Here goes a first stab at discussion:
Requirements:
------------
1>
The solution should provide the simultaneous operation of location privacy and route optimization as dog leg routing can increase unecessary delay - affect QoS. A person using a mobile node should not have to sacrifice one for the other.
2>
The signaling should be as fast as possible. Waiting on the dynamic dog-leg establishment of a security associations to authenticate and authorize a binding and reservation are occuring is probably not an option.
3>
If at all possible the solution should leverage any existing security associations that exist and are utilized in networks today in order to speed up the binding and reservation.
4>
The solution should be as scalable as possible. Any effort to reduce the amount to signaling and processing through core edge and intermediary routers should be made. Localization of proxy functions into aggregates and hierarchical topologies at the edge should be utilized to improve the scalability.
5>
The solution should be as stateless as possible. States should only be kept at the edge or pertaining to aggregatations.
6>
The solution should not require an implementation to key any logical data structures (FIB, RIB, PIB, BC, SIB, etc..) using the source IP address of an MN as this will change.
7>
This is really a wireless requirement:
In order to provide for unequal protection of media streams on wireless link layers, the signaling should be able to convey the actual media types used as part of the flows being reserved.
8>
The solution should allow for both one way and two way reservation when asymmetric routing is not an issue i.e. a point to point link on the first hop.
9>
The solution should work with asymmetric routes.
10>
The solution should provide for proxy functions of the signaling with "older" solutions for backward compatibility and when the signaling is considered too verbose for a specific link layer.
11>
The solution should provide for fast recovery mechanisms when intermidary nodes fail.
12>
A method must be provided to encrypt the signaling as it passes to the affected nodes of the network.
13>
A method must be provided to authenticate the credentials of the signaling entities.
14>
It should be possible to send an application packet along with the signaling.
15>
Authorization and Accounting should be treated as separate, decoupled back-end processes.
Questions to discuss:
--------------------
1>
Should the signaling solution be the same for IPv4 as for IPv6?
2>
What assumptions, if any, can be made about pre-existing security associations between the MN with its visited and home domains can be made?
3>
What assumptions, if any, can be made about any pre-existing SAs between a CN and it's visited and home domains can be made?
Hope this helps,
Glenn