Router Advertisements for Routing between Moving Networks
description
Transcript of Router Advertisements for Routing between Moving Networks
Router Advertisements for Routing between Moving Networks
draft-petrescu-autoconf-ra-based-routing-00.txtPresenter: Alexandru Petrescu
IETF 78 Maastricht29 July 2010, AUTOCONF Working Group
Slide 1
Outline
• Problems: once addresses and prefixes are assigned – how to update routing tables.
• ICMPv6 extension• Topology and Message Exchange Diagrams• Conceptual Algorithm on MR3; scalability• Recent remarks (from AUTOCONF, MEXT and
private).• Implementation
Slide 2
Problem
Slide 3
MR1
LFN1
MR2
LFN2
?Routing tables?
Self-formed link-local addresses
Prefixespre-configured
ICMPv6 Extension Router Advertisement is a message format defined in [RFC4861] as an ICMPv6 message. The document [RFC5175] proposes an option for RA extensibility: IPv6 Router Advetisement Flags Option. We propose to reserve bit 16 for Mobile Network Prefixes.
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length |M| Bit fields available ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ... for assignment | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
'M' - Mobile Network Prefix present. Set to 1 if this Router Advertisement contains a Mobile Network Prefix.
If the RA Flags Option contais the flag M, and set to 1, then the Router Advertisement MUST contain a Route Information Option [RFC4191] followed optionally by a Source-Link Layer Address Option [RFC4861]. (If this SLLAO option is used then it avoids the necessity of doing NS/NA exchange for the link-local address of the Gateway entry in the data structure mentioned earlier.)
Slide 4
Topology and Message Exchange Diagrams MR-to-MR
2001:db8:3::/64
egressegress
MR1Net1
LFN11
MR3Net3
LFN31
WiFiessid: “V3”channel: 9mode: managed
fe80::MR1_egress
2001:db8:1::/64
fe80::MR3_egress
fe80::MR1_ingress fe80::MR3_ingress
eth0 eth0
2001:db8:2::/64
egress
MR2Net2
LFN21
WiFiessid: “V2”channel: 9mode: managed
fe80::MR2_egress
fe80::MR2_ingress
eth0
WiFiessid: “V1”channel: 9
mode: managed
SimultaneousMLD“JOIN”
MR1 MR2 MR3
RA1:
RA3:
RA2:
Phase 1
Phase 2
Simultaneous power-upof 3 MRs.
Slide 5
WiFiessid: “V2V”channel: 3mode: ad-hoc
Slide 6
More Message Exchange DiagramsMR1 MR2 MR3
MLD “JOIN”
RA1:
RA3:
RA2:
RS
MR1 MR2 MR3
RA1 used for deletionMNP1, flag ‘D’, or lifetime ‘0’
Upon receipt of this RA,MR2 and 3 delete theirroutes for MNP1 fromtheir routing tables.
MR1 MR2 MR3
RA1:
RA2:
RS
Timeout
Deletion
Renewal, eventually
Arrival of MR3 in a settingof MR1 and MR2.
Timed out expirationand deletion.
Explicitdeletion.
Slide 7
Conceptually – an Algorithm on MR3
(1)Send an RA containing the prefix(es) allocated to its subnets to which the ingress interfaces are connected
(2) "Join" the all-routers multicast address with link-scope, on its egress interface
(3) Send a Router Solicitation (RS) on its egress interface requesting RAs from MR1 and MR2
(4) Receive their special RAs: RA1 and RA2
(5) For each received RA, extract the source address and the prefixes and insert the corresponding number of routing table entries; these entries will help reach the LFNs in the moving networks of MR1 and MR2.
Slide 8
Scalability
Dst prefix Gateway Dev
2001:db8:2::/64 fe80::MR2_egress egress
2001:db8:3::/64 fe80::MR3_egress egress
2001:db8:n::/64 fe80::MRn_egress egress
2001:db8:1::/64 « connected » ingress
Routing table on MR1
MR1
LFN11
MR2
LFN12LFN1n
LFN21
LFN22LFN2m
MR3
LFN21
LFN22LFN2m
MRn
LFN11
LFN12LFN1n
Number of entries equals thenumber of Mobile Routersat the scene.
Dst prefix Gateway Dev
2001:db8:1::/64 « connected » eth0
default fe80::MR1_ingress eth0
Routing table on LFN11Number of entries is constant.
Slide 9
Security
• Example risk: attacker MR claims towards other MRs that it owns the MNP of a victim MR – victim MR no longer receives its traffic.
• More threats.• Is SeND appropriate.• Certificates when PKI infrastructure is absent.• Ongoing work.
Slide 10
• Bug in distinctor of prefixes (/64 instead of /24)• Use of distinctive ESSIDs on egress and ingress interfaces• Use of link-local addresses (notation, pertinence)• Address spoofing mode not good• How is MNP provided initially?• Addressing model not new and inline with IPv6 addressing arch• Collective « we » look at addres/prefix autoconf w/o restrictions for packet relaying via
same interface• Is this multi-hop?• Adapted to MEXT or AUTOCONF? [Teco, Chris, Ulrich, Henning, ThomasC – discussion
above]• Concept of prefix ownership, SeND• Is MR2 relaying between 1 and 3 (if so packet rcvd on multiple paths?)• Specifics on Route Deletion, RS used for.• Have I checked AODV and similar [Antti]
Remarks from AUTOCONF and MEXT WGs
Slide 11
• Wrong email address of a co-author• Need to separate the addressing model from
protocol
Private Remarks
Slide 12
Implementation• Extensions to ICMP Router
Advertisements sent on the egress interface
• Implementation on linux with radvd 1.4
• Packet Dissectors for Wireshark, for the packet formats
• Link-layer security on egress using WPA-NONE PSK TKIP/AES (yes, it is secure); and WEP too some times.
Slide 13
More on the Addressing Model
Slide 14
Slide 15
• Thanks in advance to the note takers!
Comments
Slide 16