IPv6-kotiverkon liittäminen Internetin nimipalveluun

Current home networks are very simple containing only a few devices. As the number of devices connected to the home network increases, there is no reasonable way for a user to access devices using only IP addresses. Due to the exponential growth of devices connected to the Internet, the addresses of the current IP version are however soon to be depleted. A new IP version has already been implemented in the Internet, containing a very large amount of addresses compared to the current IP version. Addresses in the new IP address version are also much longer and more complicated. Therefore it is not reasonable to try to use IP addresses alone to access devices anymore. The previous facts force to implement a name service to the home network. Name service is quite similar to that used in the Internet, although the home network version should be much more automatic and user friendly. This means that users do not have to type IP addresses anymore to be able to access services, but they can use meaningful names like in the Internet. The first objective of the thesis is to examine methods to implement as automated name service as possible to the home network. Second objective is to examine connecting the home network name service to the Internet name service. Accomplishing this allows users to access services at home from the Internet. This has to be made in a secure manner to protect the integrity and authenticity of the user information. A live experiment of the thesis concentrates to the second objective of the thesis by establishing the connection and transferring the name service information between home network and the Internet name service. The study and the live experiments indicate that there is still work to be done before the two objectives can be fully accomplished. At the moment there is no convenient way to automatically name devices at home. Connecting to the Internet name service involves also quite a lot of effort, thus requiring more than basic computing skills from the user

Estudio de Seguridades en una Red Extremo a Extremo Basada en Protocolo IPV6.

El objetivo de esta tesis fue realizar un estudio de seguridades en una red extremo a extremo, basada en protocolo IPV6 para la Escuela de Ingeniería Electrónica de la Facultad de Informática y Electrónica de la Escuela Superior Politécnica de Chimborazo. Se aplicaron métodos analíticos, técnicas de observación y se hizo una exploración del funcionamiento de IPsec indiferentemente de la versión del protocolo IP, además, se implementó un escenario para determinar las vulnerabilidades en las dos versiones del protocolo usando herramientas de auditoría informática, con ataques de reconocimiento, sniffing, y hombre en el medio, mediante el uso de Nmap y Zenmap. Como resultado de este estudio se pudo conocer aspectos importantes como la aplicación de políticas de seguridad, herramientas de auditoría informática, complejidad, información disponible, tendencias, facilidades, limitaciones entre otros, los cuales son indispensables a la hora de decidir si migrar una red a IPv6. Se concluyó que la implementación de IPv6 en sí no representa una mejora en la seguridad de las redes, si bien IPsec es una herramienta poderosa a la hora de proteger los datos sensibles sin la elaboración y aplicación de políticas de seguridad robustas no se lograra aprovechar se potenciabilidad, además se recomienda apoyarse en la experiencia en el manejo de redes basadas en IPv4 ya que las amenazas siguen siendo prácticamente las mismas

Migration to a New Internet Protocol in Operator Network

This thesis explains the differences between IPv4 and IPv6. Another important part of the thesis is to review the current readiness of IPv6 for worldwide production use. The status (in terms of readiness, adaptability, compatibility and co-existence) of IPv6 in TeliaSonera is discussed in more detail. The most important reason for migrating to IPv6 is the address exhaustion of IPv4. This may not be a big problem in the developed countries but in developing countries the growth of Internet is fast and lots of more addresses are needed. The need for addresses is not only from computers but from many devices connected to the Internet. Attempts to slow down the exhaustion of free addresses have been made but current solutions are not enough. IPv6 will solve the problem by using much longer addresses. It will also add security features and simplify headers to speed up routing. TeliaSonera has started to roll out IPv6 services. At the beginning the corporate customers will receive IPv6 connectivity and consumers will follow later. TeliaSonera International Carrier is already serving its customers with IPv6. It seems that IPv6 is ready, standards have been ready for years and support in devices and software is prevalent. To achieve and keep up the global connectivity, IPv6 is a must and should not be avoided

An Introduction to Computer Networks

An open textbook for undergraduate and graduate courses on computer networks

Mobile IP movement detection optimisations in 802.11 wireless LANs

The IEEE 802.11 standard was developed to support the establishment of highly flexible wireless local area networks (wireless LANs). However, when an 802.11 mobile node moves from a wireless LAN on one IP network to a wireless LAN on a different network, an IP layer handoff occurs. During the handoff, the mobile node's IP settings must be updated in order to re-establish its IP connectivity at the new point of attachment. The Mobile IP protocol allows a mobile node to perform an IP handoff without breaking its active upper-layer sessions. Unfortunately, these handoffs introduce large latencies into a mobile node's traffic, during which packets are lost. As a result, the mobile node's upper-layer sessions and applications suffer significant disruptions due to this handoff latency. One of the main components of a Mobile IP handoff is the movement detection process, whereby a mobile node senses that it is attached to a new IP network. This procedure contributes significantly to the total Mobile IP handover latency and resulting disruption. This study investigates different mechanisms that aim to lower movement detection delays and thereby improve Mobile IP performance. These mechanisms are considered specifically within the context of 802.11 wireless LANs. In general, a mobile node detects attachment to a new network when a periodic IP level broadcast (advertisement) is received from that network. It will be shown that the elimination of this dependence on periodic advertisements, and the reliance instead on external information from the 802.11 link layer, results in both faster and more efficient movement detection. Furthermore, a hybrid system is proposed that incorporates several techniques to ensure that movement detection performs reliably within a variety of different network configurations. An evaluation framework is designed and implemented that supports the assessment of a wide range of movement detection mechanisms. This test bed allows Mobile IP handoffs to be analysed in detail, with specific focus on the movement detection process. The performance of several movement detection optimisations is compared using handoff latency and packet loss as metrics. The evaluation framework also supports real-time Voice over IP (VoIP) traffic. This is used to ascertain the effects that different movement detection techniques have on the output voice quality. These evaluations not only provide a quantitative performance analysis of these movement detection mechanisms, but also a qualitative assessment based on a VoIP application

IP Mobility in Wireless Operator Networks

Wireless network access is gaining increased heterogeneity in terms of the types of IP capable access technologies. The access network heterogeneity is an outcome of incremental and evolutionary approach of building new infrastructure. The recent success of multi-radio terminals drives both building a new infrastructure and implicit deployment of heterogeneous access networks. Typically there is no economical reason to replace the existing infrastructure when building a new one. The gradual migration phase usually takes several years. IP-based mobility across different access networks may involve both horizontal and vertical handovers. Depending on the networking environment, the mobile terminal may be attached to the network through multiple access technologies. Consequently, the terminal may send and receive packets through multiple networks simultaneously. This dissertation addresses the introduction of IP Mobility paradigm into the existing mobile operator network infrastructure that have not originally been designed for multi-access and IP Mobility. We propose a model for the future wireless networking and roaming architecture that does not require revolutionary technology changes and can be deployed without unnecessary complexity. The model proposes a clear separation of operator roles: (i) access operator, (ii) service operator, and (iii) inter-connection and roaming provider. The separation allows each type of an operator to have their own development path and business models without artificial bindings with each other. We also propose minimum requirements for the new model. We present the state of the art of IP Mobility. We also present results of standardization efforts in IP-based wireless architectures. Finally, we present experimentation results of IP-level mobility in various wireless operator deployments.Erilaiset langattomat verkkoyhteydet lisääntyvät Internet-kykyisten teknologioiden muodossa. Lukuisten eri teknologioiden päällekkäinen käyttö johtuu vähitellen ja tarpeen mukaan rakennetusta verkkoinfrastruktuurista. Useita radioteknologioita (kuten WLAN, GSM ja UMTS) sisältävien päätelaitteiden (kuten älypuhelimet ja kannettavat tietokoneet) viimeaikainen kaupallinen menestys edesauttaa uuden verkkoinfrastruktuurin rakentamista, sekä mahdollisesti johtaa verkkoteknologioiden kirjon lisääntymiseen. Olemassa olevaa verkkoinfrastruktuuria ei kaupallisista syistä kannata korvata uudella teknologialla yhdellä kertaa, vaan vaiheittainen siirtymävaihe kestää tyypillisesti useita vuosia. Internet-kykyiset päätelaitteet voivat liikkua joko saman verkkoteknologian sisällä tai eri verkkoteknologioiden välillä. Verkkoympäristöstä riippuen liikkuvat päätelaitteet voivat liittyä verkkoon useiden verkkoyhteyksien kautta. Näin ollen päätelaite voi lähettää ja vastaanottaa tietoliikennepaketteja yhtäaikaisesti lukuisia verkkoja pitkin. Tämä väitöskirja käsittelee Internet-teknologioiden liikkuvuutta ja näiden teknologioiden tuomista olemassa oleviin langattomien verkko-operaattorien verkkoinfrastruktuureihin. Käsiteltäviä verkkoinfrastruktuureita ei alun perin ole suunniteltu Internet-teknologian liikkuvuuden ja monien yhtäaikaisten yhteyksien ehdoilla. Tässä työssä ehdotetaan tulevaisuuden langattomien verkkojen arkkitehtuurimallia ja ratkaisuja verkkovierailujen toteuttamiseksi. Ehdotettu arkkitehtuuri voidaan toteuttaa ilman mittavia teknologisia mullistuksia. Mallin mukaisessa ehdotuksessa verkko-operaattorin roolit jaetaan selkeästi (i) verkko-operaattoriin, (ii) palveluoperaattoriin ja (iii) yhteys- sekä verkkovierailuoperaattoriin. Roolijako mahdollistaa sen, että kukin operaattorityyppi voi kehittyä itsenäisesti, ja että teennäiset verkkoteknologiasidonnaisuudet poistuvat palveluiden tuottamisessa. Työssä esitetään myös alustava vaatimuslista ehdotetulle mallille, esimerkiksi yhteysoperaattorien laatuvaatimukset. Väitöskirja esittelee myös liikkuvien Internet-teknologioiden viimeisimmän kehityksen. Työssä näytetään lisäksi standardointituloksia Internet-kykyisissä langattomissa arkkitehtuureissa

Multihoming with ILNP in FreeBSD

Multihoming allows nodes to be multiply connected to the network. It forms the basis of features which can improve network responsiveness and robustness; e.g. load balancing and fail-over, which can be considered as a choice between network locations. However, IP today assumes that IP addresses specify both network location and node identity. Therefore, these features must be implemented at routers. This dissertation considers an alternative based on the multihoming approach of the Identifier Locator Network Protocol (ILNP). ILNP is one of many proposals for a split between network location and node identity. However, unlike other proposals, ILNP removes the use of IP addresses as they are used today. To date, ILNP has not been implemented within an operating system stack. I produce the first implementation of ILNP in FreeBSD, based on a superset of IPv6 – ILNPv6 – and demonstrate a key feature of ILNP: multihoming as a first class function of the operating system, rather than being implemented as a routing function as it is today. To evaluate the multihoming capability, I demonstrate one important application of multihoming – load distribution – at three levels of network hierarchy including individual hosts, a singleton Site Border Router (SBR), and a novel, dynamically instantiated, distributed SBR (dSBR). For each level, I present empirical results from a hardware testbed; metrics include latency, throughput, loss and reordering. I compare performance with unmodified IPv6 and NPTv6. Finally, I evaluate the feasibility of dSBR-ILNPv6 as an alternative to existing multihoming approaches, based on measurements of the dSBR’s responsiveness to changes in site connectivity. We find that multihoming can be implemented by individual hosts and/or SBRs, without requiring additional routing state as is the case today, and without any significant additional load or overhead compared to unicast IPv6