NSIS NAT/FW NSLP Problem Statement and Framework - PowerPoint PPT Presentation

About This Presentation
Title:

NSIS NAT/FW NSLP Problem Statement and Framework

Description:

Application independent - end-hosts and firewalls/NATs only ... Determine the scenario a host is in. Problems. Document Handling. Should the document cover ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 11
Provided by: ietf
Learn more at: https://www.ietf.org
Category:

less

Transcript and Presenter's Notes

Title: NSIS NAT/FW NSLP Problem Statement and Framework


1
NSIS NAT/FW NSLPProblem Statement and Framework
  • M. Brunner, Stiemerling, M. Martin (NEC), H.
    Tschofenig (Siemens), H. Schulzrinne (Columbia
    U.)

2
Objective
  • Need for dynamically allocated pinholes or NAT
    bindings
  • Application include VoIP, gaming, streaming
  • application using other than well-known ports
  • Applications doing application specific routing
    (e.g. SIP)
  • Use path-coupled signaling for NAT and firewall
    traversal
  • But not for IPsec related tunnel endpoint
    discovery.

3
Other solutions
  • Application-specific Firewall and NAT
    implementation
  • Midcom WG
  • Use a protocol to dynamically configure a
    firewall/NAT
  • Requires knowledge of the right NAT/Firewall(s)
  • Shortcommings of pathdecoupled signaling

4
General View
NAT/FW NSLP
NTLP
IP
5
Various scenarios listed
  • Define a set of use cases to understand the
    problem better
  • FW/NAT related Scenarios
  • Firewalls only
  • NATs and firewalls
  • Sending host behind a NAT,
  • Receiving host behind a NAT,
  • both behind a NAT
  • Security related Scenarios
  • Peer-to-peer trust relationship
  • Intra-Domain trust relationship
  • End-to-middle trust relationship

6
What a NAT/FW NSLP solves
  • Topology problem -gt uses normal routing
  • What firewalls/NATs need to get configured -gt
    only those on the data path
  • Easily works for several FW/NAT in a row -gt find
    and configures them all
  • Application independent -gt end-hosts and
    firewalls/NATs only must implement NSIS NTLP and
    NAT/FW NSLP

7
ProblemsTechnical
  • Missing Network-to-Network Trust Relationship
  • NATs from the outside -gt in general the
    destination IP address of the destination (NSIS
    responder) is unknown.
  • Must deal with route changes quickly (data losses
    happen on the data path until the new FW is
    configured
  • Determine the scenario a host is in

8
ProblemsDocument Handling
  • Should the document cover
  • the NAT handling of other NSLPs (e.g. QoS) be
    covered? (and interworking with them)
  • interoperability with non-NSIS aware NATs
  • solution specific aspects?

9
Conclusion
  • An NSIS NAT/FW NSLP is an effective solution for
    NAT/FW traversal for dynamically setup data
    communication
  • There are still a number of problems, which need
    to be resolved
  • The work is part of the charter
  • Adopt as WG draft?

10
A Solution for the Topology Problem
FW 1
FW 2
FW 4
FW 3
NSIS signaling
Host A
Host B
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NSIS NAT/FW NSLP Problem Statement and Framework" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!