Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.

Slides:

Advertisements

Similar presentations

Router Identification Problem Statement J.W. Atwood 2008/03/11

Advertisements

Enabling IPv6 in Corporate Intranet Networks

Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,

Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli.

MPTCP – Multipath TCP WG Meeting Honolulu, IETF-91, 14th Nov 2014 Philip Eardley Yoshifumi Nishida 1.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.

SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.

1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand

Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.

DMM Framework based on Functional Elements draft-liebsch-dmm-framework-analysis-02 M. Liebsch, P. Seite, G. Karagiannis IETF88, Vancouver DMM WG 08 th.

Public Key Infrastructure Ammar Hasayen ….

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,

MPTCP – Multipath TCP WG Meeting Toronto, IETF-90, 21 st July 2014 Philip Eardley Yoshifumi Nishida 1.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Principles on evaluating FIWARE relevance for Phase 3 proposals.

1 Behcet Sarikaya Frank Xia Ted Lemon July 2011 DHCPv6 Prefix Delegation as IPv6 Migration Tool in Mobile Networks IETF 81

1 Stable Connectivity IETF 91 11/2014 Honolulu draft-eckert-anima-stable-connectivity-00 T.Eckert M. Behringer.

49th IETF - San Diego - 1 Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt - Thierry Ernst - MOTOROLA Labs Ludovic Bellier.

1 UDP Encapsulation of 6RD IETF 78 Maastricht 2010 July 30.

Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.

Wireline: Incremental IPv6 draft-kuarsingh-wireline-incremental-ipv6-00 Victor Kuarsingh, Rogers Communications Inc.

IPv6 Address Accountability Considerations draft-chown-v6ops-address-accountability-01 IETF81, Quebec Tim Chown, July 28 th, 2011.

PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG

RADIUS issues in IPv6 deployments draft-hu-v6ops-radius-issues-ipv6-01 J. Hu, YL. Ouyang, Q. Wang, J. Qin,

Draft-ietf-v6ops-addcon-02.txt IPv6 Unicast Address Assignment Considerations Olaf Bonness, Tim Chown, Christian Hahn, Ciprian Popoviciu, Gunter Van de.

1 Evaluation of PMIPv6 Base Multicast Support Drafts Stig Venaas Behcet Sarikaya November 2009 Multimob WG IETF 76.

NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.

Node Information Queries July 2002 Yokohama IETF Bob Hinden / Nokia.

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

Network Architecture Protection (draft-vandevelde-v6ops-nap-01.txt) Brian Carpenter, Ralph Droms, Tony Hain, Eric L Klein, Gunter Van de Velde.

81th IETF, QuebecMTMA Multicast Tree Mobility Anchor (MTMA) Juan Carlos Zúñiga, Akbar Rahman InterDigital Luis M. Contreras, Carlos J. Bernardos Universidad.

81st IETF - Quebec, Canada IJsbrand Yiqun draft-wijnands-pim-neighbor-reduction-01.

IETF-90 (Toronto) DHC WG Meeting Wednesday, July 23, GMT IETF-90 DHC WG1 Last Updated: 07/21/ :10 EDT.

Balanced Security for IPv6 CPE draft-ietf-v6ops-balanced-ipv6-security-01 IETF89 London M. Gysi, G. Leclanche, E. Vyncke, R. Anfinsen.

Multicast Considerations for Gateway Initiated Dual-Stack lite (draft-brockners-softwire-mcast-gi-ds-lite-00) Authors: Frank Brockners

1 3gpp_trans/ / IPv6 Transition Solutions for 3GPP Networks draft-wiljakka-3gpp-ipv6-transition-00.txt Juha Wiljakka,

Behcet Sarikaya Frank Xia July 2009 Dual-stack Lite Mobility Solutions IETF-75

GEONET Brainstorming Document. Content Purpose of the document Brainstorming process / plan Proposed charter Assumptions Use cases Problem description.

Draft-chown-v6ops-vlan-usage-01 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.

PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.

Draft-ietf-v6ops-addcon-01.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor), Tim Chown, Ciprian Popoviciu, Olaf Bonness,

6MoN plus geographically distributed dual stack network monitoring #TNC16 | #IIT-CNR | #6MoN Speaker: Abraham Gebrehiwot.

Deploying Dual-Stack Lite in IPv6 Network draft-boucadair-dslite-interco-v4v6-04 Mohamed Boucadair

IETF88 Vancouver Immediate options for Multrans avoiding NAT ?

CE Based Membership Verification for L3VPN

Security Implications of IPv6 on IPv4 Networks

IPv6 Benchmarking Methodology

draft-nitish-vrrp-bfd-02

Discussion on DHCPv6 Routing Configuration

<draft-ohba-pana-framework-00.txt>

Timeline - ATIS Involvement

Trust Anchor Management Problem Statement

Gunter Van de Velde Kiran Kumar Chitimaneni Warren Kumari

Multi-domain MPLS Deployment Enhancement

DHCPv6-Shield: Protecting Against Rogue DHCPv6 Servers

S. Gundavelli, J. Korhonen, M. Liebsch, P. Seite, H. Yokota,

IETF67 B. Patil, Gopal D., S. Gundavelli, K. Chowdhury

ND-Shield: Protecting against Neighbor Discovery Attacks

جايگاه گواهی ديجيتالی در ايران

Consideration on applying ICN to Edge Computing

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006

Zero Touch Provisioning for NETCONF/RESTCONF Call Home draft-ietf-netconf-zerotouch-19 NETCONF WG IETF 100 (Singapore)

draft-ietf-mpls-rmr IETF 99 (Prague)

Requirements for IPv6 Routers draft-ietf-v6ops-ipv6rtr-reqs-00

M. Boucadair, J. Touch, P. Levis and R. Penno

Presentation transcript:

draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia

draft-vandevelde-v6ops-ra-guard-01.txt2 Draft objective Complement SeND where it is not (1) convenient or (2) possible to use SeND to defend against Rogue RA RA-guard is “no replacement” for SeND but a tool to work together with SeND

draft-vandevelde-v6ops-ra-guard-01.txt3 SEND deployment model router Certificate Authority CA 0 host C 0 trusted anchor certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL (revocation list) CPA (C R ) RA ( pfx_list=P R ) Subordinate Certificate Authority CA 1

draft-vandevelde-v6ops-ra-guard-01.txt4 Proposed Deployment model router CA 0 host C 0 certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL CPA (C R ) RA ( pfx_list=P R ) CA 1

draft-vandevelde-v6ops-ra-guard-01.txt5 RA-Guard complementing SeND RA-guard "SeND-validating" RA on behalf of hosts would potentially simplify some of the current deployment challenges: It may take time until SeND is ubiquitous (i.e. issues concerning provisioning hosts with trust anchors or SP access-networks with non-managed CPE) It is also reasonable to expect that some devices might not consider implementing SeND (i.e. IPv6 enabled sensors) RA-guard intends to provide simple solutions to the rogue-RA problem: Through a simple solution by filtering/snooping potential Rogue- RA In others, leverage SeND between capable devices (L2 and routers) to provide protection to devices that do not consistently use SeND

draft-vandevelde-v6ops-ra-guard-01.txt6 RA-Guard Use Considerations RA-traffic must go “through” a RA-Guard L2 controlled networking device Tunneled traffic is not protected RA-Guard could protect content of an RA

draft-vandevelde-v6ops-ra-guard-01.txt7 Next steps Adopt as WG item?

draft-vandevelde-v6ops-ra-guard-01.txt8 THANK YOU!