[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Revised Mobile IPv6 draft available
> We agree with Aaron that the IP home address must be used but this
> one can be hidden in the case where ESP is used causing the difficulty
> to retrieve the SA for this address.
>
The triple used to find the SA uses the destination address so this is not a
problem when the mobile node sends to the correspondent node
(IP(MN->CN)_ESP_HmAddrOpt_Data). The correspondent node receives the ESP
packet and uses its own address for the lookup. So the SA is found. When
the correspondent nodes sends to the mobile node, there isn't a problem
because a routing header is used which is before the ESP header
(IP(CN->MN)_RH_ESP_Data). When the mobile node hits the ESP header and does
the SA lookup, the destination address is the home address.
> We think the probleme is where has to be the Home address header
> extension. It is not described enough in the draft.
>
> It is why we suggest to process the destination option Home Address
> like the Routing header as described in the IPSEC RFC but this should
> be added in the current IPSEC and MobileIPv6 RFCs or drafts.
>
> Like the routing header before the AH or ESP header, that will allow
> in any case to retrieve the SA with the Home address IP. After, it
> should be only a implementation issue.
Again, the SA triple uses the destination address and not the source address
so the home address option isn't an issue. For the inbound SP verification,
make the remote IP address wildcarded so the home address option affect
(source address changed from mobile to home) doesn't make the verification
fail.
Aaron
Follow-Ups:
References: