1 / 10

NSIS NAT/FW NSLP Problem Statement and Framework

NSIS NAT/FW NSLP Problem Statement and Framework. M. Brunner , Stiemerling , M. Martin ( NEC ), H. Tschofenig ( Siemens ), H. Schulzrinne ( Columbia U. ). Objective. Need for dynamically allocated pinholes or NAT bindings Application include VoIP, gaming, streaming

carolleonard
Download Presentation

NSIS NAT/FW NSLP Problem Statement and Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NSIS NAT/FW NSLPProblem Statement and Framework M. Brunner, Stiemerling, M. Martin (NEC), H. Tschofenig (Siemens), H. Schulzrinne (Columbia U.)

  2. Objective • Need for dynamically allocated pinholes or NAT bindings • Application include VoIP, gaming, streaming • application using other than well-known ports • Applications doing application specific routing (e.g. SIP) • Use path-coupled signaling for NAT and firewall traversal • But not for IPsec related tunnel endpoint discovery.

  3. Other solutions • Application-specific Firewall and NAT implementation • Midcom WG • Use a protocol to dynamically configure a firewall/NAT • Requires knowledge of the „right“ NAT/Firewall(s) • Shortcommings of pathdecoupled signaling

  4. FW+ host FW+ host General View NAT/FW NSLP NTLP IP

  5. Various scenarios listed • Define a set of use cases to understand the problem better • FW/NAT related Scenarios • Firewalls only • NATs and firewalls • Sending host behind a NAT, • Receiving host behind a NAT, • both behind a NAT • Security related Scenarios • Peer-to-peer trust relationship • Intra-Domain trust relationship • End-to-middle trust relationship

  6. What a NAT/FW NSLP solves • Topology problem -> uses „normal“ routing • What firewalls/NATs need to get configured -> only those on the data path • Easily works for several FW/NAT in a row -> find and configures them all • Application independent -> end-hosts and firewalls/NATs only must implement NSIS NTLP and NAT/FW NSLP

  7. ProblemsTechnical • Missing Network-to-Network Trust Relationship • NATs from the outside -> in general the destination IP address of the destination (NSIS responder) is unknown. • Must deal with route changes quickly (data losses happen on the data path until the new FW is configured • Determine the scenario a host is in

  8. ProblemsDocument Handling • Should the document cover • the NAT handling of other NSLPs (e.g. QoS) be covered? (and interworking with them) • interoperability with non-NSIS aware NATs • solution specific aspects?

  9. Conclusion • An NSIS NAT/FW NSLP is an effective solution for NAT/FW traversal for dynamically setup data communication • There are still a number of problems, which need to be resolved • The work is part of the charter • Adopt as WG draft?

  10. A Solution for the Topology Problem FW 1 FW 2 FW 4 FW 3 NSIS signaling Host A Host B

More Related