Re: [netext] Access Network Information option for Proxy Mobile IPv6
Sri Gundavelli <sgundave@cisco.com> Sun, 17 July 2011 18:06 UTC
Return-Path: <sgundave@cisco.com>
X-Original-To: netext@ietfa.amsl.com
Delivered-To: netext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F80F21F85C6 for <netext@ietfa.amsl.com>; Sun, 17 Jul 2011 11:06:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.139
X-Spam-Level:
X-Spam-Status: No, score=-4.139 tagged_above=-999 required=5 tests=[AWL=-2.937, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id inFII4MIgiw1 for <netext@ietfa.amsl.com>; Sun, 17 Jul 2011 11:05:57 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 55A3C21F85A0 for <netext@ietf.org>; Sun, 17 Jul 2011 11:05:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=sgundave@cisco.com; l=227850; q=dns/txt; s=iport; t=1310925955; x=1312135555; h=date:subject:from:to:cc:message-id:mime-version; bh=V6WUj8pAod6uPIJcNJNSCbidYInTuHoCI+oc8wSXrKY=; b=ZtCReYXuib0/u0cHBsHPGVsfM5vEAKUHVxcruvGSzT43QZpsgjSoIcxS SUYNBr/JMP9xgM8j8iwmw1biLuRTkTD0nlwl9Z/3eX5gj/Gi28UiNUoiO YUdNsnCL7MBUXjx4UkXgAVXW9QzzqMILtyFTdYMhEGZPSNfwgU1oXNJy9 U=;
X-Files: image.png, image.png : 104616, 50430
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsFAFEjI06rRDoJ/2dsb2JhbABFDYJTlg6OJG13iHykNZ0WgySDGASHJS+DPoJfhHWFCotr
X-IronPort-AV: E=Sophos; i="4.67,218,1309737600"; d="png'150?scan'150,208,217,150"; a="3751201"
Received: from mtv-core-4.cisco.com ([171.68.58.9]) by rcdn-iport-8.cisco.com with ESMTP; 17 Jul 2011 18:05:53 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by mtv-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id p6HI5rgx024350; Sun, 17 Jul 2011 18:05:53 GMT
Received: from xmb-sjc-214.amer.cisco.com ([171.70.151.145]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 17 Jul 2011 11:05:52 -0700
Received: from 10.32.246.213 ([10.32.246.213]) by xmb-sjc-214.amer.cisco.com ([171.70.151.145]) with Microsoft Exchange Server HTTP-DAV ; Sun, 17 Jul 2011 18:05:45 +0000
User-Agent: Microsoft-Entourage/12.30.0.110427
Date: Sun, 17 Jul 2011 11:05:40 -0700
From: Sri Gundavelli <sgundave@cisco.com>
To: "Basavaraj.Patil@nokia.com Patil" <Basavaraj.Patil@nokia.com>, netext@ietf.org
Message-ID: <CA487284.212C8%sgundave@cisco.com>
Thread-Topic: [netext] Access Network Information option for Proxy Mobile IPv6
Thread-Index: AcxErCMMSotHGAaDgEKZ5MTkarnpkw==
Mime-version: 1.0
Content-type: multipart/related; boundary="B_3393745541_4325397"
X-OriginalArrivalTime: 17 Jul 2011 18:05:52.0742 (UTC) FILETIME=[2AA4F860:01CC44AC]
Subject: Re: [netext] Access Network Information option for Proxy Mobile IPv6
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Jul 2011 18:06:00 -0000
Hi Raj: Thanks for the review, please see inline. On 7/14/11 1:34 PM, "Basavaraj.Patil@nokia.com" <Basavaraj.Patil@nokia.com> wrote: > > I reviewed this I-D and have a few questions: > > 1. Why does the LMA need to obtain the access network information from the > MAG? Can it not obtain the same from the AAA server with which it has an > interface? > The MN has to authenticate via the AN to the AAA server prior to PMIP6 > being triggered. So I would expect that AAA has the information about the > access network which could then be obtained by the LMA. > Not really. Sure, the AAA interface would be used for the access authentication. However, the access network details are typically not present in the AAA. If we look at a very simple access network architecture below, the MAG is hosted on an aggregation device, which is talking to various access network links. > 2. Why does the binding cache at the LMA and/or MAG need to store the > information carried in the ANI option? I don¹t see how it would be used > from the document. I agree, we need to add more details. The access network parameters such as SSID, Geo-Location ..etc, if present in the session state, the LMA can apply the needed policies. One example I can think is how some folks wanted to enable session security to a MIPv6 session based on the access network to which the MN is attached, same way here, the MAG can present all the access network parameters as part of the signaling. Another example is the ANDSF policies have already evolved to use access network parameters in applying policies, except the anchor in the home network has no clue on the access network details, Finally, if we look at PWLAN deployments today, based on L2TP or other approaches, these access network parameters are used for handling many deployment specific requirements, enterprise support or other use-cases. The mechanism here is just about carrying the parameters and making them available to the anchor. Mark Grayson had bunch of other use-cases, he added few cases ..., he can comment... > 3. The statement : "In access systems where the mobile access gateway is > attached to a micro-mobility domain such as IEEE 802.11 WLAN > domain, the DHCP relay agent function in that micro-mobility > domain may be configured to add the access network information in > DHCP option (82), which is the DHCP Relay Agent Information option > [RFC3046]. The mobile access gateway may learn the access network > information from this option." > Seems like a lot of handwaving. Is there a DHCP option for carrying access > network information? > If you want this info to be carried in option 82, I would think that there > is a need to specify this in the DHC WG. Hmm... No handwaiving DHCP option 82 is used for carrying VLAN and other information tags. Many wireless/wireline architectures use this in different ways. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gdhcpopt.html #wp1027173 The ³handwaiving² if any, was specifically not to dictate any specific approach. Typically, between the AP/radio and the access gateway/MAG there is either a tunnel, or the packets are carried over a specific 802.1q tag and the MAG can use that detect the access network and other parameters associated to that link. > 4. Can you give me an example of how the LMA would classify traffic or > treat Mns differently based on the information carried in the ANI option? > The statement: > "Policy systems in mobility architectures such as PCC [TS23203] and ANDSF > [TS23402] in 3GPP system allow configuration of policy rules with > conditions based on the access network information. For example, the > service treatment for the mobile node's traffic may be different when > they are attached to a access network owned by the home operator than > when owned by a roaming partner. The service treatment can also be > different based on the configured SSID in case of IEEE 802.11 based > access networks. > " A simple forwarding decision can be based on the ANI/SSID. It could be routed toward a enterprise gateway, based on the access network. Use of Geo-Location for supporting some regulatory requirements Applying access controls based on the location > 5. And lastly consider the following scenario: > The LMA knows the identity of the MAG from which it receives BUs. If a MAG > is associated with a wifi AP then the LMA already knows (or can be > configured) about the MAGs AN details. And hence there is really no reason > to send that information in every BU. The LMA is already aware whether a > MAG is viewed as one that belongs to the home network or a visited > network. Hence I don¹t see the need for explicit signaling. There is no 1:1 mapping between the parameter value set in the ANI option to a MAG identity. If we look at the PWLAN deployments, the aggregation device is practically terminating 1000¹s AP¹s, in this case its a MAG talking to PGW over 3GPP S2a PMIPv6 interface and on the ingress side peering with 1000¹s AP¹s over a IP tunnel or by the use of .1q tags. The MAG inserting specific ANI data set is based on the input interface on which it received a MN trigger, this deployment model is reflective of today¹s dominant WLAN architectures. These access architectures could be based on CAPWAP/LWAP/L2TP/PMIPv6/L2-Aggregation ..., so the MAG can provide the ANI option set based on the input interface. The option in the draft is for enabling the linking of existing deployed access network architectures, with EPC integration, using PMIPv6. Again, thanks for the review. Will revise the draft. Regards Sri d
- Re: [netext] Access Network Information option fo… Sri Gundavelli