Re: PPAC needed? (was RE: [Pana] Other suggestions for pana-pana)

[Yoshihiro Ohba <yohba at tari.toshiba.com>]

Alper,

I am not saying that additional IP address configuration may be
required because of PANA.  Additional IP address may be required
regardless of PANA.  For example, in the case of IPv6, a global IP
address is required in addition to link-local address which may be
used for PANA.  In the case of use of IKEv2 for lower-layer ciphering,
an IPsec-TIA is required in addition to IPsec-TOA which may be used
for PANA.

We seem to be re-visiting several fundamental issues that were
discussed in the long past but with more experienced insights of Mark.

Yoshihiro Ohba


On Sun, Oct 08, 2006 at 02:09:35PM +0300, Alper Yegin wrote:
> > Alper,
> > 
> > I think Mohan is proposing that the access network that uses PANA is
> > expected to be designed such that PaC does not require to change its
> > IP address used for PANA communication before and after PANA
> > authentication (PaC may acquire additional IP addresses after
> > successful PANA authentication, though).
> 
> These were considered in the past. The current design is not by accident :-)
> We want to make the minimum impact on the host behavior. Requiring
> additional IP address configuration because host is using PANA is not a good
> idea. And in the case of IPv4, it's even a problem (multihoming, source
> address selection issues, etc.).
> 
> Alper
> 
> 
> 
> 
> > 
> > Yoshihiro Ohba
> > 
> > 
> > On Sun, Oct 08, 2006 at 01:04:03AM +0300, Alper Yegin wrote:
> > > > If the initial address (PRPA) is not a link-local address, then you
> > can
> > > > use it both before and after PANA. Either it is a private address that
> > > > gets NATed or a public address. If the underlying
> > > > protection (e.g. IPsec) needs another address, it may have to get
> > another
> > > > address which PANA does not have to worry about it i guess.
> > > > Missing something ?
> > >
> > > You only talked about the IPsec case.
> > >
> > > But for example in DSL case, the PaC cannot know whether the PRPA is
> > good
> > > for post-PANA data communication or not. Unless the PRPA is a link-local
> > > address, the PaC cannot tell one way or the other. And there is no
> > IKE/IPsec
> > > in that case.
> > >
> > > Alper
> > >
> > >
> > >
> > >
> > > >
> > > > -mohan
> > > >
> > > >
> > > > ----- Original Message ----
> > > > From: Alper Yegin <alper.yegin at yegin.org>
> > > > To: Mohan Parthasarathy <mohanp at sbcglobal.net>; Yoshihiro Ohba
> > > > <yohba at tari.toshiba.com>; Mark Townsley <townsley at cisco.com>
> > > > Cc: pana at ietf.org
> > > > Sent: Friday, October 6, 2006 1:19:37 PM
> > > > Subject: RE: PPAC needed? (was RE: [Pana] Other suggestions for pana-
> > pana)
> > > >
> > > > Mohan,
> > > >
> > > > > So,
> > > > > we can
> > > > > potentially make it by restricting what sort of an address it
> > obtains
> > > > > before running
> > > > > PANA so that it does not require a new one after (it can be outside
> > the
> > > > > PANA spec)
> > > >
> > > > I'm not sure I understand this proposal. Can you please elaborate?
> > > >
> > > > Thanks.
> > > >
> > > > Alper
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> 
> 

_______________________________________________
Pana mailing list
Pana at ietf.org
https://www1.ietf.org/mailman/listinfo/pana