Thread moved to 6lowpan... diverging into ND ;-)
Alexandru Petrescu wrote:
Zach Shelby a écrit :
Hi,
Alexandru Petrescu wrote:
Richard Kelsey a écrit :
From: Carsten Bormann <[email protected]> Date: Fri, 10 Apr 2009
19:00:42 +0200
(I don't tend to think about the case where there is no Edge
Router -- ...)
I have a question on this, stemming from my lack of familiarity
with the details of IP routing.
Suppose I have a 6LowPAN/ROLL network being used for energy
management in a home. The network includes the electric meter,
which has a backhaul connection back to the utility. The utility,
being very protective of its backhaul network, has a firewall in
the meter to keep out everything except the utility's own
traffic. Given the presence of the firewall, does it still make
sense to use the meter as an Edge Router?
I don't think it would make much sense because Edge Router as
currently specified by 6LoWPAN ND seems to not be doing any routing
at all - but a sort of bridging, and firewalls are very much rules
on the IP fields, and less if at all rules on the MAC fields.
That is not true. In 6LoWPAN the edge router is an IP router just
like any other, and is a natural place to use a firewall.
Yes, but, pictorially speaking:
|egress(backbone) \
------ |
| ER | |
------ > single IPv6 subnet
|ingress |
o o |
o o (lowpan nodes) /
ND doc:
This document also specifies the seamless integration of an extended
LoWPAN and multiple edge routers on a shared backbone link (e.g.
Ethernet) to form a single IPv6 subnet.
The ND document says that ER egress interface and the LoWPAN nodes form
a single subnet - that is not a typical router. A typical router is
connected to two or more different subnets.
Actually, that is only a special case that occurs with an Extended
LoWPAN with multiple ERs interconnected by a common backbone link.
In the simple LoWPAN case the LoWPAN subnet only covers the 6lowpan
interfaces and not the egress. Therefore in this example it works
exactly like a standard CPE.
Even in the Extended LoWPAN case you will have route table entries for
destinations in the LoWPAN maintained by some routing algorithm (e.g.
ROLL). There is no reason why you can't use a firewall there either.
Anyways, this stuff doesn't need to be completely "typical". I mean we
are not installing an F-Secure firewall on a Windows PC here. These are
application-specific embedded devices most of the time. You can use an
embedded Linux box with Linux firewall features to achieve a 6LoWPAN
Edge Router. Of course the 6lowpan wireless interface driver and ER
features need to be implemented.
- Zach
In this sense, it's difficult to consider ER to be a typical router
doing a typical firewall.
Alex
--
http://zachshelby.org - My blog “On the Internet of Things”
Mobile: +358 40 7796297
Zach Shelby
Head of Research
Sensinode Ltd.
Kidekuja 2
88610 Vuokatti, FINLAND
This e-mail and all attached material are confidential and may contain
legally privileged information. If you are not the intended recipient,
please contact the sender and delete the e-mail from your system without
producing, distributing or retaining copies thereof.
_______________________________________________
6lowpan mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lowpan
