mip6-2----Page:6
1 2 3 4 5 6
|
Issues The first CREATE_CHILD_SA exchange creates SA for protecting Binding Update Easier to represent TSi Not sure if the IPsec SA created during IKE_AUTH exchange can be used for protecting the BU Difference is three round trips Vs two round trips of IKE exchanges before the BU can be sent SPD entries and dynamically allocated HoA New requirement to update the SPD entries when the HoA of the MN changes Or just re-install the policy entries whenever the HoA changes Alternative is to use a “name” in the SPD entries and have the “name” point to the current HoA IPsec SAs are re-created for the new HoA |