3rd International ICSTConference on Wireless Internet

Research Article

An NSIS-based Approach for Firewall Traversal in Mobile IPv6 Networks

Download495 downloads
  • @INPROCEEDINGS{10.4108/wicon.2007.2091,
        author={Niklas Steinleitner and Xiaoming Fu and Dieter Hogrefe and Thomas Schreck and Hannes Tschofenig},
        title={An NSIS-based Approach for Firewall Traversal in Mobile IPv6 Networks},
        proceedings={3rd International ICSTConference on Wireless Internet},
        proceedings_a={WICON},
        year={2010},
        month={5},
        keywords={},
        doi={10.4108/wicon.2007.2091}
    }
    
  • Niklas Steinleitner
    Xiaoming Fu
    Dieter Hogrefe
    Thomas Schreck
    Hannes Tschofenig
    Year: 2010
    An NSIS-based Approach for Firewall Traversal in Mobile IPv6 Networks
    WICON
    ICST
    DOI: 10.4108/wicon.2007.2091
Niklas Steinleitner1,*, Xiaoming Fu1,*, Dieter Hogrefe1,*, Thomas Schreck2,*, Hannes Tschofenig3,4,*
  • 1: University of Göttingen, Göttingen, Germany.
  • 2: University of Applied Sciences Landshut, Landshut, Germany.
  • 3: Nokia Siemens Networks.
  • 4: University of Göttingen, Munich, Germany.
*Contact email: steinleitner@cs.uni-goettingen.de, fu@cs.uni-goettingen.de, hogrefe@cs.uni-goettingen.de, thomas.schreck@fh-landshut.de, hannes.tschofenig@nsn.com

Abstract

Firewalls have been successfully deployed in today's network infrastructure in various environments and will also be used in IPv6 networks. However, most of the current firewalls do not support Mobile IPv6, the best known standardized solution for mobility support in IPv6. As a result, Mobile IPv6 traffic will be most likely dropped when used without an appropriate firewall traversal solution. This paper describes the problems and impacts of having firewalls in Mobile IPv6 environments and presents a firewall traversal solution based on the IETF's Next Steps In Signaling framework to address these issues. Compared with other candidates such as STUN, TURN, ICE, ALG, MID-COM and COPS, this approach does not rely on specific firewall placements and can be applied in various operational modes without additional introducing entities. In this paper we also explore security aspects since they are typically difficult to handle.