SlideShare ist ein Scribd-Unternehmen logo

I pv6 routing_protocol_for_low_power_and_lossy_

Sheetal Kshirsagar
Sheetal Kshirsagar
Technologie
1 von 37
IPv6 Routing Protocol for Low power and Lossy Networks draft-ietf-roll-rpl-19 draft-ietf-6man-rpl-routing-header-07 Andrew Williams Sheetal Kshirsagar
Agenda • Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance • Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations • Initial Project Plan o What's already been done o List messages we will have to decode,
Definitions • Low power and Lossy Networks (LLN) o Network where routers and links are constrained • IPv6 Routing Protocol for LLN (RPL) o Mechanism for routing traffic flows in LLNs
Survey of Routing Protocols Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
Topology • Forms one or more Destination Oriented Directed Acyclic Graphs (DODAGs) between nodes Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
Topology/Topology Construction • An LLN is divided into one or more RPL Instance • Each instance may have one or more DODAG • Each node joins one DODAG per RPL Instance • Each RPL Instance has an Objective Function used to rank nodes based on different metrics • Rank is the distance a node is from a DODAG root • Links established from higher rank nodes to lower rank ones • Each DODAG has a version, when changes occur the ranks are recalculated and version incremented (initiated by DODAG root)
Topology Construction (Visually) Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
Routes in RPL • Upward Routes o Routes from nodes towards root o Learned during ranking/parent selection through control messages (DIO) • Downward Routes o Routes away from root towards node, learned via control messages (DAO) o Handle according to RPL Instance mode of operation: o Storing Mode  Nodes may store the down routes, route packets down o Non-Storing Mode  Only root stores routes, all packets go to root and source routed down
Traffic Flows Supported • Multipoint-to-Point (MP2P) o Ex: One node providing a sink for many o Uses up routes • Point-to-Multipoint (P2MP) o Ex: Firmware update sent to all nodes o Uses down routes toward destinations (prefixes, addresses, or multicast groups), and away from roots • Point-to-Point (P2P) o A packet flows towards a root through up routes until it reaches an ancestor that has a known down route to the destination or the root.
Overview of Control Messages • Uses ICMPv6 with Type = 155 • Code specifies type of control message • Base is where the message goes
Control Message Bases • DODAG Information Solicitation (DIS) • DODAG Information Object (DIO) • DODAG Advertisement Object (DAO) • DODAG Advertisement Object ACK (DAO-ACK) • Consistency Check (CC)
Overview of Control Messages - DIS • DODAG Information Solicitation (DIS) • Used to probe neighbors for nearby DODAGs • Can be used to solicit DIO messages
Overview of Control Messages - DIO • DODAG Information Object (DIO) • Allows nodes to discover an RPL Instance, learn the configuration parameters, select a DODAG parent, and maintain the DODAG
Overview of Control Messages - DAO • Destination Advertisement Object (DAO) • Sends node information to the DODAG root • K - A DAO-ACK is expected • D - DODAGID field is present
Overview of Control Messages - DAO-ACK • Destination Advertisement Object ACK (DAO-ACK) • DAOSequence - Corresponds to DAO message
Overview of Control Messages - CC • Consistency Check • Used for challenges/responses and for checking secure message counters • Must be sent using the Secure RPL Message format
Secure Control Messages • Each control message also has a secure version • Security section above included in message (before base) • Provides integrity and replay protection, with optional confidentiality and delay protection
Control Message Options • PAD1 o Add single octet of padding for option alignment • PADN o Add two or more octets for padding • Metric Container (DIO, DAO) o Pass node, link, and aggregate path metrics • Route Information (DIO) o Indicates that the DODAG root has connectivity to a destination prefix • DODAG Configuration (DIO) o Distributes information about the DODAG o Usually static, so doesn't need to be sent with each DIO
Control Message Options (2) • RPL Target (DAO) o Indicates a specified target IPv6 address, prefix, or multicast group is reachable along the DODAG • Transit Information (DAO) o Indicates attributes for paths to one or more destination • Solicited Information (DIS) o Used for a node to request DIO messages from a subset of neighbor nodes • Prefix Information (DIO) o Propagates prefix information for State-Less Address Auto-Conf • RPL Target Descriptor (DAO) o Used to qualify/tag a target
Upward Route Creation / Node Joining • Node determines which DODAG is most preferred • Builds a set of potential neighbors using DIO messages o Must be reachable via link-local multicast • Determines a subset of neighbors that are potential parents • Determines one or more preferred parents • Sets it's rank as being greater than the parent's rank • Upward route is through the parent
Downward Route Creation • Nodes send DAO messages upward • In storing mode, nodes along the upward path can store routes to these destinations and send DAO upward • Downward Routes constructed by recursively looking up parent nodes until the node is found
Security Mechanisms • 3 Security modes for an RPL Instance: o Unsecured - Regular control messages, no security provided by RPL o Pre-Installed - Secure control messages using a pre- shared key o Authenticated - Secure control messages using a pre- shared key, must obtain a second key from a key authority to be a router • MAC or Signature used to provide message integrity/authentication • Optional encryption using CCM with AES-128 encryption • Counters and Timestamps to prevent replay/timing attacks
Loop Avoidance • Detects DAG inconsistencies at each node if: o downward packet received from higher ranked node o upward packet received from lower ranked node • Detects DAO inconsistencies (incorrect down routes stored at nodes) if: o node receives a packet for which it is no longer the parent
Agenda • Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance • Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations • Initial Project Plan o What's already been done o List messages we will have to decode,
IPv6 Routing Header for Source Routes • RPL relies on source routing to utilize paths that include memory constrained routers • Needed to support downward routes in RPL instances using Non-Storing Mode o source routes populated by DODAG root • SRH header is similar to the IPv6 header described in RFC2460 • SRH allows compaction of source route entries when all entries share same prefix
Source Routing for RPL • Source routes specified can be: o The entire path from source to destination o Subset of actual path between Source to Destination • SRH can only be used between RPL Instances • RPL Border routers responsible for connecting to other RPL Routers o IPv6-in-IPv6 • RPL Router drops datagram if o multiple addresses assigned to any interface on that router
SRH Case 1 • SRH specifies complete path between source to destination • Router places source header directly in datagram
SRH Case 2 • Occurs when source and/or destination are outside RPL instance • R is the RPL Border Router
Format of RPL Routing Header
Generating Source Route Headers • if source and destination in same instance o router includes SRH header in original packet • if source and/or destination in different instance o router uses IPv6-in-IPv6 • RPL router must set segments left to no greater than original datagram's Hop Limit o what is source route is longer than IPv6 hop limit? • If RPL router is not a source of the datagram, it first decrements Hop Count and then generates SRH • Desirable to consider path MTU size to prevent performance degradation due to fragmentation o data size + 40(outer IP header) + SRH_MAX_SIZE
Processing Source Route Headers • Processed when packet reaches node identified by • destination address field. • Processing header: o destination address = next hop's address o if segments left non-zero and destination address not on link packet must be dropped send ICMP destination unreachable error message else packet is forwarded o detect loop d  If SRH contains multiple address assigned to any interface on that router, drop packet  send ICMP parameter problem error message
Security Considerations • Does not specify any confidentiality, integrity or authenticity mechanism. • RPL routers must drop datagram containing SRH in the IPv6 extention header. • Vulnerable to attacks from inside RPL instance. • Bandwidth exhaustion attack handled by loop detection mechanism • Possible attacks o Bypassing filtering devices o reaching otherwise unreachable internet system o defeating anycast o routing topology discovery
IANA Consideration • New source routing type "RPL Source Route Header" defined o assigned number TBD by IANA • New ICMPv6 Destination unreachable code defined o Strict Source Routing Failed o assigned number TBD by IANA
What's already been done • Wireshark filters for the control messages (ICMPv6) from the main RFC • Support for version 3 of the SRH RFC (currently version 7)
What we plan to implement • Update Source Route Header (SRH) dissecting capabilities • Ensure decoding works with IPv6-in-IPv6 encapsulated packets where SRH is in the outer IPv6 packet • Show errors visually o IPv6 addresses must not appear more than once in the SRH o IPv6 source and destination must not appear in the SRH o Multicast IPv6 addresses must not appear in the SRH or as the destination of a IPv6 packet with a SRH o If CmprI == 0 and CmprE == 0, Pad must == 0 • Highlight circumstances where messages must be dropped and ICMPv6 error messages should be generated o non-zero segments left value and destination not on link o SRH includes multiple addresses assigned to interfaces on a given router and messages are seperated by at least one interface
Questions?
Sources http://tools.ietf.org/html/draft-ietf-6man-rpl-routing-header-07 http://tools.ietf.org/html/draft-ietf-roll-rpl-19 http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla- rpl.pdf

Empfohlen

Rpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksRpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy Networks
Landry Simo
 
Rpl
Rpl Rpl
Rpl
Truong Giang Nguyen
 
RPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy NetworksRPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy Networks
Pradeep Kumar TS
 
Iot rpl
Iot rplIot rpl
Iot rpl
DESHPANDE M
 
Rpl dodag
Rpl dodagRpl dodag
Rpl dodag
Tonachi Shika
 
Label Distribution Protocol
Label Distribution ProtocolLabel Distribution Protocol
Label Distribution Protocol
Kashif Latif
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
Varsha Anandani
 
Security of RPL in IoT
Security of RPL in IoTSecurity of RPL in IoT
Security of RPL in IoT
Abhishek858
 

Empfohlen

Rpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy NetworksRpl:Routing Protocol for Low-Power and Lossy Networks
Rpl:Routing Protocol for Low-Power and Lossy Networks
Landry Simo
 
Rpl
Rpl Rpl
Rpl
Truong Giang Nguyen
 
RPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy NetworksRPL - Routing Protocol for Low Power and Lossy Networks
RPL - Routing Protocol for Low Power and Lossy Networks
Pradeep Kumar TS
 
Iot rpl
Iot rplIot rpl
Iot rpl
DESHPANDE M
 
Rpl dodag
Rpl dodagRpl dodag
Rpl dodag
Tonachi Shika
 
Label Distribution Protocol
Label Distribution ProtocolLabel Distribution Protocol
Label Distribution Protocol
Kashif Latif
 
AODV routing protocol
AODV routing protocolAODV routing protocol
AODV routing protocol
Varsha Anandani
 
Security of RPL in IoT
Security of RPL in IoTSecurity of RPL in IoT
Security of RPL in IoT
Abhishek858
 
6lowpan
6lowpan6lowpan
6lowpan
Dwarakanath Tulasi
 
Routing protocols
Routing protocolsRouting protocols
Routing protocols
rajshreemuthiah
 
EIGRP Overview
EIGRP Overview EIGRP Overview
EIGRP Overview
NetProtocol Xpert
 
The constrained application protocol (CoAP)
The constrained application protocol (CoAP)The constrained application protocol (CoAP)
The constrained application protocol (CoAP)
Hamdamboy (함담보이)
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
Jisc
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 
6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol
Samsung Open Source Group
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
Tharindu Kumara
 
ipv6 ppt
ipv6 pptipv6 ppt
ipv6 ppt
Shiva Kumar
 
AODV protocol
AODV protocolAODV protocol
AODV protocol
Shanka Mahakumbura
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocol
Mohd. Ahmad Siddiqi
 
PPP (Point to Point Protocol)
PPP (Point to Point Protocol)PPP (Point to Point Protocol)
PPP (Point to Point Protocol)
Ali Jafar
 
IPv6
IPv6IPv6
IPv6
Deepraj Bhujel
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
NetProtocol Xpert
 
Networking Protocols for Internet of Things
Networking Protocols for Internet of ThingsNetworking Protocols for Internet of Things
Networking Protocols for Internet of Things
rjain51
 
Link state protocols.ppt
Link state protocols.pptLink state protocols.ppt
Link state protocols.ppt
Edgardo Scrimaglia
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
Mustafa Qamar-ud-Din
 
BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)
NetProtocol Xpert
 
CCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFCCNAS :Multi Area OSPF
CCNAS :Multi Area OSPF
rooree29
 
OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF)OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF)
Ann Joseph
 
1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing
hptoga
 
5. transistion mechanisum 1
5. transistion mechanisum 15. transistion mechanisum 1
5. transistion mechanisum 1
rajataro
 

Weitere ähnliche Inhalte

Was ist angesagt?

Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
asimnawaz54
 

Was ist angesagt? (20)

6lowpan
6lowpan6lowpan
6lowpan
 
Routing protocols
Routing protocolsRouting protocols
Routing protocols
 
EIGRP Overview
EIGRP Overview EIGRP Overview
EIGRP Overview
 
The constrained application protocol (CoAP)
The constrained application protocol (CoAP)The constrained application protocol (CoAP)
The constrained application protocol (CoAP)
 
Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44Multiprotocol label switching (mpls) - Networkshop44
Multiprotocol label switching (mpls) - Networkshop44
 
Internet control message protocol
Internet control message protocolInternet control message protocol
Internet control message protocol
 
6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol6LoWPAN: An Open IoT Networking Protocol
6LoWPAN: An Open IoT Networking Protocol
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
 
ipv6 ppt
ipv6 pptipv6 ppt
ipv6 ppt
 
AODV protocol
AODV protocolAODV protocol
AODV protocol
 
Presentation on arp protocol
Presentation on arp protocolPresentation on arp protocol
Presentation on arp protocol
 
PPP (Point to Point Protocol)
PPP (Point to Point Protocol)PPP (Point to Point Protocol)
PPP (Point to Point Protocol)
 
IPv6
IPv6IPv6
IPv6
 
IS-IS Protocol Introduction
IS-IS Protocol IntroductionIS-IS Protocol Introduction
IS-IS Protocol Introduction
 
Networking Protocols for Internet of Things
Networking Protocols for Internet of ThingsNetworking Protocols for Internet of Things
Networking Protocols for Internet of Things
 
Link state protocols.ppt
Link state protocols.pptLink state protocols.ppt
Link state protocols.ppt
 
Computer networks protocols
Computer networks protocolsComputer networks protocols
Computer networks protocols
 
BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)BGP (Border Gateway Protocol)
BGP (Border Gateway Protocol)
 
CCNAS :Multi Area OSPF
CCNAS :Multi Area OSPFCCNAS :Multi Area OSPF
CCNAS :Multi Area OSPF
 
OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF)OPEN SHORTEST PATH FIRST (OSPF)
OPEN SHORTEST PATH FIRST (OSPF)
 

Ähnlich wie I pv6 routing_protocol_for_low_power_and_lossy_

5. transistion mechanisum 1
5. transistion mechanisum 15. transistion mechanisum 1
5. transistion mechanisum 1
rajataro
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
Cengage Learning
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
Robb Boyd
 

Ähnlich wie I pv6 routing_protocol_for_low_power_and_lossy_ (20)

1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing1 bonica tutorial_segment_routing
1 bonica tutorial_segment_routing
 
5. transistion mechanisum 1
5. transistion mechanisum 15. transistion mechanisum 1
5. transistion mechanisum 1
 
1Routing Basics.pdf
1Routing Basics.pdf1Routing Basics.pdf
1Routing Basics.pdf
 
Final Presentation on the Network layer
Final Presentation on the Network layerFinal Presentation on the Network layer
Final Presentation on the Network layer
 
SEGMENT Routing
SEGMENT RoutingSEGMENT Routing
SEGMENT Routing
 
Dik acn presentation
Dik acn presentationDik acn presentation
Dik acn presentation
 
Packet Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing ConferencePacket Analysis - Course Technology Computing Conference
Packet Analysis - Course Technology Computing Conference
 
TechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the DatacenterTechWiseTV Workshop: Segment Routing for the Datacenter
TechWiseTV Workshop: Segment Routing for the Datacenter
 
Network Layer Protocol.pptx
Network Layer Protocol.pptxNetwork Layer Protocol.pptx
Network Layer Protocol.pptx
 
Part 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGPPart 10 : Routing in IP networks and interdomain routing with BGP
Part 10 : Routing in IP networks and interdomain routing with BGP
 
CisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsecCisCon 2018 - Overlay Management Protocol e IPsec
CisCon 2018 - Overlay Management Protocol e IPsec
 
Internet standard routing protocols
Internet standard routing protocolsInternet standard routing protocols
Internet standard routing protocols
 
Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...Building day 2 upload Building the Internet of Things with Thingsquare and ...
Building day 2 upload Building the Internet of Things with Thingsquare and ...
 
Routing Protocol in detail
Routing Protocol in detailRouting Protocol in detail
Routing Protocol in detail
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocol
 
ROUTING PROTOCOLS new.pptx
ROUTING PROTOCOLS new.pptxROUTING PROTOCOLS new.pptx
ROUTING PROTOCOLS new.pptx
 
Ad hoc
Ad hocAd hoc
Ad hoc
 
bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
ODA000009 IS-IS Routing Protocol.ppt
ODA000009 IS-IS Routing Protocol.pptODA000009 IS-IS Routing Protocol.ppt
ODA000009 IS-IS Routing Protocol.ppt
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

I pv6 routing_protocol_for_low_power_and_lossy_

  • 1. IPv6 Routing Protocol for Low power and Lossy Networks draft-ietf-roll-rpl-19 draft-ietf-6man-rpl-routing-header-07 Andrew Williams Sheetal Kshirsagar
  • 2. Agenda • Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance • Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations • Initial Project Plan o What's already been done o List messages we will have to decode,
  • 3. Definitions • Low power and Lossy Networks (LLN) o Network where routers and links are constrained • IPv6 Routing Protocol for LLN (RPL) o Mechanism for routing traffic flows in LLNs
  • 4. Survey of Routing Protocols Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  • 5. Topology • Forms one or more Destination Oriented Directed Acyclic Graphs (DODAGs) between nodes Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  • 6. Topology/Topology Construction • An LLN is divided into one or more RPL Instance • Each instance may have one or more DODAG • Each node joins one DODAG per RPL Instance • Each RPL Instance has an Objective Function used to rank nodes based on different metrics • Rank is the distance a node is from a DODAG root • Links established from higher rank nodes to lower rank ones • Each DODAG has a version, when changes occur the ranks are recalculated and version incremented (initiated by DODAG root)
  • 7. Topology Construction (Visually) Source: Siarhei Kuryla, Networks and Distributed Systems seminar, http://cnds.eecs.jacobs-university.de/courses/nds-2010/kuryla-rpl.pdf
  • 8. Routes in RPL • Upward Routes o Routes from nodes towards root o Learned during ranking/parent selection through control messages (DIO) • Downward Routes o Routes away from root towards node, learned via control messages (DAO) o Handle according to RPL Instance mode of operation: o Storing Mode  Nodes may store the down routes, route packets down o Non-Storing Mode  Only root stores routes, all packets go to root and source routed down
  • 9. Traffic Flows Supported • Multipoint-to-Point (MP2P) o Ex: One node providing a sink for many o Uses up routes • Point-to-Multipoint (P2MP) o Ex: Firmware update sent to all nodes o Uses down routes toward destinations (prefixes, addresses, or multicast groups), and away from roots • Point-to-Point (P2P) o A packet flows towards a root through up routes until it reaches an ancestor that has a known down route to the destination or the root.
  • 10. Overview of Control Messages • Uses ICMPv6 with Type = 155 • Code specifies type of control message • Base is where the message goes
  • 11. Control Message Bases • DODAG Information Solicitation (DIS) • DODAG Information Object (DIO) • DODAG Advertisement Object (DAO) • DODAG Advertisement Object ACK (DAO-ACK) • Consistency Check (CC)
  • 12. Overview of Control Messages - DIS • DODAG Information Solicitation (DIS) • Used to probe neighbors for nearby DODAGs • Can be used to solicit DIO messages
  • 13. Overview of Control Messages - DIO • DODAG Information Object (DIO) • Allows nodes to discover an RPL Instance, learn the configuration parameters, select a DODAG parent, and maintain the DODAG
  • 14. Overview of Control Messages - DAO • Destination Advertisement Object (DAO) • Sends node information to the DODAG root • K - A DAO-ACK is expected • D - DODAGID field is present
  • 15. Overview of Control Messages - DAO-ACK • Destination Advertisement Object ACK (DAO-ACK) • DAOSequence - Corresponds to DAO message
  • 16. Overview of Control Messages - CC • Consistency Check • Used for challenges/responses and for checking secure message counters • Must be sent using the Secure RPL Message format
  • 17. Secure Control Messages • Each control message also has a secure version • Security section above included in message (before base) • Provides integrity and replay protection, with optional confidentiality and delay protection
  • 18. Control Message Options • PAD1 o Add single octet of padding for option alignment • PADN o Add two or more octets for padding • Metric Container (DIO, DAO) o Pass node, link, and aggregate path metrics • Route Information (DIO) o Indicates that the DODAG root has connectivity to a destination prefix • DODAG Configuration (DIO) o Distributes information about the DODAG o Usually static, so doesn't need to be sent with each DIO
  • 19. Control Message Options (2) • RPL Target (DAO) o Indicates a specified target IPv6 address, prefix, or multicast group is reachable along the DODAG • Transit Information (DAO) o Indicates attributes for paths to one or more destination • Solicited Information (DIS) o Used for a node to request DIO messages from a subset of neighbor nodes • Prefix Information (DIO) o Propagates prefix information for State-Less Address Auto-Conf • RPL Target Descriptor (DAO) o Used to qualify/tag a target
  • 20. Upward Route Creation / Node Joining • Node determines which DODAG is most preferred • Builds a set of potential neighbors using DIO messages o Must be reachable via link-local multicast • Determines a subset of neighbors that are potential parents • Determines one or more preferred parents • Sets it's rank as being greater than the parent's rank • Upward route is through the parent
  • 21. Downward Route Creation • Nodes send DAO messages upward • In storing mode, nodes along the upward path can store routes to these destinations and send DAO upward • Downward Routes constructed by recursively looking up parent nodes until the node is found
  • 22. Security Mechanisms • 3 Security modes for an RPL Instance: o Unsecured - Regular control messages, no security provided by RPL o Pre-Installed - Secure control messages using a pre- shared key o Authenticated - Secure control messages using a pre- shared key, must obtain a second key from a key authority to be a router • MAC or Signature used to provide message integrity/authentication • Optional encryption using CCM with AES-128 encryption • Counters and Timestamps to prevent replay/timing attacks
  • 23. Loop Avoidance • Detects DAG inconsistencies at each node if: o downward packet received from higher ranked node o upward packet received from lower ranked node • Detects DAO inconsistencies (incorrect down routes stored at nodes) if: o node receives a packet for which it is no longer the parent
  • 24. Agenda • Overview of RPL - o Topology/Topology Construction o Types of Routes o Traffic Flows supported o Overview of control messages (high level)  DIS, DIO, DAO, DAO-ACK, CC o Upward/Downward route creation and maintenance • Overview of Source-Routing Headers for RPL o Format of header o RPL Router Behavior o Security Considerations • Initial Project Plan o What's already been done o List messages we will have to decode,
  • 25. IPv6 Routing Header for Source Routes • RPL relies on source routing to utilize paths that include memory constrained routers • Needed to support downward routes in RPL instances using Non-Storing Mode o source routes populated by DODAG root • SRH header is similar to the IPv6 header described in RFC2460 • SRH allows compaction of source route entries when all entries share same prefix
  • 26. Source Routing for RPL • Source routes specified can be: o The entire path from source to destination o Subset of actual path between Source to Destination • SRH can only be used between RPL Instances • RPL Border routers responsible for connecting to other RPL Routers o IPv6-in-IPv6 • RPL Router drops datagram if o multiple addresses assigned to any interface on that router
  • 27. SRH Case 1 • SRH specifies complete path between source to destination • Router places source header directly in datagram
  • 28. SRH Case 2 • Occurs when source and/or destination are outside RPL instance • R is the RPL Border Router
  • 29. Format of RPL Routing Header
  • 30. Generating Source Route Headers • if source and destination in same instance o router includes SRH header in original packet • if source and/or destination in different instance o router uses IPv6-in-IPv6 • RPL router must set segments left to no greater than original datagram's Hop Limit o what is source route is longer than IPv6 hop limit? • If RPL router is not a source of the datagram, it first decrements Hop Count and then generates SRH • Desirable to consider path MTU size to prevent performance degradation due to fragmentation o data size + 40(outer IP header) + SRH_MAX_SIZE
  • 31. Processing Source Route Headers • Processed when packet reaches node identified by • destination address field. • Processing header: o destination address = next hop's address o if segments left non-zero and destination address not on link packet must be dropped send ICMP destination unreachable error message else packet is forwarded o detect loop d  If SRH contains multiple address assigned to any interface on that router, drop packet  send ICMP parameter problem error message
  • 32. Security Considerations • Does not specify any confidentiality, integrity or authenticity mechanism. • RPL routers must drop datagram containing SRH in the IPv6 extention header. • Vulnerable to attacks from inside RPL instance. • Bandwidth exhaustion attack handled by loop detection mechanism • Possible attacks o Bypassing filtering devices o reaching otherwise unreachable internet system o defeating anycast o routing topology discovery
  • 33. IANA Consideration • New source routing type "RPL Source Route Header" defined o assigned number TBD by IANA • New ICMPv6 Destination unreachable code defined o Strict Source Routing Failed o assigned number TBD by IANA
  • 34. What's already been done • Wireshark filters for the control messages (ICMPv6) from the main RFC • Support for version 3 of the SRH RFC (currently version 7)
  • 35. What we plan to implement • Update Source Route Header (SRH) dissecting capabilities • Ensure decoding works with IPv6-in-IPv6 encapsulated packets where SRH is in the outer IPv6 packet • Show errors visually o IPv6 addresses must not appear more than once in the SRH o IPv6 source and destination must not appear in the SRH o Multicast IPv6 addresses must not appear in the SRH or as the destination of a IPv6 packet with a SRH o If CmprI == 0 and CmprE == 0, Pad must == 0 • Highlight circumstances where messages must be dropped and ICMPv6 error messages should be generated o non-zero segments left value and destination not on link o SRH includes multiple addresses assigned to interfaces on a given router and messages are seperated by at least one interface