[Mobopts] MIPv6 IPsec Route Optimization (IRO)
arno@natisbad.org (Arnaud Ebalard) Mon, 17 November 2008 08:32 UTC
Return-Path: <mobopts-bounces@irtf.org>
X-Original-To: mobopts-archive@megatron.ietf.org
Delivered-To: ietfarch-mobopts-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BE0593A698A; Mon, 17 Nov 2008 00:32:58 -0800 (PST)
X-Original-To: mobopts@core3.amsl.com
Delivered-To: mobopts@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 46A8B3A698A; Mon, 17 Nov 2008 00:32:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0BiSduYjrQE8; Mon, 17 Nov 2008 00:32:57 -0800 (PST)
Received: from copper.chdir.org (copper.chdir.org [88.191.97.87]) by core3.amsl.com (Postfix) with ESMTP id 4388A3A696C; Mon, 17 Nov 2008 00:32:57 -0800 (PST)
Received: from [2001:7a8:78df:2:20d:93ff:fe55:8f78] (helo=localhost.localdomain) by copper.chdir.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <arno@natisbad.org>) id 1L1zXG-0006cY-98; Mon, 17 Nov 2008 09:32:42 +0100
X-Hashcash: 1:20:081117:mext@ietf.org::uS+ElyPx6d1zShNw:00002aX9
X-Hashcash: 1:20:081117:mobopts@irtf.org::rBHPMCBm0o28YDvh:00gRY
X-Hashcash: 1:20:081117:ipsec@ietf.org::rW2BcA47NML8k/be:000EcwZ
From: arno@natisbad.org
To: IETF MEXT WG ML <mext@ietf.org>
X-PGP-Key-URL: http://natisbad.org/arno@natisbad.org.asc
X-Fingerprint: 47EB 85FE B99A AB85 FD09 46F3 0255 957C 047A 5026
Date: Mon, 17 Nov 2008 00:30:57 -0800
Message-ID: <87d4guwy7y.fsf@natisbad.org>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Cc: IPsec IETF WG ML <ipsec@ietf.org>, Mobopts IRTF WG ML <mobopts@irtf.org>
Subject: [Mobopts] MIPv6 IPsec Route Optimization (IRO)
X-BeenThere: mobopts@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=unsubscribe>
List-Archive: <https://www.irtf.org/mailman/private/mobopts>
List-Post: <mailto:mobopts@irtf.org>
List-Help: <mailto:mobopts-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/mobopts>, <mailto:mobopts-request@irtf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mobopts-bounces@irtf.org
Errors-To: mobopts-bounces@irtf.org
Hi, Sorry for crossposting but the topic discussed in the draft may be of interest for people of the 3 lists. > IETF I-D Submission Tool <idsubmission@ietf.org> writes: > > A new version of I-D, draft-ebalard-mext-ipsec-ro-00.txt has been > successfuly submitted by Arnaud Ebalard and posted to the IETF > repository. > > Filename: draft-ebalard-mext-ipsec-ro > Revision: 00 > Title: Mobile IPv6 IPsec Route Optimization (IRO) > Creation_date: 2008-11-17 > WG ID: Independent Submission > Number_of_pages: 44 > > Abstract: > > This memo specifies an improved alternate route optimization procedure > for Mobile IPv6 designed specifically for environments where IPsec is > used between peers (most probably with IKE). The replacement of the > complex Return Routability procedure for a simple mechanism and the > removal of HAO and RH2 extensions from exchanged packets result in > performance and security improvements. I have just submitted a new I-D [1] which certainly requires an introduction (and disclaimer): it specifies a MIPv6 Route Optimization procedure *dedicated* to environments where IPsec/IKE is used between peers (MN-HA, MN-CN, MN-MN) for protecting both signaling and data traffic. Some of the improvements provided by this "IPsec Route Optimization" mechanism (IRO) are also proposed for the IPsec communications between the MN and its HA. Among the features provided by IRO (introduction of the document as a more accurate list): * Complete removal of RH2 and HAO (resulting in simplified packet handling on both sides and possibly better compatibility with filtering implemented in the network), * Per packet MTU gains between 24 and 48 bytes in comparison with equivalent uses of IPsec in standard RO context, * Improved and more generic proof of address ownership mechanism, * Safe by default behavior avoiding direct unprotected traffic flows, * No additionnal changes to IPsec or IKE protocols and limited changes to MIPv6 via four simple messages and a single option. Next steps is to gather some initial feedback from interested people of the WG. Then, I intend to spend some time implementing it (under Linux) to challenge the ideas provided in the draft. Comments are welcome. Note that this is a -00 which implies that some parts are still quite raw and might deserve additional comments/work. Cheers, a+ [1]: http://www.ietf.org/internet-drafts/draft-ebalard-mext-ipsec-ro-00.txt _______________________________________________ Mobopts mailing list Mobopts@irtf.org https://www.irtf.org/mailman/listinfo/mobopts
- [Mobopts] MIPv6 IPsec Route Optimization (IRO) Arnaud Ebalard
- Re: [Mobopts] MIPv6 IPsec Route Optimization (IRO) Haddad, Wassim Michel
- Re: [Mobopts] MIPv6 IPsec Route Optimization (IRO) Arnaud Ebalard