MEXT session at IETF-80 Meeting Minutes ------------------------------------------------------------- Based on notes taken by Charlie Perkins. 1. Transport Layer Security-based Mobile IPv6 Security Framework for MN Node to HA Communication < draft-korhonen-mext-mip6-altsec-06.txt> Raj 10 Mins - need to put back in route optimization - Packets look about the same as ESP, but the original purpose was to avoid the use of ESP - Charlie: RO w/o HAC might be a very good idea, want details 2. Security On Demand for Mobile IPv6 and Dual-stack Mobile IPv6 Raj - 10 Mins - Negotiate which mechanism to use - Didn't get chance to update draft from review comments 3. Negotiation of security protocol for Mobile IPv6 operation - Raj 10 Mins - Proposal to use HAC as the negotiating partner for the MN - TLS connection followed by Capability Indication - Marcelo: require all UEs to implement TLS? - Raj: have found that HA-C significantly eases deployment of Mobile IP because of easier bootstrapping; MN only needs to know its HA-C - Big discussion with Raj, Sri, Julien, Marcelo, Jari 4. Approaches to Distributed mobility management using Mobile IPv6 and its extensions - Raj 10 Mins Raj/Carl/Jouni - Attempt to alleviate concerns about gateway-centric approach of Mobile IP - Many different perspectives on just what is the problem - Charlie: disagreement about ambiguity of access n/w vs. core - Missing: system level design - Suggest more use of CoA as source address - Charlie: can use more than one Home Agent - Raj to Sri: Nothing prevents MN from using multiple HAs 5. Distributed Deployment of Mobile IPv6 draft-liu-mext-distributed-mobile-ip-00 - Dapeng 10 min - Viewpoints: = DMM might help deployment - Drafts: Liu, Patil, Bernardos - Charlie: Why is Routing Optimization not in the MEXT charter - Marcelo: chairs have not appointed the DMM design team, so the current design team must be considered - Raj: Discussion about why Mobile IP is not deployed is a long one Better to consider the problem about why current solution is not solving some problem... - Liu: Solutions can use centralized or not - Traffic offloading/Content Distribution ==> distributed deployment of mobility anchor - Dynamic anchoring; implement HA in access routers - Open Issues = multiple home addresses = HA selection, = CN initiating communication - Next Step: address/analyze open issues - Jan: MN should just have ONE home address - Bruno: asking about address selection - Sri: Can we include these slides? Assume Internet at every local gateway? - Hui: - Raj: Home Address selection is well-known problem, not a Mobile IP problem HA selection: most MNs don't really know what home agent they use - Comment: for some situations, want to use a "non-mobile" local address 6. Distributed Mobility Management Traffic analysis draft-liu-distributed-mobility-traffic-analysis-00 - 10 mins - Wen Luo Dapeng/Jun/Luo - Compare centralized anchor vs. distributed anchor - Assume 60% traffic goes to P-GW, 40% goes to {local} Metro - Result: distributed model saves 40% of traffic in backbone, 28% in {Metro} - Result: distributed model saves 33.3% of delay in backbone, 28% in {Metro} - Result: distributed model reduces congestion from 7.01% to 4.75% - Pete McCann: what is the effect of signaling load? Especially, e.g, with TLS = what about alternative access authentication - Raj: potential for doing work for dynamic home agent assignment, etc. difficult to know whether improvements are real unless backed up by experience 7. A IPv6 Distributed Client Mobility Management approach using existing mechanisms draft-bernardos-mext-dmm-cmip-00.txt - Marcelo - 10 min - FAMA: Flat Access and Mobility Architecture - DMM for Client MIP - HA moved to the edge - Distributed Anchor Router (DAR) - MN decides which addresses to keep anchored - Examples shown using CGA - Doesn't show how PHKT is constructed - CGA CoA is constructed by MN and reported to DHCP <...!!...> - Need for Care-of Address test 8. Mobile IPv6 Route Optimization without Home Agent draft-hampel-mext-ro-without-ha-00 - G. Hampel - 10 min - RO without HA helps also with temporary HA unavailability - Can use RRT, Pre-shared Keys, CGA - Must conduct Home Address Test from its "virtual Home Address" - No RH2 and HAO headers needed until MN moves for the first time - MN and CN cannot move at the same time - MN has to know CN runs MIPv6 - Virtual HoA must always be on-link - Sri: Why does CN have to send mobility headers to MN's CoA ans: because HA might be down requires new Mobility Header option - Raj: This removes HA from the process of RO. Why do this instead of just normal end-to-end Ans: O.K. if never have home agent - Jari: The spec does indeed require Home Address Test - George: Want to provide additional robustness for MIPv6 9. A Note on NAT64 Interaction with Mobile IPv6 draft-haddad-behave-nat64-mobility-harmful-00 - Wassim - 10 min - not presented due to lack of time 10. HA considered to be a security appliance - Julien: S2c does not require VPN - Charlie: agreed