IETF MOBIKE WG mailing list ()

Vijay Devarapalli | 4 Apr 2006 09:44

Re: Preliminary minutes from the WG last week

> Personally, I am not as convinced as you are that they should never
> be used together to the same box. What if the client is
> on a v4 network? Or on two separate connections, including
> mixed v4/v6 and NATs. 

ok. for this you would use DS-MIPv6 to setup
an ESP protected IPv6-over-IPv4 tunnel 
between the mobile node and the home agent
with UDP encapsulation for the ESP packets.
DS-MIPv6 should be sufficient. the 'K' bit
would work for the DS-MIPv6 tunnel too. it
wouldn't matter if the outer source address
is IPv4.

> Popping up a level, it seems like
> some combination of IKE/MOBIKE/NAT-T, Mobile IPv6, Mobile
> IPv6 transition mechanisms, and MONAMI6 should be able
> to cover the following situations and combinations of them:
> 
> - Having a separate SGW before you can reach your HA
> - Integrated SGW/HA
> - IPv4 access networks
> - IPv6 access networks
> - NATs and firewalls
> - Multihomed mobile nodes
> - Mobile nodes that you cannot fully trust (e.g. might need
>   a RR before believing their new location)
> - Mobile IPv6 service that requires EAP authentication
> 
> What exact combination of solutions we should use

(Continue reading)

Vijay Devarapalli | 3 Apr 2006 22:41

Re: Preliminary minutes from the WG last week


> -----Original Message-----
> From: James Kempf [mailto:kempf <at> docomolabs-usa.com] 
> Sent: Monday, April 03, 2006 1:34 PM
> To: Vijay Devarapalli; gabriel montenegro; Yaron Sheffer; Paul Hoffman
> Cc: mobike <at> machshav.com
> Subject: Re: [Mobike] Preliminary minutes from the WG last week
> 
> For example, listing cases where MOBIKE works with MIP 

Jim, let me know if you have a specific 
scenario in mind and if you see an issue. 

also please lookup RFC 4093. it is a 
problem statement for VPN traversal with 
MIPv4. 

> and 
> where not. And 
> what to do with route optimization.

what about route optimization?

Vijay

> 
>             jak
> 
> ----- Original Message ----- 
> From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>

(Continue reading)

James Kempf | 3 Apr 2006 22:52

Re: Preliminary minutes from the WG last week

OK, Vijay, I get the point. You don't think there is an issue. I do. We 
disagree.

            jak

----- Original Message ----- 
From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>
To: "James Kempf" <kempf <at> docomolabs-usa.com>; "gabriel montenegro" 
<gabriel_montenegro_2000 <at> yahoo.com>; "Yaron Sheffer" 
<yaronf <at> checkpoint.com>; "Paul Hoffman" <paul.hoffman <at> vpnc.org>
Cc: <mobike <at> machshav.com>
Sent: Monday, April 03, 2006 1:41 PM
Subject: RE: [Mobike] Preliminary minutes from the WG last week

> -----Original Message-----
> From: James Kempf [mailto:kempf <at> docomolabs-usa.com]
> Sent: Monday, April 03, 2006 1:34 PM
> To: Vijay Devarapalli; gabriel montenegro; Yaron Sheffer; Paul Hoffman
> Cc: mobike <at> machshav.com
> Subject: Re: [Mobike] Preliminary minutes from the WG last week
>
> For example, listing cases where MOBIKE works with MIP

Jim, let me know if you have a specific
scenario in mind and if you see an issue.

also please lookup RFC 4093. it is a
problem statement for VPN traversal with
MIPv4.

(Continue reading)

Vijay Devarapalli | 3 Apr 2006 22:14

Re: Preliminary minutes from the WG last week

> I really think this needs further investigation, particularly 
> in light of 
> the MIP6 transition work.

sure. but I don't see an issue. what are we
going to investigate?

Vijay

> 
>                 jak
> 
> 
> ----- Original Message ----- 
> From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>
> To: "gabriel montenegro" <gabriel_montenegro_2000 <at> yahoo.com>; 
> "James Kempf" 
> <kempf <at> docomolabs-usa.com>; "Yaron Sheffer" 
> <yaronf <at> checkpoint.com>; "Paul 
> Hoffman" <paul.hoffman <at> vpnc.org>
> Cc: <mobike <at> machshav.com>
> Sent: Monday, April 03, 2006 12:23 PM
> Subject: RE: [Mobike] Preliminary minutes from the WG last week
> 
> 
> 
> > I'm confused. In the 3GPP2 solution
> > (draft-ietf-mip4-mobike-connectivity-00)
> > MOBIKE is not used between MN-HA, right? The separation is:
> >

(Continue reading)

James Kempf | 3 Apr 2006 22:34

Re: Preliminary minutes from the WG last week

For example, listing cases where MOBIKE works with MIP and where not. And 
what to do with route optimization.

            jak

----- Original Message ----- 
From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>
To: "James Kempf" <kempf <at> docomolabs-usa.com>; "gabriel montenegro" 
<gabriel_montenegro_2000 <at> yahoo.com>; "Yaron Sheffer" 
<yaronf <at> checkpoint.com>; "Paul Hoffman" <paul.hoffman <at> vpnc.org>
Cc: <mobike <at> machshav.com>
Sent: Monday, April 03, 2006 1:14 PM
Subject: RE: [Mobike] Preliminary minutes from the WG last week

> I really think this needs further investigation, particularly
> in light of
> the MIP6 transition work.

sure. but I don't see an issue. what are we
going to investigate?

Vijay

>
>                 jak
>
>
> ----- Original Message ----- 
> From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>
> To: "gabriel montenegro" <gabriel_montenegro_2000 <at> yahoo.com>;

(Continue reading)

Vijay Devarapalli | 3 Apr 2006 21:23

Re: Preliminary minutes from the WG last week


> I'm confused. In the 3GPP2 solution 
> (draft-ietf-mip4-mobike-connectivity-00)
> MOBIKE is not used between MN-HA, right? The separation is:
> 
> between MN-HA: mipv4 tunnel
> between MN and VPN gateway: mobike+IPsec

right.

> Are you folks saying that the above is wrong/discouraged?

nope. thats *a* solution for a network where 
there is a trusted network and an untrusted 
network with a MIPv4 HA inside the trusted 
network and a VPN GW in the DMZ.

> Or are you saying that it is wrong/discouraged *only* if the 
> MN-HA is a MIP6/IPsec
> tunnel?

whats discourage is running MOBIKE and 
MIP6/IPsec tunnel to the same box. thats my 
personal opinion anyway.

Vijay

> 
> 
> -gabriel

(Continue reading)

James Kempf | 3 Apr 2006 22:12

Re: Preliminary minutes from the WG last week

Vijay,

Sure, but that's a different thing from saying "never use MOBIKE and MIP6 
together, ever". That was the impression I got from the discussion at the 
MIP6 meeting in Dallas.

I really think this needs further investigation, particularly in light of 
the MIP6 transition work.

                jak

----- Original Message ----- 
From: "Vijay Devarapalli" <Vijay.Devarapalli <at> AzaireNet.com>
To: "gabriel montenegro" <gabriel_montenegro_2000 <at> yahoo.com>; "James Kempf" 
<kempf <at> docomolabs-usa.com>; "Yaron Sheffer" <yaronf <at> checkpoint.com>; "Paul 
Hoffman" <paul.hoffman <at> vpnc.org>
Cc: <mobike <at> machshav.com>
Sent: Monday, April 03, 2006 12:23 PM
Subject: RE: [Mobike] Preliminary minutes from the WG last week

> I'm confused. In the 3GPP2 solution
> (draft-ietf-mip4-mobike-connectivity-00)
> MOBIKE is not used between MN-HA, right? The separation is:
>
> between MN-HA: mipv4 tunnel
> between MN and VPN gateway: mobike+IPsec

right.

> Are you folks saying that the above is wrong/discouraged?

(Continue reading)

Vijay Devarapalli | 3 Apr 2006 20:31

Re: Preliminary minutes from the WG last week

hi Jim,

with Mobile IPv6, one can create an IPsec 
protected Mobile IP tunnel between the mobile 
node and the home agent. further, the binding 
update is used as a trigger to update the IKE 
SA too. so Mobile IPv6 provides a solution 
similar to MOBIKE already. so that's why I don't 
expect someone to use the two together between 
the mobile node and the home agent.

Mobile IPv4 does not use IPsec and is a very
different protocol.

Vijay 

ps: FYI, the solution described in 
draft-ietf-mip4-mobike-connectivity-00 has 
been adopted by 3GPP2 for their 3GPP2-WLAN
interworking solution.

> -----Original Message-----
> From: mobike-bounces <at> machshav.com 
> [mailto:mobike-bounces <at> machshav.com] On Behalf Of James Kempf
> Sent: Monday, April 03, 2006 9:41 AM
> To: Yaron Sheffer; 'Paul Hoffman'; mobike <at> machshav.com
> Subject: Re: [Mobike] Preliminary minutes from the WG last week
> 
> Yaron,
>

(Continue reading)

Jari Arkko | 4 Apr 2006 08:37

Re: Preliminary minutes from the WG last week

Vijay Devarapalli wrote:

>hi Jim,
>
>with Mobile IPv6, one can create an IPsec 
>protected Mobile IP tunnel between the mobile 
>node and the home agent. further, the binding 
>update is used as a trigger to update the IKE 
>SA too. so Mobile IPv6 provides a solution 
>similar to MOBIKE already. so that's why I don't 
>expect someone to use the two together between 
>the mobile node and the home agent.
>  
>
Personally, I am not as convinced as you are that they should never
be used together to the same box. What if the client is
on a v4 network? Or on two separate connections, including
mixed v4/v6 and NATs. Popping up a level, it seems like
some combination of IKE/MOBIKE/NAT-T, Mobile IPv6, Mobile
IPv6 transition mechanisms, and MONAMI6 should be able
to cover the following situations and combinations of them:

- Having a separate SGW before you can reach your HA
- Integrated SGW/HA
- IPv4 access networks
- IPv6 access networks
- NATs and firewalls
- Multihomed mobile nodes
- Mobile nodes that you cannot fully trust (e.g. might need
  a RR before believing their new location)

(Continue reading)

gabriel montenegro | 3 Apr 2006 21:16

Picon

Re: Preliminary minutes from the WG last week

I'm confused. In the 3GPP2 solution (draft-ietf-mip4-mobike-connectivity-00)
MOBIKE is not used between MN-HA, right? The separation is:

between MN-HA: mipv4 tunnel
between MN and VPN gateway: mobike+IPsec

Are you folks saying that the above is wrong/discouraged?

Or are you saying that it is wrong/discouraged *only* if the MN-HA is a MIP6/IPsec
tunnel?

-gabriel

--- Vijay Devarapalli <Vijay.Devarapalli <at> AzaireNet.com> wrote:

> hi Jim,
> 
> with Mobile IPv6, one can create an IPsec 
> protected Mobile IP tunnel between the mobile 
> node and the home agent. further, the binding 
> update is used as a trigger to update the IKE 
> SA too. so Mobile IPv6 provides a solution 
> similar to MOBIKE already. so that's why I don't 
> expect someone to use the two together between 
> the mobile node and the home agent.
> 
> Mobile IPv4 does not use IPsec and is a very
> different protocol.
>

(Continue reading)

Vijay Devarapalli | 3 Apr 2006 08:28

Re: Preliminary minutes from the WG last week

hi Yaron,

I think Jim was talking about Mobile IPv6 and
Mobike. The drafts you point to below are all 
Mobile IPv4 related. 

Vijay

> -----Original Message-----
> From: mobike-bounces <at> machshav.com 
> [mailto:mobike-bounces <at> machshav.com] On Behalf Of Yaron Sheffer
> Sent: Sunday, April 02, 2006 3:39 AM
> To: 'Paul Hoffman'; mobike <at> machshav.com
> Subject: Re: [Mobike] Preliminary minutes from the WG last week
> 
> Regarding the combination of MOBIKE and Mobile IP, there are 3 current
> drafts in MIP4 that deal with this:
> 
> - draft-ietf-mip4-vpn-problem-solution-02 (this one is pre-MOBIKE)
> - draft-ietf-mip4-mobike-connectivity-00
> - draft-meghana-mip4-mobike-optimizations-00
> 
> So it's a stretch to say "don't do" MOBIKE and Mobile IP together.
> 
> 	Yaron
> 
> -----Original Message-----
> From: Paul Hoffman [mailto:paul.hoffman <at> vpnc.org] 
> Sent: Wednesday, March 29, 2006 5:49
> To: mobike <at> machshav.com

(Continue reading)

Return

Return to gmane.ietf.mobike.

Project Web Page

IETF MOBIKE WG mailing list ()

Search Archive

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane