Preferred Alternatives for Tunnelling HIP (PATH)

Slides:

Advertisements

Similar presentations

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

Advertisements

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

SCSC 455 Computer Security Virtual Private Network (VPN)

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

Host Identity Protocol

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

RSIP Address Sharing with End-to-End Security Mike Borella, 3Com Corp. Gabriel Montenegro, Sun Microsystems March 2000.

9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

Chapter 13 – Network Security

1 Design of the MOBIKE Protocol Editors: T. Kivinen H. Tschofenig.

IPv6, the Protocol of the Future, Today Mathew Harris.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

The Inter-network is a big network of networks.. The five-layer networking model for the internet.

IPSec IPSec provides the capability to secure communications across a LAN, across private and public wide area networks (WANs) and across the Internet.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

TCP/IP Protocol Suite 1 Chapter 16 Upon completion you will be able to: Host Configuration: BOOTP and DHCP Know the types of information required by a.

Presented by Rebecca Meinhold But How Does the Internet Work?

Lesson 2 Introduction to IPv6.

Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.

Routing Information Protocol

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

GIST NAT traversal and Legacy NAT traversal for GIST AND

ID-LOC Proposal Philip Matthews Eric Cooper Alan Johnston Avaya With contributions from Cullen Jennings, David Bryan, and Bruce Lowekamp.

SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on

Kittiphan Techakittiroj (25/06/59 19:10 น. 25/06/59 19:10 น. 25/06/59 19:10 น.) Network Address Translation Kittiphan Techakittiroj

H.323 NAT Traversal Problem particular to H.323(RAS->Q.931->H.245):  RAS from private network to public network can pass NAT  Q931 、 H.245 adopts the.

HIP-Based NAT Traversal in P2P-Environments

V4 traversal for IPv6 mobility protocols - Scenarios Mip6trans Design Team MIP6 and NEMO WGs, IETF 63.

11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.

An Analysis on NAT Security

Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University

Internet Protocol Version 6 Specifications

Virtual Private Networks

Bound End-to-End Tunnel mode for ESP InfraHIP Diego Beltrami

Transport of Media Independent HO Messages over IP

Encryption and Network Security

IT443 – Network Security Administration Instructor: Bo Sheng

Host Configuration: BOOTP and DHCP

Preferred Alternatives for Tunnelling HIP (PATH)

Advertising Encapsulation Capability Using OSPF

IPv6 / IP Next Generation

Dave Thaler A Comparison of Mobility-Related Protocols: MIP6,SHIM6, and HIP draft-thaler-mobility-comparison-01.txt Dave Thaler.

Host Configuration: BOOTP and DHCP

Network Virtualization

תרגול 11 – אבטחה ברמת ה-IP – IPsec

A Unified Approach to IP Segment Routing

Security Protocols in the Internet

CSCI {4,6}900: Ubiquitous Computing

What does this packet do?

The University of Adelaide, School of Computer Science

Net431:advanced net services

Request for Comments(RFC) 3489

Virtual Private Network zswu

Presentation transcript:

Preferred Alternatives for Tunnelling HIP (PATH) <draft-nikander-hip-path-00.txt> P. Nikander, H. Tschofenig, T. Henderson, L. Eggert, J. Laganier

Idea Allow HIP to traverse LEGACY NATs by reusing EXISTING mechanisms Area of investigation: HIP protocol interaction between two HIP endpoints HIP protocol interaction considering rendezvous servers

What extensions are necessary? UDP encapsulation for HIP messages UDP encapsulation for IPsec payloads NAT detection payload Ability to carry locator format with port numbers

(related to interaction with PATH server) Open Issues (related to interaction with PATH server)

HIP and IPsec packets travel via the PATH server HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | without UDP-REA | <---------------- | <---------------- | | <---------------- | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | ----------------> | without UDP-REA | without UDP-REA | | | R2 over UDP | R2 over UDP | | R2 over IP | <---------------- | <---------------- | | IPsec ESP | IPsec ESP | IPsec ESP | | <===============> | over UDP | over UDP | | | <================ | ================> | HIP and IPsec packets travel via the PATH server

Most HIP messages travel via the PATH server HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | <---------------- | <---------------- | | <---------------- | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | ----------------> | without UDP-REA | without UDP-REA | | R2 over UDP | R2 over UDP | R2 over UDP | | <------------------------------------ | <---------------- | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Most HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

Some HIP messages travel via the PATH server HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | <---------------- | <---------------- | | <---------------- | | | | I2 over UDP | I2 over UDP | I2 over UDP | | with UDP-REA | with UDP-REA | with UDP-REA | | ------------------------------------> | ----------------> | | R2 over UDP | R2 over UDP | R2 over UDP | | <------------------------------------ | <---------------- | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Some HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

Questions Maybe there are other ways to interact with the PATH server Should we decide on a single approach? The type of NAT we would like to support is an important design decision. Better alignment with RVS and HIP registration protocol is needed.