Re: NAT traversal and its relation to IPv6 [RE: Comments on draft -tsirtsis-dsmip-problem-01.txt]

[Francis Dupont <Francis.Dupont@enst-bretagne.fr>]

 In your previous mail you wrote:

   Marc Blanchet wrote:
   > to add to this conversation, tunnel broker with tsp does manage 
   > v*-in-v* with security (aaa). if the outer v* address change (i.e. v4
   >  address change for v6 over v4 tunnels), then the tunnel is 
   > automatically re-established with the broker: "mobility feature". the
   >  ipsec need can be handled on the appropriate IP version.
   
   The idea to join the Security Gateway into the HA, or the tunnel broker
   into the HA can not stand, because the HA performs proxy ND for HoA of
   MH when MH is not at home.
   
=> this is 100% contrary to actual experience: your objection is wrong.

   The Security Gateway/tunnel brokers is something that lies in the
   perimeter buffer secure zone ('DMZ'), while an HA is most of the time
   the router towards a link, most often a leaf link.
   
=> in both cases (SG and TB) in fact the mobile node is never at home
so the position of the SG or TB is not a problem at all.

Regards

Francis.Dupont@enst-bretagne.fr