60 likes | 212 Views
HMIPv6 (updates and requirements). Objective. Updates in last revision Match against the LMM requirement Way forward. On-link CoA testing. A MAP is a local HA. It was assumed that the security requirements for a local BU are similar to a BU sent to the HA.
E N D
Objective Updates in last revision Match against the LMM requirement Way forward
On-link CoA testing • A MAP is a local HA. It was assumed that the security requirements for a local BU are similar to a BU sent to the HA. • No clear reason for treating a MAP differently from a HA, however, an LCoA test was added “just in case the MAP turns out to have stronger security requirements”. • This method was recommended in Atlanta • Uses existing IPsec SA between the MAP and the MN • Protects against bombing another MN on another link. • Tradeoff: Performance Vs stronger security • The LCoA test must be implemented and is optional to use.
LCoA test (OCOT) BU BA (includes OCOT option) BA (includes OCOT option) MN MAP • All messages authenticated with IPsec (AH/ESP) • OCOT option includes a sequence no sent from the MAP to the MN • MN’s reply to MAP includes OCOT (sequence no + 1) • If OCOT is used, MAP marks BCE as “tentative” till it receives MN’s reply • MAP may also forward packets to the MN until it receives the MN’s reply.
Main LMM requirements and HMIPv6 • LMM requirements goals: • Reduce signalling as a result of movement • Reduce processing of signals in the CN • Avoid changes to CN and HA • Secure signalling between MN and LMM agent(s) • Allow progressive LMM deployment capability • Scalable deployment (I.e. linear increase in complexity with increase in number of MNs) • LMM MUST NOT introduce new “security holes” • LMM MUST NOT interfere with MN CN or MN HA security • LMM MUST ensure topological confidentiality • Interoperability with non-LMM-aware nodes • LMM MUST NOT increase latency or service disruption due to handovers
Main LMM requirements and HMIPv6 • It is desirable that LMM does not increase manual configuration in routers within the network • LMM MUST interwork with QoS schemes to allow QoS on both the uplink and downlink • (Both of the requirements above are unclear) • All of the above requirements are satisfied by HMIPv6 • One requirement NOT satisfied by HMIPv6: • LMM MUST avoid introducing a single point of failure in the network. • Like the HA, the MAP is a single point of failure, therefore this is not specific to HMIPv6, question to the WG: • Already in MIPv6 or charter???