I think that whenever a node moves from the point of view of it's "primary" connection, that it should tear down all "auxiliary" tunnels.
Due to the movement of the node, it may be impossible to communicate with the end-points of the auxiliary tunnels (due to NAT restricted-cone at one end or the other), so we will need a way to send tear down notices (and/or I've moved notices) via the "hub" systems. There are many ways to do this (various ways inside IKEv2, via IP routing...), but it's really important that the auxiliary tunnels for "A" get destroyed on node "B" when "A" moves, reboots, updates it's NAT address, etc. This is not exclusively about MOBIKE: there are lots of other ways in which the A<-->H1 connection can change which would affect "B". -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition.
pgprff6r0qEb9.pgp
Description: PGP signature
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
