1 / 6

Enhancing HIP NAT Traversal: Preferred Alternatives for Tunneling (PATH)

This document outlines preferred alternatives for the Host Identity Protocol (HIP) to effectively traverse legacy NATs (Network Address Translators) through existing mechanisms. The primary goal is to enable HIP protocol exchanges between two endpoints while supporting standard ESP-mode encapsulation. The proposed method utilizes UDP encapsulation for HIP signaling and introduces a new UDP-REA parameter to identify NATs. Moreover, external discovery mechanisms such as STUN or TURN can be integrated for better NAT traversal and to maintain the integrity of the signaling process.

malia
Télécharger la présentation

Enhancing HIP NAT Traversal: Preferred Alternatives for Tunneling (PATH)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preferred Alternatives for Tunnelling HIP (PATH) <draft-nikander-hip-path-01.txt> P. Nikander, H. Tschofenig, X. Fu, T. Henderson

  2. Idea • Allow HIP to traverse LEGACY NA(P)Ts by reusing EXISTING mechanisms • Goal: • To allow HIP protocol exchanges between two HIP endpoints to traverse NATs • Mainly for standard ESP-mode encapsulation • How: • Use UDP encapsulation for HIP signaling and data messages • Introduce a new (S-)UDP-REA parameter in HIP signaling messages • To support the case where DS/DR we use the RVS functionality(as well as HIP endpoints) to support this extension • Such extended RVS servers  also called “PATH” servers • HIP endpoints accessing this info  “PATH” clients

  3. The UDP-REA parameter • UDP-REA: UDP encapsulated REAdress • Idea: • To detect existence of NA(P)Ts • Mainly, consists of “lifetime + Hashed value” • Hash = PRF(RANDOM | Source IP | Destination IP | Source Port | Destination Port) • Used in • R1-I2 signaling messages in • HIP base exchanges • RVS/PATH registrations • relayed HIP base exchange thru RVS/PATH server • UPDATE messages in • RVS/PATH registration • HIP base UPDATE messages

  4. The S-UDP-REA Parameter • S-UDP-REA: “Secure” UDP-REAdress • Idea: • Reuse other (external) mechanism to discover the NA(P)T address • External mechanism can be STUN, TURN, MIDCOM, or NSIS NATFW NSLP • Then integrity-protected UDP-REA parameter can be included in the HIP I1-R2 signaling messages • This also allows HIP traversal of certain firewalls

  5. Next Steps • ?

  6. Questions?

More Related