First page Back Continue Last page Overview Graphics
Mobile IPv6 & IPsec/IKE Interaction
IPsec tunnel established between the MN and HA needs to be updated whenever the MN changes its CoA
IPsec/IKE should also be aware of ‘movement’ of MN because:
- IPsec Security Policy Database (SPD) needs to be updated in accordance with CoA change.
- IPsec Security Association (SADB) needs to be updated in accordance with CoA change.
- IKE needs to update the IKE connection (K-bit).
A solution:
- Make an interface between Mobile IPv6 and IPsec/IKE by extending PF_KEY framework (PF_KEY MIGRATE message)
- “PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE”, draft-sugimoto-mip6-pfkey-migrate-00
- Implemented in MIPL2.0 RC2