Re: [IPsec] Use of IKE to obtain address of home agent

["Giaretta, Gerardo" <gerardog at qualcomm.com>]

Hi Julien, all,

See a comment inline.

> -----Original Message-----
> From: Julien Laganier [mailto:julien.laganier.IETF at googlemail.com]
> Sent: Thursday, September 18, 2008 4:18 AM
> To: ipsec at ietf.org
> Cc: Tero Kivinen; Christian.Kaas-Petersen at tietoenator.com
> Subject: Re: [IPsec] Use of IKE to obtain address of home agent
>
> Christian and Tero,
>
> Quick follow-up on this topic:
>
> On Thursday 18 September 2008, Tero Kivinen wrote:
> > Christian.Kaas-Petersen at tietoenator.com writes:
> > > 3GPP has in document TS 24.302 (can be retrieved from
> > > http://www.3gpp.org/ftp/Specs/html-info/24302.htm), section 7.2.2,
> > > specified a use of IKE, where IKE sets up a secure tunnel to
> > > a security gateway, denoted ePDG, and expects this security gateway
> > > to return both an address to the mobile node, which normally
> > > will be a care-of address, and the address(es) of the home agent.
> > > The said document thinks this possible by having two Configuration
> > > Payloads.  IKEv2bis, and previous documents, only indicated one
> > > Configuration Payload to be present, and with the recent discussion
> > > in mind where the order of the payloads in an IKE packet should
> > > not matter, then having two Configuration Payloads is not a viable
> > > approach.  It would be better to introduce two new configuration
> > > attributes, for example named INTERNAL_IP4_HA and INTERNAL_IP6_HA.
> >
> > Yes, it would be better to have 2 new configuration options. The
> > section 7.2.2. does not actually specify which configuration
> > attribute type is used to negotiate Home Agent addresses.
> >
> > Including more than one configuration payloads in the exchange, would
> > be bad idea, as the configuration payloads do not hve any kind of
> > transaction id or similar, meaning there is no way to know which
> > CFG_REPLY matches which CFG_REQUEST if there is multiple
> > configuration payloads (of same CFG TYPE) in same exchange.
>
> I have a different reading of 3GPP TS 24.302; I think there's a little
> mistake in the text and what it want to say is that "the UE may also
> request the address(es) of a Home Agent for DSMIPv6 related signaling,
> by including a corresponding _attribute_ in the CFG_REQUEST
> configuration payload."
>
> That would be in-line with the Editor's note that follows which
> state "it is FFS which type of attribute (private or assigned by IANA)
> is used in the configuration payload.
>

Julien's understanding is correct. In 3GPP CT1 we have left still open and there was no discussion. There was some discussion of having a vendor specific attribute for this.

Note that this is optional as the MN can always discover the HA via DNS

> I see absolutely no reason to use two CFG_REQUEST be needed...
>
> Thus TS 24.302 has to be fixed.
>
> > Another option is to use the INTERNAL_IP{4,6}_DHCP attribute in IKEv2
> > and then get the home agent address from the DHCP server.
>
> The alternative of getting the HA information via DHCP is already
> covered as part of 3GPP TS 24.303 "Mobility Management based on
> Dual-Stack Mobile IPv6", amongst other alternatives (DNS, and GTP
> Protocol Configuration Options.)
>

TS 23.402 (the corresponding stage2) mandates the assignment of the HA address within IKEv2 signaling. DHCP-based HA assignment is specified but for another scenario.

Gerardo

> --julien
_______________________________________________
IPsec mailing list
IPsec at ietf.org
https://www.ietf.org/mailman/listinfo/ipsec