Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preferred Alternatives for Tunnelling HIP (PATH)

Published byShawn Morris Modified over 6 years ago

Similar presentations

Presentation on theme: "Preferred Alternatives for Tunnelling HIP (PATH)"— Presentation transcript:

1 Preferred Alternatives for Tunnelling HIP (PATH)
<draft-nikander-hip-path-00.txt> P. Nikander, H. Tschofenig, T. Henderson, L. Eggert, J. Laganier

2 Idea Allow HIP to traverse LEGACY NATs by reusing EXISTING mechanisms
Area of investigation: HIP protocol interaction between two HIP endpoints HIP protocol interaction considering rendezvous servers

3 What extensions are necessary?
UDP encapsulation for HIP messages UDP encapsulation for IPsec payloads NAT detection payload Ability to carry locator format with port numbers

4 (related to interaction with PATH server)
Open Issues (related to interaction with PATH server)

5 HIP and IPsec packets travel via the PATH server
HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | > | I1 over UDP | I1 over UDP | | | > | > | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | without UDP-REA | < | < | | < | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | > | without UDP-REA | without UDP-REA | | | R2 over UDP | R2 over UDP | | R2 over IP | < | < | | IPsec ESP | IPsec ESP | IPsec ESP | | <===============> | over UDP | over UDP | | | <================ | ================> | HIP and IPsec packets travel via the PATH server

6 Most HIP messages travel via the PATH server
HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | > | I1 over UDP | I1 over UDP | | | > | > | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | < | < | | < | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | > | without UDP-REA | without UDP-REA | | R2 over UDP | R2 over UDP | R2 over UDP | | < | < | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Most HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

7 Some HIP messages travel via the PATH server
HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | > | I1 over UDP | I1 over UDP | | | > | > | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | < | < | | < | | | | I2 over UDP | I2 over UDP | I2 over UDP | | with UDP-REA | with UDP-REA | with UDP-REA | | > | > | | R2 over UDP | R2 over UDP | R2 over UDP | | < | < | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Some HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

8 Questions Maybe there are other ways to interact with the PATH server
Should we decide on a single approach? The type of NAT we would like to support is an important design decision. Better alignment with RVS and HIP registration protocol is needed.

Download ppt "Preferred Alternatives for Tunnelling HIP (PATH)"

Similar presentations

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen

© 2004 SafeNet, Inc. All rights reserved. Mobike Protocol Design draft-ietf-mobike-design-00.txt Tero Kivinen
IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.

Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.

By Rod Lykins.  Background  Benefits  Security Advantages ◦ Address Space ◦ IPSec  Remaining Security Issues  Conclusion.
Host Identity Protocol

Host Identity Protocol
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.

Mobile IP Traversal Of NAT Devices By, Vivek Nemarugommula.
RSIP Address Sharing with End-to-End Security Mike Borella, 3Com Corp. Gabriel Montenegro, Sun Microsystems March 2000.

RSIP Address Sharing with End-to-End Security Mike Borella, 3Com Corp. Gabriel Montenegro, Sun Microsystems March 2000.

Similar presentations

Ads by Google