ALTO Server Discovery draft-ietf-alto-server-discovery-03 IETF#83, Paris, France 2012-03-29 S. Kiesel, M. Stiemerling, N. Schwan, M. Scharf, H. Song

Slides:

Advertisements

Similar presentations

Internet Area IPv6 Multi-Addressing, Locators and Paths.

Advertisements

Multicast Reconfiguration Protocol for Stateless DHCPv6 DHC 61 st IETF S. Daniel Park

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

DirectAccess is an Enterprise Solution: No support for Windows 7 Professional Requires two consecutive public IP addresses Cannot NAT to the DirectAccess.

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

1 DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad-hoc Network Jaehoon Jeong, ETRI ICACT.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

DISTRIBUTED PROCESS IMPLEMENTAION BHAVIN KANSARA.

Infrastructure to Application Exposure - USE CASE: CDN – Jan Seedorf IETF 83, Paris i2aex BoF Monday, March

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

Understanding Active Directory

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

LIS Discovery using IP address and Reverse DNS draft-thomson-geopriv-res-gw-lis-discovery-03 Ray Bellis, Advanced Projects, Nominet UK IETF 77, GeoPriv.

July 18th, th IETF Yokohama A Protocol for Anycast Address Resolving Shingo Ata, Osaka City University Hiroshi Kitamura,

Ch 8-3 Working with domains and Active Directory.

Distributed Computing COEN 317 DC2: Naming, part 1.

DHCP: Dual-Stack Issues draft-ietf-dhc-dual-stack-01 Tim Chown dhc WG, IETF 60, San Diego, August 2, 2004.

HIP API issues in base spec Tom Henderson IETF-59, March 3, 2004.

DNSNA: DNS Name Autoconfiguration for IoT Home Devices SeJun Lee, Jaehoon (Paul) Jeong, and Jung-Soo Park Sungkyunkwan University & ETRI.

This material is based upon work supported by the U.S. Department of Homeland Security, Science and Technology Directorate, Office of University Programs,

Objectives  Basic Introduction to DNS  Purpose of Domain Naming  DNS Features: Global Distribution  Fully Qualified Domain Name  DNS Lookup Types.

9/17/20151 IPv6 Challenge or The Challenge of IPv6 Internet 2 IPv6 Working Group Dale Finkelson Michael Lambert.

Chapter 17 Domain Name System

Designing Active Directory for Security

Zone Properties. Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period.

IPPM metrics registry extension draft-stephan-ippm-registry-ext-00.txt 79th IETF Meeting – November 2010 IPPM Working Group Emile Stephan.

CRISP Requirements Discussion draft-ietf-crisp-requirements-02.txt Andrew Newton 55 th IETF, November 19, 2002 Atlanta, GA.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

Distributed Computing COEN 317 DC2: Naming, part 1.

Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)

APNIC Update The state of IP address distribution and IPv6 deployment status Miwa Fujii Senior IPv6 Program Specialist APNIC.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.

Module 7 Active Directory and Account Management.

Recommendations of Unique Local Addresses Usages draft-ietf-v6ops-ula-usage-recommendations-02 draft-ietf-v6ops-ula-usage-recommendations-02 Bing Liu(speaker),

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

Policies by FQDN WatchGuard Training.

Using Joinup as a catalogue for interoperability solutions March 2014 PwC EU Services.

Introduction to the advanced search functionality of Joinup March 2014 PwC EU Services.

1 Kyung Hee University Chapter 18 Domain Name System.

0 NAT/Firewall NSLP Activities IETF 60th - August 2nd 2004 Cedric Aoun, Martin Stiemerling, Hannes Tschofenig.

(we need your advice!) Jon Peterson MIT– December 2010 IETF & Privacy.

DNS Discovery Discussion Report Draft-ietf-ipngwg-dns-discovery-01.txt.

RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.

Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen.

A Lone Wolf No More: Supporting Network Intrusion Detection with Real-Time Intelligence Shane Singh | COMPSCI 726.

Node Information Queries July 2002 Yokohama IETF Bob Hinden / Nokia.

Third-party ALTO server discovery draft-kiesel-alto-3pdisc-02 Sebastian Kiesel Marco Tomsu Nico Schwan Michael Scharf IETF 77, March 2010.

Guidance for Running Multiple IPv6 Prefixes (draft-liu-v6ops-running-multiple-prefixes-02) Bing Liu, Sheng Jiang (Speaker), Yang Bo IETF91

RFC 4477 DHCP: Dual-Stack Issues Speaker: Ching-Chen Chang Date:

Web Caching and Replication Presented by Bhushan Sonawane.

Page 1 IETF Speermint Working Group Speermint Requirements/Guidelines for SIP session peering draft-ietf-speermint-requirements-02 IETF 69 - Monday July.

Simo Veikkolainen Simple Application Configuration Protocol draft-veikkolainen-sipping-app-config-00 Simo Veikkolainen APP area open meeting.

&. & DNS and IPv6 IPv6 Summit, Canberra 31st October & 1 st November 2005 Chris Wright, Chief Technology Officer &

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

1 IETF-70 draft-akhter-bmwg-mpls-meth MPLS Benchmarking Methodology draft-akhter-bmwg-mpls-meth-03 IETF 70 Aamer Akhter / Rajiv Asati /

IETF 80: NETEXT Working Group – Logical Interface Support for IP Hosts 1 Logical Interface Support for IP Hosts Telemaco Melia, Sri Gundavelli, Carlos.

DHCPv4 option for PANA Authentication Agents draft-suraj-dhcpv4-paa-option-00.txt DHC/PANA WG IETF-63 France, Paris.

Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia

Oct 2000C. Watters1 NAMES and ADDRESSES What’s in a name, anyway?

Guidelines for IPFIX Implementations on Middleboxes Juergen Quittek, Martin Stiemerling 59th IETF meeting, IPFIX WG.

Is the Domain Name System the heart of the internet?

Running Multiple PLATs in 464XLAT

Lame DNS Server Sweeping

CCN application-domains: brainstorming from GreenICN project

Practical Considerations for Securely Deploying Mobility

Presentation transcript:

ALTO Server Discovery draft-ietf-alto-server-discovery-03 IETF#83, Paris, France S. Kiesel, M. Stiemerling, N. Schwan, M. Scharf, H. Song

Updates in -03 Normative Language aligned Addresses items identified by expert review (Thanks to Olafur Gudmundsson) – New section: Operational Considerations – New section: General Security Considerations

Items addressing Expert Review Clarifications in Introduction – Goal is to find closest ALTO server – Rational for U-NAPTR is to find URL not only server name – ALTO servers cannot redirect clients to better server New Pre-Conditions - Not in scope: – Best ALTO server for multi-interfaced client – NAT discovery Clarified use of methods to retrieve domain name – „A client SHOULD use the first DNS suffix determined and MAY try other methods in case the U-NAPTR lookup failed.„ – Shortening of domain suffixes reduced to one step

Items addressing Expert Review New section: Operational Considerations Reverse DNS lookup Limitations – No unique way of maintaining the DNS tree – Clients must be able to deal with failures of the reverse DNS lookup – Tree climbing is problematic, in particular for IPv6 [RFC4472] – Populating a DNS name space like a reverse tree is a significant administrative DNS overhead – Tree walking raises several issues: Only one step for shortening  Implementers SHOULD consider skipping this step

Items addressing Expert Review New section: General Security Considerations Two failures caused by malicious attacks or by configuration problems – Discovery fails even if suitable ALTO server exists  Application performance corresponds to scenario without ALTO guidance  No significant additional security risk – Discovery yields sub-optimal or wrong ALTO server ALTO service useless as no suitable information available Sub-optimal or forged information  Performance problems or potentially unwanted traffic  Disabling of ALTO service as counter measure

Next Steps All items addressed?

Thank you and Time for your questions!

Acks Nico Schwan is partially supported by the ENVISION project ( a research project supported by the European Commission under its 7th Framework Program (contract no ). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the ENVISION project or the European Commission. Michael Scharf is supported by the German-Lab project ( lab.de) funded by the German Federal Ministry of Education and Research (BMBF). Martin Stiemerling is partially supported by the COAST project (COntent Aware Searching, retrieval and sTreaming, a research project supported by the European Commission under its 7th Framework Program contract no ). The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the COAST project or the European Commission.