Passive DAD Sangho Shin Andrea Forte Henning Schulzrinne

Problems with the current DAD n n n In wireless networks, it takes long

Passive DAD - Architecture DHCP server Address Usage Collector (AUC) IP IP 4 MAC

Passive DAD – Example IP MAC Exp Lease info DHCP server IP: 128. 59.

Conclusions n n n It takes long time to get an IP from DHCP

Passive DAD – Expiration timer n n n The DHCP server does not know

What to change n n New agent : AUC A new packet between AUC

Experiments AP DHCP server Columbia Wireless Network AUC ARP, broadcast honamsun Ethernet Switch CS

Experiment Results n Convergence time 700 Number of IPs used 600 500 400 300

Experiment Results Packet arrival rate at the DHCP server 35 Number of packets (p/s)

Slides: 11

Download presentation

Passive DAD Sangho Shin Andrea Forte Henning Schulzrinne Columbia University

Problems with the current DAD n n n In wireless networks, it takes long time to get ICMP echo response, or even the response can be lost when the channel is very congested. Windows XP SP 2 activates the firewall, and the firewall blocks incoming ICMP echo by default. ISC DHCP software has the bug in the DAD timer, and the timer value is randomly decided between 0 ~ 1 sec.

Passive DAD - Architecture DHCP server Address Usage Collector (AUC) IP IP 4 MAC Expire IP 1 IP 2 MAC 1 MAC 2 570 580 IP 3 MAC 3 590 Broadcast/ARP Router/Relay Agent SUBNET n n n AUC collects all broadcast and ARP packets. AUC builds IP: MAC pair table. Whenever a new pair is added to the table, the AUC sends the pair to the DHCP server checks if the pair is correct or not. ARP checking n n AUC scans unused IPs using ARP query periodically. Silent node can be detected.

Passive DAD – Example IP MAC Exp Lease info DHCP server IP: 128. 59. 19. 46 MAC: AA: BB: CC: DD: EE AUC IP: 128. 59. 19. 46 MAC: AA: BB: CC: DD: EE IP: 128. 59. 19. 46 MAC: AA: BB: CC: FF: GG Block AA: BB: CC: FF: GG Force Renew IP: 128. 59. 19. 46 ARP query IP: 128. 59. 19. 46 MAC: AA: BB: CC: DD: EE xxxxxxxxxxxx Web server Router Forward HTTP traffic ARP query IP: 128. 59. 19. 46 MAC: AA: BB: CC: FF: GG

Conclusions n n n It takes long time to get an IP from DHCP server mostly because of DAD. The current DAD does not work because of Windows XP SP 2. Passive DAD performs DAD without any overhead. Passive DAD detects IP address collision and illegally used IPs. When a address collision is detected, Passive DAD resolves the duplicate IP problem by using DHCP Force Renew (or VLAN banning).

Backup slides

Passive DAD – Expiration timer n n n The DHCP server does not know if an IP is still used or not before the lease is expired. An illegal IP address does not have the lease information The DHCP server can check if IPs are used or not, periodically by introducing the expiration timer at the table of AUC. IP MAC Expire IP 1 IP 2 IP 3 MAC 1 MAC 2 MAC 3 540 550 560 IP 4 IP 5 IP 3 MAC 4 MAC 5 MAC 6 580 590 600 AUC

What to change n n New agent : AUC A new packet between AUC and DHCP server Subnet Identifier (4) MAC Address (6) n n IP Address (4) DHCP server logics No changes in DHCP clients

Experiments AP DHCP server Columbia Wireless Network AUC ARP, broadcast honamsun Ethernet Switch CS Network

Experiment Results n Convergence time 700 Number of IPs used 600 500 400 300 200 100 0 0 5000 10000 15000 20000 Time (s) 25000 30000 35000

Experiment Results Packet arrival rate at the DHCP server 35 Number of packets (p/s) n 30 25 20 15 10 5 0 0 5000 10000 15000 Time (s) 20000 25000 30000