Upload
trinhxuyen
View
218
Download
0
Embed Size (px)
Citation preview
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6: Multihoming for IPv6
Sebastien Barre
Universite catholique de Louvainhttp://inl.info.ucl.ac.be
Nov. 18th, 2008
INGI Research Meeting
Sebastien Barre Shim6: Multihoming for IPv6 1 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
1 IntroductionMultihoming with IPv4Motivations for IPv6IPv6 addresses
2 The Shim6 protocolShim6 operationThe REAP exploration protocolShim6: Security issues
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 2 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
1 IntroductionMultihoming with IPv4Motivations for IPv6IPv6 addresses
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 3 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
What is multihoming ?
Sebastien Barre Shim6: Multihoming for IPv6 4 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
What is multihoming ?
Sebastien Barre Shim6: Multihoming for IPv6 5 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Motivations for Multihoming
Redundancy
Physical/logical link failureRouting failureProvider failure
Load Balancing
Performance issues such as long term congestion
Policy
Sebastien Barre Shim6: Multihoming for IPv6 6 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
1 IntroductionMultihoming with IPv4Motivations for IPv6IPv6 addresses
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 7 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Using a Provider Independent (PI) IPv4 address block
Sebastien Barre Shim6: Multihoming for IPv6 8 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Using a Provider Independent (PI) IPv4 address block
Customer network needs an AS number
It becomes difficult to obtain a /24 PI now
Introduces an additional prefix into the global routing system
Ref.: Abley et al., RFC4116, IPv4 multihoming practices and limitationsSebastien Barre Shim6: Multihoming for IPv6 9 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Using a Provider Aggregatable (PA) IPv4 address block
Sebastien Barre Shim6: Multihoming for IPv6 10 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Using a Provider Aggregatable (PA) IPv4 address block
Customer gets a subprefix from its provider
May need to renumber if customer wants to leave ISP1.
Customer network needs an AS number
Makes routing tables bigger
Ref.: Abley et al., RFC4116, IPv4 multihoming practices and limitationsSebastien Barre Shim6: Multihoming for IPv6 11 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
1 IntroductionMultihoming with IPv4Motivations for IPv6IPv6 addresses
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 12 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Mainly: IPv4 address depletion
Sebastien Barre Shim6: Multihoming for IPv6 13 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Mainly: IPv4 address depletion
Source: http://www.potaroo.net/tools/ipv4/index.htmlSebastien Barre Shim6: Multihoming for IPv6 14 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
IPv4 address depletion: latest informations
Expected exhaustion point for RIR’s: March 3rd, 2012
Expected exhaustion point for IANA: February 2nd, 2011
Source: http://www.potaroo.net/tools/ipv4/index.htmlSebastien Barre Shim6: Multihoming for IPv6 15 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Other expectations for IPv6
Lower load of Internet routing tables
Less packet processing in the core of the Internet
Push state towards the edges
No more NATs: IP address for everyone
Improved security, mobility and multihoming
Sebastien Barre Shim6: Multihoming for IPv6 16 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Other expectations for IPv6
Lower load of Internet routing tables
Less packet processing in the core of the Internet
Push state towards the edges
No more NATs: IP address for everyone
Improved security, mobility and multihoming
Sebastien Barre Shim6: Multihoming for IPv6 16 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Other expectations for IPv6
Lower load of Internet routing tables
Less packet processing in the core of the Internet
Push state towards the edges
No more NATs: IP address for everyone
Improved security, mobility and multihoming
Sebastien Barre Shim6: Multihoming for IPv6 16 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
Other expectations for IPv6
Lower load of Internet routing tables
Less packet processing in the core of the Internet
Push state towards the edges
No more NATs: IP address for everyone
Improved security, mobility and multihoming
Sebastien Barre Shim6: Multihoming for IPv6 16 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
1 IntroductionMultihoming with IPv4Motivations for IPv6IPv6 addresses
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 17 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
IPv6 address format
Sebastien Barre Shim6: Multihoming for IPv6 18 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
IPv6 address format
Sebastien Barre Shim6: Multihoming for IPv6 19 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA vs PI addresses
PI: Provider Independent addresses
The site announces its PI address set through BGPIf multihomed: multiple BGP annoucements
Global announcements of PI prefixes
What if many sites get multihomed ?
Scalability problem
PA: Provider Aggregatable addresses
The site receives a subset of its provider’s addressesOnly the provider announces its address set through BGPIf multihomed : The site receives several address blocks
Sebastien Barre Shim6: Multihoming for IPv6 20 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
More about PA - Reminder: IPv4 PA
Sebastien Barre Shim6: Multihoming for IPv6 21 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
More about PA - And so... IPv6 PA ?
Sebastien Barre Shim6: Multihoming for IPv6 22 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
More about PA - And so... IPv6 PA ?
Sebastien Barre Shim6: Multihoming for IPv6 22 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
More about PA - And so... IPv6 PA ?
Sebastien Barre Shim6: Multihoming for IPv6 22 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
The case of UCLouvain
Two providers, thus two global routing prefixes:
2001:6a8:3080: Provider is Belnet2001:6f8:31c: Provider is Easynet
Several subnetworks:
2: Staff3: Servers4: Experiments2001: Wifi staff
Sebastien Barre Shim6: Multihoming for IPv6 23 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
A typical laptop in our department
Sebastien Barre Shim6: Multihoming for IPv6 24 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
A typical laptop in our department
Sebastien Barre Shim6: Multihoming for IPv6 24 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
A typical laptop in our department
Sebastien Barre Shim6: Multihoming for IPv6 24 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
A typical laptop in our department
Sebastien Barre Shim6: Multihoming for IPv6 24 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
PA addresses reduce the load for the BGP system. . .
. . . But it pushes new responsibilities to the end systemFailover from one address to another working oneLoad balancing
Those are completely managed by the network in v4.
In v6, part is now managed by the end-systemWe need to upgrade the end-hosts !
Sebastien Barre Shim6: Multihoming for IPv6 25 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
PA addresses reduce the load for the BGP system. . .
. . . But it pushes new responsibilities to the end systemFailover from one address to another working oneLoad balancing
Those are completely managed by the network in v4.
In v6, part is now managed by the end-systemWe need to upgrade the end-hosts !
Sebastien Barre Shim6: Multihoming for IPv6 25 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
PA addresses reduce the load for the BGP system. . .
. . . But it pushes new responsibilities to the end systemFailover from one address to another working oneLoad balancing
Those are completely managed by the network in v4.
In v6, part is now managed by the end-systemWe need to upgrade the end-hosts !
Sebastien Barre Shim6: Multihoming for IPv6 25 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
PA addresses reduce the load for the BGP system. . .
. . . But it pushes new responsibilities to the end systemFailover from one address to another working oneLoad balancing
Those are completely managed by the network in v4.
In v6, part is now managed by the end-systemWe need to upgrade the end-hosts !
Sebastien Barre Shim6: Multihoming for IPv6 25 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
PA addresses reduce the load for the BGP system. . .
. . . But it pushes new responsibilities to the end systemFailover from one address to another working oneLoad balancing
Those are completely managed by the network in v4.
In v6, part is now managed by the end-systemWe need to upgrade the end-hosts !
Sebastien Barre Shim6: Multihoming for IPv6 25 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Multihoming with IPv4Motivations for IPv6IPv6 addresses
PA implications
Sebastien Barre Shim6: Multihoming for IPv6 26 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
1 Introduction
2 The Shim6 protocolShim6 operationThe REAP exploration protocolShim6: Security issues
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 27 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
End-host upgrade: the problem
Current applications assume one <src,dest> address pair for agiven communication
They also assume that the network ensures failover if aproblem happens somewhere.
How to manage failover in the end-host without
changing applications ?
Sebastien Barre Shim6: Multihoming for IPv6 28 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
End-host upgrade: the problem
Current applications assume one <src,dest> address pair for agiven communication
They also assume that the network ensures failover if aproblem happens somewhere.
How to manage failover in the end-host without
changing applications ?
Sebastien Barre Shim6: Multihoming for IPv6 28 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
End-host upgrade: How to do it ?
To detect failures: Monitor the communications
To switch to a working path: Change the current address pair
Sebastien Barre Shim6: Multihoming for IPv6 29 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
End-host upgrade: a solution ?
Sebastien Barre Shim6: Multihoming for IPv6 30 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
End-host upgrade: a solution ?
Sebastien Barre Shim6: Multihoming for IPv6 30 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Why ?
An IP address has currently a double semantics: Locator andIdentifier
Locator: The IP address is used to forward the packet towardsits destination.
Changing the IP address has the effect of changing thepath.Identifier: The IP address is used as part of the TCP contextidentifier
Changing the IP address has the effect of breaking
TCP connexions
Sebastien Barre Shim6: Multihoming for IPv6 31 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Why ?
An IP address has currently a double semantics: Locator andIdentifier
Locator: The IP address is used to forward the packet towardsits destination.
Changing the IP address has the effect of changing thepath.Identifier: The IP address is used as part of the TCP contextidentifier
Changing the IP address has the effect of breaking
TCP connexions
Sebastien Barre Shim6: Multihoming for IPv6 31 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Why ?
An IP address has currently a double semantics: Locator andIdentifier
Locator: The IP address is used to forward the packet towardsits destination.
Changing the IP address has the effect of changing thepath.Identifier: The IP address is used as part of the TCP contextidentifier
Changing the IP address has the effect of breaking
TCP connexions
Sebastien Barre Shim6: Multihoming for IPv6 31 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
The Shim6 proposal
Separate the two semantics
The transport and application layer see an identifier
The network and data link layer see a locator.
A new Shim layer rewrites identifiers to replace them withlocators
The same Shim layer rewrites locators to replace them withidentifiers
Sebastien Barre Shim6: Multihoming for IPv6 32 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
The Shim6 proposal
Separate the two semantics
The transport and application layer see an identifier
The network and data link layer see a locator.
A new Shim layer rewrites identifiers to replace them withlocators
The same Shim layer rewrites locators to replace them withidentifiers
Sebastien Barre Shim6: Multihoming for IPv6 32 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
The Shim6 proposal
Separate the two semantics
The transport and application layer see an identifier
The network and data link layer see a locator.
A new Shim layer rewrites identifiers to replace them withlocators
The same Shim layer rewrites locators to replace them withidentifiers
Sebastien Barre Shim6: Multihoming for IPv6 32 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
The Shim6 proposal
Separate the two semantics
The transport and application layer see an identifier
The network and data link layer see a locator.
A new Shim layer rewrites identifiers to replace them withlocators
The same Shim layer rewrites locators to replace them withidentifiers
Sebastien Barre Shim6: Multihoming for IPv6 32 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
The Shim6 proposal
Separate the two semantics
The transport and application layer see an identifier
The network and data link layer see a locator.
A new Shim layer rewrites identifiers to replace them withlocators
The same Shim layer rewrites locators to replace them withidentifiers
Sebastien Barre Shim6: Multihoming for IPv6 32 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Locators vs Identifiers (ULIDs)
Application
Transport
Network
Physical
Datalink
IP address = identifier(ULID)
IP address = locator
ULPsIP : Endpoint functions
SHIM
IP : Routing functions
Sebastien Barre Shim6: Multihoming for IPv6 33 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Locators vs Identifiers (ULIDs)
Application
Transport
Network
Physical
Datalink
IP : Endpoint functions
IP : Routing functions IP address = locator
IP address = identifier(ULID)ULPs
SHIM
Sebastien Barre Shim6: Multihoming for IPv6 33 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Locators vs Identifiers (ULIDs)
Application
Transport
Network
Physical
Datalink
IP : Endpoint functions
IP : Routing functions
ULPs
SHIM
IP address = identifier
IP address = locator
(ULID)
Sebastien Barre Shim6: Multihoming for IPv6 33 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
1 Introduction
2 The Shim6 protocolShim6 operationThe REAP exploration protocolShim6: Security issues
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 34 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Shim6 operation
Sebastien Barre Shim6: Multihoming for IPv6 35 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
REAP operation
Sebastien Barre Shim6: Multihoming for IPv6 36 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
REAP operation
Sebastien Barre Shim6: Multihoming for IPv6 36 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
REAP operation
Sebastien Barre Shim6: Multihoming for IPv6 36 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
REAP operation
Sebastien Barre Shim6: Multihoming for IPv6 36 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
REAP operation
Sebastien Barre Shim6: Multihoming for IPv6 36 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
TCP connection survival
recoveryfailureREAP
0
10
20
30
40
50
60
0 10 20 30 40 50 60
Thr
ough
put (
Mbi
ts/s
ec)
time (seconds)
Path 2 usedPath 1 used
Figure: Evolution of throughput for an iperf TCP session
Sebastien Barre Shim6: Multihoming for IPv6 37 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
1 Introduction
2 The Shim6 protocolShim6 operationThe REAP exploration protocolShim6: Security issues
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 38 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
New solutions - new problems: the time shifting attack
Sebastien Barre Shim6: Multihoming for IPv6 39 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to avoid that ?
Sign the message with a private key
Put the public key in the message
The receiver verifies the signature thanks to the providedpublic key.
How to ensure that the public key isnot replaced by the attacker ?
Sebastien Barre Shim6: Multihoming for IPv6 40 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to avoid that ?
Sign the message with a private key
Put the public key in the message
The receiver verifies the signature thanks to the providedpublic key.
How to ensure that the public key isnot replaced by the attacker ?
Sebastien Barre Shim6: Multihoming for IPv6 40 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to avoid that ?
Sign the message with a private key
Put the public key in the message
The receiver verifies the signature thanks to the providedpublic key.
How to ensure that the public key isnot replaced by the attacker ?
Sebastien Barre Shim6: Multihoming for IPv6 40 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to avoid that ?
Sign the message with a private key
Put the public key in the message
The receiver verifies the signature thanks to the providedpublic key.
How to ensure that the public key isnot replaced by the attacker ?
Sebastien Barre Shim6: Multihoming for IPv6 40 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to ensure public key authenticity ?
Classical solution: Use a certificate, signed by a trustedthird-party
We cannot give a certificate to everyone in the Internet !
We have long addresses anyway: let’s embed the public keyinside the address. . .
Sebastien Barre Shim6: Multihoming for IPv6 41 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
How to ensure public key authenticity ?
Classical solution: Use a certificate, signed by a trustedthird-party
We cannot give a certificate to everyone in the Internet !
We have long addresses anyway: let’s embed the public keyinside the address. . .
Sebastien Barre Shim6: Multihoming for IPv6 41 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Cryptographically Generated Addresses (CGAs)
A first proposal:
Sebastien Barre Shim6: Multihoming for IPv6 42 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Cryptographically Generated Addresses (CGAs)
59 bits is too short a hash to ensure that it won’t be broken.
Solution: artificially extend the hash length
Compute a second hash, with an additional input calledmodifier
Require that n bits be 0 in the resultincrement the modifier and retry the hash computation until n
bits are zeroBrute-force attack of our own address...But we are O(259) in advance over our attacker !
Sebastien Barre Shim6: Multihoming for IPv6 43 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Cryptographically Generated Addresses (CGAs)
59 bits is too short a hash to ensure that it won’t be broken.
Solution: artificially extend the hash length
Compute a second hash, with an additional input calledmodifier
Require that n bits be 0 in the resultincrement the modifier and retry the hash computation until n
bits are zeroBrute-force attack of our own address...But we are O(259) in advance over our attacker !
Sebastien Barre Shim6: Multihoming for IPv6 43 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Cryptographically Generated Addresses (CGAs)
Sebastien Barre Shim6: Multihoming for IPv6 44 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Cryptographically Generated Addresses (CGAs): the cost
Generation (owner): O(216∗sec )
Breaking the address (attacker): O(259+16∗sec )
Verification (receiver): O(1)Two hash computations
Sebastien Barre Shim6: Multihoming for IPv6 45 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
Hash Based Addresses
Similar to CGA addresses, but lighter.
Same input as for CGAs
Public key is a random number
Extension field is the list of prefixes.
No signature needed, addresses validated by the fact that theyare all bound together.
Sebastien Barre Shim6: Multihoming for IPv6 46 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
HBA vs CGA
CGA is computationnally more expensive (key generation,signature).
But HBA does not allow adding addresses later
All prefixes are included in the hashAdding one prefix results in changing all addresses
Tradeoff: CGA-compatible HBAs
A public key is used for generation, but the multi-prefixextension is includedInitial address set is announced through HBAAdditional addresses can be generated and announced usingCGA.
Sebastien Barre Shim6: Multihoming for IPv6 47 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 operationThe REAP exploration protocolShim6: Security issues
HBA vs CGA: efficiency
0
1
2
3
4
5
6
7
8
nosechba hbacompat
cga-512 bits
cga-1024 bits
cga-2048 bits
Neg
oti
ati
on
tim
e (
ms)
Comparison of security mechanisms
2 addresses5 addresses
10 addresses
Sebastien Barre Shim6: Multihoming for IPv6 48 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
1 Introduction
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 49 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Want to play ?
LinShim6 can be downloaded athttp://inl.info.ucl.ac.be/LinShim6
Currently the implementation that best supports thespecification
Allows using CGA/HBA/CGA-compat HBAs.
Can be easily installed in Ubuntu thanks to .deb packages.
No special configuration needed (except for special purposes).
Sebastien Barre Shim6: Multihoming for IPv6 50 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
1 Introduction
2 The Shim6 protocol
3 LinShim6 implementation for Linux
4 Conclusion
Sebastien Barre Shim6: Multihoming for IPv6 51 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 challenges
Bootstrap problem: both ends need to support Shim6 in orderto get any benefit
If you install Shim6 now, almost no peer will know about it. . .But if it gets installed in standard distributions, the wholeworld would have it at once.
Load balancing: The end-host is now responsible for part of it.How to give control back to the network ?
Use a central server that hints the end-hosts ? (IDIPS)Allow routers to re-rewrite Shim6 packets to enforce networkpolicy ?
Sebastien Barre Shim6: Multihoming for IPv6 52 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Shim6 challenges
Renumbering: All ongoing communications are broken in caseof renumbering
We would probably need a separate identifier space to solvethat.
Transport level multipath: Extending Shim6 to make it a pathmanager for transport protocols ?
Mobility: To be investigated
Sebastien Barre Shim6: Multihoming for IPv6 53 / 54
IntroductionThe Shim6 protocol
LinShim6 implementation for LinuxConclusion
Questions ?
Sebastien Barre Shim6: Multihoming for IPv6 54 / 54