Re: IKEV2: Issue #3: DHCP vs. Configuration Payload

["Scott G. Kelly" <scott@airespace.com>]

Tylor Allison wrote:
<trimmed...> 
> This is about the third or fourth proposal to use IKE as the DHCP
> transport, but I haven't seen much discussion as to whether or not this is
> a viable option.  Personally, I believe this has merit, any other opinions?

I agree with Tylor on this point: we really should discuss this before
proceeding. Personally, I have not been too fond of this approach, but
it has been suggested by a number of long-time wg participants, and
seems to have some significant amount of vendor support. It deserves
examination.

In considering this approach, the things I dislike are these:

- it requires the dhcp daemon/application to interface with IKE rather
than sit on a native socket; this may be no big deal for implementations
which cannot use a native dhcp client, but for those which can, this may
be significant.

- it increases the complexity of the ike implementation significantly
more than the other two proposals, as an indeterminate amount of dhcp
traffic must now be tunneled over ike, and ike must provide a dhcp
interface for both the dhcp client (IRAC) and the dhcp proxy/relay
(IRAS).

What I like is this:

- it is a single mechanism which provides modecfg-style support *and*
dhcp support

I'd be very interested to hear the assessments of both modecfg and
rfc3456 implementers.

Scott