NAT64/DNS64 in the Networks with DNSSEC

Zvyšuj?c? se pod?l resolverů a aplikac? použ?vaj?c? DNS-over-HTTPSvede k vyš?mu pod?lu klientů použ?vaj?c?ch DNS resolvery třet?chstran. Kvůli tomu ovšem selhává nejpouž?vanějš? NAT64 detekčn?metoda RFC7050[1], což vede u klientů použ?vaj?c?ch přechodovémechanismy NAT64/DNS64 nebo 464XLAT k neschopnosti tytopřechodové mechanismy správně detekovat, a t?m k nedostupnostiobsahu dostupného pouze po IPv4. C?lem této práce je navrhnoutnovou detekčn? metodu postavenou na DNS, která bude pracovati s resolvery třet?ch stran, a bude schopná využ?t zabezpečen? DNSdat pomoc? technologie DNSSEC. Práce popisuje aktuálně standardizovanémetody, protokoly na kterých závis?, jejich omezen?a interakce s ostatn?mi metodami. Navrhovaná metoda použ?vá SRVzáznamy k přenosu informace o použitém NAT64 prefixu v globáln?mDNS stromu. Protože navržená metoda použ?vá již standardizovanéprotokoly a typy záznamů, je snadno nasaditelná bez nutnostimodifikovat jak DNS server, tak s?t'ovou infrastrukturu. Protožemetoda použ?vá k distribuci informace o použitém prefixu globáln?DNS strom, umožňuje to metodě použ?t k zabezpečen? technologiiDNSSEC. To této metodě dává lepš? bezpečnostn? vlastnosti nežjaké vykazuj? předchoz? metody. Tato práce vytvář? standardizačn?bázi pro standardizaci v rámci IETF.The rising number of DNS-over-HTTPS capable resolvers and applicationsresults in the higher use of third-party DNS resolvers byclients. Because of that, the currently most deployed method of theNAT64 prefix detection, the RFC7050[1], fails to detect the NAT64prefix. As a result, clients using either NAT64/DNS64 or 464XLATtransition mechanisms fail to detect the NAT64 prefix properly,making the IPv4-only resources inaccessible. The aim of this thesisis to develop a new DNS-based detection method that would workwith foreign DNS and utilize added security by the DNS securityextension, the DNSSEC. The thesis describes current methods ofthe NAT64 prefix detection, their underlying protocols, and theirlimitations in their coexistence with other network protocols. Thedeveloped method uses the SRV record type to transmit the NAT64prefix in the global DNS tree. Because the proposed method usesalready existing protocols and record types, the method is easilydeployable without any modification of the server or the transportinfrastructure. Due to the global DNS tree usage, the developedmethod can utilize the security provided by the DNSSEC and thereforeshows better security characteristics than previous methods.This thesis forms the basis for standardization effort in the IETF.

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

Towards Seamless Mobility: An IEEE 802.21 Practical Approach

In the recent years, mobile devices such as cell phones, notebook or ultra mobile computers and videogame consoles are experiencing an impressive evolution in terms of hardware and software possibilities. Elements such a wideband Internet connection allows a broad range of possibilities for creative developers. Many of these possibilities can include applications requiring continuity of service when the user moves form a coverage area to another. Nowadays, mobile devices are equipped with one or more radio interfaces such as GSM, UMTS, WiMax or Wi‐ Fi. Many of these technologies are ready to allow transparent roaming within their own coverage areas, but they are not ready to handle a service transfer between different technologies. In order to find a solution to this issue, the IEEE has developed a standard known as Media Independent Handover (MIH) Services with the aim of easing seamless mobility between these technologies. The present work has been centered in developing a system capable to enable a service of mobility under the terms specified in the stated standard. The development of a platform aiming to provide service continuity is mandatory, being a cross‐layer solution based in elements from link and network layers supplying a transparent roaming mechanism from user’s point of view. Two applications have been implemented in C/C++ language under a Linux environment. One application is designed to work within a mobile device, and the other one in the network access point. The mobile device basically consists in a notebook equipped with two Wi‐Fi interfaces, which is not a common feature in commercial devices, allowing seamless communication transfers aided by the application. Network access points are computers equipped with a Wi‐Fi interface and configured to provide Internet wireless access and services of mobility. In order to test the operation, a test‐bed has been implemented. It consists on a pair of access points connected through a network and placed within partially overlapped coverage areas, and a mobile device, all of them properly set. The mobile detects the networks that are compatible and gets attached to the one that provides better conditions for the demanded service. When the service degrades up to certain level, the mobile transfers the communication to the other access point, which offers better service conditions. Finally, in order to check if the changes have been done properly, the duration of the required actions has been measured, as well as the data that can have been lost or buffered meanwhile. The result is a MIH‐alike system working in a proper way. The discovery and selection of a destination network is correct and is done before the old connection gets too degraded, providing seamless mobility. The measured latencies and packet losses are affordable in terms of MIH protocol, but require future work improvements in terms of network protocols that have not been considered under the scope of this work