0 NAT/Firewall NSLP IETF 61th November 2004 draft-ietf-nsis-nslp-natfw-04.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

Slides:

Advertisements

Similar presentations

Applicability Statement of NSIS Protocols in Mobile Environments draft-ietf-nsis-applicability-mobility-signaling-12.txt Takako Sanda, Xiaoming Fu, Seong-Ho.

Advertisements

IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.

思科网络技术学院理事会. 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.

Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

Transparent Caching The art of caching network traffic without requiring user / browser side configuration.

Telematics group University of Göttingen, Germany Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol Xiaoming.

1 IETF 64th meeting, Vancouver, Canada Design Options of NSIS Diagnostics NSLP Xiaoming Fu Ingo Juchem Christian Dickmann Hannes Tschofenig.

Professor Michael J. Losacco CIS 1150 – Introduction to Computer Information Systems Communications and Networks Chapter 8.

Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-03) Sung-Hyuck Lee, Seong-Ho Jeong,

Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University

NSIS Flow ID and packet classification issues Hong Cheng, Qijie Huang, Takako Sanda, Toyoki Ue IETF#63 August, 2005.

Middleboxes & Network Appliances EE122 TAs Past and Present.

NSIS NATFW NSLP: A Network Firewall Control Protocol draft-ietf-nsis-nslp-natfw-08.txt IETF NSIS Working Group January 2006 M. Stiemerling, H. Tschofenig,

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

NSIS Mobility Reality Check Drafts talk about moving extensive state in the network between old and new routing path.  Excuse me but what state are we.

NSIS Path-coupled Signaling for NAT/Firewall Traversal Martin Stiemerling, Miquel Martin (NEC) Hannes Tschofenig (Siemens AG) Cedric Aoun (Nortel)

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-05.txt Slides: Robert Hancock, Henning.

Security Requirements for Software Defined Networks Internet Area WG IETF 85: Atlanta November 4, 2012 Margaret Wasserman

0 NAT/Firewall NSLP Activities IETF 60th - August 2nd 2004 Cedric Aoun, Martin Stiemerling, Hannes Tschofenig.

Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-01) Sung-Hyuck Lee, Seong-Ho Jeong,

Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-00) Sung-Hyuck Lee, Seong-Ho Jeong,

Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen.

Information-Centric Networks06c-1 Week 6 / Paper 3 Middleboxes No Longer Considered Harmful –Michael Walfish, Jeremy Stribling, Maxwell Krohn, Hari Balakrishnan,

An NSLP for Quality of Service draft-buchli-nsis-nslp-00.txt draft-mcdonald-nsis-qos-nslp-00.txt draft-westberg-proposal-for-rsvpv2-nslp-00.txt Slides:

NSIS NAT/Firewall NSLP Martin Stiemerling, Hannes Tschofenig, Miquel Martin, Cedric Aoun NSIS WG, 59th IETF.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Implications of Trust Relationships for NSIS Signaling (draft-tschofenig-nsis-casp-midcom.txt) Authors: Hannes Tschofenig Henning Schulzrinne.

Information-Centric Networks Section # 6.3: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.

1 © NOKIA FILENAMs.PPT/ DATE / NN Requirements for Firewall Configuration Protocol March 10 th, 2005 Gabor Bajko Franck Le Michael Paddon Trevor Plestid.

NATFW NSLP Status draft-ietf-nsis-nslp-natfw-12.txt M. Stiemerling, H. Tschofenig, C. Aoun, and E. Davies NSIS Working Group,

Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.

NATFW NSLP overview. Document history v00 - Jan 27th - Creation.

0 NAT/Firewall NSLP IETF 63th – August 2005 draft-ietf-nsis-nslp-natfw-07.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

IETF 55 Nov A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

NSIS NAT/Firewall Signaling NSIS Interim Meeting Romsey/UK, June 2004 Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

GIST NAT traversal and Legacy NAT traversal for GIST AND

NATFW NSLP Status draft-ietf-nsis-nslp-natfw-08.txt M. Stiemerling, H. Tschofenig, C. Aoun NSIS Working Group, 64th IETF meeting.

MIDCOM MIB Juergen Quittek, Martin Stiemerling, Pyda Srisuresh 60th IETF meeting, MIDCOM session.

Draft-ietf-nsis-qos-nslp-05.txt G. Karagiannis, A. McDonald, S. Van den Bosch.

111 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Mobile IPv4 Dynamic Home Agent Assignment Framework (draft-kulkarni-mobileip-dynamic-assignment-02.txt)

Submission November 2010 doc.: IEEE /1237r0 Over the Air Database Access for Mode 2 Capable Devices Slide 1 Santosh Abraham, Qualcomm Incorporated.

Applicability Statement of NSIS Protocols in Mobile Environments draft-ietf-nsis-applicability-mobility-signaling-06.txt Takako Sanda, Xiaoming Fu, Seong-Ho.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials draft-bajko-nsis-fw-reqs-01 Gábor Bajkó IETF Interim May 2005.

Guidelines for IPFIX Implementations on Middleboxes Juergen Quittek, Martin Stiemerling 59th IETF meeting, IPFIX WG.

Extensions to Path Computation Element Communication Protocol (PCEP) for Hierarchical Path Computation Elements (PCE) PCE WG, IETF 86th draft-zhang-pce-hierarchy-extensions-03.

RSVP-TE Extensions to Realize Dynamic Binding of Associated Bidirectional LSP CCAMP/MPLS WG, IETF 79th, Beijing, China draft-zhang-mpls-tp-rsvpte-ext-associated-lsp-01.

1 NSIS: A New Extensible IP Signaling Protocol Suite Myungchul Kim Tel:

Module 3: Enabling Access to Internet Resources

Enabling Secure Internet Access with TMG

NSLP for Metering Configuration Signaling (Metering NSLP)

GIST State Machine <draft-ietf-nsis-ntlp-statemachine-02>

Preferred Alternatives for Tunnelling HIP (PATH)

Session Initiation Protocol (SIP)

The 66th IETF meeting in Montreal, Canada

Net 323: NETWORK Protocols

Wireless ATM PRESENTED BY : NIPURBA KONAR.

Extensions to Resource Reservation Protocol For Fast Reroute of Traffic Engineering GMPLS LSPs draft-ietf-teas-gmpls-lsp-fastreroute-06 Authors: Mike Taillon.

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-01.txt

NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-04.txt

Exceptions and networking

Presentation transcript:

0 NAT/Firewall NSLP IETF 61th November 2004 draft-ietf-nsis-nslp-natfw-04.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun

1 Changes in -04 Editorial changes Query  Removed user id Moved Section 3.4.x to and  Sections are about proxy mode operation

2 Proxy Mode 1/2 Removed section on “CREATE on previously pinned down path”  NR behind a NAT, NI not NSIS capable  NR uses REA to create ‘incoming’ data path  CREATE runs on reverse path created by REA  Excludes routing asymmetry Section describes proxy mode

3 Proxy Mode 2/2 DS Public Internet NAT Private address NR No NI | space | | REA[CREATE] | | |< | | | RESPONSE[Error/Su] | | | > | | | CREATE | | | > | | | RESPONSE[Error/Su] | | | < | | | |

4 Notify NOTIFY implements asynchronous messages NOTIFY carries codes indicating reason  Timeout  Local error in middlebox Notify address can be set  NOTIFY message is not sent up- or downstream  Message is sent to notify address What direction NOTIFY messages should be sent  Upstream or downstream  Upstream and downstream  Should there be switch for NI to decided which way?

5 Close Pinholes Current NSLP: Default to Deny NATFW NSLP opens Firewall/NAT New: Closing Firewall pinholes Accepts open by default Do people feel that closing Firewall pinholes is a useful functionality? Does this apply to NATs as well?

6 Open Issues Message extensibility Overview picture about NATFW elements Discussion about Firewall/NAT state transfer  Requested for mobile hosts  Host should be able to transfer state from one NATFW NSLP box to a new one Other open issues are in the NATFW NSLP issue tracker.