110 likes | 184 Views
Passive DAD. Sangho Shin Andrea Forte Henning Schulzrinne Columbia University. Problems with the current DAD. In wireless networks , it takes long time to get ICMP echo response, or even the response can be lost when the channel is very congested.
E N D
Passive DAD Sangho Shin Andrea Forte Henning Schulzrinne Columbia University
Problems with the current DAD • In wireless networks, it takes long time to get ICMP echo response, or even the response can be lost when the channel is very congested. • Windows XP SP2 activates the firewall, and the firewall blocks incoming ICMP echo by default. • ISC DHCP software has the bug in the DAD timer, and the timer value is randomly decided between 0 ~ 1 sec.
IP MAC Expire IP1 MAC1 570 IP2 MAC2 580 IP3 MAC3 590 IP4 MAC4 Passive DAD - Architecture DHCP server Address Usage Collector (AUC) • AUC collects all broadcast and ARP packets. • AUC builds IP:MAC pair table. • Whenever a new pair is added to the table, the AUC sends the pair to the DHCP server. • DHCP server checks if the pair is correct or not. Broadcast/ARP Router/Relay Agent SUBNET • ARP checking • AUC scans unused IPs using ARP query periodically. • Silent node can be detected.
IP MAC Exp Passive DAD – Example xxxxxxxxxxxx DHCP server AUC xxxxxxxxxxxx Lease info IP:128.59.19.46 MAC:AA:BB:CC:DD:EE IP:128.59.19.46 MAC:AA:BB:CC:DD:EE Web server IP:128.59.19.46 MAC:AA:BB:CC:FF:GG Router Block AA:BB:CC:FF:GG Force Renew Forward HTTP traffic ARP query IP:128.59.19.46 ARP query IP:128.59.19.46 MAC:AA:BB:CC:DD:EE IP:128.59.19.46 MAC:AA:BB:CC:FF:GG
Conclusions • It takes long time to get an IP from DHCP server mostly because of DAD. • The current DAD does not work because of Windows XP SP2. • Passive DAD performs DAD without any overhead. • Passive DAD detects IP address collision and illegally used IPs. • When a address collision is detected, Passive DAD resolves the duplicate IP problem by using DHCP Force Renew (or VLAN banning).
Passive DAD – Expiration timer • The DHCP server does not know if an IP is still used or not before the lease is expired. • An illegal IP address does not have the lease information • The DHCP server can check if IPs are used or not, periodically by introducing the expiration timer at the table of AUC. IP MAC Expire IP1 MAC1 540 IP2 MAC2 550 IP3 MAC3 560 IP4 MAC4 580 IP5 MAC5 590 IP3 MAC6 600 AUC
What to change • New agent : AUC • A new packet between AUC and DHCP server • DHCP server logics • No changes in DHCP clients Subnet Identifier (4) MAC Address (6) IP Address (4)
Experiments Columbia Wireless Network AP DHCP server AUC ARP, broadcast honamsun Ethernet Switch CS Network
700 600 500 400 Number of IPs used 300 200 100 0 0 5000 10000 15000 20000 25000 30000 35000 Time (s) Experiment Results • Convergence time
Experiment Results • Packet arrival rate at the DHCP server 35 30 25 20 Number of packets (p/s) 15 10 5 0 0 5000 10000 15000 20000 25000 30000 Time (s)