Reducing Packet Overhead in Mobile Ipv6
Total Page:16
File Type:pdf, Size:1020Kb

Load more
Recommended publications
-
Kirjoituspohja VTT Science
IENCE C • •S T S E C Small world for dynamic wireless cyber-physical N O H I N systems S O I V Dissertation L • O S 142 G T Y H • R Industries and consumer markets are today increasingly using G I E L VTT SCIEN CE S H E G services exposed from wireless sensor and actuator networks, A I R H C cyber-physical machine-to-machine systems. The motivation for H the research arises from problems detected in the remote 1 4 2 interaction with embedded devices over dynamic wireless networks in such systems. The selected approach is based on the application of the small- world paradigm to cyber-physical systems. It is here assumed that the concept of small world, "six degrees of separation", can be expanded to also cover communication with wireless embedded devices in cyber-physical systems context. The main contributions are the technical enablers referred to as dynamic communication spaces, dynamic M2M service spaces, configuration and remote use of services, communication overlay, access systems selection, integrated mobility, secure ad hoc networking, situated opportunistic communication, hierarchical networking for small-world networks, and short-cuts for network optimization. The enablers have been evaluated as separate technical methods and means by means of experiments and/or simulations. According to the evaluations, the enablers seem to work well as separate building blocks and that they can be combined to expand the concept of small world to also cover communication with embedded devices. Wireless short-cuts can improve the scalability and efficiency of dynamic wireless networking and weak links are essential in the neighbour discovery process. -
QUESTION 20-1/2 Examination of Access Technologies for Broadband Communications
International Telecommunication Union QUESTION 20-1/2 Examination of access technologies for broadband communications ITU-D STUDY GROUP 2 3rd STUDY PERIOD (2002-2006) Report on broadband access technologies eport on broadband access technologies QUESTION 20-1/2 R International Telecommunication Union ITU-D THE STUDY GROUPS OF ITU-D The ITU-D Study Groups were set up in accordance with Resolutions 2 of the World Tele- communication Development Conference (WTDC) held in Buenos Aires, Argentina, in 1994. For the period 2002-2006, Study Group 1 is entrusted with the study of seven Questions in the field of telecommunication development strategies and policies. Study Group 2 is entrusted with the study of eleven Questions in the field of development and management of telecommunication services and networks. For this period, in order to respond as quickly as possible to the concerns of developing countries, instead of being approved during the WTDC, the output of each Question is published as and when it is ready. For further information: Please contact Ms Alessandra PILERI Telecommunication Development Bureau (BDT) ITU Place des Nations CH-1211 GENEVA 20 Switzerland Telephone: +41 22 730 6698 Fax: +41 22 730 5484 E-mail: [email protected] Free download: www.itu.int/ITU-D/study_groups/index.html Electronic Bookshop of ITU: www.itu.int/publications © ITU 2006 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. International Telecommunication Union QUESTION 20-1/2 Examination of access technologies for broadband communications ITU-D STUDY GROUP 2 3rd STUDY PERIOD (2002-2006) Report on broadband access technologies DISCLAIMER This report has been prepared by many volunteers from different Administrations and companies. -
Ipv6 Security: Myths & Legends
IPv6 security: myths & legends Paul Ebersman – [email protected] 21 Apr 2015 NANOG on the Road – Boston So many new security issues with IPv6! Or are there… IPv6 Security issues • Same problem, different name • A few myths & misconceptions • Actual new issues • FUD (Fear Uncertainty & Doubt) Round up the usual suspects! Remember these? • ARP cache poisoning • P2p ping pong attacks • Rogue DHCP ARP cache poisoning • Bad guy broadcasts fake ARP • Hosts on subnet put bad entry in ARP Cache • Result: MiM or DOS Ping pong attack • P2P link with subnet > /31 • Bad buy sends packet for addr in subnet but not one of two routers • Result: Link clogs with routers sending packet back and forth Rogue DHCP • Client broadcasts DHCP request • Bad guy sends DHCP offer w/his “bad” router as default GW • Client now sends all traffic to bad GW • Result: MiM or DOS Look similar? • Neighbor cache corruption • P2p ping pong attacks • Rogue DHCP + rogue RA Solutions? • Lock down local wire • /127s for p2p links (RFC 6164) • RA Guard (RFC 6105) And now for something completely different! So what is new? • Extension header chains • Packet/Header fragmentation • Predictable fragment headers • Atomic fragments The IPv4 Packet 14 The IPv6 Packet 15 Fragmentation • Minimum 1280 bytes • Only source host can fragment • Destination must get all fragments • What happens if someone plays with fragments? IPv6 Extension Header Chains • No limit on length • Deep packet inspection bogs down • Confuses stateless firewalls • Fragments a problem • draft-ietf-6man-oversized-header-chain-09 -
Mobile IP Administration Guide
Mobile IP Administration Guide Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303-4900 U.S.A. Part Number 806-6542–10 January 2001 Copyright 2001 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California 94303-4900 U.S.A. All rights reserved. This product or document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this product or document may be reproduced in any form by any means without prior written authorization of Sun and its licensors, if any. Third-party software, including font technology, is copyrighted and licensed from Sun suppliers. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, docs.sun.com, AnswerBook, AnswerBook2, and Solaris are trademarks, registered trademarks, or service marks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun’s licensees who implement OPEN LOOK GUIs and otherwise comply with Sun’s written license agreements. -
Ipv6 – What Is It, Why Is It Important, and Who Is in Charge? … Answers to Common Questions from Policy Makers, Executives and Other NonTechnical Readers
IPv6 – What is it, why is it important, and who is in charge? … answers to common questions from policy makers, executives and other nontechnical readers. A factual paper prepared for and endorsed by the Chief Executive Officers of ICANN and all the Regional Internet Registries, October 2009. 1. What is IPv6? “IP” is the Internet Protocol, the set of digital communication codes which underlies the Internet infrastructure. IP allows the flow of packets of data between any pair of points on the network, providing the basic service upon which the entire Internet is built. Without IP, the Internet as we know it would not exist. Currently the Internet makes use of IP version 4, or IPv4, which is now reaching the limits of its capacity to address additional devices. IPv6 is the “next generation” of IP, which provides a vastly expanded address space. Using IPv6, the Internet will be able to grow to millions of times its current size, in terms of the numbers of people, devices and objects connected to it1. 2. Just how big is IPv6? To answer this question, we must compare the IPv6 address architecture with that of IPv4. The IPv4 address has 32 bits, allowing today’s Internet to connect up to around four billion devices. By contrast, IPv6 has an address of 128 bits. Because each additional bit doubles the size of the address space, an extra 96 bits increases the theoretical size of the address space by many trillions of times. For comparison, if IPv4 were represented as a golf ball, then IPv6 would be approaching the size of the Sun.2 IPv6 is certainly not infinite, but it is not going to run out any time soon. -
Guidelines for the Secure Deployment of Ipv6
Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks NIST Special Publication 800-119 Guidelines for the Secure Deployment of IPv6 Recommendations of the National Institute of Standards and Technology Sheila Frankel Richard Graveman John Pearce Mark Rooks C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 December 2010 U.S. Department of Commerce Gary Locke, Secretary National Institute of Standards and Technology Dr. Patrick D. Gallagher, Director GUIDELINES FOR THE SECURE DEPLOYMENT OF IPV6 Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-119 Natl. Inst. Stand. Technol. Spec. Publ. 800-119, 188 pages (Dec. 2010) Certain commercial entities, equipment, or materials may be identified in this document in order to describe an experimental procedure or concept adequately. -
DOD Memorandum: Department of Defense Implementation of Internet
DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON DC 20301-1010 June 29, 2021 MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS SUBJECT: Directive-type Memorandum 21-004 – “Department of Defense Implementation of Internet Protocol Version 6” References: See Attachment 1 Purpose. Pursuant to the Federal requirements in Office of Management and Budget (OMB) Memorandum M-21-07, this directive-type memorandum (DTM): • Establishes policy, assigns responsibilities, and prescribes procedures for deploying and using Internet Protocol version 6 (IPv6) in DoD information systems. • Is effective June 29, 2021; it will be converted to a new DoD instruction. This DTM will expire effective 12 months from the date issuance is published on the DoD Issuances Website, June 29, 2022. Applicability. This DTM: • Applies to OSD, the Military Departments (including the Coast Guard at all times, including when it is a Service in the Department of Homeland Security by agreement with that Department), the Office of the Chairman of the Joint Chiefs of Staff and the Joint Staff, the Combatant Commands, the Office of Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within DoD (referred to collectively in this issuance as the “DoD Components”). • Does not apply to National Security Systems, as defined by Committee on National Security Systems Instruction 4009. Definitions. See Glossary. Policy. Pursuant to OMB Memorandum M-21-07, all new networked DoD information systems that use internet protocol (IP) technologies will be IPv6-enabled before implementation and operational use by the end of fiscal year (FY) 2023. -
Ipv6, the DNS and Big Packets
IPv6, the DNS and Big Packets Geoff Huston, APNIC The IPv6 Timeline… 2010 1990 2000 2020 The IPv6 Timeline… Yes, we’ve been working on this for close to 30 years! 2010 1990 2000 2020 The IPv6 Timeline… Yes, we’ve been working on this for close to 30 years! 2010 1990 2000 2020 In-situ transition… In-situ transition… Phase 1 – Early Deployment IPv4 Internet Edge Dual -Stack Networks IPv6 networks interconnect by IPv6-over-IPv4 tunnels In-situ transition… Phase 2 – Dual Stack Deployment Transit Dual-Stack Networks Edge Dual-Stack Networks IPv6 networks interconnect by Dual Stack transit paths In-situ transition… Phase 3 – IPv4 Sunset IPv6 Internet Edge Dual Stack Networks IPv4 networks interconnect by IPv4-over-IPv6 tunnels We are currently in Phase 2 of this transition Some 15% - 20% of Internet users have IPv6 capability Most new IP deployments use IPv6+ (NATTED) IPv4 IPv4-only Legacy networks are being (gradually) migrated to dual stack The Map of IPv6 penetration – August 2017 The Map of IPv6 penetration – August 2017 We are currently in Phase 2 of this transition Some 15% of Internet users have IPv6 capability Most new IP deployments use IPv6 IPv4-only Legacy networks are being (gradually) migrated to dual stack Today We appear to be in the middle of the transition! Dual Stack networks use apps that prefer to use a IPv6 connection over an IPv4 connection when both are available (*) This implies that the higher the IPv6 deployment numbers the less the level of use of V4 connection, and the lower the pressure on the NAT binding clients * Couple of problems with this: This preference is often relative, and in the quest for ever faster connections the ante keeps rising – Apple is now pressing for a 50ms differential. -
Ipv6 Cheat Sheet
Internet Protocol Version 6 (IPv6) Basics Cheat Sheet IPv6 Addresses by Jens Roesen /64 – lan segment, 18,446,744,073,709,551,616 v6 IPs IPv6 quick facts /48 – subscriber site, 65536 /64 lan segments successor of IPv4 • 128-bit long addresses • that's 296 times the IPv4 address space • that's 2128 or 3.4x1038 or over 340 /32 – minimum allocation size, 65536 /48 subscriber sites, allocated to ISPs undecillion IPs overall • customer usually gets a /64 subnet, which yields 4 billion times the Ipv4 address space • no need for network address translation (NAT) any more • no broadcasts any more • no ARP • stateless address 2001:0db8:0f61:a1ff:0000:0000:0000:0080 configuration without DHCP • improved multicast • easy IP renumbering • minimum MTU size 1280 • mobile IPv6 • global routing prefix subnet ID interface ID mandatory IPsec support • fixed IPv6 header size of 40 bytes • extension headers • jumbograms up to 4 GiB subnet prefix /64 IPv6 & ICMPv6 Headers IPv6 addresses are written in hexadecimal and divided into eight pairs of two byte blocks, each containing four hex IPv6 header digits. Addresses can be shortened by skipping leading zeros in each block. This would shorten our example address to 0 8 16 24 32 2001:db8:f61:a1ff:0:0:0:80. Additionally, once per IPv6 IP, we can replace consecutive blocks of zeros with a version traffic class flow label double colon: 2001:db8:f61:a1ff::80. The 64-bit interface ID can/should be in modified EUI-64 format. A MAC 00 03 ba 24 a9 6c payload length next header hop limit 48-bit MAC can be transformed to an 64-bit interface ID by inverting the 7th (universal) bit and inserting a ff and fe byte after rd source IPv6 address the 3 byte. -
Mobile IP Versus Ipsec Tunneling with MOBIKE: a Comparison Under Wireless Vertical Handover with NS-2
ENSC835: COMMUNICATION NETWORKS SPRING 2011 FINAL PROJECT Mobile IP versus IPsec Tunneling with MOBIKE: A Comparison Under Wireless Vertical Handover With NS-2 http://www.sfu.ca/~cdk4 Christopher Kilgour 301106137 [email protected] Team #1 Abstract Mobile devices are increasingly including support for multiple heterogeneous wireless networks like 3G cellular, 4G, and IEEE 802.11. When an IP-equipped mobile device attaches to a network, it typically obtains a temporary network address allocated by the visited network provider. One approach to provide a permanent IP address to a mobile device is Mobile IP. Mobile IP has some objectionable aspects: it often requires network provider support, and it can drop data during vertical handover. IPsec tunneling with IKEv2 Mobility and Multihoming Protocol (MOBIKE) may be used as an alternative to Mobile IP. IPsec tunnels do not require any special support from the network provider. Because it supports multi-homing, MOBIKE can provide make-before-break operation, eliminating the data interruption during vertical handover. The ns-2 simulation tool is enhanced, and a comparison of vertical handover scenarios is performed, in this report. Table of Contents Introduction.....................................................................................................................................................4 IP Mobility And Tunneling............................................................................................................................5 Mobile IP....................................................................................................................................................5 -
Secure Firewall Traversal in Mobile IP Network
Secure Firewall Traversal in Mobile IP Network Jung-Min Park1, Min-Jung Jin2, and Kijoon Chae2 1 Intelligent System Control Research Center, KIST, Korea [email protected] 2 Department of Computer Science and Engineering, Ewha Womans Univ., Korea {mjjin,kjchae}@ewha.ac.kr Abstract. With recent advances in wireless communication technology, mobile computing is an importance research area. Mobile IP is designed to provide IP services to roaming nodes. Mobile users take advantage of this protocol to ob- tain the services as if they were connected to their home network. In many cases mobile users is connected through a wireless link and is protected by corpora- tion’s firewall in virtual private network. In order to have a successful deploy- ment of Mobile IP as an extension of a private network, security services should be provided as if the mobile node were attached to its home network. In this pa- per, we propose the security mechanism of combining Mobile IP and IPSec tun- nels, which can provide secure traversal of firewall in a home network. The simulation results show that the proposed mechanism provides the secure and efficient communication. 1 Introduction Mobility in IP networks is a significant issue due to the recent increase of many port- able devices such as notebook and PDA and the development of wireless network interface. Many popular applications such as E-commerce and remote access require transmission of highly sensitive information, often over wireless links. Mobility im- plies higher security risk than static operation in fixed network, because the traffic may at times take unexpected network paths with unknown or unpredictable security characteristics. -
Ipv6 and DNS Ipv6 – the Future of IP
IPv6 and DNS Chapters 22,29 CSA 442 IPv6 – The Future of IP • Current version of IP - version 4 - is over 20 years old • IPv4 has shown remarkable ability to move to new technologies – IP has accommodated dramatic changes since original design – Basic principles still appropriate today – Many new types of hardware – Scaling - from a few tens to a few tens of millions of computers • But, as with any old technology, it has some problems • IETF has proposed entirely new version to address some specific problems 1 Motivation for Change • Address space – 32 bit address space allows for over a million networks – But…all that is left is Class C and too small for many organizations – Predictions we would have run out of IP addresses by now – Besides, how will we network all our toasters and cell phones to the Internet? • Type of service – Different applications have different requirements for delivery reliability and speed ; i.e. real time data, quality of service – Current IP has type of service that's not often implemented • Multicast Name and Version Number • Preliminary versions called IP - Next Generation (IPng) • Several proposals all called IPng • One was selected and uses next available version number (6) – Version 5 was already assigned to an experimental protocol, ST, Streams Protocol • Result is IP version 6 (IPv6) • In the works since 1990 2 New Features of IPv6 • Address size - IPv6 addresses are 128bits – ~3*1038 possible addresses in theory • Header format - entirely different • Extension headers - Additional information stored