Upload
morris-carroll
View
212
Download
0
Embed Size (px)
Citation preview
Passive DADPassive DAD
Henning SchulzrinneColumbia University
Problems of the current DADProblems of the current DAD In wireless networks, it takes long time
to get ICMP echo response, or even the response can be lost when the channel is very congested.
Windows XP SP2 activates the firewall, and the firewall blocks incoming ICMP echo by default.
ISC DHCP software has the bug in the DAD timer, and the timer value is decided between 0 ~ 1 sec randomly.
Passive DAD - ArchitecturePassive DAD - ArchitectureAddress Usage Collector (AUC)DHCP server
Router/Relay Agent
SUBNET
AUC collects all broadcast and ARP packets. AUC builds IP:MAC pair table. Whenever a new pair is added to the table, the
AUC sends the pair to the DHCP server. DHCP server checks if the pair is correct or not.
IP MAC ExpireIP1 MAC1 570
IP2 MAC2 580
IP3 MAC3 590IP4 MAC4
Broadcast/ARP
ARP checking AUC scans unused IPs using ARP query periodically. Silent node can be detected.
Passive DAD – ExamplePassive DAD – Example
AUCDHCP server
Router
IP:128.59.19.46MAC:AA:BB:CC:DD:EE
IP:128.59.19.46
IP:128.59.19.46MAC:AA:BB:CC:FF:GG
IP:128.59.19.46MAC:AA:BB:CC:DD:EE
IP:128.59.19.46MAC:AA:BB:CC:DD:EE
Lease info
IP MAC Exp
ARP query
xxxxxxxxxxxx
ARP query
xxxxxxxxxxxx
IP:128.59.19.46MAC:AA:BB:CC:FF:GG
Force Renew
Web server
Block AA:BB:CC:FF:GG
Forward HTTP traffic
ConclusionsConclusions It takes long time to get an IP from DHCP serv
er mostly because of DAD. The current DAD does not work because of Wi
ndows XP SP2. Passive DAD performs DAD without any overhe
ad. Passive DAD detects IP address collision and i
llegally used IPs. When a address collision is detected, Passive
DAD resolves the duplicate IP problem by using DHCP Force Renew (or VLAN banning).
Backup slidesBackup slides
Passive DAD – Expiration timerPassive DAD – Expiration timer The DHCP server does n
ot know if an IP is still used or not before the lease is expired.
An illegal IP address does not have the lease information
The DHCP server can check if IPs are used or not, periodically by introducing the expiration timer at the table of AUC.
IP MAC ExpireIP1 MAC1 540
IP2 MAC2 550
IP3 MAC3 560
IP4 MAC4 580
IP5 MAC5 590
IP3 MAC6 600
AUC
What to changeWhat to change New agent : AUC A new packet between AUC and DHCP s
erver
DHCP server logics No changes in DHCP clients
Subnet Identifier (4) MAC Address (6) IP Address (4)
ExperimentsExperiments
honamsun
DHCP serverAUC
AP
ARP, broadcast
Ethernet Switch
Columbia Wireless Network
CS Network
Experiment ResultsExperiment Results Convergence time
0
100
200
300
400
500
600
700
0 5000 10000 15000 20000 25000 30000 35000
Time (s)
Num
ber
of IP
s us
ed
Experiment ResultsExperiment Results Packet arrival rate at the DHCP server
0
5
10
15
20
25
30
35
0 5000 10000 15000 20000 25000 30000
Time (s)
Num
ber
of
pack
ets
(p/s
)