LandMARC MIPv6 stack for Windows Greg O’Shea Microsoft Research Andrew Scott Lancaster University
Jan 20, 2016
LandMARC MIPv6 stack for Windows
Greg O’SheaMicrosoft Research
Andrew ScottLancaster University
LandMARC MIPv6 stack• LandMARC: 2-yr project with Lancaster
University, supporting 3 RA positions
• Several threads, now dominated by MIPv6
• Added mobility to MSR 1.4 IPv6
• RC4b (Win2K) released 1 Jan 2001
• XPB2 (WinXP beta 2): in test (internal)
• WinCE3.0 + RC4b: in development (internal)
• WinCE4.0 + XPB2: in development (internal)
Why mobile IP?• Traditional IP address = (network + host-id)
– is bound to a specific network– Connections break if node moves between nets– Problem for mobile, wireless computers (future)
• Solution: MIPv6 mobile node (MN) uses two addresses– Home Address (HA) well known / used by apps – Care-Of Address (COA) when abroad– TCP sessions survive network hand-off– Nobody has to learn new home address for MN– Provides heterogeneous network hand-off
Mobile at home
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
Movement: BU to home agent
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
CN to HA, tunnel to MN
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
(HomeAddr, COA)
Route Optimisation
Token-ring
Ethernet
Home networkLoad BatteryLineOn On
BatterySmartBoost
ReplaceBattery
Test
Correspondent
Home Agent
Home Net
Foreign NetInternet
(HomeAddr, COA)
(HomeAddr, COA)
Barriers to MIPv6
• IPv6 infrastructure– Others can deal with that…
• Security Infrastructure (IPSec)
• Connectivity with IPv4 internet when mobile
• Support for IPv4 application code
• Behaviour of network cards and their drivers
Problem #1 : Security
• Bogus Binding Update– Hilary says to Bill “Send packets for Monica to me”
• Bogus Home Address Option– Hilary says to Bill “Monica said this…”
• Very easy to mount an attack:– ipv6 hau <IPv6 address> 64 <home agent address>
• Giving somebody else’s home address and home agent
– Attach to any IPv6 net
Security : use of IPSec• V12 mandated IPsec AH on Binding Updates
• Works, but too hard to configure and test
• Helps if administrator has:– network monitors attached– kernel debugger(s) installed on all machines– source code for IPv6 stack– program for configuring the program for
configuring IPSec
CAM : joint with Mike Roe• Mobile node m chooses key pair (PKm,SKm)• Mobile m chooses Home addr (IF-Id) Am = H(PKm, i)
– Int i used to resolve IPv6 address collisions
• Binding Update from m includes:A’m, Ac, Am, PKm, i, {H(A’m, Ac, Am, Tm)}SKm
• Correspondent verifies Am = H(PKm, i) and the hash from the Binding Update
• Use of PKm is uncertified, but says nothing about real-world identify• Impostor cannot submit bogus BU without finding (PK’, SK’) where
H(PK’, i) = Am – (which is hard)
Problem #2 : IPv4 connectivity / apps• MN abroad may lose all IPv4 connectivity
– Contactable only on IPv6 care-of address– MN cannot see IPv4 internet (e.g. www) – Nodes on IPv4 internet cannot see the mobile
• Implications for apps and services (e.g. DNS)• Prefer not to port every IPv4 app (yet)• Very few IPv6 apps from Microsoft (yet)
– .NET Framework, IIS, file share, etc
m4in6 : joint with Joe FinneyCorrespondent
Node
MobileNode
HomeAgent
IPv6Home
Network
IPv6Internet
IPv6 ForeignNetwork
IPv4 (routed)
IPv4 (local)
IPv4 in IPv6 tunnel
IPv4Internet
IPv4Correspondent
Network
Kernel development on Win2000• Use cmd line : VStudio doesn’t add much• Makefiles unusual: initially confusing• Docs better than Linux, esp. DDK (but fragmented,
large)• More helpful support: no small group wanting to keep
full control as under Linux• Well-defined APIs preserve code stability• Debugging not great, circa gdb. Use SoftIce.• DbgView (etc) v. useful but not well known• NDIS easy to work with (miniport, intermediate, proto)• Learning curve 1-2 weeks alone, ~1 day supervised
Kernel development on WinCE
• Excellent development support• Great documentation – small unambiguous API• Drivers as easy as user-space programming (dlls)• Full source level debug in IDE using remote host• Remote driver loading on demand really nice• Important to use “recommended” CEPC components
– VERY difficult to get drivers for single board computers
– Companies can be really unhelpful – often because they’ve bought in the drivers and simply can’t support them.
Tech tutorial at IDMS2001
• Objective: Intro to building, modifying and testing the LandMARC stack
• Date: 4 September 2001
• Place: Lancaster University, or thereabouts
Further Infohttp://research.microsoft.com/programs/europe/
projects/MIPv6.asphttp://www.LandMARC.nethttp://research.microsoft.com/msripv6http://msdn.microsoft.com/downloads/sdks/platform/
tpipv6/readme.asphttp://support.microsoft.com/support/kb/articles/q273/8/26.asphttp://www.IDMS2001.org/CAM: Childproof Authentication for MIPv6, G O’Shea
and M Roe, Computer Communications Review, April 2001
Mobile 4-in-6 (m4in6), J Finney and G O’Shea, Interactive Distributed Multimedia Systems (IDMS2001), 4-7 Sept 2001, Lancaster, UK