1 / 7

Using Mobile IPv6 for HomeLAN Access

Using Mobile IPv6 for HomeLAN Access. draft-sugimoto-mip6-homelan-access-00.txt. Shinta Sugimoto. Seamless and secure access to the network inside home (HomeLAN) is needed: User may want to access resource inside his/her home remotely in a seamless manner.

jamese
Download Presentation

Using Mobile IPv6 for HomeLAN Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Mobile IPv6 forHomeLAN Access draft-sugimoto-mip6-homelan-access-00.txt Shinta Sugimoto

  2. Seamless and secure access to the network inside home (HomeLAN) is needed: User may want to access resource inside his/her home remotely in a seamless manner. Mobile IPv6 may fit well in this scenario: Its concept is that MN is assured to be always connected (virtually) to the ‘home link’ Applications or application framework designed for HomeLAN environment may rely on the link-local communication to realize ‘zero-conf’: Handiness of link-local scope address helps fast and easy setup of connecting to the network (auto-configuration). UPnP assumes that link-local scope is default scope in which SSDP runs. RFC 3775 does not allow HA forwarding link-local traffic (MUST NOT) Motivation/Background

  3. ‘S’ flag introduces ‘S’ flag in order to allow MN to utilize link-local home address Link-local Scope Multicast Address option: allows MN to request for bypassing particular link-local multicast traffic protocol, port number, and link-local scope multicast address can be specified valid only when ‘S’ flag is set in the BU message Alternate Interface Identifier option: Allows MN to request alternate interface identifier to be used for the lower 64-bit of the link-local home address valid only when ‘S’ flag is set in the BU message Extensions to BU message

  4. Clarification on use of ‘S’ flag

  5. Security Considerations • Proposal can lead to exposing the network internals to third party. In other words, off-path eavesdropping could become possible. • Access inside the HomeLAN must not be granted without proper authentication. Confidentiality of the data traffic must also be provided (MUST use ESP tunnel mode with non-null encryption).

  6. Summary • MN may utilize link-local scope home address by sending BU message with ‘S’ flag set • MN may additionally request for bypassing specific link-local scope multicast traffic by including Link-local Scope Multicast Address option • HA maintains local policy of bypassing rules upon receiving BU message with Link-local Scope Multicast Address option • Use of IPsec tunnel (ESP tunnel mode) is highly recommended in this particular scenario • MN can facilitate a “virtual home interface,” which is logically tied to a binding association with the HA. A care should be made when the MN returns home as “virtual home interface” should remain active even though there is no binding association.

More Related