Re: [MEXT] TLV header in DSMIP

["Sri Gundavelli" <sgundave at cisco.com>]

Hi Vijay,
 
> >  I dont follow this. If port 4500 is in use, 3947/3948 
> considerations
> >  apply. Where does the use of TLV specified ? ESP decapsulation
> >  starts right after UDP header.
> 
> In version 06, the security considerations section mandates that
> 
> - For IPsec protected payload traffic, port 4500 is used
> - For non-IPsec protected payload traffic, the DS-MIPv6 UDP 
> port is used
> - When the DS-MIPv6 UDP port is used, you have the option of using
> plain UDP encapsulation or TLV-header UDP encapsulation. That is
> negotiated with the BU/BAck exchange.
> 


Ok. So, this is what I said last week (see below) ..Use
of two ports 4500 when using ESP and DSMIP6 port when
using TLV (offcourse when not using TLV as well) and
when ESP is not in use. This allows one to use GRE
encap in all modes, secure or non-secure and for IPv4
or IPv6 payload traffic. The comment was that "3948 is
not used for IPv6", ...what in this will not work ? Cannot
carry IPv6 traffic over port 4500 ? If there is no issue
here, we all are on the same page.

---
> Sent: Thursday, April 03, 2008 2:44 PM
> From: Sri Gundavelli
> ...
> ...
> So, we assume 3948 scheme is in use and since ESP has the
> semantics to identify the contained types ...
> 
> IPv4-UDP-ESP-GRE-(IPv4, IPv6) -- 3948 is in use, UDP port 4500.
> IPv4-UDP-TLV-GRE-(IPv4, IPv6) -- DSMIP6 port.
>  
> This is ok.

> =>[Hesham]  Not really, 3948 is not used for IPv6, so we can't assume that
for  
> all cases.
>
---


> Messy, but we have to live with it since we have two different NAT
> traversal mechanisms (IKEv2 and DS-MIPv6) being used at the same time.
> 

I understand.


Thanks
Sri

_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext