Hi Benjamin: Seems that the SUN should be protected at L2 and the HAN would not possess the appropriate keys, is that right? If so the SUN and HAN would operate as 2 different networks in ship in the night wouldn't they?
That's how I'd expect it in the industrial space with 2 different profiles. In fine what we see is that the security really defines what a PAN is and the network boundaries. Pascal >-----Original Message----- >From: [email protected] [mailto:[email protected]] On Behalf Of >Benjamin A. Rolfe >Sent: lundi 13 avril 2009 17:00 >To: [email protected] >Subject: Re: [6lowpan] [Roll] 6lowpan-ND vs. ROLL > >This is very interesting and relevant question. >In the scenario given, the utility side of the meter is likely a mesh also, >and it needs to be isolated from the home side (we're using SUN and HAN to >describe these two - Smart Utility Network and Home Area Network - in the >context of 802.15.4 work). The general desire of the utility to maintain a >secure SUN is one reason, and the general desire of consumers to keep their >HAN private is another (and the general 'we don't want a ninth grader with a >laptop crashing the grid' concern may figure in, too ;-). From either >perspective the meter forms an "edge" from the point of view as >entrance/egress between two logically separate networks. As pointed out, >this is still a resource constrained device (although in some >implementations it is has a bit more to play with than a typical thermostat >or light dimmer). > >On the SUN side mesh the meter is keeping track only of it's adjacent >neighbors; on the HAN there are likely fewer neighbors, in the home >situation. But consider the same situation in an industrial context, where >you have the same need for the in-prem network to be separated from the >utility side, but the in-prem mesh might be thousands of nodes. I would >expect again that the meter/gateway is keeping track only of adjacent >neighbors. This is what we see happening now. > >Not sure if that helps in the discussion, so FWIW. >-Ben > > >----- Original Message ----- >From: "Richard Kelsey" <[email protected]> >To: <[email protected]> >Cc: <[email protected]> >Sent: Saturday, April 11, 2009 10:48 AM >Subject: Re: [6lowpan] [Roll] 6lowpan-ND vs. ROLL > > >> Date: Sat, 11 Apr 2009 15:21:17 +0300 >> From: Zach Shelby <[email protected]> >> >> >>> Richard Kelsey a écrit : >> >>>> From: Carsten Bormann <[email protected]> Date: Fri, 10 Apr 2009 >> >>>> 19:00:42 +0200 >> >>>> >> >>>> (I don't tend to think about the case where there is no Edge >> >>>> Router -- ...) >> >>>> >> >>>> I have a question on this, stemming from my lack of familiarity >> >>>> with the details of IP routing. >> >>>> >> >>>> Suppose I have a 6LowPAN/ROLL network being used for energy >> >>>> management in a home. The network includes the electric meter, >> >>>> which has a backhaul connection back to the utility. The utility, >> >>>> being very protective of its backhaul network, has a firewall in >> >>>> the meter to keep out everything except the utility's own >> >>>> traffic. Given the presence of the firewall, does it still make >> >>>> sense to use the meter as an Edge Router? >> >> [Is an Edge Router an IP router? ... Yes.] >> >> Anyways, this stuff doesn't need to be completely "typical". I mean we >> are not installing an F-Secure firewall on a Windows PC here. These are >> application-specific embedded devices most of the time. You can use an >> embedded Linux box with Linux firewall features to achieve a 6LoWPAN >> Edge Router. Of course the 6lowpan wireless interface driver and ER >> features need to be implemented. >> >> In the network I was describing, the meter has no more >> horsepower than the other devices on the network. It has a >> small micro with around 4k of RAM. It certainly isn't >> something as powerful as an embedded Linux box. Is it >> unreasonable to expect it to act as an Edge Router? If not, >> how should its connection between the LowPAN and the utility >> backhaul be handled? >> -Richard Kelsey >> _______________________________________________ >> 6lowpan mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/6lowpan >> > >_______________________________________________ >6lowpan mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/6lowpan _______________________________________________ 6lowpan mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lowpan
