Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
NEMO Experiments
IPv4 & IPv6roland.grc.nasa.gov/~ivancic
Pick ICNS Demonstration
PublicInternet
PrivateIntranet
PROXY
Secured Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Cisco PIXFirewall
Cisco PIXFirewall
IPv4Network
Glenn Research Center
GRC External Services Network
VerizonSprint
Unsecured Mobile LANRemote
ControlledWebcam
WiFi
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secure Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgentHost from
Secured Mobile LAN
Accessing Corresponding Private Node
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secure Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgentHost from
Secured Mobile LAN
Accessing Corresponding
Public Node
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secure Mobile LAN Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Host from Secured Mobile LAN Accessing Corresponding Public Node via
Internal Network
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secure Mobile LAN Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
xProxy blocks
Communication Initiated outside
the Firewall
Corresponding Public Node
Initiating Conversation
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secure Mobile LAN Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Host from Secured Mobile LAN Accessing Corresponding
Private Node via Internal Network
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secured Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Unsecured Mobile LAN
RemoteControlledWebcam
Host fromUnsecured Mobile
LANAccessing
Remote Controlled Camera
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secured Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Unsecured Mobile LAN
RemoteControlledWebcam
Host fromUnsecured Mobile
LANAccessing
Corresponding“Public” Node
xFirewall rules block Communication out.Only mobile router
tunnels allowed off this subnet.
PublicInternet
PrivateIntranet
PROXY
ENCRYPTOR
ENCRYPTOR
Secured Mobile LAN
Mobile Router
CorrespondingPublic Node
CorrespondingPrivate Node
HomeAgent
Unsecured Mobile LAN
RemoteControlledWebcam
Host fromUnsecured Mobile
LANAccessing
Corresponding“Private” Node
xFirewall rules block
Communication.Only IPSec tunnel from “secured mobile LAN”
allowed.
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
IPv6Network
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4Public
Internet
CNSIPv6
Intranet
EurocontrolIPv6
Intranet
NASA NRENIPv6
Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-to
-4
Tunn
el
RemoteControlledWebcam
16
Data Flow KeyNo Encapsulation
IPv6-to-IPv4 Encapsulation
IPv6 Mobile Router Tunnel
IPv6 Mobile Tunnel with IPv6-to-IPv4 Encapsulation (Double Encapsulation)
Encrypted IPv6 Mobile Tunnel with IPv6-to-IPv4 Encapsulation and Encryption (Triple Encapsulation)
Note, the Secured IPv4 mobile network data passing through the Globalstar network actually experiences five layers of encapsulation: 1) IPv4-to-IPv6; 2) IPv6 Mobile Tunnel; 3) IPv6-to-IPv4 “Door” tunnel; 4) HAIPE encapsulation for encryption; 5) anadditional tunnel between the Globalstar Smiths Falls ground station and the Qualcomm facility in San Diego, CA unencapsulated and reencapsulated for transmission to Glenn Research Center through the NAT at Qualcomm.
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
IPv6Network
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4Public
Internet
CNSIPv6
Intranet
EurocontrolIPv6
Intranet
NASA NRENIPv6
Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-to
-4
Tunn
el
RemoteControlledWebcam
IPv6 Host fromMobile LAN
Accessing Corresponding
NASA IPv6 Node
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
IPv6Network
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4Public
Internet
CNSIPv6
Intranet
EurocontrolIPv6
Intranet
NASA NRENIPv6
Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-to
-4
Tunn
el
RemoteControlledWebcam
IPv6 Host fromMobile LAN
Accessing Corresponding
EurocontrolIPv6 Node
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
IPv6Network
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4Public
Internet
CNSIPv6
Intranet
EurocontrolIPv6
Intranet
NASA NRENIPv6
Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-to
-4
Tunn
el
RemoteControlledWebcam
IPv4 Host fromMobile LAN
Accessing Corresponding
“Public”IPv4 Node
IPv4 Mobile LAN IPv6Mobile Router
CorrespondingPublic Node
IPv6HomeAgent
MonitoringPoints
IPv6Network
Glenn Research Center
GRC Open Network (DMZ)
Globalstar
T-Mobile
IPv6 Mobile LAN
IPv4Public
Internet
CNSIPv6
Intranet
EurocontrolIPv6
Intranet
NASA NRENIPv6
Intranet
Z
Z
IPv6 Web Server
IPv6 Web Server
IPv6 Web Server
6-to-4 (DOOR)
6-to-4 (DOOR)
4-to-6 Tunnel
6-to-4 (DOG)
6-to-4
Tunnel
6-to
-4
Tunn
el
RemoteControlledWebcam
IPv6 Host fromMobile LAN
Accessing Corresponding
NASA IPv6 NodeThrough HAIPE
Encryptor
21
Papers and Presentationshttp://roland.grc.nasa.gov/~ivancic/papers_presentations/papers.html
orhttp://roland.grc.nasa.gov/~ivancic/
and pick “Papers and Presentations”