[support] Dynamic keyring with racoon2 operation

Brama Subhifajar first_shaboo at yahoo.com
Tue Jul 7 22:51:46 JST 2009 

>> 3. Can you tell me about Tunneling Payload and protecting HoTi/CoTi?
>
>What do you want to know?
>
>Payload protection allows encryption of the traffic between the MN and
>the HA. So, if your MN is going through an unsecure network, there is no
>disclosure of (maybe) sensitive data to the unsafe network. Anyway,
>there is no protection of traffic between HA and CN, so its usefulness
>might be argued (this list is not the place for this kind of debate anyway).
>
>HoTi/CoTi are related to RO, see previous answer.

first I want thank you to Sebastien Decugis and Arnaud Ebalard.

the question number 3, I mean that mechanism  for "Tunneling Payload and protecting HoTi/CoTi" what the advantages and disadvantages for each mechanism? 
and in which case tunneling payload will be better than protecting HoTi/CoTi and protecting HoTi/CoTi will be better than using tunneling payload? or there is any rule for each mechanism and operation?

I try to forge packets with Scapy6  with Sebastien Decugis way, here is the log on HA without IPSec :

Mon Jul  6 19:05:44 mh_bu_parse: Binding Update Received
Mon Jul  6 19:05:45 ndisc_do_dad: Dad success
Mon Jul  6 19:05:45 __tunnel_add: created tunnel ip6tnl1 (9) from 2001:db8:0:2:0:0:0:1 to 2001:db8:0:4:221:63ff:fe30:5e7b user count 1
Mon Jul  6 19:05:45 MN (2001:db8:0:2:0:0:0:1) does not support IKE session movement.
Mon Jul  6 19:05:45 mh_send_ba: status 0
Mon Jul  6 19:05:45 mh_send: sending MH type 6
from 2001:db8:0:2:0:0:0:1
to 2001:db8:0:2:0:0:0:2
Mon Jul  6 19:05:45 mh_send: remote CoA 2001:db8:0:4:221:63ff:fe30:5e7b
Mon Jul  6 19:06:17 mh_bu_parse: Binding Update Received
Mon Jul  6 19:06:17 tunnel_mod: modifying tunnel 9 end points with from 2001:db8:0:2:0:0:0:1 to 2001:db8:0:2:0:0:0:2
Mon Jul  6 19:06:17 __tunnel_mod: modified tunnel iface ip6tnl1 (9)from 2001:db8:0:2:0:0:0:1 to 2001:db8:0:2:0:0:0:2
Mon Jul  6 19:06:17 __tunnel_del: tunnel ip6tnl1 (9) from 2001:db8:0:2:0:0:0:1 to 2001:db8:0:2:0:0:0:2 user count decreased to 0
Mon Jul  6 19:06:17 __tunnel_del: tunnel deleted
Mon Jul  6 19:06:17 MN (2001:db8:0:2:0:0:0:1) does not support IKE session movement.
Mon Jul  6 19:06:17 mh_send_ba: status 0
Mon Jul  6 19:06:17 mh_send: sending MH type 6
from 2001:db8:0:2:0:0:0:1
to 2001:db8:0:2:0:0:0:2
==>Mon Jul  6 19:12:37 mh_bu_parse: Binding Update Received
==>Mon Jul  6 19:12:37 mh_send_ba: status 133
==>Mon Jul  6 19:12:38 mh_send: sending MH type 6
==>from 2001:db8:0:2:0:0:0:1
==>to 2001:db8:0:2:0:0:0:2
==>Mon Jul  6 19:12:38 mh_send: remote CoA 2001:db8:0:2:221:63ff:fe30:5e7

==> : is binding update with scapy6.

from log we can see that HA is accept message BU, HA is lost for authority BU packet, is this the disadvantage of RO? 

then for Mobile IP  mechanism connection is "break before connect" or "connect before break"? I think it is break before connect, because I can see "invalid operation" or "operation is not permitted" message when MN move to foreign network with pinging to CN from MN, is this right? or this is exactly has been connected but HA and MN still need some time for building the connecting each other, so the message is show "invalid operation" or "operation is not permitted" ?

thanks before.



      Selalu bersama teman-teman di Yahoo! Messenger. Tambahkan mereka dari email atau jaringan sosial Anda sekarang! http://id.messenger.yahoo.com/invite/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://ml.nautilus6.org/pipermail/support/attachments/20090707/c53232f5/attachment.htm

More information about the Support mailing list