Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt
Hesham Soliman <hesham@elevatemobile.com> Mon, 01 December 2008 08:29 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: monami6-archive@megatron.ietf.org
Delivered-To: ietfarch-monami6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id D43673A691C;
Mon, 1 Dec 2008 00:29:22 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id A877E3A6909;
Mon, 1 Dec 2008 00:29:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.932
X-Spam-Level:
X-Spam-Status: No, score=-2.932 tagged_above=-999 required=5
tests=[AWL=-0.333, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id u9Bu5hIIP9E2; Mon, 1 Dec 2008 00:29:20 -0800 (PST)
Received: from smtp-2.servers.netregistry.net (smtp.netregistry.net
[202.124.241.204])
by core3.amsl.com (Postfix) with ESMTP id 6B55A3A69BD;
Mon, 1 Dec 2008 00:29:19 -0800 (PST)
Received: from [124.190.106.160] (helo=[192.168.0.187])
by smtp-2.servers.netregistry.net protocol: esmtpa (Exim 4.63 #1
(Debian)) id 1L749W-0005lB-7C; Mon, 01 Dec 2008 19:29:10 +1100
User-Agent: Microsoft-Entourage/12.14.0.081024
Date: Mon, 01 Dec 2008 19:29:02 +1100
From: Hesham Soliman <hesham@elevatemobile.com>
To: Colin Perkins <csp@csperkins.org>, <ietf@ietf.org>,
"mext@ietf.org" <mext@ietf.org>
Message-ID: <C559EB7E.A7C2%hesham@elevatemobile.com>
Thread-Topic: tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt
Thread-Index: AclTjt1Mt+BRIKpv1kOeOuk4ZPVXHw==
In-Reply-To: <FB1A81A1-8ADB-43DC-A820-9BDE8EE75919@csperkins.org>
Mime-version: 1.0
Cc: TSV Dir <tsv-dir@ietf.org>
Subject: Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo-v4traversal-06.txt
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Colin, Thank you for the review. Please see some comments inline. > In summary, this draft seems to be on the right track but has some > open issues, as discussed below. > > The NAT keep-alive interval (Section 5.3 and 7) is set to 110 seconds > by default, unless configured by the home agent in a binding > acknowledgement. While the default interval seems a safe choice, it's > not clear why it was chosen, or when it's appropriate for a home > agent to signal an alternative interval. The draft would benefit from > an explanation of this choice, and further discussion of the issues > inherent in choosing an appropriate keep-alive interval (Section 3.5 > of RFC 5405 considers this point, and might be appropriate to > reference). => Thanks for the reference. I'll include that in the new rev. The interval was chosen based on recommendations from people with experience in NAT deployments and the WG agreed with it. But the reference will certainly help the reader. > > The NAT detection mechanism specified in Section 5.2 relies on the > NAT rewriting the source address of the outer IPv4 header, but not > the IPv4 address carried in the binding update payload. I'm not > familiar with the way in which mobile IPv6 uses IPsec ESP, but if > it's used in a way that provides integrity protection but not > confidentiality, issues may arise with NAT devices that rewrite IPv4 > addresses in the UDP payload, causing the integrity check to fail > (this is why STUN [RFC5389] provides an XOR-MAPPED-ADDRESS attribute > to obfuscate the IP address). => Well, I'm not sure how a NAT can do that. You mean the NAT will parse the binding update message deep inside the IPv6 extension header in the inner IP packet? This is where the original address is preserved. To do that, a NAT would have to understand the various MIPv6 options, and if it did, it would know not to do that :) The inner header is IPv6, so a NAT should not touch that. > > It's not clear that the use with ECN is fully specified. Section > 5.1.1 notes that it's "RECOMMENDED that the ECN information is copied > between the inner and outer header as defined in [RFC3168]" - is the > intent that the full-functionality option defined in RFC 3168 is > recommended? If so, it would be useful to state that explicitly. => Yes. I think we can explicitly mention that. This was done to follow the same rules which are done for IP in IP encapsulation, as per RFC 4213. It > also seems that UDP encapsulation will prevent the use of ECN over > the tunnel, since the UDP API doesn't allow access to the ECN bits, > and cause different ECN (and hence congestion) behaviour depending on > the encapsulation method used. This should be called out in the draft. => Ok, although I think this might not be an issue with many implementations as UDP encapsulation may be done in the kernel with the rest of the MIPv6 implementations (typically anyway). I'll add your comment to the draft. > > Processing of other IP header fields (e.g. the diffserv field and > TTL) when encapsulated in UDP tunnels also seems poorly defined. The > intent, presumably, is for the choice of tunnelling mechanism to be > hidden from higher-levels, but the exact en-/de-capsulation steps > needed to achieve this must be specified for the UDP encapsulation. > For example, when is the TTL of the encapsulated packet decremented? => It is decremented in the same way that it's done for IP in IP tunnelling. I can add that. > > Finally, the use of multiple UDP tunnelling schemes (vanilla or with > TLV-header) seems undesirable, and it would be useful to document why > this is necessary, for those not familiar with the working group > history. => Well, I personally agree with you. However, there was a concensus call in the WG about this particular issue and it was decided (narrowly) that we should include support for this. Based on my understanding, some people wanted to be able to efficiently use GRE tunnelling. While this is not useful for MIPv6 mobile nodes (typically GRE tunnelling is done in the network), people wanted to be able to use this specification for PMIPv6, which uses MIPv6 without the mobile node's involvement. Hence, the supposed need for GRE tunnelling. If you ask me why GRE tunnelling is needed at all in IPv6 then I'm not the right person to represent that opinion because I'm completely against it :) I hope this helps. Hesham > > Regards, _______________________________________________ MEXT mailing list MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Hesham Soliman
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Magnus Westerlund
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Colin Perkins
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Matt Mathis
- Re: [MEXT] [tsv-dir] tsv-dir review of draft-ietf… Rémi Denis-Courmont
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Jari Arkko
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Colin Perkins
- Re: [MEXT] tsv-dir review of draft-ietf-mext-nemo… Dan Wing