BGP-like TE Capabilities for SHIM6

In this paper we present a comprehensive set of mechanisms that restore to the site administrator the capacity of enforcing traffic engineering (TE) policies in a multiaddressed IPv6 scenario. The mechanisms rely on the ability of SHIM6 to securely perform locator changes in a transparent fashion to transport and application layers. Once an outgoing path has been selected for a communication by proper routing configuration in the site, the source prefix of SHIM6 data packets is rewritten by the site routers to avoid packet discarding due to ingress filtering. The SHIM6 locator preferences exchanged in the context establishment phase are modified by the site routers to influence in the path used for receiving traffic. Scalable deployment is ensured by the stateless nature of these mechanisms.Publicad

A QoS-Driven ISP Selection Mechanism for IPv6 Multi-homed Sites

A global solution for the provision of QoS in IPng sites must include ISP selection based on per-application requirements. In this article we present a new site-local architecture for QoS-driven ISP selection in multi-homed domains, performed in a per application basis. This architecture proposes the novel use of existent network services, a new type of routing header, and the modification of address selection mechanisms to take into account QoS requirements. This proposal is an evolution of current technology, and therefore precludes the addition of new protocols, enabling fast deployment. The sitelocal scope of the proposed solution results in ISP transparency and thus in ISP independency.This research was supported by the LONG (Laboratories Over the Next Generation Networks) project IST-1999-20393.Publicad

Design and Experimental Evaluation of a Route Optimisation Solution for NEMO

An important requirement for Internet protocol (IP) networks to achieve the aim of ubiquitous connectivity is network mobility (NEMO). With NEMO support we can provide Internet access from mobile platforms, such as public transportation vehicles, to normal nodes that do not need to implement any special mobility protocol. The NEMO basic support protocol has been proposed in the IETF as a first solution to this problem, but this solution has severe performance limitations. This paper presents MIRON: Mobile IPv6 route optimization for NEMO, an approach to the problem of NEMO support that overcomes the limitations of the basic solution by combining two different modes of operation: a Proxy-MR and an address delegation with built-in routing mechanisms. This paper describes the design and rationale of the solution, with an experimental validation and performance evaluation based on an implementation.Publicad

Addressless: A New Internet Server Model to Prevent Network Scanning

Eliminating unnecessary exposure is a principle of server security. The huge IPv6 address space enhances security by making scanning infeasible, however, with recent advances of IPv6 scanning technologies, network scanning is again threatening server security. In this paper, we propose a new model named addressless server, which separates the server into an entrance module and a main service module, and assigns an IPv6 prefix instead of an IPv6 address to the main service module. The entrance module generates a legitimate IPv6 address under this prefix by encrypting the client address, so that the client can access the main server on a destination address that is different in each connection. In this way, the model provides isolation to the main server, prevents network scanning, and minimizes exposure. Moreover it provides a novel framework that supports flexible load balancing, high-availability, and other desirable features. The model is simple and does not require any modification to the client or the network. We implement a prototype and experiments show that our model can prevent the main server from being scanned at a slight performance cost

Crypton: CRYptographic Prefixes for Route Optimization in NEMO

Proceedings of: 2010 IEEE International Conference on Communications (ICC 2010), 23-27 May, 2010, Cape Town, South AfricaThe aviation community is in the process of designing the next generation Aeronautical Telecommunications Network (ATN), based on Internet standards, to provide airground communications for the aircraft. Support for mobile networks in the current Internet architecture is provided by the NEtwork Mobility (NEMO) protocol. As currently defined, NEMO Basic Support protocol lacks of Route Optimization support which is an essential requirement for its adoption as part of the next generation ATN. This paper presents a novel security tool, the Crypto Prefixes, and their application to the Route Optimization in Nemo (CRYPTRON). The Crypto Prefixes are IPv6 prefixes with embedded cryptographic information that enable the Mobile Network Prefix proof-of ownership without any centralized trust infrastructure. In CRYPTRON, the Crypto Prefixes are used to protect the establishment of the bindings on the Correspondent Nodes for the whole Mobile Network PrefixEuropean Community's Seventh Framework ProgramPublicad

IPv6 Network Address Translation

Tato práce se zabývá překladem síťových adres Internetového protokolu verze 6. Cílem práce je využít překlad při automatické konfiguraci koncových zařízení. V práci jsou diskutovány stávající mechanismy určené k dynamické konfiguraci zařízení, a jejich výhody a nevýhody. Je zde navržen a implementován systém pro připojení domácí počítačové sítě k síti Internet, kombinující technologie Network Prefix Translation a Neighbor Discovery Proxy.This thesis deals with the translation of network addresses in the Internet protocol version 6. The aim is to use translation in the automatic configuration of end devices. In this work are discussed existing mechanisms for the dynamic configuration, and their advantages and disadvantages. There is designed and implemented system for connecting home computer network to the Internet, which combines Network Prefix Translation and Neighbor Discovery Proxy technologies.