Mobile IPv6 is the ability to roam between networks and maintain the same ipv6 address, so that the user is contactable by the same means throughout their session. The current task is to explore and test some of the available implementations of Mobile IPv6 (specifically the Lancaster LiveDVD distribution) available for this and report back on their effectiveness and what can be done to improve them.
- 1 Equipment And Networking
- 2 Software Distributions And Implementations
- 3 Helpful Links and Information
Equipment And Networking
As part of the work, a Dell 1U rackmount has been acquired (Sown-7core). Two more low-end rackmounts have been ordered to do testing on less powerful equipment.
Overview of ECS/SOWN IPv6 Topology
Figure 1. ECS/SOWN topology as of 11 Aug 2008
The University of Southampton has an IPv6 subnet of 2001:630:d0::/48. Currently ISS doesn't use any of this allocation, ECS has been using 2001:630:d0:f000:/52 out of this block.
SOWN is directly connected to the ECS 6bone network via Ford and has an address delegation of 2001:630:d0:f700::/56, which allows for one backbone /64 and a further 255 /64 for allocation to virtual and/or physical interfaces, such as SOWN[at]HOME nodes. This closely matches the number of IPv4 network subnets (/24) which are available on the 10.13.0.0/16 address block.
ECS splits its allocation along several /64 blocks, some as infrastructure, some inside the v6 firewall, and some kept on their own DMZ, such as Wireless devices. Devices on the ECS-WLAN are placed on the Wireless vlan which has a network prefix of 2001:630:d0:f105::/64. They have limited access to other devices inside the ECS Firewall.
Sown-7core is currently connected to the IAM vlan and as such has a network prefix of 2001:630:d0:f111::/64. As this is not directly connected to the ECS Wireless VLAN (f105::/64) there are problems in routing traffic destined to clients which are no longer connected to their home network due to the routing tables.
Possible solutions to this
There are 3 possible solutions to the routing problem.
- Plug 7core directly into the Wireless VLAN - not ideal, as it would replace Zaphod as the primary router/firewall and potentially compromise the integrity of the Wireless DMZ.
Figure 2. ECS/SOWN Routing solution 1
- Create a virtual /64 subnet behind SOWN-7core which is globally routeable. This would make all Nodes be in C/O mode wherever they are connected in the World.
Figure 3. ECS/SOWN Routing solution 2
- Create a VLAN that spans all areas of the network that are covered by the Home Agent. This would make Sown-7core a router for those nodes, and allow any node to move freely on that address. This would supplement the f105::/64 subnet, rather than replace it.
Figure 4. ECS/SOWN Routing solution 3
Software Distributions And Implementations
This is a LiveDVD based on Ubuntu. It has a 2.6.24 rebuilt kernel and several tools under X windows, including Open Office and other convenient programs.
From the point of view of providing a Home agent running on a network such as ECS, there are a few problems with the Lancaster Distribution. Being a LiveDVD means that state is not stored on reboot. Running on a rack-mount computer thus is dependant on being able to store the operating system on the hard-drive, lest a complete reconfigure be required on reboot. We are aware that it was not the intention of the developers to promote the use of it in static configuration on a permanent basis.
After some playing with the root file system, a copy of the distribution was placed on the hard-drive and after some further poking, it was configured so that the ram image would save state before rebooting. Further mipuser account was disabled and the root login was configured for sown access (security reasons). This is currently installed on Sown-7core which is located on the IAM VLAN (see fig 1).
Configuring Home Agent for mobile nodes
The server setup is fairly straight forward after you have a stable install. There are no extraneous daemons to worry about other than the scripts that start mip6d. Lancaster have provided some default scripts that need to be customised to the settings of the machine. These mostly relate to turning off state full auto-configuration and turning on IPv6 forwarding. (something that could easily be migrated to sysctl for a final deployment but are dynamic as the distribution doesn't know whether it is a HA or MN until you run the scripts). It is nice that they realised the potential for different configuration options. When using this distribution on a network such as ECS, One thing that is very important is to disable any irrelevant RADVD settings and ensure that the configuration is absolutely accurate in start_ha.sh. Running a mis-configured daemon would undoubtedly break the ipv6 routing in most establishments unless this machine is actually functioning as your main ipv6 router for its subnet. Under the new configuration with a separate Mobility VLAN, the use of RADVD should be used, to advertise SOWN-7core as the primary v6 router for the subnet.
Configuring Mobile Node
Being a port of Xubuntu both the server and client modes run X windows which makes configuration easy. Configuring a Mobile Node to work on a network is quite straight forward. Editing the start_mn script to change its address, and the address of the home agent, and the network prefix is fairly straight forward. In our set up, there is a new roaming subnet 2001:630:d0:f11c::/64 (to be configured cf. meeting with John Wynn 11 Aug). This has the Home agent running on 2001:630:d0:f11c::3 (which is also the secondary v6 router for the subnet).
Inside of the firewall, everything works fine. RADVD is a must with appropriate HomeAgent flags configured. Without this it will not work.
Testing has been conducted between the IAM VLAN and the MobileIPv6 VLAN with great deals of success. All packets are passed nicely between VLANS on the Router - a Cisco 6509.
With a firewall
PF appears to have significant flaws when handling mobile ipv6. It doesn't accept BU/ACK packets and doesn't like most of the following headers.
Attempts have been made to correct some of these with varying degrees of success. Modifications to the PF source code allowed certain packets such as BU/ACK to pass freely. However this process is not complete. We have been talking to one of the current PF developers to attempt to get support for mobile-ipv6 added.
Helpful Links and Information
Project Started 2008-07-22T11:34+0:00