1. 1 IP Autoconfiguration for MANET Jaehoon Paul Jeong, ETRI paul@etri.re.kr http://www.adhoc.6ants.net/~paul Wireless Access Network and NS-2 Workshop

2. 2 Contents Introduction Unicast Address Autoconfiguration Multicast Address Allocation Multicast DNS Service Discovery Internet Connectivity MANET Testbed Conclusion References Reference Website

3. 3 Introduction Mobile Ad Hoc Network (MANET) MANET has dynamically changing network topology. MANET partition and mergence may happen.  In MANET, there are many points to consider unlike the Internet. There is no network administrator. The current Internet services, such as address autoconfigation and DNS, are difficult to adopt. So, Auto-configuration is necessary in MANET!!

4. 4 MANET Auto-configuration Unicast Address Autoconfiguration Multicast Address Allocation Multicast DNS Service Discovery Internet Connectivity Internet Connectivity for MANET Multicast DNS Service Discovery Multicast Address Allocation Unicast Address Autoconfiguration

5. 5 Protocol Stack supporting MANET Autoconfiguration

6. 6 Unicast Address Autoconfiguration

7. 7 Introduction Configuration of Unicast Address in Network Interface Precedent step for IP networking Methods of IP address configuration in network interface Manual configuration Automatic configuration Consideration of IP address configuration A unique address should be assigned. Automatic configuration is needed for user’s convenience. Addressing in MANET Each mobile node is necessary to autoconfigure its IP address through Duplicate Address Detection ( DAD). An arbitrary address is selected. The uniqueness of the address is verified though DAD.

8. 8 Problem of IP Address Conflict - 1/2 A C E D B F G H K IP address = a

9. 9 Problem of IP Address Conflict - 2/2 A C E D B F G H K IP address = a

10. 10 Requirements for MANET Address Autoconfiguration Base Document draft-jeong-manet-addr-autoconf-reqts-01.txt Three Classes of Requirements Join and Departure of Mobile Nodes Network Partitioning and Merging Internet Connectivity

11. 11 [R1] Address autoconf protocol MUST support timely autoconfiguration of IP address for a mobile node. [R2] Address autoconf protocol MAY support mechanisms to probe whether a mobile node moves into another MANET. [R3] Mobile nodes using address autoconf protocol MUST validate allocated IP addresses when powering up or rebooting. [R4] Mobile nodes using address autoconf protocol MAY validate allocated IP addresses when moving into a new network. Join and Departure of Mobile Nodes

12. 12 [R5] Ad hoc address autoconf protocol MUST detect and resolve address conflicts in a timely manner and on an ongoing basis. [R6] Ad hoc address autoconf protocol MUST allow conflicted address replaced with another. [R7] Ad hoc address autoconf protocol SHOULD minimize the damage, such as loss of delivered packets, due to address replacement. [R8] Addresses SHOULD be allocated or autoconfigured in a way that minimizes the probability that two or more nodes will have the same address. [R9] In order to detect duplicate addresses, ad hoc address autoconf protocol MAY get the aid of ad hoc routing protocol. Network Partitioning and Merging

13. 13 [R10] MANET MAY allow configuration of one or more gateways for the global connectivity to the Internet. [R11] Mobile node that desires Internet connectivity MAY have a globally routable IP address. Internet Connectivity

14. 14 Strong DAD Definition A i (t) : Address assigned to node i at time t. For each address a != undefined, S a (t) = {j | A j (t) = a}. Condition of Strong DAD Within a finite bounded time interval after t, at least one node in S a (t) will detect that |S a (t)| > 1.

15. 15 Host A Router Host B Wireless Link AREQ message AREP message Host C Where AREQ : Address Request message, AREP : Address Reply message MAC & IPv6 Address of Host C   MAC Address – a9:bb:cc:dd:ee:ff   IPv6 Address - fec0:0:0:ffff:abbb:ccff:fedd:eeff 1 st Try of Host A   MAC Address - a9:bb:cc:dd:ee:ff   IPv6 Address - fec0:0:0:ffff:abbb:ccff:fedd:eeff MANET PrefixEUI-64 2 nd Try of Host A   64-bit Random Number – 1111:2222:3333:4444   IPv6 Address - fec0:0:0:ffff:1111:2222:3333:4444 Random Number Example of Strong DAD

16. 16 Limitation of Strong DAD Simple Observation If partitions can occur for unbounded intervals of time, then strong DAD is impossible. Limitation of Strong DAD When partitions merge, addresses of all nodes must be checked for duplicates. This DAD does not indicate how merging of partitions should be detected. This does not suggest how the congestion caused by DAD messages may be reduced.

17. 17 Generation of Tentative address with MANET_PREFIX and 64-bit Number Generation of 64-bit Random Number Was any extended AREP message received from any other node? YESNO Reconfiguration of Unicast address in NIC Transmission of AREQ message   MANET_INIT_PREFIX   FEC0:0:0:FFFF::/96   MANET_PREFIX   FEC0:0:0:FFFF::/64 Generation of 32-bit Random Number and 64-bit Random Number Generation of Temporary address with MANET_INIT_PREFIX and 32-bit Number Procedure of Strong DAD This iteration is performed by predefined retry-number.

18. 18 Weak DAD Motivation Handling address duplication due to MANET partitioning and merging Requirements Correct Delivery Packets meant for one node must not be routed to another node, even if the two nodes have chosen the same address. Relaxed DAD It does not require detection of all duplicate addresses.  The duplication of addresses can not be detected in partitioned networks.

19. 19 Resolution of Address Conflict by Weak DAD A C E D B F G H K (IP address, Key) = (a, K_A) (IP address, Key) = (a, K_K) (IP address, Key) = (b, K_K) E detects the duplication of address a with key information Address Duplication Report Partition 1 Partition 2

20. 20 MANET Address Autoconfiguration draft-jeong-adhoc-ip-addr-autoconf-02.txt, discussed at IETF-57 Step 1: Address selection How to select one of IP addresses in the address space? Step 2: Duplicate address detection How to detect a duplicate address? Step 3: Address change negotiation Which node should perform a reallocation procedure? Victim node selection problem Step 4: Maintenance of upper-layer sessions How to let an upper-layer session avoid a connection breakage?

21. 21 MANET Address Autoconf for AODV draft-jeong-manet-aodv-addr-autoconf-00.txt, discussed at IETF-59 Step 1: IP address selection Random address selection Step 2: Duplicate address detection Hybrid DAD Strong DAD + Weak DAD Step 3: Address change negotiation Simple victim node selection Node that is performing route discovery is selected as victim node. Step 4: Maintenance of upper-layer sessions Notification of address change Address change indication similar to MIP binding update Address Mapping Cache management It is similar to MIP binding cache management Data delivery through IP tunneling

22. 22 Address Autoconfiguration Message Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originator IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Requested or Duplicate IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: - AREQ: Address Request - AREP: Address Reply - AERR: Address Error Code: - 0: default - 1: indication of address change in type AERR

23. 23 Step1: IP Address Selection - Selection of Random IP Address IPv4 IPV4_MANET_PREFIX + 16-bit Random Number  169.254/16 is used as IPV4_MANET_PREFIX.  There is a great possibility of address conflicts by Birthday Paradox.  Nodes of two to the power eight (= 256) will generate at least one address collision with a probability of 50%. IPv6 IPV6_MANET_PREFIX + 64-bit Random Number  fec0:0:0:ffff::/64 is used as IPV6_MANET_PREFIX.  Because of the deprecation of IPv6 site-local address, a new local prefix for local networks separated from the Internet is necessary.

24. 24 Step2: Duplicate Address Detection - Hybrid DAD = Strong DAD + Weak DAD Phase 1 : Strong DAD Time-based DAD For detecting IP address duplication in a connected MANET partition within a finite bounded time interval Strong DAD is performed during the initiation of node’s network interface. Phase 2 : Weak DAD Routing-based DAD For detecting IP address duplication during ad hoc routing, e.g., route discovery in AODV It can handle the address duplication by MANET partition and mergence. Key is used for the purpose of detecting duplicate IP addresses. Virtual IP Address = IP Address + Interface Key

25. 25 Step3: Address Change Negotiation - Simple Victim Node Selection Detection of Duplication Address When a node performs route discovery with RREQ in order to communicate with another, address conflict can be detected by Weak-DAD procedure. If there is the duplicate IP address, The detector node sends an AERR (Address Error) message to the node using duplicate address that is associated with a different key. Victim node is the one which is performing route discovery.  We can consider the number of on-going sessions and fairness. Configuration of a new IP address The node, receiving the AERR message, auto-configures a new IP address through Strong DAD

26. 26 Step4: Maintenance of Upper-layer Sessions – 1/3 Notification of IP Address Change The node with duplicate address informs its peer nodes with its IP address change through AERR message. AERR message is used. It contains Duplicate address and New address. It plays the same role of Binding Update message of MIP or MIPv6. The notified peer node stores address mapping information in its local Address Mapping Cache.

27. 27 Step4: Maintenance of Upper-layer Sessions – 2/3 Address Mapping Cache (AMC) Management AMC maintains the association of duplicate address and new announced address. AMC is similar to MIP binding cache. AMC is used for tunneling when sending and receiving data packets. TCP sessions can be maintained even though IP address has been changed.

28. 28 Step4: Maintenance of Upper-layer Sessions – 3/3 Data Delivery through IP Tunneling After the delivery of AERR message, the peer node and announced node exchange data packets through IP tunneling using AMC. Peer Node Address : IP pn Announced Node New Address : IP new Old Address : IP old Data Packet SRC Addr : IP pn DEST Addr : IP new SRC Addr : IP pn DEST Addr : IP old Payload Outer IP Header Inner IP Header

29. 29 Multicast Address Allocation

30. 30 IPv6 Multicast Address Allocation Role It allocates a unique IPv6 multicast address to a session without address allocation server. Address Format IPv6 multicast (a) is generated on the basis of Interface ID of IPv6 unicast address (b).

31. 31 IPv4 Multicast Address Allocation Role It allocates a unique IPv4 multicast address to a session without address allocation server. It uses the same idea as IPv6 multicast address allocation. Address Format IPv4 multicast (a) is generated on the basis of Host ID of IPv4 unicast address (b).

32. 32 Procedure of Multicast Address Allocation Generation of Unused Group ID Generation of a Multicast Address with Interface ID (or Host ID) and Group ID Delivery of the Multicast Address Request of Multicast Address Allocation from Application

33. 33 Service of Multicast Application : Allocation of a unique Multicast Address for a new Session BCD EA ABCDE 1 2 3 4 5 6 7 1111 StepAction 1Unicast Address Autoconfiguration 2Run of Video-conferencing Tool (e.g., SDR) and Creation of a new Session 3Advertisement of Session Information 4MN A’s join to the new Session 5MN E’s join to the new Session 6Transmission of Video/Audio Data by MN A 7Transmission of Video/Audio Data by MN E

34. 34 Multicast Address Allocation in SDR Multicast Addresses of Audio and Video Sessions

35. 35 Multicast DNS

36. 36 Introduction Name Service in MANET MANET has dynamic network topology Current DNS can not be adopted in MANET!  Because it needs a fixed and well-known name server Idea of Name Service in MANET All the mobile nodes take part in name service  Every mobile node administers its own name information  It responds to the other node’s DNS query related to its domain name and IP address

37. 37 Related Work : Link-Local Multicast Name Resolution (LLMNR) Each node performs the role of DNS name server for its own domain name in link-local scoped network LLMNR SenderLLMNR Responder LLMNR query message (What is IPv6 address of “host.private.local”?) - It is sent in link-local multicast LLMNR response message (IPv6 address of “host.private.local”) - It is sent in link-local unicast Verification of LLMNR response - Does the value of the response conform to the addressing requirements? - Is hop-limit of IPv6 header 1? If the result is valid, then the Sender caches and passes the response to the application that initiated DNS query. else the Sender ignores the response and continues to wait for other responses.

38. 38 Ad Hoc Name Service System for IPv6 MANET (ANS) ANS provides Name Service in MANET MANET DNS Domain ADHOC. MANET IPv6 Prefix IPv6 Site-local Prefix  FEC0:0:0:FFFF::/64 Architecture of ANS System ANS Responder It performs the role of DNS Name Server ANS Resolver It performs the role of DNS Resolver ANS API It provides user applications with DNS resolver functions

39. 39 DNS Name Resolution through ANS System

40. 40 Interaction of ANS System Processes Main-Thread DUR-Thread ANS Zone DB ANS Responder Process Thread Database Memeory Read / Write Internal Connection Main-Thread Resolv-Thread Timer-Thread ANS Cache ANS Resolver Process Thread Cache UNIX Datagram Socket Memeory Read / Write Internal Connection Application ANS API DNS Query DNS Response DNS Query / DNS Response UDP Socket Connection

41. 41 Name Service in ANS Name Generation generates a unique domain name based on the network device identifier Zone File Generation generates ANS zone file with the unique domain name and corresponding IPv6 address Name Resolution performs the name-to-address translation

42. 42 Scenario of Name Service within MANET MN-A MN-B MN-C DNS Query Message (MN-C.ADHOC.) DNS Query Message is sent in Multicast Receipt of DNS Query Message Request of Host DNS Name Resolution Receipt and Process of DNS Query Message DNS Response Message (MN-C’s IPv6 Address) Gain of DNS Information MN-A tries to connect to the server on MN-C The server on MN-C accepts the request of the connection from MN-A DNS Query Message (MN-C.ADHOC.) DNS Response Message is sent in Unicast

43. 43 Authentication of DNS Message Why is necessary the authentication of DNS message? To prevent attacker from informing a DNS querier of wrong DNS response How to authenticate DNS message? IPsec ESP with a null-transform Secret key transaction authentication for DNS, called as TSIG [RFC2845] Our Scheme of Authentication TSIG message authentication where the trusted nodes share a group secret key for authenticating DNS messages.

44. 44 DNS Message Format Header Section Question Section Answer Section: e.g., AAAA RR Authority Section Additional Section: e.g., TSIG RR DNS message header Question for the name server Resource records answering the question Resource records pointing toward an authority (e.g., AAAA resource record) Resource records holding additional information (e.g., TSIG resource record)

45. 45 Procedure of Secure DNS Resolution Mobile Node A (MN-A.ADHOC.) Mobile Node C (MN-C.ADHOC.) DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?) via site-local multicast and UDP DNS Response (IPv6 address of “MN-C.ADHOC.”) via site-local unicast and UDP Verification of DNS Response - Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid? If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number

46. 46 Service Discovery

47. 47 Service Discovery Definition Discovery of the location (IP address, Transport-layer protocol, Port number) of server that provides some service. Methods Multicast DNS based Service Discovery  Service discovery through Multicast DNS and DNS SRV resource record, which indicates the location of server or the multicast address of the service SLP based Service Discovery Service discovery through IETF Service Location Protocol (SLP)  RFC 2165, RFC 2608, RFC 3111

48. 48 Considerations for Service Discovery Limitations of Existing Schemes Most of current schemes are concerned with service location for the Internet. Such protocols have not taken into account the mobility, packet loss issues and latency. Considerations Some devices are small and have limited computation, memory, and storage capability. They can only act as clients, not servers. Power constraints Service discovery should not incur excessive messaging over wireless interface.

49. 49 $TTL 20 $ORIGIN ADHOC. PAUL-1 IN AAAA FEC0:0:0:FFFF:3656:78FF:FE9A:BCDE ;; DNS SRV Resource Records ; Unicast Service : SERVICE-1 _SERVICE-1._TCP IN SRV 0 1 3000 PAUL-1.ADHOC. _SERVICE-1._UDP IN SRV 0 1 3000 PAUL-1.ADHOC. ; Multicast Service : SERVICE-2 _SERVICE-2._UDP IN SRV 0 1 4000 @.1.5. Service Discovery based on Multicast DNS Group IDFF Flags P=0, T=1 Scope 5 841124 Multicast Service Name + 128-bit Digest MD5 Hash Function Group ID=Low-order 112 bits of Digest DNS SRV Resource Record for Multicast Service Flags label & Scope label Parsing Function 16-bit IPv6 Site-local Multicast Address Prefix IPv6 Site-local Multicast Address ANS Responder’s Zone File IPv6 Multicast Address corresponding to Service Name Generation of IPv6 Multicast Address

50. 50 Scenario of Service Discovery MN-C MN-B MN-A DNS Query Message for Service Information DNS Query Message is sent in Multicast Receipt of DNS Query Message Request of Server Information Receipt and Process of DNS Query Message related to DNS SRV resource record DNS Response Message with Service Information Gain of Service Information MN-C tries to connect to the server on MN-A or MN-C joins the multicast group related to MN-A The server on MN-A accepts the request of the connection from MN-C or The multicast group comprises MN-A and MN-C DNS Query Message for Service Information

51. 51 Internet Connectivity

52. 52 Internet Connectivity for IPv6 MANET Why do we need to support the Internet connectivity in MANET? When mobile nodes in MANET want to communicate with hosts in the Internet Email, Web Server, etc. Many service providers think that Internet connectivity function is important for MANET deployment. What is needed to support the global connectivity? Internet Gateway Discovery Global Prefix Information and Default Gateway Address Global DNS Server Discovery Recursive DNS Server Address

53. 53 Internet Gateway Discovery (1/2) Two ways to do Internet Gateway Discovery Extended Route Discovery We need to extend RREQ / RREP of IPv6 AODV. Extended IPv6 Neighbor Discovery (ND) We need to extend IPv6 ND.  MANET Route Solicitation (RS)  MANET Router Advertisement (RA)

54. 54 IGW B AC Internet RREQ RREP MANET Routing Table default: GW Internet Gateway Discovery by Extended Route Discovery

55. 55 IGW B AC Internet MANET Global Unicast Address Autoconfiguration Routing Table default: GW RS RA Internet Gateway Discovery by Extended Neighbor Discovery

56. 56 Required Operations Internet Gateway Discovery Address Resolution Global IPv6 Address Generation Default Route Setting Global DNS Server Discovery Route Examination Route Examination at Manet Node Route Examination at Internet Gateway Error Handling ICMPv6 Destination Unreachable Message ICMPv6 Redirect Message

57. 57 Global DNS Server Discovery When a MANET Node communicates with an Internet Node, MANET Node should find out Internet Gateway(s). MANET Node should resolve the Internet Node’s DNS name into its globally routable IPv6 address. Discovery of Internet Gateway RREQ/RREP-based Discovery Discovery of Global DNS Server Recursive DNS Server (RDNSS) Option within RREP

58. 58 Discovery of Internet Gateway (IGW) & Recursive DNS Server (RDNSS) RREP Header Prefix Information Option : IGW2’s Global IPv6 Prefix RDNSS Option : RDNSS3’s MANET Address RREP Message from IGW2

59. 59 Procedure of DNS Name Resolution in MANET

60. 60 MANET Testbed

61. 61 Testbed for IPv6 MANET Motivation There is much difficulty in managing the topology of MANET for testing protocols and applications. Topology Configuration Method For testing multi-hop network configuration, We control Tx and Rx power of IEEE 802.11b NIC. Also, we use MAC-filtering to filter out packets in other links. Routing Protocols We used IPv6 AODV and MAODV as Ad Hoc routing protocols.

62. 62 MANET Testbed IPv6 Wireless RouterProtocol Test in MANET Testbed

63. 63 NB Hub R1R2R3 AP - IPv6 Wireless Router: R1, R2, R3 - Control Node: NB Controlling IPv6 Wireless Routers at NB R1 R2 R3 3ffe:2e00:1:a::101 NB 3ffe:2e00:1:a::102 3ffe:2e00:1:a::103 ping6 R3 3ffe:2e00:1:a::101 R1 R2 R3 NB 3ffe:2e00:1:a::102 3ffe:2e00:1:a::103 ping6 R3 Ping6 of R1 into R3 Ping6 of R1 into R3 via R2 Demo Scenario Mac filter 1hop 2hop 1hop 2hop Routing Table Update in R1 Ping6’s Result Experiment in MANET Testbed

64. 64 Conclusion MANET Autoconfiguration Unicast Address Autoconfiguration Multicast Address Allocation Multicast DNS Service Discovery Internet Connectivity Autoconfiguration Technologies in MANET They can provide Ad Hoc users with auto-networking. They must be default functions for the Deployment of MANET. Also, security in MANET is important issue and should considered along with auto-networking in MANET. But it is very difficult. MANET Networking is a corner stone for Ubiquitous Computing.

65. 65 References [1] Jaehoon Paul Jeong et al., “Requirements for Ad Hoc IP Address Autoconfiuguration”, draft-jeong- manet-addr-autoconf-reqts-01.txt, February 2004. [2] Jaehoon Paul Jeong et al., “Ad Hoc IP Address Autoconfiguration”, draft-jeong-adhoc-ip-addr- autoconf-02.txt, February 2004. [3] Jaehoon Paul Jeong et al., “Ad Hoc IP Address Autoconfiguration for AODV”, draft-jeong-manet- aodv-addr-autoconf-00.txt, February 2004. [4] Charles E. Perkins et al., “IP Address Autoconfiguration for Ad Hoc Networks”, draft-ietf-manet- autoconf-01.txt, November 2001. [5] Nitin H. Vaidya, “Weak Duplicate Address Detection in Mobile Ad Hoc Networks”, MobiHoc2002, June 2002. [6] Jaehoon Paul Jeong et al., “Auto-Networking Technologies for IPv6 Mobile Ad Hoc Networks”, ICOIN 2004, February 2004. [7] Jaehoon Paul Jeong et al., “DNS Service for Mobile Ad Hoc Networks”, draft-jeong-manet-dns- service-00.txt, February 2004. [8] Jaehoon Paul Jeong et al., “Service Discovery based on Multicast DNS in IPv6 Mobile Ad-hoc Networks”, VTC2003 Spring, April 2003. [9] Ryuji Wakikawa et al., “Global connectivity for IPv6 Mobile Ad Hoc Networks”, draft-wakikawa- manet-globalv6-03.txt, October 2003.

66. 66 Reference Website ETRI’s Ad Hoc Autoconfiguration Project http://www.adhoc.6ants.net