Re: [MEXT] Global Binding Revocation initiated by MAG
"Magesh Shanmugam" <mshanmugam@intellinet-india.com> Fri, 12 December 2008 05:45 UTC
Return-Path: <mext-bounces@ietf.org>
X-Original-To: monami6-archive@megatron.ietf.org
Delivered-To: ietfarch-monami6-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 8C3A63A68DE;
Thu, 11 Dec 2008 21:45:32 -0800 (PST)
X-Original-To: mext@core3.amsl.com
Delivered-To: mext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 5DB9D3A68DE
for <mext@core3.amsl.com>; Thu, 11 Dec 2008 21:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.166
X-Spam-Level: *
X-Spam-Status: No, score=1.166 tagged_above=-999 required=5 tests=[AWL=1.602,
BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611,
HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 7jSLBo1beEIF for <mext@core3.amsl.com>;
Thu, 11 Dec 2008 21:45:29 -0800 (PST)
Received: from ricky.india.internal.net (unknown [59.145.147.70])
by core3.amsl.com (Postfix) with ESMTP id A38353A67B1
for <mext@ietf.org>; Thu, 11 Dec 2008 21:45:27 -0800 (PST)
Received: from Magesh (magesh.india.internal.net.16.172.in-addr.arpa
[172.16.8.41] (may be forged))
by ricky.india.internal.net (8.12.10/8.12.10) with ESMTP id
mBC5a8xA028935; Fri, 12 Dec 2008 11:06:08 +0530
Message-Id: <200812120536.mBC5a8xA028935@ricky.india.internal.net>
From: "Magesh Shanmugam" <mshanmugam@intellinet-india.com>
To: "'Ahmad Muhanna'" <amuhanna@nortel.com>
Date: Fri, 12 Dec 2008 11:20:02 +0530
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: AclalCYuhfjQHuocScae7Wmc5lzMKABQuirAABEpJpA=
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
In-Reply-To: <C5A96676FCD00745B64AE42D5FCC9B6E1C2CEE04@zrc2hxm0.corp.nortel.com>
X-Cyberoam-Version: 9.5.4.86
X-Cyberoam-smtpxy-version: 0.0.4.2
X-Cyberoam-AV-Status: Clean
X-Cyberoam-Proto: SMTP
X-Cyberoam-AV-Policy: None
X-Cyberoam-AS-Policy: Global Spam Policy
Cc: mext@ietf.org
Subject: Re: [MEXT] Global Binding Revocation initiated by MAG
X-BeenThere: mext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/mext>
List-Post: <mailto:mext@ietf.org>
List-Help: <mailto:mext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mext>,
<mailto:mext-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0451231480=="
Sender: mext-bounces@ietf.org
Errors-To: mext-bounces@ietf.org
Ahmad Thanks for the response. Please see my comments inline. Regards S Magesh _____ From: Ahmad Muhanna [mailto:amuhanna@nortel.com] Sent: Friday, December 12, 2008 3:38 AM To: Magesh Shanmugam Cc: mext@ietf.org Subject: RE: Global Binding Revocation initiated by MAG Magesh, Sorry for the late response. Had to travel for a short trip. I see what you are saying here. May be what we need to do is to take one step back and look into the reason for the Global revocation. The intention is to allow one of the PMIPv6 domain nodes (MAG or LMA) to inform the other to revoke all bindings that is served by these two nodes or a partial number of these binding, for example proxy MIP6 bindings that have their MN-ID which belong to a specific realm, e.g., (*@abc.com). When the 'G' bit is used for a partial Global revocation, "Revoking Node Local Policy", the draft requires that another identifier MUST be included in the BRI which is used to identify these proxy bindings. I believe that we do not have any problem in that one. Right? [Magesh] I agree with your above statement. When the 'G' bit is used for a Global revocation and in line with the above logic, we need to communicate the MAG-ID. I understand that currently we do not have a mobility option specific to carry MAG-ID, however, we defined a very specific scenario where the 'G' bit is set and the R. Trigger is set to "per-peer policy". Only in this case, the draft currently allow the MAG to include its ID in the MN-ID option. Sending the BRI and BRA is assumed to follow the exact procedure for PBU and PBA with respect to the source and dest. IP addresses. [Magesh] I'm not in favour of having a new mobility option for carrying the MAG-ID, my concern is if MAG-ID is carried in the BRI message, how does LMA knows all the binding session(s) related to that particular MAG (your point here is implementation dependent). Since from RFC5213 , it is clear that Binding Cache & Policy Profile does not maintain the MAG-ID, i feel it is better to add a statement in Binding Revocation draft regarding the way MAG-ID is handled by LMA for identifying all the binding session(s). In the vice versa case (i.e. LMA sending Global Revocation to MAG with Revocation Trigger set to "Per-Peer Policy" ), the BRI triggered by LMA will not have any mobility option(s). When MAG receives the BRI, based on the LMAA (i.e. source address in the received BRI message), it will retrieve all the binding session(s) and revoke them. I just need the same kind of procedure when MAG sends BRI with status set to "Per-Peer Policy". On the other hand, I see your point of defining a default mechanism to be used by the received Node to identify all these proxy Bindings. IMO, we need probably to have a generic approach that applicable to all cases. for example, a MAG may have more than one pCoA with a specific LMA. As a suggestion, I would recommend, in this case ONLY that the pCoA always be included in the Alternate CoA option in the BRI. Additionally, when the MAG share more than one pCoA, the MAG MUST include each pCoA in a separate Alternate-CoA option. Does sound acceptable? As a side note, implementations may have their own mechanism where the MAG-ID is somehow known to the LMA, for example, and that implementation would identify all of the proxy Binding that are served at that MAG using the MAG-ID, but that is out of scope. Regards, Ahmad _____ From: Magesh Shanmugam [mailto:mshanmugam@intellinet-india.com] Sent: Wednesday, December 10, 2008 12:55 AM To: Muhanna, Ahmad (RICH1:2H10) Cc: mext@ietf.org Subject: Global Binding Revocation initiated by MAG Ahmad In PMIPv6 domain, when MAG initiates Global Binding Revocation (G bit set), it will send the MAG identity in the MN-ID option (as per section 3.1 of binding-revocation draft-02). As per RFC 5213, while creating Binding Cache Entry @ LMA, we have MN-ID, HNP(s), Proxy Care of Address, etc in the received PBU message which will be updated in the BC entry after validation. MAG-ID will not be stored in the Binding Cache Entry when individual binding session(s) are processed and validated by LMA. When MAG triggers Global Binding Revocation, it will send the MAG-ID in the MN-ID option. Since LMA won't maintain the MAG-ID for each binding session (i.e. in BC entry), it will be tough for the LMA to identify all the binding(s) from the specific MAG. Instead of having MAG-ID in the MN-ID option for Global Revocation, if we use Proxy Care of Address (through the source IP address of the BRI message or Alternate Care of Address mobility option, if source address is different from proxy care of address), it will be easy for LMA to retrieve all the binding(s), since Proxy Care of Address is stored in the Binding Cache entry. Thanks S Magesh
_______________________________________________ MEXT mailing list MEXT@ietf.org https://www.ietf.org/mailman/listinfo/mext
- [MEXT] Global Binding Revocation initiated by MAG Magesh Shanmugam
- Re: [MEXT] Global Binding Revocation initiated by… Ahmad Muhanna
- Re: [MEXT] Global Binding Revocation initiated by… Magesh Shanmugam
- Re: [MEXT] Global Binding Revocation initiated by… Ahmad Muhanna