Re: IKEV2: Issue #3: DHCP vs. Configuration Payload

[Pekka Riikonen <priikone@iki.fi>]

: > How about the mcr's proposal of having dhcp over IKE, i.e take dhcp
: > payload and put it inside the some IKE payload (we can name it to be
: > configuration payload, so the configuration payload people will be
: > happy too, just change the format to follow the dhcp packet).
:
: This is about the third or fourth proposal to use IKE as the DHCP
: transport, but I haven't seen much discussion as to whether or not this is
: a viable option.  Personally, I believe this has merit, any other opinions?
:
It would be nice to have as short IKE exchange as possible.  I do however
like DHCP over IPSEC because it's simple and easy to implement.  In IKE
DHCP would cause one extra round trip because client and server need to
ack each other.  However, if the client knows previous configuration it
may attempt a shorter DHCP exchange by directly sending DHCP REQUEST.  In
this case the length would be equal to cfgmode.  OTOH, if that fails then
it's again long exchange (plus the first REQUEST, making it even longer).

There are plenty of implementations of cfgmode for sure, but there are
plenty more DHCP servers out there (ie. everywhere) so using DHCP in IKEv2
is very tempting.

	Pekka
___________________________________________________________________________
 Pekka Riikonen                    | Email: priikone@iki.fi
 SILC - http://silcnet.org/        | http://iki.fi/priikone/
 Tel. +358 (0)40 580 6673          | Snellmanninkatu 34 A 15, 70100 Kuopio
 PGP KeyID A924ED4F: http://iki.fi/~priikone/pubkey.asc