Policy-based Firewall Traversal for Mobile IPv6
draft-xia-mip6-fw-policy-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Frank Xia , Behcet Sarikaya | ||
| Last updated | 2007-07-03 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
Most of firewalls deployed today are Mobile IPv6 unaware. Widespread Mobile IPv6 deployment is not possible unless Mobile IPv6 messages can pass through these firewalls. In this memo, policy servers are used to communicate with firewalls and instruct them to bypass Mobile IPv6 messages. To achieve the goal, Network Access Identifier (NAI) and authentication information are included in Mobile IPv6 control signalling or data packets. Firewalls extract these information and send them to a policy server, and the policy server then installs corresponding states in firewalls based on authentication result and user's predefined policy. The new defined IPv6 extension header and the policy-based frame can also facilitate dynamic configuration in any application firewall traversal.
Authors
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)