LandMARC MIPv6 stack for Windows
Download
Report
Transcript LandMARC MIPv6 stack for Windows
LandMARC MIPv6 stack for Windows
Greg O’Shea
Microsoft Research
Andrew Scott
Lancaster University
LandMARC MIPv6 stack
• LandMARC: 2-yr project with Lancaster
University, supporting 3 RA positions
• Several threads, now dominated by MIPv6
• Added mobility to MSR 1.4 IPv6
• RC4b (Win2K) released 1 Jan 2001
• XPB2 (WinXP beta 2): in test (internal)
• WinCE3.0 + RC4b: in development (internal)
• WinCE4.0 + XPB2: in development (internal)
Why mobile IP?
• Traditional IP address = (network + host-id)
– is bound to a specific network
– Connections break if node moves between nets
– Problem for mobile, wireless computers (future)
• Solution: MIPv6 mobile node (MN) uses two
addresses
–
–
–
–
–
Home Address (HA) well known / used by apps
Care-Of Address (COA) when abroad
TCP sessions survive network hand-off
Nobody has to learn new home address for MN
Provides heterogeneous network hand-off
Mobile at home
Movement: BU to home agent
CN to HA, tunnel to MN
Route Optimisation
Barriers to MIPv6
• IPv6 infrastructure
– Others can deal with that…
•
•
•
•
Security Infrastructure (IPSec)
Connectivity with IPv4 internet when mobile
Support for IPv4 application code
Behaviour of network cards and their drivers
Problem #1 : Security
• Bogus Binding Update
– Hilary says to Bill “Send packets for Monica to me”
• Bogus Home Address Option
– Hilary says to Bill “Monica said this…”
• Very easy to mount an attack:
– ipv6 hau <IPv6 address> 64 <home agent address>
• Giving somebody else’s home address and home agent
– Attach to any IPv6 net
Security : use of IPSec
• V12 mandated IPsec AH on Binding Updates
• Works, but too hard to configure and test
• Helps if administrator has:
–
–
–
–
network monitors attached
kernel debugger(s) installed on all machines
source code for IPv6 stack
program for configuring the program for
configuring IPSec
CAM : joint with Mike Roe
• Mobile node m chooses key pair (PKm,SKm)
• Mobile m chooses Home addr (IF-Id) Am = H(PKm, i)
– Int i used to resolve IPv6 address collisions
• Binding Update from m includes:
A’m, Ac, Am, PKm, i, {H(A’m, Ac, Am, Tm)}SKm
• Correspondent verifies Am = H(PKm, i) and the hash
from the Binding Update
• Use of PKm is uncertified, but says nothing about realworld identify
• Impostor cannot submit bogus BU without finding
(PK’, SK’) where H(PK’, i) = Am
– (which is hard)
Problem #2 : IPv4 connectivity / apps
• MN abroad may lose all IPv4 connectivity
– Contactable only on IPv6 care-of address
– MN cannot see IPv4 internet (e.g. www)
– Nodes on IPv4 internet cannot see the mobile
• Implications for apps and services (e.g. DNS)
• Prefer not to port every IPv4 app (yet)
• Very few IPv6 apps from Microsoft (yet)
– .NET Framework, IIS, file share, etc
m4in6 : joint with Joe Finney
Mobile
Node
Correspondent
Node
IPv4
Correspondent
Network
IPv6 Foreign
Network
IPv4
Internet
IPv6
Internet
IPv6
Home
Network
Home
Agent
IPv4 (routed)
IPv4 (local)
IPv4 in IPv6 tunnel
Kernel development on Win2000
• Use cmd line : VStudio doesn’t add much
• Makefiles unusual: initially confusing
• Docs better than Linux, esp. DDK (but fragmented,
large)
• More helpful support: no small group wanting to keep
full control as under Linux
• Well-defined APIs preserve code stability
• Debugging not great, circa gdb. Use SoftIce.
• DbgView (etc) v. useful but not well known
• NDIS easy to work with (miniport, intermediate, proto)
• Learning curve 1-2 weeks alone, ~1 day supervised
Kernel development on WinCE
•
•
•
•
•
•
Excellent development support
Great documentation – small unambiguous API
Drivers as easy as user-space programming (dlls)
Full source level debug in IDE using remote host
Remote driver loading on demand really nice
Important to use “recommended” CEPC components
– VERY difficult to get drivers for single board computers
– Companies can be really unhelpful – often because they’ve
bought in the drivers and simply can’t support them.
Tech tutorial at IDMS2001
• Objective: Intro to building, modifying and
testing the LandMARC stack
• Date: 4 September 2001
• Place: Lancaster University, or thereabouts
Further Info
http://research.microsoft.com/programs/europe/project
s/MIPv6.asp
http://www.LandMARC.net
http://research.microsoft.com/msripv6
http://msdn.microsoft.com/downloads/sdks/platform/tpi
pv6/readme.asp
http://support.microsoft.com/support/kb/articles/q273/8/
26.asp
http://www.IDMS2001.org/
CAM: Childproof Authentication for MIPv6, G O’Shea
and M Roe, Computer Communications Review, April
2001
Mobile 4-in-6 (m4in6), J Finney and G O’Shea,
Interactive Distributed Multimedia Systems
(IDMS2001), 4-7 Sept 2001, Lancaster, UK