Presentation on theme: "Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications."— Presentation transcript:
Using HIP to solve MULTI-HOMING IN IPv6 networks YUAN Zhangyi Beijing University of Posts and Telecommunications
Introduction Why we need NAT in IPv6? –Hiding enterprises topology –Keep IP addresses independent –…… NAT66, referred in an IETF draft, may be implemented in an IPv6 router to map one IPv6 address prefix to another IPv6 address prefix as each IPv6 packet transits the router.
Introduction The mechanism of NAT66 device We deployed Two-way algorithm to map one private address to a global address.
NAT66 Process NAT outside NAT inside Packet Src.addr Des. addr Port No. Src.addr changed Des.addr unchanged Port No. unchanged Address Change Packet Src.addr Des.addr Port No. Src.addr unchanged Des.addr changed Port No. unchanged Address Change Outside Process Port No. is stable Translate the Src.addr Inside Process Port No. is stable Translate the Des.addr
HIP(Host Identify Protocol) HIP insert a new layer between Transport Layer and Network Layer. Transport Layer use HIT(Host Identity Tag) to recognize a session. It uses instead of. As a result, any changes in Network layer will not affect the upper applications.
Experiment 1--- NAT66 disabled Initiator Responder I1: trigger exchange R1: puzzle, D-H, key, sig I2: solutions, D-H, (key), sig R2: sig In the first case, NAT66 is disabled in the edge router. HIP will exchange four packets before the connection is built. we first added a new address to hosts another interface. It initiated a three- way UPDATE handshake with the destination host with a new Locator in its packet.
Experiment 2--- NAT66 enabled Mobility Case We tested whether HIP support mobility with nat66 enabled in Linksys boxes. After adding a new IP address to interface on Entry. Wireshark captured three UPDATE packets initiated by Entry with the new IP address along with the original IP address in Locator parameter in the first UPDATE packet. Then we deleted the original IP address. Entry initiated another update. But this time the three-way handshake failed. There were only UPDATE packets from Entry to Terminal without any responds, which meant the new IP address was unreachable for Terminal. The whole process suggested that Entry did send HIP UPDATE packets to Terminal notifying its IP address had changed. It initiated a three-way handshake and sent the first UPDATE packet to Terminal with its new IP address as the Locator. When Terminal received this UPDATE packet, it tried to send a responding packet to Entry using the new address as the destination address. Because the new IP address was the private address behind nat66, it is unreachable for Terminal. Therefore, the three-way UPDATE handshake failed to set up and the connection lost.
Experiment 2--- NAT66 enabled Multihoming case We changed the default route of Terminal. Previously the packets sending out from Terminal went to Linksys3 and now we changed the default route to Linksys4. From the packets caught by Wireshark, we surprisingly noticed that the connection was not interrupted. Entry accepted the packets from Linksys4, even though the source IP address was not the address on its Hit-IP Address mapping table. The packets above show that the source IP address changed silently, without disturbing the communication. If the address changes but SPI remains the same and the checksum is valid, HIP is intended to report to the transport that it was received from the original address.
Conclusion HIP can really help solving multihoming and mobility though deploying it in our test environment: HIP can support mobility in the environment without nat66 through sending UPDATE packets. HIP cannot support mobility in our environment with nat66 functioning in the edge router, unless more mechanism, like a RVS server, is getting involved. As for multihoming, HIP does help solving this problem.