IETF Logo Mail Archive

[netext] Security question on anycast mode of draft-ietf-netext-redirect-01

"Laganier, Julien" <julienl@qualcomm.com> Wed, 28 April 2010 23:16 UTC

Return-Path: <julienl@qualcomm.com>
X-Original-To: netext@core3.amsl.com
Delivered-To: netext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C8C2A3A6912 for <netext@core3.amsl.com>; Wed, 28 Apr 2010 16:16:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.324
X-Spam-Level:
X-Spam-Status: No, score=-106.324 tagged_above=-999 required=5 tests=[AWL=0.275, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TtbZh0uBAu9U for <netext@core3.amsl.com>; Wed, 28 Apr 2010 16:16:30 -0700 (PDT)
Received: from wolverine02.qualcomm.com (wolverine02.qualcomm.com [199.106.114.251]) by core3.amsl.com (Postfix) with ESMTP id B3EE83A68C5 for <netext@ietf.org>; Wed, 28 Apr 2010 16:16:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qualcomm.com; i=julienl@qualcomm.com; q=dns/txt; s=qcdkim; t=1272496577; x=1304032577; h=from:to:cc:date:subject:thread-topic:thread-index: message-id:accept-language:content-language: x-ms-has-attach:x-ms-tnef-correlator:x-cr-hashedpuzzle: x-cr-puzzleid:acceptlanguage:content-type: content-transfer-encoding:mime-version; z=From:=20"Laganier,=20Julien"=20<julienl@qualcomm.com> |To:=20"draft-ietf-netext-redirect@tools.ietf.org"=0D=0A =09<draft-ietf-netext-redirect@tools.ietf.org>|CC:=20"net ext@ietf.org"=20<netext@ietf.org>|Date:=20Wed,=2028=20Apr =202010=2016:15:38=20-0700|Subject:=20Security=20question =20on=20anycast=20mode=20of=20draft-ietf-netext-redirect- 01|Thread-Topic:=20Security=20question=20on=20anycast=20m ode=20of=0D=0A=20draft-ietf-netext-redirect-01 |Thread-Index:=20AcrnKLbIHlrgdOL/RTmRsC8oBmFEcw=3D=3D |Message-ID:=20<BF345F63074F8040B58C00A186FCA57F1EFEFD75E 3@NALASEXMB04.na.qualcomm.com>|Accept-Language:=20en-US |Content-Language:=20en-US|X-MS-Has-Attach: |X-MS-TNEF-Correlator:|x-cr-hashedpuzzle:=205N8=3D=20AdTS =20G3rj=20JB0o=20JRv3=20JhWG=20J8nQ=20NBwW=20O1yI=20QJgn =20Q4bS=0D=0A=20S9Je=20T3c/=20VKT7=20VulY=0D=0A=20WpxQ=3B 2=3BZAByAGEAZgB0AC0AaQBlAHQAZgAtAG4AZQB0AGUAeAB0AC0AcgBlA GQAaQByAGUAYwB0AEAAdABvAG8AbABzAC4AaQBlAHQAZgAuAG8AcgBnAD sAbgBlAHQAZQB4AHQAQABpAGUAdABmAC4AbwByAGcA=3BSosha1_v1=3B 7=3B{7545CBCE-34DE-4AF5-9F8E-687B91A1F5C8}=3BagB1AGwAaQBl AG4AbABAAHEAdQBhAGwAYwBvAG0AbQAuAGMAbwBtAA=3D=3D=3BWed, =0D=0A=2028=20Apr=202010=2023:15:38=0D=0A=20GMT=3BUwBlAGM AdQByAGkAdAB5ACAAcQB1AGUAcwB0AGkAbwBuACAAbwBuACAAYQBuAHkA YwBhAHMAdAAgAG0AbwBkAGUAIABvAGYAIABkAHIAYQBmAHQALQBpAGUAd ABmAC0AbgBlAHQAZQB4AHQALQByAGUAZABpAHIAZQBjAHQALQAwADEA |x-cr-puzzleid:=20{7545CBCE-34DE-4AF5-9F8E-687B91A1F5C8} |acceptlanguage:=20en-US|Content-Type:=20text/plain=3B=20 charset=3D"us-ascii"|Content-Transfer-Encoding:=20quoted- printable|MIME-Version:=201.0; bh=atxFeeqABUFkFUTe6bmOcUI6i4nBbCwc6NxIxSxpwVE=; b=bhMu+mHswR0qUJBjX1xdJvRxL028ZR/rAArirOIP7vjrqnDaMKOE6jXi hG521pIVq+ycdb6iBrOa/Q33ssKczXFLa/MeIZ2ZPfR35blI1afmfxJfs F5fGet93Jv1l7aYClI+FWt/PkmngiiwWS8xcnKJvZi1DUvHJp4sdrsp0M c=;
X-IronPort-AV: E=McAfee;i="5400,1158,5966"; a="39848600"
Received: from ironmsg01-r.qualcomm.com ([172.30.46.15]) by wolverine02.qualcomm.com with ESMTP; 28 Apr 2010 16:15:44 -0700
X-IronPort-AV: E=Sophos;i="4.52,289,1270450800"; d="scan'208";a="29580331"
Received: from nasanexhub02.na.qualcomm.com ([10.46.143.120]) by ironmsg01-r.qualcomm.com with ESMTP/TLS/RC4-MD5; 28 Apr 2010 16:15:45 -0700
Received: from nalasexhc01.na.qualcomm.com (10.47.129.185) by nasanexhub02.na.qualcomm.com (10.46.143.120) with Microsoft SMTP Server (TLS) id 8.2.234.1; Wed, 28 Apr 2010 16:15:45 -0700
Received: from NALASEXMB04.na.qualcomm.com ([10.47.7.118]) by nalasexhc01.na.qualcomm.com ([10.47.129.185]) with mapi; Wed, 28 Apr 2010 16:15:45 -0700
From: "Laganier, Julien" <julienl@qualcomm.com>
To: "draft-ietf-netext-redirect@tools.ietf.org" <draft-ietf-netext-redirect@tools.ietf.org>
Date: Wed, 28 Apr 2010 16:15:38 -0700
Thread-Topic: Security question on anycast mode of draft-ietf-netext-redirect-01
Thread-Index: AcrnKLbIHlrgdOL/RTmRsC8oBmFEcw==
Message-ID: <BF345F63074F8040B58C00A186FCA57F1EFEFD75E3@NALASEXMB04.na.qualcomm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-cr-hashedpuzzle: 5N8= AdTS G3rj JB0o JRv3 JhWG J8nQ NBwW O1yI QJgn Q4bS S9Je T3c/ VKT7 VulY WpxQ; 2; ZAByAGEAZgB0AC0AaQBlAHQAZgAtAG4AZQB0AGUAeAB0AC0AcgBlAGQAaQByAGUAYwB0AEAAdABvAG8AbABzAC4AaQBlAHQAZgAuAG8AcgBnADsAbgBlAHQAZQB4AHQAQABpAGUAdABmAC4AbwByAGcA; Sosha1_v1; 7; {7545CBCE-34DE-4AF5-9F8E-687B91A1F5C8}; agB1AGwAaQBlAG4AbABAAHEAdQBhAGwAYwBvAG0AbQAuAGMAbwBtAA==; Wed, 28 Apr 2010 23:15:38 GMT; UwBlAGMAdQByAGkAdAB5ACAAcQB1AGUAcwB0AGkAbwBuACAAbwBuACAAYQBuAHkAYwBhAHMAdAAgAG0AbwBkAGUAIABvAGYAIABkAHIAYQBmAHQALQBpAGUAdABmAC0AbgBlAHQAZQB4AHQALQByAGUAZABpAHIAZQBjAHQALQAwADEA
x-cr-puzzleid: {7545CBCE-34DE-4AF5-9F8E-687B91A1F5C8}
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "netext@ietf.org" <netext@ietf.org>
Subject: [netext] Security question on anycast mode of draft-ietf-netext-redirect-01
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2010 23:16:31 -0000

Hello,

I have a security question on the anycast mode described in Section 1 of the draft:

   o  Support for IPv6 anycast addressing [RFC4291]: the current PMIPv6
      specification does not specify how the PMIPv6 protocol should
      treat anycast addresses assigned to mobility agents.  Although
      [RFC4291] now allows using anycast addresses as source addresses,
      it does not make much sense using anycast addresses for the MAG to
      the LMA communication after the initial PBU/PBA exchange.  For
      example, a blade architecture LMA may appear to the routing system
      as multiple LMAs with separate unicast IP addresses and with one
      or more "grouping" anycast addresses.

I understand from the above that a group of LMA would be addressed with a common anycast address, and the first PBU would be sent to this anycast address, and redirection would follow to one of the unicast addresses of a specific LMA.

If that is correct, I am wondering how will the SA between the MAG and the anycast LMA be looked up?

--julien

v2.23.0 | Report a Bug | By Email