TCP MultiHome Options - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

TCP MultiHome Options

Description:

Protection for Redirection Attack, Session Hijack and Syn-Flood Attack. ... Session Hijack. protected by strict MH ... This is also true for the existing TCP. ... – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 12
Provided by: opsI
Category:

less

Transcript and Presenter's Notes

Title: TCP MultiHome Options


1
11/11 IETF 58th
TCP Multi-Home Options
- draft-arifumi-tcp-mh-00.txt -
Arifumi Matsumoto Graduate School of
Informatics, Kyoto University, Japan
arifumi_at_kuis.kyoto-u.ac.jp
2
Multi6a Design Team (DT2)
  • In DT2, as a short term solution,
  • Multi-address host-centric model is reasonable.
  • Multi-homed site does Source Address Based
    Routing to provide as many pathes as possible to
    upper layer.
  • And IMO,
  • improved TCP is necessary and is a simple
    solution.
  • Network failure can only be detected by transport
    or upper layers before session time-outs.
  • Existing TCP can't manipulate multi-addresses.
  • SCTP isn't TCP. (no interoperability)
  • So I designed and implemented TCP MH-Options

3
Protocol Design
  • Simple and Minimum change to the existing TCP
  • Defines several new TCP Options
  • Not affect any other functions of TCP(flow
    control, congestion avoidance)
  • Backward interoperability and fairness
  • Rapid recovery from transmission failure
  • After some RTOs, path(src-dst address pair)
    changes.
  • Traverse ingress filter by trying all the source
    addresses.
  • Protection for Redirection Attack, Session Hijack
    and Syn-Flood Attack.

4
Protocol Behavior Overview
NodeA
NodeB
EST
EST
ADD
ADD
ADD
ADD
5
Packet Format
  • TCP Option field size is up to 40 bytes!
  • MH-Permitted Option
  • Negotiates multi-home capability.
  • Address Configuration Options
  • MH-Add/Delete Option
  • MH-Serial is incremented by one if its ack
    returns.
  • Each hosts can have one outstanding MH-Serial.
  • Address Configuration Ack. Options
  • MH-Add/Non-Ack Option
  • MH-Serial is copied from MH-Add/Delete Option.

6
Considerations -Path Switch-
  • Path switches when
  • Several times(should be 3) of RTOs(cwnd-gt0)
    occurs. This typically takes about 10-20 sec.
  • ICMP Error is received. (temporary network
    failure)
  • Path is discarded when
  • RST is the first received packet from that path.
    (the packet is probably from irrelevant host.
    e.g. private address)
  • Path's address is deleted by either of nodes.
  • When a path changes, window size is almost always
    set to 1MSS because of RTOs.

Path Flapping Avoidance
7
Considerations -Security(1/2)-
  • Redirection Attack
  • Redirects traffic to third party for DoS attack.
  • Targeted host can RST connection,
  • so this seems not so serious.
  • By introducing Return-Routablity
  • check, this is easily prevented but not yet
    included.

T
3) Data
B
2) Ack
1) Add(T)
A
NodeB(adr1)
NodeB(adr2)
NodeA
Add(adr2)
Add(adr2)
Confirm
Con-Ack
Add-Ack
RST
8
Considerations -Security(2/2)-
  • Session Hijack
  • protected by strict MH-Serial number management.
  • Unexpected Serial number means being attacked and
    session itself should soon be canceled.
  • This mechanism, however, doesn't have any
    protection against Man-In-the-Middle attack. This
    is also true for the existing TCP.
  • The difference is that MITM host can fetch a
    session to anywhere else. (This degrades TCP
    security ?)

MIM
2) Ack
1) Add
1) Add
B
2) Ack
A
(and it's possible to use TCP ISN as a shared
secret but not perfect)
9
Conclusions
  • I proposed Transport Layer based Multi-home
    solution.
  • This is not the consensus of Multi6a DT though.
  • There is a running implementation for NetBSD.
  • Future Work
  • Return Routability and NAT/NAPT Traversal
    evaluation.
  • Comparison with L3.5 approaches.
  • TCP-MH is enough ?

10
Basic Capabilities
Survive any network outage
3.1.1
Redundancy
3.1.1
Redundancy
Per TCP session
3.1.2
Load Sharing
3.1.2
Load Sharing
maybe
3.1.3
Performance
3.1.3
Performance
possible
3.1.4
Policy
3.1.4
Policy
Quite simple
3.1.5
Simplicity
3.1.5
Simplicity
3.1.6
Transport
3.1.6
Transport
That's what this is for.
Survivability
Survivability
No impact
3.1.7
Impact on DNS
3.1.7
Impact on DNS
No impact
3.1.8
Packet Filtering
3.1.8
Packet Filtering
11
Additional capabilities
No problem
3.2.1
Scalability
3.2.1
Scalability
3.2.2
Impact on Routers
3.2.2
Impact on Routers
SABR is desired
Interoperable with legacy nodes
3.2.3
Impact on Hosts
3.2.3
Impact on Hosts
3.2.4
Host
-
Routing
3.2.4
Host
-
Routing
Desired but not required
interaction
interaction
3.2.5
Operations
3.2.5
Operations
Possible
Management
Management
3.2.6
Cooperation
3.2.6
Cooperation
Not required
between Transit Providers
between Transit Providers
3.2.7
Multiple Solutions?
3.2.7
Multiple Solutions?
Can co-exist with L3 solutions
4
Security Considerations
4
Security Considerations
MITM can hijack
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "TCP MultiHome Options" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!