Alper Yegin wrote:
Let me further separate threads. This one issue is relatively standalone,
and orthogonal to the format re-structuring you are suggesting.
As yet another simplification, what if you allowed any authenticated
PANA message update the source IP/port? This would seem to be of
considerable help to NAT traversal (e.g., if the PaC is issuing a
periodic Ping). Also, it would mean that you don't have to define a
specific message (e.g., the Ping, or reauth, etc. would all do the
trick
just fine).
I'm thinking this implicit semantics may hurt us down the road. There
may be
valid reasons to send messages with different source addresses in the
future. I think a dedicated and explicit message type is better.
If you allow messages to come from different source addresses for the
same session, we are back to coordinating a context ID for the PANA
session that is somehow unique across the administrative domain.
The session is still on the same PAA. PaC is the one changing address.
Well, if the PAA is using the PAC source IP, port, and ID to identify
the session when control messages arrive, then you cannot allow the
control messages to come from different source PAC addresses.
I think you are referring to the case when we needed to globally unique
session identifiers. I don't see a need for such a thing in this case.
I'm trying to remember who assigns the ID. If it is always the PAA, then
yes you are OK here.
- Mark
Alper
_______________________________________________
Pana mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/pana
