IPv6 Address Accountability Considerations draft-chown-v6ops-address-accountability-01 IETF81, Quebec Tim Chown, July 28 th, 2011.

Slides:



Advertisements
Similar presentations
10: ICMPv6 Neighbor Discovery
Advertisements

DHCPv6.
Prof. Dr. Sureswaran Ramadass Director National Advanced IPv6 Centre (NAv6) Universiti Sains Malaysia Prof. Dr. Sureswaran Ramadass Director National Advanced.
Draft-ietf-dhc-stateless-dhcpv6- renumbering-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
07/24/200769th IETF Meeting - 6LoWPAN WG1 6LoWPAN Interoperability Jonathan Hui Zach Shelby David Culler.
Deployment Considerations for Dual-stack Lite draft-lee-softwire-dslite-deployment-00 Yiu Lee, Roberta Magione, Carl Williams, Christian Jacquenet Mohamed.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing and Switching Essentials.
SAVI IP Source Guard draft-baker-sava- implementation Fred Baker.
1 DNSOPS / Vienna IETF / July 2003 / Bob Hinden IPv6 DNS Discovery, and why it is important Bob Hinden.
DHCPv6/SLAAC Interaction Gaps ( draft-liu-6renum-dhcpv6-slaac-switching-01) [Note: the title is different with the original one in the draft] draft-liu-6renum-dhcpv6-slaac-switching-01.
DHCPv6 and other IPv6 docs Ralph Droms IETF 55, Atlanta.
IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,
By Junaid Shaikh SE Computer
IPv6 Site Renumbering Gap Analysis draft-liu-6renum-gap-analysis-01 draft-liu-6renum-gap-analysis-01 Bing Liu Sheng Jiang IETF July
IPv6 Interim Policy Draft RIPE 42 Amsterdam, The Netherlands 1 May 2002.
CSIS 4823 Data Communications Networking – IPv6
DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.
IPv6 Address autoconfiguration stateless & stateful.
7 IPv6: transition and security challenges Selected Topics in Information Security – Bazara Barry.
IPv6 Home Networking Architecture - update IETF homenet WG Interim meeting Philadelphia, 6 th Oct 2011 draft-chown-homenet-arch-00.
Tomáš Podermański, Matěj Grégr,
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 10: DHCP Routing & Switching.
IPv6 Renumbering Tim Chown Alan Ford Mark Thompson Stig Venaas University of Southampton (UK)
DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson
The Future of DHCP Dr. Ralph Droms Bucknell University.
Draft-ietf-v6ops-scanning-implications-00 IPv6 Implications for Network Scanning Tim Chown University of Southampton (UK) IETF 66,
1 AutoconfBOF2.PPT / Aug / Singh,Perkins,Clausen IETF Not Confidential Ad hoc network autoconfiguration: definition and problem statement (draft-singh-autoconf-adp-00.txt)
Draft-chown-v6ops-campus-transition-00 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.
Draft-chown-v6ops-renumber-thinkabout-05 Things to think about when Renumbering an IPv6 network Tim Chown IETF 67, November 6th, 2006.
A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.
Chapter 6 VLSM and CIDR.
Chapter 6 VLSM and CIDR CIS 82 Routing Protocols and Concepts Rick Graziani Cabrillo College Last Updated: 3/30/2008.
Prefix Delegation Protocol Selection T.J. Kniveton MEXT Working Group IETF 70 - December ’07 - Vancouver.
CCNP Network Route IPV-6 Part-II IPV-6 Routing: Configuring IPV-6: Let say we will configure the address on Router R1 R1# Conf t  R1(Conf t)# ipv6 address.
Draft-vandevelde-v6ops-addcon-00.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor) Tim Chown Ciprian Popoviciu IETF 65, March.
Draft-chown-v6ops-port-scanning-implications-02 IPv6 Implications for TCP/UDP Port Scanning Tim Chown IETF 65, March 23rd 2006 Dallas,
DHCPv6/SLAAC Address Configuration Interaction Problems and Operational Guidance Bing Liu, Ronald Bonica (Speaker) Sheng Jiang, Xiangyang Gong, Wendong.
BZUPAGES.COM BOOTP and DHCP The Bootstrap Protocol (BOOTP) is a client/server protocol that configures a diskless computer or a computer that is booted.
2010 paro, bhutan IP Basics IP/ISP Services Workshop July, 2010 Paro, Bhutan.
Draft-chown-v6ops-campus-transition-03 IPv6 Campus Transition Scenario Description and Analysis Tim Chown University of Southampton (UK)
Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91
Duplicate Address Detection Proxy (draft-costa-6man-dad-proxy-00)
A Source Address Validation Architecture (SAVA) and IETF SAVI Working Group Jun Bi Tsinghua University/CERNET Oct 20, 2008.
Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://
APAN 24, August 28, 2007, Xi’an IPv6Deployment in European Academic Networks Tim Chown School of Electronics and Computer Science University of Southampton.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
Draft-chown-v6ops-vlan-usage-01 Tim Chown v6ops WG, IETF 60, San Diego, August 2, 2004.
6Mon: Rogue IPv6 Router Advertisement detection and mitigation and IPv6 address utilization network monitoring tool Institute of Informatics and Telematics.
IPv6 Security David Kelsey (STFC-RAL) ISGC2016, Taipei 16 March 2016.
Draft-ietf-v6ops-addcon-01.txt IPv6 Unicast Address Assignment Considerations Gunter Van de Velde (editor), Tim Chown, Ciprian Popoviciu, Olaf Bonness,
BAI513 - Protocols IP Version 6 Operation BAIST – Network Management.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
CHAPTER 10: DHCP Routing & Switching. Objectives 10.0 Introduction 10.1 Dynamic Host Configuration Protocol v Dynamic Host Configuration Protocol.
© 2015 Infoblox Inc. All Rights Reserved. Tom Coffeen, IPv6 Evangelist UKNOF January 2015 Tom Coffeen, IPv6 Evangelist UKNOF January 2015 DHCPv6 Operational.
IPv6 over ’s IPv6 Convergence Sublayer IPv6 over ’s IPv6 Convergence Sublayer draft-madanapalli-ipv6-over ipv6cs-00 Syam Madanapalli.
Sheng Jiang (Speaker) Xu Chen Xuan Song Huawei Neighbor Cache Protection in Neighbor Discover Protocol draft-jiang-v6ops-nc-prtection-01 IETF 77 V6OPS.
03 Jun 2011There's no place like ::1 Introduction to IPv6 Protocol part 2 George Kargiotakis oss-unipi: Event #27.
Scaling the Address Resolution Protocol for Large Data Centers (SARP) draft-nachum-sarp-04 Youval NachumMarvell Linda DunbarHuawei Ilan YerushalmiMarvell.
Tomáš Podermański, Matěj Grégr,
Instructor Materials Chapter 8: DHCP
Security Implications of IPv6 on IPv4 Networks
CIS 116 IPv6 Fundamentals 2 – Primer Rick Graziani Cabrillo College
Syam Madanapalli Basavaraj Patil Erik Nordmark JinHyeock Choi
6lo Privacy Considerations
Ch.8 Dynamic IPv6 Address Allocation
DHCPv6/SLAAC Address Configuration Interaction Problems
6LoWPAN Interoperability
Sheng Jiang(Speaker) Bing Liu
Presentation transcript:

IPv6 Address Accountability Considerations draft-chown-v6ops-address-accountability-01 IETF81, Quebec Tim Chown, July 28 th, 2011

Rationale Talking to many (academic) sites introducing IPv6 there is a common concern over lack of IPv6 address accountability due to – Autoconfiguration – Multi-addressing – Privacy addressing – Potentially rapidly changing addressing – Hosts being able to pick their own addresses manually with minimal chance of address conflict Today those sites have accountability with DHCPv4 and, often, Option 82 (RFC 3046) draft-chown-v6ops-address-accountability-012

Option 1: Switch-router polling Correlate polled data, including – IPv4 ARP tables – IPv6 ND tables – Switch port MAC tables Already used by tools like NAV, Netdot – Could integrate with 802.1X logs, if used May place load on devices – Need to poll rapidly enough that device cached data has not expired between polling draft-chown-v6ops-address-accountability-01 3

Option 2: Record all ND traffic Would allow address use to be recorded Some devices support forwarding function – e.g. RSPAN, but would need to be specific/filtered – Regardless, still a lot of traffic – bear in mind ND attacks discussed elsewhere this week Approach used by NDPmon, RAmond – Would thus allow more than just address accountability, e.g. rogue RA or DAD DoS detection draft-chown-v6ops-address-accountability-014

Option 3: Force use of DHCPv6 Use same model as DHCPv4, possibly with RFC 4649 (similar to RFC 3046 for IPv4) – Not perfect, but the model commonly used now Issue RAs with M bit set, and Autonomous flag unset such that PIO is not used – Host should then use DHCPv6 DHCPv6 supports temporary addresses – Offers privacy addresses with accountability But may not preclude manual configuration – If host can determine subnet prefix draft-chown-v6ops-address-accountability-01 5

Option 4: Re-use SAVI methods Not yet discussed in draft Have noted that logging in SAVI is apparently being encouraged to only record potential IP spoofing events – i.e. only record the minimum data required for the purpose – Thus not complete for accountability purposes Could SAVI be used to record all address usage? draft-chown-v6ops-address-accountability-016

Questions and next steps? Privacy concerns are important – Should privacy be expected *within* a host’s site? Accountability measures might ideally be independent of address assignment method Are there Options 5, 6, …? Is this a topic worth discussing and progressing through a draft? – Seems to be a very common question raised by sites deploying IPv6 (dual-stack) draft-chown-v6ops-address-accountability-01 7

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.