Roaming Over Savi Device Tao Lin IETF 79. Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN.

Slides:

Advertisements

Similar presentations

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

Advertisements

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

FIREWALLS Chapter 11.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

Doc.: IEEE /1183r0 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—7-1 Minimizing Service Loss and Data Theft Protecting Against Spoofing Attacks.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

Security Awareness: Applying Practical Security in Your World

1 DYNAMIC HOST REGISTRATION -- INTERNET GROUP MANAGEMENT PROTOCOL Yi-Cheng Lin.

Lecture Week 7 Implementing IP Addressing Services.

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Unified IPv6 Transition Framework With Flow-based Forwarding draft-cui-softwire-unified-v6-framework-00 Presenter: Cong Liu 1.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

Altai Certification Training Backend Network Planning

1 /160 © NOKIA 2001 MobileIPv6_Workshop2001.PPT / / Tutorial Mobile IPv6 Kan Zhigang Nokia Research Center Beijing, P.R.China

Implementing IP Addressing Services Accessing the WAN – Chapter 7.

Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.

Dynamic IPv4 Provisioning for Lightweight 4over6 draft-liu-softwire-lw4over6-dhcp-deployment-04 C. Liu (Presenter), Q. Sun, J. Wu 1.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.

Ethernet Basics - 5 IGMP. The Internet Group Management Protocol (IGMP) is an Internet protocol that provides a way for an Internet computer to report.

A SAVI Solution for DHCP Draf-ietf-savi-dhcp-06 J. Bi, J. Wu, G. Yao, F. Baker IETF79, Beijing Nov. 9, 2010.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

DHCP Meha Modi. “Dynamic Host Configuration Protocol” Automatically assigns IP addresses to devices (I.e. hosts) on your network. -Prevents to enter data.

輔大資工所在職研一報告人：林煥銘學號： Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment Jun Li, Stephen B. Weinstein, Junbiao.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

SAVI Analysis for PANA with SLACC Yilan Ding IETF 79 draft-ding-savi-pana-with-slacc-00.

Chapter 6: Securing the Local Area Network

Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )

Attacking on IPv6 W.lilakiatsakun Ref: ipv6-attack-defense-33904http://

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

1 Lecture, November 20, 2002 Message Delivery to Processes Internet Addressing Address resolution protocol (ARP) Dynamic host reconfiguration protocol.

Per-MS Prefix Model for IPv6 in WiMAX by Frank Xia Behcet Sarikaya Raj Patil Presented by Jonne Soininen.

Doc.: IEEE /1183r1 Submission September 2011 Masataka Ohta, Tokyo Institute of TechnologySlide 1 IP over Congested WLAN Date: Authors:

DHCP Options for Configuring Multicast Addresses in VXLAN draft-sarikaya-dhc-vxlan-multicast-02 Behcet Sarikaya Frank Xia November 2013 nvo3 WG IETF-88.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Instructor Materials Chapter 5: Network Security and Monitoring

Instructor Materials Chapter 7: Access Control Lists

MAC Address Tables on Connected Switches

Prepared By : Pina Chhatrala

LAN Vulnerabilities.

Instructor Materials Chapter 9: NAT for IPv4

Fast Handover for Multicast in Proxy Mobile IPv6

Braindumps4IT Braindumps Ream Exam Questions Answers

Routing and Switching Essentials v6.0

BOOTP and DHCP Objectives

Chapter 6: Network Layer

Chapter 5: Network Security and Monitoring

Chapter 4: Access Control Lists (ACLs)

Chapter 2: Static Routing

Digital Pacman: Firewall Edition

Implementing IP Addressing Services

Network Virtualization

Routing and Switching Essentials v6.0

Instructor Materials Chapter 9: NAT for IPv4

Firewalls Routers, Switches, Hubs VPNs

Implementing IP Addressing Services

IIT Indore © Neminath Hubballi

Chapter 11: Network Address Translation for IPv4

Current IEEE 802.1CQ Project status

Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation

IP Multicast COSC /5/2019.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Computer Networks Protocols

SAVI Requirements and Solutions for IPv4/IPv6 Transition

Presentation transcript:

Roaming Over Savi Device Tao Lin IETF 79

Outline DHCP/NDP Snooping mechanism Switch implementation Roaming over switches WLAN network Roaming over WLAN devices

NDP Snooping mechanism Snooping the protocol packet to establish binding entry, without modifying protocol. Based on the address allocation protocol, including packet format, interaction, procedure, etc. Filtering the following data packet by the binding entry. Focus on binding entry’s maintenance.

Switch implementation Many access switches in one local network. Establish every host’s binding entry in every switch. Or, the uplink port is used to prevent binding entry of host directly connected to other switch. Aggregation Switch ASwitch B PCBPCA Uplink port

Roaming over switches - Problem Establish every host’s binding entry in every switch. –The number of binding entry will increase fast when the numbers of host is increasing. The uplink port is used to prevent binding entry of host connected to other switch. –If PCA roams to switch B, there is a residual binding entry of PCA for aging (TimeA). It’s vulnerable, someone maybe exploit it in this time. –PCB also can imitate PCA to establish a same binding entry in switch B (while it attack PCA to prevent it replying a NA for DAD NS packet), and there will be two legal host’s bind entries in two switches.

Roaming over switches - Possible method After PCA roamed to new switch, the original switch can send a NS packet to ensure the PCA’S roaming, when it received the DAD NS packet from PCA, including original position ensuring (TimeB) and new position ensuring (TimeC). Aggregation Switch ASwitch B PCA DAD NS

Roaming over switches - Possible method. Contd. Disadvantage When ensuring original position, it is vulnerable in the waiting time (TimeB). When ensuring new position, the original switch must have an IP address as the original IP address of detecting packet, otherwise the reply packet can’t return.

WLAN network

Roaming over WLAN devices - Problem All packet are forwarded to AC through CAPWAP tunnel. –SAVI should be implemented in AC. There isn’t interface up/down event in AC/AP, like switch, to tiger the roaming host to send a new DAD NS packet.

Roaming over WLAN devices - Possible method Take advantage of the roaming event of WLAN –When the host roams to new AP, this AP will inform AC, so AC can learn about the host’s roaming event, and change the binding entry. Disadvantage –Now, there is a new mode that AP can forward packet upstream bypass AC. In this scenario, the traffic between the host connected to the same AP and the traffic bypass AC can’t be filtered.

Discussions The same as IPv4. Other scenarios? DHCP snooping? Other methods? Add new option for security? …… Please give your guidance and comments to this work, Thanks! Wish you join it!