[Mip6-firewall] initial draft

[Hannes Tschofenig]

Hi

QIU Ying wrote:
> Hi,
>
> I merge my feedback for Hannes and Gabor here.
>
> From: "Hannes Tschofenig" <Hannes.Tschofenig at gmx.net>
>>> 4. Even if the proposed approach is accepted, it is not suitable for 
>>> quickly moving mobile network. According to the last description of 
>>> MEXT, 3 application cases should be in mind: aviation (~1000km/h, 
>>> across continents), automotive (~100-300km km/h, across networks) 
>>> and personal mobile routers. Refer to Figure 5 in page 13, in order 
>>> to set up a connection, the proposal needs up to 10 round messages. 
>>> Moreover in order to discover which pairs of addresses will work, 
>>> the M-ICE will try all possible addresses. It is really time 
>>> consideration and not meets the speed requirements in aviation and 
>>> automobile cases.
>>
>> In the typical case it will be quite fast since there aren't too many 
>> addresses available and you don't need to try all of them.
>> If you want to be really fast always (when it comes to the number of 
>> messages to get exchange) route traffic through the HA since this 
>> would at least ensure that you get you messages to the other end. 
>> That can be a local policy. In many cases, I do, however, expect that 
>> people want to directly exchange messages and there is no other way 
>> than just trying what works.
>
> I believe, in most cases, a MN has less than 3 addresses (HoA, CoA, 
> LCoA/RCoA). The problem is, refer to figure 1, all of message between 
> agent L and agent R must route via their home agents. In original RR 
> protocol, only 2 messages (HoTI/HoT) via home agent. Therefore the 
> STUN approach will bring huge latency. For instance, my home agent is 
> in asia, and I travel to US. When I want to connect with you in 
> Europe, the route of these message would be from US (my notebook) -- 
> Singapore (my home agent) -- US (currently, the path from singapore to 
> Europe via US is much faster than directly from Singapore to Europe) 
> -- Europe (your home agent) -- Germany (your machine).  Being aware, 
> these 10 messages are turned one by one. Is that awful?
>
I will draw a message flow for you to show you the number of messages 
and why they are needed.

> From: <Gabor.Bajko at nokia.com>
>> - exchange the addresses the two nodes have. For this we need a
>> signalling between the two nodes and for mipv6 case we could use a
>> modified rrt, where the coti&cot would be routed through the ha, thus
>> ensuring that the messages reach their destination
>
> The modification will not be accepted. It will bring more security 
> issue. Please refer to RFC 4225 ( RRT design background).
>
Let's see.

Ciao
Hannes

> Regards
> Qiu Ying
>
>
>
>
>
>
>
>
> ------------ Institute For Infocomm Research - Disclaimer 
> -------------This email is confidential and may be privileged.  If you 
> are not the intended recipient, please delete it and notify us 
> immediately. Please do not copy or use it for any purpose, or disclose 
> its contents to any other person. Thank 
> you.--------------------------------------------------------