source address finding saf for
play

Source Address Finding (SAF) for IPv6 Translation Mechanisms - PowerPoint PPT Presentation

Jan 02, 2024 •456 likes •545 views

Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave Thaler dthaler@microsoft.com IETF 74 - 6AI BOF 1 UNilateral Self-Address Fixing (UNSAF) 1:1 address mappings (NAT66) avoid most of the issues

  1. Source Address Finding (SAF) for IPv6 Translation Mechanisms draft-thaler-ipv6-saf-01.txt Dave Thaler dthaler@microsoft.com IETF 74 - 6AI BOF 1

  2. UNilateral Self-Address Fixing (UNSAF) • 1:1 address mappings (NAT66) avoid most of the issues with NAT, except: – Address seen by other end is different from what is seen locally • Many apps break when both ends don’t see the same address • IAB RFC 3424 (November 2002) defined “UNSAF”: – UNSAF mechanisms learn the address others see you as – endpoint “fixes” up the address it reports/advertises, since it’s different from what the endpoint originally thought – UNSAF mechanisms “can be considered at best as short term fixes ” – UNSAF mechanisms require an exit strategy • Previously it was “IPv6”, but not if we end up with NAT66… IETF 74 - 6AI BOF 2

  3. SAF = Source Address Finding • Can regain end-to-end transparency if 1. Use reversible 1:1 translation between host and NAT66 2. Learn (“find”) the external address and assign it to a virtual interface in the host • Compare vs tunnel-with-header-compression – Same: no changes to TCP/IP, sockets, apps required – Different: allows single-box deployment (at expense of losing e2e transparency) as a deployment step IETF 74 - 6AI BOF 3

  4. Incremental deployment (1/2) • Someone drops in 1 or more IPv6 Internet NAT66 boxes • Some apps work X::Y (same that work through NAT44) NAT66 NAT66 • Some apps break • Network still sees A::B some benefit • Hosts still see JL JL some pain IETF 74 - 6AI BOF 4

  5. Incremental deployment (2/2) • Upgrade hosts • Host finds X::Y IPv6 Internet • Host adds it on X::Y virtual interface NAT66 NAT66 • TCP/IP uses it normally • VIf translates X::Y A::B NAT66 NAT66 to A::B, NAT66 Vif(s) Vif(s) X::Y JJ JJ translates it back IETF 74 - 6AI BOF 5

  6. SAF Mechanisms • A “SAF” mechanism is one that learns the information needed to configure the virtual interface • Discussion of actual mechanisms is out of scope for this document and presentation – But it’s not rocket science – No per-flow negotiation needed since address is flow- independent – Need not involve changes to NAT66 devices • Discussion of architectural constraints is in scope IETF 74 - 6AI BOF 6

  7. Requirements for SAF Mechanisms 1. MUST find external addresses (and other config) 2. SHOULD work even if network beyond NAT66 is unreachable 3. MUST learn Valid/Preferred lifetimes of addrs 4. MUST NOT require a separate external address per translator 5. SHOULD support RFC3041 (privacy) addrs 6. SHOULD support CGAs IETF 74 - 6AI BOF 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HI source finding algorithms Comparing the general purpose Duchamp algorithm to a purpose built

HI source finding algorithms Comparing the general purpose Duchamp algorithm to a purpose built

HI source finding algorithms Comparing the general purpose Duchamp algorithm to a purpose built HI source finding algorithm Wednesday, 5 May 2010 Talk Outline Common elements of source finding algorithms The Duchamp algorithm

369 views • 21 slides
1 Finding a source of help: Finding a source of help: When excitement wanes When excitement

1 Finding a source of help: Finding a source of help: When excitement wanes When excitement

Finding the calm in the storm: Finding the calm in the storm: The context The context Addressing retention issues Addressing retention issues regional Australian university through an understanding of first through an understanding of

324 views • 4 slides
Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering

Traffic Control Mechanisms Filtering Source address filtering Other forms of filtering Rate limits Protection against traffic analysis Padding Routing control Lecture 9 Page 1 CS 236 Online Source Address Filtering

366 views • 11 slides
Networking Network layer Three concepts Naming A way to identify the source/destination

Networking Network layer Three concepts Naming A way to identify the source/destination

Networking Network layer Three concepts Naming A way to identify the source/destination E.g., house address Routing Finding how to move towards the destination E.g., which airplane should the stuff go on

1.85k views • 127 slides
Source Address Validation Improvements BoF 70 th IETF meeting, Vancouver 70 th IETF meeting,

Source Address Validation Improvements BoF 70 th IETF meeting, Vancouver 70 th IETF meeting,

Source Address Validation Improvements BoF 70 th IETF meeting, Vancouver 70 th IETF meeting, Vancouver December 5, 2007 Todays Agenda Problems to solve, focus for SAVI 10 min Danny McPherson, Christian Vogt IPv4 Source Guard An

335 views • 9 slides
Finding your voice Body in facilitating productive conversations Source: von Frank, V. (2013,

Finding your voice Body in facilitating productive conversations Source: von Frank, V. (2013,

Title Finding your voice Body in facilitating productive conversations Source: von Frank, V. (2013, Summer). Finding your voice in facilitating productive conversations. The Leading Teacher 8(4). (p.1, 4-5). Download the article and

345 views • 12 slides
Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your

Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your

Finding your way in a graph Finding your way in a graph Finding your way in a graph Finding your way in a graph = station One loop = junction A system of interconnected loops L L What is the best way to go from L to ? L L L 1 ? L

2.13k views • 166 slides
The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet Rob Beverly and Steve Bauer {rbeverly,bauer}@mit.edu The Spoofer Project Goal: Quantify the extent and nature of source address filtering on the

421 views • 31 slides
Center Finding Algorithm for Point Source Observation of Slit Spectrometer (IGRINS) Hye-In Lee 1

Center Finding Algorithm for Point Source Observation of Slit Spectrometer (IGRINS) Hye-In Lee 1

Center Finding Algorithm for Point Source Observation of Slit Spectrometer (IGRINS) Hye-In Lee 1 , Soojong Pak 1 , Gregory Mace 2 , Jae-Joon Lee 3 1 School of Space Research, Kyung Hee University 2 The University of Texas at Austin 3 Korea

619 views • 25 slides
Addressing in the TCP/IP model Layer 2 Address Resolution: ARP Address resolution: Ethernet

Addressing in the TCP/IP model Layer 2 Address Resolution: ARP Address resolution: Ethernet

IN2140: Introduction to Operating Systems and Data Communication Addressing in the TCP/IP model Layer 2 Address Resolution: ARP Address resolution: Ethernet example Dest address (48 bits) Ethernet Header Dest addr (cont) Source addr (48

566 views • 8 slides
CDC cellular automaton track finding. Various topics Oliver Frost Deutsches

CDC cellular automaton track finding. Various topics Oliver Frost Deutsches

CDC cellular automaton track finding. Various topics Oliver Frost Deutsches Elektronensynchrotron 2015-01-20 Overview > Changes to source code structure > Testing > Python support > Validation > Cosmics finding > Helix >

622 views • 26 slides
Source:

Source:

We are Here Source: Max Pixel Source: David Dixon Source: Google Earth Source: Arpingstone Source: Lee Cannon Source: Richard Drdul Source: Nicolas Nova

467 views • 20 slides
In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers

In Inferring the Deployment of f In Inbound Source Address Validation Using DNS Resolvers Maciej Korczyski*, Yevheniya Nosyk*, Qasim Lone , Marcin Skwarek*, Baptiste Jonglez*, and Andrzej Duda* *Universit Grenoble Alpes, CNRS, Grenoble

546 views • 16 slides
Understanding the Efficacy of Deployed Internet Source Address Validation Filtering Robert

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering Robert

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering Robert Beverly, Arthur Berger (MIT), Young Hyun, k claffy (UCSD/CAIDA) ACM Internet Measurement Conference 2009 Spoofer Project Background Recent

686 views • 47 slides
The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer

The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer

The Human Component in Automated Bug Finding Christian Holler (:decoder) Staff Security Engineer ~ 16M lines source code ~ 16M lines source code Last month: 340 authors with 2,475 commits Interfaces Media Formats Markup Fonts Languages

1.12k views • 72 slides
STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11

STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11

STATUS COUNT FINDING APPROVED 5 FINDING CONDITIONAL 16 FINDING DENIED 11 LICENSED 148 PENDING 27 WITHDRAWN 32 TOTAL 239 ADUs reviewed as Special Exceptions Pre 2013 ZTA 12-11 Allows ADUs as

741 views • 14 slides
CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means

9.1 CS356 Unit 9 Virtual Memory & Address Translation 9.2 Indirection Indirection means using one entity to refer to another Examples: A variable name vs. it's physical memory address Phone number vs. cell tower

844 views • 53 slides
Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna

Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna

Translation Model Adaptation Using Genre-Revealing Text Features Marlies van der Wees, Arianna Bisazza, Christof Monz Domain adaptation for SMT Prioritize translation candidates that are most relevant to a specific task Translation Model

758 views • 74 slides
Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of

Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of

A Translation-Based Animation of Dependently-Typed Specifications From LF to hohh (and back again) Mary Southern and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota This work was funded by NSF grant

668 views • 24 slides
Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky

Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky

Optimizing Binary Translation of Dynamically Generated Code Byron Hawkins Brian Demsky University of California, Irvine Derek Bruening Qin Zhao Google, Inc. Profiling Bug detection Program analysis Security SPEC CPU 2006

1.15k views • 85 slides
Predicate Logic: Introduction and Translations Alice Gao Lecture 11 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 11 CS 245 Logic and

Predicate Logic: Introduction and Translations Alice Gao Lecture 11 CS 245 Logic and Computation Fall 2019 1 / 37 Outline Learning goals Introduction and Motivation Elements of Predicate Logic Translating between English and Predicate

604 views • 37 slides
Certificate Translation for Specification Preserving Advices Gilles Barthe and Csar Kunz INRIA

Certificate Translation for Specification Preserving Advices Gilles Barthe and Csar Kunz INRIA

Certificate Translation for Specification Preserving Advices Certificate Translation for Specification Preserving Advices Gilles Barthe and Csar Kunz INRIA Sophia Antipolis - Mditerrane FOAL 2008 Csar Kunz (with Gilles Barthe) FOAL

481 views • 44 slides
Attention is All You Need (Vaswani et. al. 2017) Slides and figures when not cited are from:

Attention is All You Need (Vaswani et. al. 2017) Slides and figures when not cited are from:

Attention is All You Need (Vaswani et. al. 2017) Slides and figures when not cited are from: Mausam, Jay Alammar The Illustrated Transformer Attention in seq2seq models (Bahdanau 2014) Multi-head attention Self-attention (single-head,

718 views • 48 slides
x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking

x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking

8/31/12 Logical Diagram Binary Memory Threads Formats Allocators x86 Memory Protection User System Calls Kernel and Translation RCU File System Networking Sync Todays Lecture Don Porter (focus on CSE 506 Memory Device

576 views • 9 slides

More recommend