Network Working Group C. Vogt Request for Comments: 4651 Universitaet Karlsruhe (TH) Category: Informational J. Arkko Ericsson Research NomadicLab February 2007
Network Working Group C. Vogt Request for Comments: 4651 Universitaet Karlsruhe (TH) Category: Informational J. Arkko Ericsson Research NomadicLab February 2007
A Taxonomy and Analysis of Enhancements to Mobile IPv6 Route Optimization
移动IPv6路由优化增强的分类与分析
Status of This Memo
关于下段备忘
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
IESG Note:
IESG注:
This RFC is a product of the Internet Research Task Force and is not a candidate for any level of Internet Standard. The IRTF publishes the results of Internet-related research and development activities. These results might not be suitable for deployment.
本RFC是互联网研究工作组的产品,不适用于任何级别的互联网标准。IRTF发布互联网相关研究和开发活动的结果。这些结果可能不适合部署。
Abstract
摘要
This document describes and evaluates strategies to enhance Mobile IPv6 Route Optimization, on the basis of existing proposals, in order to motivate and guide further research in this context. This document is a product of the IP Mobility Optimizations (MobOpts) Research Group.
本文件在现有建议的基础上,描述和评估了增强移动IPv6路由优化的策略,以激励和指导这方面的进一步研究。本文档是IP移动性优化(MobOpts)研究组的产品。
Table of Contents
目录
1. Introduction ....................................................3 1.1. A Note on Public-Key Infrastructures .......................4 1.2. A Note on Source Address Filtering .........................5 2. Objectives for Route Optimization Enhancement ...................7 2.1. Latency Optimizations ......................................8 2.2. Security Enhancements ......................................8 2.3. Signaling Optimizations ....................................9 2.4. Robustness Enhancements ....................................9 3. Enhancements Toolbox ............................................9 3.1. IP Address Tests ..........................................10 3.2. Protected Tunnels .........................................10 3.3. Optimistic Behavior .......................................11 3.4. Proactive IP Address Tests ................................11 3.5. Concurrent Care-of Address Tests ..........................12 3.6. Diverted Routing ..........................................13 3.7. Credit-Based Authorization ................................14 3.8. Heuristic Monitoring ......................................17 3.9. Crypto-Based Identifiers ..................................18 3.10. Pre-Configuration ........................................19 3.11. Semi-Permanent Security Associations .....................20 3.12. Delegation ...............................................21 3.13. Mobile Networks ..........................................21 3.14. Location Privacy .........................................22 4. Discussion .....................................................22 4.1. Cross-Layer Interactions ..................................23 4.2. Experimentation and Measurements ..........................23 4.3. Future Research ...........................................24 5. Security Considerations ........................................24 6. Conclusions ....................................................25 7. Acknowledgments ................................................25 8. References .....................................................26 8.1. Normative References ......................................26 8.2. Informative References ....................................26
1. Introduction ....................................................3 1.1. A Note on Public-Key Infrastructures .......................4 1.2. A Note on Source Address Filtering .........................5 2. Objectives for Route Optimization Enhancement ...................7 2.1. Latency Optimizations ......................................8 2.2. Security Enhancements ......................................8 2.3. Signaling Optimizations ....................................9 2.4. Robustness Enhancements ....................................9 3. Enhancements Toolbox ............................................9 3.1. IP Address Tests ..........................................10 3.2. Protected Tunnels .........................................10 3.3. Optimistic Behavior .......................................11 3.4. Proactive IP Address Tests ................................11 3.5. Concurrent Care-of Address Tests ..........................12 3.6. Diverted Routing ..........................................13 3.7. Credit-Based Authorization ................................14 3.8. Heuristic Monitoring ......................................17 3.9. Crypto-Based Identifiers ..................................18 3.10. Pre-Configuration ........................................19 3.11. Semi-Permanent Security Associations .....................20 3.12. Delegation ...............................................21 3.13. Mobile Networks ..........................................21 3.14. Location Privacy .........................................22 4. Discussion .....................................................22 4.1. Cross-Layer Interactions ..................................23 4.2. Experimentation and Measurements ..........................23 4.3. Future Research ...........................................24 5. Security Considerations ........................................24 6. Conclusions ....................................................25 7. Acknowledgments ................................................25 8. References .....................................................26 8.1. Normative References ......................................26 8.2. Informative References ....................................26
Mobility support for IPv6, or Mobile IPv6, enables mobile nodes to migrate active transport connections and application sessions from one IPv6 address to another. The Mobile IPv6 specification, RFC 3775 [1], introduces a "home agent", which proxies a mobile node at a permanent "home address". A roaming mobile node connects to the home agent through a bidirectional tunnel and can so communicate, from its local "care-of address", as if it was present at the home address. The mobile node keeps the home agent updated on its current care-of address via IPsec-protected signaling messages [40].
对IPv6或移动IPv6的移动性支持使移动节点能够将活动传输连接和应用程序会话从一个IPv6地址迁移到另一个IPv6地址。移动IPv6规范RFC 3775[1]引入了“归属代理”,它在永久“归属地址”代理移动节点。漫游移动节点通过双向隧道连接到归属代理,并且可以从其本地“转交地址”进行通信,就像它存在于归属地址一样。移动节点通过受IPsec保护的信令消息使归属代理保持其当前转交地址的更新[40]。
In case the correspondent node lacks appropriate mobility support, it communicates with the mobile node's home address, and thus all data packets are routed via the home agent. This mode, Bidirectional Tunneling, increases packet-propagation delays. RFC 3775 hence defines an additional mode for Route Optimization, which allows peers to communicate on the direct path. It requires that the correspondent node can cache a binding between the mobile node's home address and current care-of address. The challenge with Route Optimization is that an administrative relationship between the mobile node and the correspondent node can generally not be presupposed. So how can the two authenticate and authorize the signaling messages that they exchange?
如果对应节点缺乏适当的移动性支持,它将与移动节点的归属地址通信,因此所有数据包都通过归属代理路由。这种双向隧道模式增加了数据包传播延迟。因此,RFC 3775定义了一种额外的路由优化模式,允许对等方在直接路径上通信。它要求通信节点可以缓存移动节点的家庭地址和当前转交地址之间的绑定。路由优化的挑战在于,移动节点和对应节点之间的管理关系通常不能预先假定。那么,两者如何对它们交换的信令消息进行身份验证和授权呢?
Mobile IPv6 solves this problem by verifying a routing property of the mobile node. Specifically, the mobile node is checked to be reachable at its home address and current care-of address in that it must prove the reception of a home and care-of keygen token, respectively. This is called the "return-routability procedure". It takes place right before a mobile node registers a new care-of address with a correspondent node and is periodically repeated in case the mobile node does not move for a while.
移动IPv6通过验证移动节点的路由属性来解决此问题。具体地说,移动节点被检查为在其归属地址和当前转交地址处可到达,因为它必须分别证明接收到归属和转交密钥根令牌。这称为“返回可路由性程序”。它发生在移动节点向对应节点注册新的转交地址之前,并且在移动节点暂时不移动的情况下周期性地重复。
The advantage of the return-routability procedure is that it is lightweight and does not require pre-shared authentication material. It also requires no state at the correspondent node. On the other hand, the two reachability tests can lead to a handoff delay unacceptable for many real-time or interactive applications such as Voice over IP (VoIP) and video conferencing. Also, the security that the return-routability procedure guarantees might not be sufficient for security-sensitive applications. And finally, periodically refreshing a registration at a correspondent node implies a hidden signaling overhead that may prevent mobile nodes from hibernation during times of inactivity.
返回可路由性过程的优点是它是轻量级的,不需要预先共享的身份验证材料。它也不需要对应节点的状态。另一方面,这两个可达性测试可能导致切换延迟,这对于许多实时或交互式应用程序(如IP语音(VoIP)和视频会议)来说是不可接受的。此外,对于安全敏感的应用程序,返回路由性过程所保证的安全性可能还不够。最后,定期刷新对应节点上的注册意味着隐藏的信令开销,这可能会阻止移动节点在不活动期间休眠。
Manifold enhancements for Route Optimizations have hence been suggested. This document describes and evaluates various strategies
因此,建议对路由优化进行多种增强。本文件描述并评估了各种策略
on the basis of existing proposals. It is meant to provide a conceptual framework for further work, which was found to be inevitable in the context of Route Optimization. Many scientists volunteered to review this document. Their names are duly recorded in Section 7. Section 2 analyzes the strengths and weaknesses of Route Optimization and identifies potential objectives for enhancement. Different enhancement strategies are discussed, based on existing proposals, in Section 3. Section 4 discusses the different approaches and identifies opportunities for further research. Section 5 and Section 6 conclude the document.
在现有建议的基础上。它旨在为进一步的工作提供一个概念框架,这在路线优化的背景下是不可避免的。许多科学家自愿审查这份文件。他们的姓名正式记录在第7节中。第2节分析路线优化的优势和劣势,并确定潜在的改进目标。第3节根据现有建议讨论了不同的增强策略。第4节讨论了不同的方法,并确定了进一步研究的机会。第5节和第6节总结了本文件。
This document represents the consensus of the MobOpts Research Group. It has been reviewed by the Research Group members active in the specific area of work. At the request of their chairs, this document has been comprehensively reviewed by multiple active contributors to the IETF MIP6 Working Group. At the time of this writing, some of the ideas presented in this document have been adopted by the Mobility for IP: Performance, Signaling and Handoff Optimization (mipshop) Working Group in the IETF.
本文件代表了MobOpts研究小组的共识。该报告已由活跃于特定工作领域的研究小组成员审查。应主席的要求,IETF MIP6工作组的多个积极贡献者对本文件进行了全面审查。在撰写本文时,本文件中提出的一些想法已被IETF中的IP移动性:性能、信令和切换优化(mipshop)工作组采纳。
Mobile IPv6 Route Optimization verifies a mobile node's authenticity through a routing property. An alternative is cryptographic authentication, which requires a binding between a node's identity and some sort of secret information. Although some proposals suggest installing shared secrets into end nodes when possible (see Section 3.10), pre-configuration is not an option for general Internet use for scalability reasons. Authentication based on a Public-Key Infrastructure (PKI) does not require pair-wise pre-configuration. Here, the secret information is the private component of a public/private-key pair, and the binding between a node's identity and private key exists indirectly through the cryptographic properties of public/private-key pairs and a binding between the identity and the public key. An authority trusted by both end nodes issues a certificate that effects this latter binding.
移动IPv6路由优化通过路由属性验证移动节点的真实性。另一种方法是加密身份验证,它需要节点的身份和某种秘密信息之间的绑定。尽管一些建议建议在可能的情况下将共享机密安装到终端节点中(参见第3.10节),但出于可伸缩性原因,预配置不是一般互联网使用的选项。基于公钥基础设施(PKI)的身份验证不需要成对预配置。这里,秘密信息是公钥/私钥对的私有组件,节点的身份和私钥之间的绑定通过公钥/私钥对的密码特性以及身份和公钥之间的绑定间接存在。两个终端节点都信任的机构会颁发一个证书,该证书会影响后一个绑定。
Large-scale use of a PKI, however, was considered unsuitable for mobility management due to the following reasons.
然而,由于以下原因,大规模使用PKI被认为不适合移动管理。
o There are differing opinions on whether a PKI could scale up to hundreds of millions of mobile nodes. Some people argue they do, as there are already examples of certification authorities responsible for millions of certificates. But more important than the expected increase in the number of certificates would be a shift in application patterns. Nowadays, public-key cryptography is used only for those applications that require strong, cryptographic authentication.
o 对于PKI能否扩展到数亿个移动节点,存在不同的意见。有些人认为他们确实如此,因为已经有认证机构负责数百万份证书的例子。但比预期的证书数量增加更重要的是应用程序模式的转变。如今,公钥加密仅用于那些需要强加密身份验证的应用程序。
If it was used for mobility management as well, certificate checks would become mandatory for any type of application, leading to more checks per user. Busy servers with mobility support might be unwilling to spent the processing resources required for this depending on the service they provide.
如果它也用于移动性管理,那么证书检查对于任何类型的应用程序都将是强制性的,这将导致每个用户进行更多的检查。具有移动性支持的繁忙服务器可能不愿意为此花费所需的处理资源,这取决于它们提供的服务。
o Revoked certificates are identified on Certificate Revocation Lists (CRLs), which correspondent nodes with mobility support would have to acquire from certification authorities. CRLs must be kept up to date, requiring periodic downloads. This and the act of checking a certificate against a CRL create overhead that some correspondent nodes might be unwilling to spend.
o 吊销的证书在证书吊销列表(CRL)上标识,具有移动性支持的对应节点必须从证书颁发机构获取这些证书。CRL必须保持最新,需要定期下载。这以及根据CRL检查证书的行为会产生一些对应节点可能不愿意花费的开销。
o Certificate verification may take some time and hence interrupt ongoing applications. This can be disturbing from the user's perspective, especially when Route Optimization starts in the middle of a session, or the session is very short-term anyway.
o 证书验证可能需要一些时间,因此会中断正在进行的应用程序。从用户的角度来看,这可能是令人不安的,特别是当路由优化在会话的中间开始时,或者会话是非常短期的。
o The bigger a PKI grows, the more attractive it becomes as an attack target, endangering the Internet as a whole.
o PKI的规模越大,其作为攻击目标的吸引力就越大,从而危及整个互联网。
o There is little experience with using home addresses as identifiers in certificates. Although the home address could theoretically be placed into a certificate's Subject Alternate Name field, the entities responsible for IP-address assignment and certification are usually not the same, and it may not be easy to coordinate the two.
o 在证书中使用家庭地址作为标识符的经验很少。虽然从理论上讲,家庭地址可以放在证书的“使用者备用名称”字段中,但负责IP地址分配和认证的实体通常不相同,并且可能不容易协调两者。
For these reasons, this document does not consider direct authentication of mobile nodes based on a PKI. Nevertheless, it does evaluate certificate-based techniques that make the problems identified above more tractable (see Section 3.12).
由于这些原因,本文档不考虑基于PKI的移动节点的直接认证。然而,它确实评估了基于证书的技术,这些技术使上述问题更易于处理(见第3.12节)。
RFC 3775 uses care-of-address tests to probe a mobile node's presence at its claimed location. Alternatively, verification of care-of addresses may be based on infrastructure in the mobile node's local access network. For instance, the infrastructure can verify that the IP source addresses of all packets leaving the network are correct. "Ingress filtering" [38][43] provides this feature to the extent that it inspects the prefix of IP source addresses and ensures topological correctness. Network-access providers that use ingress filtering normally deploy the technique in their first-hop and site-exit routers. Similarly, ISPs may filter packets originating from a downstream network.
RFC3775使用转交地址测试来探测移动节点在其声称位置的存在。或者,转交地址的验证可以基于移动节点的本地接入网络中的基础设施。例如,基础设施可以验证离开网络的所有数据包的IP源地址是否正确。“入口过滤”[38][43]提供此功能,检查IP源地址的前缀并确保拓扑正确性。使用入口过滤的网络访问提供商通常在其第一跳和站点出口路由器中部署该技术。类似地,isp可以过滤来自下游网络的分组。
Ingress filtering may eventually provide a way to replace care-of-address tests. But there are still a number of uncertainties today:
Ingress filtering may eventually provide a way to replace care-of-address tests. But there are still a number of uncertainties today:translate error, please retry
o By definition, ingress filtering can prevent source-address spoofing only from those networks that do deploy the technique. As a consequence, ingress filtering needs to be widely, preferably universally, deployed in order to constitute Internet-wide protection. As long as an attacker can get network access without filters, all Internet nodes remain vulnerable.
o 根据定义,入口过滤只能防止来自部署该技术的网络的源地址欺骗。因此,需要广泛地、最好是普遍地部署入口过滤,以便构成互联网范围的保护。只要攻击者能够在不使用过滤器的情况下访问网络,所有Internet节点都会受到攻击。
o There is little incentive for ISPs to deploy ingress filtering other than conscientiousness. Legal or regulatory prescription as well as financial motivation does not exist. A corrupt ISP might even have a financial incentive not to deploy the technique, if redirection-based denial-of-service (DoS) attacks using Route Optimization ever become possible and are exploited for financial gain. A similar issue was observed with, for example, email spam.
o 除了尽责之外,ISP几乎没有动力部署入口过滤。不存在法律或监管规定以及财务动机。如果使用路由优化的基于重定向的拒绝服务(DoS)攻击成为可能并被利用以获取经济利益,则腐败的ISP甚至可能有不部署该技术的经济动机。例如,电子邮件垃圾邮件也存在类似的问题。
o Ingress filtering is most effective, and easiest to configure, at the first-hop router. However, since only prefixes are checked, the filters inevitably get less precise the further upstream they are enforced. This issue is inherent in the technique, so the best solution is checking packets as close to the originating nodes as possible, preferably in the first-hop routers themselves.
o 入口过滤在第一跳路由器上最有效,也最容易配置。然而,由于只检查前缀,因此过滤器的精度不可避免地会随着上游位置的增加而降低。这个问题是该技术固有的,因此最好的解决方案是检查尽可能靠近原始节点的数据包,最好是在第一跳路由器中。
o A popular implementation of ingress filtering is "Reverse Path Forwarding" (RPF). This technique relies on routes to be symmetric, which is oftentimes the case between edge networks and ISPs, but far less often between peering ISPs. Alternatives to RPF are either manually configured access lists or dynamic approaches that are more relaxed, and thereby less secure, than RPF [43].
o 入口过滤的一种流行实现是“反向路径转发”(RPF)。这种技术依赖于对称的路由,这通常是边缘网络和ISP之间的情况,但对等ISP之间的情况要少得多。RPF的替代方案要么是手动配置的访问列表,要么是比RPF更宽松、因而更不安全的动态方法[43]。
o Another problem with ingress filtering is multi-homing. When a router attempts to forward to one ISP a packet with a source-address prefix from another ISP, filters at the second ISP would block the packet. The IETF seeks to find a way around this [39]. For instance, one could tunnel the packet to the topologically correct ISP, or one could allow source-address changes by means of a locator-identifier split [45].
o 入口过滤的另一个问题是多归宿。当路由器试图将另一个ISP发送的带有源地址前缀的数据包转发给一个ISP时,第二个ISP的过滤器将阻止该数据包。IETF试图找到一种解决方法[39]。例如,可以通过隧道将数据包传输到拓扑正确的ISP,或者通过定位器标识符拆分允许源地址更改[45]。
o Finally, RFC 3775 defines an Alternative Care-of Address option that mobile nodes can use to carry a care-of address within a Binding Update message outside of the IPv6 header. Such an address is not subject to inspection by ingress filtering and would have to be verified through other means [14].
o 最后,rfc3775定义了一个替代的转交地址选项,移动节点可以使用该选项在IPv6报头之外的绑定更新消息中携带转交地址。这样的地址不受入口过滤的检查,必须通过其他方式进行验证[14]。
Although these problems are expected to get solved eventually, there is currently little knowledge on how applicable and deployable, as a candidate for care-of-address verification, ingress filtering will be. High investments or administrative hurdles could prevent a large, preferably universal deployment of ingress filtering, which would hinder Internet-wide protection, as mentioned in the first bullet. For these reasons, this document does not consider ingress filtering as a viable alternative to care-of-address tests, although things may be different in the future.
尽管这些问题有望最终得到解决,但目前还不知道如何应用和部署入口过滤,作为转交地址验证的候选者。高投资或管理障碍可能会阻止大规模、最好是普遍部署入口过滤,这将阻碍互联网范围的保护,如第一个项目中所述。由于这些原因,本文档并不认为入口过滤是一种可行的替代地址测试的方法,尽管将来的情况可能有所不同。
Wireless environments with frequently moving nodes feature a number of salient properties that distinguish them from environments with stationary nodes or nodes that move only occasionally. One important aspect is the efficiency of mobility management. Nodes may not bother about a few round-trip times of handoff latency if they do not change their point of IP attachment often. But the negative impact that a mobility protocol can have on application performance increases with the level of mobility. Therefore, in order to maximize user satisfaction, it is important to reduce the handoff latency that the mobility protocol adds to existing delays in other places of the network stack. A related issue is the robustness of the mobility protocol, given that temporary outage of mobility support can render mobile nodes incapable of continuing to communicate.
具有频繁移动节点的无线环境具有许多显著的特性,这些特性将其与具有固定节点或仅偶尔移动的节点的环境区分开来。一个重要方面是移动性管理的效率。如果节点不经常更改其IP连接点,则它们可能不会担心切换延迟的一些往返时间。但是,移动协议对应用程序性能的负面影响随着移动级别的增加而增加。因此,为了最大限度地提高用户满意度,重要的是减少移动性协议增加到网络堆栈其他位置的现有延迟的切换延迟。一个相关的问题是移动协议的健壮性,因为移动支持的临时中断会导致移动节点无法继续通信。
Furthermore, the wireless nature of data transmissions makes it potentially easier for an attacker to eavesdrop on other nodes' data or send data on behalf of other nodes. While applications can usually authenticate and encrypt their payload if need be, similar security measures may not be feasible for signaling packets of a mobility protocol, in particular if communicating end nodes have no pre-existing relationship.
此外,数据传输的无线性质使得攻击者可能更容易窃听其他节点的数据或代表其他节点发送数据。虽然应用程序通常可以在需要时对其有效载荷进行认证和加密,但对于移动协议的信令分组来说,类似的安全措施可能不可行,特别是在通信终端节点没有预先存在的关系的情况下。
Given the typically limited bandwidth in a wireless medium, resources ought to be spent in an economic matter. This is especially important for the amount of signaling that a mobility protocol requires.
考虑到无线媒体中通常有限的带宽,资源应该用于经济问题。这对于移动协议所需的信令量尤其重要。
Endeavors to enhance RFC 3775 Route Optimization generally strive for reduced handoff latency, higher security, lower signaling overhead, or increased protocol robustness. These objectives are herein discussed from a requirements perspective; the technical means to reach the objectives is not considered, nor is the feasibility of achieving them.
增强RFC 3775路由优化的努力通常致力于减少切换延迟、提高安全性、降低信令开销或增强协议鲁棒性。本文从需求的角度讨论了这些目标;没有考虑实现这些目标的技术手段,也没有考虑实现这些目标的可行性。
One important objective for improving Route Optimization is to reduce handoff latencies. Assuming that the home-address test dominates the care-of-address test in terms of latency, a Mobile IPv6 handoff takes one round-trip time between the mobile node and the home agent for the home registration, a round-trip time between the mobile node and the home agent plus a round-trip time between the home agent and the correspondent node for the home-address test, and a one-way time from the mobile node to the correspondent node for the propagation of the Binding Update message. The first packet sent to the new care-of address requires an additional one-way time to propagate from the correspondent node to the mobile node. The mobile node can resume communications right after it has dispatched the Binding Update message. But if it requests a Binding Acknowledgment message from the correspondent node, communications are usually delayed until this is received.
改进路由优化的一个重要目标是减少切换延迟。假设家庭地址测试在延迟方面主导了转交地址测试,移动IPv6切换在移动节点和家庭注册的家庭代理之间需要一个往返时间,移动节点和归属代理之间的往返时间加上归属代理和对应节点之间用于归属地址测试的往返时间,以及从移动节点到对应节点的用于传播绑定更新消息的单向时间。发送到新转交地址的第一个分组需要额外的单向时间从对应节点传播到移动节点。移动节点可以在发送绑定更新消息后立即恢复通信。但是,如果它从对应节点请求绑定确认消息,则通信通常会延迟,直到收到该消息为止。
These delays are additive and are not subsumed by other delays at the IP layer or link layer. They can cause perceptible quality degradations for interactive and real-time applications. TCP bulk-data transfers are likewise affected since long handoff latencies may lead to successive retransmission timeouts and degraded throughput.
这些延迟是加性的,不包含在IP层或链路层的其他延迟中。它们会导致交互式和实时应用程序的质量明显下降。TCP批量数据传输同样受到影响,因为长切换延迟可能导致连续的重新传输超时和吞吐量降低。
The return-routability procedure was designed with the objective to provide a level of security that compares to that of today's non-mobile Internet [46]. As such, it protects against impersonation, denial of service, and redirection-based flooding attacks that would not be possible without Route Optimization. This approach is based on an assumption that a mobile Internet cannot become any safer than the non-mobile Internet.
返回可路由性程序旨在提供与当今非移动互联网相比的安全级别[46]。因此,它可以防止模拟、拒绝服务和基于重定向的泛洪攻击,这些攻击在没有路由优化的情况下是不可能发生的。这种方法基于一种假设,即移动互联网不会比非移动互联网更安全。
Applications that require a security level higher than what the return-routability procedure can provide are generally advised to use end-to-end protection such as IPsec or Transport Layer Security (TLS). But even then they are vulnerable to denial of service. This motivates research for stronger Route Optimization security. Security enhancements may also become necessary if future technological improvements mitigate some of the existing mobility-unrelated vulnerabilities.
通常建议要求安全级别高于返回可路由性过程所能提供的安全级别的应用程序使用端到端保护,如IPsec或传输层安全(TLS)。但即便如此,它们也容易受到拒绝服务的攻击。这推动了对更强路由优化安全性的研究。如果未来的技术改进能够缓解一些现有的与移动性无关的漏洞,那么安全性增强也可能成为必要。
One particular issue with Route Optimization is location privacy because route-optimized packets carry both home and care-of addresses in plaintext. A standard workaround is to fall back to Bidirectional Tunneling when location privacy is needed. Packets with the care-of address are then transferred only between the mobile node and the
路由优化的一个特殊问题是位置隐私,因为路由优化的数据包以明文形式携带家庭地址和照顾地址。当需要位置隐私时,一个标准的解决方法是退回到双向隧道。然后,具有转交地址的数据包仅在移动节点和移动节点之间传输
home agent, where they can be encrypted through IPsec Encapsulating Security Payload (ESP) [42]. But even Bidirectional Tunneling requires the mobile node to periodically re-establish IPsec security associations with the home agent so as to become untraceable through Security Parameter Indexes (SPIs).
归属代理,可通过IPsec封装安全有效负载(ESP)对其进行加密[42]。但是,即使双向隧道也需要移动节点定期与归属代理重新建立IPsec安全关联,以便通过安全参数索引(spi)变得不可跟踪。
Route Optimization requires periodic signaling even when the mobile node does not move. The signaling overhead amounts to 7.16 bits per second if the mobile node communicates with a stationary node [6]. It doubles if both peers are mobile. This overhead may be negligible when the nodes communicate, but it can be an issue for mobile nodes that are inactive and stay at the same location for a while. These nodes typically prefer to go to standby mode to conserve battery power. Also, the periodic refreshes consume a fraction of the wireless bandwidth that one could use more efficiently. Optimizations for reduced signaling overhead could mitigate these issues.
即使移动节点不移动,路由优化也需要周期性信令。如果移动节点与固定节点通信,则信令开销达到每秒7.16位[6]。如果两个对等点都是移动的,则会加倍。当节点通信时,这种开销可以忽略不计,但对于处于非活动状态且在同一位置停留一段时间的移动节点来说,这可能是一个问题。这些节点通常更喜欢进入待机模式以节省电池电量。此外,定期刷新消耗的无线带宽只占可以更有效使用的带宽的一小部分。减少信令开销的优化可以缓解这些问题。
Route Optimization could conceptually enable continued communications during periods of temporary home-agent unavailability. The protocol defined in RFC 3775 does not achieve this independence, however, as the home agent plays an active role in the return-routability procedure. Appropriate enhancements could increase the independence from the home agent and thus enable robust Route Optimization even in the absence of the home agent.
路由优化在概念上可以在临时归属代理不可用期间实现持续通信。然而,RFC 3775中定义的协议没有实现这种独立性,因为归属代理在返回可路由性过程中起着积极的作用。适当的增强可以增加与归属代理的独立性,从而即使在没有归属代理的情况下也能够实现健壮的路由优化。
A large body of effort has recently gone into improving Mobile IPv6 Route Optimization. Some of the proposed techniques are modifications to the return-routability procedure, while others replace the procedure by alternative mechanisms. Some of them operate end-to-end; others introduce network-side mobility support. In most cases, it is the combination of a set of techniques that is required to gain a complete -- that is, efficient and secure -- route-optimization mechanism.
最近,人们投入了大量精力来改进移动IPv6路由优化。所提出的一些技术是对返回可路由性程序的修改,而另一些技术则用替代机制取代该程序。其中一些是端到端操作;另一些则引入了网络端移动性支持。在大多数情况下,要获得一个完整的——也就是说,高效和安全的——路由优化机制,需要结合一组技术。
RFC 3775 uses IP-address tests to ensure that a mobile node is live and on the path to a specific destination address: The home-address test provides evidence that the mobile node is the legitimate owner of its home address; the care-of-address test detects spoofed care-of addresses and prevents redirection-based flooding attacks. Both tests can be performed in parallel.
RFC 3775使用IP地址测试来确保移动节点处于活动状态,并且位于特定目的地地址的路径上:家庭地址测试提供了移动节点是其家庭地址合法所有者的证据;转交地址测试检测伪造的转交地址,并防止基于重定向的泛洪攻击。这两项测试可以并行进行。
A home-address test should be initiated by the mobile node so that the correspondent node can delay state creation until the mobile node has authenticated. The care-of-address test can conceptually be initiated by either side. It originates with the mobile node in RFC 3775, but with the correspondent node in [16] and [22]. The correspondent-node-driven approach suggests itself when authentication is done through other means than a home-address test.
归属地址测试应由移动节点发起,以便对应节点可以延迟状态创建,直到移动节点已经认证。从概念上讲,测试可以由任意一方启动。它起源于RFC 3775中的移动节点,但起源于[16]和[22]中的对应节点。当身份验证是通过除家庭地址测试以外的其他方式完成时,相应的节点驱动方法会自行提出。
Important advantages of IP-address tests are zero-configurability and the independence of ancillary infrastructure. As a disadvantage, IP-address tests can only guarantee that a node is on the path to the probed address, not that the node truly owns this address. This does not lead to new security threats, however, because the types of attacks that an on-path attacker can do with Route Optimization are already possible in the non-mobile Internet [46].
IP地址测试的重要优点是零可配置性和辅助基础设施的独立性。作为缺点,IP地址测试只能保证节点位于被探测地址的路径上,而不能保证节点真正拥有该地址。然而,这不会导致新的安全威胁,因为路径上的攻击者可以通过路由优化进行的攻击类型在非移动互联网中已经存在[46]。
RFC 3775 protects certain signaling messages, exchanged between a mobile node and its home agent, through an authenticated and encrypted tunnel. This prevents unauthorized nodes on that path, including eavesdroppers in the mobile node's wireless access network, from listening in on these messages.
RFC 3775通过经过认证和加密的隧道保护移动节点与其归属代理之间交换的某些信令消息。这可防止该路径上未经授权的节点(包括移动节点无线接入网络中的窃听者)监听这些消息。
Given that a pre-existing end-to-end security relationship between the mobile node and the correspondent node cannot generally be assumed, this protection exists only for the mobile node's side. If the correspondent node is immobile, the path between the home agent and the correspondent node remains unprotected. This is a path between two stationary nodes, so all types of attacks that a villain could wage on this path are already possible in the non-mobile Internet. In case the correspondent node is mobile, it has its own home agent, and only the path between the two (stationary) home agents remains unprotected.
考虑到移动节点和对应节点之间预先存在的端到端安全关系通常不能被假定,该保护仅存在于移动节点侧。如果对应节点不可移动,则归属代理和对应节点之间的路径保持不受保护。这是两个固定节点之间的一条路径,因此在非移动互联网中,恶棍可能在这条路径上发起的所有类型的攻击都是可能的。如果对应节点是移动的,它有自己的归属代理,并且只有两个(固定的)归属代理之间的路径保持不受保护。
Many Mobile IPv6 implementations [29][31] defer a correspondent registration until the associated home registration has been completed successfully. In contrast to such "conservative" behavior, a more "optimistic" approach is to begin the return-routability procedure in parallel with the home registration [52]. Conservative behavior avoids a useless return-routability procedure in case the home registration fails. This comes at the cost of additional handoff delay when the home registration is successful. Optimistic behavior saves this delay, but the return-routability procedure will be in vain should the corresponding home registration be unsuccessful.
许多移动IPv6实现[29][31]将相应的注册推迟到相关的家庭注册成功完成。与这种“保守”行为相比,一种更“乐观”的方法是在家庭注册的同时开始返回路由程序[52]。在家庭注册失败的情况下,保守行为避免了无用的返回路由程序。这是以家庭注册成功时额外的切换延迟为代价的。乐观行为避免了这种延迟,但如果相应的家庭注册失败,返回路由程序将是徒劳的。
While a parallelization of the home registration and the return-routability procedure is feasible within the bounds of RFC 3775, the specification does not permit mobile nodes to continue with the correspondent registration, by sending a Binding Update message to the correspondent node, until a Binding Acknowledgment message indicating successful home registration has been received. This is usually not a problem because the return-routability procedure is likely to take longer than the home registration anyway. However, some optimizations (see Section 3.4) reduce the delay caused by the return-routability procedure. A useful improvement is then to allow Binding Update messages to be sent to correspondent nodes even before the home registration has been acknowledged.
虽然归属注册和返回路由性过程的并行化在RFC 3775的范围内是可行的,但该规范不允许移动节点通过向对应节点发送绑定更新消息来继续对应注册,直到收到指示成功注册的绑定确认消息。这通常不是问题,因为无论如何,返回可路由性过程可能比家庭注册花费更长的时间。然而,一些优化(见第3.4节)减少了返回路由性过程造成的延迟。一个有用的改进是允许绑定更新消息甚至在家庭注册被确认之前发送到相应的节点。
The drawback of optimistic behavior is that a lost, reordered, or rejected Binding Update message can cause data packets to be discarded. Nevertheless, packet loss would have similar negative impacts on conservative approaches, so the mobile node needs to be prepared for the possible loss of these packets in any case.
乐观行为的缺点是丢失、重新排序或拒绝的绑定更新消息会导致数据包被丢弃。然而,分组丢失将对保守的方法产生类似的负面影响,因此移动节点需要为这些分组在任何情况下的可能丢失做好准备。
The critical handoff phase, during which the mobile node and the correspondent node cannot fully communicate, spans the home registration and the correspondent registration, including the return-routability procedure. One technique to shorten this phase is to accomplish part of the signaling proactively before the handoff. In particular, the home-address test can be done in advance without violating the specifications of RFC 3775 [52][51].
关键切换阶段,在此期间移动节点和对应节点不能完全通信,跨越归属注册和对应注册,包括返回路由性过程。缩短此阶段的一种技术是在切换前主动完成部分信令。特别是,在不违反RFC 3775[52][51]规范的情况下,可以提前进行家庭地址测试。
In order to have a fresh home keygen token ready for a future handoff, the mobile node should initiate a proactive home-address test at least once per token lifetime, that is, every 3.5 minutes. This does at most double the signaling overhead spent on home-address tests given that correspondent registrations must be refreshed every
为了使新的归属keygen令牌为将来的切换做好准备,移动节点应在每个令牌生存期(即每3.5分钟)至少发起一次主动归属地址测试。这最多使家庭地址测试所花费的信令开销增加一倍,因为每个月都必须刷新相应的注册
7 minutes even when the mobile node does not move for a while. An optimization is possible where the mobile node's local link layer can anticipate handoffs and trigger the home-address test in such a case. [6] or [54] reduce the frequency of home-address tests even further. Proactive care-of-address tests are possible only if the mobile node is capable of attaching to two networks simultaneously. Dual attachment is possible if the link-layer technology enables it with a single interface [10], or if the mobile node is endowed with multiple interfaces [7].
7分钟,即使移动节点暂时不移动。在这种情况下,当移动节点的本地链路层可以预测切换并触发归属地址测试时,可以进行优化。[6] 或者[54]进一步降低家庭住址测试的频率。只有当移动节点能够同时连接到两个网络时,才可能进行主动转交地址测试。如果链路层技术使用单个接口实现双连接[10],或者如果移动节点具有多个接口[7],则可以实现双连接。
Without the assumption that a mobile node can simultaneously attach to multiple networks, proactive care-of-address tests, executed prior to handoff, are not an option. A correspondent node may instead authorize a mobile node to defer the care-of-address test until an early, tentative binding has been registered [52][51]. This in combination with a technique to eliminate the handoff delay of home-address tests (see Section 3.4 and Section 3.9) facilitates early resumption of bidirectional communications subsequent to handoff. The care-of address is called "unverified" during the concurrent care-of-address test, and it is said to be "verified" once the correspondent node has obtained evidence that the mobile node is present at the address. A tentative binding's lifetime can be limited to a few seconds.
如果不假设移动节点可以同时连接到多个网络,那么在切换之前执行的主动式地址照管测试就不是一个选项。代理节点可以授权移动节点推迟转交地址测试,直到注册了早期的临时绑定[52][51]。这与消除家庭地址测试的切换延迟的技术(参见第3.4节和第3.9节)相结合,有助于在切换后尽早恢复双向通信。在同步转交地址测试期间,转交地址被称为“未验证”,并且一旦对应节点获得移动节点存在于该地址的证据,则称其为“已验证”。临时绑定的生存期可以限制为几秒钟。
Home-address tests must not be accomplished concurrently, however, given that they serve the purpose of authentication. They guarantee that only the legitimate mobile node can create or update a binding pertaining to a particular home address.
但是,由于家庭地址测试用于身份验证,因此不能同时完成。它们保证只有合法的移动节点才能创建或更新与特定家庭地址相关的绑定。
mobile node home agent correspondent node | | | | | | |--Home Test Init------>|---------------------->| | | | | | | |<----------------------|<-----------Home Test--| | | | | | ~~+~~ handoff | | | |--Early Binding Update------------------------>| -+- |--Care-of Test Init -------------------------->| | | | | | | | care-of |<----------------Early Binding Acknowledgment--| | address |<-------------------------------Care-of Test---| | unverified | | | | | | |--Binding Update------------------------------>| -+- | | | | |<----------------------Binding Acknowledgment--| | |
mobile node home agent correspondent node | | | | | | |--Home Test Init------>|---------------------->| | | | | | | |<----------------------|<-----------Home Test--| | | | | | ~~+~~ handoff | | | |--Early Binding Update------------------------>| -+- |--Care-of Test Init -------------------------->| | | | | | | | care-of |<----------------Early Binding Acknowledgment--| | address |<-------------------------------Care-of Test---| | unverified | | | | | | |--Binding Update------------------------------>| -+- | | | | |<----------------------Binding Acknowledgment--| | |
Figure 1: Concurrent Care-of Address Tests
图1:并发地址照管测试
Figure 1 illustrates how concurrent care-of-address tests are used in [52][51]: As soon as the mobile node has configured a new care-of address after a handoff, it sends to the correspondent node an Early Binding Update message. Only a home keygen token, obtained from a proactive home-address test, is required to sign this message. The correspondent node creates a tentative binding for the new, unverified care-of address when it receives the Early Binding Update message. This address can be used immediately. The mobile node finally sends a (standard) Binding Update message to the correspondent node when the concurrent care-of-address test is complete. Credit-Based Authorization (see Section 3.7) prevents misuse of care-of addresses while they are unverified.
图1说明了[52][51]中如何使用并发转交地址测试:一旦移动节点在切换后配置了新的转交地址,它就会向对应节点发送一条早期绑定更新消息。只有从主动式家庭地址测试中获得的家庭密钥生成令牌才需要对此消息进行签名。通讯节点在接收到早期绑定更新消息时,会为新的、未经验证的转交地址创建一个临时绑定。这个地址可以立即使用。当并发转交地址测试完成时,移动节点最终向对应节点发送(标准)绑定更新消息。基于信用的授权(见第3.7节)可防止在未经验证的情况下滥用转交地址。
Given that a home registration is faster than a correspondent registration in the absence of additional optimizations, the mobile node may request its traffic to be routed through the home address until a new binding has been set up at the correspondent node [52][51]. The performance of such diverted routing depends on the propagation properties of the involved routes, however.
假设在没有额外优化的情况下,归属注册比对应注册快,则移动节点可以请求通过归属地址路由其通信量,直到在对应节点上建立了新的绑定[52][51]。然而,这种转移路由的性能取决于所涉及路由的传播特性。
For packets to be diverted via the home address, signaling is necessary with both the home agent and the correspondent node. The home agent must be informed about the new care-of address so that it can correctly forward packets intercepted at the home address. The correspondent node continues to send packets to the old care-of address until it receives a Binding Update message indicating that the current binding is no longer valid and ought to be removed. This request requires authentication through a home-address test in order to prevent denial of service by unauthorized nodes. The test can be accomplished in a proactive way (see Section 3.4).
对于要经由归属地址转移的分组,归属代理和对应节点都需要信令。必须通知归属代理新的转交地址,以便它能够正确转发在归属地址截获的数据包。通信节点继续向旧的转交地址发送数据包,直到它收到一条绑定更新消息,指示当前绑定不再有效,应该删除。此请求需要通过家庭地址测试进行身份验证,以防止未经授权的节点拒绝服务。测试可以主动完成(见第3.4节)。
The mobile node may send packets via the home address as soon as it has dispatched the Binding Update message to the home agent. It may send outgoing packets along the direct path once a Binding Update message for the new care-of address has been sent to the correspondent node.
一旦移动节点已经将绑定更新消息发送给归属代理,它就可以经由归属地址发送分组。一旦新转交地址的绑定更新消息被发送到对应节点,它就可以沿着直接路径发送传出分组。
It depends on the propagation latency on the end-to-end path via the home agent relative to the latency on the direct path for how long the correspondent node should continue to send packets to the home address. If the former path is slow, it may be better to queue some of the packets until the correspondent registration is complete and packets can be sent along the direct route.
它取决于通过归属代理的端到端路径上的传播延迟相对于直接路径上的延迟,对应节点应继续向归属地址发送数据包的时间。如果前一条路径较慢,则最好将一些数据包排队,直到相应的注册完成,并且数据包可以沿直接路由发送。
Concurrent care-of-address tests (see Section 3.5) require protection against spoofed unverified care-of addresses and redirection-based flooding attacks. Credit-Based Authorization [50] is a technique that provides such protection based on the following three hypotheses:
并发地址照管测试(见第3.5节)需要针对伪造的未经验证的地址照管和基于重定向的泛洪攻击提供保护。基于信用的授权[50]是一种基于以下三个假设提供此类保护的技术:
1. A flooding attacker typically seeks to somehow multiply the packets it assembles for the purpose of the attack because bandwidth is an ample resource for many attractive victims.
1. 洪水攻击者通常试图以某种方式将其为攻击目的而组合的数据包相乘,因为带宽对于许多有吸引力的受害者来说是一个充足的资源。
2. An attacker can always cause unamplified flooding by generating bogus packets itself and sending them to its victim directly.
2. 攻击者总是可以通过自身生成虚假数据包并直接将其发送给受害者,从而导致未经扩展的洪水泛滥。
3. Consequently, the additional effort required to set up a redirection-based flooding attack pays off for the attacker only if amplification can be obtained this way.
3. 因此,设置基于重定向的泛洪攻击所需的额外努力只有在通过这种方式获得放大效果的情况下才能为攻击者带来回报。
On this basis, rather than eliminating malicious packet redirection in the first place, Credit-Based Authorization prevents any amplification that can be reached through it. This is accomplished by limiting the data a correspondent node can send to an unverified care-of address of a mobile node by the data that the correspondent
在此基础上,基于信用的授权不会首先消除恶意的数据包重定向,而是防止通过它可以达到的任何放大。这是通过限制通信节点可以通过通信节点发送的数据发送到移动节点的未经验证的转交地址来实现的
node has recently received from that mobile node. (See Section 3.5 for a definition on when a care-of address is verified and when it is unverified.) A redirection-based flooding attack is thus no more attractive than pure direct flooding, where the attacker itself sends bogus packets to the victim. It is actually less attractive given that the attacker must keep Mobile IPv6 state to coordinate the redirection.
节点最近收到了来自该移动节点的消息。(有关何时验证转交地址以及何时未验证转交地址的定义,请参见第3.5节。)因此,基于重定向的洪泛攻击并不比纯粹的直接洪泛攻击更具吸引力,在这种情况下,攻击者本身会向受害者发送假数据包。考虑到攻击者必须保持移动IPv6状态以协调重定向,这实际上不太吸引人。
mobile node correspondent node | | | | address |--data----------------->| credit += size(data) verified | | |--data----------------->| credit += size(data) |<-----------------data--| don't change credit | | address + address change | unverified |<-----------------data--| credit -= size(data) |--data----------------->| credit += size(data) |<-----------------data--| credit -= size(data) | | |<-----------------data--| credit -= size(data) | X credit < size(data) | | ==> Do not send! address | | verified |<-----------------data--| don't change credit | |
mobile node correspondent node | | | | address |--data----------------->| credit += size(data) verified | | |--data----------------->| credit += size(data) |<-----------------data--| don't change credit | | address + address change | unverified |<-----------------data--| credit -= size(data) |--data----------------->| credit += size(data) |<-----------------data--| credit -= size(data) | | |<-----------------data--| credit -= size(data) | X credit < size(data) | | ==> Do not send! address | | verified |<-----------------data--| don't change credit | |
Figure 2: Credit-Based Authorization
图2:基于信用的授权
Figure 2 illustrates Credit-Based Authorization for an exemplifying exchange of data packets: The correspondent node measures the bytes received from the mobile node. When the mobile node registers a new care-of address, the correspondent node labels this address "unverified" and sends packets there as long as the sum of the packet sizes does not exceed the measured, received data volume. A concurrent care-of-address test is meanwhile performed. Once the care-of address has been verified, the correspondent node relabels the address from "unverified" to "verified". Packets can then be sent to the new care-of address without restrictions. When insufficient credit is left while the care-of address is still "unverified", the correspondent node stops sending further packets to the address until the verification completes. The correspondent node may drop these packets, direct them to the mobile node's home address, or buffer them for later transmission when the care-of address is verified. Figure 2 does not show Mobile IPv6 signaling packets.
图2举例说明了数据包交换的基于信用的授权:对应节点测量从移动节点接收的字节。当移动节点注册新的转交地址时,对应节点将该地址标记为“未验证”,并在那里发送分组,只要分组大小之和不超过测量的接收数据量。同时执行并发的转交地址测试。一旦转交地址被验证,对应节点将地址从“未验证”重新标记为“已验证”。然后,数据包可以不受限制地发送到新的转交地址。当在转交地址仍然“未验证”的情况下留下不足的信用时,对应节点停止向该地址发送进一步的数据包,直到验证完成。对应节点可以丢弃这些分组,将它们定向到移动节点的家庭地址,或者在验证转交地址时缓冲它们以便稍后传输。图2未显示移动IPv6信令包。
The correspondent node ensures that the mobile node's acquired credit gradually decreases over time. This "aging" prevents the mobile node from building up credit over a long time. A malicious node with a slow Internet connection could otherwise provision for a burst of redirected packets that does not relate to its own upstream capacity.
对应节点确保移动节点获得的信用随时间逐渐减少。这种“老化”防止移动节点长时间积累信用。具有慢速Internet连接的恶意节点可能会以其他方式提供与自身上游容量无关的重定向数据包突发。
Allocating the mobile node's credit based on the packets that the mobile node sends and reducing the credit based on packets that the mobile node receives is defined as "Inbound Mode". (The correspondent node is in control of credit allocation, and it computes the credit based on inbound packets received from the mobile node.) A nice property of Inbound Mode is that it does not require support from the mobile node. The mobile node neither needs to understand that Credit-Based Authorization is effective at the correspondent node, nor does it have to have an idea of how much credit it has at a particular point in time.
基于移动节点发送的分组分配移动节点的信用并基于移动节点接收的分组减少信用被定义为“入站模式”。(对应节点控制信用分配,并根据从移动节点接收的入站数据包计算信用。)入站模式的一个好特性是它不需要移动节点的支持。移动节点不需要了解基于信用的授权在对应节点是有效的,也不需要知道在特定时间点它拥有多少信用。
Inbound Mode works fine with applications that send comparable data volumes into both directions. On the other hand, the mode may prevent the mobile node from collecting the amount of credit it needs for a handoff when applications with asymmetric traffic patterns are in use. For instance, file transfers and media streaming are characterized by high throughput towards the client, typically the mobile node, and comparably little throughput towards the serving correspondent node.
入站模式适用于向两个方向发送可比较数据量的应用程序。另一方面,该模式可防止移动节点在使用具有非对称业务模式的应用时收集其用于切换所需的信用量。例如,文件传输和媒体流的特点是对客户端(通常是移动节点)的高吞吐量,而对服务对应节点的吞吐量相对较小。
An additional "Outbound Mode" was designed to better accommodate applications with asymmetric traffic patterns. In Outbound Mode, packets that the correspondent node sends to the mobile node determine both, how much the credit increases while the current care-of address is verified, and how much the credit shrinks while the care-of address is unverified. This resolves the issue with asymmetric traffic patterns.
额外的“出站模式”旨在更好地适应具有不对称流量模式的应用程序。在出站模式下,对应节点发送给移动节点的数据包确定了这两个方面,即在验证当前转交地址时信用增加了多少,以及在未验证转交地址时信用收缩了多少。这解决了不对称流量模式的问题。
The security of Outbound Mode is based on the further hypothesis that the mobile node invests comparable effort for packet reception and transmission in terms of bandwidth, memory, and processing capacity. This justifies why credit, allocated for packets received by the mobile node, can be turned into packets that the correspondent node sends. The question is, though, how the correspondent node can determine how many of the packets sent to a mobile node are actually received and processed by that mobile node. Relying on transport-layer acknowledgments is not an option as such messages can easily be faked. Outbound Mode hence defines its own feedback mechanism, Care-of Address Spot Checks, which is robust to spoofing. The correspondent node periodically tags packets that it sends to the mobile node with a random, unguessable number, a so-called Spot Check Token. When the mobile node receives a packet with an attached Spot
出站模式的安全性基于进一步的假设,即移动节点在带宽、内存和处理能力方面为分组接收和传输投入相当的努力。这证明了为什么分配给移动节点接收的数据包的信用可以转换为对应节点发送的数据包。然而,问题是对应节点如何确定发送到移动节点的数据包中有多少是由该移动节点实际接收和处理的。依赖传输层确认不是一个选项,因为这样的消息很容易被伪造。出站模式因此定义了它自己的反馈机制,即关注地址抽查,这对欺骗非常有效。对应节点使用随机的、不可用的数字(即所谓的抽查令牌)周期性地标记发送给移动节点的数据包。当移动节点接收到带有连接点的分组时
Check Token, it buffers the token until it sends the next packet to the correspondent node. The Spot Check Token is then included in this packet. Upon reception, the correspondent node verifies whether the returned Spot Check Token matches a token recently sent to the mobile node. New credit is allocated in proportion to the ratio between the number of successfully returned Spot Check Tokens and the total number of tokens sent. This implies that new credit is approximately proportional to the fraction of packets that have made their way at least up to the mobile node's IP stack. The preciseness of Care-of Address Spot Checks can be traded with overhead through the frequency with which packets are tagged with Spot Check Tokens.
检查令牌,它缓冲令牌,直到它将下一个数据包发送到对应节点。然后,抽样检查令牌包含在此数据包中。在接收时,对应节点验证返回的抽查令牌是否与最近发送给移动节点的令牌匹配。根据成功返回的抽查代币数量与发送的代币总数之间的比例分配新信用。这意味着新的信用大约与至少到达移动节点IP堆栈的数据包的比例成正比。通过使用抽查令牌标记数据包的频率,地址抽查的精确性可以与开销交换。
An interesting question is whether Outbound Mode could be misused by an attacker with asymmetric Internet connection. Widespread digital subscriber lines (DSL), for example, typically have a much higher download rate than upload rate. The limited upload rate would render most denial-of-service attempts through direct flooding meaningless. But the attacker could leverage the strong download rate to build up credit at one or multiple correspondent nodes. It could then illegitimately spend the credit on a stronger, redirection-based flooding attack. The reason why this has so far not been considered an issue is that, in order to accumulate enough credit at the remote end, the attacker would first have to expose itself to the same packet flood that it could then redirect towards the victim.
一个有趣的问题是出站模式是否会被具有不对称Internet连接的攻击者误用。例如,广泛使用的数字用户线路(DSL)通常具有比上传速率高得多的下载速率。有限的上传速率将使大多数通过直接洪泛的拒绝服务尝试变得毫无意义。但攻击者可以利用强大的下载速率在一个或多个对应节点上建立信誉。然后,它可能会非法地将信贷用于更强大的、基于重定向的洪水攻击。到目前为止,这还没有被视为一个问题的原因是,为了在远程端积累足够的信用,攻击者必须首先将自己暴露在相同的数据包洪水中,然后将其重定向到受害者。
Heuristic approaches to prevent misuse of unverified care-of addresses (see Section 3.5) are conceivable as well. A heuristic, implemented at the correspondent node and possibly supplemented by a restrictive lifetime limit for tentative bindings, can prevent, or at least effectually discourage such misuse. The challenge here seems to be a feasible heuristic: On one hand, the heuristic must be sufficiently rigid to quickly respond to malicious intents at the other side. On the other hand, it should not have a negative impact on a fair-minded mobile node's communications.
还可以设想采用启发式方法来防止未经验证的转交地址被误用(见第3.5节)。在对应节点上实现的启发式方法,可能会由临时绑定的限制性生存期限制加以补充,可以防止或至少有效地阻止此类误用。这里的挑战似乎是一个可行的启发式方法:一方面,启发式方法必须足够严格,以快速响应另一方的恶意意图。另一方面,它不应该对公正的移动节点的通信产生负面影响。
Another problem with heuristics is that they are usually reactive. The correspondent node can only respond to misbehavior after it appeared. If sanctions are imposed quickly, attacks may simply not be worthwhile. Yet premature measures should be avoided. One must also bear in mind that an attacker may be able to use different home addresses, and it is in general impossible for the correspondent node to see that the set of home addresses belongs to the same node. The attacker may furthermore exploit multiple correspondent nodes for its attack in an attempt to amplify the result.
启发式的另一个问题是它们通常是被动的。对应节点只能在错误行为出现后对其作出响应。如果迅速实施制裁,袭击可能根本不值得。然而,应该避免过早的措施。还必须记住,攻击者可能会使用不同的家庭地址,而通信节点通常不可能看到家庭地址集属于同一节点。攻击者还可以利用多个对应节点进行攻击,以扩大攻击结果。
A Crypto-Based Identifier (CBID) is an identifier with a strong cryptographic binding to the public component of its owner's public/private-key pair [33]. This allows the owner to prove its claim on the CBID: It signs a piece of data with its private key and sends this to the verifier along with its public key and the parameters necessary to recompute the CBID. The verifier recomputes the CBID and checks the owner's knowledge of the corresponding private key.
基于加密的标识符(CBID)是一种与所有者的公钥/私钥对的公共组件具有强加密绑定的标识符[33]。这允许所有者证明其对CBID的声明:它使用私钥对一段数据进行签名,并将其连同公钥和重新计算CBID所需的参数一起发送给验证器。验证器重新计算CBID并检查所有者对相应私钥的了解。
CBIDs offer three main advantages: First, spoofing attacks against a CBID are much harder than attacks against a non-cryptographic identifier like a domain name or a Mobile IPv6 home address. Though an attacker can always create its own CBID, it is unlikely to find a public/private-key pair that produces someone else's. Second, a CBID does not depend on a PKI given its inherent binding to the owner's public key. Third, a CBID can be used to bind a public key to an IP address, in which case it is called a Cryptographically Generated Address (CGA) [44][34][47]. A CGA is syntactically just an ordinary IPv6 address. It has a standard routing prefix and an interface identifier generated from a hash on the CGA owner's public key and additional parameters.
CBID有三个主要优点:首先,针对CBID的欺骗攻击比针对非加密标识符(如域名或移动IPv6家庭地址)的攻击要困难得多。尽管攻击者始终可以创建自己的CBID,但不太可能找到生成其他人CBID的公钥/私钥对。其次,CBID不依赖于PKI,因为它与所有者的公钥具有固有的绑定。第三,CBID可用于将公钥绑定到IP地址,在这种情况下,它被称为加密生成地址(CGA)[44][34][47]。CGA在语法上只是一个普通的IPv6地址。它有一个标准路由前缀和一个接口标识符,该标识符是由CGA所有者公钥上的散列和其他参数生成的。
Many applications are conceivable where CGAs are advantageous. In Mobile IPv6, CGAs can bind a mobile node's home address to its public key [35][5] and so avoid the home-address test in most correspondent registrations. This accelerates the registration process and allows the peers to communicate independently of home-agent availability.
在CGA有利的地方,许多应用是可以想象的。在移动IPv6中,CGA可以将移动节点的家庭地址绑定到其公钥[35][5],从而在大多数对应注册中避免家庭地址测试。这加快了注册过程,并允许对等方独立于归属代理可用性进行通信。
Since only the interface identifier of a CGA is cryptographically protected, its network prefix can be spoofed, and flooding attacks against networks are still an issue. An initial home-address test is hence required to validate the network prefix even when the home address is a CGA. For the same reason, CGAs are rarely used as care-of addresses.
由于只有CGA的接口标识符受到加密保护,其网络前缀可能被欺骗,对网络的洪水攻击仍然是一个问题。因此,即使家庭地址是CGA,也需要初始家庭地址测试来验证网络前缀。出于同样的原因,CGA很少用作转交地址。
One limitation of CGAs compared to other types of CBIDs is that the cryptographically protected portion is only at most 62 bits long. The rest of the address is occupied by a 64-bit network prefix as well as the universal/local and individual/group bits. (The specification in [44] further hard-codes a 3-bit security parameter into the address, reducing the cryptographically protected portion to 59 bits.) A brute-force attack might thus reveal a public/private key public/private-key pair that produces a certain CGA. This vulnerability can be contained by including the network prefix in the hash computation for the interface identifier so that an attacker, in
与其他类型的cbid相比,cga的一个限制是,受密码保护的部分最多只有62位长。地址的其余部分由64位网络前缀以及通用/本地和单个/组位占用。(参考文献[44]中的规范进一步将3位安全参数硬编码到地址中,将受密码保护的部分减少到59位。)因此,暴力攻击可能会暴露出产生特定CGA的公钥/私钥公钥/私钥对。可通过在接口标识符的哈希计算中包含网络前缀来控制此漏洞,以便攻击者在
case it did find the right public/private key public/private-key pair, could not form CGAs for multiple networks from it.
如果它确实找到了正确的公钥/私钥公钥/私钥对,则无法从中形成多个网络的CGA。
To resolve collisions in generating CGAs, a collision count is part of the input to the hash function. Changing this produces a different CGA. Unfortunately, the collision count also reduces the complexity of a brute-force attack against a CGA because it allows the same private/public-key pair to be used to generate multiple CGAs. The collision count is therefore limited to a few values only.
要在生成CGA时解决冲突,冲突计数是哈希函数输入的一部分。更改此选项将生成不同的CGA。不幸的是,冲突计数还降低了针对CGA的暴力攻击的复杂性,因为它允许使用相同的私钥/公钥对生成多个CGA。因此,冲突计数仅限于几个值。
Higher security can be achieved through longer CBIDs. For example, a node's primary identifier in the Host Identity Protocol [21] is a 128-bit hash on the node's public key. It is used as an IP-address replacement at stack layers above IP. This CBID is not routable, so there needs to be some external localization mechanism if a node wants to contact a peer of which it only knows the identifier.
通过更长的CBID可以实现更高的安全性。例如,主机标识协议[21]中节点的主标识符是节点公钥上的128位散列。它被用作IP上堆栈层的IP地址替换。这个CBID是不可路由的,因此如果一个节点想要联系一个它只知道其标识符的对等方,则需要一些外部定位机制。
Where mobile and correspondent nodes can be pre-configured with a shared key, bound to the mobile node's home address, authentication through a home-address test can be replaced by a cryptographic mechanism. This has three advantages. First, cryptography allows for stronger authentication than address tests. Second, strong authentication facilitates binding lifetimes longer than the 7- minute limit that RFC 3775 defines for correspondent registrations. Third, handoff delays are usually shorter with cryptographic approaches because the round-trips of the home-address test can be spared. The disadvantage of pre-configuration is its limited applicability.
在移动节点和对应节点可以使用绑定到移动节点的家庭地址的共享密钥预先配置的情况下,通过家庭地址测试的认证可以由加密机制代替。这有三个好处。首先,加密技术允许比地址测试更强大的身份验证。第二,强身份验证有助于使绑定生存时间超过RFC3775为相应注册定义的7分钟限制。第三,使用加密方法的切换延迟通常较短,因为可以避免家庭地址测试的往返。预配置的缺点是其适用性有限。
Two proposals for pre-configuration are currently under discussion within the IETF. [25] endows mobile nodes with the information they need to compute home and care-of keygen tokens themselves rather than having to obtain them through the return-routability procedure. [15] uses the Internet Key Exchange protocol to establish an IPsec security association between the peers.
IETF目前正在讨论两项预配置建议。[25]赋予移动节点所需的信息,使其能够自行计算keygen代币的归属和保管,而不必通过返回可路由性过程获得这些代币。[15] 使用Internet密钥交换协议在对等方之间建立IPsec安全关联。
From a technical standpoint, pre-configuration can only replace a home-address test. A test of the care-of address is still necessary to verify the mobile node's presence at that address. The problem is circumvented in [25] by postulating that the correspondent node has sufficient trust in the mobile node to believe that the care-of address is correct. This assumption discourages the use of pre-configuration in scenarios where such trust is unavailable, however. For example, a mobile-phone operator may be able to configure subscribers with secret keys for authorization to a particular service, but it may not be able to vouch that all subscribers use
从技术角度来看,预配置只能取代家庭地址测试。仍然需要对转交地址进行测试,以验证移动节点在该地址的存在。[25]通过假设通信节点对移动节点有足够的信任,从而相信转交地址是正确的,从而避免了该问题。但是,这种假设不鼓励在这种信任不可用的情况下使用预配置。例如,移动电话运营商可能能够为用户配置用于授权特定服务的密钥,但可能无法保证所有用户都使用
this service in a responsible manner. And even if users are trustworthy, their mobile nodes may become infected with malware and start behaving unreliably.
这项服务以负责任的方式提供。即使用户是可信的,他们的移动节点也可能感染恶意软件并开始不可靠的行为。
Another way to avoid care-of-address verification is to rely on access networks to filter out packets with incorrect IP source addresses [38][43]. This approach is taken in [15]. The problem with local filtering is that it can only protect a network from becoming the source of an attack, not from falling victim to an attack. The technique is hence potentially unreliable unless deployed in access networks worldwide (see Section 1.2).
另一种避免转交地址验证的方法是依靠接入网络过滤出IP源地址不正确的数据包[38][43]。[15]中采用了这种方法。本地过滤的问题在于,它只能保护网络不成为攻击源,而不是成为攻击的受害者。因此,除非在全球接入网络中部署,否则该技术可能不可靠(见第1.2节)。
Care-of-address tests facilitate the use of pre-configuration in spite of lacking trust relationships or the existence of access networks without local filtering techniques. For increased performance, concurrent care-of-address tests can be used in combination with Credit-Based Authorization or heuristic monitoring.
尽管缺乏信任关系或存在没有本地过滤技术的接入网络,但转交地址测试有助于使用预配置。为了提高性能,可以将并发地址照管测试与基于信用的授权或启发式监控结合使用。
A compromise between the return-routability procedure and pre-configuration are semi-permanent security associations. A semi-permanent security association is established between a mobile node and a correspondent node upon first contact, and it is used to authenticate the mobile node during subsequent correspondent registrations. Semi-permanent security associations eliminate the need for periodic home-address tests and permit correspondent registrations with lifetimes longer than the 7-minute limit specified in RFC 3775.
返回路由性程序和预配置之间的折衷是半永久性安全关联。在第一次接触时,在移动节点和对应节点之间建立半永久性安全关联,并且它用于在随后的对应注册期间认证移动节点。半永久性安全协会消除了定期家庭住址测试的需要,并允许相应注册的有效期超过RFC 3775中规定的7分钟限制。
It is important to verify a mobile node's home address before a security association is bound to it. An impersonator could otherwise create a security association for a victim's IP address and then redirect the victim's traffic at will until the security association expires. An initial home-address test mitigates this vulnerability because it requires the attacker to be on the path between the victim and the victim's peer at least while the security association is being established. Stronger security can be obtained through cryptographically generated home addresses (see Section 3.9).
在将安全关联绑定到移动节点之前,验证其家庭地址非常重要。否则,冒充者可以为受害者的IP地址创建安全关联,然后随意重定向受害者的流量,直到安全关联过期。初始家庭地址测试可缓解此漏洞,因为它要求攻击者至少在建立安全关联时位于受害者和受害者对等方之间的路径上。通过加密生成的家庭地址可以获得更高的安全性(见第3.9节)。
Semi-permanent security associations alone provide no verification of care-of addresses and must therefore be supplemented by care-of-address tests. These may be performed concurrently for reduced handoff delays. Semi-permanent security associations were first developed in [8] where they were called "purpose-built keys".
仅半永久性安全关联不提供转交地址验证,因此必须通过转交地址测试进行补充。这些可以同时执行以减少切换延迟。半永久性安全关联最早是在[8]中开发的,在那里它们被称为“专用密钥”。
Section 1.1 lists numerous problems of PKIs with respect to authentication of mobile nodes. These problems become more tractable, however, if correspondent nodes authenticate home agents rather than mobile nodes, and the home agents vouch for the authenticity and trustworthiness of the mobile nodes [37]. Such delegation of responsibilities solves the scalability issue with PKIs given that home agents can be expected to be much less numerous than mobile nodes. Certificate revocation becomes less delicate as well because home agents are commonly administrated by a mobility provider and should as such be more accountable than mobile nodes.
第1.1节列出了与移动节点身份验证相关的许多PKI问题。然而,如果通信节点对归属代理而不是移动节点进行身份验证,并且归属代理保证移动节点的真实性和可信性,则这些问题变得更容易处理[37]。考虑到家庭代理的数量可能比移动节点少得多,这种责任委托解决了PKI的可伸缩性问题。证书撤销也变得不那么微妙,因为归属代理通常由移动提供商管理,因此应该比移动节点更负责。
Another advantage of delegation is that it avoids public-key computations at mobile nodes. On the other hand, the processing overhead at correspondent nodes increases. This may or may not be an issue depending on resources available at the correspondent node relative to the services that the correspondent node provides. The correspondent node may also be mobile itself, in which case cryptographic operations would be problematic. Furthermore, the increased overhead implies a higher risk to resource-exhaustion attacks.
委托的另一个优点是它避免了移动节点上的公钥计算。另一方面,对应节点的处理开销增加。这可能是问题,也可能不是问题,这取决于对应节点上相对于对应节点提供的服务可用的资源。对应节点本身也可以是移动的,在这种情况下,密码操作会有问题。此外,增加的开销意味着资源耗尽攻击的风险更高。
Mobile nodes may move as a group and attach to the Internet via a "mobile router" that stays with the group. This happens, for example, in trains or aircraft where passengers communicate via a local wireless network that is globally interconnected through a satellite link.
移动节点可以作为一个组移动,并通过留在组中的“移动路由器”连接到互联网。例如,在火车或飞机上,乘客通过通过通过卫星链路全球互联的本地无线网络进行通信。
It is straightforward to support such network mobility [41] with a single home agent and a tunnel between the mobile router and this home agent. The mobile nodes themselves then do not have to be mobility-aware. However, Route Optimization for moving networks [36][26][27][55] is more complicated. One possibility is to have the mobile router handle Route Optimization on behalf of the mobile nodes. This requires the mobile router to modify incoming and outgoing packets such that they can be routed on the direct path between the end nodes. The mobile router would also have to perform Mobile IPv6 signaling on behalf of the mobile nodes. Similarly, a network of correspondent nodes can communicate with mobile nodes, through a "correspondent router", in a route-optimized way without providing mobility support themselves.
使用单个归属代理和移动路由器与该归属代理之间的隧道来支持这种网络移动性[41]是很简单的。然后,移动节点本身不必具有移动性感知。然而,移动网络的路由优化[36][26][27][55]更为复杂。一种可能性是让移动路由器代表移动节点处理路由优化。这需要移动路由器修改传入和传出数据包,以便它们可以在终端节点之间的直接路径上路由。移动路由器还必须代表移动节点执行移动IPv6信令。类似地,对应节点的网络可以通过“对应路由器”以路由优化的方式与移动节点通信,而无需自身提供移动性支持。
RFC 3775 fails to conceal a mobile node's current position as route-optimized packets always carry both home and care-of addresses. Both the correspondent node and a third party can therefore track the mobile node's whereabouts. A workaround is to fall back to bidirectional tunneling where location privacy is needed. Packets carrying the mobile node's care-of address are thus only transferred between the mobile node and the home agent, where they can be encrypted through IPsec ESP [42]. But even then should the mobile node periodically re-establish its IPsec security associations so as to become untraceable through its SPIs. Early efforts on location privacy in Route Optimization include [17][13][24][30].
RFC 3775无法隐藏移动节点的当前位置,因为经过路由优化的数据包始终同时携带归属地址和转交地址。因此,通信节点和第三方都可以跟踪移动节点的行踪。一个解决办法是在需要位置隐私的地方退回到双向隧道。因此,携带移动节点转交地址的数据包仅在移动节点和归属代理之间传输,在归属代理中,它们可以通过IPsec ESP进行加密[42]。但即使如此,移动节点也应该定期重新建立其IPsec安全关联,以便通过其spi变得不可跟踪。早期在路线优化中对位置隐私的研究包括[17][13][24][30]。
Common to the proposals discussed in Section 3 is that all of them affect a trade-off between effectiveness, on one hand, and economical deployability, administrative overhead, and wide applicability, on the other. Effectiveness may be equated with low latency, strong security, reduced signaling, or increased robustness. Economy implies no, or only moderate requirements in terms of hardware upgrades and software modifications. Administrative overhead relates to the amount of manual configuration and intervention that a technique needs.
第3节中讨论的提案的共同点是,所有这些提案都影响到效率与经济部署能力、管理开销和广泛适用性之间的权衡。有效性可以等同于低延迟、强安全性、减少信号或增强鲁棒性。经济性意味着在硬件升级和软件修改方面没有或只有适度的要求。管理开销与技术需要的手动配置和干预量有关。
The standard return-routability procedure avoids costly pre-configuration or new network entities. This minimizes both deployment investments as well as administrative expenses. Variants with optimistic behavior and proactive or concurrent IP-address tests have these advantages as well. CBIDs allow for public-key authentication without a PKI. They constitute a more secure alternative to home-address tests and are as such most effective when combined with concurrent reachability verification. CBID-based authentication may require nodes to be programmed with a mapping between human-readable identifiers and the corresponding CBIDs. Pre-configuration is another approach to avoid home-address tests. It does without computationally expensive public-key algorithms, but requires pair-wise credentials and, therefore, administrative maintenance. Where suitable infrastructure is available, end nodes may delegate authentication and encryption tasks to trusted network entities which, in turn, vouch for the end nodes. Delegation could resurrect the use of certificates for the purpose of mobility support. But it introduces a dependency on the delegatees, adds the provisioning costs for new network entities, and is likely to be limited to communities of authorized nodes.
标准的返回路由程序避免了昂贵的预配置或新网络实体。这可以最大限度地减少部署投资和管理费用。具有乐观行为和主动或并发IP地址测试的变体也具有这些优势。CBID允许在没有PKI的情况下进行公钥身份验证。它们构成了家庭地址测试的更安全的替代方案,因此与并发可达性验证相结合时最为有效。基于CBID的认证可能需要使用人类可读标识符和相应CBID之间的映射对节点进行编程。预配置是避免家庭地址测试的另一种方法。它不需要计算昂贵的公钥算法,但需要成对凭据,因此需要管理维护。在合适的基础设施可用的情况下,终端节点可以将身份验证和加密任务委托给可信网络实体,而可信网络实体反过来为终端节点提供担保。代表团可以重新使用证书来支持流动性。但它引入了对被委派者的依赖,增加了新网络实体的资源调配成本,并且可能仅限于授权节点的社区。
The performance of Route Optimization, as evaluated in this document, should be put into perspective of handoff-related activities in other parts of the network stack. These include link-layer attachment procedures; link-layer security mechanisms such as negotiation, authentication, and key agreement; as well as IPv6 router discovery, address configuration, and movement detection. A complete network attachment in a typical IEEE 802.11 commercial deployment requires over twenty link- and IP-layer messages. Current protocol stacks also have a number of limitations in addition to long attachment delays, such as denial-of-service vulnerabilities, difficulties in trusting a set of access nodes distributed to physically insecure locations, or the inability to retrieve sufficient information for making a handoff decision [2].
本文件中评估的路由优化性能应考虑网络堆栈其他部分中与切换相关的活动。这些包括链路层连接程序;链路层安全机制,如协商、身份验证和密钥协商;以及IPv6路由器发现、地址配置和移动检测。典型的IEEE 802.11商业部署中的完整网络连接需要超过20条链路层和IP层消息。除了长连接延迟外,当前的协议栈还存在一些限制,例如拒绝服务漏洞、难以信任分布到物理上不安全位置的一组访问节点,或者无法检索足够的信息以做出切换决策[2]。
A number of proposals have been put forth to improve handoff performance on different parts of the network stack, mostly focusing on handoff performance. These include link-layer parameter tuning [49] and network-access authentication [18][2][32], as well as IPv6 router discovery [11][12], address configuration [23], and movement detection [19][20]. It is uncertain how far this optimization can be taken by only looking at the different parts individually. An integrated approach may eventually become necessary [4][53].
已经提出了许多建议来改善网络堆栈不同部分的切换性能,主要集中在切换性能上。其中包括链路层参数调整[49]和网络访问验证[18][2][32],以及IPv6路由器发现[11][12]、地址配置[23]和移动检测[19][20]。仅通过单独查看不同的部分,不确定这种优化可以达到多大程度。最终可能需要采用综合方法[4][53]。
The number and diversity of mobility-related activities within a typical network stack oftentimes render theoretical analyses insufficient and call for additional, extensive experimentation or simulation. The following is a non-exhaustive list of areas where practical experience is likely to yield valuable insight.
典型网络堆栈中与移动性相关的活动的数量和多样性常常导致理论分析不足,需要额外的、广泛的实验或模拟。以下是实践经验可能产生有价值见解的领域的非详尽列表。
o Conception of a set of standard scenarios that can be used as a reference for comparable measurements and experimentation. Ideally, such standard scenarios ought to be derived from real-world environments, and they should include all features that would likely be needed in a commercial deployment. These features include link-layer access control, for instance.
o 一组标准场景的概念,可作为可比测量和实验的参考。理想情况下,这样的标准场景应该来自真实环境,并且应该包括商业部署中可能需要的所有功能。例如,这些功能包括链路层访问控制。
o Measurements of the performance impacts that existing enhancement proposals have on the different parts of the stack.
o 衡量现有增强方案对堆栈不同部分的性能影响。
o Comparisons of different implementations that are based on the same specification. For instance, it would be valuable to know how much implementations differ with regards to the use of parallelism that RFC 3775 allows in home and correspondent registrations.
o 基于相同规范的不同实现的比较。例如,了解RFC3775在家庭注册和对应注册中允许的并行性使用方面的实现有多大差异是很有价值的。
o Measurements of the impact that network conditions such as packet loss can have on existing and new optimizations.
o 测量网络条件(如数据包丢失)对现有优化和新优化的影响。
o Statistical data collection on the behavior of mobile nodes in different networks. Several Route Optimization techniques behave differently depending on the degree of mobility.
o 不同网络中移动节点行为的统计数据收集。根据机动性的不同,几种路由优化技术表现不同。
o Measurements of the performance that Route Optimization schemes show under different application scenarios, such as the use of applications with symmetric vs. asymmetric traffic patterns.
o 路由优化方案在不同应用场景下显示的性能测量,例如使用具有对称和非对称流量模式的应用程序。
Future research that goes beyond the techniques discussed in this document may consider the following items.
未来的研究超出了本文档中讨论的技术,可以考虑以下项目。
o Local mobility support or local route-repair mechanisms that do not require expensive configuration. This includes infrastructure-based Route Optimization like [48].
o 不需要昂贵配置的本地移动性支持或本地路由修复机制。这包括基于基础设施的路线优化,如[48]。
o Care-of-address verification mechanisms that are based on Secure Neighbor Discovery.
o 基于安全邻居发现的转交地址验证机制。
o The introduction of optimizations developed in the context of Mobile IPv6 to other mobility protocols, such as the Host Identity Protocol, the Stream Control Transmission Protocol, the Datagram Congestion Control Protocol, or link-layer mobility solutions.
o 将在移动IPv6环境下开发的优化引入其他移动协议,如主机标识协议、流控制传输协议、数据报拥塞控制协议或链路层移动解决方案。
o The extension of the developed mobility techniques to full multi-addressing, including multi-homing.
o 将已开发的移动性技术扩展到全多址,包括多址。
o Further strategies that are based on "asymmetric cost wars" [3], such as Credit-Based Authorization.
o 基于“不对称成本战争”[3]的进一步战略,如基于信用的授权。
o Integrated techniques taking into account both link- and IP-layer mobility tasks.
o 综合考虑链路层和IP层移动性任务的技术。
Standard Route Optimization enables mobile nodes to redirect IP packets at a remote peer from one IP address to another IP address. This ability introduces new security issues, which are explained and discussed in depth in [46]. The alternative Route Optimization techniques described in this document may introduce new security threats that go beyond those identified in [46]. Where such new threats exist, they are discussed and analyzed along with the description of the respective technique in Section 3.
标准路由优化使移动节点能够将远程对等方的IP数据包从一个IP地址重定向到另一个IP地址。这种能力引入了新的安全问题,这些问题将在[46]中详细解释和讨论。本文档中描述的替代路由优化技术可能会引入新的安全威胁,这些威胁超出了[46]中确定的安全威胁。如果存在此类新威胁,将在第3节中对其进行讨论和分析,并对相关技术进行描述。
Mobile IPv6 Route Optimization reduces packet-propagation latencies so as to facilitate interactive and real-time applications in mobile environments. Unfortunately, the end-to-end protocol's high handoff latencies hinder exactly these applications. A large body of effort has therefore recently been dedicated to Route Optimization improvements. Some of the proposed techniques operate on an end-to-end basis, others require new or extended infrastructure in the network; some need pre-configuration, others are zero-configurable. This document has compared and evaluated the different strategies based on a selected set of enhancement proposals. It stands out that all proposals make a trade-off between effectiveness, on one hand -- be it in terms of reduced handoff latency, increased security, or lower signaling overhead -- and pre-configuration costs or requisite network upgrades, on the other. An optimization's investment requirements, in turn, are in relation to its suitability for widespread deployment.
移动IPv6路由优化可减少数据包传播延迟,从而促进移动环境中的交互式和实时应用。不幸的是,端到端协议的高切换延迟恰恰阻碍了这些应用。因此,最近有大量工作致力于路线优化改进。一些建议的技术以端到端的方式运行,另一些则需要网络中的新的或扩展的基础设施;有些需要预配置,有些是零配置。本文件根据一组选定的改进建议,对不同的策略进行了比较和评估。值得注意的是,所有提案都在有效性(一方面是减少切换延迟、提高安全性或降低信令开销)与预配置成本或必要的网络升级之间进行了权衡。反过来,优化的投资需求与它是否适合广泛部署有关。
However, the real-life performance of end-to-end mobility does not only depend on enhancements of Route Optimization, but ultimately on all parts of the protocol stack [2]. Related optimization endeavors are in fact gaining momentum, and a comprehensive approach towards Route Optimization must incorporate the most suitable solutions amongst them [4]. Whichever proposals will eventually reach a maturity level sufficient for standardization, any effort should be expended to arrive at that point within the foreseeable future. Route Optimization requires support from both peers and depends on a solid basis of installed implementations in correspondent nodes. This should hence be included in emerging IPv6 stacks early on. Although IPv6 deployment is yet far away from becoming widespread, the sooner efficient Route Optimization will be available, the more likely that it will in the end be ubiquitously supported.
然而,端到端移动性的实际性能不仅取决于路由优化的增强,而且最终取决于协议栈的所有部分[2]。事实上,相关的优化工作正在取得进展,路线优化的综合方法必须包含其中最合适的解决方案[4]。无论哪一个提案最终将达到足以实现标准化的成熟度水平,都应在可预见的未来内尽一切努力达到这一点。路由优化需要对等方的支持,并且依赖于相应节点中安装的实现的坚实基础。因此,应尽早将其纳入新兴IPv6协议栈中。虽然IPv6部署离普及还有很长的路要走,但高效的路由优化越快可用,它最终得到普遍支持的可能性就越大。
This document was thoroughly reviewed, in alphabetical order, by Samita Chakrabarti, Francis Dupont, Thierry Ernst, Gerardo Giaretta, James Kempf, Rajeev Koodli, Gabriel Montenegro, Vidya Narayanan, and Fan Zhao. The authors wish to thank these folks for their valuable comments and suggestions.
本文件由Samita Chakrabarti、Francis Dupont、Thierry Ernst、Gerardo Giaretta、James Kempf、Rajeev Koodli、Gabriel黑山、Vidya Narayanan和Fan Zhao按字母顺序进行了彻底审查。作者希望感谢这些人的宝贵意见和建议。
[1] Johnson, D., Perkins, C., and J. Arkko, "Mobility Support in IPv6", RFC 3775, June 2004.
[1] Johnson,D.,Perkins,C.,和J.Arkko,“IPv6中的移动支持”,RFC 37752004年6月。
[2] Alimian, A. and B. Aboba, "Analysis of Roaming Techniques", IEEE Contribution 802.11-04/0377r1, March 2004.
[2] Alimian,A.和B.Aboba,“漫游技术分析”,IEEE贡献802.11-04/0377r1,2004年3月。
[3] Arkko, J. and P. Nikander, "Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties", Proceedings of Security Protocols Workshop 2002, Cambridge, UK, April 2002.
[3] Arkko,J.和P.Nikander,“弱认证:如何在没有可信方的情况下认证未知主体”,《2002年安全协议研讨会论文集》,英国剑桥,2002年4月。
[4] Arkko, J., Eronen, P., Nikander, P., and V. Torvinen, "Secure and Efficient Network Access", Proceedings of the DIMACS Workshop on Mobile and Wireless Security, November 2004.
[4] Arkko,J.,Eronen,P.,Nikander,P.,和V.Torvinen,“安全和高效的网络接入”,移动和无线安全问题DIMACS研讨会论文集,2004年11月。
[5] Arkko, J., Vogt, C., and W. Haddad, "Enhanced Route Optimization for Mobile IPv6", Work in Progress, August 2006.
[5] Arkko,J.,Vogt,C.,和W.Haddad,“移动IPv6的增强路由优化”,正在进行的工作,2006年8月。
[6] Arkko, J. and C. Vogt, "Credit-Based Authorization for Binding Lifetime Extension", Work in Progress, May 2004.
[6] Arkko,J.和C.Vogt,“基于信用的具有约束力的寿命延长授权”,正在进行的工作,2004年5月。
[7] Bahl, P., Adya, A., Padhye, J., and A. Walman, "Reconsidering Wireless Systems With Multiple Radios", ACM SIGCOMM Computer Communication Review, ACM Press, Vol. 34, No. 5, October 2004.
[7] Bahl,P.,Adya,A.,Padhye,J.,和A.Walman,“重新考虑具有多个无线电的无线系统”,ACM SIGCOMM计算机通信评论,ACM出版社,第34卷,第5期,2004年10月。
[8] Bradner, S., Mankin, A., and J. Schiller, "A Framework for Purpose-Built Keys (PBK)", Work in Progress, June 2003.
[8] Bradner,S.,Mankin,A.,和J.Schiller,“专用密钥框架(PBK)”,正在进行的工作,2003年6月。
[9] Castellucia, C., Montenegro, G., Laganier, J., and C. Neumann, "Hindering Eavesdropping via IPv6 Opportunistic Encryption", Proceedings of the European Symposium on Research in Computer Security, Lecture Notes in Computer Science, Springer-Verlag, September 2004.
[9] Castellucia,C.,黑山,G.,Laganier,J.,和C.Neumann,“通过IPv6机会主义加密阻止窃听”,欧洲计算机安全研究研讨会论文集,计算机科学讲稿,Springer Verlag,2004年9月。
[10] Chandra, R., Bahl, P., and P. Bahl, "MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card", Proceedings of the IEEE INFOCOM, Vol. 2, August 2004.
[10] Chandra,R.,Bahl,P.,和P.Bahl,“多网络:使用单个无线卡连接到多个IEEE 802.11网络”,IEEE信息通信会议录,第2卷,2004年8月。
[11] Daley, G., Pentland, B., and R. Nelson, "Effects of Fast Routers Advertisement on Mobile IPv6 Handovers", Proceedings of the IEEE International Symposium on Computers and Communication, Vol. 1, June 2003.
[11] Daley,G.,Pentland,B.,和R.Nelson,“快速路由器广告对移动IPv6切换的影响”,《IEEE计算机与通信国际研讨会论文集》,第1卷,2003年6月。
[12] Daley, G., Pentland, B., and R. Nelson, "Movement Detection Optimizations in Mobile IPv6", Proceedings of the IEEE International Conference on Networks, September 2003.
[12] Daley,G.,Pentland,B.,和R.Nelson,“移动IPv6中的移动检测优化”,IEEE国际网络会议记录,2003年9月。
[13] Daley, G., "Location Privacy and Mobile IPv6", Work in Progress, January 2004.
[13] Daley,G.,“位置隐私和移动IPv6”,正在进行的工作,2004年1月。
[14] Dupont, F., "A Note about 3rd Party Bombing in Mobile IPv6", Work in Progress, July 2006.
[14] 杜邦,F.,“关于移动IPv6中第三方轰炸的说明”,进展中的工作,2006年7月。
[15] Dupont, F. and J. Combes, "Using IPsec between Mobile and Correspondent IPv6 Nodes", Work in Progress, August 2004.
[15] 杜邦,F.和J.库姆斯,“在移动和相应的IPv6节点之间使用IPsec”,正在进行的工作,2004年8月。
[16] Dupont, F. and J. Combes, "Care-of Address Test for MIPv6 using a State Cookie", Work in Progress, July 2006.
[16] 杜邦,F.和J.库姆斯,“使用状态Cookie的MIPv6的转交地址测试”,正在进行的工作,2006年7月。
[17] Haddad, W., Nordmark, E., Dupont, F., Bagnulo, M., and B. Patil, "Privacy for Mobile and Multi-homed Nodes: MoMiPriv Problem Statement", Work in Progress, June 2006.
[17] W.Haddad、E.Nordmark、F.Dupont、M.Bagnulo和B.Patil,“移动和多宿节点的隐私:MoMiPriv问题声明”,正在进行的工作,2006年6月。
[18] "IEEE Standard for Local and Metropolitan Area Networks: Port-Based Network Access Control", IEEE Standard 802.1X, December 2004.
[18] “局域网和城域网IEEE标准:基于端口的网络访问控制”,IEEE标准802.1X,2004年12月。
[19] Choi, J. and E. Nordmark, "DNA with Unmodified Routers: Prefix List Based Approach", Work in Progress, January 2006.
[19] Choi,J.和E.Nordmark,“未修改路由器的DNA:基于前缀列表的方法”,正在进行的工作,2006年1月。
[20] Narayanan, S., Ed., "Detecting Network Attachment in IPv6 Networks (DNAv6)", Work in Progress, October 2006.
[20] Narayanan,S.,编辑,“在IPv6网络中检测网络连接(DNAv6)”,正在进行的工作,2006年10月。
[21] Moskowitz, R., Nikander, P., Jokela, Ed., P., and T. Henderson, "Host Identity Protocol", Work in Progress, June 2006.
[21] Moskowitz,R.,Nikander,P.,Jokela,Ed.,P.,和T.Henderson,“主机身份协议”,正在进行的工作,2006年6月。
[22] Henderson, T., Ed., "End-Host Mobility and Multihoming with the Host Identity Protocol", Work in Progress, June 2006.
[22] Henderson,T.,Ed.,“使用主机身份协议的终端主机移动和多宿”,正在进行的工作,2006年6月。
[23] Moore, N., "Optimistic Duplicate Address Detection (DAD) for IPv6", RFC 4429, April 2006.
[23] Moore,N.,“IPv6的乐观重复地址检测(DAD)”,RFC 44292006年4月。
[24] Koodli, R., "IP Address Location Privacy and Mobile IPv6: Problem Statement", Work in Progress, October 2006.
[24] Koodli,R.,“IP地址位置隐私和移动IPv6:问题陈述”,进展中的工作,2006年10月。
[25] Perkins, C., "Securing Mobile IPv6 Route Optimization Using a Static Shared Key", RFC 4449, June 2006.
[25] Perkins,C.,“使用静态共享密钥保护移动IPv6路由优化”,RFC 4449,2006年6月。
[26] Ng, C., Thubert, P., Watari, M., and F. Zhao, "Network Mobility Route Optimization Problem Statement", Work in Progress, September 2006.
[26] Ng,C.,Thubert,P.,Watari,M.,和F.Zhao,“网络移动路径优化问题声明”,正在进行的工作,2006年9月。
[27] Ng, C., Zhao, F., Watari, M., and P. Thubert, "Network Mobility Route Optimization Solution Space Analysis", Work in Progress, September 2006.
[27] Ng,C.,Zhao,F.,Watari,M.,和P.Thubert,“网络移动路径优化解决方案空间分析”,正在进行的工作,2006年9月。
[28] Arbaugh, W. and B. Aboba, "Handoff Extension to RADIUS", Work in Progress, October 2003.
[28] Arbaugh,W.和B.Aboba,“向RADIUS的切换扩展”,正在进行的工作,2003年10月。
[29] "Kame-Shisa", Mobile IPv6 for FreeBSD.
[29] “Kame Shisa”,FreeBSD的移动IPv6。
[30] Koodli, R., Devarapalli, V., Flinck, H., and C. Perkins, "Solutions for IP Address Location Privacy in the Presence of IP Mobility", Work in Progress, February 2005.
[30] Koodli,R.,Devarapalli,V.,Flinck,H.,和C.Perkins,“IP移动环境下IP地址位置隐私的解决方案”,正在进行的工作,2005年2月。
[31] Nuorvala, V., Petander, H., and A. Tuominen, "Mobile IPv6 for Linux (MIPL)".
[31] Nuorvala,V.,Petander,H.,和A.Tuominen,“Linux移动IPv6(MIPL)”。
[32] Mishra, A., Shin, M., Petroni Jr., N., Clancy, C., and W. Arbaugh, "Proactive Key Distribution Using Neighbor Graphs", IEEE Wireless Communications, Vol. 11, No. 1, February 2004.
[32] Mishra,A.,Shin,M.,Petroni Jr.,N.,Clancy,C.,和W.Arbaugh,“使用邻居图的主动密钥分配”,IEEE无线通信,第11卷,第1期,2004年2月。
[33] Montenegro, G. and Claude. Castelluccia, "Crypto-Based Identifiers (CBIDs): Concepts and Applications", ACM Transactions on Information and System Security Vol.7, No. 1, February 2004.
[33] 黑山、G.和克劳德。Castelluccia,“基于加密的标识符(CBID):概念和应用”,ACM信息和系统安全事务卷7,第1期,2004年2月。
[34] Nikander, P., "Denial-of-Service, Address Ownership, and Early Authentication in the IPv6 World", Revised papers from the International Workshop on Security Protocols, Springer-Verlag, April 2002.
[34] Nikander,P.,“IPv6世界中的拒绝服务、地址所有权和早期认证”,安全协议国际研讨会的修订论文,Springer Verlag,2002年4月。
[35] O'Shea, G. and M. Roe, "Child-proof Authentication for MIPv6", ACM SIGCOMM Computer Communication Review, April 2001.
[35] O'Shea,G.和M.Roe,“MIPv6的儿童验证”,ACM SIGCOMM计算机通信评论,2001年4月。
[36] Perera, E., Sivaraman, V., and A. Seneviratne, "Survey on Network Mobility Support", ACM SIGCOMM Computer Communication Review, Vol. 8, No. 2, ACM Press, April 2004.
[36] Perera,E.,Sivaraman,V.,和A.Seneviratne,“网络移动性支持调查”,ACM SIGCOMM计算机通信评论,第8卷,第2期,ACM出版社,2004年4月。
[37] Bao, F., Deng, R., Qiu, Y., and J. Zhou, "Certificate-basedBinding Update Protocol (CBU)", Work in Progress, March 2005.
[37] Bao,F.,Deng,R.,Qiu,Y.,和J.Zhou,“基于证书的绑定更新协议(CBU)”,正在进行的工作,2005年3月。
[38] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000.
[38] Ferguson,P.和D.Senie,“网络入口过滤:击败利用IP源地址欺骗的拒绝服务攻击”,BCP 38,RFC 2827,2000年5月。
[39] Abley, J., Black, B., and V. Gill, "Goals for IPv6 Site-Multihoming Architectures", RFC 3582, August 2003.
[39] Abley,J.,Black,B.和V.Gill,“IPv6站点多主架构的目标”,RFC 3582,2003年8月。
[40] Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents", RFC 3776, June 2004.
[40] Arkko,J.,Devarapalli,V.,和F.Dupont,“使用IPsec保护移动节点和家庭代理之间的移动IPv6信令”,RFC 37762004年6月。
[41] Devarapalli, V., Wakikawa, R., Petrescu, A., and P. Thubert, "Network Mobility (NEMO) Basic Support Protocol", RFC 3963, January 2005.
[41] Devarapalli,V.,Wakikawa,R.,Petrescu,A.,和P.Thubert,“网络移动(NEMO)基本支持协议”,RFC 3963,2005年1月。
[42] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005.
[42] Kent,S.,“IP封装安全有效载荷(ESP)”,RFC 4303,2005年12月。
[43] Baker, F. and P. Savola, "Ingress Filtering for Multihomed Networks", BCP 84, RFC 3704, March 2004.
[43] Baker,F.和P.Savola,“多址网络的入口过滤”,BCP 84,RFC 37042004年3月。
[44] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005.
[44] Aura,T.,“加密生成地址(CGA)”,RFC 39722005年3月。
[45] Huston, G., "Architectural Approaches to Multi-homing for IPv6", RFC 4177, September 2005.
[45] Huston,G.,“IPv6多宿主的体系结构方法”,RFC 4177,2005年9月。
[46] Nikander, P., Arkko, J., Aura, T., Montenegro, G., and E. Nordmark, "Mobile IP Version 6 Route Optimization Security Design Background", RFC 4225, December 2005.
[46] Nikander,P.,Arkko,J.,Aura,T.,黑山,G.,和E.Nordmark,“移动IP版本6路由优化安全设计背景”,RFC 42252005年12月。
[47] Roe, M., Aura, T., O'Shea, G., and J. Arkko, "Authentication of Mobile IPv6 Binding Updates and Acknowledgments", Work in Progress, February 2002.
[47] Roe,M.,Aura,T.,O'Shea,G.,和J.Arkko,“移动IPv6绑定更新和确认的认证”,正在进行的工作,2002年2月。
[48] Vadali, R., Li, J., Wu, Y., and G. Cao, "Agent-Based Route Optimization for Mobile IP", Proceedings of the IEEE Vehicular Technology Conference, October 2001.
[48] Vadali,R.,Li,J.,Wu,Y.,和G.Cao,“基于代理的移动IP路由优化”,IEEE车辆技术会议论文集,2001年10月。
[49] Velayos, H. and G. Karlsson, "Techniques to Reduce IEEE 802.11b MAC Layer Handoff Time", Laboratory for Communication Networks, KTH, Royal Institute of Technology, Stockholm, Sweden, TRITA-IMIT-LCN R 03:02, April 2003.
[49] Velayos,H.和G.Karlsson,“减少IEEE 802.11b MAC层切换时间的技术”,通信网络实验室,瑞典斯德哥尔摩皇家理工学院KTH,TRITA-IMIT-LCN R 03:022003年4月。
[50] Vogt, C., "Credit-Based Authorization for Concurrent IP-Address Tests", Proceedings of the IST Mobile and Wireless Communications Summit, June 2005.
[50] Vogt,C.,“并发IP地址测试的基于信用的授权”,IST移动和无线通信峰会论文集,2005年6月。
[51] Vogt, C., Bless, R., Doll, M., and T. Kuefner, "Early Binding Updates for Mobile IPv6", Proceedings of the IEEE Wireless Communications and Networking Conference, IEEE, Vol. 3, March 2005.
[51] Vogt,C.,Bless,R.,Doll,M.,和T.Kuefner,“移动IPv6的早期绑定更新”,IEEE无线通信和网络会议记录,IEEE,第3卷,2005年3月。
[52] Vogt, C. and M. Doll, "Efficient End-to-End Mobility Support in IPv6", Proceedings of the IEEE Wireless Communications and Networking Conference, April 2006.
[52] Vogt,C.和M.Doll,“IPv6中有效的端到端移动支持”,IEEE无线通信和网络会议记录,2006年4月。
[53] Vogt, C., "A Comprehensive Delay Analysis for Reactive and Proactive Handoffs with Mobile IPv6 Route Optimization", Institute of Telematics, Universitaet Karlsruhe (TH), Karlsruhe, Germany, TM-2006-1, January 2006.
[53] Vogt,C.,“采用移动IPv6路由优化的反应式和主动式切换的综合延迟分析”,远程通信研究所,卡尔斯鲁厄大学(TH),德国卡尔斯鲁厄,TM-2006-12006年1月。
[54] Zhao, F., Wu, F., and S. Jung, "Extensions to Return Routability Test in MIP6", Work in Progress, February 2005.
[54] Zhao,F.,Wu,F.,和S.Jung,“MIP6中返回路由性测试的扩展”,正在进行的工作,2005年2月。
[55] Calderon, M., Bernardos, C., Bagnulo, M., Soto, I., and A. de la Oliva, "Design and Experimental Evaluation of a Route Optimisation Solution for NEMO", IEEE Journal on Selected Areas in Communications, Vol. 24, No. 9, September 2006.
[55] Calderon,M.,Bernardos,C.,Bagnulo,M.,Soto,I.,和A.de la Oliva,“NEMO路由优化解决方案的设计和实验评估”,IEEE通讯选定领域杂志,第24卷,第9期,2006年9月。
Authors' Addresses
作者地址
Christian Vogt Institute of Telematics Universitaet Karlsruhe (TH) P.O. Box 6980 76128 Karlsruhe Germany
克里斯蒂安·沃格特远程通信研究所卡尔斯鲁厄大学(TH)邮政信箱6980 76128德国卡尔斯鲁厄
EMail: chvogt@tm.uka.de
EMail: chvogt@tm.uka.de
Jari Arkko Ericsson Research NomadicLab FI-02420 Jorvas Finland
雅丽阿尔科爱立信游牧研究实验室FI-02420 Jorvas芬兰
EMail: jari.arkko@ericsson.com
EMail: jari.arkko@ericsson.com
Full Copyright Statement
完整版权声明
Copyright (C) The IETF Trust (2007).
版权所有(C)IETF信托基金(2007年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。