IETF Logo Mail Archive

Re: [netext] Security question on anycast mode of draft-ietf-netext-redirect-01

jouni korhonen <jouni.nospam@gmail.com> Fri, 07 May 2010 07:33 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: netext@core3.amsl.com
Delivered-To: netext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C02643A6AF2 for <netext@core3.amsl.com>; Fri, 7 May 2010 00:33:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.206
X-Spam-Level:
X-Spam-Status: No, score=-1.206 tagged_above=-999 required=5 tests=[AWL=-0.096, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zXY+FfTKKNqd for <netext@core3.amsl.com>; Fri, 7 May 2010 00:33:25 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id C51783A691C for <netext@ietf.org>; Fri, 7 May 2010 00:33:09 -0700 (PDT)
Received: by fxm4 with SMTP id 4so616097fxm.31 for <netext@ietf.org>; Fri, 07 May 2010 00:32:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=GmZd852m+SWKYkHE6h8B/dIZotGqENVqVHYIVQavgC4=; b=REFAaiKTDmHXwhSfg4C8gVD2McPXHPRp+nGjP6uxRjsX9slQ10x10C451HaLhvWa1h nJrQHl3tTsgevYM5p+0LtWguA5ymGXjOFdrDk34NZIkkf3la2HM4SXjuVuvHjKhd8Mhd Lrt+sd2HX57KmaKzpuLKX4x2Yj+BMFGxF6gTk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=vKNo2MN6WcNm1ddZm0c2AHkNGW7MBW+E7LR70+pHVJNaVmRXFtvSOlwwTma/CkeTBu Eeur33SwZMrZ1XWVB55OJmS0L+L7GM7F4Lwc0KLh8+Rp2KDdW+E4AJOqvAPOtdJ5I98C GNwuWG0WyBXfXCyDMpfyW5U35eYNfm7IXRXZE=
Received: by 10.223.22.145 with SMTP id n17mr1008701fab.23.1273217573927; Fri, 07 May 2010 00:32:53 -0700 (PDT)
Received: from a88-114-64-208.elisa-laajakaista.fi (a88-114-64-208.elisa-laajakaista.fi [88.114.64.208]) by mx.google.com with ESMTPS id b17sm3532772fka.43.2010.05.07.00.32.51 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 07 May 2010 00:32:52 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <x2i8b78dd8b1005070020i6637bc0al753852a3bd3db8ec@mail.gmail.com>
Date: Fri, 07 May 2010 10:32:50 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <BA360B83-8624-4205-83B7-A6AD40F7EB40@gmail.com>
References: <x2i8b78dd8b1005070020i6637bc0al753852a3bd3db8ec@mail.gmail.com>
To: Xiaoyan Jiang <jxyswallow@gmail.com>
X-Mailer: Apple Mail (2.1078)
Cc: netext@ietf.org
Subject: Re: [netext] Security question on anycast mode of draft-ietf-netext-redirect-01
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 07:33:25 -0000

Hi,

On May 7, 2010, at 10:20 AM, Xiaoyan Jiang wrote:

> Hi   Jouni
> 
> When there are multiple LMAs in the same PMIP damain, how are the LMAs associated with each other? And, from the MAG's perspective, what' s the difference between the LMAs?

Associated with each other? I don't really understand the question. Those LMAs are within the same Redirection Domain and under the same administration. This does not really differentiate from any anycast deployment. 

From a MAG point of view, when using anycast addressing, it sees no difference between LMAs. When runtime assignment takes place, the MAG learns the individual LMA that was picked up. The MAG will eventually have a separate SA with each individual LMA (either dynamically or manually established).

- Jouni

> 
> Thank you!
> 
> > o  LMAs with multiple IP addresses: a cluster of LMAs or a blade
> >      architecture LMA may appear to the routing system as multiple LMAs
> >     with separate unicast IP addresses.  A MAG can initially select
> >      any of those LMA IP addresses as the LMA Address using e.g., DNS-
> >      and AAA-based solutions.  However, MAG's initial selection may be
> >      suboptimal from the LMA point of view and immediate redirection to
> >      a "proper LMA" would be needed.  The LMA could use [RFC5142] based
> >      approach but that would imply unnecessary setting up of a mobility
> >      session in a "wrong LMA" with associated backend support system
> >      interactions, involve additional signaling between the MAG and the
> >      LMA, and re-establishing mobility session to the new LMA again
> >      with associated signaling.
> 
> Xiaoyan Jiang
>

v2.23.0 | Report a Bug | By Email