1 auto-networking technologies for ipv6 mobile ad hoc networks jaehoon jeong, etri [email protected]...
Post on 19-Dec-2015
215 views
TRANSCRIPT
1
Auto-Networking Technologies for IPv6 Mobile Ad Hoc
Networks
Jaehoon Jeong, [email protected]
http://www.adhoc.6ants.net/~paul/
ICOIN 2004
2
Contents
Introduction MANET Auto-Networking Ad Hoc IP Address Autoconfiguration IPv6 Multicast Address Allocation Secure Multicast DNS Service Discovery Conclusion References
3
Introduction
Mobile Ad Hoc Network (MANET) MANET has dynamically changing network topology.
MANET partition and mergence may happen. In MANET, there are many points to consider unlike the Internet.
There is no network administrator. The current Internet services, such as address autoconfi
gation and DNS, are difficult to adopt.
So, Auto-configuration is necessary in MANET!!
4
MANET Auto-Networking
Unicast Address Autoconfiguration Multicast Address Allocation Secure Multicast DNS Service Discovery
MANETAuto-Networking
Se
cu
re M
ult
ica
st
DN
S
Se
rvic
e D
isc
ov
ery
Multicast Address Allocation
Unicast Address Autoconfiguration
5
Protocol Stack supporting
MANET Autoconfiguration
NetworkInterface
IPv6 MLDICMPv6
TCP/UDP
Wireless Link
Link
Network
Transport
ApplicationUnicast Address
AutoconfigurationMulticast Address
Allocation
SecureMulticast
DNS
ServiceDiscovery
7
Motivation Four basic MANET unicast routing protocols will have been publish
ed as experimental RFC soon. AODV, DSR, OLSR and TBRPF
AODV and OLSR have already been published as RFC.
Next step? Addressing is as essential as Routing
Automatic IP address configuration is necessary in MANET, which has dynamic topology.
Various approaches have been suggested in research domain Stateless vs. Stateful approaches Strong DAD vs. Weak DAD Active DAD vs. Passive DAD
Therefore, it is time to develop MANET IP Address Autoconfiguration in engineering mode.
8
Procedure of IP Address Autoconfiguration
1. IP Address Generation
2. Duplicate Address Detection- Hybid scheme considering MANET partitioning a
nd merging• Strong DAD• Weak DAD
3. Maintenance of Upper-layer Sessions
9
Address AutoconfigurationMessage Format 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Originator IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Requested or Duplicate IP Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type: - AREQ: Address Request - AREP: Address Reply - AERR: Address Error
Code: - 0: default - 1: indication of address change in type AERR
10
IP Address Generation Selection of Random IP Address
IPv4 IPV4_MANET_PREFIX + 16-bit Random Number
169.254/16 is used as IPV4_MANET_PREFIX. There is a great possibility of address conflicts by Birthday Parado
x. Nodes of two to the power eight (= 256) will generate at least
one address collision with a probability of 50%. IPv6
IPV6_MANET_PREFIX + 64-bit Random Number fec0:0:0:ffff::/64 is used as IPV6_MANET_PREFIX.
Because of the deprecation of IPv6 site-local address, a new local prefix for local networks separated from the Internet is necessary.
11
Duplicate Address Detection Phase 1 : Strong DAD
Time-based DAD For detecting IP address duplication in a connected
MANET partition within a finite bounded time interval Strong DAD is performed during the initiation of node’s
network interface. Phase 2 : Weak DAD
Routing-based DAD For detecting IP address duplication during ad hoc
routing It can handle the address duplication by MANET
partition and mergence. Key is used for the purpose of detecting duplicate IP
addresses. Virtual IP Address = IP Address + Key
12
Process of Duplicate Address during Weak DAD Each node investigates the virtual IP address contain
ed in ad hoc routing control packet to see if there is the same address with different key in rou
ting table or cache.
If there is the duplicate IP address, The node sends an AERR (Address Error) message to anoth
er node using duplicate address that is associated with a different key.
The node, receiving the AERR message, auto-configures a new IP address through Strong DAD
13
Maintenance of Upper-layer Sessions
Consequence of Address Replacement When address duplication happens and the
duplicate address is replaced with another, the sessions above network layer can be broken.
There should be a mechanism to guarantee the survivability of upper-layer sessions Announcement of address change to peer-nodes is
needed. It is performed through AERR message.
Victim Node Selection Node performing route discovery will be victim
node that regenerates its address and informs its peers of the address change.
14
Data Delivery after resolving Address Duplication
Data Delivery through IP Tunneling After the delivery of AERR message, the peer node and
announced node exchange data packets through IP tunneling.
Address Mapping Cache is needed like a binding cache of MIP.
Peer Node
Address : IPpn
Announced Node
New Address : IPnew
Old Address : IPold
Data Packet
SRC Addr : IPpn
DEST Addr : IPnew SRC Addr : IPpn
DEST Addr : IPold Payload
Outer IP Header
Inner IP Header
16
IPv6 Multicast Address Allocation
Network prefix Interface ID
Interface IDFF Group ID
(a)
(b)
64-bit 64-bit
64-bit 32-bit8-bit
4-bit 4-bit
Flags Scope
0 A P T 0 1 0 1
8-bit
reserved
16-bit
Role It allocates a unique IPv6 multicast address to a session
without address allocation server.
Address Format IPv6 multicast (a) is generated on the basis of Interface ID
of IPv6 unicast address (b).
17
Procedure of Multicast Address Allocation
Generation of Unused Group ID
Generation of a Multicast Address
Delivery of the Multicast Address
Request ofMulticast Address Allocation
18
Service of Multicast Application: Allocation of a unique Multicast Address for a new Session
B C DEA
A B C D E
1
2 3
456
7
1 1 1 1
Step
Action
1 Unicast Address Autoconfiguration
2 Run of Video-conferencing Tool (e.g., SDR) and Creation of a new Session
3 Advertisement of Session Information
4 MN A’s join to the new Session
5 MN E’s join to the new Session
6 Transmission of Video/Audio Data by MN A
7 Transmission of Video/Audio Data by MN E
20
Introduction
Name Service in MANET MANET has dynamic network topology
Current DNS can not be adopted in MANET! Because it needs a fixed and well-known name server
Idea of Name Service in MANET All the mobile nodes take part in name service
Every mobile node administers its own name information It responds to the other node’s DNS query related to its
domain name and IP address
21
Ad-hoc Name Service Systemfor IPv6 MANET (ANS)
ANS provides Name Service in MANET MANET DNS Domain
ADHOC.
MANET IPv6 Prefix IPv6 Site-local Prefix
FEC0:0:0:0::/64
Architecture of ANS System ANS Responder
It performs the role of DNS Name Server
ANS Resolver It performs the role of DNS Resolver
22
ANS System (1/2)
ANSResolver
ApplicationApplication
Process
Database
Node
Mobile Node A
UNIX Datagram Socket
ANSResponder
ANSZone DB
Memory Read / Write
ANSResolver
ApplicationApplication
Mobile Node B
ANSResponder
ANSZone DB
Wireless Link
ANSResolver
ApplicationApplication
ANSResponder
ANSZone DB
ANSResolver
ApplicationApplication
ANSResponder
ANSZone DB
Mobile Node C
ANSResponder
ANSResolver
ApplicationApplicationApplicationApplicationANS
Zone DB
DNS Query
DNS Response
DNS Message
23
ANS System (2/2)
Main-Thread
DUR-Thread
ANSZone DB
ANS Responder
Process
Thread
Database
Memeory Read / Write
Internal Connection
Main-Thread
Resolv-ThreadTimer-Thread
ANS Cache
ANS Resolver
Process
Thread
Cache
UNIX Datagram Socket
Memeory Read / Write
Internal Connection
Application
ANS API
DNS Query
DNSResponse
DNS Query / DNS Response
UDP Socket Connection
UDP Socket Connection
24
Name Service in ANS Zone File Generation
generates ANS zone file with mobile node’s DNS name and corresponding IPv6 address
Name Resolution performs the name-to-address translation
Service Discovery performs the service discovery through DNS
SRV resource record, which indicates the location of server or the multicast address of the service
25
Scenario of Name Service within MANET
MN-A MN-B MN-C
DNS Query Message(MN-C.ADHOC.)
DNS Query Messageis sent in Multicast Receipt of
DNS Query Message
Request ofHost DNS Name
Resolution
Receipt and Processof DNS Query Message
DNS Response Message(MN-C’s IPv6 Address)
Gain ofDNS Information
MN-A tries to connect to the server on MN-C
The server on MN-C acceptsthe request of the connection
from MN-A
DNS Query Message(MN-C.ADHOC.)
DNS Response Messageis sent in Unicast
26
Authentication of DNS Message
Why is necessary the authentication of DNS message? To prevent attacker from informing a DNS querier of wrong DNS re
sponse
How to authenticate DNS message? IPsec ESP with a null-transform Secret key transaction authentication for DNS, called as TSIG [RF
C2845]
Our Scheme of Authentication TSIG message authentication where the trusted nodes share
a group secret key for authenticating DNS messages.
27
DNS Message Format
Header Section
Question Section
Answer Section:e.g., AAAA RR
Authority Section
Additional Section:e.g., TSIG RR
DNS message header
Question for the name server
Resource records answering the question
Resource records pointing towardan authority (e.g., AAAA resource record)
Resource records holding additional information (e.g., TSIG resource record)
28
Procedure of Secure DNS Resolution
Mobile Node A(MN-A.ADHOC.)
Mobile Node C(MN-C.ADHOC.)
DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?)via site-local multicast and UDP
DNS Response (IPv6 address of “MN-C.ADHOC.”)via site-local unicast and UDP
Verification of DNS Response - Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid?
If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number
30
Service Discovery Definition
Discovery of the location (IP address, Transport-layer protocol, Port number) of server that provides some service.
Methods Multicast DNS based Service Discovery
Service discovery through Multicast DNS and DNS SRV
resource record, which indicates the location of server or the multicast address of the service
SLP based Service Discovery Service discovery through IETF Service Location
Protocol (SLP) RFC 2165, RFC 2608, RFC 3111
31
Considerations for Service Discovery
Limitations of Existing Schemes Most of current schemes are concerned with
service location for the Internet. Such protocols have not taken into account the
mobility, packet loss issues and latency.
Considerations Some devices are small and have limited
computation, memory, and storage capability. They can only act as clients, not servers.
Power constraints Service discovery should not incur excessive
messaging over wireless interface.
32
$TTL 20$ORIGIN ADHOC.PAUL-1 IN AAAA FEC0:0:0:FFFF:3656:78FF:FE9A:BCDE
;; DNS SRV Resource Records; Unicast Service : SERVICE-1_SERVICE-1._TCP IN SRV 0 1 3000 PAUL-1.ADHOC._SERVICE-1._UDP IN SRV 0 1 3000 PAUL-1.ADHOC.
; Multicast Service : SERVICE-2_SERVICE-2._UDP IN SRV 0 1 4000 @.1.5.
Service Discovery based on Multicast DNS
Group IDFF
FlagsP=0, T=1
Scope5
8 4 1124
Multicast Service Name
+
128-bit Digest
MD5 Hash Function
Group ID=Low-order 112 bits of Digest
DNS SRV Resource Record for Multicast Service
Flags label & Scope label
Parsing Function
16-bit IPv6 Site-localMulticast Address Prefix
IPv6 Site-local Multicast Address
ANS Responder’s Zone File
IPv6 Multicast Address corresponding to Service Name
Generation of IPv6 Multicast Address
33
Scenario of Service Discovery
MN-C MN-B MN-A
DNS Query Messagefor Service Information
DNS Query Messageis sent in Multicast Receipt of
DNS Query Message
Request ofServer Information
Receipt and Processof DNS Query Message
related toDNS SRV resource recordDNS Response Message
with Service Information
Gain ofService Information
MN-C tries to connect to the server on MN-A
orMN-C joins the multicast group
related to MN-A
The server on MN-A accepts the request of the connection from MN-C
orThe multicast group comprises
MN-A and MN-C
DNS Query Messagefor Service Information
34
Testbed for IPv6 MANET
We used IPv6 AODV and MAODV for Ad Hoc routing.
For testing multi-hop network configuration, We control Tx and Rx power of IEEE 802.11b NIC. Also, we use MAC-filtering to filter out packets in o
ther link. We implemented Wireless Mobile Router base
d on embedded linux for testing Ad Hoc routing protocols and other applications
35
Experiment of Auto-Networking in MANET Testbed
IPv6 Wireless Mobile Router
MN1
WR1
WR2 WR3
MN2
MANET
Test of Auto-Networking
36
Conclusion MANET Auto-Networking Technologies are
necessary to deploy MANET networking in our life. Ad Hoc IP Address Autoconfiguration IPv6 Multicast Address Allocation Secure Multicast DNS Service Discovery
MANET Auto-Networking will be a corner-stone in ubiquitous networking.
Security in MANET is important issue and should be considered together in auto-networking in MANET.
37
References[1] Jaehoon Paul Jeong, Jung-Soo Park, Kenichi Mase, Youn-Hee Han, Badis Hakim and J
ean-Marie Orset, "Requirements for Ad Hoc IP Address Autoconfiuguration", draft-jeong-manet-addr-autoconf-reqts-01.txt, February 2004.
[2] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration", draft-jeong-adhoc-ip-addr-autoconf-02.txt, February 2004.
[3] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration for AODV", draft-jeong-manet-aodv-addr-autoconf-00.txt, February 2004.
[4] Jaehoon Paul Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Service for Mobile Ad Hoc Networks", draft-jeong-manet-dns-service-00.txt, February 2004.
[5] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks", ICACT 2004, February 2004.
[6] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "Service Discovery based on Multicast DNS in IPv6 Mobile Ad-hoc Networks", VTC 2003-Spring, April 2003.