Issues to Consider w.r.t Protocol Solution - IETF54 -

Slides:

Advertisements

Similar presentations

IPv6 Network Security.

Advertisements

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

PANA Requirements and Terminology - IETF54 -. PANA WG, IETF 54, Requirements and Terminology draft-ietf-pana-requirements-02.txt Changes Comments/questions.

CSCI 4550/8556 Computer Networks Comer, Chapter 23: An Error Reporting Mechanism (ICMP)

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Overview of the Mobile IPv6 Bootstrapping Problem James Kempf DoCoMo Labs USA Thursday March 10, 2005.

IETF 58 PANA WG PANA Update and Open Issues (draft-ietf-pana-pana-02.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

1 © NOKIA MitM.PPT/ 6/2/2015 / Kaisa Nyberg (NRC/MNW), N.Asokan (NRC/COM) The Insecurity of Tunnelled Authentication Protocols N. ASOKAN, VALTTERI NIEMI,

ICMP: Internet Control Message Protocol used by hosts, routers, gateways to communication network-level information –error reporting: unreachable host,

PaC with unspecified IP address. Requirements Assigning an IP address to the client is outside the scope of PANA. PANA protocol design MAY require the.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.

DHCP: Dynamic Host Configuration Protocol

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

1 DNS Discovery: Problem Statement Review host plug-n-play / auto-config / zero-config is an important goal for IPv6 — essential for, e.g., home networks,

Mobile IP Chapter 19. Introduction Mobile IP is designed to allow portable computers to move from one network to another Associated with wireless technologies.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 8 TCP/IP Suite Error and Control Messages.

7/14/2003IETF57 PANA enabling IPsec based Access control draft-mohanp-pana-ipsec-00.txt Mohan Parthasarathy Tahoe Networks - Presented by Hannes Tschofenig.

IETF54 Charter Issues Dealt with since IETF53 PANA WG Meeting Basavaraj Patil.

August 1, 2005IETF63 PANA WG Pre-authentication Support for PANA (draft-ohba-pana-preauth-00.txt) Yoshihiro Ohba

KAIS T Security architecture in a multi-hop mesh network Conference in France, Presented by JooBeom Yun.

Using DHCPv6 for DNS Configuration in Hosts draft-ietf-droms-dnsconfig-dhcpv6-00.txt Ralph Droms.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.

IETF-71, Philadelphia PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt Lionel Morand France Telecom Alper Yegin Samsung Yoshihiro Ohba Toshiba.

SNMP for the PAA-EP protocol PANA wg - IETF 60 San Diego -> Yacine El Mghazli (Alcatel)

CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

PANA Implementation in Open Diameter Victor Fajardo.

3/20/2007IETF68 PANA WG1 PANA Issues and Resolutions Yoshihiro Ohba Alper Yegin.

PANA Framework Prakash Jayaraman, Rafa Marin Lopez, Yoshihiro Ohba, Mohan Parthasarathy, Alper Yegin IETF 59.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.

Internet Protocols. ICMP ICMP – Internet Control Message Protocol Each ICMP message is encapsulated in an IP packet – Treated like any other datagram,

SNMP for the PAA-2-EP protocol PANA wg - IETF 59 Seoul -> Yacine El Mghazli (Alcatel)

Multi-hop PANA IETF Currently: –“For simplicity, it is assumed that the PAA is attached to the same link as the device (i.e., no intermediary IP.

Identify the traffic that should go across the VPN. Check the ACL configuration Try to ping across the tunnel using a ping that matches the ACL We should.

Mar 20, 2005IETF65 PANA WG Requirements for PANA support of location based services draft-anjum-pana-location-requirements-00.txt F. Anjum D. Famolari.

Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.

Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.

DSLF Subscriber Auth Requirements and IETF PANA Protocol PANA WG Chairs IETF 70 Dec 7, 2007 – Vancouver, Canada.

Nov. 9, 2004IETF61 PANA WG PANA Specification Last Call Issues Yoshihiro Ohba, Alper Yegin, Basavaraj Patil, D. Forsberg, Hannes Tschofenig.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.

IETF 58 PANA WG PANA Implementation Report Hannes Tschofenig Marcus Tegnander Srinath Thiruvengadam.

DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.

PANA in DSL networks draft-morand-pana-panaoverdsl-00.txt Lionel Morand Roberta Maglione John Kaippallimalil Alper Yegin IETF-67, San Diego.

IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.

7/24/2007IETF69 PANA WG1 PANA Issues and Resolutions draft-ietf-pana-pana-17.txt draft-ietf-pana-framework-09.txt Yoshihiro Ohba Alper Yegin.

<draft-ohba-pana-framework-00.txt>

Open issues with PANA Protocol

PANA in DSL networks draft-morand-pana-panaoverdsl-01.txt

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Simple Failover Mechanism for Lightweight 4over6

PANA Issues and Resolutions

SNMP usage for PAA-EP PANA wg - IETF 63 Paris

PAA-EP protocol considerations PANA wg - IETF 57 Vienna

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Understand Networking Services

Internet Control Message Protocol (ICMP)

PANA Implementation in Open Diameter

PAA-2-EP protocol PANA wg - IETF 58 Minneapolis

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Computer Networks Protocols

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Issues to Consider w.r.t Protocol Solution - IETF54 -

PANA WG, IETF 54, Solution Issues Goal Identify issues early enough to provide feedback to requirements Kick-start solution discussions Not to design the solution now!

PANA WG, IETF 54, Solution Issues UDP/ICMP/IP? What would be PANA based on to encapsulate EAP? –UDP –ICMP –IP –?

PANA WG, IETF 54, Solution Issues Session Hijacking How do we prevent session hijacking? –Per-packet authentication by IPsec –Per-packet authentication by L2 where available –Frequent re-authentication of PaC

PANA WG, IETF 54, Solution Issues PAA Discovery How does the PaC discover PAA? –Sending multicast packet to a well-known address –Anycast –SLP –Piggybacking on router discovery, dhcp –PAA can contact PaC (i.e., PaC discovery, supplemental)

PANA WG, IETF 54, Solution Issues Heartbeat What would be the heartbeat mechanism of PANA? –PANA Hello/Bye messages –Ping (icmp echo request/reply) –Local re-authentication –Full re-authentication

PANA WG, IETF 54, Solution Issues Limited Free Access How will PANA be triggered when PaC attempts to access beyond “free zone”? –PAA (router) sends an ICMP error message to PaC –PAA sends PANA Start message to PaC –Can PaC know on its own to send PANA Start?

PANA WG, IETF 54, Solution Issues Unlimited Access After a successful PANA authentication, how does the PaC gain unlimited access? –EP updates its filters to let any packet from the PaC go through

PANA WG, IETF 54, Solution Issues New IP Address after PANA Reasons to get new IP address: –Another IP address with greater scope (e.g., global scope) –Obtain service provider specific IP address If a new IP address needs to be assigned to PaC, how is this done? –PaC’s decision (policy) –PANA Success message can inform PaC –Router (co-located with PAA) can take an action

PANA WG, IETF 54, Solution Issues Secure Medium Assumption EAP’s secure medium assumption is no longer valid. How can we ensure protection against eavesdropping and spoofing on PANA? –PANA can recommend use of specific EAP methods when the underlying medium is not secure (e.g., EAP-TTLS, PEAP) –PANA develops its own protection (e.g., ISAKMP, TLS based)

PANA WG, IETF 54, Solution Issues Multi-PAA Case If there are multiple first-hop routers, how does PANA work? –Each router has a PAA and responds to discovery, and PaC does PANA with all –Each router has a PAA, each PAA responds to discovery, and PaC does PANA with one –Only one router has PAA

PANA WG, IETF 54, Solution Issues Any other?