Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
Sami Vaarala <sami.vaarala@iki.fi> Sun, 28 August 2005 13:07 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9Msc-0005Ss-36; Sun, 28 Aug 2005 09:07:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9MsW-0005Sj-5u for mip4@megatron.ietf.org; Sun, 28 Aug 2005 09:07:16 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA17272 for <mip4@ietf.org>; Sun, 28 Aug 2005 09:07:14 -0400 (EDT)
Received: from ns2.academica.fi ([217.64.177.130]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E9Mtd-000375-O3 for mip4@ietf.org; Sun, 28 Aug 2005 09:08:27 -0400
Received: from [82.133.140.118] (ip82-133-140-118.adsl.academica.fi [82.133.140.118]) by ns2.academica.fi (Postfix) with ESMTP id 61B11257025; Sun, 28 Aug 2005 16:03:37 +0300 (EEST)
Message-ID: <4311CA83.9000306@iki.fi>
Date: Sun, 28 Aug 2005 17:30:27 +0300
From: Sami Vaarala <sami.vaarala@iki.fi>
User-Agent: Debian Thunderbird 1.0.2 (X11/20050602)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Jari Arkko <jari.arkko@piuha.net>
Subject: Re: [Mip4] review of draft-devarapalli-mip4-mobike-connectivity-00.txt
References: <4309EE00.4030503@piuha.net> <430A0992.6030900@iki.fi> <431183D2.7080509@piuha.net>
In-Reply-To: <431183D2.7080509@piuha.net>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 10ba05e7e8a9aa6adb025f426bef3a30
Content-Transfer-Encoding: 7bit
Cc: mip4@ietf.org
X-BeenThere: mip4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: sami.vaarala@iki.fi
List-Id: Mobility for IPv4 <mip4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip4@ietf.org>
List-Help: <mailto:mip4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
Sender: mip4-bounces@ietf.org
Errors-To: mip4-bounces@ietf.org
Hi,
>> The problem I see w.r.t. to using IKEv2/MOBIKE is that it does
>> not, alone, match the current problem statement. The assumption
>> made in draft-ietf-mip4-vpn-problem-statement-03.txt is that
>> existing deployed VPN infrastructure should be used (see e.g.
>> Section 5.1).
>>
>>
> Yes. I still view that as the main and most urgent
> use case, so the problem statement is OK. However,
> I believe we are also at a situation where we can
> see future deployments (particularly those based on
> IKEv2) start to do new things. I don't see a problem
> with pursuing two tracks simultaneously. Its not
> like they would be two redundant solutions, its more
> like points in different stages of evolution.
Right, I agree. And I agree we can pursue two tracks at the same
time. However, given that these two tracks have so much in common,
it doesn't seem useful to specify them in two seemginly separate
specifications. Given the way the solutions are specified,
x-MIP + IKEv1 vs. MOBIKE + IKEv2 are just two different access modes.
The overall approach, the intranet detection, etc, are all same.
But stepping back a little, if we relax either the "existing VPN"
or "minimal MIPv4 changes" assumptions, we get a number of different
solutions. For instance:
- A *very* straightforward way of getting mobility without x-MIP
(and just IKEv1+IPsec) is just to use the "implicit ESP update"
mechanism already deployed by some vendors. I believe a similar
mechanism is used in the MIPv6 + IPsec draft. This is rather
simple to implement and does away with the x-MIP overhead
completely.
- We could specify IKEv1 mobility extensions to allow more or less
the same effect albeit with more vendor effort. Vijay's draft's
Appendix has a suggestion for this.
- Looking at x-MIP, we can also eliminate x-MIP overhead completely
by defining an optimization extension between the MN and the x-HA.
This approach retains FA support, while eliminating all x-MIP
overhead in non-FA scenarios. The rough approach was described in
draft-vaarala-mip4-optudp-00 [*].
- A very important concern in practice is managing the keys and
authentication in a dual MIP or MOBIKE+MIP solution. Should we
define something to make this easier?
At least to me it's not at all clear which avenue would produce the
best possible solution - minimal changes, maximum impact, and maximum
generality (especially). So going past absolute minimum changes (dual
MIP) needs more thought on what criteria we should apply to solutions.
>> If we decide that there is no deployment issue w.r.t. MIPv4 and
>> already deployed VPNs, we should IMO take a larger view of
>> improving MIPv4/VPN coexistence. Minimizing overlap between
>> the two mechanisms would give a much better solution. For
>> instance, there is room for improvement in MIPv4 packet overhead,
>> MIPv4/VPN compression interactions, and integrated MIPv4/VPN
>> packet authentication.
>>
> I believe we will eventually get there. Probably step
> by step, however. I view Vijay's draft one of those
> steps... eliminating one unnecessary level in the stack.
> Or are you arguing that we should spend more time thinking
> what to do, if we discard the no-changes-at-all
> assumption?
I think we should work on defining what the longer term goal is w.r.t.
IPsec and MIPv4 integration. I don't think it's clear people agree
what that goal should be. And proposing, discussing, and comparing
solutions beyond dual MIP is difficult at the moment, because we have
nothing to compare them against.
As far as dual MIP is concerned, going forward with it would be useful
as a baseline and as documenting existing practice (as far as I know,
some people are deploying it, although I'm not sure at what scale).
But if we agree on working on a better long-term solution, that would
of course be preferable to working on a limited dual MIP solution.
Best,
-Sami
[*]
http://users.tkk.fi/~svaarala/publications/draft-vaarala-mip4-optudp-00.txt
--
Mip4 mailing list: Mip4@ietf.org
Web interface: https://www1.ietf.org/mailman/listinfo/mip4
Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/
- [Mip4] review of draft-devarapalli-mip4-mobike-co… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- [Mip4] Re: review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Jari Arkko
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Sami Vaarala
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)
- Re: [Mip4] review of draft-devarapalli-mip4-mobik… Vijay Devarapalli
- RE: [Mip4] review of draft-devarapalli-mip4-mobik… Kent Leung (kleung)