LandMARC MIPv6 stack for Windows

LandMARC MIPv6 stack for Windows

Greg O’SheaMicrosoft Research

Andrew ScottLancaster University

LandMARC MIPv6 stack• LandMARC: 2-yr project with Lancaster

University, supporting 3 RA positions

• Several threads, now dominated by MIPv6

• Added mobility to MSR 1.4 IPv6

• RC4b (Win2K) released 1 Jan 2001

• XPB2 (WinXP beta 2): in test (internal)

• WinCE3.0 + RC4b: in development (internal)

• WinCE4.0 + XPB2: in development (internal)

Why mobile IP?• Traditional IP address = (network + host-id)

– is bound to a specific network– Connections break if node moves between nets– Problem for mobile, wireless computers (future)

• Solution: MIPv6 mobile node (MN) uses two addresses– Home Address (HA) well known / used by apps – Care-Of Address (COA) when abroad– TCP sessions survive network hand-off– Nobody has to learn new home address for MN– Provides heterogeneous network hand-off

Mobile at home

Token-ring

Ethernet

Home networkLoad BatteryLineOn On

BatterySmartBoost

ReplaceBattery

Test

Correspondent

Home Agent

Home Net

Foreign NetInternet

Movement: BU to home agent

Token-ring

Ethernet

Home networkLoad BatteryLineOn On

BatterySmartBoost

ReplaceBattery

Test

Correspondent

Home Agent

Home Net

Foreign NetInternet

CN to HA, tunnel to MN

Token-ring

Ethernet

Home networkLoad BatteryLineOn On

BatterySmartBoost

ReplaceBattery

Test

Correspondent

Home Agent

Home Net

Foreign NetInternet

(HomeAddr, COA)

Route Optimisation

Token-ring

Ethernet

Home networkLoad BatteryLineOn On

BatterySmartBoost

ReplaceBattery

Test

Correspondent

Home Agent

Home Net

Foreign NetInternet

(HomeAddr, COA)

(HomeAddr, COA)

Barriers to MIPv6

• IPv6 infrastructure– Others can deal with that…

• Security Infrastructure (IPSec)

• Connectivity with IPv4 internet when mobile

• Support for IPv4 application code

• Behaviour of network cards and their drivers

Problem #1 : Security

• Bogus Binding Update– Hilary says to Bill “Send packets for Monica to me”

• Bogus Home Address Option– Hilary says to Bill “Monica said this…”

• Very easy to mount an attack:– ipv6 hau <IPv6 address> 64 <home agent address>

• Giving somebody else’s home address and home agent

– Attach to any IPv6 net

Security : use of IPSec• V12 mandated IPsec AH on Binding Updates

• Works, but too hard to configure and test

• Helps if administrator has:– network monitors attached– kernel debugger(s) installed on all machines– source code for IPv6 stack– program for configuring the program for

configuring IPSec

CAM : joint with Mike Roe• Mobile node m chooses key pair (PKm,SKm)• Mobile m chooses Home addr (IF-Id) Am = H(PKm, i)

– Int i used to resolve IPv6 address collisions

• Binding Update from m includes:A’m, Ac, Am, PKm, i, {H(A’m, Ac, Am, Tm)}SKm

• Correspondent verifies Am = H(PKm, i) and the hash from the Binding Update

• Use of PKm is uncertified, but says nothing about real-world identify• Impostor cannot submit bogus BU without finding (PK’, SK’) where

H(PK’, i) = Am – (which is hard)

Problem #2 : IPv4 connectivity / apps• MN abroad may lose all IPv4 connectivity

– Contactable only on IPv6 care-of address– MN cannot see IPv4 internet (e.g. www) – Nodes on IPv4 internet cannot see the mobile

• Implications for apps and services (e.g. DNS)• Prefer not to port every IPv4 app (yet)• Very few IPv6 apps from Microsoft (yet)

– .NET Framework, IIS, file share, etc

m4in6 : joint with Joe FinneyCorrespondent

Node

MobileNode

HomeAgent

IPv6Home

Network

IPv6Internet

IPv6 ForeignNetwork

IPv4 (routed)

IPv4 (local)

IPv4 in IPv6 tunnel

IPv4Internet

IPv4Correspondent

Network

Kernel development on Win2000• Use cmd line : VStudio doesn’t add much• Makefiles unusual: initially confusing• Docs better than Linux, esp. DDK (but fragmented,

large)• More helpful support: no small group wanting to keep

full control as under Linux• Well-defined APIs preserve code stability• Debugging not great, circa gdb. Use SoftIce.• DbgView (etc) v. useful but not well known• NDIS easy to work with (miniport, intermediate, proto)• Learning curve 1-2 weeks alone, ~1 day supervised

Kernel development on WinCE

• Excellent development support• Great documentation – small unambiguous API• Drivers as easy as user-space programming (dlls)• Full source level debug in IDE using remote host• Remote driver loading on demand really nice• Important to use “recommended” CEPC components

– VERY difficult to get drivers for single board computers

– Companies can be really unhelpful – often because they’ve bought in the drivers and simply can’t support them.

Tech tutorial at IDMS2001

• Objective: Intro to building, modifying and testing the LandMARC stack

• Date: 4 September 2001

• Place: Lancaster University, or thereabouts

Further Infohttp://research.microsoft.com/programs/europe/

projects/MIPv6.asphttp://www.LandMARC.nethttp://research.microsoft.com/msripv6http://msdn.microsoft.com/downloads/sdks/platform/

tpipv6/readme.asphttp://support.microsoft.com/support/kb/articles/q273/8/26.asphttp://www.IDMS2001.org/CAM: Childproof Authentication for MIPv6, G O’Shea

and M Roe, Computer Communications Review, April 2001

Mobile 4-in-6 (m4in6), J Finney and G O’Shea, Interactive Distributed Multimedia Systems (IDMS2001), 4-7 Sept 2001, Lancaster, UK