LandMARC MIPv6 stack for Windows Greg O’Shea Microsoft Research Andrew Scott Lancaster University.
-
date post
21-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of LandMARC MIPv6 stack for Windows Greg O’Shea Microsoft Research Andrew Scott Lancaster University.
LandMARC MIPv6 stack for Windows
Greg O’SheaMicrosoft Research
Andrew ScottLancaster University
LandMARC MIPv6 stack• LandMARC: 2-yr project with Lancaster
University, supporting 3 RA positions
• Several threads, now dominated by MIPv6
• Added mobility to MSR 1.4 IPv6
• RC4b (Win2K) released 1 Jan 2001
• XPB2 (WinXP beta 2): in test (internal)
• WinCE3.0 + RC4b: in development (internal)
• WinCE4.0 + XPB2: in development (internal)
Why mobile IP?• Traditional IP address = (network + host-id)
– is bound to a specific network– Connections break if node moves between nets– Problem for mobile, wireless computers (future)
• Solution: MIPv6 mobile node (MN) uses two addresses– Home Address (HA) well known / used by apps – Care-Of Address (COA) when abroad– TCP sessions survive network hand-off– Nobody has to learn new home address for MN– Provides heterogeneous network hand-off
Mobile at home
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
Movement: BU to home agent
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
CN to HA, tunnel to MN
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
(HomeAddr, COA)
Route Optimisation
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
(HomeAddr, COA)
(HomeAddr, COA)
Barriers to MIPv6
• IPv6 infrastructure– Others can deal with that…
• Security Infrastructure (IPSec)
• Connectivity with IPv4 internet when mobile
• Support for IPv4 application code
• Behaviour of network cards and their drivers
Problem #1 : Security
• Bogus Binding Update– Hilary says to Bill “Send packets for Monica to me”
• Bogus Home Address Option– Hilary says to Bill “Monica said this…”
• Very easy to mount an attack:– ipv6 hau <IPv6 address> 64 <home agent address>
• Giving somebody else’s home address and home agent
– Attach to any IPv6 net
Security : use of IPSec• V12 mandated IPsec AH on Binding Updates
• Works, but too hard to configure and test
• Helps if administrator has:– network monitors attached– kernel debugger(s) installed on all machines– source code for IPv6 stack– program for configuring the program for
configuring IPSec
CAM : joint with Mike Roe• Mobile node m chooses key pair (PKm,SKm)• Mobile m chooses Home addr (IF-Id) Am = H(PKm, i)
– Int i used to resolve IPv6 address collisions
• Binding Update from m includes:A’m, Ac, Am, PKm, i, {H(A’m, Ac, Am, Tm)}SKm
• Correspondent verifies Am = H(PKm, i) and the hash from the Binding Update
• Use of PKm is uncertified, but says nothing about real-world identify• Impostor cannot submit bogus BU without finding (PK’, SK’) where
H(PK’, i) = Am – (which is hard)
Problem #2 : IPv4 connectivity / apps• MN abroad may lose all IPv4 connectivity
– Contactable only on IPv6 care-of address– MN cannot see IPv4 internet (e.g. www) – Nodes on IPv4 internet cannot see the mobile
• Implications for apps and services (e.g. DNS)• Prefer not to port every IPv4 app (yet)• Very few IPv6 apps from Microsoft (yet)
– .NET Framework, IIS, file share, etc
m4in6 : joint with Joe FinneyCorrespondent
Node
MobileNode
HomeAgent
IPv6Home
Network
IPv6Internet
IPv6 ForeignNetwork
IPv4 (routed)
IPv4 (local)
IPv4 in IPv6 tunnel
IPv4Internet
IPv4Correspondent
Network
Kernel development on Win2000• Use cmd line : VStudio doesn’t add much• Makefiles unusual: initially confusing• Docs better than Linux, esp. DDK (but fragmented,
large)• More helpful support: no small group wanting to keep
full control as under Linux• Well-defined APIs preserve code stability• Debugging not great, circa gdb. Use SoftIce.• DbgView (etc) v. useful but not well known• NDIS easy to work with (miniport, intermediate, proto)• Learning curve 1-2 weeks alone, ~1 day supervised
Kernel development on WinCE
• Excellent development support• Great documentation – small unambiguous API• Drivers as easy as user-space programming (dlls)• Full source level debug in IDE using remote host• Remote driver loading on demand really nice• Important to use “recommended” CEPC components
– VERY difficult to get drivers for single board computers
– Companies can be really unhelpful – often because they’ve bought in the drivers and simply can’t support them.
Tech tutorial at IDMS2001
• Objective: Intro to building, modifying and testing the LandMARC stack
• Date: 4 September 2001
• Place: Lancaster University, or thereabouts
Further Infohttp://research.microsoft.com/programs/europe/
projects/MIPv6.asphttp://www.LandMARC.nethttp://research.microsoft.com/msripv6http://msdn.microsoft.com/downloads/sdks/platform/
tpipv6/readme.asphttp://support.microsoft.com/support/kb/articles/q273/8/26.asphttp://www.IDMS2001.org/CAM: Childproof Authentication for MIPv6, G O’Shea
and M Roe, Computer Communications Review, April 2001
Mobile 4-in-6 (m4in6), J Finney and G O’Shea, Interactive Distributed Multimedia Systems (IDMS2001), 4-7 Sept 2001, Lancaster, UK