master thesis supporting ipv6 host based multihoming
play

Master Thesis Supporting IPv6 host-based multihoming (shim6) in - PowerPoint PPT Presentation

Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Master Thesis Supporting IPv6 host-based multihoming (shim6) in Linux Firewalls Christoph Paasch


  1. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Master Thesis Supporting IPv6 host-based multihoming (shim6) in Linux Firewalls Christoph Paasch December 20, 2010 Christoph Paasch Master Thesis - Shim6-firewall

  2. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Theoretic overview 1 Shim6 and Firewalls: Problem statement 2 Implementation 3 Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

  3. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Theoretic overview 1 Multihoming Shim6 Statefull firewall Shim6 and Firewalls: Problem statement 2 Design of the shim6 firewall Implementation 3 Shim6-firewall architecture Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

  4. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Multihoming Supporting IPv6 host-based multihoming (shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  5. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Multihoming Supporting IPv6 host-based multihoming (shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  6. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Multihoming Supporting IPv6 host-based multihoming (shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  7. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Supporting IPv6 host-based multihoming ( shim6 ) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  8. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Supporting IPv6 host-based multihoming ( shim6 ) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  9. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Supporting IPv6 host-based multihoming ( shim6 ) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  10. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Supporting IPv6 host-based multihoming ( shim6 ) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  11. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Separate Locators from Identifiers. Identifier Identifies a connection and is passed to the upper layer protocols. Locators Used inside the packet. Christoph Paasch Master Thesis - Shim6-firewall

  12. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Shim6 Shim6 control messages Establish the shim6 session Assure connectivity Switch locators Shim6 payload messages Transport payload-data, tagged with the context tag Christoph Paasch Master Thesis - Shim6-firewall

  13. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Statefull firewall Supporting IPv6 host-based multihoming(shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  14. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Statefull firewall Supporting IPv6 host-based multihoming(shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  15. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Statefull firewall Supporting IPv6 host-based multihoming(shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  16. Theoretic overview Shim6 and Firewalls: Problem statement Multihoming Implementation Shim6 Performance evaluation Statefull firewall Configuring a shim6-firewall Conclusion Statefull firewall Supporting IPv6 host-based multihoming(shim6) in Linux Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  17. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Design of the shim6 firewall Performance evaluation Configuring a shim6-firewall Conclusion Theoretic overview 1 Multihoming Shim6 Statefull firewall Shim6 and Firewalls: Problem statement 2 Design of the shim6 firewall Implementation 3 Shim6-firewall architecture Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

  18. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Design of the shim6 firewall Performance evaluation Configuring a shim6-firewall Conclusion Shim6 vs. Stateful Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  19. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Design of the shim6 firewall Performance evaluation Configuring a shim6-firewall Conclusion Shim6 vs. Stateful Firewalls Christoph Paasch Master Thesis - Shim6-firewall

  20. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Design of the shim6 firewall Performance evaluation Configuring a shim6-firewall Conclusion Solution Associate the new flow to the original state Track shim6 context establishment Map Context Tag to the pair of identifiers Problems Shim6 does not allow support of each feature in stateful firewalls. Shim6 needs to be changed. Christoph Paasch Master Thesis - Shim6-firewall

  21. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Shim6-firewall architecture Performance evaluation Configuring a shim6-firewall Conclusion Theoretic overview 1 Multihoming Shim6 Statefull firewall Shim6 and Firewalls: Problem statement 2 Design of the shim6 firewall Implementation 3 Shim6-firewall architecture Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

  22. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Shim6-firewall architecture Performance evaluation Configuring a shim6-firewall Conclusion Shim6-Firewall architecture Christoph Paasch Master Thesis - Shim6-firewall

  23. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Shim6-firewall architecture Performance evaluation Configuring a shim6-firewall Conclusion Shim6-Firewall architecture Christoph Paasch Master Thesis - Shim6-firewall

  24. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Theoretic overview 1 Multihoming Shim6 Statefull firewall Shim6 and Firewalls: Problem statement 2 Design of the shim6 firewall Implementation 3 Shim6-firewall architecture Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

  25. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Test Setup Creation of a huge number of firewall-states Delay measured that the firewall introduces Christoph Paasch Master Thesis - Shim6-firewall

  26. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Session Initiation messages Delay introduced by the firewall for shim6/TCP state initiation messages 100 TCP-syn on shim6-firewall I1-message on shim6-firewall TCP-syn on clean Kernel 90 80 70 Delay in micro-seconds 60 50 40 30 20 10 0 50000 100000 150000 200000 250000 300000 Number of states created Christoph Paasch Master Thesis - Shim6-firewall

  27. Theoretic overview Shim6 and Firewalls: Problem statement Implementation Performance evaluation Configuring a shim6-firewall Conclusion Theoretic overview 1 Multihoming Shim6 Statefull firewall Shim6 and Firewalls: Problem statement 2 Design of the shim6 firewall Implementation 3 Shim6-firewall architecture Performance evaluation 4 Configuring a shim6-firewall 5 Conclusion 6 Christoph Paasch Master Thesis - Shim6-firewall

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend