MIPv6 Firewall Traversal Design Considerations - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

MIPv6 Firewall Traversal Design Considerations

Description:

... {Src=HoA, Dst=CN, rH} HoT = {Src=CN, Dst=HoA, rH, ...} CoTI = {Src=CoA, Dst ... Custom solution in MOBIKE to perform connectivity tests (for NAT only) Next Steps ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 9
Provided by: HannesTs8
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: MIPv6 Firewall Traversal Design Considerations


1
MIPv6 Firewall TraversalDesign Considerations
  • Prepared by Hannes Tschofenig, Qiu Ying, Xiaoming
    Fu, Niklas Steinleitner, Gabor Bajko

2
RFC 4487
  • RFC 4487 describes scenarios where
  • the Mobile Node is in a Network Protected by
    Firewall(s)
  • the Correspondent Node is in a Network Protected
    by Firewall(s)
  • the HA is in a Network Protected by Firewall(s)
  • the MN moves to a Network Protected by
    Firewall(s)
  • MIPv6 Signaling Messages
  • BUHA SrcCoA, DstHA, HoA, ...
  • HoTI SrcHoA, DstCN, rH
  • HoT SrcCN, DstHoA, rH,
  • CoTI SrcCoA, DstCN, rC
  • CoT SrcCN, DstCoA, rC,
  • BUCN SrcCoA, DstCN, HoA,
  • BACN CN, CoA, HoA,

3
Scenario (1/2)
  • Provide solutions for specific scenario vs.
    solution(s) for all scenarios?

Mobile Node is in a Network Protected by
Firewall(s)
Correspondent Node is in a Network Protected by
Firewall(s)
4
Scenario (2/2)
  • Provide solutions for specific scenario vs.
    solution(s) for all scenarios?

Home Agent is in a Network Protected by
Firewall(s)
MN moves to a Network Protected by Firewall(s)
5
Selected Problem
Problems with Return Routability Test
6
Design Considerations
  • In-band Signaling vs. Out-of-band signaling
  • Out-of-band signaling MIPv6 alike protocol
    mechanisms vs. another protocol
  • Which protocol?
  • Do firewalls cooperate (i.e., MIPv6 aware)?
  • If the firewall is MIPv6 aware then security
    questions need to be answered with regard to
    authorization of state establishment.
  • Examples CGA, hash of PK, hash chains,
    authorization tokens, etc.

7
State-of-the-Art
  • Firewall detection procedure
  • draft-miao-mip6-ft-02.txt
  • Solution for CN behind a firewall
  • draft-bajko-mip6-rrtfw-01.txt
  • Protocol between FW and MN that is triggered by
    incoming data packets
  • draft-zhang-mip6-fsup-01.txt
  • Transferring packet filter rules between HA and
    MAP (HMIP) secured using IKE
  • draft-qui-mobile-firewall-02.txt
  • Solution for all scenarios
  • draft-thiruvengadam-nsis-mip6-fw-05.txt
  • Solution to compile traceable addresses
  • draft-qiu-mip6-friendly-firewall-01
  • STUN/TURN/ICE and Midcom idea shows up
    periodically
  • Related work can be found in HIPRG (see
    draft-tschofenig-hiprg-hip-natfw-traversal-05.txt,
    HIP NATFW paper or SPINAT).
  • Custom solution in MOBIKE to perform connectivity
    tests (for NAT only)

8
Next Steps
  • Decide on the solution scope
  • Form a design team to investigate the details
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "MIPv6 Firewall Traversal Design Considerations" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!