Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00

To: arno at natisbad.org (Arnaud Ebalard)
Subject: Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
From: Ryuji Wakikawa <ryuji.wakikawa at gmail.com>
Date: Mon, 17 Nov 2008 14:16:25 -0600
Cc: "mext at ietf.org" <mext at ietf.org>, Basavaraj Patil <basavaraj.patil at nokia.com>
Delivered-to: ietfarch-mip6-web-archive at core3.amsl.com
Delivered-to: mext at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:in-reply-to:subject :references:message-id:content-type:content-transfer-encoding :mime-version:date:cc:x-mailer; bh=tk9W7HW/w3cIU7coWhlPOwRwKHFTilYyGUkTWN2N+oI=; b=r/KRKR45AS/upC0bpMavK3VUQK0zvm8Yj67/RfTt4kQligiwWf4wQ5uXu7sNg3noUY GhQi+pzD5cwzYg9+kZaXOaOuSdhzQhaJ38OdWNEM/WqDzek2jtY7qCTbJyjbuy90HB9i yxZuJLYb3pIoFRr/IvouORWG9saTiY6UM6Hy8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:in-reply-to:subject:references:message-id:content-type :content-transfer-encoding:mime-version:date:cc:x-mailer; b=nbWhuO3m1Mjr2b8g1UCrYVYvEAGYKaoAsmdllXYNLVRBMPxdKdl0PBWg3nAcfkMpAT nynt444a8AEG73p6aW162ravGKxZk20a/auezktG0P3nXvVrIO9ZMtwZyzEvVvUYCdhE 0KkEZVeSLnN7ifstHxkVDy8w7gwd5zQdtLJDE=
In-reply-to: <87iqqmp2f9.fsf at natisbad.org>
List-archive: <http://www.ietf.org/pipermail/mext>
List-help: <mailto:mext-request@ietf.org?subject=help>
List-id: Mobile IPv6 EXTensions WG <mext.ietf.org>
List-post: <mailto:mext@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/mext>, <mailto:mext-request@ietf.org?subject=unsubscribe>
References: <C52B6435.1C272%basavaraj.patil at nokia.com> <92E747DC-8AE9-4A6F-92D6-9EBCFB051F8C at gmail.com> <87iqqmp2f9.fsf at natisbad.org>
Sender: mext-bounces at ietf.org

Hi
On 2008/11/17, at 13:39, Arnaud Ebalard wrote:

Hi,

Ryuji Wakikawa <ryuji.wakikawa at gmail.com> writes:

True, IPsec/IKE are painful part when implementing Mobile IPv6.
There is another reason that is supporting the feature of returning
home.
We need a lot of special codes for returning home (including SAD/SPD
parts).

  (9)  The way that the IPsec code sits in the usual kernel, and the
       access mechanisms for the SA database, are not very convenient
       for use by straightforward implementations of Mobile IPv6.
       Unusual calling sequences and parameter passing seems to be
       required on many platforms.

I repeated this several time, but we should have informational RFC
something like
http://tools.ietf.org/html/draft-sugimoto-mip6-pfkey-migrate-04
This is very useful document for implementators.


Linux 2.6.28 will be fully compliant with a followup document I wrote
(SADB_X_EXT_PACKET part removed and replaced by KMADDRESS extension, a
more simple and efficient mechanism). Those changes have been merged
mainline:

http://tools.ietf.org/html/draft-ebalard-mext-pfkey-enhanced-migrate-00


I am currently handling integration of  associated patches in racoon

(for MIGRATE/KMADDRESS support). I also have interactions w/ peoplefromstrongSwan project which are currently implementing what isspecified in

my draft for Charon, the IKEv2 daemon.

Patches for UMIP (will see that w/ Sugimoto-san) are also
available. Information is available on http://natisbad.org/MIPv6/

Comments appreciated if you have some time to review those pages andthe

draft.


good to know there are progresses on the spec and impl.

Shinta sent us a patch of PF_KEY modification for SHISA (BSD-MIPimplementation) a long time ago.

I don't remember if we merge the patch or not.. Keiichi may answer this.

I have another concern.
Whenever MN moves, MN needs IKE signaling if the feature of K-bit is
not supported.
We have to consider the movement latency including IKE/MIP signaling
exchange.
We do not optimize the IKE part. As a result, MN may not do fast
handover...

When using IKE, an *unmodified* IKE daemon is not able to negotiatethe

initial transport mode SA so K-bit does not make sense in the end. You
need to have a MIPv6-modified IKE implementation to bootstrap. Please,
take a look at previous draft. I have already raised the issue
(Sebastien Decugis has even written a draft on the topic.)


I personally don't care if IKE is modified or not for MIP.

My personal comment is that "it's better to mandate K-bit always setto 1."


regards,
ryuji



regards,
ryuji



Cheers,

a+


_______________________________________________
MEXT mailing list
MEXT at ietf.org
https://www.ietf.org/mailman/listinfo/mext

Follow-Ups:
- Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
  - From: Arnaud Ebalard

References:
- [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
  - From: Basavaraj Patil
- Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
  - From: Ryuji Wakikawa
- Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
  - From: Arnaud Ebalard

Prev by Date: [MEXT] Note takers and scribes
Next by Date: Re: [MEXT] draft-ietf-mext-flow-binding-00.txt - comments
Previous by thread: Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
Next by thread: Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00
Index(es):
- Date
- Thread

Re: [MEXT] FW: New Version Notification for draft-patil-mext-mip6issueswithipsec-00

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.