Download presentation
Presentation is loading. Please wait.
Published byDrusilla Warner Modified over 9 years ago
1
Basavaraj Patil IETF 78
2
Implementation details: Implemented on Nokia N900 and Ubuntu 10, and Debian 5 linux variants TLS connection is established between MN and HAC over which the MN obtains keys and bootstrapping parameters MN authentication is done by the HAC using ESP-MD5 with EAP messages being carried inside the TLS tunnel Keys obtained from HAC and SPI are used to secure the signaling messages between MN and HA IPv6 and IPv4 HoA are assigned to the MN
3
Implementing the TLS based security framework as per I-D: draft-korhonen- mext-altesec was relatively easy and painless Used openssl library for the TLS code TLS connection setup over IPv6 links was the only problem Fixed this problem with changes to the MSS value used for TLS connection setup
4
MTU issues for signaling and traffic when the MN was attached via links which are themselves tunnels (eg. Tunnelbroker) MTU issues occuring primarily when connected via IPv6/DS links
5
Setting up the registration with the HA causes all traffic, including DNS queries, to be tunnelled via the HA The local DNS servers (configured by DHCP and valid on the local link) are no longer reachable Resolved by providing the MN with a DNS server address reahable via the HA as part of the bootstrapping process
6
From an implementation and operational perspective, the TLS based security framework has taken minimal time to build and test. Majority of the effort has been focused on the DSMIP6 protocol aspects. UDP encap for all types of traffic makes client implementation simpler and helps with the NAT traversal
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.