Presentation is loading. Please wait.

Presentation is loading. Please wait.

Roaming Over Savi Device Tao Lin IETF 79. Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN.

Published byErick Garry Cobb Modified over 8 years ago

Similar presentations

Presentation on theme: "Roaming Over Savi Device Tao Lin IETF 79. Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN."— Presentation transcript:

1 Roaming Over Savi Device Tao Lin IETF 79

2 Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN devices

3 NDP Snooping mechanism Snooping the protocol packet to establish binding entry, without modifying protocol. Based on the address allocation protocol, including packet format, interaction, procedure, etc. Filtering the following data packet by the binding entry. Focus on binding entry’s maintenance.

4 Switch implementation Many access switches in one local network. Establish every host’s binding entry in every switch. Or, the uplink port is used to prevent binding entry of host directly connected to other switch. Aggregation Switch ASwitch B PCBPCA Uplink port

5 Roaming over switches - Problem Establish every host’s binding entry in every switch. –The number of binding entry will increase fast when the numbers of host is increasing. The uplink port is used to prevent binding entry of host connected to other switch. –If PCA roams to switch B, there is a residual binding entry of PCA for aging (TimeA). It’s vulnerable, someone maybe exploit it in this time. –PCB also can imitate PCA to establish a same binding entry in switch B (while it attack PCA to prevent it replying a NA for DAD NS packet), and there will be two legal host’s bind entries in two switches.

6 Roaming over switches - Possible method After PCA roamed to new switch, the original switch can send a NS packet to ensure the PCA’S roaming, when it received the DAD NS packet from PCA, including original position ensuring (TimeB) and new position ensuring (TimeC). Aggregation Switch ASwitch B PCA DAD NS

7 Roaming over switches - Possible method. Contd. Disadvantage When ensuring original position, it is vulnerable in the waiting time (TimeB). When ensuring new position, the original switch must have an IP address as the original IP address of detecting packet, otherwise the reply packet can’t return.

8 WLAN network

9 Roaming over WLAN devices - Problem All packet are forwarded to AC through CAPWAP tunnel. –SAVI should be implemented in AC. There isn’t interface up/down event in AC/AP, like switch, to tiger the roaming host to send a new DAD NS packet.

10 Roaming over WLAN devices - Possible method Take advantage of the roaming event of WLAN –When the host roams to new AP, this AP will inform AC, so AC can learn about the host’s roaming event, and change the binding entry. Disadvantage –Now, there is a new mode that AP can forward packet upstream bypass AC. In this scenario, the traffic between the host connected to the same AP and the traffic bypass AC can’t be filtered.

11 Discussions The same as IPv4. Other scenarios? DHCP snooping? Other methods? Add new option for security? …… Please give your guidance and comments to this work, Thanks! Wish you join it! http://tools.ietf.org/id/draft-lin-savi-roaming-nd-00.txt

Download ppt "Roaming Over Savi Device Tao Lin IETF 79. Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN."

Similar presentations

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.
Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.
Doc.: IEEE 802.11-11/1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: 2011-09-19 Authors:

Doc.: IEEE /1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:
© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
1 DYNAMIC HOST REGISTRATION -- INTERNET GROUP MANAGEMENT PROTOCOL 2008.07.26 Yi-Cheng Lin.

1 DYNAMIC HOST REGISTRATION -- INTERNET GROUP MANAGEMENT PROTOCOL Yi-Cheng Lin.
Lecture Week 7 Implementing IP Addressing Services.

Lecture Week 7 Implementing IP Addressing Services.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Unified IPv6 Transition Framework With Flow-based Forwarding draft-cui-softwire-unified-v6-framework-00 Presenter: Cong Liu 1.

Unified IPv6 Transition Framework With Flow-based Forwarding draft-cui-softwire-unified-v6-framework-00 Presenter: Cong Liu 1.
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Altai Certification Training Backend Network Planning

Altai Certification Training Backend Network Planning
1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / 04-20-2001 / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China

1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China
Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Similar presentations

Ads by Google