USING HIP TO SOLVE MULTI-HOMING IN IPV6 NETWORKS
|
|
- Duane Hoover
- 5 years ago
- Views:
Transcription
1 USING HIP TO SOLVE MULTI-HOMING IN IPV6 NETWORKS Zhangyi Yuan 1, Xiaohong Huang 1, Junyi Zhang 2, Fred Baker 3 1 Research Institute of Networking Technology, Beijing University of Posts and Telecommunications, Beijing 2 Hitachi Medical Corporation & CUST, Changchun University of Science and Technology, Changchun 3 Cisco Systems, Inc rinceyuan@gmail.com, huangxh@bupt.edu.cn, zjyyxn11@yahoo.com.cn, fred@cisco.com Abstract Multi-homing and mobility can provide more stability and convenience in the future network, but they still bring new challenges such as addresses change in mid-session. This paper introduces a new application context which integrates NAT66 environment with multi-homing and the implementation of HIP in solving this challenge. This paper also specializes in the implementation of HIP on solving mobile IP and addresses change. Finally, there is a test scenario to show that. Keywords: HIP; Multi-homing; IPv6; 1 Introduction Nowadays, enterprises prefer PI addresses (Provider Independence) in company-internal network. It also works in the future IPv6 environment. This address independence requirement has been a primary driver for IPv6 NAT deployment [1] in small to medium enterprise networks. While some new services such as multi-homing and mobile IP integrated with this network, some problems occur [2]. initiates a session with B, the data exchange will be like following: 1. A obtains B's external addresses (J' and K') from DNS server or others, 2. Selects one and sends a datagram to it, perhaps A'->J'. 3. A's source address is translated in ISP H, so that the datagram is now H'->J'. 4. ISP J conveys the datagram to B's network, and the router changes the destination address from J' to B'. 5. B ultimately receives a datagram that it perceives as arriving from H'. [2] Note that A's choice of an address for B had nothing to do with B's routing policy; it had to do with the correctness of the assertion that the use of the address would get the datagram to B. At this point, B replies: 1. B' sends a datagram in reply, B'->H'. 2. Routing takes the datagram to one of the ISPs, perhaps K. 3. B's source address is translated so that the datagram is now K'->H'. 4. ISP H conveys the datagram to A's network, and the router changes the destination address from H' to A'. 5. A ultimately receives a datagram that it perceives as arriving from K'. [2] Figure1. Multi-homing Problems Taking a classic customer multi-homing application as an example. As is shown in Figure1, when host A At this point, the transmitting protocol will not recognize it as a responding datagram - it seems like a SYN-ACK or response on a different session.
2 2 Instruction of NAT66 and HIP 2.1 NAT66 NAT66, referred in an IETF draft, may be implemented in an IPv6 router to map one IPv6 address prefix to another IPv6 address prefix as each IPv6 packet transits the router. [1] NAT66 provides a simple and compelling solution to meet the Address Independence requirement in IPv6. It doesn t include a port mapping function, and the address mapping mechanism is checksum-neutral. This avoids the need for a NAT66 device to re-write transport layer headers, making it feasible to deploy new or improved transport layer protocols without upgrading NAT66 devices. Because NAT66 does not involve re-writing transport-layer headers, it will not interfere with encrypting the full IP payload in many cases. It adopts a clever way to make checksum neutral named two-way algorithmic [1] before and after NAT. Also in our lab, we choose FTPv6 and TFTPv6 to verify it works after NAT66. In Figure 2, we use an example to explain this mapping algorithm. Figure2. NAT66 Address Mapping We have implemented it as a module in a Linksys router. [3] 2.2 HIP HIP, Host Identity Protocol, brings in a new identity--hi, Host Identifier, to mark all the hosts which connect to the Internet. It is global unique. The main purpose is to disconnect the close connection between Network layer and Transport layer so that the function of IP will be concentrated on IP routing and the mark of service in the upper layer will rely on HIP layer. [5][8] As is show in Figure3, HIP insert a complete new layer between layer3 and layer4---host identity layer (HIL). After that, upper layer will use Host Identity Tag (HIT) instead of IP address: Transport layer use <HIT, port > instead of <IP address, port>. HIL realizes identity transition between IP address and HIT. As a result, any changes in Network layer will not affect the upper applications. Figure3. New Architecture Any HIP base host will initiates four packets handshake before the HIP connection is built. The first packet, I1, initiates the exchange, and the last three packets, R1, I2, and R2, constitute an authenticated Diffie-Hellman [DIF76] key exchange for session key generation [6]. 3 HIP implementation in multi-homing networks We build a test bed in Figure4 to simulate a IPv6 multi-homing enterprise internal network. HIP is implemented in two Linux hosts, NAT66 module development is based on IPv6-to-IPv6 Network Address Translation (NAT66) [1] and it was inserted in the four edge routers. [3] The whole work is divided into two parts. In the first one, we test HIP solving multi-homing without NAT66 module. In the other one, we repeat the same steps with NAT66 module inserted. Some interesting things are revealed. FD01:0203:0405:0001::2/48 PC A FD01:0203:0405:0001::1/48 NAT OUTSIDE: 2001:0DB8:0001:D550::1/48 Switch A FD01:0203:0405:0001::3/48 Linksys Router 1 Linksys Router ::2/ ::1/48 NAT OUTSIDE: 2002:0DB8:0001:D54F::1/ ::1/ ::1/48 PC with ::2/48 NAT OUTSIDE: 2001:0DB8:0000:D550::1/ ::2/ ::1/48 Linksys Router ::2/48 Linksys Router 4 FD00:0203:0405:0001::2/48 Switch B FD00:0203:0405:0001::3/48 NAT OUTSIDE: 2002:0DB8:0000:D54F::1/48 Figure4. Experiment Environment
3 3.1 IPv6 Environment In order to make comparison, we firstly tested HIP with NAT66 disabled. For there was no NAT on Linksys, changing route would be meaningless. So we only change Entry s IP address to see whether HIP support mobility. After we deleted the original IP address fd01:203:405:1::1, Entry set up another UPDATE handshake with its new locator inside the packet. From the packages caught by Wireshark we could see that Entry would initiate a three-way handshake to inform Terminal that its IP had been changed. And Terminal accepted the new IP address and the connection continued. 3.2 NAT66 Environment Figure5. HIP Base Exchange As is shown in Figure5, HIP will exchange four packets before the connection is built. After that we change the IP address of Entry from fd01:0203:0405:0001::1 to fd01:0203:0405:0001::4. According to RFC4423[6] and RFC5206[7], when a node moves, the existential communication can survive because the mobile node will send a HIP address update message to inform the peer about the new address(es). The peer must verify that the mobile node is reachable through those new addresses. HIP supports mobility and multi-homing by implementing such end to end UPDATE signaling mechanism between communication nodes. In order to change the IP address, we first added a new address fd01:203:405:1::4 to Entry s interface eth1. Entry initiated a three-way UPDATE handshake with Terminal with a new Locator in its packet. (Figure 6) Then we activated NAT66 on the four Linksys boxes. First, we tested whether HIP connection could set up if the route from Entry to Terminal was different from the route from Terminal to Entry. The packets got by Wireshark showed that the four-way handshake cannot be built in this situation. Therefore, during the four-way handshake, host cannot be multi-homed. It cannot be recognized by the peer if it changes its IP address Mobility Case Then we tested whether HIP support mobility with NAT66 enabled on Linksys boxes. After adding a new IP address fd01:203:405:1::4 to interface eth1 on Entry. Wireshark captured three UPDATE packets initiated by Entry with the new IP address along with the original IP address in Locator parameter in the first UPDATE packet. (Figure 7) Figure7. Three-way Update Handshake (1) Then we deleted the original IP address fd01:203:405:1::1. Entry initiated another update. But this time the three-way handshake failed. (Figure 8) Figure6. Three-way Update Handshake
4 Figure8. Three-way update handshake (2) There were only UPDATE packets from Entry to Terminal without any responds, which meant the new IP address fd01:203:405:1::4 was unreachable for Terminal. The following ESP packets were sent from Entry to Terminal while getting no reply, which meant the communication terminated. (Figure 9) sent the first UPDATE packet to Terminal with its new IP address as the Locator. When Terminal received this UPDATE packet, it tried to send a responding packet to Entry using the new address as the destination address. Because the new IP address was the private address behind nat66, it is unreachable for Terminal. Therefore, the three-way UPDATE handshake failed to set up and the connection lost Multi-homing Case Then we changed the default route from Terminal to Router. Previously the packets sending out from Terminal went to Linksys3 and now we changed the default route to Linksys4. From the packets caught by Wireshark, we surprisingly noticed that the connection was not interrupted. Entry accepted the packets from Linksys4, even though the source IP address was not the address on its Hit-IP Address mapping table. Figure9. Packets Captured On Router In order to analyze why the update handshake failed, we captured some packets on Terminal when changing Entry s IP address. The packets below shows that when Terminal received the first UPDATE packet from Entry, it did send a reply packet with fd01:203:405:1::4, which was the Entry s new IP address, as the destination address. From the packets caught on Router, we can t find this packet. The packet must be dropped by Linksys3 who didn t know how to route this packet. (Figure 10) Figure10. Packets Captured On Terminal The whole process suggested that Entry did send HIP UPDATE packets to Terminal notifying its IP address had changed. It initiated a three-way handshake and Figure11. Packets Captured On Router The packets above show that the source IP address changed silently, without disturbing the communication. (Figure 11) If the address changes but SPI remains the same and the checksum is valid, HIP is intended to report to the transport that it was received from the original address. 4 Conclusion This paper verifies HIP on solving multi-homing and mobility though deploying it on the test environment. HIP can support mobility in the environment without NAT-like module through sending UPDATE packets. HIP cannot support mobility in our environment with NAT66 functioning in the edge router, unless more mechanism, like a RVS server, is getting involved. As for multi-homing, HIP does help solving this problem. Our source code is in the following website:
5 References [1] M. Wasserman, F. Baker: IPv6-to-IPv6 Network Address Translation (NAT66), IETF draft-mrw-behave-nat66-02, 2008 [2] F. Baker: Implementing GSE using IPv6/IPv6 Network Address Translation, IETF draft-baker-nat66-gse-00, 2008 [3] Yuan Zhangyi, Ma Yan, Fred Baker, Huang Xiaohong, Zhang Xiaodong, The Implementation of NAT66 and The Solutions of Multi-homing in NAT66 Environment, September, 2009 [4] O'Dell, M.: GSE - An Alternate Addressing Architecture for IPv6, IETF RFC 1884, February 1997 [5] Moskowitz, R., Nikander, P., Jokela, P., and T. Henderson: Host Identity Protocol, IETF RFC 5201, April 2008 [6] Moskowitz, R. and P. Nikander: Host Identity Protocol (HIP) Architecture, IETF RFC 4423, May 2006 [7] Nikander, P., Henderson, T., Vogt, C., and J. Arkko: End-Host Mobility and Multi-homing with the Host Identity Protocol, IETF RFC 5206, April [8] Wang Jizeng, Guo ge, Zhang yanlong: NAT traversal solution based on host identity protocol, Computer Engineering and Design,May 2008
HIP Host Identity Protocol. October 2007 Patrik Salmela Ericsson
HIP Host Identity Protocol October 2007 Patrik Salmela Ericsson Agenda What is the Host Identity Protocol (HIP) What does HIP try to solve HIP basics Architecture The HIP base exchange HIP basic features
More informationHost Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6
Host Identity Protocol (HIP): Connectivity, Mobility, Multi-Homing, Security, and Privacy over IPv4 and IPv6 by Pekka Nikander, Andrei Gurtov, and Thomas R. Henderson Johannes Bachhuber Jacobs University
More informationIPv6. Internet Technologies and Applications
IPv6 Internet Technologies and Applications Contents Summary of IPv6 core features Auto-configuration IPv4-IPv6 transition techniques IPv6 networks today ITS 413 - IPv6 2 Motivation Current version of
More informationA Network-Based Handover Scheme in HIP-Based Mobile Networks
J Inf Process Syst, Vol.9, No.4, pp.651~659, December 2013 http://dx.doi.org/10.3745/jips.2013.9.4.651 pissn 1976-913X eissn 2092-805X A Network-Based Handover Scheme in HIP-Based Mobile Networks Moneeb
More informationInternet Engineering Task Force (IETF) Category: Standards Track ISSN: October Host Identity Protocol (HIP) Rendezvous Extension
Internet Engineering Task Force (IETF) J. Laganier Request for Comments: 8004 Luminate Wireless, Inc. Obsoletes: 5204 L. Eggert Category: Standards Track NetApp ISSN: 2070-1721 October 2016 Abstract Host
More informationIPV6 SIMPLE SECURITY CAPABILITIES.
IPV6 SIMPLE SECURITY CAPABILITIES. 50 issues from RFC 6092 edited by J. Woodyatt, Apple Presentation by Olle E. Johansson, Edvina AB. ABSTRACT The RFC which this presentation is based upon is focused on
More informationIP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17 Abstract This document specifies an update to the Stateless IP/ICMP Translation Algorithm described in RFC 2765. The algorithm
More informationMobile IP and its trends for changing from IPv4 to IPv6
Mobile IP and its trends for changing from IPv4 to IPv6 Nguyen Ngoc Chan*, Tran Cong Hung Ph.D. (Posts & Telecommunications Institute of Technology, Viet Nam) E-mail: ngoc_chan@ptithcm.edu.vn, conghung@ptithcm.edu.vn
More informationHost Identity Protocol
Host Identity Protocol V.Gowri 1, M.Nirmala Kumari 2, R.Devendra Reddy 3 Associate Professor, Dept of CSE, Sri Venkatesa Perumal College of Engineering, Andhra Pradesh, India Assistant Professor, Dept
More informationShim6: Reference Implementation and Optimization
Shim6: Reference Implementation and Optimization Jun Bi, Ping Hu, and Lizhong Xie Network Research Center, Tsinghua University, Beijing, 100084, China junbi@tsinghua.edu.cn Abstract. Shim6 is an important
More informationCisco Network Address Translation (NAT)
Cisco Network Address Translation (NAT) Introduction IETF NGTrans working group defined several translation mechanisms to enable communications between IPv6-only and IPv4-only hosts. One such example is
More informationWhat is HIP? A brief introduction to the Host Identity Protocol. 5. Aug
What is HIP? A brief introduction to the Host Identity Protocol 5. Aug 2010 Holger.Zuleger@hnet.de 2001:10:2010:0729:07:02:10:18 Holger Zuleger 2001:db8::13:1 > c Host Identity Protocol (RFC 5201) Yet
More informationOn Host Identity Protocol
On Host Identity Protocol Miika Komu Data Communications Software Group Dep. of Computer Science and Engineering School of Science Aalto University 17.10.2011 Table of Contents Introduction
More informationInternet security and privacy
Internet security and privacy IPsec 1 Layer 3 App. TCP/UDP IP L2 L1 2 Operating system layers App. TCP/UDP IP L2 L1 User process Kernel process Interface specific Socket API Device driver 3 IPsec Create
More informationA Multihoming based IPv4/IPv6 Transition Approach
A Multihoming based IPv4/IPv6 Transition Approach Lizhong Xie, Jun Bi, and Jianping Wu Network Research Center, Tsinghua University, China Education and Research Network (CERNET) Beijing 100084, China
More informationPerformance Evaluation and Experiments for Host Identity Protocol
www.ijcsi.org 74 Performance Evaluation and Experiments for Host Identity Protocol Leonardo ARRAEZ 1, Hakima CHAOUCHI 2 and Zeynep GURKAS AYDIN 3 1,2 Telecom SudParis, Dept. LOR, CNRS Samovar UMR 5157,
More informationTable of Contents 1 IKE 1-1
Table of Contents 1 IKE 1-1 IKE Overview 1-1 Security Mechanism of IKE 1-1 Operation of IKE 1-1 Functions of IKE in IPsec 1-2 Relationship Between IKE and IPsec 1-3 Protocols 1-3 Configuring IKE 1-3 Configuration
More informationFuture Internet Technologies
Future Internet Technologies Future Internet Research Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer New requirements on TCP/IP Growth
More informationComputer Networks. Course Reference Model. Topic. Error Handling with ICMP. ICMP Errors. Internet Control Message Protocol 12/2/2014.
Course Reference Model Computer Networks 7 lication Provides functions needed by users Zhang, Xinyu Fall 2014 4 Transport Provides end-to-end delivery 3 Network Sends packets over multiple links School
More informationCSE/EE 461: Introduction to Computer Communications Networks Autumn Module 9
CSE/EE 461: Introduction to Computer Communications Networks Autumn 2010 Module 9 IP Addressing John Zahorjan zahorjan@cs.washington.edu 534 Allen Center Last Time: Addresses Imply Location 142.150.210.12
More informationInternet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP) 1 Overview The IP (Internet Protocol) relies on several other protocols to perform necessary control and routing functions: Control functions (ICMP) Multicast signaling
More informationChapter 4 Network Layer: The Data Plane
Chapter 4 Network Layer: The Data Plane A note on the use of these Powerpoint slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see
More informationA DNS-assisted Simultaneous Mobility Support Procedure for Mobile IPv6
Available online at www.sciencedirect.com ScienceDirect Procedia - Social and Behavioral Scien ce s 129 ( 2014 ) 536 545 ICIMTR 2013 International Conference on Innovation, Management and Technology Research,
More informationChapter 15 IPv6 Transition Technologies
Chapter 15 IPv6 Transition Technologies Published: April 18, 2006 Updated: November 06, 2006 Writer: Joe Davies 1 Abstract This chapter describes the mechanisms that aid in the transition of Internet Protocol
More informationHillstone IPSec VPN Solution
1. Introduction With the explosion of Internet, more and more companies move their network infrastructure from private lease line to internet. Internet provides a significant cost advantage over private
More informationHost Identity Protocol. Miika Komu Helsinki Institute for Information Technology
Host Identity Protocol Miika Komu Helsinki Institute for Information Technology 16.11.2009 Table of Contents Introduction Naming and Layering Control Plane Data Plane Introduction Motivation
More informationHost Identity Protocol. Host Identity Protocol. Outline. Outline (cont) Host Identity Protocol Why HIP? Host Identity Protocol
Outline Host Identity Protocol Petri Jokela (Editor) & Jukka Ylitalo Tik-79.5401 - October 3, 2005 Host Identity Protocol Idea behind Setting up associations Mobility and multihoming Host mobility Host
More informationFlexible Dynamic Mesh VPN draft-detienne-dmvpn-00
Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00 Fred Detienne, Cisco Systems Manish Kumar, Cisco Systems Mike Sullenberger, Cisco Systems What is Dynamic Mesh VPN? DMVPN is a solution for building VPNs
More informationLab - Using Wireshark to Examine a UDP DNS Capture
Topology Objectives Part 1: Record a PC s IP Configuration Information Part 2: Use Wireshark to Capture DNS Queries and Responses Part 3: Analyze Captured DNS or UDP Packets Background / Scenario If you
More informationNetwork Address Translators (NATs) and NAT Traversal
Network Address Translators (NATs) and NAT Traversal Ari Keränen ari.keranen@ericsson.com Ericsson Research Finland, NomadicLab Outline Introduction to NATs NAT Behavior UDP TCP NAT Traversal STUN TURN
More informationLab - Using Wireshark to Examine a UDP DNS Capture
Topology Objectives Part 1: Record a PC s IP Configuration Information Part 2: Use Wireshark to Capture DNS Queries and Responses Part 3: Analyze Captured DNS or UDP Packets Background / Scenario If you
More informationNetwork Configuration Example
Network Configuration Example Configuring Stateful NAT64 for Handling IPv4 Address Depletion Release NCE0030 Modified: 2017-01-23 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089
More informationSchahin Rajab TCP or QUIC Which protocol is most promising for the future of the internet?
Schahin Rajab sr2@kth.se 2016 04 20 TCP or QUIC Which protocol is most promising for the future of the internet? Table of contents 1 Introduction 3 2 Background 4 2.1 TCP 4 2.2 UDP 4 2.3 QUIC 4 2.4 HTTP
More informationChapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview
Chapter 4: chapter goals: understand principles behind services service models forwarding versus routing how a router works generalized forwarding instantiation, implementation in the Internet 4- Network
More informationSet Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers
Set Up a Remote Access Tunnel (Client to Gateway) for VPN Clients on RV016, RV042, RV042G and RV082 VPN Routers Objective A Virtual Private Network (VPN) is a private network that is used to virtually
More informationLoad Balancing Technology White Paper
Load Balancing Technology White Paper Keywords: Server, gateway, link, load balancing, SLB, LLB Abstract: This document describes the background, implementation, and operating mechanism of the load balancing
More informationID/LOC Separation Network Architecture for Mobility Support in Future Internet
ID/LOC Separation Network Architecture for Mobility Support in Future Internet Nakjung Choi, Taewan You, Jungsoo Park, Taekyoung Kwon and Yanghee Choi School of Computer Science and Engineering, Seoul
More informationFirepower Threat Defense Site-to-site VPNs
About, on page 1 Managing, on page 3 Configuring, on page 3 Monitoring Firepower Threat Defense VPNs, on page 11 About Firepower Threat Defense site-to-site VPN supports the following features: Both IPsec
More informationObjectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.
Team Project 1 Due: Beijing 00:01, Friday Nov 7 Language: English Turn-in (via email) a.pdf file. Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and
More informationInternet Engineering Task Force (IETF) Request for Comments: Ericsson A. Johnston Avaya January 2011
Internet Engineering Task Force (IETF) Request for Comments: 6079 Category: Experimental ISSN: 2070-1721 G. Camarillo P. Nikander J. Hautakorpi A. Keranen Ericsson A. Johnston Avaya January 2011 HIP BONE:
More informationNetwork layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing
Network layer: Overview Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing 1 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every
More informationSAVAH: Source Address Validation with Host Identity Protocol
SAVAH: Source Address Validation with Host Identity Protocol Dmitriy Kuptsov and Andrei Gurtov Helsinki Institute for Information Technology Helsinki University of Technology {dmitriy.kuptsov,gurtov}@hiit.fi
More informationNetworking: Network layer
control Networking: Network layer Comp Sci 3600 Security Outline control 1 2 control 3 4 5 Network layer control Outline control 1 2 control 3 4 5 Network layer purpose: control Role of the network layer
More informationHost-based Translation Problem Statement.
Host-based Translation Problem Statement chengang@chinamobile.com Why we need host based translation Two IP families need talk each other, otherwise there are totally separated two worlds; There exists
More informationNetwork layer: Overview. Network Layer Functions
Network layer: Overview Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing 1 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every
More informationPacketization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels
Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels draft-spiriyath-ipsecme-dynamic-ipsec-pmtu-01 Shibu Piriyath, Umesh Mangla, Nagavenkata Suresh Melam, Ron Bonica
More informationNetwork Working Group. Intended status: Informational. July 16, 2012
Network Working Group Internet-Draft Intended status: Informational Expires: January 17, 2013 E. Abdo M. Boucadair J. Queiroz France Telecom July 16, 2012 Abstract HOST_ID TCP Options: Implementation &
More informationEC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane
EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane This presentation is adapted from slides produced by Jim Kurose and Keith Ross for their book, Computer Networking:
More informationInternet Engineering Task Force (IETF) January 2014
Internet Engineering Task Force (IETF) Request for Comments: 7086 Category: Experimental ISSN: 2070-1721 A. Keranen G. Camarillo J. Maenpaa Ericsson January 2014 Host Identity Protocol-Based Overlay Networking
More informationDual-Stack lite. Alain Durand. May 28th, 2009
Dual-Stack lite Alain Durand May 28th, 2009 Part I: Dealing with reality A dual-prong strategy IPv4 reality check: completion of allocation is real Today Uncertainty IPv6 reality check: the IPv4 long tail
More informationCisco CCIE Security Written.
Cisco 400-251 CCIE Security Written http://killexams.com/pass4sure/exam-detail/400-251 QUESTION: 193 Which two of the following ICMP types and code should be allowed in a firewall to enable traceroute?
More informationInternet Engineering Task Force (IETF) Category: Experimental. June 2011
Internet Engineering Task Force (IETF) Request for Comments: 6296 Category: Experimental ISSN: 2070-1721 M. Wasserman Painless Security F. Baker Cisco Systems June 2011 IPv6-to-IPv6 Network Prefix Translation
More informationConfiguration of an IPSec VPN Server on RV130 and RV130W
Configuration of an IPSec VPN Server on RV130 and RV130W Objective IPSec VPN (Virtual Private Network) enables you to securely obtain remote access to corporate resources by establishing an encrypted tunnel
More informationHost Identity Indirection Infrastructure Hi 3. Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research
Host Identity Indirection Infrastructure Hi 3 Jari Arkko, Pekka Nikander and Börje Ohlman Ericsson Research Presentation outline Motivation Background Secure i 3 Hi 3 Summary 2 Hi 3 motivation Question:
More informationGuide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols
Guide to Networking Essentials, 6 th Edition Chapter 5: Network Protocols Objectives Describe the purpose of a network protocol, the layers in the TCP/IP architecture, and the protocols in each TCP/IP
More informationA Study of Two Different Attacks to IPv6 Network
IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661,p-ISSN: 2278-8727, Volume 19, Issue 5, Ver. IV (Sep.- Oct. 2017), PP 66-70 www.iosrjournals.org A Study of Two Different Attacks to IPv6
More informationNetwork Layer: DHCP, ICMP, NAT, IPv6
Network Layer:, ICMP, NAT, IPv6 CS 352, Lecture 11 http://www.cs.rutgers.edu/~sn624/352-s19 Srinivas Narayana (heavily adapted from slides by Prof. Badri Nath and the textbook authors) 1 IP addresses:
More informationChapter 4: outline. 4.5 routing algorithms link state distance vector hierarchical routing. 4.6 routing in the Internet RIP OSPF BGP
Chapter 4: outline 4.1 introduction 4.2 virtual circuit and datagram networks 4.3 what s inside a router 4.4 IP: Internet Protocol datagram format IPv4 addressing ICMP 4.5 routing algorithms link state
More informationMIGRATION OF INTERNET PROTOCOL V4 TO INTERNET PROTOCOL V6 USING DUAL-STACK TECHNIQUE
MIGRATION OF INTERNET PROTOCOL V4 TO INTERNET PROTOCOL V6 USING DUAL-STACK TECHNIQUE 1 SHEETAL BORSE, 2 MRUDUL DIXIT 1,2 Department of Electronics and Telecommunication, Cummins College of Engineering
More informationDifferent Layers Lecture 20
Different Layers Lecture 20 10/15/2003 Jian Ren 1 The Network Layer 10/15/2003 Jian Ren 2 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every host,
More informationInternet Engineering Task Force (IETF) Request for Comments: 6092 Category: Informational January 2011 ISSN:
Internet Engineering Task Force (IETF) J. Woodyatt, Ed. Request for Comments: 6092 Apple Category: Informational January 2011 ISSN: 2070-1721 Abstract Recommended Simple Security Capabilities in Customer
More informationMapping of Address and Port Using Translation
The feature provides connectivity to IPv4 hosts across IPv6 domains. Mapping of address and port using translation (MAP-T) is a mechanism that performs double translation (IPv4 to IPv6 and vice versa)
More informationAn Industry view of IPv6 Advantages
An Industry view of IPv6 Advantages March 2002 Yanick.Pouffary@Compaq.Com Imagine what IPv6 can do for you! 1 Where we are Today IPv4 a victim of its own success IPv4 addresses consumed at an alarming
More informationCONCEPTION ON TRANSITION METHODS: DEPLOYING NETWORKS FROM IPV4 TO IPV6
CONCEPTION ON TRANSITION METHODS: DEPLOYING NETWORKS FROM IPV4 TO IPV6 1 MS. CHAITA JANI, 2 PROF.MEGHA MEHTA 1 M.E.[C.E] Student, Department Of Computer Engineering, Noble Group Of Institutions, Junagadh,Gujarat
More informationFirewalls and NAT. Firewalls. firewall isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
Firews and NAT 1 Firews By conventional definition, a firew is a partition made of fireproof material designed to prevent the spread of fire from one part of a building to another. firew isolates organization
More informationHost Identity Protocol
Presentation outline Host Identity Protocol Slides by: Pekka Nikander Ericsson Research Nomadiclab and Helsinki Institute for Information Technology http://www.hip4inter.net 2 What is HIP? Motivation HIP
More informationVPN Ports and LAN-to-LAN Tunnels
CHAPTER 6 A VPN port is a virtual port which handles tunneled traffic. Tunnels are virtual point-to-point connections through a public network such as the Internet. All packets sent through a VPN tunnel
More informationKey Management in IP Multicast
Key Management in IP Multicast Petri Jokela Helsinki University of Technology petri.jokela@nomadiclab.com ABSTRACT The IP networking was originally designed to operate in point topoint way. However, when
More informationIPsec NAT Transparency
The feature introduces support for IP Security (IPsec) traffic to travel through Network Address Translation (NAT) or Port Address Translation (PAT) points in the network by addressing many known incompatibilities
More informationA Flow Label Based QoS Scheme for End-to-End Mobile Services
A Flow Label Based QoS Scheme for End-to-End Mobile Services Tao Zheng, Lan Wang, Daqing Gu Orange Labs Beijing France Telecom Group Beijing, China e-mail: {tao.zheng; lan.wang; daqing.gu}@orange.com Abstract
More informationTechnical White Paper for NAT Traversal
V300R002 Technical White Paper for NAT Traversal Issue 01 Date 2016-01-15 HUAWEI TECHNOLOGIES CO., LTD. 2016. All rights reserved. No part of this document may be reproduced or transmitted in any form
More informationTCP/IP Protocol Suite
TCP/IP Protocol Suite Computer Networks Lecture 5 http://goo.gl/pze5o8 TCP/IP Network protocols used in the Internet also used in today's intranets TCP layer 4 protocol Together with UDP IP - layer 3 protocol
More informationLecture 9: Network Level Security IPSec
Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will
More informationAn Efficient NAT Traversal for SIP and Its Associated Media sessions
An Efficient NAT Traversal for SIP and Its Associated Media sessions Yun-Shuai Yu, Ce-Kuen Shieh, *Wen-Shyang Hwang, **Chien-Chan Hsu, **Che-Shiun Ho, **Ji-Feng Chiu Department of Electrical Engineering,
More informationNetwork Working Group Request for Comments: DayDreamer March 1999
Network Working Group Request for Comments: 2521 Category: Experimental P. Karn Qualcomm W. Simpson DayDreamer March 1999 ICMP Security Failures Messages Status of this Memo This document defines an Experimental
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationThe case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world
The case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world Tore Anderson Redpill Linpro AS PLNOG10, Warszawa, February 2013 Our traditional DC layout VLAN cust. 1 ~150
More informationQUIZ: Longest Matching Prefix
QUIZ: Longest Matching Prefix A router has the following routing table: 10.50.42.0 /24 Send out on interface Z 10.50.20.0 /24 Send out on interface A 10.50.24.0 /22 Send out on interface B 10.50.20.0 /22
More informationCCNA Questions/Answers IPv6. Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B :2:11.1 C.
Select the valid IPv6 address from given ones. (Choose two) A. FE63::0043::11:21 B. 191.2.1.2:2:11.1 C. 2001::98 D. 2002:c0a8:101::42 E. :2001:: F. 2002.cb0a:3cdd:1::1 Answer: C, D. 2013 1 Which method
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationTransition To IPv6 October 2011
Transition To IPv6 October 2011 Fred Bovy ccie #3013 fred@fredbovy.com 2011 Fred Bovy fred@fredbovy.com. Transition to IPv6 1 1st Generation: The IPv6 Pioneers Tunnels for Experimental testing or Enterprises
More informationUnit 5 - IPv4/ IPv6 Transition Mechanism(8hr) BCT IV/ II Elective - Networking with IPv6
5.1 Tunneling 5.1.1 Automatic Tunneling 5.1.2 Configured Tunneling 5.2 Dual Stack 5.3 Translation 5.4 Migration Strategies for Telcos and ISPs Introduction - Transition - the process or a period of changing
More informationILNP: a whirlwind tour
ILNP: a whirlwind tour Saleem Bhatti, University of St Andrews, UK 2010-10-03 NANOG50. Copyright 2010 Saleem Bhatti. 1 Outline 1. What? Basic information about ILNP. 2. Why? The rationale for ILNP. 3.
More informationNetwork Address Translation. All you want to know about
Network Address Translation All you want to know about (C) Herbert Haas 2005/03/11 Reasons for NAT Mitigate Internet address depletion Save global addresses (and money) Conserve internal address plan TCP
More informationINTRODUCTION TO HOST IDENTITY PROTOCOL (HIP) AND
INTRODUCTION TO HOST IDENTITY PROTOCOL (HIP) AND ITS APPLICATIONS Advanced topics on networking ANDREI GURTOV Helsinki Institute for Information Technology Slides jointly with Ekaterina Vorobyeva http://www.hiit.fi/
More informationCMPE 80N: Introduction to Networking and the Internet
CMPE 80N: Introduction to Networking and the Internet Katia Obraczka Computer Engineering UCSC Baskin Engineering Lecture 17 CMPE 80N Spring'10 1 Announcements Next class: Presentation of fun projects
More informationMulticast in Identifier/Locator Separation Architectures
Multicast in Identifier/Locator Separation Architectures Michal Kryczka Universidad Carlos III de Madrid Email: michal.kryczka@imdea.org Abstract Many assumptions which were made during projecting current
More informationChapter 11 The IPSec Security Architecture for the Internet Protocol
Chapter 11 The IPSec Security Architecture for the Internet Protocol IPSec Architecture Security Associations AH / ESP IKE [NetSec], WS 2008/2009 11.1 The TCP/IP Protocol Suite Application Protocol Internet
More informationcs144 Midterm Review Fall 2010
cs144 Midterm Review Fall 2010 Administrivia Lab 3 in flight. Due: Thursday, Oct 28 Midterm is this Thursday, Oct 21 (during class) Remember Grading Policy: - Exam grade = max (final, (final + midterm)/2)
More informationHP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls
HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls NAT Configuration Guide Part number:5998-2649 Document version: 6PW100-20110909 Legal and notice information Copyright 2011 Hewlett-Packard Development Company,
More informationComputer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis
Computer Network Fundamentals Spring 2008 Week 4 Network Layer Andreas Terzis Outline Internet Protocol Service Model Addressing Original addressing scheme Subnetting CIDR Fragmentation ICMP Address Shortage
More informationNetwork Security: IPsec. Tuomas Aura
Network Security: IPsec Tuomas Aura 3 IPsec architecture and protocols Internet protocol security (IPsec) Network-layer security protocol Protects IP packets between two hosts or gateways Transparent to
More informationEITF25 Internet Techniques and Applications L7: Internet. Stefan Höst
EITF25 Internet Techniques and Applications L7: Internet Stefan Höst What is Internet? Internet consists of a number of networks that exchange data according to traffic agreements. All networks in Internet
More information2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media,
2013 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising
More informationIntended status: Standards Track Expires: April 26, 2012 Y. Ma Beijing University of Posts and Telecommunications October 24, 2011
softwire Internet-Draft Intended status: Standards Track Expires: April 26, 2012 Z. Li China Mobile Q. Zhao X. Huang Y. Ma Beijing University of Posts and Telecommunications October 24, 2011 DS-Lite Intra-Domain
More informationL2TP over IPsec. About L2TP over IPsec/IKEv1 VPN
This chapter describes how to configure /IKEv1 on the ASA. About /IKEv1 VPN, on page 1 Licensing Requirements for, on page 3 Prerequisites for Configuring, on page 4 Guidelines and Limitations, on page
More informationNAT, IPv6, & UDP CS640, Announcements Assignment #3 released
NAT, IPv6, & UDP CS640, 2015-03-03 Announcements Assignment #3 released Overview Network Address Translation (NAT) IPv6 Transport layer User Datagram Protocol (UDP) Network Address Translation (NAT) Hacky
More informationCisco IOS LISP Application Note Series: Access Control Lists
Cisco IOS LISP Application Note Series: Access Control Lists Version 1.1 (28 April 2011) Background The LISP Application Note Series provides targeted information that focuses on the integration and configuration
More informationNetwork Layer (4): ICMP
1 Network Layer (4): ICMP Required reading: Kurose 4.4.3, 4.4.4 CSE 4213, Fall 2006 Instructor: N. Vlajic 2 1. Introduction 2. Network Service Models 3. Architecture 4. Network Layer Protocols in the Internet
More informationCSC 4900 Computer Networks: Network Layer
CSC 4900 Computer Networks: Network Layer Professor Henry Carter Fall 2017 Chapter 4: Network Layer 4. 1 Introduction 4.2 What s inside a router 4.3 IP: Internet Protocol Datagram format 4.4 Generalized
More information