Monami6 meeting, IETF65 Tuesday, March 21 doc status - multihoming motivation scenario -> to be submitted by jun - mipv6-analysys -> to IESG by jun 2. Multicple Care-of addresses registration draft-wakikawa-mobileip-multiplecoa-05 Ryuji Wakikawa - how we can register binding - got some comments from iast ietf - changes - try to support multiple coa in a single bu - introduced the primary care-of address notion - dhaad extension is introduced - how we can discover the mcoa capable ha - bulk registration - MN can send multiple coa in a single BU - the flag to support it is added - coa is stored as an alternative coa - dicsussion - simultaniously home/foreign attachment - one attached to home, the other to foreign - keep either one of I/Fs (home or foreign) - keep both? but how? - e.g. DAD issue occurs - RR with bulk registration - authenticator cannot be calculated for all coas - two options 1. just send separeate binding updats 2. extending BID option to carry authenticator author preferes 1. hesham agrees with the author - backword compatibility - using altcoa may break compatibility - specify new option? - next step? - WG docs? hesham: bulk registration for both HA and CN? ryuji: yes hesham: RR case? (discussed in the later slides) Sri: how do you detect home or foreign? ryuji: when MN has two interfaces, it can know which is home ryuji: detecting is not very difficult, but how to decide sending bu or not is important Sri: when link is bad, the situation may be confusing Vijay: (about if we make this doc as a WG doc or not) in the mailing list, the consensus call will be taken Vijay checked the mood (it seems many support the doc as a WG doc) 18 for and 5 against. 4. Flow binding in Mobile IPv6 draft-soliman-monami6-flow-binding-00.txt Hesham Soliman - why needed? - many different type of I/F exist - want to send a particular traffic to a particular I/F - what is flow? - sequence of packets (src/dst pair) - ipv6 flow can be specified in various ways - flow identification option - to support various flow - src/dst, port, spi, flowlabel, etc - variable length option - can specify necessary fields only - mask field specify the valid fields - action field specify the action - status field is used for BA - flow id option - add/modify/remove flows - must identify a default addrss - must use the right keygen token to auth the BU when sending to CNs - one option for one CN because of RR - scenario - can send to different CNs using diffent I/Fs - can send to one CNs using different I/Fs - mcoa draft is not clear how to flow the traffic - issues to be addressed - MR support - relation with transition work - security koshiro: how to specify range (e.g. range of ports, or prefix (range of addresses)) hesham: not supported in this format, considered in the future ryuji: the size may be big if many flow id options are included. BU may be used as a keep alive message, then, it may be a problem ryuji: not all provider want to operate policy based service Sri: how does the option support rate limit? hesham: not a mobile ip problem Sri: want to support a kind of TE hesham: doesn't support in this proposal hesham: HA cannot know the local link of MN is congested or not henrik: binding the flow priority and the FID makes sense to me Pete: MN can have multiple home addresses hesham: but how do you know which address should be used? henrik: it may be a nightmare if you support such variaety of properties hesham: fileds are optional except first 48bits erik: how to order the rules? one rule for src, the other for dst, then how to handle them? maybe you need canonical ordering mechanism hesham: need to be considered erik: we can register multiple HoAs for multiple purposes koshiro: is lifetime same with binding? heshma: yes Sri: what is the impact to the throughput? hesham: not mesured yet ?: why don't you support TLV style? hesham: may be a good way, but consumes more bits 3. Security issues for multiple care-of addresses registration Vijay Devaparalli - issues - how to use ipsec tunnel when using multiple coas - issue1 - issue2 - chaning coas - issue3 - splitting ipsec protected flow based on coas - solution - mandate the check on the outer source address only by the HA - ipsec does not check the outer src - use one coa at a time - primariy coa notion - the coa is always used for tunnel - using multiple coas simultaneously - should avoid multiple IKEv2 exchanges - HA lets mipv6 specify the tunnel end points 5. Simultaneous location in home and foreign networks draft-aso-monami6-multiple-forwarding-00.txt Benjamin Koh - limitation of mip: one forwarding destination - limitation of mcoa: on simultaneous usage of home and foreign links - requirement - when return to home, one interface becomes useless. - since we can use either one of i/fs when we attached to both foreign and home simultaneously - ml discussion - when explicitly specified, use the specified coa. otherwise mcoa routing is used - ml discussion - home link to be a virtual link - not a solution, but an operation ryuji: from implementor's point of view, returning home means configuration of a home address on the home interface. how to use both home interface and foreing interface X. a scheme of flow distribution kosihro mitsuya - background - we need some method to exchang the policy to use muliple tunnels - scheme - XML base data set is defined - example implementation using SOAP/HTML - policy - the basic conponetns are the same with the hesham presented henrik: XML format vs ipf format? koshiro: wanted to have an abstruct notion XML can be easiliy converted to another mechanism