Made with OpenOffice.org 1 TCP Multi-Home Options Arifumi Matsumoto Graduate School of Informatics, Kyoto University, Japan

Slides:

Advertisements

Similar presentations

SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.

Advertisements

1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.

Giảng viên : Ts. Lê Anh Ngọc Học viên: Trịnh Hồng Điệp Nguyễn Minh H ư ớng 1.

Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 Address Selection, Failure Detection and Recovery in MULTI6 draft-arkko-multi6dt-failure-detection-00.txt Multi6 Design Team -- Jari Arkko, Marcelo Bagnulo,

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

Camarillo / Schulzrinne / Kantola November 26th, 2001 SIP over SCTP performance analysis

Improving TCP Performance over Mobile Ad Hoc Networks by Exploiting Cross- Layer Information Awareness Xin Yu Department Of Computer Science New York University,

What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.

1 MAST and Multi6 MAST and Multi6  MAST  Multiple Address Service for Transport  draft-crocker-mast-proposal  A service to maintain locator pools Simultaneous.

15-441: Computer Networking Lecture 26: Networking Future.

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)

Data Communication and Networks

ITIS 6167/8167: Network and Information Security Weichao Wang.

Trade-offs and open issues with path discovery and transport or not all requirements are orthogonal… Henning Schulzrinne Columbia University

1 Introduction on the Architecture of End to End Multihoming Masataka Ohta Tokyo Institute of Technology

TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Guide to TCP/IP, Third Edition

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

IIT Indore © Neminath Hubballi

TCOM 515 Lecture 6.

March 7, 2005MOBIKE WG, IETF 621 Mobility Protocol Options for IKEv2 (MOPO-IKE) Pasi Eronen.

Adaptive Failover Mechanism Motivation End-to-end connectivity can suffer during net failures Internet path outage detection and recovery is slow (shown.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

Simple Multihoming Experiment draft-huitema-multi6-experiment-00.txt Christian Huitema, Microsoft David Kessens, Nokia.

UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.

Security Issues in Control, Management and Routing Protocols M.Baltatu, A.Lioy, F.Maino, D.Mazzocchi Computer and Network Security Group Politecnico di.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.

SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.

NTLP Design Considerations draft-mcdonald-nsis-ntlp-considerations-00.txt NSIS Interim Meeting – Columbia University February 2003.

Packet Capture and Analysis: An Introduction to Wireshark 1.

4.1.4 multi-homing.

IPv6 Site-Local Discussion Bob Hinden & Margaret Wasserman IETF 56 San Francisco March 2003.

Denial of Service DoS attacks try to deny legimate users access to services, networks, systems or to other resources. There are DoS tools available, thus.

An Update on Multihoming in IPv6 Report on IETF Activity RIPE IPv6 Working Group 22 Sept 2004 RIPE 49 Geoff Huston, APNIC.

Approaches to Multi6 An Architectural View of Multi6 proposals Geoff Huston March 2004.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

SCTP: A new networking protocol for super-computing Mohammed Atiquzzaman Shaojian Fu Department of Computer Science University of Oklahoma.

Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

MPTCP Threat analysis draft-bagnulo-mptcp-threat-00 marcelo bagnulo IETF76 – MPTCP WG.

IETF #58 in Minneapolis1 IPv6 Address Assignment and Route Selection for End-to-End Multihoming Kenji Ohira Kyoto University draft-ohira-assign-select-e2e-multihome-02.txt.

Lecture 17 Page 1 Advanced Network Security Network Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Congestion Control 0.

© 2002, Cisco Systems, Inc. All rights reserved..

IETF #57 in Viena1 IPv6 Address Assignment and Route Selection for End-to-End Multihoming Kenji Ohira Kyoto University draft-ohira-assign-select-e2e-multihome-01.txt.

Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.

Multi-addressed Multipath TCP draft-ford-mptcp-multiaddressed-02 Alan Ford Costin Raiciu, Mark Handley.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

HIP-Based NAT Traversal in P2P-Environments

BANANA BOF Scope & Problem Description

Chapter 9: Transport Layer

Instructor Materials Chapter 9: Transport Layer

Topics discussed in this section:

4.1.5 multi-homing.

Multi-addressed Multipath TCP

SCTP: Stream Control Transport Protocol

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

* Essential Network Security Book Slides.

COS 561: Advanced Computer Networks

IT351: Mobile & Wireless Computing

An Update on Multihoming in IPv6 Report on IETF Activity

Lecture 12 Internet Protocols Internet resource allocation and QoS

Chapter 11. Frame Relay Background Frame Relay Protocol Architecture

Presentation transcript:

Made with OpenOffice.org 1 TCP Multi-Home Options Arifumi Matsumoto Graduate School of Informatics, Kyoto University, Japan 11/11 IETF 58th - draft-arifumi-tcp-mh-00.txt -

Made with OpenOffice.org 2 Multi6a Design Team (DT2) In DT2, as a short term solution, Multi-address & host-centric model is reasonable. Multi-homed site does “Source Address Based Routing” to provide as many pathes as possible to upper layer. And IMO, improved TCP is necessary and is a simple solution. improved TCP is necessary and is a simple solution. Network failure can only be detected by transport or upper layers before session time-outs. Existing TCP can't manipulate multi-addresses. SCTP isn't TCP. (no interoperability) So I designed and implemented TCP MH-Options

Made with OpenOffice.org 3 Protocol Design Simple and Minimum change to the existing TCP Defines several new TCP Options Not affect any other functions of TCP (flow control, congestion avoidance) Backward interoperability and fairness Rapid recovery from transmission failure After some RTOs, path(src-dst address pair) changes. Traverse ingress filter by trying all the source addresses. Protection for Redirection Attack, Session Hijack and Syn-Flood Attack.

Made with OpenOffice.org 4 Protocol Behavior Overview EST ADD NodeA NodeB

Made with OpenOffice.org 5 Packet Format TCP Option field size is up to 40 bytes! MH-Permitted Option Negotiates multi-home capability. Address Configuration Options MH-Add/Delete Option MH-Serial is incremented by one if its ack returns. Each hosts can have one outstanding MH-Serial. Address Configuration Ack. Options MH-Add/Non-Ack Option MH-Serial is copied from MH-Add/Delete Option.

Made with OpenOffice.org 6 Considerations -Path Switch- Path switches when Several times(should be 3) of RTOs(cwnd->0) occurs. This typically takes about sec. ICMP Error is received. (temporary network failure) Path is discarded when RST is the first received packet from that path. (the packet is probably from irrelevant host. e.g. private address) Path's address is deleted by either of nodes. When a path changes, window size is almost always set to 1MSS because of RTOs. Path Flapping Avoidance

Made with OpenOffice.org 7 Considerations -Security(1/2)- Redirection Attack Redirects traffic to third party for DoS attack. Targeted host can RST connection, so this seems not so serious. By introducing Return-Routablity check, this is easily prevented but not yet included. B A T 1) Add(T) 2) Ack 3) Data NodeA NodeB(adr1)NodeB(adr2) Add(adr2) Confirm Con-Ack Add-Ack Add(adr2) RST

Made with OpenOffice.org 8 Considerations -Security(2/2)- Session Hijack protected by strict MH-Serial number management. Unexpected Serial number means being attacked and session itself should soon be canceled. This mechanism, however, doesn't have any protection against Man-In-the-Middle attack. This is also true for the existing TCP. The difference is that MITM host can fetch a session to anywhere else. (This degrades TCP security ?) MIM A B 1) Add 2) Ack 1) Add 2) Ack MIM A B MIM 2 (and it's possible to use TCP ISN as a shared secret but not perfect)

Made with OpenOffice.org 9 Conclusions I proposed Transport Layer based Multi-home solution. This is not the consensus of Multi6a DT though. There is a running implementation for NetBSD. Future Work: Return Routability and NAT/NAPT Traversal evaluation. Comparison with L3.5 approaches. TCP-MH is enough ?

Made with OpenOffice.org Packet Filtering 3.1.7Impact on DNS 3.1.6Transport Survivability 3.1.5Simplicity 3.1.4Policy 3.1.3Performance 3.1.2Load Sharing 3.1.1Redundancy 3.1.8Packet Filtering 3.1.7Impact on DNS 3.1.6Transport Survivability 3.1.5Simplicity 3.1.4Policy 3.1.3Performance 3.1.2Load Sharing 3.1.1Redundancy Basic Capabilities Survive any network outage Per TCP session maybe possible Quite simple That's what this is for. No impact

Made with OpenOffice.org 11 Additional capabilities 3.2.5Operations & Management 4Security Considerations 3.2.7Multiple Solutions? 3.2.6Cooperation between Transit Providers 3.2.4Host-Routing interaction 3.2.3Impact on Hosts 3.2.2Impact on Routers 3.2.1Scalability 3.2.5Operations & Management 4Security Considerations 3.2.7Multiple Solutions? 3.2.6Cooperation between Transit Providers 3.2.4Host-Routing interaction 3.2.3Impact on Hosts 3.2.2Impact on Routers 3.2.1Scalability No problem SABR is desired Interoperable with legacy nodes Desired but not required Possible Not required Can co-exist with L3 solutions MITM can hijack