Middlebox Signaling in a NSIS framework - PowerPoint PPT Presentation
1 / 5
Title:
Middlebox Signaling in a NSIS framework
Description:
NSIS should not be about QoS only. NSIS should work service independent ... Does not matter what order in what number NATs and firewalls are traversed ... – PowerPoint PPT presentation
Number of Views:25
Avg rating:3.0/5.0
Title: Middlebox Signaling in a NSIS framework
1
Middlebox Signaling in a NSIS framework
- Marcus Brunner, Martin Stiemerling
- NEC
2
Motivation
- NSIS should not be about QoS only
- NSIS should work service independent
- Middlebox communication might be another
application of NSIS - E.g. NAT/Firewall Traversal
- Signaling on data path does handle the
topological issues
3
Example Firewall Traversal Scenario
application
NSIS signaling
data
Public Internet
4
Service Specification
- Open Firewall Pinhole and/or NAT binding
- Does not matter what order in what number NATs
and firewalls are traversed - The service-specific part of NSIS should handle
that
5
Impact on NSIS framework
- Firewall traversal
- Problem signaling from public side is less
trusted then from inner-side - Receiver initiation might solve this
- Or strong authentication and authorization (might
be security psychological problem) - NAT traversal
- Problem from outside unknown binding
- Signaling does not work, needs application-level
binding setup - From inside works fine
- For other services NSIS is signaling for
- NAT needs to be NSIS aware anyway
- E.g. for QoS-type of services NSIS messages need
to be translated (flow id)
