Firewall%20friendly%20RRT%20for%20MIPv6 - PowerPoint PPT Presentation

About This Presentation
Title:

Firewall%20friendly%20RRT%20for%20MIPv6

Description:

Firewall friendly RRT for MIPv6. Gabor Bajko. Franck Le ... Modified, firewall friendly RRT procedure. Question. Is the WG interested in this problem space? ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 6
Provided by: bajko
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: Firewall%20friendly%20RRT%20for%20MIPv6


1
Firewall friendly RRT for MIPv6
  • Gabor BajkoFranck Le
  • draft-bajko-mip6-rrtfw-00.txt

2
RFC 4487
  • Mobile IPv6 and Firewalls Problem Statement
  • Outlines two set of problems
  • firewall between the MN and its HA
  • BU/BA uses IPSec ESP, firewalls will drop
  • Use UDP encapsulation?
  • Not addressed in the current proposal
  • firewall between the MN and CN
  • Proposes a modified RRT to get RRT and RO through
    the firewall

3
Firewall between the MN and CN
HoTI
HA
FW
X
CN
CoTI
HoTI
Network(s) protected by FW(s)
  • HoTI is coming from an already trusted source, MN
    HoA
  • When MN moves, and initiates a new RRT, the CoTI
    will arrive to the FW from an untrusted source
    and dropped.
  • RRT will fail as CoTI will never be received by
    the CN

4
Solution
HA
CN
MN
HoTI
HoTI
? CoTI-FW would carry the CoA of the MN to the CN
in a MO ? Otherwise similar to CoTI ? new
Mobility Options required to carry the CoA of the
MN
CoTI
CoTI
FW
FW
X
dropped
HoT
HoT
CoT not sent (as CoTI was not received by the CN)
lt ??????????????????
Timeout waiting for CoT
CoTI-FW
CoTI-FW
CoT
CoT
CoT
FW
FW
5
Conclusion
  • A document containing recommendations for MIPv6
    friendly Firewall configurations might be useful
  • Modified, firewall friendly RRT procedure

Question
  • Is the WG interested in this problem space?
Write a Comment
User Comments (0)
About PowerShow.com