Firewall traversal in mobile IPv6 networks

Middleboxes such as firewalls are an important aspect for a majority of IP networks today. Current IP networks are predominantly based on IPv4 technology, and hence various firewalls as well as Network Address Translators (NATs) have been originally designed for these networks. Deployment of IPv6 networks is currently work in progress. Given the fact that Mobile IPv6 is a recent standard, most firewalls available for IPv6 networks still do not support Mobile IPv6. Unless firewalls are aware of Mobile IPv6 protocol details, they will either block communication traffic under Mobile IPv6, or carefully deal with the traffic. This is a major impediment to the successful deployment of Mobile IPv6. This thesis describes the problems and impacts of having middleboxes in Mobile IPv6 environments. Therefore, it firstly explains which types of middleboxes are given, what exactly a middlebox is and how such a middlebox works and secondly identifies the problems and explains the impacts of having firewalls in Mobile IPv6 environments. Afterwards, it studies several state-of-the-art middlebox traversal solutions, which can be regarded as potential solutions to deal with the Mobile IPv6 firewall traversal problems. It explains in detail how these solutions work, and evaluates them in terms of their applicability for Mobile IPv6 firewall traversal. As the main contribution, this thesis proposes two solutions in detail, able to overcome the Mobile IPv6 firewall traversal problem. The first one, the NSIS based Mobile IPv6 firewall traversal, bases on the Next Steps in Signaling (NSIS) framework and the NAT/Firewall NSIS Signaling Layer Protocol (NAT/FW NSLP). Afterwards, it presents the second proposed solution, the Mobile IPv6 Application Layer Gateway. It explains in detail how these approaches are able to handle the problems and impacts of having firewalls in Mobile IPv6 environments. Additionally, this thesis presents how the NSIS based Mobile IPv6 firewall traversal and the Mobile IPv6 Application Layer Gateway proof-of-concept implementations, developed as part of this thesis, have been implemented. Finally, it evaluates and analyses the developed proof-of-concept implementations and the two proposed approaches in general.