Preferred Alternatives for Tunnelling HIP (PATH)

Preferred Alternatives for Tunnelling HIP (PATH) <draft-nikander-hip-path-00.txt> P. Nikander, H. Tschofenig, T. Henderson, L. Eggert, J. Laganier

Idea • Allow HIP to traverse LEGACY NATs by reusing EXISTING mechanisms • Area of investigation: • HIP protocol interaction between two HIP endpoints • HIP protocol interaction considering rendezvous servers

What extensions are necessary? • UDP encapsulation for HIP messages • UDP encapsulation for IPsec payloads • NAT detection payload • Ability to carry locator format with port numbers

Open Issues (related to interaction with PATH server)

HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | | | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | without UDP-REA | <---------------- | <---------------- | | <---------------- | | | | | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | ----------------> | without UDP-REA | without UDP-REA | | | ----------------> | ----------------> | | | | | | | R2 over UDP | R2 over UDP | | R2 over IP | <---------------- | <---------------- | | <---------------- | | | | | | | | IPsec ESP | IPsec ESP | IPsec ESP | | <===============> | over UDP | over UDP | | | <================ | ================> | HIP and IPsec packets travel via the PATH server

HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | | | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | <---------------- | <---------------- | | <---------------- | | | | | | | | I2 over IP | | | | without UDP-REA | I2 over UDP | I2 over UDP | | ----------------> | without UDP-REA | without UDP-REA | | | ----------------> | ----------------> | | | | | | R2 over UDP | R2 over UDP | R2 over UDP | | <------------------------------------ | <---------------- | | | | | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Most HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

HIP PATH Network Address HIP Initiator Server Translator Responder | | | | | I1 over IP | | | | ----------------> | I1 over UDP | I1 over UDP | | | ----------------> | ----------------> | | | | | | | R1 over UDP | R1 over UDP | | R1 over IP | with UDP-REA | with UDP-REA | | with UDP-REA | <---------------- | <---------------- | | <---------------- | | | | | | | | I2 over UDP | I2 over UDP | I2 over UDP | | with UDP-REA | with UDP-REA | with UDP-REA | | ------------------------------------> | ----------------> | | | | | | R2 over UDP | R2 over UDP | R2 over UDP | | with UDP-REA | with UDP-REA | with UDP-REA | | <------------------------------------ | <---------------- | | | | | | IPsec ESP | IPsec ESP | IPsec ESP | | over UDP | over UDP | over UDP | | <==================================== | ================> | Some HIP messages travel via the PATH server IPsec messages do not travel via the PATH server

Questions • Maybe there are other ways to interact with the PATH server • Should we decide on a single approach? • The type of NAT we would like to support is an important design decision. • Better alignment with RVS and HIP registration protocol is needed.

Preferred Alternatives for Tunnelling HIP (PATH)