IETF82, TAIWAN

Meilian LU, Xiangyang GONG, Wendong WANG<mllu, xygong, wdwang@bupt.edu.cn>

Xiaohu Xu, Dacheng Zhang<xuxiaohu, zhangdacheng@huawei.com>

RANGI (Routing Architecture for Next Generation Internet)

Experiment Report

Background

• What is RANGI?– A new ID/locator split based routing and addressing

architecture.– Its major difference from HIP: hierarchical host identifiers.

• This report describes the issues of implementation for RANGI– Host stack implementation (based on HIPL codes)– Network infrastructure implementation– Host mobility and muti-homing experiments

Transport

Flat Host ID (128bit)

Locator (128bit)

Data Link

Transport

Network

Data Link

IP HIP

Transport

HierarchicalHost ID (128bit)

IPv4-embeded IPv6 Address (128bit)

Data Link

RANGI

Host Stack Implementations

• RANGI completed a further extension to HIP– Reuses the user-space pattern of HIPL– CGA authentication in the base exchange: authenticate the

binding relationship between sender’s ID and public key to confirm the authenticity of the data source

• Common functions:– ID generation and registration.– ID->Locator mapping registration and resolution.– ID/Locator split based communication.

AD ID Local Host ID

Region IDCountry ID Authority ID

n bits 128-n bits

Host ID Format Host ID Implementation Example

Infrastructure Implementations • No impact on the traditional DNS infrastructure

– The AAAA RR fields now are filled with host identifiers.• RANGI infrastructure consists of two parts:

– IDMS is in charge of ID management, including the registration of host ID

– ILMS is in charge of ID->Locator Mapping service, Including mapping registration, updating and resolution.

IDMS

IDMSIDMS

ID_TO_LOC REGISTRATION

ILMS

ILMSILMS

ID Management System(IDMS)

• IDMS has a hierarchical structure– Each IDMS is responsible for the management of IDs which

belong to its AD domain.– Guaranteeing the uniqueness of ID within each AD domain– Maintaining TSIG shared secret per ID entry for protecting the

dynamic updating process in the ILMS.

National ID authority

National ID authority

Country level ID management system

IANN-like Root

China

China Mobile

Beijing Shanghai …

ChinaTelecom

…

Japanese … Amer

ica

California …

ID to Locator Mapping System (DNS based)

• ILMS based on reverse DNS – The mapping system server organizes hierarchical structure

in accordance with the identity of RANGI – Brings trust boundaries– Interact with the corresponding IDMS to obtain TSIG shared

secret for protecting the dynamic updating process

ID to Locator Mapping System (DNS+DHT based)

• ILMS based on DNS-DHT hybrid resolution– DNS is used to divide different management organizations– DHT is used to maintain the ID/Locator mapping information. – a DNS-DHT converter is needed for changing DNS message to

DHT message

Host Mobility

LD #1

CN

LDBR1

LDBR2

MN

MN

LDBR3 LD #3

LD #2

move

R2

R1

1 RA0 RS(可选 )

CN update

ILMDNSDNS ILMDNS

ILMS update

2 updata1

3 updata2

4 updata3

ILMS update

1

ILMS update

2

DUT4

G3/1/3

G3/1/0

G3/0/0

G3/1/7

G3/1/6

2004:0:6::/64

IDMS

Authority ILMSroot DNS

server

G3/0/1

2003:0:3::/64

G3/1/9

G3/1/10

G3/1/1G3/1/2

6PE

G3/1/2G3/1/3

G3/1/4G3/1/5

6PE

G3/1/5G3/1/6

2003::/16(AS#3)

2004::/16(AS#4)

2005::/16(ISP#3)Site #1 (IPv6)

2003:0:12::/642004:0:12::/64

Site #2 (IPv6)

2005:0:11::/64

G3/1/7G3/1/8

6PE

G3/1/8G3/1/9

2005::/16(AS#5)

G3/1/11

G3/0/4

G3/1/10

G3/1/3

G3/1/7

G3/0/0

PC#22

G3/0/0

2004:0:4::/64

G3/1/10

G3/0/9

G3/0/0

DUT1 DUT3

DUT7 DUT9 DUT11

DUT6DUT4

DUT10

IPv4/IPv6

G3/1/0

Local ILMS

IPv4

PC#23

Experiment: Host Mobility

wlan1

update

DNSUpdate

wlan2

Views from Network Operators

• Administration of ID namespace– AD ID is hierarchical, it consists of three

administrative level: country level, authority level and region level. ID administrations have a corresponding hierarchical reverse tree structure.

– the root part is a global administration which is similar as ICANN

– the root administration divides the namespace into some ID sub-namespaces

Views from Network Operators

• Security Considerations– IDMS uses certification, signature and other

techniques for authentication and message integrity protection.

– ILMS• use DNSSEC to provide the source authentication

and integrity protection for resource records; • use DNS transaction authentication protocol TSIG

(Secret Key Transaction Authentication for DNS) to protect update operation of mapping information

Conclusion

• RANGI can effectively support ID/Locator split

• Support mobility, multi-homing and traffic engineering

• From the introduction of hierarchical concept, RANGI has a reasonable business model and clear trust boundaries

• Solve the problem of routing scalability

Any Comments?