IETF82, TAIWAN
Meilian LU, Xiangyang GONG, Wendong WANG
<mllu, xygong, [email protected]>
Xiaohu Xu, Dacheng Zhang
<xuxiaohu, [email protected]>
RANGI (Routing Architecture for Next Generation Internet)
Experiment Report
Background
• What is RANGI?– A new ID/locator split based routing and addressing
architecture.– Its major difference from HIP: hierarchical host identifiers.
• This report describes the issues of implementation for RANGI– Host stack implementation (based on HIPL codes)– Network infrastructure implementation– Host mobility and muti-homing experiments
Transport
Flat Host ID (128bit)
Locator (128bit)
Data Link
Transport
Network
Data Link
IP HIP
Transport
HierarchicalHost ID (128bit)
IPv4-embeded IPv6 Address (128bit)
Data Link
RANGI
Host Stack Implementations
• RANGI completed a further extension to HIP– Reuses the user-space pattern of HIPL– CGA authentication in the base exchange: authenticate the
binding relationship between sender’s ID and public key to confirm the authenticity of the data source
• Common functions:– ID generation and registration.– ID->Locator mapping registration and resolution.– ID/Locator split based communication.
AD ID Local Host ID
Region IDCountry ID Authority ID
n bits 128-n bits
Host ID Format Host ID Implementation Example
Infrastructure Implementations • No impact on the traditional DNS infrastructure
– The AAAA RR fields now are filled with host identifiers.• RANGI infrastructure consists of two parts:
– IDMS is in charge of ID management, including the registration of host ID
– ILMS is in charge of ID->Locator Mapping service, Including mapping registration, updating and resolution.
IDMS
IDMSIDMS
ID_TO_LOC REGISTRATION
ILMS
ILMSILMS
ID Management System(IDMS)
• IDMS has a hierarchical structure– Each IDMS is responsible for the management of IDs which
belong to its AD domain.– Guaranteeing the uniqueness of ID within each AD domain– Maintaining TSIG shared secret per ID entry for protecting the
dynamic updating process in the ILMS.
National ID authority
National ID authority
Country level ID management system
IANN-like Root
China
China Mobile
Beijing Shanghai …
China
Telecom
…
Japanese … Ameri
ca
California …
ID to Locator Mapping System (DNS based)
• ILMS based on reverse DNS – The mapping system server organizes hierarchical structure
in accordance with the identity of RANGI – Brings trust boundaries– Interact with the corresponding IDMS to obtain TSIG shared
secret for protecting the dynamic updating process
ID to Locator Mapping System (DNS+DHT based)
• ILMS based on DNS-DHT hybrid resolution– DNS is used to divide different management organizations– DHT is used to maintain the ID/Locator mapping information. – a DNS-DHT converter is needed for changing DNS message to
DHT message
Host Mobility
LD #1
CN
LDBR1
LDBR2
MN
MN
LDBR3 LD #3
LD #2
move
R2
R1
1 RA0 RS(可选 )
CN update
ILMDNSDNS ILMDNS
ILMS u
pdate
2 updata1
3 updata2
4 updata3
ILMS u
pdate1
ILMS u
pdate2
DUT4
G3/1/3
G3/1/0
G3/0/0
G3/1/7
G3/1/6
2004:0:6::/64
IDMS
Authority ILMSroot DNS
server
G3/0/1
2003:0:3::/64
G3/1/9
G3/1/10
G3/1/1
G3/1/2
6PE
G3/1/2
G3/1/3
G3/1/4
G3/1/5
6PE
G3/1/5
G3/1/6
2003::/16(AS#3)
2004::/16(AS#4)
2005::/16(ISP#3)Site #1 (IPv6)
2003:0:12::/642004:0:12::/64
Site #2 (IPv6)
2005:0:11::/64
G3/1/7
G3/1/8
6PE
G3/1/8
G3/1/9
2005::/16(AS#5)
G3/1/11
G3/0/4
G3/1/10
G3/1/3
G3/1/7
G3/0/0
PC#22
G3/0/0
2004:0:4::/64
G3/1/10
G3/0/9
G3/0/0
DUT1 DUT3
DUT7 DUT9 DUT11
DUT6DUT4
DUT10
IPv4/IPv6
G3/1/0
Local ILMS
IPv4
PC#23
Experiment: Host Mobility
wlan1
update
DNSUpdate
wlan2
Views from Network Operators
• Administration of ID namespace– AD ID is hierarchical, it consists of three
administrative level: country level, authority level and region level. ID administrations have a corresponding hierarchical reverse tree structure.
– the root part is a global administration which is similar as ICANN
– the root administration divides the namespace into some ID sub-namespaces
Views from Network Operators
• Security Considerations– IDMS uses certification, signature and other
techniques for authentication and message integrity protection.
– ILMS• use DNSSEC to provide the source authentication
and integrity protection for resource records; • use DNS transaction authentication protocol TSIG
(Secret Key Transaction Authentication for DNS) to protect update operation of mapping information
Conclusion
• RANGI can effectively support ID/Locator split
• Support mobility, multi-homing and traffic engineering
• From the introduction of hierarchical concept, RANGI has a reasonable business model and clear trust boundaries
• Solve the problem of routing scalability
Any Comments?