Overview of SHIM6 Multihoming Protocol Fuad Bin Naser Std. No. 1014052009 A presentation for CSE6806: Wireless & Mobile Communication Networks.

Slides:



Advertisements
Similar presentations
ID / LOC Split - Basic Approach Sender A Receiver B src = ULID(A) dst = ULID(B) src = ULID(A) dst = ULID(B) src = Loc(A) dst = Loc(B) src = Loc(A) dst.
Advertisements

Approaches to Multi-Homing for IPv6 An Architectural View of IPv6 MultiHoming proposals Geoff Huston 2004.
Architectural Approaches to Multi-Homing for IPv6 A Walk-Through of draft-huston-multi6-architectures-00 Geoff Huston June 2004.
Identity and Locators in IPv6 IAB Meeting IETF 60 August 2004.
SHIM6 Update Geoff Huston Kurtis Lindqvist SHIM6 co-chairs.
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
Multihoming and Multi-path Routing
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
PRIVATE NETWORK INTERCONNECTION (NAT AND VPN) & IPv6
IPv6 Victor T. Norman.
Multihoming in IPV6 Habib Naderi Department of Computer Science University of Auckland.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
OSI MODEL Maninder Kaur
Stream Control Transmission Protocol 網路前瞻技術實驗室 陳旻槿.
CS335 Networking & Network Administration Tuesday, April 20, 2010.
CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 18 Introduction to Networks and the Internet.
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
COE 342: Data & Computer Communications (T042) Dr. Marwan Abu-Amara Chapter 2: Protocols and Architecture.
Lecturer: Tamanna Haque Nipa
Host Identity Protocol
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
Presentation on Osi & TCP/IP MODEL
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
William Stallings Data and Computer Communications 7 th Edition Data Communications and Networks Overview Protocols and Architecture.
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 18 Omar Meqdadi Department of Computer Science and Software Engineering University.
Network Layer4-1 Chapter 4: Network Layer Chapter goals: r understand principles behind network layer services: m network layer service models m forwarding.
Virtual Circuit Network. Network Layer 2 Network layer r transport segment from sending to receiving host r network layer protocols in every host, router.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
GBUTtem 机密 此报告仅供 NGN 实验室内部使用。未经 NGN 实验室的书面许可,其它任 何机构不得擅自传阅、引用或复制。 sando 09/10/2005 Site-Multihoming over IPv6.
SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.
CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.
IPSec ● IP Security ● Layer 3 security architecture ● Enables VPN ● Delivers authentication, integrity and secrecy ● Implemented in Linux, Cisco, Windows.
William Stallings Data and Computer Communications
4.1.4 multi-homing.
Internet Protocols (chapter 18) CSE 3213 Fall 2011.
An Update on Multihoming in IPv6 Report on IETF Activity RIPE IPv6 Working Group 22 Sept 2004 RIPE 49 Geoff Huston, APNIC.
Approaches to Multi6 An Architectural View of Multi6 proposals Geoff Huston March 2004.
1 Requirements for Internet Routers (Gateways) and Hosts Relates to Lab 3. (Supplement) Covers the compliance requirements of Internet routers and hosts.
Chapter 27 IPv6 Protocol.
CSCI 465 D ata Communications and Networks Lecture 24 Martin van Bommel CSCI 465 Data Communications & Networks 1.
Shim6 Architecture Geoff Huston IETF-63 August 2005.
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.
Mobile IP 순천향대학교 전산학과 문종식
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Establishing BGP Sessions.
IETF #57 in Viena1 IPv6 Address Assignment and Route Selection for End-to-End Multihoming Kenji Ohira Kyoto University draft-ohira-assign-select-e2e-multihome-01.txt.
K. Salah1 Security Protocols in the Internet IPSec.
Routing Loop Attack Using IPv6 Automatic Tunnels: Problem Statement and Proposed Mitigations (RFC 6324) Po-Kang Chen Oct 19,
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
HIP-Based NAT Traversal in P2P-Environments
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
4.1.5 multi-homing.
Chapter 4 Introduction to Network Layer
CS4470 Computer Networking Protocols
Lecture 2 Overview.
Chapter 4 Introduction to Network Layer
Internet Protocol Version 6
ID / LOC Split - Basic Approach
An Update on Multihoming in IPv6 Report on IETF Activity
Network Layer I have learned from life no matter how far you go
CSE 313 Data Communication
Presentation transcript:

Overview of SHIM6 Multihoming Protocol Fuad Bin Naser Std. No A presentation for CSE6806: Wireless & Mobile Communication Networks

Multi-homing If a device or a computer is connected to more than one computer network; specifically more than one ISPs, then it is referred as multi- homing Multihoming is deployed using the Border Gateway Protocol(BGP-4), which is a routing information protocol that announces routes to the customer from two or more service providers The IP address space for multihoming with BGP-4 is supplied by a Regional Internet Registry(RIR)

Multihoming Advantages Redundancy Load Sharing Performance Policy

Multihoming variants Single Link, multiple IP address Multiple Interfaces, single IP address per interface Multiple links, single IP address Multiple links, multiple IP address

Potential Solutions to Multihoming Site Multihoming by IPv6 Intermediation Locator/Identifier Separation Protocol Host Identity Protocol Steam Control Transmission protocol

What is SHIM6? The Site Multihoming by Intermediation(SHIM6) protocol allows existing communications to continue when a site with multiple connections to Internet experiences outage on a subset of these connections It provides multihoming for IPv6 with failover and load-balancing properties It’s an Internet Layer Shim for providing locator agility below the transport protocols SHIM6 processing is performed in individual hosts rather than site wide mechanisms

Goals of SHIM6 Preserve established connection when facing failures Have minimal impact on transport and application protocols Address security threats through Hash Based Addressing No extra round trip up front required to set up shim-specific state Take advantage of multiple addresses for load balancing

AP1 AP2 APn TCP/UDP SHIM6 Layer IP Endpoint Forward Identifier Locator ………….. SHIM6 Layer SHIM6 Architecture

SHIM6 Protocol Stack Overview The shim layer is placed within the IP layer and below the ULP to provide ULP independence The shim layer behaves as if associated with an extension header Fragmentation header above the shim makes reassembly robust in case of broken multi path routing Applications and ULPs use ULIDs that SHIM6 layer provides SHIM6 layer maintains ULID-pair context per ULID pair in order to perform the mapping between locator and ULID pairs This mapping is performed consistently at both sender and receiver

Transport Protocols AHESPFrag/reassDest opts SHIM6 insert IP IP Endpoint Sub-layer Multi6 Sub-layer IP routing Sub-layer IP Protocol SHIM6 Protocol Stack

Header Order in SHIM6 IPv6 header Hop-by-Hop Options header Destination Options header Routing header Shim6 header Fragment header Authentication header Encapsulating Security Protocol header Destination Options header Upper Layer header

How SHIM6 Works IP roles: SHIM6 splits the two semantics of an IP address(end point identifier and locator role) Initial Contact: Normal data communication between end point identifiers, no SHIM6 needed Context Establishment: Communication to exchange multihoming information, data communications remains normal Failure Detection: Messages are transmitted to detect a link failure Locator Pair Exploration: In case of a link failure, a new locator needs to be selected, locators are mapped back at the host to the end point identifier. Transport session remains stable. Communication resumes with SHIM6 data packets that provide mapping information Packet Rewriting: If a new working locator pair has been found, Shim6 will rewrite the packets on transmit and tagged with the Shim6 payload extension header, which contains the receiver’s context tag. The receiver can use this context tag to find the context state that will indicate which addresses to place in the IPv6 header, before passing the packet to the upper layer protocol (ULP). Garbage Collection: When Shim6 thinks that a context is no longer used, it can clean up the state. The context establishment protocol defines a recovery message to signal when there is no context state

SHIM6 Mapping Shim6 operates as a per-host header address mapping function. When packets are passed from the IP endpoint sub-layer to the shim sub-layer have the packet’s headers source and destination addresses rewritten with the currently selected locator pair Incoming packets passed from the IP Routing sub-layer undergo a similar lookup using the locator pair. The packet header is rewritten with the mapped endpoint identifier pair is there is an active mapping entry.

Src: ULID(A) = L1(A) Dst: ULID(B) = L1(B) Src: L2(A) Dst: L3(B) IP ULP Multihoming shim Sender AReciever B Src: ULID(A) = L1(A) Dst: ULID(B) = L1(B) Src: L2(A) Dst: L3(B) IP ULP Multihoming shim Cloud with routers Mapping with Changed Locators

SHIM6 Message Formats I1 R1 I2 R2 R1bis I2bis Update_req Update_ack KeepAlive Probe Error

Context Establishment

SHIM6 Security The HBA Technique for verifying the locators to prevent an attacker from redirecting the packet stream Requiring a reachability probe and reply before a new locator is used as the destination, in order to prevent 3 rd party flooding A 3-way exchange is required before the responder creates any state. So a state based DoS attack at least provides an IPv6 of the attacker The context establishment messages use nonces to prevent replay attacks and to prevent attackers from interfering with the establishment Every control messages carries the assigned context tag which an attacker needs to discover first in order to spoof the control message

Implementation Requirements Renumbering implications Handling context forking Critical options Locator preferences Context confusion Locator verification Receiving payload Sending payload Message formats Context teardown Retransmissions

Present Implementations of SHIM6 A SHIM6 patch for wireshark is developed by Mekking, M. LinSHIM6 is a beta implementation of SHIM6 on Linux 2.6 by Dupont, F. MipSHIM6 is a variant of LinSHIM6 which handles mobility too

References Mekking, M, Formalization and Verification of SHIM6 Protocol, May 2007 Wijngaards, W. Mekking, M. and Vaandrager, F., Formalizing SHIM6: An IETF Proposed UPAAL Standard, April 2007 Nordmark, E. and Bagnulo, M., SHIM6: Level 3 Multihoming Shim Protocol for IPv6, June 2009 Huston G., Architectural Commentary on Level 3 Multihoming Shim, January 2006