Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.

Published byAnissa York Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF."— Presentation transcript:

1 draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF - Dublin, Ireland 27 July - 1 August 2008

2 draft-ietf-v6ops-ra-guard-00.txt2 Draft objective Complement SeND where it is not (1) convenient or (2) possible to use SeND to defend against Rogue RA RA-guard is “no replacement” for SeND but a tool to work together with SeND

3 draft-ietf-v6ops-ra-guard-00.txt3 RA-Guard Usage Considerations RA-traffic must go “through” a RA-Guard networking device - limited applicability in certain wireless networks Tunneled traffic is not protected RA-Guard could protect content of an RAmessage

4 draft-ietf-v6ops-ra-guard-00.txt4 New WG draft Updated and (hopefully) clarified from individual draft from last time Clarification of RA-guard operation modes: Deny (based on criteria), allow (based on criteria), allow from SEND authorised sources Make more clear what “pre-defined criteria” mean For the SEND authorised mode introduction of terminology of “router authorization proxy” - or should we call “SEND validating device” - which is the right terminology? Should we call ra-guard device in general cases?

5 draft-ietf-v6ops-ra-guard-00.txt5 Comments and Next steps Comments so far from WG: Simplify state machine (from Christian Vogt): device/interface - device level probably not necessary - the authors are working on an update state machine Define clearly pre-defined criteria (from Christian Vogt) Describe “router authorisation proxy” operation (from Arnaud Ebalard) Describe behaviour in case of multiple devices sending accepted RA messages (from Arnaud Ebalard) Next Address further comments from WG Fixing typos (Thanks to Arnaud Ebalard)

6 draft-ietf-v6ops-ra-guard-00.txt6 THANK YOU!

7 draft-ietf-v6ops-ra-guard-00.txt7 Backup slides From IETF71

8 draft-ietf-v6ops-ra-guard-00.txt8 SEND deployment model router Certificate Authority CA 0 host C 0 trusted anchor certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL (revocation list) CPA (C R ) RA ( pfx_list=P R ) Subordinate Certificate Authority CA 1

9 draft-ietf-v6ops-ra-guard-00.txt9 Proposed Deployment model router CA 0 host C 0 certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL CPA (C R ) RA ( pfx_list=P R ) CA 1

10 draft-ietf-v6ops-ra-guard-00.txt10 RA-Guard complementing SeND RA-guard "SeND-validating" RA on behalf of hosts would potentially simplify some of the current deployment challenges: It may take time until SeND is ubiquitous (i.e. issues concerning provisioning hosts with trust anchors or SP access-networks with non-managed CPE) It is also reasonable to expect that some devices might not consider implementing SeND (i.e. IPv6 enabled sensors) RA-guard intends to provide simple solutions to the rogue-RA problem: Through a simple solution by filtering/snooping potential Rogue- RA In others, leverage SeND between capable devices (L2 and routers) to provide protection to devices that do not consistently use SeND

Download ppt "Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF."

Similar presentations

Router Identification Problem Statement J.W. Atwood 2008/03/11

Router Identification Problem Statement J.W. Atwood 2008/03/11
Tuning the Behavior of IGMP and MLD for Routers in Mobile and Wireless Networks draftietfmultimobigmpmldtuning-01 Hitoshi Asaeda Hui Liu Qin Wu 81 st IETF,

Tuning the Behavior of IGMP and MLD for Routers in Mobile and Wireless Networks draftietfmultimobigmpmldtuning-01 Hitoshi Asaeda Hui Liu Qin Wu 81 st IETF,
IP over ETH over IEEE802.16 draft-riegel-16ng-ip-over-eth-over-80216-01 Max Riegel

IP over ETH over IEEE draft-riegel-16ng-ip-over-eth-over Max Riegel
Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,

Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,
MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.

MPKI Interoperability I-D ChangeLog from -01 to -02 Jan 16, 2004 Masaki SHIMAOKA SECOM Trust.net.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.

Certificate Path Building draft-ietf-pkix-certpathbuild-01.txt Peter Hesse Matt Cooper Yuriy Dzambasow Susan Joseph Richard Nicholas.
Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.

Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.
Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.

Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.
IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,

IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,
Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.

Request History – Solution Mary Barnes SIP WG Meeting IETF-57 draft-ietf-sip-history-info-00.txt.
1 464XLAT Combination of Stateful and Stateless Translation draft-ietf-v6ops-464xlat-01 IETF 83 v6ops WG Japan Internet Exchange Co.,Ltd.

1 464XLAT Combination of Stateful and Stateless Translation draft-ietf-v6ops-464xlat-01 IETF 83 v6ops WG Japan Internet Exchange Co.,Ltd.
IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.

IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
Submission doc.: IEEE 802.11-14/1015r1 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Proxy ARP in 802.11ax Date: 2015-08-25 Authors:

Submission doc.: IEEE /1015r1 September 2015 Guido R. Hiertz et al., EricssonSlide 1 Proxy ARP in ax Date: Authors:
Quality of Service Option for Proxy Mobile IPv6 draft-ietf-netext-pmip6-qos-00.txt S. Gundavelli, J. Korhonen, M. Liebsch, P. Seite, H. Yokota IETF84,

Quality of Service Option for Proxy Mobile IPv6 draft-ietf-netext-pmip6-qos-00.txt S. Gundavelli, J. Korhonen, M. Liebsch, P. Seite, H. Yokota IETF84,
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
IEEE SCC41 PARs Dr. Rashid A. Saeed. 2 SCC41 Standards Project Acceptance Criteria 1. Broad market application  Each SCC41 (P1900 series) standard shall.

IEEE SCC41 PARs Dr. Rashid A. Saeed. 2 SCC41 Standards Project Acceptance Criteria 1. Broad market application  Each SCC41 (P1900 series) standard shall.

Similar presentations

Ads by Google