Dear Paul, Thank you for the feedback.
Please see inline. Cheers, Med > -----Message d'origine----- > De : Paul Wouters [mailto:[email protected]] > Envoyé : mardi 31 octobre 2017 21:10 > À : BOUCADAIR Mohamed IMT/OLN > Cc : [email protected] > Objet : Re: [IPsec] draft-boucadair-ipsecme-ipv6-ipv4-codes > > On Tue, 31 Oct 2017, [email protected] wrote: > > > As per a suggestion from Tero, I’m sending this message to the list to > ask for more feedback on this short draft: > https://tools.ietf.org/html/draft-boucadair-ipsecme-ipv6-ipv4-codes-00 > > > > FWIW, the draft includes an “update” header because I thought this can > be generalized to other use cases than the 3GPP case I’m interested in. > > > > Comments and guidance to get early codepoint assignments is more than > welcome. > > It seems okay to return some more information in the errors on obtaining > an internal IP address. [Med] OK, thanks. > > I'm not sure I understand the meaning of SINGLE_AF_SUPPORTED. Does that > imply the family must be the same as the IKE address family used? [Med] No. Or > does it just mean you can only request v4 or v6 but not both _and_ > it is independent of the address family used for this IKE exchange? [Med] Yes. This code is typically returned when an initiator includes both INTERNAL_IP4_ADDRESS and INTERNAL_IP6_ADDRESS in the same request, but only INTERNAL_IP4_ADDRESS or INTERNAL_IP6_ADDRESS can be honored per request. That is, in addition to the IPv4 address or IPv6 prefix, the response will include SINGLE_AF_SUPPORTED to notify the initiator that only IPv4 or IPv6 configuration can be handled per request, not both. The criteria to select which address family to honor when both are included in a request, is policy-based. > > That is, are you expecting 4in6 and 6in4 items if the IKE peer address > family is one, and the INTERNAL_IP family is the other family? > > Maybe this is getting too combinatory, and the notify should be just > a FAMILY_RESTRICTION type with a value that can be various things, > so you can say v4only, v6only, internal=external, 4in6allowed, > 6in4allowed ? [Med] Given the available space (47-8191), assigning 4 codes is much more simple compared to assigning a type with sub-values. Please note that none of the values listed in your example can be returned as an equivalent to SINGLE_AF_SUPPORTED described above. > > Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
