RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)

To: "'Yoshihiro Ohba'" <yohba at tari.toshiba.com>
Subject: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
From: "Alper Yegin" <alper.yegin at yegin.org>
Date: Sun, 8 Oct 2006 14:09:35 +0300
Cc: 'Mark Townsley' <townsley at cisco.com>, 'Mohan Parthasarathy' <mohanp at sbcglobal.net>, pana at ietf.org
In-reply-to: <20061008034042.GB17806@steelhead>
List-help: <mailto:pana-request@ietf.org?subject=help>
List-id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-post: <mailto:pana@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
Thread-index: AcbqjQ08VocKvYRDQbKceIFalFDwIgAPL65g

> Alper,
> 
> I think Mohan is proposing that the access network that uses PANA is
> expected to be designed such that PaC does not require to change its
> IP address used for PANA communication before and after PANA
> authentication (PaC may acquire additional IP addresses after
> successful PANA authentication, though).

These were considered in the past. The current design is not by accident :-)
We want to make the minimum impact on the host behavior. Requiring
additional IP address configuration because host is using PANA is not a good
idea. And in the case of IPv4, it's even a problem (multihoming, source
address selection issues, etc.).

Alper




> 
> Yoshihiro Ohba
> 
> 
> On Sun, Oct 08, 2006 at 01:04:03AM +0300, Alper Yegin wrote:
> > > If the initial address (PRPA) is not a link-local address, then you
> can
> > > use it both before and after PANA. Either it is a private address that
> > > gets NATed or a public address. If the underlying
> > > protection (e.g. IPsec) needs another address, it may have to get
> another
> > > address which PANA does not have to worry about it i guess.
> > > Missing something ?
> >
> > You only talked about the IPsec case.
> >
> > But for example in DSL case, the PaC cannot know whether the PRPA is
> good
> > for post-PANA data communication or not. Unless the PRPA is a link-local
> > address, the PaC cannot tell one way or the other. And there is no
> IKE/IPsec
> > in that case.
> >
> > Alper
> >
> >
> >
> >
> > >
> > > -mohan
> > >
> > >
> > > ----- Original Message ----
> > > From: Alper Yegin <alper.yegin at yegin.org>
> > > To: Mohan Parthasarathy <mohanp at sbcglobal.net>; Yoshihiro Ohba
> > > <yohba at tari.toshiba.com>; Mark Townsley <townsley at cisco.com>
> > > Cc: pana at ietf.org
> > > Sent: Friday, October 6, 2006 1:19:37 PM
> > > Subject: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-
> pana)
> > >
> > > Mohan,
> > >
> > > > So,
> > > > we can
> > > > potentially make it by restricting what sort of an address it
> obtains
> > > > before running
> > > > PANA so that it does not require a new one after (it can be outside
> the
> > > > PANA spec)
> > >
> > > I'm not sure I understand this proposal. Can you please elaborate?
> > >
> > > Thanks.
> > >
> > > Alper
> > >
> > >
> > >
> > >
> >
> >
> >


_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana

Follow-Ups:
- Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Yoshihiro Ohba

References:
- Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
  - From: Yoshihiro Ohba

Prev by Date: Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Next by Date: RE: Global Session-id (was RE: [Pana] Other suggestions for pana-pana)
Previous by thread: Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Next by thread: Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)
Index(es):
- Date
- Thread

RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.