Академический Документы
Профессиональный Документы
Культура Документы
Confidential and Proprietary This document includes data that shall not be duplicated, used, or disclosed—in
whole or in part—for any purpose other than for evaluation. The data subject to this restriction are contained in
sheets 1-18.
White Paper
Resilient Mobile IP
CoCo Architecture White Paper
15 February 2008
Phone: 206-284-9387
Fax: 206-770-6461
Table of Contents
Introduction ................................................................................................. 1
About this document ...................................................................................... 1
Motivation ......................................................................................................... 1
Quality and Type of Service ...................................................................... 2
Interoperability ............................................................................................ 2
Mobility and Rapid, Dynamic Configurations......................................... 2
Identity Security ........................................................................................... 3
Network Security ......................................................................................... 3
Scalability ..................................................................................................... 3
Addressing in CoCo Networks ....................................................................... 4
Introduction
Th e CoCo P r ot ocol is a u n iqu e com bin a t ion of en h a n cem en t s t o exist ing IP
syst em design in t en ded t o in cr ea se usa bilit y, r elia bilit y, m obilit y, a n d secu r it y.
It in st a lls a s a vir t u a l net wor k a dapt er on t h e wh ole r a n ge of Win dows a n d
Lin u x oper at in g syst em s. Ta ken sepa r at ely t h ese t ech n iqu es m ir r or st a t e-of-
t h e-a r t developm en t s in m obile ad-h oc n et wor kin g (MANE T), fast IP m obilit y,
peer-t o-peer secur it y, a nd m edia -in depen dent ha n dover (MIH ). Toget h er, t h ey
for m a n offer in g not ot her wise ava ila ble t oday.
Th a t sa id, as t h e IE TF wor kin g gr oups com e t o r esolu t ion on best pr a ct ices
for ea ch of t h ese com pon en t s, CoCo is fir m ly com m it t ed t o suppor t in g open
st a n dar d a r ch it ect u r e. On e cu r r ent exam ple is 802.21, wh ich pr om ises a
su fficient ly flexible a nd power fu l set of pr im it ives t o be consider ed a solid
im pr ovem en t u pon CoCo’s pr iva t e design . Wh ile t h is st a n da r d is st ill fa r fr om
a dopt ion , we ar e m oving t o a lign ou r in t er n a l st r u ct ur es for r a pid com plia n ce
wh en t h a t day com es. We believe t h a t ou r n et wor k ar ch it ect u r e h olds it s
m er it befor e, du r in g, a nd a ft er st a n da r diza t ion of t he key elem ent s.
Motivation
Da t a a n d voice com m u nica t ion syst em s play incr ea sin gly im por t a nt r oles in
t h e m ilit ar y, gover nm ent , a n d civilia n sect or s. Sin ce t he or igin a l developm en t
of t he Tr a n sm ission Con t r ol Pr ot ocol (TCP ) a nd t h e In t er net Pr ot ocol (IP ) in
t h e ea r ly 1970s, com pu t er n et wor ks h ave a dva nced sign ifica n t ly. Th e
sim u lt a n eous der egu la t ion of con vent ion a l t eleph on e syst em s spu r r ed a wide
a r r ay of n ew t eleph on y ser vices. Mobile cellu la r n et wor ks h ave a lso becom e
in cr ea sin gly soph ist ica t ed a n d widespr ea d. Despit e t h ese developm en t s,
m oder n n et wor ks ca n n ot pr ovide a dequ at e infr a st r uct u r e for m a n y cr it ica l
a pplica t ions su ch as fir st r esponder com m u n icat ion. Th e CoCo Pr ot ocol
a ddr esses sh or t com in gs of exist in g n et wor k t ech n ologies; it en a bles m oder n
a n d em er gin g com m u n ica t ion t ech n ologies in t h e m ost dem a n din g
a pplica t ions.
In t h e 1970s, r obust n ess a n d fa ult -t oler a n ce wer e key design goa ls for t h e
TCP /IP pr ot ocols. Th e DARPA fu n din g a gen cies wer e especia lly int er est ed in
n et wor ks t h a t cou ld m ain t a in fu n ct ion by r ou t in g pa cket s a r ou nd n odes h it in
a m ilit a r y st r ike a n d m a n a ge t h e r esu lt in g congest ion.
Today’s n et wor ks h ave a ddit ion a l r equ ir em en t s, in cludin g:
Qu a lit y of ser vice: t h e abilit y t o su ppor t a wide va r iet y of applica t ions,
in clu din g voice, video, an d dat a
In t er oper a bilit y: t h e abilit y t o u se a ll com m on ph ysica l t r a nspor t
t ech n ologies a n d h a r dwa r e devices
Dyn a m ic, sca la ble r ou t in g: t h e a bilit y t o su ppor t r apid u ser m ovem ent
a n d a d-h oc n et wor k for m a t ion
Secu r it y: t h e a bilit y t o au t h en t icat e user s a nd r esist n et wor k a t t a cks
Som e t ech n ologies a t t em pt t o im plem en t som e of t h ese fea t ur es by ext en din g
t r a dit ion a l t r a nspor t pr ot ocols. CoCo’s syst em ar ch it ect ur e addr esses a ll of
t h ese r equ ir em ent s.
Interoperability
Th e CoCo P r ot ocol suppor t s a wide va r iet y of ph ysica l t r a nspor t t ech nologies
in clu din g cellu la r, WiFi, E t h er n et , a n d sa t ellit e—w h ich en a bles const r u ct ion
of int er n et wor ks based on differ en t u n der lyin g ph ysica l t r a nspor t s. For t h is
r ea son, t h e CoCo P r ot ocol is ca lled a n over lay pr ot ocol. CoCo t ech n ology
fost er s int er oper a bilit y a lso beca u se it is a pur e soft war e t ech n ology t ha t r u ns
on widely ava ila ble, off-t h e-sh elf h a r dwa r e devices com m on ly u sed for
wir eless com m u n ica t ion su ch a s P DAs, cell ph on es, la pt ops, a nd wir eless
a ccess poin t s. A CoCo device, or CoCo n ode, is an y com pu t a t ion a l device
pr ovision ed wit h t h e CoCo P r ot ocol soft war e. Th e sect ion “Th e P h ysical
Layer” discu sses in t er oper a bilit y in m or e det a il.
con ven t ion a l cellu la r n et wor ks, t ower s a r e sit u at ed at fixed locat ions, so t h e
n et wor k’s r out in g r esour ces a r e st a t ic a n d n ot con figu r a ble. CoCo n et wor ks
wor k m or e flexibly a n d wit h a fin er gr a n u la r it y of n et wor kin g r esou r ces. In
con ven t ion a l cellu la r n et wor ks, ea ch con nect ed device dr aws u pon a fixed
su pply of ba n dwidt h. Sin ce a ll CoCo devices can ser ve as r ou t er s wh en
n ecessa r y, ea ch device adds ba n dwidt h r esour ces a n d r out in g ca pa bilit y.
Mor eover, in expen sive wir eless r ou t er s m ay ser ve a s CoCo n odes a n d be
ea sily r eposit ion ed t o loca t ions wh er e m or e ba ndwidt h is r equ ir ed; for
exa m ple, a n em er gen cy sit e.
Identity Security
Th e CoCo P r ot ocol u ses F IP S 140-2 cr ypt ogr a phic pr im it ives t o suppor t
iden t it y va lidat ion a nd ser vice a u t h or iza t ion . Th e TCP /IP pr ot ocols do n ot
a ddr ess pr iva cy a n d a u t h en t ica t ion , bu t leave t h ese fea t ur es for applica t ion
developer s t o im plem ent a t t h e u ser level, so t her e is n o u n ifor m st a n da r d for
In t er n et secu r it y. Con ver sely, secu r it y pr im it ives a r e bu ilt dir ect ly int o t h e
CoCo P r ot ocol on m u lt iple levels t o en sur e consist en cy. Refer t o t he sect ion
“Th e Cir cu it Layer” for m or e det a il.
Iden t it y secur it y h as far -r ea ch in g consequ ences. For exam ple, e-m a il spa m in
it s pr esen t for m wou ld be im possible sin ce sender s wou ld be u n able t o for ge
t h eir iden t it ies. Web ser ver s on t h e In t er net know t h e on ly t h e ext er n al IP
a ddr ess of t he sou r ce of ea ch pa ge r equ est . Th e In t er n et pr ot ocols m ake n o
gu a r a n t ees a bou t t h e iden t it y of a u ser. By con t r a st , a CoCo n et wor k ser ver
kn ows t h e ident it y of each u ser r equest in g a page. P r ot ocol-level ident it y
secu r it y a llows adva n ced a u t h or iza t ion t ech n ologies acr oss t h e en t ir e
n et wor k.
Network Security
Th e CoCo P r ot ocol r esist s den ia l-of-ser vice a t t acks, m a n -in -t h e-m iddle
a t t a cks, a n d t r affic a n a lysis a t t a cks u sin g best pr a ct ice defen ses in clu din g
bu t n ot lim it ed t o secu r e pa ir -wise lin k keyin g a n d en d-t o-en d bu lk
en cr ypt ion . Th e t opic of peer-t o-peer secur it y is beyon d t he scope of t h is
docu m ent .
Scalability
Th e CoCo P r ot ocol sca les effect ively t o la r ge net wor k sizes wh ile m a int a in in g
con n ect ivit y a n d t h e a bilit y t o r out e pa cket s efficien t ly in a dyn a m ica lly
ch a n gin g n et wor k. Th is is a r esu lt of CoCo’s novel a ddr essin g sch em e an d
clu st er in g m ech a nism . To avoid t h e need for a ll n odes t o exch a n ge m essa ges
wit h ea ch ot h er, wh ich r esu lt s in O(N 2 ) com m u nica t ion com plexit y in
n et wor ks of size N, t h e CoCo P r ot ocol decom pos es t h e n et wor k in t o a
h ier a r ch y of r egion s ca lled clust er s. Th e sect ion “Th e Rou t in g Layer” expla in s
a ddr essin g a n d clu st er in g in m or e det ail.
Architectural Overview
E xt er n a lly, t h e CoCo st a ck fit s idea lly bet ween exist in g OSI layer 2 a nd layer
3 im plem en t a t ions, wher e ARP cu r r ent ly r esides. In t er n a lly, it divides in t o
fou r layer s: Rou t in g, Cir cu it , Ident it y, a n d Addr essin g.
Address Translation
Identity Management
Circuit Routing
Packet Routing
Cluster Satellite Carrier Wi-Fi
MANET Data Data Hotspot
Routing Layer
Th e r ou t in g layer consist s of sever a l con cr et e t r a n spor t object s wit h iden t ica l
a bst r act in t er fa ces. Th ese t r a n spor t s gen er a lly divide in t o IP in fr a st r u ct u r e
a n d IP MANE T a d-h oc t ypes. Th ey com m u n ica t e wit h t h e va r iou s n et wor k
m edia t h r ou gh st a n da r d h ost oper at in g syst em n et wor k int er fa ce dr iver s, so
m ost m oder n t ech n ologies ar e su ppor t ed t r a nspa r en t ly. Th ese t r a n spor t s
pr ovide a bst r a ct int er faces t o sim ple m a n a gem en t fu nct ions su ch as ch a n n el
r eser vat ion, peer discover y, m u lt ica st gr oup fu nct ions, a nd qu a lit y m et r ics
su ch as r ou n d-t r ip t im e.
Recent Developments
H ist or ica lly, ou r pr odu ct s pr efer r ed t h e MANET poin t of view a nd so used
en ca psula t ion t o ext end t h e m esh over va r iou s in fr a st r u ct u r e t r a nspor t s.
Today’s t h inkin g r eflect s a su bst a n t ia l sh ift in t h a t design, inst ead pr efer r in g
t h e IP per spect ive by a ssign in g t em por a r y addr esses t o m esh peer s.
Th is m ea n s t h a t t he im plem ent a t ion for In t er net -con nect ed infr ast r uct u r e
t r a n spor t s is sim ply a pa ss-t h r ou gh t h a t a llows IP r ou t in g t o do wh a t it does
best .
Virtual Infrastructure
Wh en a ll in fr ast r u ct ur e n et wor ks fa il, devices power ed by CoCo m ay fall ba ck
in t o vir t u a l infr ast r uct ur e m ode. Th is u n iqu e offer in g en a bles com m on IP
ser vices su ch as DH CP a n d DNS for dyn am ic MANE T configu r a t ion s t h a t
sca le u p t o t h ousa n ds of devices wit h ou t t r ou ble. Th is t ech n ology is a h ybr id
of t r a dit ion a l m esh r ou t in g pr ot ocols wit h la ndm a r k -based com m u n icat ion
r edu ct ion. Clust er in g decom poses a n et wor k int o a h ier a r ch y of r egions in a
m a n n er a n a logou s t o t he way cit ies a nd st at es pr ovide a geogr a ph ica l
h ier a r ch y t h at fa cilit a t es a ddr essin g. Th e clust er in g m ech a n ism assigns ea ch
n et wor k n ode a location ba sed on t h e layer s of clu st er s t h a t cont a in it .
For t h e r out in g m ech a nism t o sca le efficient ly, a dver t isem ent s a n d loca t ion s
ca n n ot pr opa ga t e com plet ely t hr ou gh t he n et wor k. (If t h ey did, t h e n u m ber of
m essa ges exch a n ged in a n et wor k of N n odes wou ld be O(N 2 ).) A given n ode’s
loca t ion is n ot com m on ly kn own, a nd it s a dver t isem en t s a r e n ot sen t t o a ll
ot h er nodes. Th e clust er in g m odel con t r ols t h e ext en t t o wh ich loca t ion s a n d
a dver t isem ent s pr opa gat e t o lim it m essa ge passin g over h ea d. Th e r ou t in g
syst em uses a m ech a n ism ca lled location -based rou tin g wh ich uses t h e best
dest in a t ion a ppr oxim at ion con t ain ed in a n ode’s loca t ion. Th e r em a inder of
t h is sect ion expla ins t he det a ils of t hese t ech n iqu es.
X Z U W
Y V
Th e r esu lt of r epla cin g clu st er s wit h t heir r epr esen t at ives in t h e clust er in g
decom posit ion is t he r edu ced n et wor k sh own in Figu r e 3.
Z U
Level 2 U
Level 1 Z U
Level 0
X Y Z U V W
Location-based Routing
In gen er a l, a n ode’s r ou t in g t a ble does not con t ain a n ent r y for ever y device in
t h e n et wor k. H owever, u sin g t h e n ot ion of net wor k loca t ion s, a n ode S ca n
r ou t e da t a t o a dest in a t ion n ode D effect ively even if th e destin ation n od e D
d oes n ot appear in its rou tin g table. If device S wa n t s t o send da t a t o a device
D wit h n et wor k loca t ion [D n , …, D 0], it uses t h e a lgor it h m in Erro r!
Re fe re n ce s o u rce n o t fo u n d ..
D
Blue arrows show route
generated by unmodified
location-based routing;
Red arrows show refined
location-based routing.
Circuit Layer
In t h e CoCo P r ot ocol, a circuit is a com m u n ica t ion pa t h over wh ich dat a
m oves fr om on e device t o a n ot h er. Th e cir cu it layer is t h e fir st layer in t h e
CoCo P r ot ocol t h a t suppor t s end-t o-end com m u n ica t ion, wh ich m ay be
en cr ypt ed on a per-cir cuit basis. Th is r epr esent s a sepa r a t e a pplica t ion of
en cr ypt ion fr om t h at used a t t h e link layer discu ssed in sect ion 3.2. The
cir cu it layer m a n a ges t h e cr eat ion, m a in t en a n ce, a nd dest r u ct ion of cir cu it s.
Th e cir cu it layer a lso m a n a ges h a n doffs —a dju st m en t s t o t h e cir cu it pa t h
m a de n ecessar y by CoCo devices ch a n gin g posit ion .
A cir cu it con sist s of legs, wh er e ea ch leg uses one link. A cir cu it m ay be in a n y
of t hr ee st a t es:
C: Closed (n onexist en t )
O: Openin g (in t h e pr ocess of bein g cr eat ed)
R : R ead y (r ea dy for dat a t o t r aver se it )
Cir cu it s a r e u n idir ect ion a l: t h e exist en ce of a cir cu it fr om A t o B does not
im ply t h e exist en ce of a cir cu it fr om B t o A. If B wa n t s t o sen d dat a t o A, it
m u st est a blish a n ew cir cu it fr om B t o A, sepa r a t e fr om t h e cir cu it fr om A t o
B. Su ch a cir cu it fr om B t o A m ay n ot follow t h e r ever se pa t h of t h e cir cu it
fr om A t o B beca u se som e n et wor k links m ay be slower in on e dir ect ion t h a n
t h e ot h er.
Circuit Establishment
Wh en a n ode S wa n t s t o com m u n icat e wit h a n ode D it con su lt s t h e r out in g
layer t o det er m in e t h e best lin k for pa cket s dest in ed t o D, a n d sends a cir cu it
est a blish m en t con t r ol pa cket over t h a t link. Th is pa cket con t a ins t he
followin g da t a :
dest in a t ion
QoS r equ ir em ent s
Cir cu it ID (see Sect ion 3.4.2)
Wh en a n ode A r eceives a cir cu it est a blish m en t pa cket , it ch ecks t o see if it is
t h e in t en ded dest in a t ion . If n ot , n ode A for war ds t h e est a blishm en t packet t o
on e of it s n eigh bor s a nd ch a n ges it s st a t e fr om C t o O. It det er m in es t he link
over wh ich t o for war d t h e m essa ge by con su lt in g t h e r ou t in g t a ble. If n ode A
is t h e fin a l dest in a t ion (i.e. A a n d D a r e t h e sam e n ode), t h en A sen ds an
a ckn owledgem en t pa cket ba ck t owa r d t h e or igin a l in it iat or n ode, S. E a ch
in t er m edia t e n ode, u pon r eceipt of a n a ckn owledgem en t pa cket , sim ila r ly
sen ds a n a ckn owledgem en t pa cket a lon g t h e cir cu it ba ckwar d t owar d S.
Wh en a n ode r eceives an a ckn owledgem ent pa cket , t h e cir cu it st at e ch a n ges
fr om O t o R . Wh en t h e or igin a l in it ia t or n ode D fin a lly r eceives a n
a ckn owledgem en t pa cket a n d ch a n ges it s st at e t o R , t he cir cu it is fu lly
est a blish ed a n d r eady for S t o begin sen din g dat a pa cket s t o D.
Circuit Tables
E a ch n ode m ay be a pa r t of sever a l cir cu it s. Th e cir cu it layer m a in t a ins a
circuit table, a n in t er n al da t a st r u ct u r e t h a t ena bles it t o associat e in bou n d
lin ks wit h ou t bou n d links, for ea ch a ct ive cir cu it passin g t h r ou gh a node.
Th e Cir cu it ID (CID) is a n u m ber t h at associa t es pa cket s a r r ivin g over a
pa r t icula r lin k wit h a pa r t icu lar cir cu it . Th e CIDs a ssocia t ed wit h differ en t
legs of a sin gle cir cu it m ay be differ en t . For exa m ple, if a pa cket cont ain in g
CID = v 1 a r r ives a t n ode N fr om lin k l 1, t he cir cuit layer consu lt s it s cir cu it
t a ble t o det er m in e t h at t h e pa cket sh ou ld be for wa r ded a lon g, say, link l 2 wit h
CID = v 2. If n ode N is t he pa cket ’s fin al dest in a t ion , t h en t h e cir cu it layer
for war ds t he dat a t o a user a pplica t ion pr ocess specified by t h e en dpoint
a ddr ess (sim ila r t o a TCP por t ) t h a t a ppea r s in t h e pa cket h eader.
Th e cir cu it layer uses t h e cir cu it t a ble t o sen d con t r ol pa cket s as well a s da t a.
Con t r ol pa cket s for open in g a n d closin g cir cu it s m ove in t h e forw ard
d irection, i.e. t he dir ect ion of dat a. Con t r ol pa cket s for a ckn owledgem ent s a nd
r eset t in g t h e cir cu it , if n ecessa r y, a r e sent in t he r ever se dir ect ion . Th e cir cu it
t a ble con t a ins su fficient in for m a t ion t o en a ble t h is.
A C
4 7
W X N Y Z
3 8
B D
A N C
a W X Y Z
B D
A C
N
b W X Y Z
B D
A C
c W X N Y Z
B D
A C
d W X Y Z
N
B D
A C
e W X Y Z
B N D
A X
Identity Layer
Th e con cept s of nam e an d location as t h ey a pply t o CoCo n et wor ks wer e
in t r oduced a t t h e beginn in g of t h is docu m en t . As DNS m aps n a m es t o IP
loca t ions, so does t h e CoCo Iden t it y layer. Sin ce devices m ay a ppea r t o ch a n ge
loca t ion on a r egu la r basis, especia lly in a d-h oc r ou t in g scen ar ios, t he pr ocess
of n am e r esolu t ion m ust sur vive cat a st r ophic net wor k even t s.
Ou r peer-t o-peer iden t it y m a n a gem ent syst em pr ovides a t em por a r y
r epla cem en t for DNS. Su ch a syst em necessit a t es a level of cr ypt ogr ap h ic
cer t a int y t h at r espon ses ca n be t r ust ed a nd quer ies shou ld be pr ocessed, so
CoCo u ses X.509-en coded, ch a in -sign ed, P KCS-com pa t ible cer t ifica t es t o
m a t ch a pu blic key t o a DNS-com pa t ible dom ain n a m e. For ea ch cer t ifica t e,
t h e Ident it y layer inst an t ia t es on e secu r it y role.
Ambu-
lance
Fire
Dept
US
P2 Seattle
P1 P3
WA
Police
IP Compatibility
Today’s h ost oper at in g syst em s ar e fa ir ly st a n da r d in t h eir r elia n ce u pon IP
socket s, wh ich in t ur n r equ ir es t h at expa nsions t o t h e syst em be deliver ed in
t h e for m of n et wor k in t er fa ces. An exa m ple fr om t he COTS m a r ket wou ld be
t h e com m on VP N or Wi-Fi m a n a gem en t soft war e wh ich inst a lls a n ew
n et wor k dr iver int o Micr osoft Win dows or Debia n Lin u x.
Th e m ost com m on m essa ge exch a n ges ar e DNS n a m e r esolu t ion, TCP or UDP
pa cket r out in g, ICMP sign a lin g, a n d IGMP gr oup m a n a gem en t . Our pr ot ocol
st a ck is ca pped wit h a t r a n sla t ion m odu le t o exch a n ge in st r u ct ion s bet ween
t h e h ost IP st a ck a n d t he m u lt i-t r a n spor t , m u lt ica st logica l view of t h e CoCo
n et wor k. So wh en a net wor k cir cu it discon n ect s, we m ay gen er a t e a m essa ges
su ch as T CP reset or ICM P h ost u n reachable t o effect ively in st r u ct t h e IP
st a ck. Th is is h ow In t er n et E xplor er a n d IIS wor k t oget h er per fect ly over
CoCo even on a pa ir of la pt ops in a deser t wit h n o DNS im plem ent a t ion .