160 likes | 290 Views
Router Advertisements for Routing between Moving Networks. draft-petrescu-autoconf-ra-based-routing-00.txt Presenter : Alexandru Petrescu IETF 78 Maastricht 29 July 2010, AUTOCONF Working Group. Slide 1. Outline.
E N D
Router Advertisements for Routing between Moving Networks draft-petrescu-autoconf-ra-based-routing-00.txt Presenter: Alexandru Petrescu IETF 78 Maastricht 29 July 2010, AUTOCONF Working Group Slide 1
Outline • Problems: once addresses and prefixesare assigned – how to update routing tables. • ICMPv6 extension • Topology and Message Exchange Diagrams • ConceptualAlgorithm on MR3; scalability • Recentremarks (from AUTOCONF, MEXT and private). • Implementation Slide 2
Problem Self-formedlink-local addresses ?Routing tables? MR1 MR2 Prefixes pre-configured LFN1 LFN2 Slide 3
ICMPv6 Extension Router Advertisement is a message format defined in [RFC4861] as an ICMPv6 message. The document [RFC5175] proposes an option for RA extensibility: IPv6 Router Advetisement Flags Option. We propose to reserve bit 16 for Mobile Network Prefixes. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length |M| Bit fields available ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... for assignment | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 'M' - Mobile Network Prefix present. Set to 1 if this Router Advertisement contains a Mobile Network Prefix. If the RA Flags Option contais the flag M, and set to 1, then the Router Advertisement MUST contain a Route Information Option [RFC4191] followed optionally by a Source-Link Layer Address Option [RFC4861]. (If this SLLAO option is used then it avoids the necessity of doing NS/NA exchange for the link-local address of the Gateway entry in the data structure mentioned earlier.) Slide 4
Topology and Message Exchange Diagrams MR-to-MR WiFi essid: “V2V” channel: 3 mode: ad-hoc egress egress egress fe80::MR1_egress fe80::MR3_egress fe80::MR2_egress Net3 Net2 Net1 MR1 MR3 MR2 fe80::MR1_ingress fe80::MR3_ingress fe80::MR2_ingress WiFi essid: “V3” channel: 9 mode: managed 2001:db8:3::/64 WiFi essid: “V2” channel: 9 mode: managed 2001:db8:2::/64 2001:db8:1::/64 WiFi essid: “V1” channel: 9 mode: managed eth0 eth0 eth0 LFN31 LFN21 LFN11 MR1 MR2 MR3 Simultaneous MLD “JOIN” Phase 1 Simultaneous power-up of 3 MRs. RA1: Phase 2 RA3: RA2: Slide5
More Message Exchange Diagrams MR1 MR2 MR3 MR1 MR2 MR3 Arrival of MR3 in a setting of MR1 and MR2. Timeout RA1 used for deletion MNP1, flag ‘D’, or lifetime ‘0’ Deletion RS Uponreceipt of this RA, MR2 and 3 deletetheir routes for MNP1 from theirrouting tables. RA1: Renewal, eventually RA2: MR1 MR2 MR3 Timed out expiration and deletion. RA3: MLD “JOIN” RS RA1: Explicit deletion. RA2: Slide7
Conceptually – an Algorithmon MR3 (1)Send an RA containing the prefix(es) allocated to its subnets to which the ingress interfaces are connected (2) "Join" the all-routers multicast address with link-scope, on its egress interface (3) Send a Router Solicitation (RS) on its egress interface requesting RAs from MR1 and MR2 (4) Receive their special RAs: RA1 and RA2 (5) For each received RA, extract the source address and the prefixes and insert the corresponding number of routing table entries; these entries will help reach the LFNs in the moving networks of MR1 and MR2. Slide8
Scalability MRn MR3 LFN11 LFN21 LFN1n LFN2m LFN12 LFN22 MR1 MR2 LFN11 LFN21 LFN1n LFN2m LFN12 LFN22 Routing table on MR1 Number of entries equals the number of Mobile Routers at the scene. Routing table on LFN11 Number of entries is constant. Slide9
Security • Examplerisk: attacker MR claims towardsotherMRsthatitowns the MNP of a victim MR – victim MR no longer receivesitstraffic. • More threats. • Is SeNDappropriate. • Certificateswhen PKI infrastructure is absent. • Ongoingwork. Slide10
Remarksfrom AUTOCONF and MEXT WGs • Bug in distinctor of prefixes (/64 instead of /24) • Use of distinctive ESSIDs on egress and ingress interfaces • Use of link-local addresses (notation, pertinence) • Addressspoofing mode not good • How is MNP providedinitially? • Addressing model not new and inlinewith IPv6 addressingarch • Collective « we » look ataddres/prefixautoconf w/o restrictions for packetrelaying via sameinterface • Is this multi-hop? • Adapted to MEXT or AUTOCONF? [Teco, Chris, Ulrich, Henning, ThomasC– discussion above] • Concept of prefixownership, SeND • Is MR2 relayingbetween 1 and 3 (if sopacketrcvd on multiple paths?) • Specifics on Route Deletion, RS used for. • Have I checked AODV and similar [Antti] Slide11
PrivateRemarks • Wrong email address of a co-author • Need to separate the addressing model fromprotocol Slide12
Implementation • Extensions to ICMP Router Advertisements sent on the egress interface • Implementation on linux withradvd 1.4 • PacketDissectors for Wireshark, for the packet formats • Link-layer security on egressusing WPA-NONE PSK TKIP/AES (yes, itissecure); and WEP toosome times. Slide13
More on the Addressing Model Slide14
Comments • Thanks in advance to the note takers! Slide16