1

Auto-Networking Technologies for IPv6 Mobile Ad Hoc

Networks

Jaehoon Jeong, ETRIpaul@etri.re.kr

http://www.adhoc.6ants.net/~paul/

ICOIN 2004

2

Contents

Introduction MANET Auto-Networking Ad Hoc IP Address Autoconfiguration IPv6 Multicast Address Allocation Secure Multicast DNS Service Discovery Conclusion References

3

Introduction

Mobile Ad Hoc Network (MANET) MANET has dynamically changing network topology.

MANET partition and mergence may happen. In MANET, there are many points to consider unlike the Internet.

There is no network administrator. The current Internet services, such as address autoconfi

gation and DNS, are difficult to adopt.

So, Auto-configuration is necessary in MANET!!

4

MANET Auto-Networking

Unicast Address Autoconfiguration Multicast Address Allocation Secure Multicast DNS Service Discovery

MANETAuto-Networking

Se

cu

re M

ult

ica

st

DN

S

Se

rvic

e D

isc

ov

ery

Multicast Address Allocation

Unicast Address Autoconfiguration

5

Protocol Stack supporting

MANET Autoconfiguration

NetworkInterface

IPv6 MLDICMPv6

TCP/UDP

Wireless Link

Link

Network

Transport

ApplicationUnicast Address

AutoconfigurationMulticast Address

Allocation

SecureMulticast

DNS

ServiceDiscovery

6

Ad Hoc IP Address Autoconfiguration

7

Motivation Four basic MANET unicast routing protocols will have been publish

ed as experimental RFC soon. AODV, DSR, OLSR and TBRPF

AODV and OLSR have already been published as RFC.

Next step? Addressing is as essential as Routing

Automatic IP address configuration is necessary in MANET, which has dynamic topology.

Various approaches have been suggested in research domain Stateless vs. Stateful approaches Strong DAD vs. Weak DAD Active DAD vs. Passive DAD

Therefore, it is time to develop MANET IP Address Autoconfiguration in engineering mode.

8

Procedure of IP Address Autoconfiguration

1. IP Address Generation

2. Duplicate Address Detection- Hybid scheme considering MANET partitioning a

nd merging• Strong DAD• Weak DAD

3. Maintenance of Upper-layer Sessions

9

Address AutoconfigurationMessage Format 0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Type | Code | Checksum |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Identification |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Originator IP Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Requested or Duplicate IP Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Type: - AREQ: Address Request - AREP: Address Reply - AERR: Address Error

Code: - 0: default - 1: indication of address change in type AERR

10

IP Address Generation Selection of Random IP Address

IPv4 IPV4_MANET_PREFIX + 16-bit Random Number

169.254/16 is used as IPV4_MANET_PREFIX. There is a great possibility of address conflicts by Birthday Parado

x. Nodes of two to the power eight (= 256) will generate at least

one address collision with a probability of 50%. IPv6

IPV6_MANET_PREFIX + 64-bit Random Number fec0:0:0:ffff::/64 is used as IPV6_MANET_PREFIX.

Because of the deprecation of IPv6 site-local address, a new local prefix for local networks separated from the Internet is necessary.

11

Duplicate Address Detection Phase 1 : Strong DAD

Time-based DAD For detecting IP address duplication in a connected

MANET partition within a finite bounded time interval Strong DAD is performed during the initiation of node’s

network interface. Phase 2 : Weak DAD

Routing-based DAD For detecting IP address duplication during ad hoc

routing It can handle the address duplication by MANET

partition and mergence. Key is used for the purpose of detecting duplicate IP

addresses. Virtual IP Address = IP Address + Key

12

Process of Duplicate Address during Weak DAD Each node investigates the virtual IP address contain

ed in ad hoc routing control packet to see if there is the same address with different key in rou

ting table or cache.

If there is the duplicate IP address, The node sends an AERR (Address Error) message to anoth

er node using duplicate address that is associated with a different key.

The node, receiving the AERR message, auto-configures a new IP address through Strong DAD

13

Maintenance of Upper-layer Sessions

Consequence of Address Replacement When address duplication happens and the

duplicate address is replaced with another, the sessions above network layer can be broken.

There should be a mechanism to guarantee the survivability of upper-layer sessions Announcement of address change to peer-nodes is

needed. It is performed through AERR message.

Victim Node Selection Node performing route discovery will be victim

node that regenerates its address and informs its peers of the address change.

14

Data Delivery after resolving Address Duplication

Data Delivery through IP Tunneling After the delivery of AERR message, the peer node and

announced node exchange data packets through IP tunneling.

Address Mapping Cache is needed like a binding cache of MIP.

Peer Node

Address : IPpn

Announced Node

New Address : IPnew

Old Address : IPold

Data Packet

SRC Addr : IPpn

DEST Addr : IPnew SRC Addr : IPpn

DEST Addr : IPold Payload

Outer IP Header

Inner IP Header

15

IPv6 Multicast Address Allocation

16

IPv6 Multicast Address Allocation

Network prefix Interface ID

Interface IDFF Group ID

(a)

(b)

64-bit 64-bit

64-bit 32-bit8-bit

4-bit 4-bit

Flags Scope

0 A P T 0 1 0 1

8-bit

reserved

16-bit

Role It allocates a unique IPv6 multicast address to a session

without address allocation server.

Address Format IPv6 multicast (a) is generated on the basis of Interface ID

of IPv6 unicast address (b).

17

Procedure of Multicast Address Allocation

Generation of Unused Group ID

Generation of a Multicast Address

Delivery of the Multicast Address

Request ofMulticast Address Allocation

18

Service of Multicast Application: Allocation of a unique Multicast Address for a new Session

B C DEA

A B C D E

1

2 3

456

7

1 1 1 1

Step

Action

1 Unicast Address Autoconfiguration

2 Run of Video-conferencing Tool (e.g., SDR) and Creation of a new Session

3 Advertisement of Session Information

4 MN A’s join to the new Session

5 MN E’s join to the new Session

6 Transmission of Video/Audio Data by MN A

7 Transmission of Video/Audio Data by MN E

19

Secure Multicast DNS

20

Introduction

Name Service in MANET MANET has dynamic network topology

Current DNS can not be adopted in MANET! Because it needs a fixed and well-known name server

Idea of Name Service in MANET All the mobile nodes take part in name service

Every mobile node administers its own name information It responds to the other node’s DNS query related to its

domain name and IP address

21

Ad-hoc Name Service Systemfor IPv6 MANET (ANS)

ANS provides Name Service in MANET MANET DNS Domain

ADHOC.

MANET IPv6 Prefix IPv6 Site-local Prefix

FEC0:0:0:0::/64

Architecture of ANS System ANS Responder

It performs the role of DNS Name Server

ANS Resolver It performs the role of DNS Resolver

22

ANS System (1/2)

ANSResolver

ApplicationApplication

Process

Database

Node

Mobile Node A

UNIX Datagram Socket

ANSResponder

ANSZone DB

Memory Read / Write

ANSResolver

ApplicationApplication

Mobile Node B

ANSResponder

ANSZone DB

Wireless Link

ANSResolver

ApplicationApplication

ANSResponder

ANSZone DB

ANSResolver

ApplicationApplication

ANSResponder

ANSZone DB

Mobile Node C

ANSResponder

ANSResolver

ApplicationApplicationApplicationApplicationANS

Zone DB

DNS Query

DNS Response

DNS Message

23

ANS System (2/2)

Main-Thread

DUR-Thread

ANSZone DB

ANS Responder

Process

Thread

Database

Memeory Read / Write

Internal Connection

Main-Thread

Resolv-ThreadTimer-Thread

ANS Cache

ANS Resolver

Process

Thread

Cache

UNIX Datagram Socket

Memeory Read / Write

Internal Connection

Application

ANS API

DNS Query

DNSResponse

DNS Query / DNS Response

UDP Socket Connection

UDP Socket Connection

24

Name Service in ANS Zone File Generation

generates ANS zone file with mobile node’s DNS name and corresponding IPv6 address

Name Resolution performs the name-to-address translation

Service Discovery performs the service discovery through DNS

SRV resource record, which indicates the location of server or the multicast address of the service

25

Scenario of Name Service within MANET

MN-A MN-B MN-C

DNS Query Message(MN-C.ADHOC.)

DNS Query Messageis sent in Multicast Receipt of

DNS Query Message

Request ofHost DNS Name

Resolution

Receipt and Processof DNS Query Message

DNS Response Message(MN-C’s IPv6 Address)

Gain ofDNS Information

MN-A tries to connect to the server on MN-C

The server on MN-C acceptsthe request of the connection

from MN-A

DNS Query Message(MN-C.ADHOC.)

DNS Response Messageis sent in Unicast

26

Authentication of DNS Message

Why is necessary the authentication of DNS message? To prevent attacker from informing a DNS querier of wrong DNS re

sponse

How to authenticate DNS message? IPsec ESP with a null-transform Secret key transaction authentication for DNS, called as TSIG [RF

C2845]

Our Scheme of Authentication TSIG message authentication where the trusted nodes share

a group secret key for authenticating DNS messages.

27

DNS Message Format

Header Section

Question Section

Answer Section:e.g., AAAA RR

Authority Section

Additional Section:e.g., TSIG RR

DNS message header

Question for the name server

Resource records answering the question

Resource records pointing towardan authority (e.g., AAAA resource record)

Resource records holding additional information (e.g., TSIG resource record)

28

Procedure of Secure DNS Resolution

Mobile Node A(MN-A.ADHOC.)

Mobile Node C(MN-C.ADHOC.)

DNS Query (What is the IPv6 address of “MN-C.ADHOC.”?)via site-local multicast and UDP

DNS Response (IPv6 address of “MN-C.ADHOC.”)via site-local unicast and UDP

Verification of DNS Response - Does the source address of the response conform to the ad hoc addressing requirements? - Is the TSIG resource record valid?

If the Response is valid, then ANS Resolver delivers the result to application program else ANS Resolver sends DNS Query again and waits for another DNS Response by the allowed retry number

29

Service Discovery

30

Service Discovery Definition

Discovery of the location (IP address, Transport-layer protocol, Port number) of server that provides some service.

Methods Multicast DNS based Service Discovery

Service discovery through Multicast DNS and DNS SRV

resource record, which indicates the location of server or the multicast address of the service

SLP based Service Discovery Service discovery through IETF Service Location

Protocol (SLP) RFC 2165, RFC 2608, RFC 3111

31

Considerations for Service Discovery

Limitations of Existing Schemes Most of current schemes are concerned with

service location for the Internet. Such protocols have not taken into account the

mobility, packet loss issues and latency.

Considerations Some devices are small and have limited

computation, memory, and storage capability. They can only act as clients, not servers.

Power constraints Service discovery should not incur excessive

messaging over wireless interface.

32

$TTL 20$ORIGIN ADHOC.PAUL-1 IN AAAA FEC0:0:0:FFFF:3656:78FF:FE9A:BCDE

;; DNS SRV Resource Records; Unicast Service : SERVICE-1_SERVICE-1._TCP IN SRV 0 1 3000 PAUL-1.ADHOC._SERVICE-1._UDP IN SRV 0 1 3000 PAUL-1.ADHOC.

; Multicast Service : SERVICE-2_SERVICE-2._UDP IN SRV 0 1 4000 @.1.5.

Service Discovery based on Multicast DNS

Group IDFF

FlagsP=0, T=1

Scope5

8 4 1124

Multicast Service Name

+

128-bit Digest

MD5 Hash Function

Group ID=Low-order 112 bits of Digest

DNS SRV Resource Record for Multicast Service

Flags label & Scope label

Parsing Function

16-bit IPv6 Site-localMulticast Address Prefix

IPv6 Site-local Multicast Address

ANS Responder’s Zone File

IPv6 Multicast Address corresponding to Service Name

Generation of IPv6 Multicast Address

33

Scenario of Service Discovery

MN-C MN-B MN-A

DNS Query Messagefor Service Information

DNS Query Messageis sent in Multicast Receipt of

DNS Query Message

Request ofServer Information

Receipt and Processof DNS Query Message

related toDNS SRV resource recordDNS Response Message

with Service Information

Gain ofService Information

MN-C tries to connect to the server on MN-A

orMN-C joins the multicast group

related to MN-A

The server on MN-A accepts the request of the connection from MN-C

orThe multicast group comprises

MN-A and MN-C

DNS Query Messagefor Service Information

34

Testbed for IPv6 MANET

We used IPv6 AODV and MAODV for Ad Hoc routing.

For testing multi-hop network configuration, We control Tx and Rx power of IEEE 802.11b NIC. Also, we use MAC-filtering to filter out packets in o

ther link. We implemented Wireless Mobile Router base

d on embedded linux for testing Ad Hoc routing protocols and other applications

35

Experiment of Auto-Networking in MANET Testbed

IPv6 Wireless Mobile Router

MN1

WR1

WR2 WR3

MN2

MANET

Test of Auto-Networking

36

Conclusion MANET Auto-Networking Technologies are

necessary to deploy MANET networking in our life. Ad Hoc IP Address Autoconfiguration IPv6 Multicast Address Allocation Secure Multicast DNS Service Discovery

MANET Auto-Networking will be a corner-stone in ubiquitous networking.

Security in MANET is important issue and should be considered together in auto-networking in MANET.

37

References[1] Jaehoon Paul Jeong, Jung-Soo Park, Kenichi Mase, Youn-Hee Han, Badis Hakim and J

ean-Marie Orset, "Requirements for Ad Hoc IP Address Autoconfiuguration", draft-jeong-manet-addr-autoconf-reqts-01.txt, February 2004.

[2] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration", draft-jeong-adhoc-ip-addr-autoconf-02.txt, February 2004.

[3] Jaehoon Paul Jeong, Jungsoo Park, Hyoungjun Kim and Dongkyun Kim, "Ad Hoc IP Address Autoconfiguration for AODV", draft-jeong-manet-aodv-addr-autoconf-00.txt, February 2004.

[4] Jaehoon Paul Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Service for Mobile Ad Hoc Networks", draft-jeong-manet-dns-service-00.txt, February 2004.

[5] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "DNS Name Service based on Secure Multicast DNS for IPv6 Mobile Ad Hoc Networks", ICACT 2004, February 2004.

[6] Jaehoon Jeong, Jungsoo Park and Hyoungjun Kim, "Service Discovery based on Multicast DNS in IPv6 Mobile Ad-hoc Networks", VTC 2003-Spring, April 2003.