IETF Logo Mail Archive

Re: [netext] Security question on anycast mode of draft-ietf-netext-redirect-01

jouni korhonen <jouni.nospam@gmail.com> Fri, 07 May 2010 10:19 UTC

Return-Path: <jouni.nospam@gmail.com>
X-Original-To: netext@core3.amsl.com
Delivered-To: netext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A62503A6943 for <netext@core3.amsl.com>; Fri, 7 May 2010 03:19:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.942
X-Spam-Level:
X-Spam-Status: No, score=-1.942 tagged_above=-999 required=5 tests=[AWL=0.657, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ct0XIZk8sT+B for <netext@core3.amsl.com>; Fri, 7 May 2010 03:19:03 -0700 (PDT)
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by core3.amsl.com (Postfix) with ESMTP id 992453A69B4 for <netext@ietf.org>; Fri, 7 May 2010 03:18:56 -0700 (PDT)
Received: by fg-out-1718.google.com with SMTP id l26so525514fgb.13 for <netext@ietf.org>; Fri, 07 May 2010 03:18:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=4YdNYGLA1GkaoHWmOGV65XgO1lkcHeMlWzz73s0RHy4=; b=ew68tJBSKEZYwmUBLG/MR0XbWTX3+R0oYJJvwmm5oAPH+JIJ+BknAiWs1pBGtSHvxg t25B4T6Q/5K68nBRhDr82n8GaA1qiMHS5hqLTjDHYkNazrNFMfZpz//ptVf84Q5BfPj0 n9vPMZG9gJCqxOTfTryvfMD1EfzfnukfviVAY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=p5TAbplwDoJD5IDhF343XFh/CPT7uBZDpowHD22LspWuHj2TeWy7qtreYoskcKuPUE 4Gtk3VqMSalcUDk52LQgVrCuesoVnRbP6BFCmdqiXjnC6AcDjrIU1dJYgGFl9/iwEh9w lLZtcZdwOSA1x7LOg9oby7veCULkY2Bu/jvMQ=
Received: by 10.87.63.1 with SMTP id q1mr3338433fgk.38.1273227520831; Fri, 07 May 2010 03:18:40 -0700 (PDT)
Received: from a88-114-64-208.elisa-laajakaista.fi (a88-114-64-208.elisa-laajakaista.fi [88.114.64.208]) by mx.google.com with ESMTPS id 26sm3820038fks.52.2010.05.07.03.18.38 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 07 May 2010 03:18:39 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: jouni korhonen <jouni.nospam@gmail.com>
In-Reply-To: <l2p8b78dd8b1005070046tbcbc5adfqe7bc4857b582fd80@mail.gmail.com>
Date: Fri, 07 May 2010 13:18:37 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <A7516EE6-C134-47DD-BD65-F461FDA03839@gmail.com>
References: <x2i8b78dd8b1005070020i6637bc0al753852a3bd3db8ec@mail.gmail.com> <BA360B83-8624-4205-83B7-A6AD40F7EB40@gmail.com> <l2p8b78dd8b1005070046tbcbc5adfqe7bc4857b582fd80@mail.gmail.com>
To: Xiaoyan Jiang <jxyswallow@gmail.com>
X-Mailer: Apple Mail (2.1078)
Cc: netext@ietf.org
Subject: Re: [netext] Security question on anycast mode of draft-ietf-netext-redirect-01
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 May 2010 10:19:05 -0000

Hi,

On May 7, 2010, at 10:46 AM, Xiaoyan Jiang wrote:

> 2010/5/7 jouni korhonen <jouni.nospam@gmail.com>
> Hi,
> 
> On May 7, 2010, at 10:20 AM, Xiaoyan Jiang wrote:
> 
> > Hi   Jouni
> >
> > When there are multiple LMAs in the same PMIP damain, how are the LMAs associated with each other? And, from the MAG's perspective, what' s the difference between the LMAs?
> 
> Associated with each other? I don't really understand the question. Those LMAs are within the same Redirection Domain and under the same administration. This does not really differentiate from any anycast deployment.
> 
> Ok, I know, it is like the anycast deployment.
>  
> From a MAG point of view, when using anycast addressing, it sees no difference between LMAs. When runtime assignment takes place, the MAG learns the individual LMA that was picked up. The MAG will eventually have a separate SA with each individual LMA (either dynamically or manually established).
> 
> I mean when MAG selects LMA for MN to register, it just considers the load factor or there are other factors, such as the different LMA provides different service?

The MAG does not generally do such decision. The decision which LMA at the end gets assigned to the MAG (and the MN) takes place in the rfLMA. The only selection the MAG does is to located a LMA (actually a rfLMA in runtime LMA assignment scope) based on generic criteria such as provided services (see discussion around this in draft-ietf-netlmm-lma-discovery-03).

- Jouni



>   
> Xiaoyan Jiang
> 
> 
> - Jouni
> 
> >
> > Thank you!
> >
> > > o  LMAs with multiple IP addresses: a cluster of LMAs or a blade
> > >      architecture LMA may appear to the routing system as multiple LMAs
> > >     with separate unicast IP addresses.  A MAG can initially select
> > >      any of those LMA IP addresses as the LMA Address using e.g., DNS-
> > >      and AAA-based solutions.  However, MAG's initial selection may be
> > >      suboptimal from the LMA point of view and immediate redirection to
> > >      a "proper LMA" would be needed.  The LMA could use [RFC5142] based
> > >      approach but that would imply unnecessary setting up of a mobility
> > >      session in a "wrong LMA" with associated backend support system
> > >      interactions, involve additional signaling between the MAG and the
> > >      LMA, and re-establishing mobility session to the new LMA again
> > >      with associated signaling.
> >
> > Xiaoyan Jiang
> >
> 
>

v2.23.0 | Report a Bug | By Email