Early Binding Updates for Mobile IPv6 <draft-vogt-mip6-early-binding-updates-00.txt>

Early Binding Updates for Mobile IPv6 • <draft-vogt-mip6-early-binding-updates-00.txt> • Christian Vogt • Roland Bless • Mark Doll • Tobias Küfner • 59th IETF Meeting, Seoul, South Korea • March 3, 2004

Standard Binding Updates <draft-ietf-mobileip-ipv6-24.txt> IPsec Home Agent Mobile Node Correspondent Node Handoff and CoA change Home Test Init Home Test Init Care-of Test Init Home Test Home Test Care-of Test Latency = 1 RTT Binding Update MN starts using new CoA Binding Acknowledgement Latency = 2 RTT CN starts using new CoA Data to new CoA

Early Binding Updates <draft-vogt-mip6-early-binding-updates-00.txt> IPsec Home Agent Mobile Node Correspondent Node Home Test Init Home Test Init AnticipatoryHoA test Home Test Home Test Handoff and CoA change Mobile Node Latency =  Early Binding Update Care-of Test Init MN starts using new CoA Concurrent CoA test Early Binding Acknowledgement Care-of Test Latency = 1 RTT CN starts using new CoA Data to new CoA Binding Update Concurrent Binding Update Binding Acknowledgement

Credit-Based Authorization How can misuse of Early Binding Updates for flooding attacks be discouraged?Here is a credit-based approach, balancing what the MN is given with what the MN spends. An unconfirmed CoA is a CoA for which a CoA test has not yet been done A confirmed CoA is a CoA for which a CoA test has been done Receive EBU Receive BU Receive BU Unconfirmed CoA Confirmed CoA Receive EBU CREDIT−−for each byte/packet sent to the CoA CREDIT++for each byte/packet sent to the CoA The Correspondent Node maintains a COUNTER for each Mobile Node Credit-based authorization is pro-active authorization <draft-vogt-mip6-early-binding-updates-01.txt> (to be published soon)

Early Binding Updates for Mobile IPv6 <draft-vogt-mip6-early-binding-updates-00.txt>