draft-krishnan-mip6-firewall-vendor-01.txt		draft-krishnan-mip6-firewall-vendor-02.txt
	Network Working Group S. Krishnan		Network Working Group S. Krishnan
	Internet-Draft Ericsson		Internet-Draft Ericsson
	Intended status: Informational Y. Sheffer		Intended status: Informational Y. Sheffer
	Expires: May 19, 2008 Check Point		Expires: May 21, 2008 Check Point
	N. Steinleitner		N. Steinleitner
	University of Goettingen		University of Goettingen
	November 16, 2007		November 18, 2007
	Guidelines for firewall vendors regarding MIPv6 traffic		Guidelines for firewall vendors regarding MIPv6 traffic
	draft-krishnan-mip6-firewall-vendor-01		draft-krishnan-mip6-firewall-vendor-02
	Status of this Memo		Status of this Memo
	By submitting this Internet-Draft, each author represents that any		By submitting this Internet-Draft, each author represents that any
	applicable patent or other IPR claims of which he or she is aware		applicable patent or other IPR claims of which he or she is aware
	have been or will be disclosed, and any of which he or she becomes		have been or will be disclosed, and any of which he or she becomes
	aware will be disclosed, in accordance with Section 6 of BCP 79.		aware will be disclosed, in accordance with Section 6 of BCP 79.
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF), its areas, and its working groups. Note that		Task Force (IETF), its areas, and its working groups. Note that
	skipping to change at page 1, line 37		skipping to change at page 1, line 37
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	The list of current Internet-Drafts can be accessed at		The list of current Internet-Drafts can be accessed at
	http://www.ietf.org/ietf/1id-abstracts.txt.		http://www.ietf.org/ietf/1id-abstracts.txt.
	The list of Internet-Draft Shadow Directories can be accessed at		The list of Internet-Draft Shadow Directories can be accessed at
	http://www.ietf.org/shadow.html.		http://www.ietf.org/shadow.html.
	This Internet-Draft will expire on May 19, 2008.		This Internet-Draft will expire on May 21, 2008.
	Copyright Notice		Copyright Notice
	Copyright (C) The IETF Trust (2007).		Copyright (C) The IETF Trust (2007).
	Abstract		Abstract
	This document presents some recommendations for firewall vendors to		This document presents some recommendations for firewall vendors to
	help them implement their firewalls in a way that allows Mobile IPv6		help them implement their firewalls in a way that allows Mobile IPv6
	signaling and data messages to pass through. This document describes		signaling and data messages to pass through. This document describes
	skipping to change at page 2, line 15		skipping to change at page 2, line 15
	Table of Contents		Table of Contents
	1. Requirements notation . . . . . . . . . . . . . . . . . . . . . 3		1. Requirements notation . . . . . . . . . . . . . . . . . . . . . 3
	2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3		2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
	3. MIPv6 Firewall Primitives . . . . . . . . . . . . . . . . . . . 3		3. MIPv6 Firewall Primitives . . . . . . . . . . . . . . . . . . . 3
	3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 3		3.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 3
	3.2. Detecting and parsing the Mobility Header . . . . . . . . . 3		3.2. Detecting and parsing the Mobility Header . . . . . . . . . 3
	3.3. Parsing Mobility Options . . . . . . . . . . . . . . . . . 3		3.3. Parsing Mobility Options . . . . . . . . . . . . . . . . . 3
	4. Allowing signaling response packets . . . . . . . . . . . . . . 4		4. Allowing signaling response packets . . . . . . . . . . . . . . 4
	5. Allowing data packets based on signaling . . . . . . . . . . . 5		5. Allowing data packets based on signaling . . . . . . . . . . . 5
	6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 5		6. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 6
	7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6		7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
	8. Security Considerations . . . . . . . . . . . . . . . . . . . . 6		8. Security Considerations . . . . . . . . . . . . . . . . . . . . 6
	9. Normative References . . . . . . . . . . . . . . . . . . . . . 6		9. Normative References . . . . . . . . . . . . . . . . . . . . . 7
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
	Intellectual Property and Copyright Statements . . . . . . . . . . 8		Intellectual Property and Copyright Statements . . . . . . . . . . 8
	1. Requirements notation		1. Requirements notation
	The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",		The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this		"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
	document are to be interpreted as described in [RFC2119].		document are to be interpreted as described in [RFC2119].
	2. Introduction		2. Introduction
	skipping to change at page 5, line 43		skipping to change at page 5, line 43
	data traffic from the MN to the CN pass through.		data traffic from the MN to the CN pass through.
	Source Address: Source Address of the packet (MN CoA)		Source Address: Source Address of the packet (MN CoA)
	Destination Address: Destination Address of packet (CN)		Destination Address: Destination Address of packet (CN)
	Next Header: IPv6 Destination Options Header(60)		Next Header: IPv6 Destination Options Header(60)
	Home Address Dest. Option: MN HoA		Home Address Dest. Option: MN HoA
	This pattern allows all route optimized traffic coming from the MN to		This pattern allows all route optimized traffic coming from the MN to
	the CN to pass through.		the CN to pass through.
			A firewall protecting the HA can add the following rule on reception
			of a HA binding update, in order to let the incoming bi-directional
			tunneled traffic pass.
			Destination Address: Source Address of the packet (MN HoA)
			Source Address: Destination Address of packet (CN)
	6. Contributors		6. Contributors
	This document is one of the deliverables of the MIPv6 firewall		This document is one of the deliverables of the MIPv6 firewall
	design. The following members of the team were involved in the		design. The following members of the team were involved in the
	creation of this document.		creation of this document.
	Hannes Tschofenig Hannes.Tschofenig@gmx.net		Hannes Tschofenig Hannes.Tschofenig@gmx.net
	Gabor Bajko Gabor.Bajko@nokia.com		Gabor Bajko Gabor.Bajko@nokia.com
	Suresh Krishnan suresh.krishnan@ericsson.com		Suresh Krishnan suresh.krishnan@ericsson.com
	Hesham Soliman solimanhs@gmail.com		Hesham Soliman solimanhs@gmail.com
	Yaron Sheffer yaronf@checkpoint.com		Yaron Sheffer yaronf@checkpoint.com
	Qiu Ying qiuying@i2r.a-star.edu.sg		Qiu Ying qiuying@i2r.a-star.edu.sg
End of changes. 8 change blocks.
	6 lines changed or deleted		14 lines changed or added
This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/