[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft: PI addressing derived from AS numbers

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: Draft: PI addressing derived from AS numbers
From: RJ Atkinson <rja@extremenetworks.com>
Date: Fri, 28 Feb 2003 08:33:59 -0500
Cc: multi6@ops.ietf.org
In-reply-to: <200302261732.h1QHW4D9022311@marajade.sandelman.ottawa.on.ca>

On Wednesday, Feb 26, 2003, at 12:32 America/Montreal, Michael Richardson wrote:

  Gosh, this sure sounds like the packets ought look like:
	IPv6, AH, IPcomp-well-known-CPI, IPv6, TCP
               ^could be ESP-null
  The IPsec SPI contains all the state that you need.

It is not at all clear to me that one needs to use AH/ESP on each data
packet in order to have protection equivalent to existing IPv4 packets
that are not using AH/ESP.

For example, one could imagine using a new ICMP message type to update
locator/identity bindings for sessions/flows that are already established
-- always using AH on that ICMP message type.

I see no need to tunnel IPv6-in-IPv6 normally.

I see no need for IPcomp-well-known-CPI normally.

So I'd suggest that a typical packet would look more like:

IPv6(*), TCP

Where (*) is to note that minor tweaks might be needed, either
to the IPv6 base header or by adding an IPv6 Routing Header
or by some other mechanism, to support identity/locator separation.

Ran
rja@extremenetworks.com

References:
- Re: Draft: PI addressing derived from AS numbers
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Draft: PI addressing derived from AS numbers
Next by Date: Re: Draft: PI addressing derived from AS numbers
Previous by thread: Re: Draft: PI addressing derived from AS numbers
Next by thread: Re: Draft: PI addressing derived from AS numbers
Index(es):
- Date
- Thread