logo

SCIENCE CHINA Information Sciences, Volume 61, Issue 9: 092109(2018) https://doi.org/10.1007/s11432-017-9298-3

GAGMS: a requirement-driven general address generation and management system

Ying LIU1,2, Lin HE1,2, Gang REN1,2,*
More info
  • ReceivedSep 19, 2017
  • AcceptedNov 22, 2017
  • PublishedJun 8, 2018

Abstract

IPv6 address generation is closely related to the manageability, security, privacy protection, and traceability of the Internet. There are many kinds of IPv6 address generation and configuration methods in the area of Internet standards and research that may cause certain problems, including the mixed operation problem of multiple IPv6 address generation schemes, the synchronization problem of the change in IPv6 address, the efficiency problem of processing large-scale concurrent IPv6 address requests, and the general model problem for mapping IPv6 addresses to other requirement spaces as identifiers. In this paper, we consider generating and managing IPv6 addresses according to network requirements. After conducting a requirement analysis of most proposed address generation schemes, we propose a general address generation model and a general address management system, which are the cores of the general address generation and management system (GAGMS). This system solves the above problems under the premise of maintaining the diversity and flexibility of the existing IPv6 address generation and configuration methods and allows networks to utilize different address generation schemes according to different requirements in different scenarios. Finally, we design a prototype system and evaluate our GAGMS to demonstrate its effectiveness, manageability, and scalability, and we have conducted trial deployment in campus networks and are trying to standardize this work in IETF.


Acknowledgment

This work was supported by National Natural Science Foundation of China (Grant Nos. 61402257, 61772307) and Tsinghua University Self-determined Project (Grant No. 2014z21051).


References

[1] Narten T, Jinmei T, Thomson S. IPv6 stateless address autoconfiguration. RFC 4862. 2007. Google Scholar

[2] Droms R, Bound J, Volz B, et al. Dynamic host configuration protocol for IPv6 (DHCPv6). RFC 3315. 2003. Google Scholar

[3] Mrugalski T, Siodelski M, Volz B, et al. Dynamic host configuration protocol for IPv6 (DHCPv6) bis. draft-ietf-dhc-rfc3315bis-10. 2017. Google Scholar

[4] Hinden R, Deering S. IP version 6 addressing architecture. RFC 4291. 2006. Google Scholar

[5] Narten T, Draves R, Krishnan S. Privacy extensions for stateless address autoconfiguration in IPv6. RFC 4941. 2007. Google Scholar

[6] Aura T. Cryptographically generated addresses (CGA). RFC 3972. 2005. Google Scholar

[7] Gont F. A method for generating semantically opaque interface identifiers with IPv6 stateless address autoconfiguration (SLAAC). RFC 7217. 2014. Google Scholar

[8] Raghuvanshi D, Kinnear K, Kukrety D. DHCPv6 active leasequery. RFC 7653. 2015. Google Scholar

[9] Hosain S Z. Reality check: 50B IoT devices connected by 2020 beyond the hype and into reality. RCR Wireless News. http://www.rcrwireless.com/20160628/opinion/reality-check-50b-iot-devices-connected-2020-beyond-hype-reality-tag10. Google Scholar

[10] Yeh L, Boucadair M. RADIUS option for the DHCPv6 relay agent. RFC 7037. 2013. Google Scholar

[11] Liu Y, Ren G, Wu J P, et al. Building an IPv6 address generation and traceback system with NIDTGA in address driven network. Sci China Inf Sci, 2015, 58: 120102. Google Scholar

[12] Narten T, Nordmark E, Simpson W, et al. Neighbor discovery for IP version 6 (IPv6). RFC 4861. 2007. Google Scholar

[13] Carpenter B, Chown T, Gont F, et al. Analysis of the 64-bit boundary in IPv6 addressing. RFC 7421. 2015. Google Scholar

[14] Oliveira R, Lad M, Zhang B, et al. Geographically informed inter-domain routing. In: Proceedings of IEEE International Conference on Network Protocols (ICNP), Beijing, 2007. 103--112. Google Scholar

[15] Yin X, Wu X, Chon K, et al. ISPSG: Internet service provider-separated geographic-based addressing and routing. In: Proceedings of the Global Communications Conference Workshops, Hawaii, 2009. 1--6. Google Scholar

[16] Hinden R, Deering S. IP version 6 addressing architecture. draft-ietf-6man-rfc4291bis-09. 2017. Google Scholar

[17] O'Shea G, Roe M. Child-proof authentication for MIPv6 (CAM). ACM SIGCOMM Comput Commun Rev, 2001, 31: 4-8 CrossRef Google Scholar

[18] Montenegro G, Castelluccia C. Statistically unique and cryptographically verifiable (SUCV) identifiers and addresses. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, 2002. Google Scholar

[19] Bao C, Li X, Baker F, et al. IP/ICMP translation algorithm. RFC 7915. 2016. Google Scholar

[20] Bao C, Huitema C, Bagnulo M, et al. IPv6 addressing of IPv4/IPv6 translators. RFC 6052. 2010. Google Scholar

[21] Li L, Jiang S, Cui Y, et al. Secure DHCPv6. draft-ietf-dhc-sedhcpv6-21. 2017. Google Scholar

[22] Moore N. Optimistic duplicate address detection (DAD) for IPv6. RFC 4429. 2006. Google Scholar

[23] Ren G, He L, Liu Y. Multi-requirement extensions for dynamic host configuration protocol for IPv6 (DHCPv6). draft-ren-dhc-mredhcpv6-00. 2017. Google Scholar

  • Figure 1

    (Color online) Logical structure of GAGMS.

  • Figure 6

    (Color online) Deployment topology and evaluation of effectiveness. (a) GAGMS system deployment topology; (b) IEEE EUI-64 identifiers. (c) Temporary addresses; (d) NIDTGA.

  • Figure 7

    (Color online) Update time of UASSes in GAGMS.

  • Figure 8

    (Color online) Switching time among schemes in GAGMS.

  • Table 1   Schemes classification by requirements
    RequirementSchemes RFC or used to be
    Easy aggregation of routesGIRO [14], ISPSG [15]$\times$
    Generation from MAC addressIEEE EUI-64 identifier [4,16]$\surd$
    Protection of user privacyTemporary address [5]$\surd$
    Verification of user identity: solve forgery source addresses in SEND CGA [6]$\surd$
    solve home address problem in MIPv6 CAM [17], SUCV [18]$\times$
    Traceback of user identityNIDTGA [11]$\times$
    Transformation of IPv4 addresses into IPv6 addressesSIIT [19], IVI [20]$\surd$
  • Table 2   Functional scopes of requirements
    Goal Requirement Functional scope
    Identifier(a) Generation from MAC address IPv6(64, 127)$^{\rm~a)}$
    (b) Protection of user privacy IPv6(64, 127)
    (c) Verification of user identity IPv6(64, 127)
    (d) Traceback of user identity IPv6(64, 127)
    (e) Transformation of IPv4 addresses into IPv6 addresses IPv6(32, 127)
    Locator (f) Easy aggregation of routes IPv6(0, 63)

    a) IPv6($m$, $n$) represents the part of IPv6 address from bit $m$ to bit $n$.

  • Table 3   Relationships among requirements $^{\rm~a)}$
    (a)(b)(c)(d)(e)(f)
    (a)$-^{\rm~b)}$$\times~^~{\rm~c)}$$\times$$\times$$\times$$\bigcirc~^{\rm~d)}$
    (b)$\times$$\times$$\times$$\times$$\bigcirc$
    (c)$\times$$\times$$\times$$\times$$\bigcirc$
    (d)$\times$$\times$$\times$$\times$$\bigcirc$
    (e)$\times$$\times$$\times$$\times$$\otimes~^{\rm~e)}$
    (f)$\bigcirc$$\bigcirc$$\bigcirc$$\bigcirc$$\otimes$

    a) (a)–(f) represent the requirements mentioned in Table 2. b) “–” represents the same requirement. c) “$\times$” means complete conflict. d) “$\bigcirc$” means complete compatibility. e) “$\otimes$” means partial compatibility.

  • Table 4   Schemes and their corresponding mappings
    Type Scheme Mapping
    Simple mappingsGIRO $f({\rm~as\_number,geo\_loc,sid,subnet\_host)}=$
    ${\rm~Concatenate(as\_number,geo\_loc,sid,subnet\_host)}$
    ISPSG $f({\rm~as\_number,geo\_loc,id})={\rm~Concatenate(as\_number,geo\_loc,id)}$
    SIIT/IVI $f({\rm~prefix,IPv4,zeros})={\rm~Concatenate(prefix,IPv4,zeros),}$
    ${\rm~length(prefix)}\in\{32,40,48,56,64,96\}$
    IEEE EUI-64 identifier $f({\rm~mac\_addr)}={\rm~Invert(Insert(mac,23,0xfffe),6)}$
    Hash mappingsTemporary address $f({\rm~eui64,history)}=$
    ${\rm~Replace(Truncate(Hash(Concatenate(eui64,history)),0,63),6,6,0)}$
    CAM $f({\rm~pub\_key)=Insert(Truncate(Hash(pub\_key),0,61),5,00)}$
    SUCV $f({\rm~imprint,pub\_key)}=$
    ${\rm~Replace(Truncate(Hash_1(Hash_2(imprint),Hash_2(pub\_key)),0,63),6,6,0)}$
    CGA $f({\rm~final\_modifier,prefix,collision\_count,pub\_key,options,sec)}=$
    ${\rm~Replace(Replace(Replace(Truncate(Hash(Concatenate(final\_modifier},$
    ${\rm~prefix,collision\_count,pub\_key,options)),0,63),0,2,sec}),6,6,0),7,7,0)$
    Encryption mappings NIDTGA $f({\rm~nid,time,key)=Encrypt(Concatenate(nid,time),key)}$
    Complex mappings NIDTGA-extension $f({\rm~id,key)=Encrypt(Hash(id),key)}$

Copyright 2020 Science China Press Co., Ltd. 《中国科学》杂志社有限责任公司 版权所有

京ICP备18024590号-1