70 likes | 216 Views
Using Mobile IPv6 for HomeLAN Access. draft-sugimoto-mip6-homelan-access-00.txt. Shinta Sugimoto. Seamless and secure access to the network inside home (HomeLAN) is needed: User may want to access resource inside his/her home remotely in a seamless manner.
E N D
Using Mobile IPv6 forHomeLAN Access draft-sugimoto-mip6-homelan-access-00.txt Shinta Sugimoto
Seamless and secure access to the network inside home (HomeLAN) is needed: User may want to access resource inside his/her home remotely in a seamless manner. Mobile IPv6 may fit well in this scenario: Its concept is that MN is assured to be always connected (virtually) to the ‘home link’ Applications or application framework designed for HomeLAN environment may rely on the link-local communication to realize ‘zero-conf’: Handiness of link-local scope address helps fast and easy setup of connecting to the network (auto-configuration). UPnP assumes that link-local scope is default scope in which SSDP runs. RFC 3775 does not allow HA forwarding link-local traffic (MUST NOT) Motivation/Background
‘S’ flag introduces ‘S’ flag in order to allow MN to utilize link-local home address Link-local Scope Multicast Address option: allows MN to request for bypassing particular link-local multicast traffic protocol, port number, and link-local scope multicast address can be specified valid only when ‘S’ flag is set in the BU message Alternate Interface Identifier option: Allows MN to request alternate interface identifier to be used for the lower 64-bit of the link-local home address valid only when ‘S’ flag is set in the BU message Extensions to BU message
Security Considerations • Proposal can lead to exposing the network internals to third party. In other words, off-path eavesdropping could become possible. • Access inside the HomeLAN must not be granted without proper authentication. Confidentiality of the data traffic must also be provided (MUST use ESP tunnel mode with non-null encryption).
Summary • MN may utilize link-local scope home address by sending BU message with ‘S’ flag set • MN may additionally request for bypassing specific link-local scope multicast traffic by including Link-local Scope Multicast Address option • HA maintains local policy of bypassing rules upon receiving BU message with Link-local Scope Multicast Address option • Use of IPsec tunnel (ESP tunnel mode) is highly recommended in this particular scenario • MN can facilitate a “virtual home interface,” which is logically tied to a binding association with the HA. A care should be made when the MN returns home as “virtual home interface” should remain active even though there is no binding association.