Re: [MEXT] TLV header in DSMIP

To: <Pasi.Eronen at nokia.com>
Subject: Re: [MEXT] TLV header in DSMIP
From: "Sri Gundavelli" <sgundave at cisco.com>
Date: Mon, 7 Apr 2008 07:55:50 -0700
Authentication-results: sj-dkim-3; header.From=sgundave at cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: mext at ietf.org
Delivered-to: ietfarch-mip6-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=4895; t=1207580151; x=1208444151; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=sgundave at cisco.com; z=From:=20=22Sri=20Gundavelli=22=20<sgundave at cisco.com> |Subject:=20RE=3A=20[MEXT]=20TLV=20header=20in=20DSMIP |Sender:=20; bh=KlMnxTpOTYVRRYG1zLLJwp3fK42g1pPfK5DKecPLgaY=; b=jXiOzvPRe6NYn886ZNPMY4Cm7RlUbd/LwZj85ZllY7wlq86FHKdK0rTOXt RPItxymq9a94j2FhTee22iuBY6HSM8UioyIHENQTNI0Gxdue2BZM7RaUJ3MC spLlQ8kMDt;
In-reply-to: <1696498986EFEC4D9153717DA325CB724DBD62 at vaebe104.NOE.Nokia.com>
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
References: <FC91340F-574D-432B-9C16-FDC4522FA897 at elevatemobile.com> <005901c895d3$c4d52440$d2716b80 at amer.cisco.com> <EA3F921C-5B65-4895-9F4E-481EE6F7CCDE at elevatemobile.com> <001e01c89604$15134880$d4f6200a at amer.cisco.com> <05465585-698D-4926-8D2C-FFDD869BEB86 at elevatemobile.com> <000001c896ec$f8e64d30$d4f6200a at amer.cisco.com> <AA0726F0-0A81-45B1-B640-261D3C2505A7 at elevatemobile.com> <003a01c89865$980851a0$7f89680a at amer.cisco.com> <1696498986EFEC4D9153717DA325CB724DBD62 at vaebe104.NOE.Nokia.com>
Sender: mext-bounces at ietf.org
Thread-index: AciW94CtjX377zpwQ7uYKsxaFLi+LgBaWkLAAAykEXAACny+kA==

I'm not sure how the NAT traversal scheme works if only
control traffic is enabled for IPsec protection and
not the data traffic. 3775 clearly allows this and is
probably the most default mechanism given the crypto
hardware accelerator requirements on the boxes. In this
scenario of MN using a private address and behind a NAT,
there will be two NAT flows and not sure how they are
tied. This is not an issue in 3775, a secured MIP control
packets result in a L3 tunnel and its optional if ESP
is enabled on that tunnel for data traffic. Given the port
4500 for ESP only traffic, not sure how non-ESP traffic
can be sent there. Especially the initial packets from CN
to MN, when there is no NAT mapping for that flow ...

May be I'm missing some thing basic ... if this is already
discussed and worked out ...some clarifications or pointers
to the draft will help ...

Sri



> -----Original Message-----
> From: Pasi.Eronen at nokia.com [mailto:Pasi.Eronen at nokia.com] 
> Sent: Monday, April 07, 2008 3:06 AM
> To: sgundave at cisco.com
> Cc: mext at ietf.org
> Subject: RE: [MEXT] TLV header in DSMIP
> 
> 
> BTW, I've stated several times that I believe that an average
> implementor (i.e., someone who hasn't participated in writing this
> specification and doesn't have a PhD) can't actually figure out how
> the DSMIPv6/IPsec interaction works based on the current spec
> (which is already in much better shape than earlier versions).
> 
> I do understand that Hesham as the editor cannot (and should not) 
> fix this alone -- so I would really appreciate if other WG members
> would help with writing the needed text. 
> 
> I've suggested e.g. showing packets (both before and after IPsec 
> processing) with their headers to show what traffic is sent from/to 
> which port (and how IPsec interacts with this). In particular, 
> "using 4500 for secure traffic and DSMIP port for other traffic" 
> is *not* what the current spec says.
> 
> Could someone from the WG volunteer to produce those packet diagrams,
> and propose improved text around those diagrams?
> 
> (My apologies for being blunt, but I'd rather see this fixed before
> the draft comes to IESG -- remember that the ADs who have to ballot 
> "Yes" or "No objection" mostly haven't participated in writing this 
> spec, and don't have PhDs.)
> 
> Best regards,
> Pasi
> 
> > -----Original Message-----
> > From: ext Sri Gundavelli [mailto:sgundave at cisco.com] 
> > Sent: 07 April, 2008 07:12
> > To: 'Hesham Soliman'
> > Cc: mext at ietf.org; Eronen Pasi (Nokia-NRC/Helsinki)
> > Subject: RE: [MEXT] TLV header in DSMIP
> > 
> > Hi Hesham,
> > 
> > Also, can you please clarify the operation for this
> > below scenarioe. We are updating our PMIP6 IPv4 document
> > and we are not clear how this scenario works, in liu of
> > the latest DSMIP6 resolutions. Some clarifications will
> > help.
> > 
> > When ESP is used only for control traffic and not for data
> > traffic, how does the NAT traversal scheme work ? The NAT
> > mappings for both the flows are different, howz the relation
> > maintained ?
> > 
> > My Assumption: IPv4 transport in use, NAT in path and
> > the resolution that the port 4500 is used for secure
> > ESP traffic and for non secure traffic DSMIP port is
> > used. 
> > 
> > Operation: 
> > ===========
> > - MN sends MIP BU encapsulated in UDP to port 4500
> > 
> > - NAT binding is created on the NAT device, having a
> >   relation to src port of the BU, port 4500, IPv4-private-coa,
> >   IPv4-public-coa and HA-V4-Address
> >  
> > - HA creates a tunnel with UDP encap and with the above 
> >   properties (Src/Dest ports)
> > 
> > - If MN or HA needs to forward data traffic and unprotected,
> >   does it needs to be sent to port 4500 or DSMIP port ?
> >   We cannot send non-ESP traffic to port 4500.
> > 
> > - If this is sent to DSMIP port, what triggers the new NAT
> >   mapping and howz the tunnel encap header modified on the HA ?
> > 
> > - How do keepalives work ?
> > 
> > Appreciate your time on this.
> > 
> > 
> > Regards
> > Sri
> >   
> >
> > > -----Original Message-----
> > > From: Hesham Soliman [mailto:hesham at elevatemobile.com] 
> > > Sent: Saturday, April 05, 2008 1:32 AM
> > > To: Sri Gundavelli
> > > Cc: mext at ietf.org; Pasi.Eronen at nokia.com
> > > Subject: Re: [MEXT] TLV header in DSMIP
> > > 
> > > >
> > > > I can provide the text, if there is agreement that we are using
> > > > DSMIP port and the TLV-ESP follows the UDP. I'm bit confused, on
> > > > what is the port number that is in use. 4500 or the DSMIP port ?
> > > 
> > > => I don't think we need the text now, there is agreement 
> > > to remove  this. We're using 4500 for secure traffic and 
> DSMIP port 
> > > for other traffic.
> > > 
> > > Hesham
> > > 
> > > >
> > > >
> > > > Sri

_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext

Follow-Ups:
- Re: [MEXT] TLV header in DSMIP
  - From: George Tsirtsis

References:
- [MEXT] TLV header in DSMIP
  - From: Hesham Soliman
- Re: [MEXT] TLV header in DSMIP
  - From: Sri Gundavelli
- Re: [MEXT] TLV header in DSMIP
  - From: Hesham Soliman
- Re: [MEXT] TLV header in DSMIP
  - From: Sri Gundavelli
- Re: [MEXT] TLV header in DSMIP
  - From: Hesham Soliman
- Re: [MEXT] TLV header in DSMIP
  - From: Sri Gundavelli
- Re: [MEXT] TLV header in DSMIP
  - From: Hesham Soliman
- Re: [MEXT] TLV header in DSMIP
  - From: Sri Gundavelli
- Re: [MEXT] TLV header in DSMIP
  - From: Pasi.Eronen

Prev by Date: Re: [MEXT] TLV header in DSMIP
Next by Date: Re: [MEXT] TLV header in DSMIP
Previous by thread: Re: [MEXT] TLV header in DSMIP
Next by thread: Re: [MEXT] TLV header in DSMIP
Index(es):
- Date
- Thread

Re: [MEXT] TLV header in DSMIP

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.