal is w.r.t. IPsec and MIPv4 integration. I don't think it's clear people agree what that goal should be. And proposing, discussing, and comparing solutions beyond dual MIP is difficult at the moment, because we have nothing to compare them against. As far as dual MIP is concerned, going forward with it would be useful as a baseline and as documenting existing practice (as far as I know, some people are deploying it, although I'm not sure at what scale). But if we agree on working on a better long-term solution, that would of course be preferable to working on a limited dual MIP solution. Best, -Sami [*] http://users.tkk.fi/~svaarala/publications/draft-vaarala-mip4-optudp-00.txt -- Mip4 mailing list: Mip4@ietf.org Web interface: https://www1.ietf.org/mailman/listinfo/mip4 Charter page: http://www.ietf.org/html.charters/mip4-charter.html Supplemental site: http://www.mip4.org/
- [Mip4] review of draft-devarapalli-mip4-mobike-co… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- [Mip4] Re: review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)