[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPsec and Mobile IPv6
In your previous mail you wrote:
I've revisited your classification:
1A) [Already in IPsec specs]
C1, C2, G, H, I, J, L1, L2, M, Q, R
1B) [Already in Mobile IPv6 specs]
A, E1, E2, E3, O
2) [Fixes for Mobile IPv6]
N, P
3) [Fixes for IPsec in a Mobile IPv6 context]
none
4) [IPsec improvements for Mobile IPv6]
B, F, K
5) [Architectural long-term recommendations]
Appendix B
6) [Other stuffs]
D, Appendix D
Is there anything in the MIPv6 documents that you'd like to clarify
in class 1?
=> I believe we should make the mobile VPN a subset of Mobile IPv6.
Mostly we have to relax the usage of tunnels between a CN and a MN,
in current specifications we have for the CN:
- if the packet is not genuine (i.e., is forwarded):
* nothing if the CN is not the HA
* tunneling if the CN is the HA
- lookup in the binding cache per CN address
* nothing is no entry found, fallback to the previous case on the HA
* routing header if a valid entry is found.
On a mobile VPN CNs have no BC and the SG takes the role of the HA but
it puts all packets in the tunnel, so I propose to relax the Mobile IPv6
rules in two ways:
- tunneling may replace the routing header (this is useful for the
mobile to mobile case too)
- the only mandatory usage of a routing header is for signaling
(i.e., for genuine packets with a mobile header).
For the MN, the obvious thing is to authorize tunneling in place of
the HAO for non-signaling traffic.
Regards
Francis.Dupont@enst-bretagne.fr