Hello Basavaraj,
I also think we need to do some rethinking. To be brief: - I think we need to allow network operators to utilize security mechanisms they deem appropriate, whether or not standardized by the IETF. - I think we need to allow network operators to utilize tunneling mechanisms they deem appropriate, whether or not standardized by the IETF. I'm happy to break down the specification into components (such as route optimization, etc.). I'll even volunteer to hack the text. But I do not think this is a major stumbling block. After all, the mobile node is the one initiating route optimization. If the home agent does not support it, there is no route optimization -- in other words, this function is trivially controllable by operators. I'm concerned because I know that Mobile IP offers very high-performance mobility management and session persistence -- yet, in one SDO after another we see suboptimal, slow signaling for clunky interworking schemes that don't even support VoIP very well. Something is wrong. I have a hard time believing that the operators insist that their customers cannot have the best available. It's much more likely that they don't see a comfortable evolutionary path because of the limited security and tunneling options available with RFC 3775. Regards, Charlie P. On 3/3/2010 7:55 AM, basavaraj.pa...@nokia.com wrote:
Mobile IPv6 (RFC3775) has been an RFC since 2004, and Dual-stack Mobile IPv6 (RFC5555) since 2009. Implementations of the protocol has been lacklustre to say the least. Several SDOs have considered MIP6 and DSMIP6 as a solution for interworking and mobility between different access technologies and only 3GPP has adopted it in a very limited manner for Rel 8 (for use on the S2c interface) with the likelihood of it being actually deployed quite low (IMO). While there are many reasons that can be attributed to the lack of implementations and use, one that I would like to raise is the the concern with the overly complex security model that MIP6/DSMIP6 relies on today. MIP6/DSMIP6 requires IPsec and IKE/IKEv2 (RFC3776/4877) to secure the signaling between the MN and HA. The fundamental purpose of MIP6/DSMIP6 is to provide mobility to hosts. At a very high level the MIP6/DSMIP6 protocol boils down to the ability to setup a tunnel between the MN and HA and update the MN tunnel end-point whenever there is a change in the associated IP address (CoA). The signaling to establish the tunnel needs to be secure. But using a protocol like IKEv2 and IPsec to achieve this security is just an overkill. It increases the complexity of the implementation as a result of many factors that have been captured in I-D: draft-patil-mext-mip6issueswithipsec and discussed in the MEXT WG meetings. Given the objective of the protocol is to enable IP mobility for hosts, it should focus on doing that well in a manner that makes it easy to implement/adopt/deploy/scale. My opinion as a result of implementation experience is that MIP6/DSMIP6 can be significantly simplified, especially the security architecture. The protocol as specified currently in RFC3775/RFC5555 is a kitchensink of features. Getting back to basics of simply establishing a tunnel between the MN and HA and managing that tunnel is all that is needed and would potentially see the light of day in the real world. You may want to call it as Mobile IPv6-lite if you wish. But I do believe that a simplification of the protocol is needed without which I fear it will remain an academic exercise with many years spent in developing a spec. I hope the working group and people who are involved in mobility related work would consider undertaking such an effort in the IETF. -Basavaraj _______________________________________________ MEXT mailing list m...@ietf.org https://www.ietf.org/mailman/listinfo/mext
_______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area
