Re: [Mipshop] AD review of mipshop-4140bis
"Vijay Devarapallli" <dvijay@gmail.com> Sat, 05 April 2008 00:35 UTC
Return-Path: <mipshop-bounces@ietf.org>
X-Original-To: mipshop-archive@megatron.ietf.org
Delivered-To: ietfarch-mipshop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4820B3A6CBA; Fri, 4 Apr 2008 17:35:49 -0700 (PDT)
X-Original-To: mipshop@core3.amsl.com
Delivered-To: mipshop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6584A3A6CBE for <mipshop@core3.amsl.com>; Fri, 4 Apr 2008 17:35:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W1H2NaAkjetb for <mipshop@core3.amsl.com>; Fri, 4 Apr 2008 17:35:45 -0700 (PDT)
Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by core3.amsl.com (Postfix) with ESMTP id 7A6F23A69CB for <mipshop@ietf.org>; Fri, 4 Apr 2008 17:35:00 -0700 (PDT)
Received: by wf-out-1314.google.com with SMTP id 25so326786wfa.31 for <mipshop@ietf.org>; Fri, 04 Apr 2008 17:35:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=QsfGbrmTWXFIw5hFEPluDoHEPTTCDJukecAazbYP7Ls=; b=Q6LL1xjpxwflfPBZAEjeA/f8uVejuwtKd1lTd63lnS219mqk57I5Cki4frFO2xgMU5FjXdY8y8gUs3kTpHMvy5sz7KQmC6mKQJ4YvK63GiLsXtzaURxL21zeKIYNjBsjVRrf/DLhn9s/FGyrAdeFX9ePMBxrSFsg+EPLUl4+Gt4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fQ+9D12vHDAsLgY7XLrC79Lwq+K4Vh97YB4HEYqv/QGghFmlaXycQNxJMVLEGfX+aOVjSjQUCSJuWIGMEq4Pyyx3dpBNxf6lwMgXoZ94Khh90XlfhHX01nUAGGBLADdcPzelmqeSMFLqAHvWucynKyu46a6dgkAobh4SWj+x7sM=
Received: by 10.142.131.18 with SMTP id e18mr1384799wfd.207.1207355706922; Fri, 04 Apr 2008 17:35:06 -0700 (PDT)
Received: by 10.142.200.13 with HTTP; Fri, 4 Apr 2008 17:35:06 -0700 (PDT)
Message-ID: <f1f4dcdc0804041735j6f630389i5e74265b75733d74@mail.gmail.com>
Date: Fri, 04 Apr 2008 17:35:06 -0700
From: Vijay Devarapallli <dvijay@gmail.com>
To: Hesham Soliman <hesham@elevatemobile.com>
In-Reply-To: <DB898C1B-AEE4-4A61-BB2B-763B8435EF7D@elevatemobile.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <F11AC155-5E69-4F31-A94F-8593537D456E@elevatemobile.com> <f1f4dcdc0804041711m138e6fcbya5ffe0f87799d7f5@mail.gmail.com> <DB898C1B-AEE4-4A61-BB2B-763B8435EF7D@elevatemobile.com>
Cc: mipshop@ietf.org, Jari Arkko <jari.arkko@piuha.net>
Subject: Re: [Mipshop] AD review of mipshop-4140bis
X-BeenThere: mipshop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <mipshop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mipshop@ietf.org>
List-Help: <mailto:mipshop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mipshop>, <mailto:mipshop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mipshop-bounces@ietf.org
Errors-To: mipshop-bounces@ietf.org
On Fri, Apr 4, 2008 at 5:13 PM, Hesham Soliman <hesham@elevatemobile.com> wrote: > Then I would need help from someone to tell me why it is now PS and not > experimental. I don't know all the reasons why 4140 was experimental. You probably know better. The one reason that I know off (and understood) is that 4140 relied on the use of IKEv1 whereas 4140bis uses IKEv2. IKEv2 provides a mechanism (EAP) to enable authentication between a mobile node and a MAP that belong to different domains. IKEv1 didn't have such a mechanism. So this meant, 4140 didn't really specify a mechanism for MN-MAP mutual authentication that would work in all cases. Hence it was experimental. I vaguely remember some issues about scalability. I wasn't involved in those discussions. > I can obviously add the changes from 4140. Ok. Vijay > > Hesham > > > > On 05/04/2008, at 11:11 AM, Vijay Devarapallli wrote: > > > Hesham, > > > > We need to add a paragraph that explains what changed from RFC 4140, > > and why it is now a Proposed Standard instead of Experimental. The IESG > > wanted something along these lines for 4068bis. I suspect they would want > > such a paragraph/section even for 4140bis. > > > > Vijay > > > > On Sun, Mar 30, 2008 at 6:36 PM, Hesham Soliman > > <hesham@elevatemobile.com> wrote: > > > > > Hi Jari, all, > > > > > > Please take a look at the new revision at: > > > http://www.elevatemobile.com/ietf/draft-ietf-mipshop-4140bis-02.txt > > > > > > and let me know if you're happy with the way your comments were > > > addressed. If you are, I'll submit it. > > > > > > Cheers, > > > Hesham > > > > > > On 17/01/2008, at 1:35 AM, Jari Arkko wrote: > > > > > > > I have made my AD review of this document. Please find detailed > > > > comments > > > > below. > > > > > > > > Overall, I was pleasantly surprised by this specification. It is in > > > > relatively good shape and while there are issues, there are generally > > > > minor and mostly solvable by removing the offending parts. I was happy > > > > with the security parts. The main issues that I have are the flooding > > > > scheme and the error recovery parts. > > > > > > > > I expect some discussion and a new draft revision. After that we can > > > > go > > > > to IETF Last Call. > > > > > > > > Technical: > > > > > > > > > > > > > This specification allows a mobile node to use more than one > > > > > > > > > RCoA if > > > > > > > > > it received more than one MAP option. In this case, the mobile > > > > > > > > > node > > > > > > > > > MUST perform the binding update procedure for each RCoA. > > > > > > > > > > > > > This MUST seems overly strong. Why would the mobile node be forced to > > > > use more than one MAP, if it only wanted to use one? See also further > > > > below where some inconsistencies with the above have been detected. > > > > > > > > > > > > > Note that a mobile node may send a BU containing its LCoA > > > > > > > > > (instead of > > > > > > > > > its RCoA) to correspondent nodes, which are connected to its same > > > > > link. Packets will then be routed directly without going > > > > > > > > > through the > > > > > > > > > MAP. > > > > > > > > > How does this happen? If two nodes sit on the same link and employ > > > > MAP(s) and home agent(s), they will only see each other's RCoAs and/or > > > > HoAs. They would see each other's care-of addresses when route > > > > optimization is attempted. But per your specification above you may > > > > not > > > > attempt it with your local address unless you already know the other > > > > node is on the same link. Chicken and egg... > > > > > > > > Suggestion: do not restrict the type of address the nodes may use in > > > > route optimization. > > > > > > > > > > > > > Upon reception of a router advertisement with the MAP option, the > > > > > receiving router MUST copy the option and re-send it after > > > > > incrementing the Distance field by one. > > > > > > > > > I hope you do not mean re-sending every RA again on another interface, > > > > triggered by the reception. This would disturb the router's own timing > > > > and processing of RAs. Please clarify the text to indicate that the > > > > received RAs are only used for learning the information, and then the > > > > information is used in the router's own independent RA sending > > > > process. > > > > > > > > > > > > > The MAP option is propagated towards ARs in its domain. > > > > > > > > > I'm not convinced that the dynamic distribution of MAP information is > > > > useful. First of all, its a very small configuration task compared to > > > > some of the other things you would have to have in this environment > > > > (e.g., security policies and key material allowing each mobile node to > > > > talk to each MAP securely). > > > > > > > > Secondly, you seem to be assuming that the MAP is placed in the router > > > > hierarchy. I would actually expect that a local domain's MAP would be > > > > placed in the same network as other servers and services exists, not > > > > necessarily in the aggregated router hierarchy that leads to the > > > > Internet. This would imply that a MAP RA would have to be distributed > > > > not just "down" but also "sideways" or even "up" if you draw the > > > > router > > > > placement in the network in a hierarchical manner. Of course, you can > > > > configure the routers to do this. But at the end of the day, you've > > > > created a complicated flooding scheme to achieve very little. And > > > > there > > > > may be error modes that we have not thought of. > > > > > > > > I would suggest removing the support for dynamic distribution, and > > > > simply requiring ARs to be configured with this information. > > > > > > > > > > > > > A mobile node MUST store the received option(s) in order to > > > > > > > > > choose at > > > > > > > > > least one MAP to register with. Storing the options is > > > > > > > > > essential, as > > > > > > > > > they will be compared to other options received later for the > > > > > > > > > purpose > > > > > > > > > of the movement detection algorithm. > > > > > > > > > > > > > > > > > > The "at least one" part is right, in my opinion. But it is > > > > inconsistent > > > > with what I quoted earlier: "MUST perform the binding update procedure > > > > for each RCoA" > > > > > > > > > > > > > If no MAP options are found in the router advertisement, the > > > > > > > > > mobile > > > > > > > > > node MUST use the Mobile IPv6 protocol, as specified in [1 > <http://tools.ietf.org/html/draft-ietf-mipshop-4140bis-01#ref-1 > > > > > ]. > > > > > > > > > > > > > > > > > > Hmm. I think MUST NOT use HMIP would be more appropriate within the > > > > specification of how to deal with MAP options. You are assuming that > > > > whoever implements your spec will also implement and be able to use > > > > Mobile IPv6 (including, for instance, having a home agent). > > > > > > > > > > > > > 10. Detection and Recovery from MAP Failures > > > > > > > > > > > > > Paragraph 1 is good, but the rest seems suspect. For instance, on a > > > > large domain having every AR send this many pings to the MAP would by > > > > itself create a problem. And I am not sure this document should be > > > > dictating a specific mechanisms where service provider infrastructure > > > > keeps aware of what's up and what's not. I would suggest removing > > > > everything else except the ability of mobile nodes to react to zero > > > > lifetime. Or perhaps even that could be removed, if you simply > > > > recommended that if routers become aware of inability to reach the > > > > MAP, > > > > the MAP option is deleted from RAs. > > > > > > > > Editorial: > > > > > > > > Please correct the issues from > > > > > > > > > http://tools.ietf.org/wg/mipshop/draft-ietf-mipshop-4140bis/draft-ietf-mipshop-4140bis-01.nits.txt > > > > > > > > > > > > > It is pertinent to note that the use of the MAP does not reply or > > > > > assume that a permanent Home Agent is present. > > > > > > > > > > > > > s/reply/rely/ > > > > > > > > > > > > > The mobile node can communicate with a correspondent node > > > > > > > > > through the > > > > > > > > > HA, or in a route-optimised manner, as described in [1 > <http://tools.ietf.org/html/draft-ietf-mipshop-4140bis-01#ref-1 > > > > > ]. When > > > > > communicating through the HA, the message formats in [1 > <http://tools.ietf.org/html/draft-ietf-mipshop-4140bis-01#ref-1 > > > > > ] can be re- > > > > > used. > > > > > > > > > s/can be re-used/are used/ > > > > > > > > > > > > > This specification does not provide an algorithm > > > > > for the distance-based MAP selection. However, such an > > > > > > > > > algorithm may > > > > > > > > > be introduced in future extensions utilising information about > > > > > > > > > the > > > > > > > > > speed of mobility from lower layers. > > > > > > > > > > ... The following algorithm is simply based on selecting the > > > > > MAP that is most distant, provided that its preference value > > > > > > > > > did not > > > > > > > > > reach a value of zero. The mobile node operation is shown below: > > > > > > > > > > 1. Receive and parse all MAP options > > > > > > > > > An apparent inconsistency. Do you provide a distance-based algorithm > > > > or > > > > not? Note that there might be different algorithms, better/perfect, > > > > etc., but that was not what the text was claiming. > > > > > > > > > > > > > This is achieved by using the RCoA as the identity in IKE Phase 2 > > > > > negotiation. This step is identical to the use of the home > > > > > > > > > address > > > > > > > > > in IKE phase 2. > > > > > > > > > > > > > > I think you mean child SA creation, not phase 2. Phase 2 was an IKEv1 > > > > concept. I see that Vijay noted this as well in his review. > > > > > > > > Jari > > > > > > > > > > > > > > > > _______________________________________________ > > > > Mipshop mailing list > > > > Mipshop@ietf.org > > > > https://www1.ietf.org/mailman/listinfo/mipshop > > > > > > > > > > _______________________________________________ > > > Mipshop mailing list > > > Mipshop@ietf.org > > > https://www.ietf.org/mailman/listinfo/mipshop > > > > > > > > > > _______________________________________________ Mipshop mailing list Mipshop@ietf.org https://www.ietf.org/mailman/listinfo/mipshop
- [Mipshop] AD review of mipshop-4140bis Jari Arkko
- RE: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko
- RE: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko
- RE: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko
- [Mipshop] MAP discovery (was Re: AD review of mip… Vijay Devarapalli
- Re: [Mipshop] MAP discovery (was Re: AD review of… Jari Arkko
- Re: [Mipshop] MAP discovery (was Re: AD review of… Vijay Devarapalli
- Re: [Mipshop] MAP discovery (was Re: AD review of… Hesham Soliman
- Re: [Mipshop] MAP discovery (was Re: AD review of… Jari Arkko
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Vijay Devarapallli
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Vijay Devarapallli
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Vijay Devarapallli
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko
- Re: [Mipshop] AD review of mipshop-4140bis Hesham Soliman
- Re: [Mipshop] AD review of mipshop-4140bis Jari Arkko