End-Site Routing Support for IPv6 Multihoming

Multihoming is currently widely used to provide fault tolerance and traffic engineering capabilities. It is expected that, as telecommunication costs decrease, its adoption will become more and more prevalent. Current multihoming support is not designed to scale up to the expected number of multihomed sites, so alternative solutions are required, especially for IPv6. In order to preserve interdomain routing scalability, the new multihoming solution has to be compatible with Provider Aggregatable addressing. However, such addressing scheme imposes the configuration of multiple prefixes in multihomed sites, which in turn causes several operational difficulties within those sites that may even result in communication failures when all the ISPs are working properly. In this paper we propose the adoption of Source Address Dependent routing within the multihomed site to overcome the identified difficulties.Publicad

Traffic engineering in multihomed sites

It is expected that IPv6 multihomed sites will obtain as many global prefixes as direct providers they have, so traffic engineering techniques currently used in IPv4 multihomed sites is no longer suitable. However, traffic engineering is required for several reasons, and in particular, for being able to properly support multimedia communications. In this paper we present a framework for traffic engineering in IPv6 multihomed sites with multiple global prefixes. Within this framework, we have included several tools such as DNS record manipulation and proper configuration of the policy table defined in RFC 3484. To provide automation in the management of traffic engineering, we analyzed the usage of two mechanisms to configure the policy table.This work has been partly supported by the European Union under the E-Next Project FP6-506869 and by the OPTINET6 project TIC-2003-09042-C03-01.Publicad

Multi-homing tunnel broker

A proper support for communications has to provide fault tolerance capabilities such as the preservation of established connections in case of failures. Multihoming addresses this issue, but the currently available solution based in massive BGP route injection presents serious scalability limitations, since it contributes to the exponential growth of the BGP table size. An alternative solution based on the configuration of tunnels between the multihomed site exit routers and the ISP border routers has been proposed for IPv6 in RFC 3178. However, the amount of manual configuration imposed by this solution on the ISP side prevents its wide adoption. In particular, this solution requires at the ISP the manual configuration of a tunnel endpoint per each multihomed client that it serves. We present a multihoming tunnel broker (MHTB) that provides automatic creation of the tunnel endpoint at the ISP side.This work was supported by the SAM (Advanced Servers with Mobility)project, funded by the Spanish National research and Development Programme as TIC2002-04531-C04-03.Publicad

BGP-like TE Capabilities for SHIM6

In this paper we present a comprehensive set of mechanisms that restore to the site administrator the capacity of enforcing traffic engineering (TE) policies in a multiaddressed IPv6 scenario. The mechanisms rely on the ability of SHIM6 to securely perform locator changes in a transparent fashion to transport and application layers. Once an outgoing path has been selected for a communication by proper routing configuration in the site, the source prefix of SHIM6 data packets is rewritten by the site routers to avoid packet discarding due to ingress filtering. The SHIM6 locator preferences exchanged in the context establishment phase are modified by the site routers to influence in the path used for receiving traffic. Scalable deployment is ensured by the stateless nature of these mechanisms.Publicad

Efficient security for IPv6 multihoming

In this note, we propose a security mechanism for protecting IPv6 networks from possible abuses caused by the malicious usage of a multihoming protocol. In the presented approach, each multihomed node is assigned multiple prefixes from its upstream providers, and it creates the interface identifier part of its addresses by incorporating a cryptographic one-way hash of the available prefix set. The result is that the addresses of each multihomed node form an unalterable set of intrinsically bound IPv6 addresses. This allows any node that is communicating with the multihomed node to securely verify that all the alternative addresses proposed through the multihoming protocol are associated to the address used for establishing the communication. The verification process is extremely efficient because it only involves hash operationsPublicad

Fault Tolerant Scalable Support for Network Portability and Traffic Engineering

The P-SHIM6 architecture provides ISP independence to IPv6 sites without compromising scalability. This architecture is based on a middle-box, the P-SHIM6, which manages the SHIM6 protocol exchange on behalf of the nodes of a site, which are configured with provider independent addresses. Incoming and outgoing packets are processed by the P-SHIM6 box, which can assign different locators to a given communication, either when it is started, or dynamically after the communication has been established. As a consequence, changes required for provider portability are minimized, and fine-grained Traffic Engineering can be enforced at the P-SHIM6 box, in addition to the fault tolerance support provided by SHIM6.This project has been supported by the RiNG project IST-2005-035167 and by the IMPROVISA project TSI2005-07384-C03-02.Publicad

An Architecture for Network Layer Privacy

We present an architecture for the provision of network layer privacy based on the SHIM6 multihoming protocol. In its basic form, the architecture prevents on-path eavesdroppers from using SHIM6 network layer information to correlate packets that belong to the same communication but use different locators. To achieve this, several extensions to the SHIM6 protocol and to the HBA (Hash Based Addresses) addressing model are defined. On its full-featured mode of operation, hosts can vary dynamically the addresses of the packets of on-going communications. Single-homed hosts can adopt the SHIM6 protocol with the privacy enhancements to benefit from this protection against information collectors.IEEE Communications SocietyPublicad

IPv6 Multihoming Support in the Mobile Internet

Fourth-generation mobile devices incorporate multiple interfaces with diverse access technologies. The current Mobile IPv6 protocol fails to support the enhanced fault tolerance capabilities that are enabled by the availability of multiple interfaces. In particular, established MIPv6 communications cannot be preserved through outages affecting the home address. In this article, we describe an architecture for IPv6 mobile host multihoming that enables transport layer survivability through multiple failure modes. The proposed approach relies on the cooperation between the MIPv6 and the SHIM6 protocols.Publicad

A Survey on Handover Management in Mobility Architectures

This work presents a comprehensive and structured taxonomy of available techniques for managing the handover process in mobility architectures. Representative works from the existing literature have been divided into appropriate categories, based on their ability to support horizontal handovers, vertical handovers and multihoming. We describe approaches designed to work on the current Internet (i.e. IPv4-based networks), as well as those that have been devised for the "future" Internet (e.g. IPv6-based networks and extensions). Quantitative measures and qualitative indicators are also presented and used to evaluate and compare the examined approaches. This critical review provides some valuable guidelines and suggestions for designing and developing mobility architectures, including some practical expedients (e.g. those required in the current Internet environment), aimed to cope with the presence of NAT/firewalls and to provide support to legacy systems and several communication protocols working at the application layer

A Future Internet Architecture Based on De-Conflated Identities

We present a new Internet architecture based on de-conflated identities (ADI) that explicitly establishes the separation of ownership of hosts from the underlying infrastructure connectivity. A direct impact of this de-conflated Internet architecture is the ability to express organizational policies separately and thus more naturally, from the underlying infrastructure routing policies. Host or organizational accountability is separated from the infrastructure accountability, laying the foundations of a cleaner security and policy enforcement framework. Also, it addresses the present Internet routing problems of mobility, multihoming, and traffic engineering more naturally by making a clear distinction of host and infrastructure responsibilities and thus defining these functions as a set of primitives governed by individual policies. In this paper, we instantiate the primitive mechanisms related to the issues of end-to-end policy enforcements, mobility, multihoming, traffic engineering, etc., within the context of our architecture to emphasize the relevance of a de-conflated Internet architecture on these functions