Overview of SHIM6 Multihoming Protocol Fuad Bin Naser Std. No A presentation for CSE6806: Wireless & Mobile Communication Networks

Multi-homing If a device or a computer is connected to more than one computer network; specifically more than one ISPs, then it is referred as multi- homing Multihoming is deployed using the Border Gateway Protocol(BGP-4), which is a routing information protocol that announces routes to the customer from two or more service providers The IP address space for multihoming with BGP-4 is supplied by a Regional Internet Registry(RIR)

Multihoming Advantages Redundancy Load Sharing Performance Policy

Multihoming variants Single Link, multiple IP address Multiple Interfaces, single IP address per interface Multiple links, single IP address Multiple links, multiple IP address

Potential Solutions to Multihoming Site Multihoming by IPv6 Intermediation Locator/Identifier Separation Protocol Host Identity Protocol Steam Control Transmission protocol

What is SHIM6? The Site Multihoming by Intermediation(SHIM6) protocol allows existing communications to continue when a site with multiple connections to Internet experiences outage on a subset of these connections It provides multihoming for IPv6 with failover and load-balancing properties It’s an Internet Layer Shim for providing locator agility below the transport protocols SHIM6 processing is performed in individual hosts rather than site wide mechanisms

Goals of SHIM6 Preserve established connection when facing failures Have minimal impact on transport and application protocols Address security threats through Hash Based Addressing No extra round trip up front required to set up shim-specific state Take advantage of multiple addresses for load balancing

AP1 AP2 APn TCP/UDP SHIM6 Layer IP Endpoint Forward Identifier Locator ………….. SHIM6 Layer SHIM6 Architecture

SHIM6 Protocol Stack Overview The shim layer is placed within the IP layer and below the ULP to provide ULP independence The shim layer behaves as if associated with an extension header Fragmentation header above the shim makes reassembly robust in case of broken multi path routing Applications and ULPs use ULIDs that SHIM6 layer provides SHIM6 layer maintains ULID-pair context per ULID pair in order to perform the mapping between locator and ULID pairs This mapping is performed consistently at both sender and receiver

Transport Protocols AHESPFrag/reassDest opts SHIM6 insert IP IP Endpoint Sub-layer Multi6 Sub-layer IP routing Sub-layer IP Protocol SHIM6 Protocol Stack

Header Order in SHIM6 IPv6 header Hop-by-Hop Options header Destination Options header Routing header Shim6 header Fragment header Authentication header Encapsulating Security Protocol header Destination Options header Upper Layer header

How SHIM6 Works IP roles: SHIM6 splits the two semantics of an IP address(end point identifier and locator role) Initial Contact: Normal data communication between end point identifiers, no SHIM6 needed Context Establishment: Communication to exchange multihoming information, data communications remains normal Failure Detection: Messages are transmitted to detect a link failure Locator Pair Exploration: In case of a link failure, a new locator needs to be selected, locators are mapped back at the host to the end point identifier. Transport session remains stable. Communication resumes with SHIM6 data packets that provide mapping information Packet Rewriting: If a new working locator pair has been found, Shim6 will rewrite the packets on transmit and tagged with the Shim6 payload extension header, which contains the receiver’s context tag. The receiver can use this context tag to find the context state that will indicate which addresses to place in the IPv6 header, before passing the packet to the upper layer protocol (ULP). Garbage Collection: When Shim6 thinks that a context is no longer used, it can clean up the state. The context establishment protocol defines a recovery message to signal when there is no context state

SHIM6 Mapping Shim6 operates as a per-host header address mapping function. When packets are passed from the IP endpoint sub-layer to the shim sub-layer have the packet’s headers source and destination addresses rewritten with the currently selected locator pair Incoming packets passed from the IP Routing sub-layer undergo a similar lookup using the locator pair. The packet header is rewritten with the mapped endpoint identifier pair is there is an active mapping entry.

Src: ULID(A) = L1(A) Dst: ULID(B) = L1(B) Src: L2(A) Dst: L3(B) IP ULP Multihoming shim Sender AReciever B Src: ULID(A) = L1(A) Dst: ULID(B) = L1(B) Src: L2(A) Dst: L3(B) IP ULP Multihoming shim Cloud with routers Mapping with Changed Locators

SHIM6 Message Formats I1 R1 I2 R2 R1bis I2bis Update_req Update_ack KeepAlive Probe Error

Context Establishment

SHIM6 Security The HBA Technique for verifying the locators to prevent an attacker from redirecting the packet stream Requiring a reachability probe and reply before a new locator is used as the destination, in order to prevent 3 rd party flooding A 3-way exchange is required before the responder creates any state. So a state based DoS attack at least provides an IPv6 of the attacker The context establishment messages use nonces to prevent replay attacks and to prevent attackers from interfering with the establishment Every control messages carries the assigned context tag which an attacker needs to discover first in order to spoof the control message

Implementation Requirements Renumbering implications Handling context forking Critical options Locator preferences Context confusion Locator verification Receiving payload Sending payload Message formats Context teardown Retransmissions

Present Implementations of SHIM6 A SHIM6 patch for wireshark is developed by Mekking, M. LinSHIM6 is a beta implementation of SHIM6 on Linux 2.6 by Dupont, F. MipSHIM6 is a variant of LinSHIM6 which handles mobility too

References Mekking, M, Formalization and Verification of SHIM6 Protocol, May 2007 Wijngaards, W. Mekking, M. and Vaandrager, F., Formalizing SHIM6: An IETF Proposed UPAAL Standard, April 2007 Nordmark, E. and Bagnulo, M., SHIM6: Level 3 Multihoming Shim Protocol for IPv6, June 2009 Huston G., Architectural Commentary on Level 3 Multihoming Shim, January 2006