IGD Working Committee Update Ulhas Warrier Chair, IGD Intel Corporation
Outline IGD v1.0 recap IGD v2.0 objectives WLAN Enrollment Scenario Working Committee Status
Internet Gateway Device 1.0 v1.0 approved in Nov 2001 Several IGD products in the market Different connection types supported PPPoE, PPPoA, IP-Routed Multiple WAN connections Access to gateway info Data rate, connection status Automatic NAT-traversal
Internet Tell peer to send packet to LAN address UPnP IGD Example for NAT traversal UPnP IGD Example for NAT traversal NAT using WAN address Game Host with private LAN IP address Peer Game System on Internet Discover IGD, Get WAN IP address Configure IGD to forward packets arriving on the IGD WAN address to host Home LAN Routing to private LAN address fails End to end packet delivery Tell peer to send packet to IGD’s WAN address IGD
Committee formed in Q Two-fold Charter Future IGD needs – IGD DCP access point configuration – AP DCP Current focus mostly on AP DCP Completion targeted by Q1 ’03 First plugfest in October 2002 Group has weekly teleconference meetings Current active participants – Broadcom, GlobeSpanVirata, Intel, LG, Microsoft, Thomson Internet Gateway Device 2.0
IGD DCP 2.0 IPv6 support Existing services modified for IPv6 New services – firewall configuration IGD v1 enhancements Support for configuring IP Forwarding Port mapping additions
Access Point DCP Simplify Access Point setup Initial configuration Diagnostic information Make enrollment of new clients easy Devices with no UI Guest clients Additional access points Enable deployment of stronger link security Privacy important as WLAN usage increases Make link security setup easy, including 802.1x
Access Point UPnP Services WLANAccessPointDevice WLANConfigurationService required WLANAuthenticationService conditionally required DeviceSecurity required
Common way to programmatically access AP information SSID AP mode – repeater or not Valid channel set Physical location of the access point - Longitude-latitude, location address as in street, city, state, zip Auto-fallback rate, Possible data rates WEP encryption level, Default WEP key, WEP keys (1 to 4) Configuration Status Total number of connected clients Some of the configuration actions will be secured E.g. setting of WEP key AP Configuration Service
Maintains WLAN client list Username Credentials (Password) Access restrictions Simple, common interface to update client list Notifies user of authentication attempt from new clients All actions will be secured AP Authentication Service
Enrolling an Client Username: __Dev1__ Password: ________ User prompted on PC1 for 802.1x authentication password User enters info provided by Dev1 vendor (chassis/manual) PC1 informs AP about successful validation Console PC Device without UI easily enrolled into secure WLAN Dev1 PC1 Secure UPnP Secure link established
Setting up Console PC Assumption: PC1 has built- in AP control point software Assumption: AP has ‘first login info’ and ‘AP ID’ made available to user Username: ________ Password: ________ User prompted for 802.1x authentication information User can configure AP securely from PC1 anytime User enters info given by AP vendor (chassis/manual) AP identifier string displayed to user Secure link established AP ID : WLP1234 Secure UPnP established PC1 becomes the ‘secure console’ for AP PC1
Access Point DCP Status Configuration Service 0.45 Ready for first plugfest Repeater setup next focus Authentication Service 0.2 Discussion on optional/required status Alignment work with other forums SSN and IEEE TGi WECA Dependency on UPnP Security
Demo Enrolling into secure WLAN
For the interconnected lifestyle