IETF Logo Mail Archive

Re: v4 CoA and route optimization [Re: [Mip6] draft-solimananddraft-wakikawa]

Alexandru Petrescu <Alexandru.Petrescu@motorola.com> Wed, 06 April 2005 14:03 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13698 for <mip6-web-archive@ietf.org>; Wed, 6 Apr 2005 10:03:10 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJBG3-0008Oj-Ee for mip6-web-archive@ietf.org; Wed, 06 Apr 2005 10:11:51 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJB5N-0005ZD-2K; Wed, 06 Apr 2005 10:00:49 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJB5L-0005Z7-0n for mip6@megatron.ietf.org; Wed, 06 Apr 2005 10:00:47 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA13514 for <mip6@ietf.org>; Wed, 6 Apr 2005 10:00:44 -0400 (EDT)
Received: from motgate8.mot.com ([129.188.136.8]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJBDh-0008LB-FZ for mip6@ietf.org; Wed, 06 Apr 2005 10:09:25 -0400
Received: from il06exr03.mot.com (il06exr03.mot.com [129.188.137.133]) by motgate8.mot.com (Motorola/Motgate8) with ESMTP id j36E3624021643; Wed, 6 Apr 2005 07:03:06 -0700 (MST)
Received: from zfr01srv02.crm.mot.com (zfr01srv02.crm.mot.com [10.161.201.8]) by il06exr03.mot.com (8.13.1/8.13.0) with ESMTP id j36E2cZM002048; Wed, 6 Apr 2005 09:02:38 -0500 (CDT)
Received: from [10.161.201.117] (zfr01-2117.crm.mot.com [10.161.201.117]) by zfr01srv02.crm.mot.com (Postfix) with ESMTP id D8887865980; Wed, 6 Apr 2005 16:00:42 +0200 (CEST)
Message-ID: <4253EB8A.8080901@motorola.com>
Date: Wed, 06 Apr 2005 16:00:42 +0200
From: Alexandru Petrescu <Alexandru.Petrescu@motorola.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Pekka Savola <pekkas@netcore.fi>
Subject: Re: v4 CoA and route optimization [Re: [Mip6] draft-solimananddraft-wakikawa]
References: <E97F4F806500194FBCF9BF32EF6A07DB08127B@mvebe101.NOE.Nokia.com> <4253D039.8020004@motorola.com> <Pine.LNX.4.61.0504061514070.16412@netcore.fi> <4253D83F.9030805@motorola.com> <Pine.LNX.4.61.0504061607410.18053@netcore.fi>
In-Reply-To: <Pine.LNX.4.61.0504061607410.18053@netcore.fi>
X-Enigmail-Version: 0.89.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4adaf050708fb13be3316a9eee889caa
Content-Transfer-Encoding: 7bit
Cc: H.Soliman@flarion.com, mip6@ietf.org, Vijay.Devarapalli@nokia.com, ryuji@sfc.wide.ad.jp, henrik@levkowetz.com
X-BeenThere: mip6@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mip6.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mip6@ietf.org>
List-Help: <mailto:mip6-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mip6>, <mailto:mip6-request@ietf.org?subject=subscribe>
Sender: mip6-bounces@ietf.org
Errors-To: mip6-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8b431ad66d60be2d47c7bfeb879db82c
Content-Transfer-Encoding: 7bit

Pekka Savola wrote:
>> Yes, but it's impossible to just send an enhanced BU to HA without 
>> first setting up some state on GW and MN about the v4/NAT traversal.  
>> The state on MN, NAT and GW must be synchronized somehow and doing it 
>> with only one message MN->NAT->GW is impossible, I mean some 
>> acknowledgement is necessary.
> 
> I'm not sure what you mean.  MN can send a message directly to the HA 
> (or tunnel server, if applicable), going through the NAT; this also 
> (implicitly) punches a hole in the NAT.  The HA (or tunnel server) 
> naturally acknowledges the set up of the tunnel, but if the 
> acknowledgement comes from the same UDP port (etc.), it will use the 
> already established NAT state.

YEs... somehow... "Punching" a hole in the NAT boxes may not be 
immediately successful, several probes may be necessary, in which case 
the successful probe's characteristics should be acknowledged back to 
the MN in order for it to know what to use starting then.

>>> However, if the client knows in advance which encapsulation type to
>>> use, it can just send in a request, piggybacking the data, and if the
>>> tunnel is set up, the tunnel server can immediate forward the data
>>> and set up the tunnel, otherwise reject setting up the tunnel and
>>> discard the data.
>>
>>
>> To this scenario I object with the security aspects.  If the tunnel 
>> server puts up a tunnel whenever a Client requests it, and if they 
>> don't share a secret, DoS attacks are obviously possible.
> 
> 
> Obviously the client can include whichever secret it wants.  Too bad 0.5 
> RTT doesn't allow a challenge-response negotiation, so it's effectively 
> a shared, plain-text secret.
> 
> There are other options, though.  See 
> draft-parent-v6tc-protocol-exploration-00 section 2.1.2 for an example 
> how SEND could be used in this context securely without any extra 
> roundtrips.
> 
> But this discussion is probably going to too much detail at this point, 
> so I guess we should take the followups off-list(s).

Ok, let me stop here, thanks for the reply.

Alex

_______________________________________________
Mip6 mailing list
Mip6@ietf.org
https://www1.ietf.org/mailman/listinfo/mip6

v2.23.0 | Report a Bug | By Email