ipv6 minimum host requirement for small devices
DESCRIPTION
IPv6 Minimum Host Requirement for Small Devices. Yokogawa Electric Corp. Nobuo Okabe [email protected] or [email protected]. Motivation (1/2). (I had to implement IPv6 on the small device.) IPv6 enables small devices to connect the Internet. IPv6 spec. is too large for the device: - PowerPoint PPT PresentationTRANSCRIPT
2001/8/3 [email protected] 1
IPv6 Minimum Host Requirement for Small Devices
Yokogawa Electric Corp.Nobuo Okabe
2001/8/3 [email protected] 2
Motivation (1/2) (I had to implement IPv6 on the small
device.) IPv6 enables small devices to connect the
Internet. IPv6 spec. is too large for the device:
Specific purposed, CPU performance, memory size, etc...
There is no guideline for shrinking IPv6 spec. Harmless for other nodes Reasonable for future of the Internet
2001/8/3 [email protected] 3
Limitations:・ Usage・ CPU
Performance・Memory Size・ etc… IPv6 Min. Host
Requirement
IPv6Core
IPv6Key Mgmt.
IPv6Security
IPv6 Core ND
Addr .Autoconf.
IPSEC framework
Addr. Arch.
ICMPv6
DHCPv6
Mobile IPv6
Routing Protocol
DNS
Current IPv6 Specifications
IPv6 Security
ESP
AH HMAC-MD5
Pre-shared keyIKE
HMAC-SHA1
DES-CBC Rinjeal-CBC null
IPv6 Key Mgmt
RSA-auth Diffie-Hellman
Main mode Aggressive mode
Certificate
Motivation (2/2)Current IPv6 Specs. can’t beimplemented on a very smalldevice.
2001/8/3 [email protected] 4
Objectives Sharing our experience with other
implementers of small devices Making IPv6 guidelines for the
devices: IPv6 core, Security, Key management
Developing test suites for public use
2001/8/3 [email protected] 5
History/Status The project was started with WIDE & TAHI (2000
/11) Commited Organizations/People:
ACCESS: Osajima, Noguchi Toshiba: Inoue, Ishiyama Yokogawa: Miyata, Okabe, Sajiki, Sakane InternetNode: Okabe
Implementers are also committed: ACCESS Co. Ltd. (http://www.access.co.jp/) InternetNode Inc., (http://www.i-node.co.jp/)
2001/8/3 [email protected] 6
Toshiba
Others
WIDE Project
TAHIProject
Spec- WG
TestSuit- WG
・・
Feedbacks
Open to the public
(Matushita) ACCESS
The University of Tokyo
Yokogawa
Yokogawa
Yokogawa
Framework
2001/8/3 [email protected] 7
Memory CPU Performance OSProtocol Security
PC 256MB Pentium64bit Windows IPv4 & IPv6 IPsec(1GHz)
AV 512KB/ROM RISC32bit Enbeded OS N/ A N/ A20~64KB/RAM (20MHz)
PDA 2~8MB RISC32bit CE/Vxworks OnlyIPv4 N/ A(50MHz) PalmOS
Sensor 512KB ROM~ CISC 8~16bit Homemade OS N/ A N/ A512KB RAM~ (40MHz) or Monitor
Home 512KB/ROM CISC 8~16bit Homemade OS N/ A N/ AAppliance 16~32KB/RAM (40MHz) or Monitor
Protocol Stack
Resources of Small Devices
2001/8/3 [email protected] 8
Assumption of the IPv6 Min. Host A node is NOT a router, but a host. No need to send a packet w/ ext.
header(s) However, we have to discussing about MIP6.
having a single network i/f to simplify source address selection. not to use routing information. to minimize ND related cache entries.
Neighbor Cache Entries, The Default Router List,The prefix List
2001/8/3 [email protected] 9
Out of Our Discussion (1/3) IPv6 Address Assignment Jumbogram Multicast, anycast MIB, Header Compression Any L2 except PPP/Ethernet Transition Technology (IPv4 <==> IPv6)
to simplify problems to solve. especially IPsec vs. {NAT or Translator}.
We may discuss some part of the above in the future.
2001/8/3 [email protected] 10
Out of Our Discusson (2/3) RFC1981 (Path MTU Discovery) RFC2147 RFC2675 (Jumbograms) RFC2375 (Multicast Address Assignments) RFC2710 (MLD) RFC1888 (OSI NSAPs) RFC2292 (Advanced Sockets API) RFC2553 (Basic Socket Interface Ext.) RFC2473, RFC2529 (Tunneling)
2001/8/3 [email protected] 11
Out of Our Discussion (3/3) RFC2507 (IP Header Compression) RFC2526 (Anycast) RFC2452, RFC2454, RFC2465, RFC2466 (SN
MP/MIB) RFC2467 (FDDI) RFC2470 (Token Ring Networks) RFC2497 (ARCnet Networks) RFC2711 (Router Alert Option)
2001/8/3 [email protected] 12
Our Scope of Discussion (1/2) RFC 2460 (Basic Spec.) RFC 2461 (Neighbor Discovery) RFC 2462 (Address Autoconfiguration) RFC 2463 (ICMPv6) RFC 2373 (Addressing Architecture) RFC 1886 (DNS Extensions) RFC 2464 (Ethernet)
2001/8/3 [email protected] 13
Our Scope of Discussion (2/2) RFC 2472 (PPP) draft-ietf-ipngwg-icmp-name-lookups-05
IPv6 Node Information Queries draft-ietf-ipngwg-scoping-arch-02.txtIPv6
Scoped Address Architecture RFC 2401, RFC2402, RFC2406 (IPsec) RFC 2407 (ISAKMP) RFC 2409 (IKE)
2001/8/3 [email protected] 14
Snapshot of Our DiscussionRFC2460 (1/4) Parsing Ext. Headers
Sending ICMP Param. Problem if a host encounters unknown header.
Following option type if a host encounters unknown option.
It is not necessary to check ext. headers order if a host does not need ext. header functionality.
2001/8/3 [email protected] 15
Snapshot of Our DiscussionRFC2460 (2/4) Hop-by-Hop Option Header
Recv side: Pad1, PadN option (at least) Send side: No need to send HHOH
Routing Header Recv side: RH w/ segment left==0 (at least) Send side: RH if a host needs MIP6 binding update
Destination Header Recv side: Pad1, PadN option (at least) Send side: Home Address option if a host needs M
IP6 binding update
2001/8/3 [email protected] 16
Snapshot of Our DiscussionRFC2460 (3/4) Fragment Header
Fragmenting/Reassembling are not mandate under limited memory size.
Recv side: Treat FH as unknown ext. header Force a peer to send a packet whose size < 1280. TCP: Never open my MSS more then 1000 (for example) UDP: ?????
Is there any UDP application whose size i>512 ? NFS?
2001/8/3 [email protected] 17
Snapshot of Our DiscussionRFC2460 (4/4) Fragment Header (Continued)
Send side: Never send a packet whose size > 1280. Ignore ICMP Packet Too Big Message. (No need to have the Destination Cache.)
2001/8/3 [email protected] 18
Snapshot of Our DiscussionRFC2461 – 2463 RFC2461
No need for any router functionality:Sending RAs, Receiving RSs
Ignoring Redirect Messages if a host does not have both routing table and the Destination Cache
RFC2462 DAD should be implemented.
RFC2463 No need for any router related ICMP error messag
e.
2001/8/3 [email protected] 19
Snapshot of Our DiscussionDNS AAAA is mandatory. Keep watching IPNG discussion
A6:Makes resolver too complicated for the small devices.
DNS Server Discovery:Must be necessary
2001/8/3 [email protected] 20
Snapshot of Our DiscussionIPsec (1/3) A host is neither a router nor a security
gateway. A host can speak with a peer securely
Without security gateway. Without Specific security infrastructures (i.
e. CA) Without unfixed functionality
Multicast, IPsec MIB, IPsec specific ICMP
2001/8/3 [email protected] 21
Snapshot of Our DiscussionIPsec (2/3) ESP is mandate.
NULL algorithm is also important AH is not mandate.
SA parameters (at least) Src/Dst IPv6 addr., SPI, Protocol, ESP(alg, key, IV),
HMAC(alg, key), seq counter, replay protection Algorithm (Mandate)
AES(12b bits) HMAC-SHA2-256
2001/8/3 [email protected] 22
Snapshot of Our DiscussionIPsec (3/3) Key Management
Manual keying is mandate. IKE is no fit for the small devices:
Very complicated Assuming fixed IP address
Light weight key exchange model is needed.
2001/8/3 [email protected] 23
Current Status Summarizing our discussion on a draft
http://www.tahi.org/tiny/ You can see this PPT on the same URL. Feedback is welcome.
2001/8/3 [email protected] 24
Related works Minimum IPv6 Functionality for a Cellular Host
<draft-manyfolks-ipv6-cellular-host-00.txt>Jari Arkko (Ericsson), John Loughney(Nokia), et al. We are interested in your work. Is there any possibility to work with us? Is it good idea to have a meeting at next IETF?
2001/8/3 [email protected] 25
Future works Discussing more about our idea:
Security Node profile etc...
Designing/implementing test suite.