Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner."— Presentation transcript:

1 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner Xiaoming Fu

2 Overview Problems of MIPv6 and Firewalls NSIS as Solution Draft Updates Open Issues Next Steps

3 Problem of MIPv6 and Firewalls Firewalls can cause several deployment problems –different based on FW placements Problem statement in RFC 4478 Additionally: draft-bajko-nsis-fw-reqs-04.txt

4 Overview of the Problems Binding Updates packets are IPsec protected Packets can be tunneled (or reverse tunneling) or not tunneled (route optimization) Several address are used Incoming packets does not match existing states in the FWs, because of different addresses (BU, CoTI, HoTI) Unsolved packets are dropped  Some packets might be dropped, preventing MIPv6 to perform well in presence of FWs

5 Why NSIS? Mobile IPv6 maintains entries for moving packets from a host to another host (in roaming scenarios) The endpoints are the only entities that –Have knowledge of the HoA, Home Agent address, CoA –Know the mode being used, and format of packets –Know the characteristics of the required pinholes The NAT/FW NSLP allow endpoints to configure FWs –Allow data receiver to initiate the signaling (REA) –Allow to create several states per request –Support the required filter parameter

6 NSIS as Solution The draft-thiruvengadam-nsis-mip6-fw-04 “Mobile IPv6 - NSIS Interaction for Firewall traversal” show how NSIS could solve the problems

7 Draft Updates Adapt draft to current version of NAT/FW NSLP draft and supported features Simplified protocol operation Reduce request latency

8 Necessity of detecting of the FW presence? Many states need to be created in the firewalls –Route Optimization –Reverse Tunneling –Home Test Init messages –Care of Test Init messages –Binding Updates –IPsec traffic between MN and HA Enabling a detection feature would –Allow several states to be created per request –Reduce the time delay: reduce MIP6/NSIS interaction –Reduce the overhead, especially for cellular networks

9 NATFW NSLP with MIP6 MN CN HA Example in a FW in MN’s access network (BT case): MN uses CREATE to allow: - binding update messages (src: CoA, dst: HA) {BU} - HoTI messages (src: CoA, dst: HA) {RO} - if uplink firewall, for data traffic from MN (src: MN, dst: *) MN uses REA to allow: - HoT messages (src: HA dst: CoA) {RO} - if CN is DS * for data traffic from HA to MN (src: HA, dst: CoA) {BT} * for data traffic from HA to MN (src: HA, dst: CoA) {TR} * for data traffic from CN to MN (src: CN, dst: CoA, SP: data application port, DP: data application port) {RO}

10 Open Issues Multiple rules for different patterns in single signaling messages possible? Detailed interaction with MIPv6 Authorization and authentication issues –May rely on an AAA infrastructure Triangle Routing case useful?

11 Next Steps Detailed interaction with MIPv6 operations Authorization using AAA Inputs, comments and suggestions appreciated!

Download ppt "Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
PMIPv6 Localized Routing Problem Statement draft-liebsch-netext-pmip6-ro-ps-01.txt Marco Liebsch, Sangjin Jeong, Qin Wu IETF75 - Stockholm NetExt WG, 30.

PMIPv6 Localized Routing Problem Statement draft-liebsch-netext-pmip6-ro-ps-01.txt Marco Liebsch, Sangjin Jeong, Qin Wu IETF75 - Stockholm NetExt WG, 30.
Applicability Statement of NSIS Protocols in Mobile Environments draft-ietf-nsis-applicability-mobility-signaling-12.txt Takako Sanda, Xiaoming Fu, Seong-Ho.

Applicability Statement of NSIS Protocols in Mobile Environments draft-ietf-nsis-applicability-mobility-signaling-12.txt Takako Sanda, Xiaoming Fu, Seong-Ho.
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
Inter-Subnet Mobile IP Handoffs in 802.11b Wireless LANs Albert Hasson.

Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.
Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)

Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG

Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
1 Dual Stack Support in Mobile IPv6 for Hosts and Routers OR IPv4 traversal for Mobile IPv6 ! draft-ietf-mip6-nemo-v4traversal-00 H. Soliman, G. Tsirtsis,

1 Dual Stack Support in Mobile IPv6 for Hosts and Routers OR IPv4 traversal for Mobile IPv6 ! draft-ietf-mip6-nemo-v4traversal-00 H. Soliman, G. Tsirtsis,
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
Mobile IP.

Mobile IP.
1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.

1 MIPv6 CN-Targeted Location Privacy and Optimized Routing draft-weniger-mobopts-mip6-cnlocpriv-01 IETF #68, Prague, March 2007.
1 Sideseadmed (IRT0040) loeng 5/2010 Avo

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

Similar presentations

Ads by Google