1 / 5

Firewall friendly RRT for MIPv6

Firewall friendly RRT for MIPv6. Gabor Bajko Franck Le draft-bajko-mip6-rrtfw-00.txt. RFC 4487. Mobile IPv6 and Firewalls: Problem Statement Outlines two set of problems: firewall between the MN and its HA BU/BA uses IPSec ESP, firewalls will drop Use UDP encapsulation?

kathie
Download Presentation

Firewall friendly RRT for MIPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall friendly RRT for MIPv6 Gabor BajkoFranck Le draft-bajko-mip6-rrtfw-00.txt

  2. RFC 4487 Mobile IPv6 and Firewalls: Problem Statement Outlines two set of problems: • firewall between the MN and its HA • BU/BA uses IPSec ESP, firewalls will drop • Use UDP encapsulation? • Not addressed in the current proposal • firewall between the MN and CN • Proposes a modified RRT to get RRT and RO through the firewall

  3. MN FW Firewall between the MN and CN • HoTI is coming from an already trusted source, MN HoA • When MN moves, and initiates a new RRT, the CoTI will arrive to the FW from an untrusted source and dropped. • RRT will fail as CoTI will never be received by the CN HoTI HA FW X CN CoTI HoTI Network(s) protected by FW(s)

  4. Solution HA CN MN HoTI HoTI · CoTI-FW would carry the CoA of the MN to the CN in a MO ·Otherwise similar to CoTI ·new Mobility Options required to carry the CoA of the MN CoTI CoTI FW FW X dropped HoT HoT CoT not sent (as CoTI was not received by the CN) < ·················· Timeout waiting for CoT CoTI-FW CoTI-FW CoT CoT CoT FW FW

  5. Conclusion • A document containing recommendations for MIPv6 friendly Firewall configurations might be useful • Modified, firewall friendly RRT procedure Question • Is the WG interested in this problem space?

More Related