On Sat, 2007-03-02 at 09:28 +0900, Shinta Sugimoto wrote: > Yes. A XFRM_MSG_MIGRATE message can update an SPD entry and associated > SAD entries (if any) at a time. >
Ok, you have convinced me on the need for the message. > By "Mobile VPN", I meant a VPN scenario where clients roam around > subnets and continue changing its attachment point to the Internet > (aka roadwarrior). In such case, both client and SGW need to update > endpoint address of the security association. When the endpoint address > of client side is updated, instead of re-establishing the security > association from scratch, the client may inform the SGW of its new > endpoint address. This is what MOBIKE (RFC4555) does. So, just like > in the case of Mobile IPv6, endpoint address management of IPsec > databases is necessary and XFRM_MSG_MIGRATE message can be used. makes a lot of sense. Thanks for your patience Shinta. cheers, jamal - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
