The IP Over NBMA (ION) Archive

Cell Relay Retreat>ION Archive>month:1996-Jun> msg00116



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

How to acquire the Home NHS IP/ATM address.

  • From: David Horton <horton@citr.com.au>
  • Date: Fri, 14 Jun 96 18:15:20 +1000
  • X-Mts: smtp

                                              Hiroshi Suzuki, NEC
                                              David Horton, CiTR

There is a problem in the  case where a NHC could not  obtain the
correct home NHS ATM address.

NHRP-08 specification says on page 25 that NHC could  register its ATM
address  to the  correct home NHS using   NHRP Registration forwarding
mechanism.   It  assumes  that NHC  could  specify NHSs IP  Address in
Destination  Protocol Address field.   Intermediate NHS  could forward
the NHRP registration request based upon the this destination protocol
address of the home NHS. But this means that NHC does not need to know
the correct ATM address of the home NHS.  NHC could  just set up VC to
any NHS to register his IP and ATM address, then such intermediate NHS 
could forward to the correct NHS.

However,  the  problems  occurs   when such  NHC  wants  to  send NHRP
resolution request. To whom NHC should  send NHRP resolution requests,
if it does not know ATM address of the home NHS.

It could send such NHRP  resolution requests  to any NHS,  as it sends
registration request to it.   But from  authentication point of views,
allowing  NHC to send NHRP resolution  request  to  any  NHS does have
serious security problem.  In order to send NHRP packet  to such NHSes
with hop-by-hop authentication extension, each  NHC  needs to know the
authentication Key to access such remote NHSes.  This fact has serious
concerns  on the authentication  key distribution  and  has limits the
flexibility of NHRP protocol itself.

For such NHC it would be highly preferable to obtain the home NHS ATM
address and to send all NHRP resolution request packet to the home NHS
where Authentication Key could be correctly distributed.

So our  proposed  solution is to  add Destination NBMA address  to
Registration  reply so that  NHC  could obtain the    correct NHS  ATM
address once NHRP registration packet forwarded to the NHS.  We could
do it by  using Responder  Address  Extension with  NHRP  Registration
Request.  But we  strongly prefer simply  mandating home NHSes,  which
receive and respond to the  NHRP registration request, to include its
own ATM/NBMA  address in  Registration    Reply packet, rather    than
mandating the combination of  having End-End Authentication Extension
and Responder Address Extension.

Additionally we propose that the responding NHS be able to over-write
the Destination  Protocol Address field that was set by the NHC
if it was incorrect, or perhaps not set at all.

--
Hiroshi Suzuki:
Network Research Lab., C&C  Research Labs.
NEC Corp. (tel: +81-44-856-2123), (fax: +81-44-856-2230 )
--
 David Horton
 Centre for Information Technology Research
 Level 2 South Tower, 339 Coronation Drive, Milton, Australia 4064
 Email: d.horton@citr.uq.oz.au    Phone +61 7 32592222   Fax +61 7 32592259