Daniel Migault writes:
> My understanding is that there are two things, that may be considered
> independently:
> - configuring IPsec layer
> - defining which route the communication should take
>
> I don't understand why only one tunnel should be used. A mobile node, when
> it detects a new interface, should be able to "add" this Interface on the
> already existing tunnel. It looks to me as a limitation of MOBIKE. * This
> would would allow the mobile node to use multiple tunnels. Which tunnel to
> choose depends on other inputs. The important thing is that the mobile can
> can use multiple tunnels. **
>
>
> * "adding" could mean deriving a new SA from the old tunnel. This important
> thing here seems to avoid re-doing an IKE exchange.
MOBIKE already does that. I.e. when it detects another interface
(IP-address) it will send ADDITIINAL_IP{4,6}_ADDRESS notifications and
then new IP-addess is also one of the address which can be used. With
MOBIKE we still only use one address, but we can change which address
we use easily.
On the other hand I do not think MOBIKE is really applicable in this
case, as I think in most of the cases the tunnel end points are NOT
going to be same. I.e. we do not try to create multiple tunnels
between same endpoints, but create multiple tunnels between different
endpoints, and in that case MOBIKE cannot be used.
--
[email protected]
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
