Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol draft-kivinen-mobike-protocol-00.txt Tero Kivinen

Published byReynard Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol draft-kivinen-mobike-protocol-00.txt Tero Kivinen"— Presentation transcript:

1 © 2004 SafeNet, Inc. All rights reserved. Mobike Protocol draft-kivinen-mobike-protocol-00.txt Tero Kivinen kivinen@safenet-inc.com

2 © 2004 SafeNet, Inc. All rights reserved. Basic Design Tries to use as much of IKEv2 as possible Notify payloads for address updates o Multiple notify payloads, each having one address o Separte notify message type for IPv4 and IPv6 IKEv2 dead-peer-detection for return routability checks Tie IKE SA and IPsec SA address movements together

3 © 2004 SafeNet, Inc. All rights reserved. Multihoming Rules Use preferred address as long as it works o If it fails, takes the next one, mark it as currently in use address o Try the most preferred address only after some event Do return routability checks once per new address Concentrates on the usability

4 © 2004 SafeNet, Inc. All rights reserved. Direct Indication of Change Other end sends address update notification Authenticated If new preferred address is known and working, move traffic immediately If new preferred address is unknown, move traffic immediately, and start return routability checks (some might want to delay moving) If new address is known and was not working last time, delay moving of traffic and move it only after verifying that address works now

5 © 2004 SafeNet, Inc. All rights reserved. Indirect Indication of Change Peer receives some indirect indication that address might not work o Do not directly act based on such indication, but start dead-peer-detection to verify if the current address works Rate limit those checks too o Indirect indication might be ICMP (host unreachable etc) Other end start using different address than before (indicates something changed along path, perhaps routing etc). No packets from the other end

6 © 2004 SafeNet, Inc. All rights reserved. Dead-Peer-Detection IKEv2 dead-peer-detection used for return routability checks and to verify addresses o If indirect notification, start with currently in use address o If direct notification start with most preferred address o Send some DPD packets, if no reply move to next address o Keep same IKEv2 message id o Every time new address is tried the retranmission timers are reset o If no response the IKE SA is dead => delete

7 © 2004 SafeNet, Inc. All rights reserved. Dead-peer-detection example T+0 Notify IP1, IP2 t+9.1 Ack packet t+1 DPD packet to IP1 t+2 DPD packet to IP1 t+4 DPD packet to IP1 t+8 DPD packet to IP2 t+9 DPD packet to IP2 t+9.2 Start using IP2 Unreachable Lost

8 © 2004 SafeNet, Inc. All rights reserved. Address Notify Protocol IKEv2 informational exchange Ordered list of IKEv2 notify payloads Separate notify message type for IPv4 and IPv6 Full list of IP-addresses Message id used to sort the request (process only the one having largest message id) o Must not send address notifications in ack-packets

9 © 2004 SafeNet, Inc. All rights reserved. Packet Format 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload !C! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Protocol ID=0 ! SPI Size=0 ! Notify Message Type = 42004/6 ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Notification Data = IPv4 or IPv6 address ~ ! ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

10 © 2004 SafeNet, Inc. All rights reserved. Scope of SA Changes Every time IKE SA addresses are updated, all IPsec SAs follow it o If separate SA list is needed per IPsec SA, then use separate IKE SAs to negotiate them

11 © 2004 SafeNet, Inc. All rights reserved. Zero Address Set Optional feature, which might be taken in Could be one informational exchange having disconnected notify payload Will indicate that the host is unreachable for some time o Can also give indication how long if known DHCP leas time expiring, no new yet => few minutes Suspending => few hours Hibernating => 12 hours Is this feature needed?

12 © 2004 SafeNet, Inc. All rights reserved. Summary Simple protocol, no new payloads, no new exchanges, uses IKEv2 features Use IKEv2 dpd for return routability checks and for verifying that address works

Download ppt "© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol draft-kivinen-mobike-protocol-00.txt Tero Kivinen"

Similar presentations

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen
Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
1 The Marketing Story A single protocol –Exploration = confirmation of reachability = quick check –Works the same way for the current or other pairs Efficient.

1 The Marketing Story A single protocol –Exploration = confirmation of reachability = quick check –Works the same way for the current or other pairs Efficient.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Header and Payload Formats

Header and Payload Formats
IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.

IKEv2 extension: MOBIKE Faisal Memon Erik Weathers CS 259.
© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-kivinen-mobike-design-00.txt Tero Kivinen
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 © 2005 Nokia mobike-transport.ppt/2005-11-09 MOBIKE Transport mode usage and issues Mohan Parthasarathy.

1 © 2005 Nokia mobike-transport.ppt/ MOBIKE Transport mode usage and issues Mohan Parthasarathy.
Network Layer Packet Forwarding IS250 Spring 2010

Network Layer Packet Forwarding IS250 Spring 2010
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
MOBILITY SUPPORT IN IPv6

MOBILITY SUPPORT IN IPv6
IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.

IPv6 Mobility David Bush. Correspondent Node Operation DEF: Correspondent node is any node that is trying to communicate with a mobile node. This node.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.

Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.
Lesson 6 Neighbor Discovery.

Lesson 6 Neighbor Discovery.

Similar presentations

Ads by Google