1 / 164

「我國 IPv6 建置發展計畫」 92 年度 期中成果報告 研究發展分項計畫

「我國 IPv6 建置發展計畫」 92 年度 期中成果報告 研究發展分項計畫. 子計畫一:新一代網際網路移動環境與資訊家電技術之研究. Mobile IPv6 over MANET 之雛形系統的研製. 計畫主持人:國立中正大學 資工系 陳裕賢 副教授 黃仁竑 教授. Outline. Part I: Mobile IPv6 over MANET 之運作原理介紹 : Why is the need of "Mobile IPv6 over MANET" ?

adrake
Download Presentation

「我國 IPv6 建置發展計畫」 92 年度 期中成果報告 研究發展分項計畫

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 「我國IPv6建置發展計畫」92年度期中成果報告研究發展分項計畫「我國IPv6建置發展計畫」92年度期中成果報告研究發展分項計畫 子計畫一:新一代網際網路移動環境與資訊家電技術之研究

  2. Mobile IPv6 over MANET 之雛形系統的研製 計畫主持人:國立中正大學 資工系 陳裕賢 副教授 黃仁竑 教授

  3. Outline • Part I: Mobile IPv6 over MANET 之運作原理介紹: • Why is the need of "Mobile IPv6 over MANET" ? • The key difference between Mobile IPv4 over MANET with Mobile IPv6 over MANET • The difficulty of implementing the Mobile IPv6 over MANET • Part II: Mobile IPv6 over MANET 之雛形系統架構

  4. Part I: Mobile IPv6 over MANET 之運作原理介紹: • Why is the need of "Mobile IPv6 over MANET" ? • The key difference between Mobile IPv4 over MANET with Mobile IPv6 over MANET. • The difficulty of implementing the Mobile IPv6 over MANET.

  5. 1. Why is the need of "Mobile IPv6 over MANET" ?

  6. 1. Why is the need of "Mobile IPv6 over MANET" ?

  7. 2. The key difference between Mobile IPv4 over MANET with Mobile IPv6 over MANET

  8. Tunneling to the Care-of Address

  9. The basic operation of Mobile IPv6 • 由於IPv6有Stateless Address Autoconfiguration和Neighbor Discovery這兩種通訊協定,因此就不需要Foreign Agent的存在。而Home Agent、Home Network以及Encapsulation等觀念則和IPv4的想法接近。 • MH取得一個Care-of Address(使用Neighbor Discovery和Stateless Address Autoconfiguration)後,和Home Agent作認證 (使用Authentication Header)。

  10. Mobile IPv6 Operation • 當MN移到另一個link時, 會以autoconfiguration去取得一IP, 之後MN會送一 “binding update”給他的HA. (destination option) • 之後HA會回一個 ”binding acknowledgement” 給MN. (destination option)

  11. Triangle Routing • 當CN第一次傳送封包給MN時,因為binding update裡沒有MN的資料,因此先傳送至HA,再由HA以tunneled to MN. (IPv6 Encapsulation)

  12. 3. The difficulty of implementing the Mobile IPv6 over MANET • Multi-hop routing on MANET under IPv6. • Different kernel • Integrate MANET to IPv6 backbone

  13. IP Protocol IP Protocol MANET Routing (DSDV) MANET Routing (DSDV) MANET Routing (DSDV) Packet Packet

  14. encapsulate Packet Packet MN5’s IP: 3ffe:3600:2000:2000::5/64  CoA: 3ffe:3600:2000:2100::7/64 Packet MN5’s IP: 3ffe:3600:2000:2000::5/64  CoA: 3ffe:3600:2000:2100::7/64 Binding Binding ICMPv6 CoA: 3ffe:3600:2000:2100::7/64

  15. Packet MN5’s IP: 3ffe:3600:2000:2000::5/64 New CoA: 3ffe:3600:2000:2200::23/64 Old CoA: 3ffe:3600:2000:2100::7/64 Binding Binding ICMPv6 CoA: 3ffe:3600:2000:2200::23/64

  16. Part II: Mobile IPv6 over MANET 之雛形系統架構 • 現有成果 • Multi-hopping (MANET) routing under IPv4 • MANET interconnect with IPv4 backbone • 現在努力的目標 • Multi-hopping (MANET) routing under IPv4 • MANET routing interconnects with IPv6 backbone • 未來目標 • Mobile IPv6 over MANET

  17. 應用IPv6 Multihoming技術的家庭網路代理伺服器之設計與實作 國立成功大學資訊工程系 國立中正大學資訊工程系

  18. Outline • Multihoming Introduction • Related Multihoming Internet-Draft • Project Design and Implementation • Conclusion • Reference

  19. Multihoming Introduction • A host or router has two more different network connection. Internet ISP1 ISP2 Multihoming Gateway

  20. Multihoming Advantages • Fault Tolerance • Load Balance • Provider Selection • Link Aggregation

  21. If D is broken, the connection will be forwarded by E. Internet C D E ISP-1 ISP-2 B A If B is broken, the connection will be forwarded by A. Multihoming Gateway

  22. Multihoming Scope • Provider-Level • draft-ieft-inpgwg-ipv6multihome-with-aggr-01 • Site-Level • At site exit routers, RFC 3178 • Subnet/Host-Level

  23. Multihoming Problems • ISPs cannot advertise prefixes of other ISPs • Site cannot advertise to upstream providers’ prefixes longer than their assigned prefix

  24. Multihoming Solutions • Router-based Solutions • Host-based Solutions • Mobile-based Solutions • Geographic or Exchange-based Solutions

  25. Router-based Solutions • GSE/8+8 • draft-ipng-gseaddr-00 • GSE: Global, Site, and End System Address Elements • Multihoming with Route Aggregation • draft-ietf-ipngwg-ipv6multihome-with-aggr-01 • Multihoming Using Router Renumbering • draft-ietf-ipngwg-multi-isp-00

  26. Router-based Solutions (Con’t) • Multihoming Support at Site Exit Routers • IPv6 Multihoming Support at Site Exit Routers, RFC 3178 • Multihoming Aliasing Protocol (MHAP) • draft-py-mhap-intro-00

  27. Host-based Solutions • Host-Centric IPv6 Multihoming • draft-huitema-multi6-hosts-01 • Host Identity Payload Protocol (HIP)

  28. Mobile-based Solutions • draft-bagnulo-multi6-mnm-00 • Application of the MIPv6 protocol to the multi-homing problem

  29. Geographic or Exchange-based Solutions • GAPI: A Geographically Aggregatable Provider Independent Address Space to Support Multihoming in IPv6 • draft-py-multi6-gapi-00 • Extension Header for Site Multihoming Support • draft-bagnulo-multi6-mhExtHdr-00

  30. Related Internet-Draft • draft-ietf-multi6-multihoming-requirements-06 • Goals for IPv6 Site-Multihoming Architectures. • draft-savola-multi6-nowwhat-00 • IPv6 Site Multihoming: Now What? • draft-de-launois-multi6-naros-00 • NAROS : Host-Centric IPv6 Multihoming with Traffic Engineering. • draft-kurtis-multihoming-longprefix-00 • Multihoming in IPv6 by multiple announcements of longer prefixes.

  31. Related Internet-Draft (Con’t) • draft-hain-ipv6-pi-addr-use-04 • Application and Use of the IPv6 Provider Independent. • draft-py-multi6-gapi-00 • GAPI: A Geographically Aggregatable Provider Independent Address Space to Support Multihoming in IPv6. • draft-kurtis-multi6-roadmap-00 • A road-map for multihoming in IPv6. • draft-savola-multi6-asn-pi-00 • Multihoming Using IPv6 Addressing Derived from AS Numbers.

  32. Our Design Goals • To build a Multihoming Gateway for IPv6-based HomeNetwork • Multiple Outgoing Interfaces • Fault Tolerance • Load Balance • Bandwidth Aggregation • Web Proxy • …

  33. eth0 eth1 eth1 eth0 Our Experimental Architecture default route RouterA:Hinet RouterB:Tanet 2001:0238::1/32 2001:0288::2/32 Web / Apache 2001:0288::1/32 2001:0238::2/32 Slave Outgoing Link Master Outgoing Link 2001:238:1:1::1/64 2001:288:1:1::1/64 eth0 eth2 Multihome Gateway 2001:288:1:1::2/64 Proxy / Squid eth1 default route 2001:288:1:1:1:1:0:3/96 Home Client eth0 Browser / Mozilla

  34. System Implementation • Interface/Link Detection • Using ICMPv6 to detect the interface is available or not • Interface/Link Detection Periodically • Modify/Setup Routing Information

  35. System Implementation (Con’t) • Fault Tolerance (Redundant Link) • Assume ISPs assign a prefix to users, not only one IPv6 address. • Multihoming Gateway connects two outgoing links from different ISPs, with different ipv6 prefix • Choose a master link to communicate • The other is a slave/backup link

  36. eth0 eth1 eth1 eth0 default route RouterA:Hinet RouterB:Tanet 2001:0238::1/32 2001:0288::2/32 Web / Apache 2001:0288::1/32 2001:0238::2/32 Slave Outgoing Link Master Outgoing Link 2001:238:1:1::1/64 2001:288:1:1::1/64 eth0 eth2 Multihome Gateway 2001:288:1:1::2/64 Proxy / Squid eth1 default route Home Client eth0 2001:288:1:1:1:1:0:3/96 Browser / Mozilla

  37. When the master link is crashed • The slave/backup link will be used • The client need not change their IPs to fit the prefix of the slave/backup link • Use the IPv6 address of the slave/backup link to communicate • Using Network Address Translation Table • Current Support • ICMPv6 • TCP/UDP

  38. eth0 eth1 eth1 eth0 default route RouterA:Hinet RouterB:Tanet 2001:0238::1/32 2001:0288::2/32 Web / Apache 2001:0288::1/32 2001:0238::2/32 Slave Outgoing Link 2001:238:1:1::1/64 2001:288:1:1::1/64 eth0 eth2 Mapping Table Multihome Gateway 2001:288:1:1::2/64 eth1 Proxy / Squid default route Home Client eth0 2001:288:1:1:1:1:0:3/96

  39. System Implementation (Con’t) • Load Balance • Equal Cost Multi Path (ECMP) – IPv4 • RFC 2391 • Round Robin • Least Load First • Least Traffic First • Least Weighted Load First • Weight Round Robin (WRR) – IPv4

  40. Web Proxy on the Multihoming Gateway • Squid supporting IPv6 • Installed on Multihoming Gateway • Use the Fault-Tolerance to make the squid server workable at any time, expect all link are failed.

  41. Conclusions • Introduce the benefits of Multihoming • Fault Tolerance • Load Balance • … • Apply Mulithoming to IPv6 HomeNetwork • Multihoming Gateway including the web proxy • Describe Our Design Goals and Current System Implementation • Reduce Cost • Increase Performance

  42. References • http://www.ietf.org/html.charters/multi6-charter.html. • draft-ietf-multi6-multihoming-requirements-06.txt. • Il-sun Whang and Dongkyun Kim, “IPv6 Multihoming”, KRnet2002. • David BINET, “Home Networking: The IPv6 killer application?”, France Telecom R&D, 2002. • Jeff Doyle, “Issues in IPv6 Deployment.“, Juniper NETWORKS.

  43. The Design and Implementation of an IPv6-enabled Intrusion detection System:Status report Leader: C. S. Lai(NCKU) Core team-members: B. Tseng(Hsing-Kuo Univ.) P. Chen(NCKU)

  44. Agenda • Intrusion Detection System: An Overview • Our Work: IPv6-enabled Intrusion detection System • Further works:

  45. I.Intrusion Detection System: An Overview • What is Intrusion Detection System • Model and Architecture • Data Source • Core technology • Metric and Testing methodology • Testing Environment and Test reports • Development methodology: A software-engineering viewpoint • Other topics

  46. Intrusion Detection System:What Intrusion detectionis the process of monitoring the events occurring in a computer system or network and analyzing them for signs of intrusions, defined as attempts to compromise the confidentiality, integrity, availability, or to bypass the security mechanisms of a computer or network. Intrusions are caused by attackers accessing the systems from the Internet, authorized users of the systems who attempt to gain additional privileges for which they are not authorized, and authorized users who misuse the privileges given them. Intrusion Detection Systems (IDSs)are software or hardware products that automate this monitoring and analysis process.

  47. IDS in a Network

More Related