Transcript IGD WG Update

IGD Working
Committee Update
Ulhas Warrier
Chair, IGD
Intel Corporation
Outline

IGD v1.0 recap

IGD v2.0 objectives

WLAN Enrollment Scenario

Working Committee Status
Internet Gateway Device 1.0

v1.0 approved in Nov 2001

Several IGD products in the market

Different connection types supported
 PPPoE,
PPPoA, IP-Routed

Multiple WAN connections

Access to gateway info
 Data

rate, connection status
Automatic NAT-traversal
UPnP IGD Example
for NAT traversal
Peer Game
System on Internet
Internet
Routing to
private LAN
address fails
NAT using WAN address
End to end
packet delivery
Discover IGD, Get WAN IP address
Game Host
with private LAN
IP address
Configure IGD to forward
packets arriving on the
IGD WAN address to host
Tell peer to send packet
to IGD’s WAN address
Tell peer to
send packet
to LAN address
Internet Gateway Device 2.0

Committee formed in Q2 2002

Two-fold Charter



Future IGD needs – IGD DCP
802.11 access point configuration – AP DCP
Current focus mostly on AP DCP


Completion targeted by Q1 ’03
First plugfest in October 2002

Group has weekly teleconference meetings

Current active participants – Broadcom,
GlobeSpanVirata, Intel, LG, Microsoft, Thomson
IGD DCP 2.0

IPv6 support



Existing services modified for IPv6
New services – firewall configuration
IGD v1 enhancements


Support for configuring IP Forwarding
Port mapping additions
Access Point DCP

Simplify Access Point setup



Make enrollment of new clients easy




Initial configuration
Diagnostic information
Devices with no UI
Guest clients
Additional access points
Enable deployment of stronger link security


Privacy important as WLAN usage increases
Make link security setup easy, including 802.1x
Access Point UPnP Services
WLANAccessPointDevice
WLANConfigurationService
required
WLANAuthenticationService
conditionally required
DeviceSecurity
required
AP Configuration Service

Common way to programmatically access AP
information









SSID
AP mode – repeater or not
Valid channel set
Physical location of the access point - Longitude-latitude,
location address as in street, city, state, zip
Auto-fallback rate, Possible data rates
WEP encryption level, Default WEP key, WEP keys (1 to 4)
Configuration Status
Total number of connected clients
Some of the configuration actions will be secured

E.g. setting of WEP key
AP Authentication Service

Maintains WLAN client list



Username
Credentials (Password)
Access restrictions

Simple, common interface to update client list

Notifies user of authentication attempt from
new clients

All actions will be secured
Enrolling an 802.11 Client
Dev1
Secure 802.11 link established
Secure UPnP
PC1
Console PC



User prompted on PC1 for
802.1x authentication
password
User enters info provided
by Dev1 vendor
(chassis/manual)
PC1 informs AP about
successful validation
Username: __Dev1__
Password: ________
Device without UI easily enrolled into secure WLAN
Setting up Console PC
Assumption:
PC1 has builtin AP control
point software
PC1
Username: ________
Password: ________
AP ID : WLP1234
Secure 802.11 link established
Secure UPnP established
Assumption: AP
has ‘first login info’
and ‘AP ID’ made
available to user

User prompted for 802.1x
authentication information

User enters info given by
AP vendor (chassis/manual)

AP identifier string
displayed to user
User can configure AP
securely from PC1 anytime

PC1 becomes the ‘secure console’ for AP
Access Point DCP Status

Configuration Service 0.45



Authentication Service 0.2


Discussion on optional/required status
Alignment work with other forums



Ready for first plugfest
Repeater setup next focus
SSN and IEEE TGi
WECA
Dependency on UPnP Security
Demo
Enrolling into secure WLAN
For the interconnected lifestyle