NSIS and Mobility Layer Split & Framework Issues Robert Hancock NSIS Interim Meeting – Columbia University February 2003.

Slides:



Advertisements
Similar presentations
Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt
Advertisements

NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-04.txt Charles Shen, Henning Schulzrinne, Sung-Hyuck Lee, Jong Ho Bang IETF#71 – Philadelphia, USA.
Internet Area IPv6 Multi-Addressing, Locators and Paths.
Topic 7 Local Area Networks (LAN)
1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,
XML Flattened The lessons to be learned from XBRL.
March 2009IETF 74 - NSIS1 Implementation of Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-02 Se Gi Hong*,
MPLS additions to RSVP Tunnel identification Tunnel parameter negotiation Routing policy distribution Routing debugging information Scalability improvements.
Telematics group University of Göttingen, Germany Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol Xiaoming.
Copyright: RSVP The ReSerVation Protocol by Sujay koduri.
Mobility Support in NSIS 57th IETF Meeting, July 13-18, Vienna Xiaoming Fu Henning Schulzrinne Hannes Tschofenig.
8/2/ IETF, Pittsburgh Kutscher/Ott/Bormann SDPng Requirements draft-kutscher-mmusic-sdpng-req-00.txt Dirk Jörg
NSIS Transport Layer draft-ietf-nsis-ntlp-00.txt Slides:
July 2008IETF 72 - NSIS1 Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-01 Se Gi Hong & Henning Schulzrinne.
Procurement Card Training Strategic Account Management (SAM)
Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-03) Sung-Hyuck Lee, Seong-Ho Jeong,
Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Issues of HIP in an Operators Network Nick Papadoglou Thomas Dietz.
© 2004 Mobile VCE 1 An SMR Based Advance Resource Reservation Scheme For Combined Mobility and QoS Provisioning Hao Wang The University.
March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.
Distance Vector Routing Protocols W.lilakiatsakun.
SDP negotiation of DataChannel sub-protocols draft-ejzak-mmusic-data-channel-sdpneg-02 draft-ejzak-dispatch-msrp-usage-data-channel-01 IETF 91 Honolulu.
GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-06.txt Slides: Robert Hancock, Henning.
NSIS IETF 56 MONDAY, March 17, 2003: Morning Session TUESDAY, March 18, 2003: Afternoon Sessions I.
Draft-rosen-ecrit-emergency- framework-00 Brian Rosen NeuStar CPa
0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.
RMD – QSP draft-bader-nsis-rmd-diffserv-qsm-01.txt A.Bader, L. Westberg, G. Karagiannis, C. Kappler, T. Phelan, H. Tschofenig IETF-61, Nov. 8, 2004.
New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.
Network-Coding Multicast Networks With QoS Guarantees Yuanzhe Xuan and Chin-Tau Lea, Senior Member, IEEE IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 19,
GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-05.txt Slides: Robert Hancock, Henning.
QoS NSLP draft-ietf-nsis-qos-nslp-06.txt Slides: Sven van den Bosch, Georgios Karagiannis, Andrew McDonald.
0 NAT/Firewall NSLP Activities IETF 60th - August 2nd 2004 Cedric Aoun, Martin Stiemerling, Hannes Tschofenig.
Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-01) Sung-Hyuck Lee, Seong-Ho Jeong,
Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-00) Sung-Hyuck Lee, Seong-Ho Jeong,
DSR: Introduction Reference: D. B. Johnson, D. A. Maltz, Y.-C. Hu, and J. G. Jetcheva, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks,”
NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.
SIP working group IETF#70 Essential corrections Keith Drage.
An NSLP for Quality of Service draft-buchli-nsis-nslp-00.txt draft-mcdonald-nsis-qos-nslp-00.txt draft-westberg-proposal-for-rsvpv2-nslp-00.txt Slides:
SIP PUBLISH draft-ietf-simple-publish-01 Aki Niemi
1 © 1999, Cisco Systems, Inc _05F9-c1 Aggregated RSVP Bruce, Carol, Francois, and Fred Taggers on the Information Superhighway.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Shim6 Architecture Geoff Huston IETF-63 August 2005.
GMPLS Recovery Signaling Issues draft-rhodes-rsvp-recovery-signaling-01 Nic Neate Data Connection Ltd (DCL)
Mobility Discussion (Mobility and Internet Signaling Protocols -00) NSIS Interim Meeting in UK June 3, 2004.
0 NAT/Firewall NSLP IETF 63th – August 2005 draft-ietf-nsis-nslp-natfw-07.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
EE 122: Integrated Services Ion Stoica November 13, 2002.
NSIS Framework Issues draft-ietf-nsis-fw-01.txt (still) Robert Hancock (ed.), Ilya Freytsis, Georgios Karagiannis, John Loughney, Sven van den Bosch NSIS.
Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.
IETF 55 Nov A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.
GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-04.txt Slides: Robert Hancock, Henning.
NSIS NAT/Firewall Signaling NSIS Interim Meeting Romsey/UK, June 2004 Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.
NSIS Terminology Issues Robert Hancock IETF #55 - Atlanta November 2002.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials draft-bajko-nsis-fw-reqs-01 Gábor Bajkó IETF Interim May 2005.
NSLP for Quality of Service Sven van den Bosch (ed) Georgios Karagiannis Andrew McDonald (et al.) draft-ietf-nsis-qos-nslp-02.txt Slides:
1 NSIS: A New Extensible IP Signaling Protocol Suite Myungchul Kim Tel:
draft-ietf-simple-message-sessions-00 Ben Campbell
Server Concepts Dr. Charles W. Kann.
A. Báder, L. Westberg, G. Karagiannis,
EE 122: Lecture 16/17 (Integrated Services)
Chapter 6: Transport Layer (Part I)
The 66th IETF meeting in Montreal, Canada
NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-01.txt
Staged Refresh Timers for RSVP
NSIS Operation Over IP Tunnels draft-ietf-nsis-tunnel-04.txt
IEEE MEDIA INDEPENDENT HANDOVER DCN:
Hannes Tschofenig Henning Schulzrinne
Anup K.Talukdar B.R.Badrinath Arup Acharya
BPSec: AD Review Comments and Responses
Presentation transcript:

NSIS and Mobility Layer Split & Framework Issues Robert Hancock NSIS Interim Meeting – Columbia University February 2003

Overview Basic Definitions New path problems Crossover detection problem Reservation ownership problem CT and CARD

Why Bother? Soft-state for all will remove old state and install new Imposes yet another criterion for timer setting Or, long periods of poor mid-call operation Alternative: explicit messaging How to prevent TEAR message deleting the entire path? How to avoid double reservation being rejected (spurious resource limitation)

Mobility != Re-Routing Local repair is a simpler problem Includes address-preserving micromobility as a special case Re-routing/local repair properties: End system addresses not changed Packet classifier update not needed No end to end signalling logically required Reservation theft is hard Depend on ‘weak security’ of routing network But – path characteristics may change…

Mobility Properties Mobility with ES address changes is harder For NSIS and other protocols NB: applies to MIP, HIP, SIP, … Different properties: E2E packet classifier update needed Other E2E signalling unavoidable (ignoring proxies…) Harder to prevent reservation theft And, path characteristics may change …

Path Characteristics Changing In each case: for unchanged path part, should avoid AAA/policy control Could be the major saving in mobility case Provided ownership can be shown For new part, different rules may apply Different cost/byte, firewall policies Implication: signalling application must be re-executed along changed part

Partial NSLP Execution (I) What we want to do is re-execute NSLP between crossover points How does this relate to original e2e NSLP execution? NB: Implications for NTLP – not everything takes place in e2e upper layer context How do interior points take charge Does it have to take place in the same ‘orientation’ as the original transaction? Examples????? What assumptions can be made?

Partial NSLP Execution (II) Pre-preparation to speed up partial execution Authorise upper bound on ‘resource’, not the actual amount immediately needed Requires different concept of ‘resource’ from e.g. IntServ Make reservations SE-like (with some constraints) rather than FF Cf. old pre-RSVP ‘dynamic filter’ style Cost of SE compared to FF reservations? Getting back to multicast complexity?

Crossover Detection Re-routing case: flow-tuple not changed, just input/output interfaces (peers) Any additional identifiers needed to correlate old and new paths? Mobility case: flow-tuple is changed Another identifier needed What else is it used for? What properties does it need? Needs to be e2e ‘unique enough’ (crossover point can be anywhere)

Reservation ID NB framework terminology used here… A: Is this ID used just to detect crossover? And then re-trigger partial NSLP NSLP must have some other reason to believe that progressing application with changed flow tuple is valid… B: Or, does simply presenting the ID prove ownership in itself? In other words, this is a security issue

Reservation ID Security Challenge #1: State the security properties required to use ID for (B) NB: could be a challenge without general authorisation framework for all NSLPs One issue: should be considered from both endpoints’ perspectives – may need two Ids (!) Challenge #2: Define an identifier mechanism with the properties defined in challenge #1. NB: not very surprisingly, challenge #2 gets done first

Reservation ID Mechanisms Three proposals so far: Some random combination of address etc ‘Random’ in perjorative sense No detectable security (or even uniqueness) properties Westphal/Chaskar proposal & variants Uses counters & asymmetric cryptography Very expensive. Other flaws? CASP Make it random and confidentiality protected

CT and CARD Background assumptions Framework has ancient text (5.3.5) NSIS protocols MUST still function correctly if they don’t exist NSIS protocols SHOULD NOT make the seamoby performance optimisations useless Anything to say about commonality in signalling application space? Should depend on seamoby to solve the general edge mobility problem and use their results?

CT interactions Two models: 1: Handover triggers context transfer which triggers signalling application which then uses NSIS protocols to initiate session 2: Handover triggers NSIS protocols which use context transfer to propagate NSIS state (both layers) to new AR and continue session (2) is similar to ‘virtual AR’ model (Thomas) Implications for NSIS peer relationships Could be an interesting application of SCTP multihoming

CT Interactions (2) Which model to use? And how to decide? What has to be done to make NSIS protocol state ‘context transferable’? How to handle the CT/non-CT case Retain seamoby optimisation => default on handover must be ‘no refresh’ Who generates ‘refresh please’ if no CT?

CARD Interactions Point-point negotiations scope-limited to mobile-AR link don’t need to involve NSIS protocols CARD process also involves query/preparation of resources on path from AR back into network So, NSIS protocols are a natural way to deal with this

CARD Interactions (2) Assumption: CARD can invoke NSIS signalling to query/prepare resources Consequences: 1: Need signalling applications with ‘query’ as well as ‘reserve’ semantics 2: Success of query involves knowing that new request will replace old one I.e. not a double reservation Starts to look like a complete test handover/local repair/mobility update procedure Limited to changed path segment