Monitoring MIPv6 Traffic with IPFIX

Slides:

Advertisements

Similar presentations

IPv6 Mobility Support Henrik Petander

Advertisements

10: ICMPv6 Neighbor Discovery

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

MIP Extensions: FMIP & HMIP

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1 Mobility Management for All-IP Mobile Networks: Mobile IPv6 vs. Proxy Mobile IPv6 Ki-Sik Kong; Wonjun Lee; Korea University Youn-Hee Han; Korea university.

© 2006 Cisco Systems, Inc. All rights reserved.IP6FD v2.0—2-1 IPv6 Operations Defining and Configuring Neighbor Discovery.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Dynamic Tunnel Management Protocol for IPv4 Traversal of IPv6 Mobile Network Jaehoon Jeong Protocol Engineering Center, ETRI

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

資管 Lee Lesson 12 IPv6 Mobility. 資管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-04 S. Thiruvengadam Hannes Tschofenig Franck Le Niklas Steinleitner.

Ad-Hoc Networking Course Instructor: Carlos Pomalaza-Ráez A Paper Presentation of ”Multihop Sensor Network Design for Wide-Band Communications” Proceedings.

IPv6 Network Mobility on Ad hoc network for Transportation System Assoc. Prof. Lee Bu Sung, Francis.

Slide 1, Dr. Wolfgang Böhm, Mobile Internet, © Siemens AG 2001 Dr. Wolfgang Böhm Siemens AG, Mobile Internet Dr. Wolfgang.

1 Utilizing Multiple Home Links on Mobile IPv6 Waseda University Hongbo Shi Shigeki Goto

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

Hierarchical MIPv6 mobility management (HMIPv6)

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

National Institute Of Science & Technology Mobile IP Jiten Mishra (EC ) [1] MOBILE IP Under the guidance of Mr. N. Srinivasu By Jiten Mishra EC

1 Sideseadmed (IRT0040) loeng 5/2010 Avo

1 Mohamed M Khalil Mobile IPv4 & Mobile IPv6. 2 Mohamed M Khalil Mobile IP- Why ? IP based Network Sub-network A Sub-network B Mobile workforce carry.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

NEtwork MObility (NEMO) Houcheng Lee. Main Idea NEMO works by moving the mobility functionality from Mobile IP mobile nodes to a mobile router. The router.

IP Address Location Privacy and Mobile IPv6 draft-koodli-mip6-location-privacy-00.txt draft-koodli-mip6-location-privacy-solutions-00.txt.

Master Thesis Presentation “Simulating mobility in a realistic networking environment” Supervisor : George Polyzos Examiner : George Xylomenos Student.

1 Mobility Support in IPv6 (MIPv6) Chun-Chuan Yang Dept. Computer Science & Info. Eng. National Chi Nan University.

Open-Eye Georgios Androulidakis National Technical University of Athens.

Introduction to Mobile IPv6

111 © 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID Mobile IPv4 Dynamic Home Agent Assignment Framework (draft-kulkarni-mobileip-dynamic-assignment-01.txt)

Net Flow Network Protocol Presented By : Arslan Qamar.

07/03/ nd IETF – Minneapolis Mobile IPv6 WG meeting PF_KEY Extension as an Interface between Mobile IPv6 and IPsec/IKE Shinta Sugimoto Francis Dupont.

Mobile IP 순천향대학교 정보기술공학부 이 상 정 VoIP 특론 순천향대학교 정보기술공학부 이 상 정 2 References  Tutorial: Mobile IP

Mobile IPv6 and Firewalls: Problem Statement Speaker: Jong-Ru Lin

Simultaneous Location in Home and Foreign in Monami6 65 th IETF at Dallas, Texas, USA Benjamin Koh Keigo Aso.

Mobile IPv6 for Windows XP (.NET Server) and Windows CE 4.0 Greg O’Shea, MSRC Joint with Lancaster University And Ericsson Research.

Mobile IP Definition: Mobile IP is a standard communication protocol, defined to allow mobile device users to move from one IP network to another while.

Network Mobility (NEMO) Advanced Internet 2004 Fall

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

Network Performance Test on IPv Technology Laboratory, KT Choi Sung Mi

Network Mobility Support using Mobile MAG in Proxy Mobile IPv6 Domain draft-sijeon-netext-mmag-pmip-00.txt Seil Jeon (Presenter), Behcet Sarikaya, Rui.

1 Minneapolis‘ IETF IPFIX Aggregation draft-dressler-ipfix-aggregation-00.txt.

SECURITY THREATS ANALYSIS OF ROUTE OPTIMIZATION MECHANSIM IN MOBILE IPV6 BY Wafaa Al-Salihy.

Service Flows Distribution and Handoff Technique based on MIPv6 draft-liu-dmm-flows-distribution-and-handoff-00

1 IPv6 and Mobile IPv6 For Mobile Networks Hesham Soliman Director, Elevate Technologies Octorber 2012.

ROUTING MOBILE IP  Motivation  Data transfer  Encapsulation.

RFC 3775 IPv6 Mobility Support

Booting up on the Home Link

IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt.

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Support for Flow bindings in MIPv6 and NEMO

Mobility Support in IPv6 (MIPv6)

Introduction to Wireless Networking

draft-jeyatharan-netext-pmip-partial-handoff-02

ARP Mediation Updates Himanshu Shah Ciena Corp

IPFIX Requirements: Document Changes from Version -07 to Version -09

2002 IPv6 技術巡迴研討會 IPv6 Mobility

© Model Engineering College

Network Virtualization

Chapter 8: Monitoring the Network

Unit 3 Mobile IP Network Layer

Summary of the InternetCAR testbeds

CSE 4215/5431: Mobile Communications Winter 2010

CSE 4215/5431: Mobile Communications Winter 2011

Mobile IP Presented by Team : Pegasus Kishore Reddy Yerramreddy Jagannatha Pochimireddy Sampath k Bavipati Spandana Nalluri Vandana Goyal.

Detecting Anomaly Traffic using Flow Data in the Real VoIP Network

Mobility Support in Wireless LAN

Chapter 4: outline 4.1 Overview of Network layer data plane

Presentation transcript:

Monitoring MIPv6 Traffic with IPFIX Youngseok Lee*, Soonbyoung Choi*, and Jaehwa Lee+ *Dept. of Computer Engineering, Chungnam National University, Korea {lee, wakusoon}@cnu.ac.kr + Korea Telecom, Korea jhlee@noc.kr.apan.net 25th October 2006

Contents Introduction Motivation IPFIX Proposed scheme for monitoring MIPv6 traffic Conclusion CNU IPOM 2006

Introduction Mobile IPv6 (MIPv6) Handover in MIPv6 Mobility with IP layer Uninterruptible communication with MIPv6 Handover in MIPv6 Movement detection at L2 Address configuration Care-of-address is associated with home address Location update Exchanging Binding Update (BU) and Binding Acknowledgement (BA) Route optimization (RO) Default in MIPv6 CNU IPOM 2006

Motivation: New Challenges of Traffic Measurement in MIPv6 Mobility of nodes  mobile traffic Traffic to be monitored is moving Monitored at every MIPv6 access routers Multiple addresses with mobile nodes Home address, Care-of-Address Measurement and analysis more complicated Handover traffic Tunneled IPv6 traffic Destination option CNU IPOM 2006

Flow-level vs. Packet-level Measurement Correct results Not easy to support high-speed line rate Expensive for deployment and management in a large scale network Flow-level measurement Easy to deployment Generate useful traffic statistics with a significantly small amount of measurement data Suitable for a large-scale network CNU IPOM 2006

IETF IPFIX (IP Flow Information eXport) Flow-level traffic measurement Based on Cisco NetFlow v9 Flexible and extensible template architecture IPv6 traffic monitoring Intrusion detection QoS measurement CNU IPOM 2006

MIPv6 Traffic Monitoring with IPFIX Measurement points At MIPv6 access routers Objects to be monitored IPv6 flow Handover events (BU/BA) Tunneled IPv6 traffic Under IPFIX architecture Router exports IPFIX flows IPFIX collector/analyzer receives IPFIX flows IPFIX template and data flow set CNU IPOM 2006

IPFIX-based Traffic Measurement Architecture IPv6 Network CN IPFIX Flow Collector IPv6 Router IPv6 flow before handover IPFIX flow data MIPv6 Access Router with IPFIX HA 2. BU/BA 3. Tunneled IPv6 flow AP MN MN CNU IPOM 2006

IPFIX Template for MIPv6 Traffic IPv6 data traffic  IPv6 flow template IPv6 src/dst addresses Already used in Cisco NetFlow version 9 MIPv6 control traffic  MIPv6 handover flow template Binding Update Binding Acknowledgement Handover IPv6 data traffic  tunneled IPv6 flow template Handover IPv6 traffic without/before RO CNU IPOM 2006

IPFIX Template for IPv6 Flow Version=10 Length = Total Length Export Time IPFIX Header Sequence Number Source ID Set ID Length Template ID = 256 Field Count = 10 Src IPv6 addr = 27 Field Length = 16 dst IPv6 addr = 28 Field Length = 16 Src port = 7 Field Length = 4 dst port = 11 Field Length = 4 Next Header = 193 Field Length = 4 IPFIX Template FlowLabel = 31 Field Length = 4 First time = 22 Field Length = 4 Last time = 21 Field Length = 4 Template ID 256 : Plain IPv6 flow OctetDeltaCount = 1 Field Length = 4 packetDeltaCount = 2 Field Length = 4 CNU IPOM 2006

MIPv6HomeAgentAddress = 202 IPFIX Template for BU/BA Flow Version=10 Length = Total Length Export Time Sequence Number Observation Domain ID Set ID Length Template ID = 257 Field Count = 14 Src IPv6 addr = 27 Field Length = 16 Basic template dst IPv6 addr = 28 Field Length = 16 L4SrcPort = 7 Field Length = 4 L4DstPort = 11 Field Length = 4 NextHeader = 193 Field Length = 4 FlowLabel = 31 Field Length = 4 First time = 22 Field Length = 4 Last time = 21 Field Length = 4 OctetDeltaCount = 1 Field Length = 4 packetDeltaCount = 2 Field Length = 4 MIPv6messageType = 200 Field Length = 4 Extension Field MIPv6CareOfAddress = 201 Field Length = 16 MIPv6HomeAgentAddress = 202 Field Length = 16 MIPv6HomeAddress = 203 Field Length = 16 CNU IPOM 2006

IPFIX Template for Tunneled IPv6 Flow Version=10 Length = Total Length Export Time Sequence Number Observation Domain ID Set ID Length Template ID = 258 Field Count = 13 Src IPv6 addr = 27 Field Length = 16 Basic template dst IPv6 addr = 28 Field Length = 16 L4SrcPort = 11 Field Length = 4 L4DstPort = 11 Field Length = 4 NextHeader = 193 Field Length = 4 FlowLabel = 31 Field Length = 4 First time = 22 Field Length = 4 Last time = 21 Field Length = 4 OctetDeltaCount = 1 Field Length = 4 packetDeltaCount = 2 Field Length = 4 IPv6TunnelSrcAddr = 300 Field Length = 16 Extension Field IPv6TunnelDstAddr = 301 Field Length = 16 TunnelProto = 302 Field Length = 4 CNU IPOM 2006

Experiments MIPv6 testbed at CNU, Korea Collected flows HA: Linux PC routers with MIPL 2.0 MN: Linux Laptops with MIPL 2.0 Collected flows IPv6 data flow BU/BA MIPv6 handover flow Tunneled IPv6 data flow CNU IPOM 2006

Experimental Testbed iperf sender iperf receiver IPv6 Network IPFIX CN IPFIX Flow Collector IPv6 Router IPFIX flow data iperf tcp connection MIPv6 Access Router with IPFIX HA AP iperf receiver MN CNU IPOM 2006

Time-sequence Graph of TCP Connection with iperf 2nd Handover Tunneled IPv6 Flow 1st Handover IPv6 Flow CNU IPOM 2006

Basic IPv6 Traffic flow label, firt/last time, octets, packets CNU < Basic IPv6 packet > 0000 00 09 5b c5 bd 7f 00 0e 0c a8 62 3e 86 dd 60 00 0010 00 00 05 8c 06 3f 20 01 02 20 08 04 00 20 00 00 0020 00 00 00 00 00 01 20 01 02 20 08 04 01 00 00 00 0030 00 00 00 00 00 04 db d6 13 89 3a 72 73 c1 b7 7e 0040 e8 06 80 10 05 a0 16 cf 00 00 01 01 08 0a 8f dd 0050 8d 99 04 b1 9b f8 >> data Version Length Export time Sequence number Observation domain ID Set id TID = 256 Field count = 10 2001:220:804:20::1 2001:220:804:100::4 56278 5001 6 1161270 1161276 1822488 1979 < IPFIX flow for basic IPv6 traffic> 0000 00 14 85 7b 26 c2 00 03 47 72 9a f0 86 dd 60 00 0010 00 00 00 ac 11 3f 20 01 02 20 08 04 00 20 00 00 0020 00 00 00 00 00 04 20 01 02 20 08 04 00 11 02 14 0030 85 ff fe 7b 26 c2 82 0b 13 ba 00 ac e4 66 00 09 0040 00 04 00 00 00 17 45 38 0c 9f 00 00 00 00 00 00 0050 00 00 00 00 00 30 01 00 00 0a 00 1b 00 10 00 1c 0060 00 10 00 07 00 02 00 0b 00 02 00 04 00 01 00 05 0070 00 01 00 16 00 04 00 15 00 04 00 01 00 04 00 02 0080 00 04 00 01 00 18 01 01 00 04 00 08 00 01 00 00 0090 00 2a 00 04 00 29 00 04 00 00 01 01 00 0c 00 00 00a0 00 00 00 00 00 00 01 00 00 3c 20 01 02 20 08 04 00b0 00 20 00 00 00 00 00 00 00 01 20 01 02 20 08 04 00c0 01 00 00 00 00 00 00 00 00 04 db d6 13 89 06 ff 00d0 fc 7a 3b 58 fc 7a 3f 2b 00 20 62 f8 00 00 08 83 00e0 00 00 IPv6 addrs ports Next header flow label, firt/last time, octets, packets CNU IPOM 2006

MIPv6 Handover Message BA/BU, CoA, HAA, HA CNU IPOM 2006 < Binding Update packet > 0000 00 0e 0c a8 63 67 00 09 5b c5 bd 7f 86 dd 60 00 0010 00 00 00 38 3c 40 20 01 02 20 08 04 01 20 02 09 0020 5b ff fe c5 bd 7f 20 01 02 20 08 04 01 00 00 00 0030 00 00 00 00 00 01 87 02 01 02 00 00 c9 10 20 01 0040 02 20 08 04 01 00 00 00 00 00 00 00 00 04 3b 03 0050 05 00 2a ad 29 02 c0 00 0b b3 01 00 03 10 20 01 0060 02 20 08 04 01 20 02 09 5b ff fe c5 bd 7f Version Length Export time Sequence number Observation domain ID Set id TID = 257 Field count = 14 2001:220:804:100::1 2001:220:804:120:209:5bff:fec5:bd7f 43 1161300 94 1 2 2001:220:804:100::4 Version Length Export time Sequence number Observation domain ID Set id TID = 257 Field count = 14 2001:220:804:120:209:5bff:fec5:bd7f 2001:220:804:100::1 60 1161300 110 1 2001:220:804:100::4 < Binding Acknowledgement packet > 0000 00 09 5b c5 bd 7f 00 0e 0c a8 63 67 86 dd 60 00 0010 00 00 00 28 2b 3f 20 01 02 20 08 04 01 00 00 00 0020 00 00 00 00 00 01 20 01 02 20 08 04 01 20 02 09 0030 5b ff fe c5 bd 7f 87 02 02 01 00 00 00 00 20 01 0040 02 20 08 04 01 00 00 00 00 00 00 00 00 04 3b 01 0050 06 00 32 61 00 00 29 02 0b b3 01 02 00 00 < IPFIX flow for Handover message (Binding Ack) > 00b0 00 00 00 00 00 00 01 01 00 70 20 01 02 20 08 04 00c0 01 20 02 09 5b ff fe c5 bd 7f 20 01 02 20 08 04 00d0 01 00 00 00 00 00 00 00 00 01 00 00 00 00 3c 00 00e0 45 38 08 95 45 38 08 95 00 00 00 6e 00 00 00 01 00f0 00 00 00 01 20 01 02 20 08 04 01 20 02 09 5b ff 0100 fe c5 bd 7f 20 01 02 20 08 04 01 00 00 00 00 00 0110 00 00 00 01 20 01 02 20 08 04 01 00 00 00 00 00 0120 00 00 00 04 f9 b6 BU BA HoA BA/BU, CoA, HAA, HA CNU IPOM 2006

Tunneled IPv6 Traffic CNU IPOM 2006 < Tunneled IPv6 packet > 0000 00 09 5b c5 bd 7f 00 0e 0c a8 63 67 86 dd 60 00 0010 00 00 05 b4 29 3f 20 01 02 20 08 04 01 00 00 00 0020 00 00 00 00 00 01 20 01 02 20 08 04 01 20 02 09 0030 5b ff fe c5 bd 7f 60 00 00 00 05 8c 06 3f 20 01 0040 02 20 08 04 00 20 00 00 00 00 00 00 00 01 20 01 0050 02 20 08 04 01 00 00 00 00 00 00 00 00 04 db d6 0060 13 89 3b 28 0e dd b7 7e e8 06 80 10 05 a0 d5 fa 0070 00 00 01 01 08 0a 8f dd e3 1e 04 b1 f1 7b >> >> data Version Length Export time Sequence number Observation domain ID Set id TID = 258 Field count = 13 2001:220:804:20::1 2001:220:804:100::4 56278 5001 6 1161301 1161306 2122488 2179 2001:220:804:100::1 2001:220:804:120:209:5bff:fec5:bd7f 41 < IPFIX flow for tunneled IPv6 traffic > 0050 00 00 01 02 00 60 20 01 02 20 08 04 00 20 00 00 0060 00 00 00 00 00 01 20 01 02 20 08 04 01 00 00 00 0070 00 00 00 00 00 04 33 32 35 34 3c 00 45 38 08 9c 0080 45 38 08 ce 00 36 85 b4 00 00 09 d9 20 01 02 20 0090 08 04 01 00 00 00 00 00 00 00 00 01 20 01 02 20 00a0 08 04 01 20 02 09 5b ff fe c5 bd 7f 00 00 00 06 00b0 00 00 Tunnel src Tunnel dst Next header Tunnel Endpoints Next header = IPv6 CNU IPOM 2006

Conclusion New traffic monitoring method for MIPv6 networks Useful for Based on the IPFIX standard Defined new IPFIX templates for handover message and tunneled flows Useful for MIPv6 handover pattern analysis MIPv6 handover performance analysis Work in progress MIPv6 traffic analyzer Extension to route optimization Extension to FMIPv6 CNU IPOM 2006

References [1] D. Johnson, C. Perkins, and J. Arkko, “Mobility Support in IPv6,” IETF RFC3775, June 2004. [2] Cisco NetFlow, http://www.cisco.com/warp/public/cc/pd/iosw/ioft/netflct/tech/napps_ipfix-charter.html [3] J. Quittek, T. Zseby, B. Claise, and S. Zander, “Requirements for IP Flow Information Export (IPFIX),” IETF RFC3917, Oct. 2004. [4] nProbe, http://www.ntop.org/ CNU IPOM 2006