[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: MAST and mip based solution
Hi Kurtis,
> -----Mensaje original-----
> De: owner-multi6@ops.ietf.org [mailto:owner-multi6@ops.ietf.org]En
> nombre de Kurt Erik Lindqvist
> Enviado el: lunes, 15 de septiembre de 2003 12:02
> Para: mbagnulo@ing.uc3m.es
> CC: dhc@dcrocker.net; multi6@ops.ietf.org
> Asunto: Re: MAST and mip based solution
>
>
>
> On söndag, sep 14, 2003, at 12:08 Europe/Stockholm, marcelo bagnulo
> wrote:
>
> > I can identify the following relevant points (imho)
> > - Deployment. I think that it is clear that mip will be available much
> > sooner than a mast solution. Even if some changes are required in mip
> > to
> > support mh, i think that the changes imposed to nodes outside the
> > multi-homed site will be very limited (if not, i don't know if a mip
> > solution makes much sense). So i think that it is reasonable to
> > consider a
> > mip based solution as a short term solution
> >
>
> But for an intermediary solution where MIP already exists, will that
> actually need any modification or adoption for trying to solve
> multihoming?
>
I guess it would require some changes, the options that i can identfy are:
- Extend the maximum lifetime of binding entries (BCE) in the correspondent
nodes to some acceptable value for multi-homing support, for isntance a
couple of hours. The problem is that the current value is set to 7 minutes
and it is a security measure for preventing time shifting attacks.
- Use ICMP to differentiate a broken path from a time shifting attack. I
mean, mip uses return routability to prove address ownership. This means
that a node is entitled to use a given address if it can receive the packets
sent to this address. MIP return routability check is performed
periodically, so that time shifting attacks can be minimized (this means,
that it isn't enough that i can prove that once i could receive packets to a
certain address to prove that i own that address, instead i have to prove
that i can always recive packets to this address) (this implies that if an
attacker wants to pretend to own an address it must be intercepting the
packets to this address during the complete duration of the attack)
The problem is the return routability cannot be applied directly to the
multi-homed environment, becuase a mh host won't be able to prove address
ownership after an outage has occurred. So we need some way to differentiate
a path outage from a time shifting attack. This implies some form of network
to user signaling, informing that an outage has occurred. This is done using
icmp. The problem with this is icmp filtering. If icmp is filtered, the cn
will consider that an attack is in place and will drop the communication. So
this solution is as robust as icmp messaging... i am not sure if this is
good enough...
So possible changes are minor i guess, but i am not sure whether the
solution achieved is good enough
I am not sure that if this is a satisfactory answer to your question
tough....
Regards, marcelo
PS: i think this issues are pretty general, i mean they are true not only
for a mip based solution.
> - kurtis -
>
>