660 likes | 681 Views
IP Autoconfiguration for MANET. Wireless Access Network and NS-2 Workshop. Jaehoon Paul Jeong , ETRI paul@etri.re.kr http://www.adhoc.6ants.net/~paul. Contents. Introduction Unicast Address Autoconfiguration Multicast Address Allocation Multicast DNS Service Discovery
E N D
IP Autoconfiguration for MANET Wireless Access Network and NS-2 Workshop Jaehoon Paul Jeong, ETRIpaul@etri.re.krhttp://www.adhoc.6ants.net/~paul
Contents • Introduction • Unicast Address Autoconfiguration • Multicast Address Allocation • Multicast DNS • Service Discovery • Internet Connectivity • MANET Testbed • Conclusion • References • Reference Website
Introduction • Mobile Ad Hoc Network (MANET) • MANET has dynamically changing network topology. • MANET partition and mergence may happen. • In MANET, there are many points to consider unlike the Internet. • There is no network administrator. • The current Internet services, such as address autoconfigation and DNS, are difficult to adopt. • So, Auto-configuration is necessary in MANET!!
MANET Auto-configuration • Unicast Address Autoconfiguration • Multicast Address Allocation • Multicast DNS • Service Discovery • Internet Connectivity Unicast Address Autoconfiguration Internet Connectivityfor MANET Service Discovery Multicast DNS Multicast Address Allocation
Introduction • Configuration of Unicast Address in Network Interface • Precedent step for IP networking • Methods of IP address configuration in network interface • Manual configuration • Automatic configuration • Consideration of IP address configuration • A unique address should be assigned. • Automatic configuration is needed for user’s convenience. • Addressing in MANET • Each mobile node is necessary to autoconfigure its IP address through Duplicate Address Detection (DAD). • An arbitrary address is selected. • The uniqueness of the address is verified though DAD.
Problem of IP Address Conflict - 1/2 IP address = a A F B C G H E K D IP address = a
Problem of IP Address Conflict - 2/2 IP address = a A F B C G H E K D IP address = a
Requirements for MANET Address Autoconfiguration • Base Document • draft-jeong-manet-addr-autoconf-reqts-01.txt • Three Classes of Requirements • Join and Departure of Mobile Nodes • Network Partitioning and Merging • Internet Connectivity
Join and Departure of Mobile Nodes [R1] Address autoconf protocol MUST support timely autoconfiguration of IP address for a mobile node. [R2] Address autoconf protocol MAY support mechanisms to probe whether a mobile node moves into another MANET. [R3] Mobile nodes using address autoconf protocol MUST validate allocated IP addresses when powering up or rebooting. [R4] Mobile nodes using address autoconf protocol MAY validate allocated IP addresses when moving into a new network.
Network Partitioning and Merging [R5] Ad hoc address autoconf protocol MUST detect and resolve address conflicts in a timely manner and on an ongoing basis. [R6] Ad hoc address autoconf protocol MUST allow conflicted address replaced with another. [R7] Ad hoc address autoconf protocol SHOULD minimize the damage, such as loss of delivered packets, due to address replacement. [R8] Addresses SHOULD be allocated or autoconfigured in a way that minimizes the probability that two or more nodes will have the same address. [R9] In order to detect duplicate addresses, ad hoc address autoconf protocol MAY get the aid of ad hoc routing protocol.
Internet Connectivity [R10] MANET MAY allow configuration of one or more gateways for the global connectivity to the Internet. [R11] Mobile node that desires Internet connectivity MAY have a globally routable IP address.
Strong DAD • Definition • Ai(t) : Address assigned to node i at time t. • For each address a != undefined, Sa(t) = {j | Aj(t) = a}. • Condition of Strong DAD • Within a finite bounded time interval after t, at least one node in Sa(t) will detect that |Sa(t)| > 1.
1st Try of Host A • MAC Address - a9:bb:cc:dd:ee:ff • IPv6 Address - fec0:0:0:ffff:abbb:ccff:fedd:eeff MANET Prefix EUI-64 • 2nd Try of Host A • 64-bit Random Number – 1111:2222:3333:4444 • IPv6 Address - fec0:0:0:ffff:1111:2222:3333:4444 Random Number Example of Strong DAD • MAC & IPv6 Address of Host C • MAC Address – a9:bb:cc:dd:ee:ff • IPv6 Address - fec0:0:0:ffff:abbb:ccff:fedd:eeff Host C Host B Host A AREP message AREQ message Router Wireless Link Where AREQ : Address Request message, AREP : Address Reply message
Limitation of Strong DAD • Simple Observation • If partitions can occur for unbounded intervals of time, then strong DAD is impossible. • Limitation of Strong DAD • When partitions merge, addresses of all nodes must be checked for duplicates. • This DAD does not indicate how merging of partitions should be detected. • This does not suggest how the congestion caused by DAD messages may be reduced.
Procedure of Strong DAD Generation of 32-bit Random Numberand 64-bit Random Number Generation of Temporary address withMANET_INIT_PREFIX and 32-bit Number • MANET_INIT_PREFIX • FEC0:0:0:FFFF::/96 • MANET_PREFIX • FEC0:0:0:FFFF::/64 Generation of Tentative address with MANET_PREFIX and 64-bit Number Transmission of AREQ message This iteration is performed by predefined retry-number. Was any extended AREP message received from any other node? YES NO Generation of 64-bitRandom Number Reconfiguration of Unicast address in NIC
Weak DAD • Motivation • Handling address duplication due to MANET partitioning and merging • Requirements • Correct Delivery • Packets meant for one node must not be routed to another node, even if the two nodes have chosen the same address. • Relaxed DAD • It does not require detection of all duplicate addresses. • The duplication of addresses can not be detected in partitioned networks.
Resolution of Address Conflict by Weak DAD (IP address, Key) = (a, K_A) A F B C G Partition 1 Partition 2 H E AddressDuplicationReport K D (IP address, Key) = (a, K_K) E detects the duplication of address a with key information (IP address, Key) = (b, K_K)
MANET Address Autoconfigurationdraft-jeong-adhoc-ip-addr-autoconf-02.txt, discussed at IETF-57 • Step 1: Address selection • How to select one of IP addresses in the address space? • Step 2: Duplicate address detection • How to detect a duplicate address? • Step 3: Address change negotiation • Which node should perform a reallocation procedure? • Victim node selection problem • Step 4: Maintenance of upper-layer sessions • How to let an upper-layer session avoid a connection breakage?
MANET Address Autoconf for AODVdraft-jeong-manet-aodv-addr-autoconf-00.txt, discussed at IETF-59 • Step 1: IP address selection • Random address selection • Step 2: Duplicate address detection • Hybrid DAD • Strong DAD + Weak DAD • Step 3: Address change negotiation • Simple victim node selection • Node that is performing route discovery is selected as victim node. • Step 4: Maintenance of upper-layer sessions • Notification of address change • Address change indication similar to MIP binding update • Address Mapping Cache management • It is similar to MIP binding cache management • Data delivery through IP tunneling
Address AutoconfigurationMessage Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Requested or Duplicate IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: - AREQ: Address Request - AREP: Address Reply - AERR: Address Error Code: - 0: default - 1: indication of address change in type AERR
Step1: IP Address Selection- Selection of Random IP Address • IPv4 • IPV4_MANET_PREFIX + 16-bit Random Number • 169.254/16 is used as IPV4_MANET_PREFIX. • There is a great possibility of address conflicts by Birthday Paradox. • Nodes of two to the power eight (= 256) will generate at least one address collision with a probability of 50%. • IPv6 • IPV6_MANET_PREFIX + 64-bit Random Number • fec0:0:0:ffff::/64 is used as IPV6_MANET_PREFIX. • Because of the deprecation of IPv6 site-local address, a new local prefix for local networks separated from the Internet is necessary.
Step2: Duplicate Address Detection- Hybrid DAD = Strong DAD + Weak DAD • Phase 1 : Strong DAD • Time-based DAD • For detecting IP address duplication in a connected MANET partition within a finite bounded time interval • Strong DAD is performed during the initiation of node’s network interface. • Phase 2 : Weak DAD • Routing-based DAD • For detecting IP address duplication during ad hoc routing, e.g., route discovery in AODV • It can handle the address duplication by MANET partition and mergence. • Key is used for the purpose of detecting duplicate IP addresses. • Virtual IP Address = IP Address + Interface Key
Step3: Address Change Negotiation - Simple Victim Node Selection • Detection of Duplication Address • When a node performs route discovery with RREQ in order to communicate with another, address conflict can be detected by Weak-DAD procedure. • If there is the duplicate IP address, • The detector node sends an AERR (Address Error) message to the node using duplicate address that is associated with a different key. • Victim node is the one which is performing route discovery. • We can consider the number of on-going sessions and fairness. • Configuration of a new IP address • The node, receiving the AERR message, auto-configures a new IP address through Strong DAD
Step4: Maintenance of Upper-layer Sessions – 1/3 • Notification of IP Address Change • The node with duplicate address informs its peer nodes with its IP address change through AERR message. • AERR message is used. • It contains Duplicate address and New address. • It plays the same role of Binding Update message of MIP or MIPv6. • The notified peer node stores address mapping information in its local Address Mapping Cache.
Step4: Maintenance of Upper-layer Sessions – 2/3 • Address Mapping Cache (AMC) Management • AMC maintains the association of duplicate address and new announced address. • AMC is similar to MIP binding cache. • AMC is used for tunneling when sending and receiving data packets. • TCP sessions can be maintained even though IP address has been changed.
Data Packet Peer NodeAddress : IPpn Announced NodeNew Address : IPnewOld Address : IPold SRC Addr : IPpnDEST Addr : IPnew Outer IP Header SRC Addr : IPpnDEST Addr : IPold Inner IP Header Payload Step4: Maintenance of Upper-layer Sessions – 3/3 • Data Delivery through IP Tunneling • After the delivery of AERR message, the peer node and announced node exchange data packets through IP tunneling using AMC.
IPv6 Multicast Address Allocation • Role • It allocates a unique IPv6 multicast address to a session without address allocation server. • Address Format • IPv6 multicast (a) is generated on the basis of Interface IDof IPv6 unicast address (b).
IPv4 Multicast Address Allocation • Role • It allocates a unique IPv4 multicast address to a session without address allocation server. • It uses the same idea as IPv6 multicast address allocation. • Address Format • IPv4 multicast (a) is generated on the basis of Host IDof IPv4 unicast address (b).
Procedure of Multicast Address Allocation Request ofMulticast Address Allocationfrom Application Generation of Unused Group ID Generation of a Multicast Address with Interface ID (or Host ID) and Group ID Delivery of the Multicast Address
B C D A E A B C D E 1 1 1 1 1 2 3 4 6 5 7 Service of Multicast Application: Allocation of a unique Multicast Address for a new Session
Multicast Address Allocation in SDR Multicast Addresses of Audio and Video Sessions
Introduction • Name Service in MANET • MANET has dynamic network topology • Current DNS can not be adopted in MANET! • Because it needs a fixed and well-known name server • Idea of Name Service in MANET • All the mobile nodes take part in name service • Every mobile node administers its own name information • It responds to the other node’s DNS query related to its domain name and IP address
LLMNR Sender LLMNR Responder LLMNR query message (What is IPv6 address of “host.private.local”?) - It is sent in link-local multicast LLMNR response message (IPv6 address of “host.private.local”) - It is sent in link-local unicast Verification of LLMNR response- Does the value of the response conform to the addressing requirements? - Is hop-limit of IPv6 header 1? If the result is valid, then the Sender caches and passes the response to the application that initiated DNS query. else the Sender ignores the response and continues to wait for other responses. Related Work: Link-Local Multicast Name Resolution (LLMNR) • Each node performs the role of DNS name server for its own domain name in link-local scoped network
Ad Hoc Name Service Systemfor IPv6 MANET (ANS) • ANS provides Name Service in MANET • MANET DNS Domain • ADHOC. • MANET IPv6 Prefix • IPv6 Site-local Prefix • FEC0:0:0:FFFF::/64 • Architecture of ANS System • ANS Responder • It performs the role of DNS Name Server • ANS Resolver • It performs the role of DNS Resolver • ANS API • It provides user applications with DNS resolver functions
Application ANS API ANS Responder ANS Resolver DNS Query / DNS Response Main-Thread Main-Thread ANS Cache ANSZone DB DNS Query Resolv-Thread Timer-Thread DUR-Thread DNSResponse Process Memeory Read / Write UNIX Datagram Socket Process Thread Memeory Read / Write Thread Internal Connection Cache Internal Connection Database UDP Socket Connection UDP Socket Connection Interaction of ANS System Processes
Name Service in ANS • Name Generation • generates a unique domain name based on the network device identifier • Zone File Generation • generates ANS zone file with the unique domain name and corresponding IPv6 address • Name Resolution • performs the name-to-address translation
Scenario of Name Service within MANET MN-C MN-A MN-B Request ofHost DNS Name Resolution DNS Query Message(MN-C.ADHOC.) DNS Query Messageis sent in Multicast Receipt of DNS Query Message DNS Query Message(MN-C.ADHOC.) Receipt and Processof DNS Query Message DNS Response Message(MN-C’s IPv6 Address) DNS Response Messageis sent in Unicast Gain ofDNS Information MN-A tries to connect to the server on MN-C The server on MN-C acceptsthe request of the connection from MN-A
Authentication of DNS Message • Why is necessary the authentication of DNS message? • To prevent attacker from informing a DNS querier of wrong DNS response • How to authenticate DNS message? • IPsec ESP with a null-transform • Secret key transaction authentication for DNS, called as TSIG [RFC2845] • Our Scheme of Authentication • TSIG message authentication where the trusted nodes share a group secret key for authenticating DNS messages.
DNS Message Format DNS message header Header Section Question for the name server Question Section Answer Section: Resource records answering the question e.g., AAAA RR Authority Section Resource records pointing towardan authority (e.g., AAAA resource record) Additional Section: e.g., TSIG RR Resource records holding additional information (e.g., TSIG resource record)
Mobile Node A(MN-A.ADHOC.) Mobile Node C(MN-C.ADHOC.) DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?)via site-local multicast and UDP DNS Response (IPv6 address of “MN-C.ADHOC.”)via site-local unicastand UDP Verification of DNS Response- Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid? If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number Procedure of Secure DNS Resolution
Service Discovery • Definition • Discovery of the location (IP address, Transport-layer protocol, Port number) of server that provides some service. • Methods • Multicast DNS based Service Discovery • Service discovery through Multicast DNS and DNS SRV resource record, which indicates the location of server or the multicast address of the service • SLP based Service Discovery • Service discovery through IETF Service Location Protocol (SLP) • RFC 2165, RFC 2608, RFC 3111
Considerations for Service Discovery • Limitations of Existing Schemes • Most of current schemes are concerned with service location for the Internet. • Such protocols have not taken into account the mobility, packet loss issues and latency. • Considerations • Some devices are small and have limited computation, memory, and storage capability. • They can only act as clients, not servers. • Power constraints • Service discovery should not incur excessive messaging over wireless interface.
$TTL 20 $ORIGIN ADHOC. PAUL-1 IN AAAA FEC0:0:0:FFFF:3656:78FF:FE9A:BCDE ;; DNS SRV Resource Records; Unicast Service : SERVICE-1 _SERVICE-1._TCP IN SRV 0 1 3000 PAUL-1.ADHOC. _SERVICE-1._UDP IN SRV 0 1 3000 PAUL-1.ADHOC.; Multicast Service : SERVICE-2 _SERVICE-2._UDP IN SRV 0 1 4000 @.1.5. DNS SRV Resource Record for Multicast Service Multicast Service Name 8 4 4 112 Parsing Function MD5 Hash Function FF Group ID Flags label & Scope label 128-bit Digest FlagsP=0, T=1 Scope5 16-bit IPv6 Site-localMulticast Address Prefix + Group ID=Low-order 112 bits of Digest IPv6 Site-local Multicast Address Service Discovery based on Multicast DNS ANS Responder’s Zone File IPv6 Multicast Address corresponding to Service Name Generation of IPv6 Multicast Address
Scenario of Service Discovery MN-A MN-C MN-B Request ofServer Information DNS Query Messagefor Service Information DNS Query Messageis sent in Multicast Receipt of DNS Query Message DNS Query Messagefor Service Information Receipt and Processof DNS Query Messagerelated toDNS SRV resource record DNS Response Messagewith Service Information Gain ofService Information MN-C tries to connect to the server on MN-AorMN-C joins the multicast group related to MN-A The server on MN-A accepts the request of the connection from MN-CorThe multicast group comprises MN-A and MN-C