RSIP - PowerPoint PPT Presentation

About This Presentation
Title:

RSIP

Description:

Hotels. Airports. Conference centers 'Gas stations on the Information Superhighway' ... Airport LAN. RSIP Router. Corporate Network. Mobile Client w/ RSIP ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 20
Provided by: mikebo9
Category:
Tags: rsip

less

Transcript and Presenter's Notes

Title: RSIP


1
RSIP Address Sharing with End-to-End Security
Mike Borella, 3Com Corp. Gabriel Montenegro, Sun
Microsystems March 2000
2
Where is the Network Edge?
  • Yesterday
  • Corporations
  • Universities
  • Today
  • Homes
  • Cell phones, PDAs
  • Tomorrow
  • Everywhere
  • Hotels
  • Airports
  • Conference centers
  • Gas stations on the Information Superhighway

3
The Expansion of the Edge has Accelerated the IP
Address Shortage
  • About 4 billion total, but...
  • Heavy allocation to North America and Europe
  • Many unused (old Class A blocks)
  • Limited by routing architecture (prefixes, CIDR)
  • Conservative allocation policies
  • Typically must demonstrate both need and usage
  • Heterogeneity implies that address space usage
    count is intractable!
  • Perhaps as many as 50 unallocated
  • Given current growth trends, these wouldnt last
    long on the open market

4
The Solution So FarNetwork Address Translation
(NAT)
  • Multiple hosts share one address
  • NAT router re-writes packet headers to same
    public IP
  • Application proxies for protocols that transmit
    addresses and ports
  • On the down side...
  • Difficult to maintain and manage
  • Breaks IPSEC -gt no VPNs
  • Doesnt work well with many next-generation
    protocols
  • mobile IP, multicast, RSVP, etc.
  • Nonetheless, very widespread deployment

5
NAT in a Nutshell
NAT Router
10.0.0.1
149.112.240.55
6
NAT Needs ALGs for Address and Port Content in
the Payload
FTP control packet from private host arriving at
NAT router
Source IP address
Source TCP port
(10.0.0.4)
(1025)
Payload
(IP 10.0.0.4, Port 1026)
Destination IP address
Destination TCP port
(192.156.136.22)
(21)
IP
TCP
Header
Header
Figure out protocol, look into packet, translate
addresses and ports, change TCP sequence number,
maintain running delta for lifetime of
connectionyuck!
7
Realm Specific IP (RSIP)
  • RSIP goals
  • Alternative to NAT on same network architecture
  • less computation at router
  • No need for ALGs
  • IPSEC integration possible
  • Use header tuples (e.g., ports, SPIs) to extend
    IP address space
  • IP addresses and tuples from the public routing
    realm are leased by private hosts
  • Assignments are made such that incoming packets
    can always be demultiplexed properly

8
RSIP in a Nutshell
RSIP Router
10.0.0.1
149.112.240.55
9
RSIP vs. NAT
  • Similarities
  • Demultiplex on tuples (e.g., addresses, port
    numbers)
  • Mapping kept by server/router
  • Differences
  • NAT Router modifies packets, host oblivious
  • RSIP Host asks router how to make packets
    Internet ready
  • NAT No modifications to host, protocol support
    in router
  • RSIP Host modified but no protocol support
    required in router

10
RSIP Protocol
  • Lightweight negotiation between RSIP servers and
    hosts of arbitrary parameters
  • Network and control resources
  • Vendor-specific parameters
  • Error reporting
  • Transport agnostic
  • may be TCP or UDP (we use port 4455)
  • Message and parameter formats allow extensibility
    beyond our specification
  • E.g., IPSEC SPIs, ISAKMP cookies, PPTP call IDs,
    etc.

11
Registration
RSIP Server
10.0.0.1
149.112.240.55
12
Assignment
RSIP Server
10.0.0.1
149.112.240.55
13
IPSEC
  • Two related, but independent modules
  • Secure encapsulation and transport (ESP, AH)
  • Rather straightforward
  • Secure key exchange (IKE, ISAKMP, OAKLEY)
  • Rather complicated

14
IPSEC Encapsulation and Transport
15
RSIP with IPSEC
  • ESP encrypts all ports cant use them to
    demultiplex!
  • Use SPI instead
  • Additional negotiation ASSIGN_REQUEST_RSIPSEC
  • IPSEC client module must
  • Use ephemeral IKE source port
  • Otherwise I-Cookie routing necessary - more
    negotiation
  • Using default IKE port may cause rekeying
    problems
  • Acquire SPI values from RSIP module

16
Remote Access from Airport Kiosk
Corporate Network
Mobile Client
Airport LAN
NAT Router
17
Secure VPN Enabled by RSIP
Corporate Network
Mobile Client w/ RSIP
Secure Virtual Tunnel
Airport LAN
RSIP Router
18
RSIP and IPv6?
  • Part of a dual-stack transition mechanism?

19
Current Status in the IETF
  • draft-ietf-nat-rsip-protocol-06.txt
  • draft-ietf-nat-rsip-framework-04.txt
  • draft-ietf-nat-rsip-ipsec-03.txt
  • draft-ietf-nat-rsip-slp-00.txt
  • draft-ietf-dhc-nextserver-02.txt
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "RSIP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!