* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Mobile IPv6 to manage Multiple Interfaces
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
IP Multicasting and Mobile IP Christophe Jelger Post-doctoral researcher [email protected] Christophe Jelger – CS221 Network and Security - Universität Basel - 2005 1 Plan IP Multicast General concept Subscriptions (IGMP, MLD) Multicast routing Shared trees Source-based trees Mobile IP General concept Mobile IPv4 Mobile IPv6 Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 2 IP Multicast Group communications at the network layer IP Multicast Mobile IP Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 3 Unicast streaming 011010 011010 011010 011010 Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 4 Multicast streaming 011010 Multicast Tree 011010 011010 011010 011010 011010 011010 Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 5 IP Multicast: address range (see http://www.iana.org) IPv4 Class-D addresses: 224.0.0.0 to 239.255.255.255 (224.0.0.0/28, or 16 Class-A networks !) Some special addresses … 224.0.0.1 = all multicast-capable hosts 224.0.0.2 = all multicast routers 224.0.0.13 = all PIM routers IPv6 ff0x::/8 where x is the scope (2=local, 5=site, e=global) Some special addresses … ff02::1 all nodes on link, ff02::2 all routers on link ff02::16 all MLDv2 multicast routers ff02::d all PIM multicast routers Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 6 IP Multicast: IP to Ethernet mapping IPv4 Ethernet multicast (first 24 bits): 01:00:5E + 0 for 25th bit 23 bits available to map the IPv4 address to an Ethernet address the least significant bits are mapped Ex: 224.129.47.23 01:00:5E:01:2F:17 IPv6 Ethernet multicast (first 16 bits): 33:33 32 bits available to map the IPv6 address the least significant bits are mapped Ex: ff05::207:85ff:fe92:7ff8 33:33:fe:92:7f:f8 In both cases, the Ethernet layer acts as an imperfect filter Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 7 IP Multicast: Step 1 group subscription IPv4 : Internet Group Membership Protocol (IGMP) IPv6 : Multicast Listener Discovery (MLD) Objective: a multicast router must periodically discover nodes that want to join a certain group The router can then join the appropriate multicast delivery tree The router only needs to know if there is some interest for a group: it does not need to know exactly how many nodes are interested There exists different versions of IGMP and MLD: the main difference is the ability to perform "source-filtering" (so that only the traffic sent by a (some) given source(s) is received) Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 8 IP Multicast: group subscription with MLD (subscription with IGMP is similar) JOIN multicast group ff0e::1234:5678 Multicast router Group: ff0e::1234:5678/64 MAC : 33:33:12:34:56:78 MLD Query MLD Report Multicast DATA sent to 33:33:12:34:56:78 / ff0e::1234:5678 ff0e::1234:5678 Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 9 IP Multicast: Step 2 Multicast routing Objective is to build the multicast delivery tree(s) Two families of trees: Shared-trees (*,G): the tree is shared by all (*) multicast sources sending to group G Source-based trees (S,G): only a given source S can send multicast data on the delivery tree for group G There has been many protocols for multicast routing, but today the only protocol deployed is PIM: Protocol Independent Multicast PIM-SM: Sparse-Mode (shared trees) PIM-SSM: Source-Specific Multicast (source-based trees) Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 10 IP Multicast: Step 2 Multicast routing Source-based tree (PIM-SSM) Source S1 2 (S1,G) 1 Shared tree (PIM-SM) (S1,G) 2 5 6 7 (S2,G) 5 (*,G) Rendez-Vous Point 1 3 4 Source S1 3 6 4 7 Source S2 PIM router with group member(s) PIM JOIN message Christophe Jelger – CS221 Network and Security - Universität Basel - 2005 11 IP Multicast: some conclusions IP Multicast is very suitable for Group communications with multiple sources and receivers (shared tree): known as N-to-M communication Video-conferencing, network games Group communications with one source and multiple receivers (source-based tree): known as 1-to-M communication TV and radio streaming, content distribution Current deployment of IP Multicast is not large Lack of security: a misbehaving user can create forwarding states by joining hundreds of groups Billing: who should pay for what ? Source discovery accross AS (Autonomous Systems) is complex Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 12 Mobile IP Adding mobility at the network layer IP Multicast Mobile IP Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 13 Users are becoming mobile World-wide availability of popular wireless communication technologies More and more portable wireless devices are also available, and they become really powerful Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 14 Mobile IP Problems introduced by mobility When a mobile node moves to a visited network, how is it possible to reach it again ? What about current on-going connections ? (with TCP, IP addresses partly identifies a connection) Objectives of Mobile IP To permit that a mobile node becomes reachable when it is in a visited network To allow on-going connections to be maintained when the mobile node is moving Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 15 Mobile IPv6: basic mechanisms Binding Update Message (H@ CoA) Home network Internet Home agent Visited network Correspondant Sending to H@ Access point The mobile node main address is mobile the home address The node obtains(H@) an address in the visited network: the care-of address (CoA) Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 16 Mobile IPv6: route optimization Binding Update Message (H@ CoA) Home network Internet Home agent Access point Visited network Correspondant Sending to H@ via CoA Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 17 Mobile IP: maintaining TCP connections IPv4: tunneling A packet sent by or to the mobile node's home address is encapsulated in another packet sent by or to the CoA IPv6: routing header and home address option Via the home agent, tunneling is used With route optimization, a packet sent to the mobile node's home address is replaced by a packet sent to the CoA which also contains a routing header equal to the H@ A packet sent by the mobile node always uses the CoA as source address, and it contains a home address option equal to H@ Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 18 Mobile IP: some conclusions Deployment Mobile IP has failed to be widely deployed because until recently it suffered from serious security problems: authentication is indeed critical so that a malicious user cannot register a bogus CoA with a home agent Usage The "always-on" paradigm is not a reality yet The need for Mobile IP is not mature enough Christophe Jelger – CS221 Network and Security - Universität Basel - 2007 19