IETF82, TAIWAN Meilian LU, Xiangyang GONG, Wendong WANG <mllu, xygong, Xiaohu Xu, Dacheng Zhang <xuxiaohu,

Slides:



Advertisements
Similar presentations
1 An Update on Multihoming in IPv6 Report on IETF Activity IPv6 Technical SIG 1 Sept 2004 APNIC18, Nadi, Fiji Geoff Huston.
Advertisements

Security Issues In Mobile IP
© Antônio M. Alberti 2011 Host Identification and Location Decoupling: A Comparison of Approaches Bruno Magalhães Martins Antônio Marcos Alberti.
State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.
Why do current IP semantics cause scaling issues? −Today, “addressing follows topology,” which limits route aggregation compactness −Overloaded IP address.
Hierarchical Routing Architecture Introduction draft-xu-rrg-hra-00.txt Routing Research Group Xiaohu XU
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
IPNL: A NAT-Extended Internet Architecture Francis & Gummadi Riku Honkanen.
IPv6: The Future of the Internet? July 27th, 1999 Auug.
1 Name Service in IPv6 Mobile Ad-hoc Network connected to the Internet Jaehoon Jeong, ETRI PIMRC 2003.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
1 DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad-hoc Network Jaehoon Jeong, ETRI ICACT.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
DNS Security Brad Pokorny The University of Minnesota Informal Security Seminar 4/18/03.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
DNS.
Host Identity Protocol
By Junaid Shaikh SE Computer
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
Layering and the TCP/IP protocol Suite  The TCP/IP Protocol only contains 5 Layers in its networking Model  The Layers Are 1.Physical -> 1 in OSI 2.Network.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
IIT Indore © Neminath Hubballi
Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.
Chapter 17 Domain Name System
An ID/locator split architecture for future networks Ved P. Kafle, Hideki Otsuki, and Masugi Inoue, National Institute of Information and Communications.
Routing protocols Basic Routing Routing Information Protocol (RIP) Open Shortest Path First (OSPF)
Re-thinking Security in Network Mobility Jukka Ylitalo Ericsson Research NomadicLab NDSS '05 Workshop - February 2.
Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.
Practical Considerations for Securely Deploying Mobility Will Ivancic NASA Glenn Research Center (216)
1 Presented to Routing Research Group (RRG), Internet Research Task Force Meeting Minneapolis, November 21,
Part 3: Internetworking Internet architecture, addressing, encapsulation, reliable transport and the TCP/IP protocol suite.
International Telecommunication Union ENUM Implementation Robert Shaw ITU Internet Strategy and Policy Advisor International Telecommunication Union ICANN.
1 Kyung Hee University Chapter 18 Domain Name System.
Information-Centric Networks06b-1 Week 6 / Paper 2 A layered naming architecture for the Internet –Hari Balakrishnan, Karthik Lakshminarayanan, Sylvia.
1 Mobility Support by the Common API for Transparent Hybrid Multicast draft-irtf-samrg-common-api-03 Project Matthias Wählisch,
Configuring Name Resolution and Additional Services Lesson 12.
Page 1 Active Directory and DNS Lecture 2 Hassan Shuja 09/14/2004.
HIP proxy Patrik Salmela Contents Background: ID-locator split HIP Why a HIP proxy Functionality of a HIP proxy The prototype.
Routing Architecture for the Next-Generation Internet (RANGI) draft-xu-rangi-01.txt Xiaohu Xu IETF76 Hiroshima.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
An Update on Multihoming in IPv6 Report on IETF Activity RIPE IPv6 Working Group 22 Sept 2004 RIPE 49 Geoff Huston, APNIC.
Approaches to Multi6 An Architectural View of Multi6 proposals Geoff Huston March 2004.
Mar del Plata, Argentina, 31 Aug – 1 Sep 2009 ITU-T Kaleidoscope 2009 Innovations for Digital Inclusion Ved P. Kafle, Hideki Otsuki, and Masugi Inoue National.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.
Linux Operations and Administration
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Introduction to Active Directory
MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.
IETF70 - Mobopts RG1 On Mobile IPv6 Optimization and Multihoming draft-ng-mobopts-multihoming-00.txt Chan-Wah Ng
Network Mobility (NEMO) Advanced Internet 2004 Fall
HIP & MIP V 6 SECURITY Research: Security Architecture IRT Lab, Columbia University.
Paris, August 2005 IETF 63 rd – mip6 WG Mobile IPv6 bootstrapping in split scenario (draft-ietf-mip6-bootstrapping-split-00) mip6-boot-sol DT Gerardo Giaretta,
Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
Host Identifier Revocation in HIP draft-irtf-hiprg-revocation-01 Dacheng Zhang IETF 79.
for the Next-Generation Internet (RANGI) draft-xu-rangi-01.txt
Zueyong Zhu† and J. William Atwood‡
Domain Name System (DNS)
Global Locator, Local Locator, and Identifier Split (GLI-Split)
Chapter 19 Domain Name System (DNS)
An Update on Multihoming in IPv6 Report on IETF Activity
Presentation transcript:

IETF82, TAIWAN Meilian LU, Xiangyang GONG, Wendong WANG <mllu, xygong, Xiaohu Xu, Dacheng Zhang <xuxiaohu, RANGI (Routing Architecture for Next Generation Internet) Experiment Report

Background What is RANGI? –A new ID/locator split based routing and addressing architecture. –Its major difference from HIP: hierarchical host identifiers. This report describes the issues of implementation for RANGI –Host stack implementation (based on HIPL codes) –Network infrastructure implementation –Host mobility and muti-homing experiments Transport Flat Host ID (128bit) Locator (128bit) Data Link Transport Network Data Link IP HIP Transport Hierarchical Host ID (128bit) IPv4-embeded IPv6 Address (128bit) Data Link RANGI

Host Stack Implementations RANGI completed a further extension to HIP –Reuses the user-space pattern of HIPL –CGA authentication in the base exchange: authenticate the binding relationship between sender’s ID and public key to confirm the authenticity of the data source Common functions: –ID generation and registration. –ID->Locator mapping registration and resolution. –ID/Locator split based communication. AD IDLocal Host ID Region IDCountry IDAuthority ID n bits128-n bits Host ID FormatHost ID Implementation Example

Infrastructure Implementations No impact on the traditional DNS infrastructure –The AAAA RR fields now are filled with host identifiers. RANGI infrastructure consists of two parts: –IDMS is in charge of ID management, including the registration of host ID –ILMS is in charge of ID->Locator Mapping service, Including mapping registration, updating and resolution.

ID Management System(IDMS) IDMS has a hierarchical structure –Each IDMS is responsible for the management of IDs which belong to its AD domain. –Guaranteeing the uniqueness of ID within each AD domain –Maintaining TSIG shared secret per ID entry for protecting the dynamic updating process in the ILMS. National ID authority Country level ID management system IANN-like Root China China Mobile Beijing Shanghai… China Telec om … Japane se … Ameri ca Califo rnia …

ID to Locator Mapping System (DNS based) ILMS based on reverse DNS –The mapping system server organizes hierarchical structure in accordance with the identity of RANGI –Brings trust boundaries –Interact with the corresponding IDMS to obtain TSIG shared secret for protecting the dynamic updating process

ID to Locator Mapping System (DNS+DHT based) ILMS based on DNS-DHT hybrid resolution –DNS is used to divide different management organizations –DHT is used to maintain the ID/Locator mapping information. –a DNS-DHT converter is needed for changing DNS message to DHT message

Host Mobility LD #1 CN LDBR1 LDBR2 MN LDBR3 LD #3 LD #2 move R2 R1 1 RA 0 RS( 可选 ) CN update ILM DNS ILM DNS ILMS update 2 updata1 3 updata2 4 updata3 ILMS update1 ILMS update2

DUT4 G3/1/3 G3/1/0 G3/0/0 G3/1/7 G3/1/6 2004:0:6::/64 IDMS Authority ILMS root DNS server G3/0/1 2003:0:3::/64 G3/1/9 G3/1/10 G3/1/1 G3/1/2 6PE G3/1/2 G3/1/3 G3/1/4 G3/1/5 6PE G3/1/5 G3/1/6 2003::/16(AS#3) 2004::/16(AS#4) 2005::/16(ISP#3) Site #1 (IPv6) 2003:0:12::/ :0:12::/64 Site #2 (IPv6) 2005:0:11::/64 G3/1/7 G3/1/8 6PE G3/1/8 G3/1/9 2005::/16(AS#5) G3/1/11 G3/0/4 G3/1/10 G3/1/3 G3/1/7 G3/0/0 PC#22 G3/0/0 2004:0:4::/64 G3/1/10 G3/0/9 G3/0/0 DUT1DUT3DUT7DUT9DUT11DUT6DUT4DUT10 IPv4/IPv6 G3/1/0 Local ILMS IPv4 Experiment: Host Mobility update DNS Update

Views from Network Operators Administration of ID namespace –AD ID is hierarchical, it consists of three administrative level: country level, authority level and region level. ID administrations have a corresponding hierarchical reverse tree structure. –the root part is a global administration which is similar as ICANN –the root administration divides the namespace into some ID sub-namespaces

Views from Network Operators Security Considerations –IDMS uses certification, signature and other techniques for authentication and message integrity protection. –ILMS use DNSSEC to provide the source authentication and integrity protection for resource records; use DNS transaction authentication protocol TSIG (Secret Key Transaction Authentication for DNS) to protect update operation of mapping information

Conclusion RANGI can effectively support ID/Locator split Support mobility, multi-homing and traffic engineering From the introduction of hierarchical concept, RANGI has a reasonable business model and clear trust boundaries Solve the problem of routing scalability

Any Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.