Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia.

Published byByron Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia."— Presentation transcript:

1 draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia

2 draft-vandevelde-v6ops-ra-guard-01.txt2 Draft objective Complement SeND where it is not (1) convenient or (2) possible to use SeND to defend against Rogue RA RA-guard is “no replacement” for SeND but a tool to work together with SeND

3 draft-vandevelde-v6ops-ra-guard-01.txt3 SEND deployment model router Certificate Authority CA 0 host C 0 trusted anchor certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL (revocation list) CPA (C R ) RA ( pfx_list=P R ) Subordinate Certificate Authority CA 1

4 draft-vandevelde-v6ops-ra-guard-01.txt4 Proposed Deployment model router CA 0 host C 0 certificate with pfx_list=P 0 C R certificate with pfx_list=P R CRL CPA (C R ) RA ( pfx_list=P R ) CA 1

5 draft-vandevelde-v6ops-ra-guard-01.txt5 RA-Guard complementing SeND RA-guard "SeND-validating" RA on behalf of hosts would potentially simplify some of the current deployment challenges: It may take time until SeND is ubiquitous (i.e. issues concerning provisioning hosts with trust anchors or SP access-networks with non-managed CPE) It is also reasonable to expect that some devices might not consider implementing SeND (i.e. IPv6 enabled sensors) RA-guard intends to provide simple solutions to the rogue-RA problem: Through a simple solution by filtering/snooping potential Rogue- RA In others, leverage SeND between capable devices (L2 and routers) to provide protection to devices that do not consistently use SeND

6 draft-vandevelde-v6ops-ra-guard-01.txt6 RA-Guard Use Considerations RA-traffic must go “through” a RA-Guard L2 controlled networking device Tunneled traffic is not protected RA-Guard could protect content of an RA

7 draft-vandevelde-v6ops-ra-guard-01.txt7 Next steps Adopt as WG item?

8 draft-vandevelde-v6ops-ra-guard-01.txt8 THANK YOU!

Download ppt "Draft-vandevelde-v6ops-ra-guard-01.txt1 IPv6 RA-Guard G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohacsi IETF 71, March 11/14th 2008 Philadelphia."

Similar presentations

Router Identification Problem Statement J.W. Atwood 2008/03/11

Router Identification Problem Statement J.W. Atwood 2008/03/11
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,

Draft-vandevelde-v6ops-harmful-tunnels-01.txt 1 Are they the future of the Internet? Non-Managed Tunnels Considered Harmful Gunter Van de Velde, Ole Troan,
Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli.

Draft-kk-mpvd-ndp-support-01 MIF WG – IETF88 Jouni Korhonen Suresh Krishnan Sri Gundavelli.
MPTCP – Multipath TCP WG Meeting Honolulu, IETF-91, 14th Nov 2014 Philip Eardley Yoshifumi Nishida 1.

MPTCP – Multipath TCP WG Meeting Honolulu, IETF-91, 14th Nov 2014 Philip Eardley Yoshifumi Nishida 1.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.

Draft-ietf-v6ops-ra-guard-00.txt1 IPv6 RA-Guard draft-ietf-v6ops-ra-guard-00.txt G. Van de Velde, E. Levy- Abegnoli, C. Popoviciu, J. Mohácsi 72nd IETF.
SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.

SP Wi-Fi Services over Residential Architectures (draft-gundavelli-v6ops-community-wifi-svcs) IETF 84 - August, 2012 Authors: Sri Gundavelli(Cisco) Mark.
1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand

1 IPv6 in CableLabs DOCSIS 3.0 IETF v6ops wg meeting IETF#65 Ralph Droms Alain Durand
Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.

Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.
DMM Framework based on Functional Elements draft-liebsch-dmm-framework-analysis-02 M. Liebsch, P. Seite, G. Karagiannis IETF88, Vancouver DMM WG 08 th.

DMM Framework based on Functional Elements draft-liebsch-dmm-framework-analysis-02 M. Liebsch, P. Seite, G. Karagiannis IETF88, Vancouver DMM WG 08 th.
Public Key Infrastructure Ammar Hasayen 2013. ….

Public Key Infrastructure Ammar Hasayen ….
WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,
IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,

IPv6 Site Renumbering Gap Analysis draft-ietf-6renum-gap-analysis-02 draft-ietf-6renum-gap-analysis-02 Bing Liu (speaker), Sheng Jiang, Brian.E.Carpenter,
MPTCP – Multipath TCP WG Meeting Toronto, IETF-90, 21 st July 2014 Philip Eardley Yoshifumi Nishida 1.

MPTCP – Multipath TCP WG Meeting Toronto, IETF-90, 21 st July 2014 Philip Eardley Yoshifumi Nishida 1.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson

DHCPv6 Route Option (draft-dec-dhcpv6-route-option-03.txt) IETF 77, March 2010 : Wojciech Dec Richard Johnson
NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.

NEMO Requirements and Mailing List Discussions/Conclusions T.J. Kniveton - Nokia Pascal Thubert - Cisco IETF 54 – July 14, 2002 Yokohama, Japan.
Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.

Proposal for device identification PAR. Scope Unique per-device identifiers (DevID) Method or methods for authenticating that device is bound to that.
Principles on evaluating FIWARE relevance for Phase 3 proposals.

Principles on evaluating FIWARE relevance for Phase 3 proposals.

Similar presentations

Ads by Google