[Mobopts] MIPv6 IPsec Route Optimization (IRO)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mobopts] MIPv6 IPsec Route Optimization (IRO)
Hi,
Sorry for crossposting but the topic discussed in the draft may be of
interest for people of the 3 lists.
> IETF I-D Submission Tool <idsubmission at ietf.org> writes:
>
> A new version of I-D, draft-ebalard-mext-ipsec-ro-00.txt has been
> successfuly submitted by Arnaud Ebalard and posted to the IETF
> repository.
>
> Filename: draft-ebalard-mext-ipsec-ro
> Revision: 00
> Title: Mobile IPv6 IPsec Route Optimization (IRO)
> Creation_date: 2008-11-17
> WG ID: Independent Submission
> Number_of_pages: 44
>
> Abstract:
>
> This memo specifies an improved alternate route optimization procedure
> for Mobile IPv6 designed specifically for environments where IPsec is
> used between peers (most probably with IKE). The replacement of the
> complex Return Routability procedure for a simple mechanism and the
> removal of HAO and RH2 extensions from exchanged packets result in
> performance and security improvements.
I have just submitted a new I-D [1] which certainly requires an
introduction (and disclaimer): it specifies a MIPv6 Route Optimization
procedure *dedicated* to environments where IPsec/IKE is used between
peers (MN-HA, MN-CN, MN-MN) for protecting both signaling and data
traffic.
Some of the improvements provided by this "IPsec Route Optimization"
mechanism (IRO) are also proposed for the IPsec communications between
the MN and its HA.
Among the feFrom mobopts-bounces at irtf.org Mon Nov 17 00:32:58 2008
Return-Path: <mobopts-bounces at irtf.org>
X-Original-To: mobopts-archive at megatron.ietf.org
Delivered-To: ietfarch-mobopts-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id BE0593A698A;
Mon, 17 Nov 2008 00:32:58 -0800 (PST)
X-Original-To: mobopts at core3.amsl.com
Delivered-To: mobopts at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 46A8B3A698A;
Mon, 17 Nov 2008 00:32:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5
tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 0BiSduYjrQE8; Mon, 17 Nov 2008 00:32:57 -0800 (PST)
Received: from copper.chdir.org (copper.chdir.org [88.191.97.87])
by core3.amsl.com (Postfix) with ESMTP id 4388A3A696C;
Mon, 17 Nov 2008 00:32:57 -0800 (PST)
Received: from [2001:7a8:78df:2:20d:93ff:fe55:8f78]
(helo=localhost.localdomain)
by copper.chdir.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69)
(envelope-from <arno at natisbad.org>)
id 1L1zXG-0006cY-98; Mon, 17 Nov 2008 09:32:42 +0100
X-Hashcash: 1:20:081117:mext at ietf.org::uS+ElyPx6d1zShNw:00002aX9
X-Hashcash: 1:20:081117:mobopts at irtf.org::rBHPMCBm0o28YDvh:00gRY
X-Hashcash: 1:20:081117:ipsec at ietf.org::rW2BcA47NML8k/be:000EcwZ
From: arno at natisbad.org (Arnaud Ebalard)
To: IETF MEXT WG ML <mext at ietf.org>
X-PGP-Key-URL: http://natisbad.org/arno at natisbad.org.asc
X-Fingerprint: 47EB 85FE B99A AB85 FD09 46F3 0255 957C 047A 5026
Date: Mon, 17 Nov 2008 00:30:57 -0800
Message-ID: <87d4guwy7y.fsf at natisbad.org>
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux)
MIME-Version: 1.0
Cc: IPsec IETF WG ML <ipsec at ietf.org>, Mobopts IRTF WG ML <mobopts at irtf.org>
Subject: [Mobopts] MIPv6 IPsec Route Optimization (IRO)
X-BeenThere: mobopts at irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Mobility Optimizations <mobopts.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/mobopts>,
<mailto:mobopts-request at irtf.org?subject=unsubscribe>
List-Archive: <https://www.irtf.org/mailman/private/mobopts>
List-Post: <mailto:mobopts at irtf.org>
List-Help: <mailto:mobopts-request at irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/mobopts>,
<mailto:mobopts-request at irtf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: mobopts-bounces at irtf.org
Errors-To: mobopts-bounces at irtf.org
Hi,
Sorry for crossposting but the topic discussed in the draft may be of
interest for people of the 3 lists.
> IETF I-D Submission Tool <idsubmission at ietf.org> writes:
>
> A new version of I-D, draft-ebalard-mext-ipsec-ro-00.txt has been
> successfuly submitted by Arnaud Ebalard and posted to the IETF
> repository.
>
> Filename: draft-ebalard-mext-ipsec-ro
> Revision: 00
> Title: Mobile IPv6 IPsec Route Optimization (IRO)
> Creation_date: 2008-11-17
> WG ID: Independent Submission
> Number_of_pages: 44
>
> Abstract:
>
> This memo specifies an improved alternate route optimization procedure
> for Mobile IPv6 designed specifically for environments where IPsec is
> used between peers (most probably with IKE). The replacement of the
> complex Return Routability procedure for a simple mechanism and the
> removal of HAO and RH2 extensions from exchanged packets result in
> performance and security improvements.
I have just submitted a new I-D [1] which certainly requires an
introduction (and disclaimer): it specifies a MIPv6 Route Optimization
procedure *dedicated* to environments where IPsec/IKE is used between
peers (MN-HA, MN-CN, MN-MN) for protecting both signaling and data
traffic.
Some of the improvements provided by this "IPsec Route Optimization"
mechanism (IRO) are also proposed for the IPsec communications between
the MN and its HA.
Among the features patures provided by IRO (introduction of the document as
a more accurate list):
* Complete removal of RH2 and HAO (resulting in simplified packet
handling on both sides and possibly better compatibility with
filtering implemented in the network),
* Per packet MTU gains between 24 and 48 bytes in comparison with
equivalent uses of IPsec in standard RO context,
* Improved and more generic proof of address ownership mechanism,
* Safe by default behavior avoiding direct unprotected traffic flows,
* No additionnal changes to IPsec or IKE protocols and limited
changes to MIPv6 via four simple messages and a single option.
Next steps is to gather some initial feedback from interested people of
the WG. Then, I intend to spend some time implementing it (under Linux)
to challenge the ideas provided in the draft.
Comments are welcome. Note that this is a -00 which implies that some
parts are still quite raw and might deserve additional comments/work.
Cheers,
a+
[1]: http://www.ietf.org/internet-drafts/draft-ebalard-mext-ipsec-ro-00.txt
_______________________________________________
Mobopts mailing list
Mobopts at irtf.org
https://www.irtf.org/mailman/listinfo/mobopts
rovided by IRO (introduction of the document as
a more accurate list):
* Complete removal of RH2 and HAO (resulting in simplified packet
handling on both sides and possibly better compatibility with
filtering implemented in the network),
* Per packet MTU gains between 24 and 48 bytes in comparison with
equivalent uses of IPsec in standard RO context,
* Improved and more generic proof of address ownership mechanism,
* Safe by default behavior avoiding direct unprotected traffic flows,
* No additionnal changes to IPsec or IKE protocols and limited
changes to MIPv6 via four simple messages and a single option.
Next steps is to gather some initial feedback from interested people of
the WG. Then, I intend to spend some time implementing it (under Linux)
to challenge the ideas provided in the draft.
Comments are welcome. Note that this is a -00 which implies that some
parts are still quite raw and might deserve additional comments/work.
Cheers,
a+
[1]: http://www.ietf.org/internet-drafts/draft-ebalard-mext-ipsec-ro-00.txt
_______________________________________________
Mobopts mailing list
Mobopts at irtf.org
https://www.irtf.org/mailman/listinfo/mobopts
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
