[Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt

To: <tsirtsis at googlemail.com>
Subject: [Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt
From: "Vijay Devarapalli" <vijay at wichorus.com>
Date: Tue, 4 Nov 2008 20:39:48 -0500
Cc: mip4 at ietf.org, Jari Arkko <jari.arkko at piuha.net>, Yaron Sheffer <yaronf at checkpoint.com>
Delivered-to: ietfarch-mip4-web-archive at core3.amsl.com
Delivered-to: mip4 at core3.amsl.com
List-archive: <https://www.ietf.org/mailman/private/mip4>
List-help: <mailto:mip4-request@ietf.org?subject=help>
List-id: Mobility for IPv4 <mip4.ietf.org>
List-post: <mailto:mip4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mip4>, <mailto:mip4-request@ietf.org?subject=unsubscribe>
Sender: mip4-bounces at ietf.org
Thread-index: Ack+52NtPenfp3OeQ5evwjSAWk+DwA==
Thread-topic: Comments on draft-ietf-mip4-dsmipv4-07.txt

Hi George,

Section 4.3.2 of draft-ietf-mip4-dsmipv4-07.txt has the following text

   The home agent SHOULD check that all inner IPv6 packets received from
   the mobile node over a tunnel with outer source address the home
   address or the care-of address, include a source address that falls
   under the registered IPv6 prefix(es) for that mobile node.  If the
   source address of the outer header of a tunneled packet is not the
   registered IPv4 care-of address or the registered IPv4 home
   addresses, the packet SHOULD be dropped.  If the source address of
   the inner header of an tunneled packet does not match any of the
   registered prefixes the packet SHOULD be dropped.

Why does this say "the packet SHOULD be dropped"? It should say "MUST",
right? IMO, the home agent should strictly enforce ingress filtering on
the source address that the mobile node can use for the inner IPv6
packets.

The following text in section 4.5 needs a minor correction.

      If the code field is set to "1" then the mobile node MUST act as
      follows:

      - If the care-of address mode of operation is used, the mobile
      node MUST be prepared to send/receive IPv6 traffic on its
      interface natively (i.e., without any Mobile IP related tunnel
      headers).  If reverse tunneling is negotiated, then IPv6 traffic
      sent by the mobile node may be reverse tunneled via the foreign
      agent using either the direct delivery style or the encapsulating
      delivery style as defined in [RFC3024] for IPv4 traffic.

I assume you are talking about FA care-of address mode. So the paragraph
should say

      - If the foreign agent care-of address mode of operation is used
....

Finally we might need to explain in more detail what happens when the
foreign agent is a VPN gateway as described in RFC 5265. I believe Yaron
raised this issue. In case you set the code in the IPv6 Prefix Reply
Extension to "1" in foreign agent care-of address mode, then the IPv6
packets for the mobile node would actually be encapsulated in an IPsec
tunnel between the MN and the VPN GW, instead of being sent as native
IPv6 packets. So we might need a short paragraph describing this. 

Vijay
--
Mip4 mailing list: Mip4 at ietf.org
    Web interface: https://www.ietf.org/mailman/listinfo/mip4
     Charter page: http://www.ietf.org/html.charters/mip4-charter.html
Supplemental site: http://www.mip4.org/

Follow-Ups:
- Re: [Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt
  - From: George Tsirtsis

Prev by Date: [Mip4] I-D Action:draft-ietf-mip4-generic-notification-message-07.txt
Next by Date: Re: [Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt
Previous by thread: [Mip4] I-D Action:draft-ietf-mip4-generic-notification-message-07.txt
Next by thread: Re: [Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt
Index(es):
- Date
- Thread

[Mip4] Comments on draft-ietf-mip4-dsmipv4-07.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.