1 / 37

Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks

Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks. Jaehoon Jeong, ETRI paul@etri.re.kr http://www.adhoc.6ants.net/~paul/. ICOIN 2004. Contents. Introduction MANET Auto-Networking Ad Hoc IP Address Autoconfiguration IPv6 Multicast Address Allocation Secure Multicast DNS

mariah
Télécharger la présentation

Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks Jaehoon Jeong, ETRIpaul@etri.re.krhttp://www.adhoc.6ants.net/~paul/ ICOIN 2004

  2. Contents • Introduction • MANET Auto-Networking • Ad Hoc IP Address Autoconfiguration • IPv6 Multicast Address Allocation • Secure Multicast DNS • Service Discovery • Conclusion • References

  3. Introduction • Mobile Ad Hoc Network (MANET) • MANET has dynamically changing network topology. • MANET partition and mergence may happen. • In MANET, there are many points to consider unlike the Internet. • There is no network administrator. • The current Internet services, such as address autoconfigation and DNS, are difficult to adopt. • So, Auto-configuration is necessary in MANET!!

  4. MANET Auto-Networking • Unicast Address Autoconfiguration • Multicast Address Allocation • Secure Multicast DNS • Service Discovery Unicast Address Autoconfiguration MANETAuto-Networking Service Discovery Secure Multicast DNS Multicast Address Allocation

  5. Protocol Stack supporting MANET Autoconfiguration

  6. Ad Hoc IP Address Autoconfiguration

  7. Motivation • Four basic MANET unicast routing protocols will have been published as experimental RFC soon. • AODV, DSR, OLSR and TBRPF • AODV and OLSR have already been published as RFC. • Next step? • Addressing is as essential as Routing • Automatic IP address configuration is necessary in MANET, which has dynamic topology. • Various approaches have been suggested in research domain • Stateless vs. Stateful approaches • Strong DAD vs. Weak DAD • Active DAD vs. Passive DAD • Therefore, it is time to develop MANET IP Address Autoconfiguration in engineering mode.

  8. Procedure of IP Address Autoconfiguration 1. IP Address Generation 2. Duplicate Address Detection • Hybid scheme considering MANET partitioning and merging • Strong DAD • Weak DAD 3. Maintenance of Upper-layer Sessions

  9. Address AutoconfigurationMessage Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Requested or Duplicate IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: - AREQ: Address Request - AREP: Address Reply - AERR: Address Error Code: - 0: default - 1: indication of address change in type AERR

  10. IP Address Generation • Selection of Random IP Address • IPv4 • IPV4_MANET_PREFIX + 16-bit Random Number • 169.254/16 is used as IPV4_MANET_PREFIX. • There is a great possibility of address conflicts by Birthday Paradox. • Nodes of two to the power eight (= 256) will generate at least one address collision with a probability of 50%. • IPv6 • IPV6_MANET_PREFIX + 64-bit Random Number • fec0:0:0:ffff::/64 is used as IPV6_MANET_PREFIX. • Because of the deprecation of IPv6 site-local address, a new local prefix for local networks separated from the Internet is necessary.

  11. Duplicate Address Detection • Phase 1 : Strong DAD • Time-based DAD • For detecting IP address duplication in a connected MANET partition within a finite bounded time interval • Strong DAD is performed during the initiation of node’s network interface. • Phase 2 : Weak DAD • Routing-based DAD • For detecting IP address duplication during ad hoc routing • It can handle the address duplication by MANET partition and mergence. • Key is used for the purpose of detecting duplicate IP addresses. • Virtual IP Address = IP Address + Key

  12. Process of Duplicate Address during Weak DAD • Each node investigates the virtual IP address contained in ad hoc routing control packet • to see if there is the same address with different key in routing table or cache. • If there is the duplicate IP address, • The node sends an AERR (Address Error) message to another node using duplicate address that is associated with a different key. • The node, receiving the AERR message, auto-configures a new IP address • through Strong DAD

  13. Maintenance of Upper-layer Sessions • Consequence of Address Replacement • When address duplication happens and the duplicate address is replaced with another, the sessions above network layer can be broken. • There should be a mechanism to guarantee the survivability of upper-layer sessions • Announcement of address change to peer-nodes is needed. • It is performed through AERR message. • Victim Node Selection • Node performing route discovery will be victim node that regenerates its address and informs its peers of the address change.

  14. Data Packet Peer NodeAddress : IPpn Announced NodeNew Address : IPnewOld Address : IPold SRC Addr : IPpnDEST Addr : IPnew Outer IP Header SRC Addr : IPpnDEST Addr : IPold Inner IP Header Payload Data Delivery after resolving Address Duplication • Data Delivery through IP Tunneling • After the delivery of AERR message, the peer node and announced node exchange data packets through IP tunneling. • Address Mapping Cache is needed like a binding cache of MIP.

  15. IPv6 Multicast Address Allocation

  16. IPv6 Multicast Address Allocation • Role • It allocates a unique IPv6 multicast address to a session without address allocation server. • Address Format • IPv6 multicast (a) is generated on the basis of Interface IDof IPv6 unicast address (b).

  17. Request ofMulticast Address Allocation Generation of Unused Group ID Generation of a Multicast Address Delivery of the Multicast Address Procedure of Multicast Address Allocation

  18. B C D A E A B C D E 1 1 1 1 1 2 3 4 6 5 7 Service of Multicast Application: Allocation of a unique Multicast Address for a new Session

  19. Secure Multicast DNS

  20. Introduction • Name Service in MANET • MANET has dynamic network topology • Current DNS can not be adopted in MANET! • Because it needs a fixed and well-known name server • Idea of Name Service in MANET • All the mobile nodes take part in name service • Every mobile node administers its own name information • It responds to the other node’s DNS query related to its domain name and IP address

  21. Ad-hoc Name Service Systemfor IPv6 MANET (ANS) • ANS provides Name Service in MANET • MANET DNS Domain • ADHOC. • MANET IPv6 Prefix • IPv6 Site-local Prefix • FEC0:0:0:0::/64 • Architecture of ANS System • ANS Responder • It performs the role of DNS Name Server • ANS Resolver • It performs the role of DNS Resolver

  22. ANS System (1/2)

  23. Application ANS System (2/2) ANS API ANS Responder ANS Resolver DNS Query / DNS Response Main-Thread Main-Thread ANS Cache ANSZone DB DNS Query Resolv-Thread Timer-Thread DUR-Thread DNSResponse Process Memeory Read / Write UNIX Datagram Socket Process Thread Memeory Read / Write Thread Internal Connection Cache Internal Connection Database UDP Socket Connection UDP Socket Connection

  24. Name Service in ANS • Zone File Generation • generates ANS zone file with mobile node’s DNS name and corresponding IPv6 address • Name Resolution • performs the name-to-address translation • Service Discovery • performs the service discovery through DNS SRV resource record, which indicates the location of server or the multicast address of the service

  25. Scenario of Name Service within MANET MN-C MN-A MN-B Request ofHost DNS Name Resolution DNS Query Message(MN-C.ADHOC.) DNS Query Messageis sent in Multicast Receipt of DNS Query Message DNS Query Message(MN-C.ADHOC.) Receipt and Processof DNS Query Message DNS Response Message(MN-C’s IPv6 Address) DNS Response Messageis sent in Unicast Gain ofDNS Information MN-A tries to connect to the server on MN-C The server on MN-C acceptsthe request of the connection from MN-A

  26. Authentication of DNS Message • Why is necessary the authentication of DNS message? • To prevent attacker from informing a DNS querier of wrong DNS response • How to authenticate DNS message? • IPsec ESP with a null-transform • Secret key transaction authentication for DNS, called as TSIG [RFC2845] • Our Scheme of Authentication • TSIG message authentication where the trusted nodes share a group secret key for authenticating DNS messages.

  27. DNS Message Format DNS message header Header Section Question for the name server Question Section Answer Section: Resource records answering the question e.g., AAAA RR Authority Section Resource records pointing towardan authority (e.g., AAAA resource record) Additional Section: e.g., TSIG RR Resource records holding additional information (e.g., TSIG resource record)

  28. Mobile Node A(MN-A.ADHOC.) Mobile Node C(MN-C.ADHOC.) DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?)via site-local multicast and UDP DNS Response (IPv6 address of “MN-C.ADHOC.”)via site-local unicastand UDP Verification of DNS Response- Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid? If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number Procedure of Secure DNS Resolution

  29. Service Discovery

  30. Service Discovery • Definition • Discovery of the location (IP address, Transport-layer protocol, Port number) of server that provides some service. • Methods • Multicast DNS based Service Discovery • Service discovery through Multicast DNS and DNS SRV resource record, which indicates the location of server or the multicast address of the service • SLP based Service Discovery • Service discovery through IETF Service Location Protocol (SLP) • RFC 2165, RFC 2608, RFC 3111

  31. Considerations for Service Discovery • Limitations of Existing Schemes • Most of current schemes are concerned with service location for the Internet. • Such protocols have not taken into account the mobility, packet loss issues and latency. • Considerations • Some devices are small and have limited computation, memory, and storage capability. • They can only act as clients, not servers. • Power constraints • Service discovery should not incur excessive messaging over wireless interface.

  32. $TTL 20 $ORIGIN ADHOC. PAUL-1 IN AAAA FEC0:0:0:FFFF:3656:78FF:FE9A:BCDE ;; DNS SRV Resource Records; Unicast Service : SERVICE-1 _SERVICE-1._TCP IN SRV 0 1 3000 PAUL-1.ADHOC. _SERVICE-1._UDP IN SRV 0 1 3000 PAUL-1.ADHOC.; Multicast Service : SERVICE-2 _SERVICE-2._UDP IN SRV 0 1 4000 @.1.5. DNS SRV Resource Record for Multicast Service Multicast Service Name 8 4 4 112 Parsing Function MD5 Hash Function FF Group ID Flags label & Scope label 128-bit Digest FlagsP=0, T=1 Scope5 16-bit IPv6 Site-localMulticast Address Prefix + Group ID=Low-order 112 bits of Digest IPv6 Site-local Multicast Address Service Discovery based on Multicast DNS ANS Responder’s Zone File IPv6 Multicast Address corresponding to Service Name Generation of IPv6 Multicast Address

  33. Scenario of Service Discovery MN-A MN-C MN-B Request ofServer Information DNS Query Messagefor Service Information DNS Query Messageis sent in Multicast Receipt of DNS Query Message DNS Query Messagefor Service Information Receipt and Processof DNS Query Messagerelated toDNS SRV resource record DNS Response Messagewith Service Information Gain ofService Information MN-C tries to connect to the server on MN-AorMN-C joins the multicast group related to MN-A The server on MN-A accepts the request of the connection from MN-CorThe multicast group comprises MN-A and MN-C

  34. Testbed for IPv6 MANET • We used IPv6 AODV and MAODV for Ad Hoc routing. • For testing multi-hop network configuration, • We control Tx and Rx power of IEEE 802.11b NIC. • Also, we use MAC-filtering to filter out packets in other link. • We implemented Wireless Mobile Router based on embedded linux for testing Ad Hoc routing protocols and other applications

  35. Experiment of Auto-Networking in MANET Testbed IPv6 Wireless Mobile Router Test of Auto-Networking

  36. Conclusion • MANET Auto-Networking Technologies are necessary to deploy MANET networking in our life. • Ad Hoc IP Address Autoconfiguration • IPv6 Multicast Address Allocation • Secure Multicast DNS • Service Discovery • MANET Auto-Networking will be a corner-stone in ubiquitous networking. • Security in MANET is important issue and should be considered together in auto-networking in MANET.

  37. References [1] Jaehoon Paul Jeong, Jung-Soo Park, Kenichi Mase, Youn-Hee Han, Badis Hakim and Jean-Marie Orset, "Requirements for Ad Hoc IP Address Autoconfiuguration", draft-jeong-manet-addr-autoconf-reqts-01.txt, February 2004. [2] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration", draft-jeong-adhoc-ip-addr-autoconf-02.txt, February 2004. [3] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration for AODV", draft-jeong-manet-aodv-addr-autoconf-00.txt, February 2004. [4] Jaehoon Paul Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Service for Mobile Ad Hoc Networks", draft-jeong-manet-dns-service-00.txt, February 2004. [5] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks", ICACT 2004, February 2004. [6] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "Service Discovery based on Multicast DNS in IPv6 Mobile Ad-hoc Networks", VTC 2003-Spring, April 2003.

More Related