An Identifier-Locator Approach to Host Multihoming
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Performance Evaluation of TCP Multihoming for IPV6 Anycast Networks and Proxy Placement
University of Central Florida STARS Electronic Theses and Dissertations, 2004-2019 2015 Performance Evaluation of TCP Multihoming for IPV6 Anycast Networks and Proxy Placement Raya Alsharfa University of Central Florida Part of the Electrical and Electronics Commons Find similar works at: https://stars.library.ucf.edu/etd University of Central Florida Libraries http://library.ucf.edu This Masters Thesis (Open Access) is brought to you for free and open access by STARS. It has been accepted for inclusion in Electronic Theses and Dissertations, 2004-2019 by an authorized administrator of STARS. For more information, please contact [email protected]. STARS Citation Alsharfa, Raya, "Performance Evaluation of TCP Multihoming for IPV6 Anycast Networks and Proxy Placement" (2015). Electronic Theses and Dissertations, 2004-2019. 1350. https://stars.library.ucf.edu/etd/1350 PERFORMANCE EVALUATION OF TCP MULTIHOMING FOR IPV6 ANYCAST NETWORKS AND PROXY PLACEMENT by RAYA MAJID ALSHARFA B.S. NAJAF TECHNICAL COLLEGE, 2010 A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Electrical Engineering. in the Department of Electrical Engineering and Computer Science in the College of Engineering and Computer Science at the University of Central Florida Orlando, Florida Fall Term 2015 Major Professor: Mostafa Bassiouni © 2015 Raya Majid Alsharfa ii ABSTRACT In this thesis, the impact of multihomed clients and multihomed proxy servers on the performance of modern networks is investigated. The network model used in our investigation integrates three main components: the new one-to-any Anycast communication paradigm that facilitates server replication, the next generation Internet Protocol Version 6 (IPv6) that offers larger address space for packet switched networks, and the emerging multihoming trend of connecting devices and smart phones to more than one Internet service provider thereby acquiring more than one IP address. -
Host Identity Protocol (HIP) •Overlays (I3 and Hi3) •Summary Introductionintroduction
HostHost IdentityIdentity ProtocolProtocol Prof. Sasu Tarkoma 23.02.2009 Part of the material is based on lecture slides by Dr. Pekka Nikander (HIP) and Dmitrij Lagutin (PLA) ContentsContents •Introduction •Current state •Host Identity Protocol (HIP) •Overlays (i3 and Hi3) •Summary IntroductionIntroduction •Current Internet is increasingly data and content centric •The protocol stack may not offer best support for this •End-to-end principle is no longer followed – Firewalls and NAT boxes – Peer-to-peer and intermediaries •Ultimately, hosts are interested in receiving valid and relevant information and do not care about IP addresses or host names •This motivate the design and development of new data and content centric networking architectures – Related work includes ROFL, DONA, TRIAD, FARA, AIP, .. TheThe InternetInternet hashas ChangedChanged •A lot of the assumptions of the early Internet has changed – Trusted end-points – Stationary, publicly addressable addresses – End-to-End •We will have a look at these in the light of recent developments •End-to-end broken by NATs and firewalls HTTPS, S/MIME, PGP,WS-Security, Radius, Diameter, SAML 2.0 .. Application Application Transport TSL, SSH, .. Transport HIP, shim layers IPsec, PLA, PSIRP Network Network PAP, CHAP, WEP, .. Link Link Physical Physical CurrentCurrent StateState TransportTransport LayerLayer IP layer IP layer Observations IPsec End-to-end reachability is broken Routing Unwanted traffic is a problem Fragmentation Mobility and multi-homing are challenging Multicast is difficult -
Host Identity Protocol
Presentation outline Host Identity Protocol •Introduction: What and why? •Background •HIP in a Nutshell •Mobility and multi-homing (multi-addressing) •HIP infrastructure: Hi3 Pekka Nikander •Current status Ericsson Research Nomadiclab and •Summary Helsinki Institute for Information Technology http://www.hip4inter.net 2 What is HIP? Motivation •Not to standardise a solution to a problem •HIP = Host Identity Protocol •No explicit problem statement A proposal to separate identifier from locator at • Exploring the consequences of the id / loc split the network layer of the TCP/IP stack • •A new name space of public keys •Try it out in real life, in the live Internet •A protocol for discovering and authenticating •A different look at many problems bindings between public keys and IP addresses •Mobility, multi-homing, end-to-end security, •Secured using signatures and keyed hashes signalling, control/data plane separation, (hash in combination with a secret key) rendezvous, NAT traversal, firewall security, ... 3 4 Presentation outline Background •Introduction: What and why? •Background •HIP in a Nutshell •A brief history of HIP •Mobility and multi-homing (multi-addressing) •Architectural background •HIP infrastructure: Hi3 •Related IETF Working Groups •Current status •Summary 5 6 1 A Brief History of HIP Architectural background •1999 : idea discussed briefly at the IETF IP addresses serve the dual role of being •2001: two BoFs, no WG created at that time • End-point Identifiers •02-03: development at the corridors • •2004: WG and RG created -
Primer on Host Identity Protocol
whitepaper Primer on Host Identity Protocol A simpler, more secure approach to IP communications Creating a new standard for network security Host Identity Protocol (HIP) is an open standards-based network security protocol, approved by the leading Internet standards organization, the Internet Engineering Task Force, in 2015. That event crowned over 15 years of HIP development, testing and deployment in coordination with several large companies (such as Boeing, Ericsson, Nokia, Verizon, TeliaSonera) and standard bodies (Trusted Computing Group, IEEE 802). Recognized by the Internet Engineering Task Force (IETF) community as a fundamental improvement in secure IP architecture, HIP was first deployed within the defense and aerospace industry as a cost-efficient and scalable solution to address growing threat environments and the complexity of security policy management. The protocol has been in use for over 10 years in mission-critical environments of all scale and complexity, including applications where downtime costs exceeds $1 million per hour, and nation-state cyber-attacks occur on a regular basis. tempered.io 1 whitepaper | primer on Host Identity Protocol Timeline of internet transport technology Timeline of internet Tempered launches Airnet, transport technology a free HIP VPN 1969 1980 1983 1990 2006 2007 2015 2021 Arpanet starts using Early Arpanet Commercial Boeing Tempered First HIP precursor to TCP/IP converts internet deploys launches HIP RFC TCP/IP RFC to TCP/IP starts HIP implementation Tempered launches Airnet, a free HIP VPN 1969 1980 1983 1990 2006 2007 2015 2021 Arpanet Early Arpanet Commercial Boeing Tempered is TCP/IP converts internet First HIP deploys launches HIP launched RFC to TCP/IP starts RFC HIP implementation Tempered Networks now offers the leading, field-proven HIP implementation. -
RFC 9063: Host Identity Protocol Architecture
Stream: Internet Engineering Task Force (IETF) RFC: 9063 Obsoletes: 4423 Category: Informational Published: July 2021 ISSN: 2070-1721 Authors: R. Moskowitz, Ed. M. Komu HTT Consulting Ericsson RFC 9063 Host Identity Protocol Architecture Abstract This memo describes the Host Identity (HI) namespace, which provides a cryptographic namespace to applications, and the associated protocol layer, the Host Identity Protocol, located between the internetworking and transport layers, that supports end-host mobility, multihoming, and NAT traversal. Herein are presented the basics of the current namespaces, their strengths and weaknesses, and how a HI namespace will add completeness to them. The roles of the HI namespace in the protocols are defined. This document obsoletes RFC 4423 and addresses the concerns raised by the IESG, particularly that of crypto agility. The Security Considerations section also describes measures against flooding attacks, usage of identities in access control lists, weaker types of identifiers, and trust on first use. This document incorporates lessons learned from the implementations of RFC 7401 and goes further to explain how HIP works as a secure signaling channel. Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Not all documents approved by the IESG are candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9063. -
A Holistic Survey of Network-Layer Multipath Junaid Qadir, Anwaar Ali, Kok-Lim Alvin Yau, Arjuna Sathiaseelan, Jon Crowcroft
1 Exploiting the power of multiplicity: a holistic survey of network-layer multipath Junaid Qadir, Anwaar Ali, Kok-Lim Alvin Yau, Arjuna Sathiaseelan, Jon Crowcroft Abstract—The Internet is inherently a multipath network—for available on the Internet, traditional Internet technologies have an underlying network with only a single path connecting various focused mainly on single-path routing for the sake of its nodes would have been debilitatingly fragile. Unfortunately, simplicity and lower overhead. This has led to the artificial traditional Internet technologies have been designed around the restrictive assumption of a single working path between a source lockup of Internet’s capacity, lower fault tolerance and reli- and a destination. The lack of native multipath support constrains ability, and inflexible support for quality of service (QoS). network performance even as the underlying network is richly This is even in contrast to telephone networks, which have connected and has redundant multiple paths. Computer networks traditionally adopted multiple-path routing1 since it leads to can exploit the power of multiplicity—through which a diverse better reliability and greater customer satisfaction (due to the collection of paths is resource pooled as a single resource—to unlock the inherent redundancy of the Internet. This opens up lesser probability of call blocking) [2]. a new vista of opportunities promising increased throughput Notwithstanding the lack of native multipath support on (through concurrent usage of multiple paths) and increased the current Internet, there is a growing convergence in the reliability and fault-tolerance (through the use of multiple paths Internet community that multipath routing and forwarding, or in backup/ redundant arrangements). -
Guidelines for the Secure Deployment of Ipv6
Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. -
Multihoming Support in Mobile IP Networks: Progress, Challenges and Solutions
International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-9 Issue-5, March 2020 Multihoming Support in Mobile IP Networks: Progress, Challenges and Solutions Mohammad Alreshoodi easily attained not only in urban areas but also in remote Abstract: IP network mobility has already emerged as a key environments. Many Internet access options can be exposed domain of wireless IP networking. The network research to mobile IP devices and networks while being on the move. community has taken great interest and paid considerable Wi-Fi hotspots are becoming available in many urban attention to advance IP mobility applications. Accordingly, locations and cellular access can be reached in rural areas. different advanced networking mechanisms have been considered to optimize IP network mobility. One of these mechanisms is The wide availability of these and other access technologies network multi-homing which has been the focus of many IP provides mobile IP networks with a number of wireless mobility studies within the academic research and IETF connectivity alternatives. Multi-interfaced mobile IP devices communities. The combination of network mobility and and multi-gateways mobile IP networks can use all these multi-homing has turned into a conceivable approach to opportunities to establish more resilience Internet access. effectively deal with expanding system availability and improving In addition, multihoming paves the way to have support of the performance of mobile IP network. There are many studies more effective networking techniques in mobile IP networks. proposed during the recent years to realize network multi-homing These include seamless handover among homogeneous and for the Network Mobility Basic Support (NEMO BS) protocol, a leading IETF IP mobility protocol. -
Evaluating 5G Multihoming Services in the Mobilityfirst Future Internet Architecture
Evaluating 5G Multihoming Services in the MobilityFirst Future Internet Architecture Parishad Karimi, Michael Sherman, Francesco Bronzino Ivan Seskar, Dipankar Raychaudhuri Inria, Paris WINLAB, [email protected] Rutgers University Abhimanyu Gosain fparishad,msherman,seskar,[email protected] Raytheon BBN Technologies [email protected] Abstract—In the recent years it has become increasingly etc can be deployed and evaluated. In this paper we focus evident that the current end-to-end host-centric communication on the implementation of mobility services, namely device paradigm will not be capable of meeting the ongoing demand multihoming and its deployment in testbeds including 5G for massive data rates and ultra-low latency. With the advent of fifth generation of cellular architecture (5G) to support these technologies. In Sec. III the principal design elements of requirements on the wireless edge of the network, the need the Mobilityfirst architecture are described along with how for core network solutions to play a complementary role is Mobilityfirst enables 5G services (specifically multihoming). conspicuous. In this paper we present and tackle some of the Next in Sec. IV the details for the components employed in the challenges of deploying a Future Internet Architecture (FIA), implementation are elaborated on. In Sec. V the experimental called MobilityFirst (MF), specifically for 5G use case scenarios. We report our findings of the deployment based on a setup methodology and results are presented. We discuss large scale on a small-scale testbed (ORBIT) and a nation-wide distributed implementation of the experimental setup in Sec. VI and testbed (GENI), and illustrate some results for the use case of finally Sec. -
Mobility Vs Multihoming
Mobility vs Multihoming Naveen Gundu Helsinki University of Technology Telecommunications Software and Multimedia Laboratory [email protected] Abstract example, In multihoming user subscribes different ISPs and networks for different services. User views different options In current scenario, use of mobile and Internet has been like cost effective, secure, quality service from one ISP and increasing and the increasing number of users are coming others. forward to use new services like mobility and multihom- The analysis of this paper presents the idea behind the mo- ing. Roaming users are interested to stay connected with bility and multihoming. The solutions provided with mobile network while moving from one network to another net- IP and layer 4 for both services and how these protocol so- work with multiple network interfaces e.g. WLAN and lutions are trying to fulfill the requirements. It also gives GPRS.Problems which might arise when mobile host moves difference between them. from one network to another network. Some mobility so- lutions have been introduced to ensure connections between networks,e.g., Mobile IPv4 & IPv6. 2 Background This paper gives a brief functional description of multi- homing and mobility, given requirements, problems associ- Here gives an overview about mobility and multihoming at ated with them, related solution to fulfill each requirements end host and site point of view. And also discusses problems and finally comparison between them. and requirements for further discussion. KEYWORDS: Mobility, Mobile IP, Multihoming, Routing, Site Multihoming, Host Multihoming, Node/end-host, ISP. 2.1 Multihoming Multihoming refers to a situation where an end-host having several parallel communication paths that it can use [4]. -
A Security Framework for the Internet of Things in the Future Internet Architecture
Article A Security Framework for the Internet of Things in the Future Internet Architecture Xiruo Liu 1, Meiyuan Zhao 2, Sugang Li 3, Feixiong Zhang 3 and Wade Trappe 3,* 1 Intel Labs, Hillsboro, OR 97124, USA; [email protected] 2 Google, Mountain View, CA 94043, USA; [email protected] 3 Department of Electrical and Computer Engineering, Rutgers University, Piscataway, NJ 08854, USA; [email protected] (S.L.); [email protected] (F.Z.) * Correspondence: [email protected]; Tel.: +1-848-932-0909 Academic Editors: Georgios Kambourakis and Constantinos Kolias Received: 5 June 2017; Accepted: 25 June 2017; Published: 28 June 2017 Abstract: The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. -
Fast Authentication and Trust-Based Access Control in Heterogeneous Wireless Networks Maryna Komarova
Fast authentication and trust-based access control in heterogeneous wireless networks Maryna Komarova To cite this version: Maryna Komarova. Fast authentication and trust-based access control in heterogeneous wireless net- works. domain_other. Télécom ParisTech, 2008. English. pastel-00003793 HAL Id: pastel-00003793 https://pastel.archives-ouvertes.fr/pastel-00003793 Submitted on 9 Jan 2009 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Thèse Présenté pour obtenir le grade de docteur de Telecom-ParisTech Spécialité : Informatique et Réseaux par Maryna Komarova Sujet: AUTHENTIFICATION RAPIDE ET CONTROLE D’ACCES BASE SUR LA CONFIANCE DANS LES RESEAUX SANS FIL HETEROGENES Soutenue le 19 mai 2008 devant le jury composé de : Fabio Martinelli Istituto di Informatica e Telematica Rapporteur Isabelle Chrisment Université Henri Poincaré (Nancy 1) Rapporteur Xavier Lagrange TELECOM Bretagne Examinateur Jean Leneutre TELECOM ParisTech Examinateur Michel Riguidel TELECOM ParisTech Directeur de thèse PhD Thesis Presented to obtain the degree of PhD at the Computer