Local-Link NetworkingHome Networks are Fun Again

Chris Gragsonecgragson@polaris.umuc.edu

ERIS RESEARCH

What is Local-Link?

Any grouping of hosts without requiring a router or gateway and are directly reachable

• Local Area Networks• Workgroups• Peer Networks• Ad-Hoc Networks• Broadcast Domains

LAN Protocols

Golden Age LAN Protocols• NetBeui (Windows Native)• Appletalk (Mac Native)• IPX/SPX (Novell)

TCP/IP Local-Link Protocols• UPnP (Windows Native)• Zeroconf (Mac Native “Bonjour”)• SLP (Smells like Novell)

Why Local-Link?

Same reasons LAN’s were fun

GAMES!!!PrintersEntertainment and Home AutomationAd-Hoc and Disposable NetworksDigital Living Network Alliance

Why Local-Link? (cont.)

UPnP – SOHO/Firewalls devicesZerocof – Network Printers

Local-Link Architecture

APPLICATION

DISCOVERY

NAMING

APPLICATION

TRANSPORT

NETWORK

DATA-LINK

UPnP

TCP/IP Local-Link Zeroconf

DNS-SD

mDNS

APIPA

UPnP

APIPA

SLP

ADDRESSING

SLPSSDP

Primum non Nocere

MUST NOT cause harm to the network

Zeroconf protocols are designed to operate nicely or in concert with managed networks.

Each layer is “á la cart,” operating entirely ad-hoc, hybrid with managed infrastructure, or disabled.

Addressing Layer

Dynamic Host Configuration ProtocolRFC 2131

If a DHCP server exists in the network, IP assignment behaves traditionally.

If DHCP fails, the network is considered unmanaged and AIPIA takes over.

Addressing Layer (Cont.)

Automatic Private IP Assignment RFC 3927 – (169.254/16 Prefix)

Selects a random host IP falling inside the Private IP range.

Checks that the IP is unused via an Arp request

Sends a Claiming-ARP to clean stale caches

Naming Layer

Why?IP Addresses aren’t user-friendly, or in APIPA even significant.

What?Use .local or .home TLD’s to replace IP addresses

How?Magic…err, Multicast-DNS (mDNS)

Naming Layer (Cont.)

mDNS

Will attempt to resolve over centralized DNS servers if possible

Failing that a DNS request will be sent to a multicast address on UDP 5353

Naming Layer (Cont.)

Name Request

Node will attempt to resolve the name it wants, waiting for an answer. If the name is available, it will send out an mDNS answer.

Nodes will cache mDNS replies to save bandwidth and will answer requests for hosts that are temporarily unavailable.

Discovery Layer

Why?• Imagine never needing to Portscan :D• Port numbers are boring• Network Awareness, I want to know if the

network I’m on has a web server…How?• DNS-SD• SSDP• SLP

Discovery Layer (Cont.)

DNS-Service Discovery (DNS-SD)

Service discovery, mDNS styleraison d'être of Zeroconf

Discovery Layer (Cont.)

Broadcasting Bookmarks via DNS-SD

Discovery Layer (Cont.)

Simple Service Discovery Protocol (SSDP)

Service Locator Protocol (SLP)RFC 2608

Less popular

Application Layer

Universal Plug and Play (UPnP)XML-SOAPStandard Multi-Vendor Language

Implementations

• UPnP• Bonjour• Avahi

Security Concerns

• Denial of Service• Spoofing• MitM attacks

Questions?

More Resources

• RFC 2608• RFC 3927• http://www.zeroconf.org/• http://www.multicastdns.org/• http://www.dns-sd.org/• http://www.upnp.org/• http://developer.apple.com/networking/bonjour/

This presentation can be found at ERISresearch.org

ERIS Research

Internet Society

This work is licensed under the Creative Commons Attribution-Noncommercial 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/3.0/us/ or send a letter to

Creative Commons171 Second StreetSuite 300San FranciscoCalifornia, 94105, USA.