MIPv6 Experimental Evaluation using Overlay Networks

The commercial deployment of Mobile IPv6 has been hastened by the concepts of Integrated Wireless Networks and Overlay Networks, which are present in the notion of the forthcoming generation of wireless communications. Individual wireless access networks show limitations that can be overcome through the integration of different technologies into a single unified platform (i.e., 4G systems). This paper summarises practical experiments performed to evaluate the impact of inter-networking (i.e. vertical handovers) on the Network and Transport layers. Based on our observations, we propose and evaluate a number of inter-technology handover optimisation techniques, e.g., Router Advertisements frequency values, Binding Update simulcasting, Router Advertisement caching, and Soft Handovers. The paper concludes with the description of a policy-based mobility support middleware (PROTON) that hides 4G networking complexities from mobile users, provides informed handover-related decisions, and enables the application of different vertical handover methods and optimisations according to context.Publicad

Performance analysis of tunnel broker through open virtual private network

Tunnel Broker uses automatic configuration tunneling mechanism for IPv6 clients connected to IPv4 internet. Connectivity between clients and service providers in IPv6 is urgently needed. Open VPN as a provider implemented configures it by a VPN network, so IPv6 and IPv4 public IP clients can easily connect to the server. In this research focused on the performance of tunnel broker mechanism by utilizing open VPN as access to the network. IPv6 tunnel broker is developed by installing Open VPN and providing IPv6 IPs. Implementation of public IP usage in observing the performance of tunnel broker development is done in BCN Telkom Laboratory Network. The measurement results show that TCP and UDP throughput of IPv6 is slightly higher than IPv4. The research using OpenVPN as a server Tunnel Broker for client access to the server is still rarely done, especially in the field of the network based on Internet Protocol

A New Approach Of Network Intrusion Detection In 6TO4 Tunneling

Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection

Analysis of BGP4 Peering Establishment Time on IPv6 Connection over 6PE and 6VPE

Nowadays, because of the exhaustion of IPv4 address space, IPv6 is increasingly being used on enterprise networks. Usually, an enterprise uses an MPLS network from a Service Provider to interconnect their IPv4 network sites. Although MPLS Service Providers mostly built their MPLS backbone based on IPv4, their MPLS backbone have the capability to transport IPv6 traffic of their customers. Two methods can be used by the MPLS Service Provider to connect its customer IPv6 network, which is 6PE (IPv6 Provider Edge Routers) and 6VPE (IPv6 VPN Provider Edge Router). Enterprises generally use a BGP routing protocol to interconnect their networks, and they need to use the best method that suits their requirement from their MPLS Service Provider to transport their IPv6 traffic (including the BGP protocol). The MPLS Service Providers need to consider the advantages and disadvantages of both methods. This paper illustrates the analysis of BGP4 (current BGP version) IPv6 peering establishment time over 6PE and 6VPE methods. The MPLS Service Providers can use the analysis results of this study to determine the suited method to interconnect its customers' IPv6 networks

Understanding tradeoffs in incremental deployment of new network architectures

Despite the plethora of incremental deployment mechanisms proposed, rapid adoption of new network-layer protocols and architectures remains difficult as reflected by the widespread lack of IPv6 traffic on the Internet. We show that all de-ployment mechanisms must address four key questions: How to select an egress from the source network, how to select an ingress into the destination network, how to reach that egress, and how to reach that ingress. By creating a de-sign space that maps all existing mechanisms by how they answer these questions, we identify the lack of existing mech-anisms in part of this design space and propose two novel approaches: the “4ID ” and the “Smart 4ID”. The 4ID mech-anism utilizes new data plane technology to flexibly decide when to encapsulate packets at forwarding time. The Smart 4ID mechanism additionally adopts an SDN-style control plane to intelligently pick ingress/egress pairs based on a wider view of the local network. We implement these mech-anisms along with two widely used IPv6 deployment mech-anisms and conduct wide-area deployment experiments over PlanetLab. We conclude that Smart 4ID provide better overall performance and failure semantics, and that inno-vations in the data plane and control plane enable straight-forward incremental deployment

IPv4 address sharing mechanism classification and tradeoff analysis

The growth of the Internet has made IPv4 addresses a scarce resource. Due to slow IPv6 deployment, IANA-level IPv4 address exhaustion was reached before the world could transition to an IPv6-only Internet. The continuing need for IPv4 reachability will only be supported by IPv4 address sharing. This paper reviews ISP-level address sharing mechanisms, which allow Internet service providers to connect multiple customers who share a single IPv4 address. Some mechanisms come with severe and unpredicted consequences, and all of them come with tradeoffs. We propose a novel classification, which we apply to existing mechanisms such as NAT444 and DS-Lite and proposals such as 4rd, MAP, etc. Our tradeoff analysis reveals insights into many problems including: abuse attribution, performance degradation, address and port usage efficiency, direct intercustomer communication, and availability

Implementation of ISO Frameworks to Risk Management in IPv6 Security

The Internet of Things is a technology wave sweeping across various industries and sectors. It promises to improve productivity and efficiency by providing new services and data to users. However, the full potential of this technology is still not realized due to the transition to IPv6 as a backbone. Despite the security assurances that IPv6 provides, privacy and concerns about the Internet of Things remain. This is why it is important that organizations thoroughly understand the protocol and its migration to ensure that they are equipped to take advantage of its many benefits. Due to the lack of available IPv4 addresses, organizations are in an uncertain situation when it comes to implementing IoT technologies. The other aim is to fill in the gaps left by the ISO to identify and classify the risks that are not yet apparent. The thesis seeks to establish and implement the use of ISO to manage risks. It will also help to align security efforts with organizational goals. The proposed solution is evaluated through a survey that is designed to gather feedback from various levels of security and risk management professionals. The suggested modifications are also included in the study. A survey on the implementation of ISO frameworks to risk management in IPv6 was conducted and with results as shown in the random sampling technique that was used for conducting the research a total of 75 questionnaires were shared online, 50 respondents returned responses online through emails and social media platforms. The result of the analysis shows that system admin has the highest pooling 26% of all the overall participants, followed by network admin with 20%, then cybersecurity specialists with 16%. 14% of the respondents were network architects while senior management and risk management professionals were 4% and 2% respectively. The majority of the respondents agreed that risk treatment enhances the risk management performance of the IPv6 network resulting from the proper selection and implementation of correct risk prevention strategies