[Mip6-firewall] initial draft

QIU Ying qiuying at i2r.a-star.edu.sg
Thu Jun 28 12:24:34 EDT 2007 

Hi,

I merge my feedback for Hannes and Gabor here.

From: "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
>> 4. Even if the proposed approach is accepted, it is not suitable for 
>> quickly moving mobile network. According to the last description of MEXT, 
>> 3 application cases should be in mind: aviation (~1000km/h, across 
>> continents), automotive (~100-300km km/h, across networks) and personal 
>> mobile routers. Refer to Figure 5 in page 13, in order to set up a 
>> connection, the proposal needs up to 10 round messages. Moreover in order 
>> to discover which pairs of addresses will work, the M-ICE will try all 
>> possible addresses. It is really time consideration and not meets the 
>> speed requirements in aviation and automobile cases.
>
> In the typical case it will be quite fast since there aren't too many 
> addresses available and you don't need to try all of them.
> If you want to be really fast always (when it comes to the number of 
> messages to get exchange) route traffic through the HA since this would at 
> least ensure that you get you messages to the other end. That can be a 
> local policy. In many cases, I do, however, expect that people want to 
> directly exchange messages and there is no other way than just trying what 
> works.

I believe, in most cases, a MN has less than 3 addresses (HoA, CoA, 
LCoA/RCoA). The problem is, refer to figure 1, all of message between agent 
L and agent R must route via their home agents. In original RR protocol, 
only 2 messages (HoTI/HoT) via home agent. Therefore the STUN approach will 
bring huge latency. For instance, my home agent is in asia, and I travel to 
US. When I want to connect with you in Europe, the route of these message 
would be from US (my notebook) -- Singapore (my home agent) -- US 
(currently, the path from singapore to Europe via US is much faster than 
directly from Singapore to Europe) -- Europe (your home agent) -- Germany 
(your machine).  Being aware, these 10 messages are turned one by one. Is 
that awful?

From: <Gabor.Bajko at nokia.com>
> - exchange the addresses the two nodes have. For this we need a
> signalling between the two nodes and for mipv6 case we could use a
> modified rrt, where the coti&cot would be routed through the ha, thus
> ensuring that the messages reach their destination

The modification will not be accepted. It will bring more security issue. 
Please refer to RFC 4225 ( RRT design background).

Regards
Qiu Ying








------------ Institute For Infocomm Research - Disclaimer -------------This email is confidential and may be privileged.  If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.--------------------------------------------------------

More information about the Mip6-firewall mailing list