I think following up with the Transport area is a good idea.
In particular, I've always thought that the monami6 work
overlaps with NSIS. Both protocols transport packet
filters that affect the processing of packets.

I have also wondered how much of monami6 could be accomplished
with the use of multiple home addresses. After all, I would
expect each interface to have its own home address and applications
would need to bind themselves to the right home address to
function properly over a given link type. In other words, it
is important to solve this problem even in the absence of
a mobility management protocol.

-Pete

Hi John,
There seems to be multiple opinions here. Some analysis has
been done, leading to one of the monami6 proposals which
suggests out-of-band communication of filter rules:
draft-larsson-monami6-filter-rules; but as mentioned there is
an alternative monami6 proposal which advocates in-band signalling,
so there isn't full consensus on this.

The main reason I see (as one of the authors of
draft-larsson-monami6-filter-rules) for doing this out-of-band
is that the timing of events which cause changes to the filter
rules seem to have little correlation with handover events in
monami6; and I would expect something similar for NEMO, SHIM6,
HIP and MOBIKE.

The actual *binding* of a particular filter rule to a particular
endpoint *will* change on handover, though; so it is important
to do the split between rule definition and endpoint binding
right to achieve proper decoupling.

<snip some good comments>
First a little note on terminology -- in the monami6 discussions,
we've tried to use the word 'policy' to cover a number of factors,
including user preferences, which could influence the choice (at
the MN) of paths for various traffic, while the actual rules conveyed
from MN to HA, which can be applied to the traffic flow, is referred
to as filter rules. So rather than talk about policy container
format, I'd prefer to talk about filter rule container format...

Anyway, I'm in favour of the idea of making the filter rule
container format common across protocols, and I'd suggest that
in most cases, it would be appropriate to have a common defined
carrier protocol. I'm sure we'll see cases where optimization
or other considerations will make it attractive to define in-band
filter rule transport, but if a common carrier protocol and
method for securing the transfer has already been defined, that
would hopefully be delta work, rather than complete re-invention.


Henrik

Just to add one more WG to the list, I believe pana had this discussion
in the past as well and settled upon draft-ietf-pana-snmp, but was
unwilling to commit to this being the *only* method.

- Mark

I don't know if you read my recent post, but we've analysed this and found
that there is very little correlation (basically none) between the time
when a filter rule update is needed, and the time of handover.
First, this cannot simply be described as 'flow information', so if
that was the context of your discussion, I don't think it is quite
relevant for this discussion.

Secondly, this assumes that the filter rules would consistently be
communicated to the end host at the other end of your regular traffic,
which is an assumption that doesn't generally hold for filter rules.

Thirdly, extension headers are for optional internet-layer information
(RFC 2460), and I'm not sure this is a fair categorization of such
filter rules as we're discussing here. I don't know how much people
care about proper layering these days, though ...

Finally, although filter rules wouldn't necessarily be very large in
size, I doubt that the size constraints associated with extension
headers make it appropriate to put filter rules in an extension header.
Remember that extension headers belong to the unfragmentable part of
an IPv6 packet, so there's a variable maximum size for such a header,
(depending on the presence of other extension extension headers); it
seems as if it would create a silly size constraint for filter rules
to define their default transport to be an IPv6 extension header.


Henrik

Hi Thierry,
As I've just written in my email to Henrik, this was a discussion point
I was providing to discuss the feasibility of it. But, if it is
something people feel is viable, it will be a slightly different
approach from any of the proposed approaches thus far, yes.

Vidya

Hi Benjamin,
While the proposals discussed in monami6 so far has been geared to transfer
of filter rules, this seems to call for transfer not of filter rules, but
of a subset of policy declarations (some sort of preferences for quality
and cost of service) between the Mobile Router and the Node attaching to the
Mobile Network (the MNN).

I think that as a general problem, this may be less well understood, and
possibly more complex, than expressing filter rules. The filter rules I
see needed by for instance monami6 appear to be a subset of filter rules
that can be expressed for firewalls today, using well-defined languages; but
I'm not aware of mature languages for expressing cost/latency/bandwidth/
/reliability/security/etc. preferences, and how to weigh them against each
other.

I know that some work has been done in SHIM6 on expressing and communicating
policy, but don't know that work well enough to know whether it would be
applicable to this case.


Henrik

There were a couple of questions about what list to
use for this discussion -- Lets keep the general
discussion on the int-area list. I thought the topic
deserved a wider audience, and that's still the case.
But if there was some detail about current proposals,
monami6 list works for that better. The question
of what nodes to involve, including hosts under an
MR, did seem important though in terms of thinking
what architecture works for this function.

Jari

Yes both Hesham and Heikki: MNN doesn't send NEMO BU and MR doesn't send
BU toCN.

(terminology: MNN as defined by terminology documents is a Mobile
Network Node, thus a Mobile Node, which can be a Mobile Router; but I
assume the intent was to say a MH (not a MR) that is connected to a
moving network doesn't send BU to MR - I agree with this).
Regardlessof Thierry mentioning it, it's still unsolved.

It's still true that an LFN/MH has certain preferences for application,
preferences that aren't currently communicated to MR. So when MR makes
monami decisions on which interface to use it's monami-relevant only for
that MR, not for LFN.

In this sense, monami filters at MR are irrelevant to LFN. In which
case one can easily say that monami filters are only for MR. Which is
easy to say that is relevant only for the MH part of that MR.

My reasoning is. But let me turn it into a question:

What's the effect of MR monami filters on the LFN application?
I agree with you with the first part. But I see a strong relationship
of MR making monami decisions and its effects on LFN. If this
relationship is not defined then one simply can't say Monami is for
NEMO. End-to-end arguments can be made about this.

I also think a clear distinction should be made here, that I wanted to
say since long but things were too hectic at that time.

When monami6 was formed there network mobility was an important topic
discussed in many places. Monami6 has a goal to work in the NEMO
context, so it helped building it up. This can be understood in two ways:

-simplest: NEMO is an extension to MIP, so a HA doing NEMO can be
extended to do monami (mcoa) and it will continue to do NEMO no
problem. But that doesn't mean NEMO protocol was extended. It more
means that that HA will continue to use UDP as before, or HTTP or NEMO.
-more complex: have monami flow bindings to have a meaning _through_ the
MR, to LFN and have a NEMO sense. That is a more relevant means to say
that the MONAMI6 WG does NEMO. OTherwise monami6 does NEMO as much as
it does UDP.

Alex

[lifting up monmami6 WG from CC]
Hi HEsham, I'm not sure how it's thought routers in the fixed network
load-balance traffic without informing end-hosts. IETF has some nice
qos reservation mechanisms that are triggered by end-node after which
routers in the middle look at packet markings and load-balance
accordingly. COPS, RSVP, Traffic Class, Diffserv are keywords for
search. It's the end-node who tags the packets anyways.

It's even true for a MIP6 HA: HA copies the traffic class from inner to
outer header, so what's decided by MN is respected by HA. (there's an
option with pre-configured Traffic Class at HA , but optional that is).

So I think flow bindings for NEMO _would_ be different than
COPS/RSVP/Traffic Class, because MR would make decisions irrespective of
the LFN will, what do you think?

Alex

[really lifting it from CC this time]
Huh? RSVP-related RFCs date of last year, recent routers include COPS,
and end hosts routinely mark Traffic Class. What do you mean hosts
hardly ever mark ToS fields? You mean IPv4? I meant IPv6. Modern
wireless access networks have QoS features too.
Routers split flows based on what specs? I think you agree we can't say
that because some non-specified flow splitting happens then we need to
specify a similar thing. It means actually we don't want to specify a
similar thing.
What RFC number?
It depends. _If_ the MR decision to choose a different interface is
based on another interface link-down event then it's normal, it's about
keeping connectivity up for the LFN and the LFN can only be happy about
it. Core routers do the same when selecting paths.

If on the other hand, the decision to choose a different interface is
based on application needs, and MR may _think_ the LFN's application
prefers a certain interface - then it's totally different thing. And I
believe flow bindings fall into this category, because it has filters on
all possible fields in an application payload.

Have I got this right?

Alex

Would you like _your_ flow bindings document to become an RFC and one
year later people say it doesn't mean it's used just because it has an
RFC number on it.
Well TC marking is used in my lab, works according to specs.

All MIPv6 implementations supposedly use it too, because the MIP6 spec
says so.
I agree with you if I implied so. But no, far from me that idea. I
think it is a very good idea in some contexts to do just that, specify
locally (non-IETF) a protocol, implement test debug and benefit from the
feature (sell other things in the mean time). Google features (earth,
sitemaps, and more) are just that, widely used, and so on.

Remark in the case of Google, although the methods are not standardized,
they're publicly documented, so we can talk about sitemaps.
I agree.
No no, it's different. An assumption is made on the behaviour of the
network and no proof is given. I'm not even mentioned a protocol name
that is not IETF and that does that flow splitting for an uncoscious
endnode. Doesn't mean I don't believe it exists - it may very well.

But flow splitting can happen in so many different ways that some of
them may be in support of your proposal of MR doing flow bindings on
behalf of LFN, others against.

Being silent about what you mean (what non-IETF flow splitting is widely
used?) means that I can't understand you.

What if for example the flow splitting you mean happens in a network
where only two types of applications are possible, with the
distinguisher being WAP or TCP/IP. The network indeed splits the flows
and gives more ressources to WAP and less to TCP/IP. But it is still
the endnode to decide to use either WAP or TCP/IP.

With flow bindings draft we can't say we choose WAP vs TCP/IP, it's just
TCP/IP. The flow bindings draft qualifies only on TCP/IP parameters.
This is very disappointing. Because it means _your_ draft could become
an RFC and thus a non-fact.
Ok, let me try cool down. I agree routers select a next hop they think
appropriate w/o endnode involvement. That selection happens based on
the src and dst address and the traffic class, all being set by the endnode.

You seem to say other routers do it differently, not looking at any
field, or changing some of the fields. You don't say what exactly
method is used. But you say that because other fixed routers don't care
of LFN then MR could either.

I think that is not enough of support for flow bindings monami6.

I also think that the flow binding monami6 methods could make a lot
sense _if_ the MR were informed by the LFN of LFN's preferences. This
is the crux of our argument and we differ - you say flow bindings
monami6 don't need that LFN preferences. And knowing that in NEMO WG
they look _probably_ at exactly MR communicating with LFN for parameter
exchange for RO then I think they should be done in tandem. Ie flow
bindings in monami6 aren't possible w/o RO in NEMO.

Alex

Ok, rfc3775 requires both the MN and the HA to use generic encapsulation
with a written reference to another RFC that says when encapsulating
copy the traffic-class field (optionally pre-configure it). Which means
that if MN decides to use a certain class then the intermediary router
HA respects its decision. Right?

So is Traffic Class actually used? I'd say yes, by and large.
So you didn't say core routers don't look at any fields, didn't say core
routers dont change some fields (in order to achieve their flow
splitting). Since this is undocumented in an RFC, the only thing I
could is to ask you how do you think the core routers do this flow
splitting?
Is a 'flow' an application-level flow, like srcport-dstport go this path
and other pair other path? Or is it a dstaddress-based 'flow'? Or is
it a src-dst flow? Are there other distinctors than address and port?

Does the endnode learn at any time what paths and path selection are
used by the core routers (signalling from router to endnode)?

If I understand these, then I can say whether that particular deployment
is in support of flow bindings monami6 w/o LFN involvement make sense or
not.

I'm very surprised when it's said that Traffic Class isn't used and
other method is in wide use (flow splitting) but can't characterize it
more than just flows taking different paths.
In a sense yes, I agree it's separated issue, like one can HTTP between
two endnodes and then UDP between one of these nodes and a third.

But remark HTTP and UDP have IP in common, use IP header fields in the
same way. With flowbindings context if one wants to use RSVP on LFN and
flow balancing according to the Traffic Class in the MR (all specified
currently) then this will not work, because you suggest that MR uses the
Flow Identification Option for this classification, or the MR uses the
Traffic Class.

So at this point Traffic Class fields and Flow Identification Options
are competitors. It's not like HTTP and UDP both use IP in the same
way, now you have Flow Identification Options and Traffic Class trying
to do same thing.
What if solving that issue means actually using Traffic Class? Doesn't
it mean that solving that issue means Flow Identification Option isn't
used? Which of the two RFCs will be used? Which will be a fact?
I think choosing a flow bindings protocol (among three) drafts is
indeed a separate issue. I think then that this issue of competition
between Traffic Class and Flow Identification Option (or Filter Rules in
draft-larsson-monami6-filter-rules-01.txt or Policy Data Set in
draft-mitsuya-monami6-flow-distribution-policy-02.txt) is a second issue.

For example, if there's a means that any of these three drafts rules
makes use of the Traffic Class pre-defined in an RFC (assured
forwarding, etc) then I think I'm basically fine.

I'm also very fine if there's a means for LFN to tell MR via this
Traffic Class field what class it prefers, and fine if MR copies the
Traffic Class field.
Well, as you know in the NEMO WG there's been rechartering to identify
requirements for Route Optimization. While gathering these
requirements, it may be found out that LFN wants to send the BU to HA
(instead of MR sending BU for its prefix). For LFN to do that, it may
be that MR sends to LFN what are the subnets to which it connects. At
that point the flow bindings should be established by LFN somehow.

Or, this may be a solution to the problem we discussed, that LFN knows
nothing about MR decisions and that is bad. That's why I'm saying NEMO
RO and flow bindings for NEMO are tightly related.

There may be additional issues directly related: one would want to make
sure that when NEMO RO is used and LFN sends a BU, it's the Flow
Bindings specified by that BU that prevail, and not the Flow Bindings in
the BU MR would send.

Now more clear?

Alex