Hi Hesham, On Sunday 07 May 2006 01:28, Soliman, Hesham wrote: > > > The above situation is more difficult to support when a > > > network-based mobility management mechanism is adopted. In > > > particular, the following problem arises. An anchor point may > > > be required to setup a security association with any access > > > router in the network at any time. A network administrator is > > > suddenly forced to consider the impacts on memory capacity and > > > the speed of the security association establishment at the > > > critical handover time. This situation does not arise when the > > > signaling is done end-to-end because in this case only > > > one security association is needed, regardless of the mobile > > > node's location. Furthermore, the security association does > > > not need to be established during the critical handover time. > > > > And neither does it in a NetLMM case -- the most natural to > > me would be to pre-configure these, not to try to do it > > ad-hoc. > > => I don't think this is feasible in a practical deployment. I've > worked on and seen these networks deployed. Imagine a situation > where you have a 100 - 200 local agents and 10 - 20 K basestations, > each containing an AR. Now try to manually configure SAs between all > ARs and all anchors and maintain those SAs, i.e. roll the keys > ....etc I don't think you'll find many people wanting to manage > things this way.
I have to confess that I fail to understand how on one hand it can be unfeasible to manage SAs between 100-200 local agents and 10-20K base stations, while on the other hand there are mobile operators which manage on a daily basis SAs with tens of millions of subscribers. --julien _______________________________________________ Int-area mailing list [email protected] https://www1.ietf.org/mailman/listinfo/int-area
