Re: [MEXT] TLV header in DSMIP

[<Pasi.Eronen at nokia.com>]

BTW, I've stated several times that I believe that an average
implementor (i.e., someone who hasn't participated in writing this
specification and doesn't have a PhD) can't actually figure out how
the DSMIPv6/IPsec interaction works based on the current spec
(which is already in much better shape than earlier versions).

I do understand that Hesham as the editor cannot (and should not) 
fix this alone -- so I would really appreciate if other WG members
would help with writing the needed text. 

I've suggested e.g. showing packets (both before and after IPsec 
processing) with their headers to show what traffic is sent from/to 
which port (and how IPsec interacts with this). In particular, 
"using 4500 for secure traffic and DSMIP port for other traffic" 
is *not* what the current spec says.

Could someone from the WG volunteer to produce those packet diagrams,
and propose improved text around those diagrams?

(My apologies for being blunt, but I'd rather see this fixed before
the draft comes to IESG -- remember that the ADs who have to ballot 
"Yes" or "No objection" mostly haven't participated in writing this 
spec, and don't have PhDs.)

Best regards,
Pasi

> -----Original Message-----
> From: ext Sri Gundavelli [mailto:sgundave at cisco.com] 
> Sent: 07 April, 2008 07:12
> To: 'Hesham Soliman'
> Cc: mext at ietf.org; Eronen Pasi (Nokia-NRC/Helsinki)
> Subject: RE: [MEXT] TLV header in DSMIP
> 
> Hi Hesham,
> 
> Also, can you please clarify the operation for this
> below scenarioe. We are updating our PMIP6 IPv4 document
> and we are not clear how this scenario works, in liu of
> the latest DSMIP6 resolutions. Some clarifications will
> help.
> 
> When ESP is used only for control traffic and not for data
> traffic, how does the NAT traversal scheme work ? The NAT
> mappings for both the flows are different, howz the relation
> maintained ?
> 
> My Assumption: IPv4 transport in use, NAT in path and
> the resolution that the port 4500 is used for secure
> ESP traffic and for non secure traffic DSMIP port is
> used. 
> 
> Operation: 
> ===========
> - MN sends MIP BU encapsulated in UDP to port 4500
> 
> - NAT binding is created on the NAT device, having a
>   relation to src port of the BU, port 4500, IPv4-private-coa,
>   IPv4-public-coa and HA-V4-Address
>  
> - HA creates a tunnel with UDP encap and with the above 
>   properties (Src/Dest ports)
> 
> - If MN or HA needs to forward data traffic and unprotected,
>   does it needs to be sent to port 4500 or DSMIP port ?
>   We cannot send non-ESP traffic to port 4500.
> 
> - If this is sent to DSMIP port, what triggers the new NAT
>   mapping and howz the tunnel encap header modified on the HA ?
> 
> - How do keepalives work ?
> 
> Appreciate your time on this.
> 
> 
> Regards
> Sri
>   
>
> > -----Original Message-----
> > From: Hesham Soliman [mailto:hesham at elevatemobile.com] 
> > Sent: Saturday, April 05, 2008 1:32 AM
> > To: Sri Gundavelli
> > Cc: mext at ietf.org; Pasi.Eronen at nokia.com
> > Subject: Re: [MEXT] TLV header in DSMIP
> > 
> > >
> > > I can provide the text, if there is agreement that we are using
> > > DSMIP port and the TLV-ESP follows the UDP. I'm bit confused, on
> > > what is the port number that is in use. 4500 or the DSMIP port ?
> > 
> > => I don't think we need the text now, there is agreement 
> > to remove  this. We're using 4500 for secure traffic and DSMIP port 
> > for other traffic.
> > 
> > Hesham
> > 
> > >
> > >
> > > Sri
_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext