hands-on the deployment of a laboratory wireless network€¦ · hands-on the deployment of a...
TRANSCRIPT
Studienseminar für Datentechnik
HANDS-ON THE DEPLOYMENT OF A LABORATORYLABORATORY
WIRELESS NETWORK
Binh Thuan Nguyeng yDiplom Informatik Student
Advisor: Prof. Jukan, Said Zaghloul, g
CONTENTSCONTENTS
1. Motivation
2. Background
b S d S f k3. Lab Setup and Software Packages
4. Demonstrations
5. Experimental Results
6. Summary and Conclusions
Folie 2
1 MOTIVATION1. MOTIVATION
H i th ti b t i l li t d i t ? How secure is the connection between wireless clients and access points ?We want to setup a wireless Lab, which offers very good security.
Solution: Radius
EAP E ibl A h i i P lEAP: Extensible Authentication ProtocolRADIUS: Remote Authentication Dial-In User ServiceAAA: Authentication, Authorization & Accounting
Folie 3
1 MOTIVATION1. MOTIVATION
From the network layer’s standpoint, how mobile is a user ?We want setup a wireless lab, which offers the mobile node‘s address to always remain the same, wherever it moves from a access point to another access point.
Solution: MIPv6
Folie 4
2 BACKGROUND2. BACKGROUND
What is RADIUS ? What is RADIUS ?Radius (Remote Authentication Dial-In User Service) is a networking protocol, which supports:
Centralized access Centralized access Authorization Accounting management
Properties of RADIUS The RADIUS protocol does not transmit passwords in cleartext
b t th N t k A S d RADIUS i between the Network Access Server and RADIUS server in our experiment.
RADIUS uses UDP as Transport Layer
Folie 5
2. BACKGROUND2. BACKGROUND
• How does EAP TTLS work ?• How does EAP-TTLS work ?
Folie 6
2. BACKGROUND2. BACKGROUND
Folie 7
2 BACKGROUND2. BACKGROUND• What is Mobile IPv6 ? MIPv6 is a communication protocol to allow mobile device users can
access the difference Network by the same IP address The Mobile IPv6 protocol makes mandatory the use of IPsec
• IPSec (Internet Protocol Security)IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer (Layer 3) of the Internet Protocol Suite to:
- Protect the Binding Update/Binding Acknowledge messages for Home Registration
- Tunnel all traffic between Mobile Node and Home Agent when the Mobile Node is not at home
Folie 8
2 BACKGROUND2. BACKGROUND
• How does Mobile IP work ?• How does Mobile IP work ?
Folie 9
3 LAB SETUP3. LAB SETUP
eth0 eth2
eth1 eth1eth4
eth0
HA: Home AgentAAA: RADIUS ServerMN: Mobile Node
Folie 10
AR: Access RouterAP: Access Point
3 LAB SETUP3. LAB SETUP
• The Home Agent (as well as AAA Server) :• The Home Agent (as well as AAA-Server) :
eth4: 2001:db8:2::1 eth1: 2001:db8::1eth4: 2001:db8:2::1
eth0: Uni IP addresseth3: 192.168.1.3
• The Mobile Node :
ath0: 2001:db8::beef
Folie 11
3 LAB SETUP3. LAB SETUP
• The Access Router 1:• The Access Router 1:
eth2: 2001:db8:3::1eth1: 2001:db8:2::2 eth2: 2001:db8:3::1eth1: 2001:db8:2::2
• The Access Router 2:
eth3: 2001:db8:2::3 eth4: 2001:db8:5::1
Folie 12
3 LAB SETUP3. LAB SETUP
• The Access Point 1 (a PC):• The Access Point 1 (a PC):eth0: Uni IP address
ath0eth1
• The Access Point 2 (a Hardware Router):• The Access Point 2 (a Hardware Router):
Wire interface: 192.168.1.1
Wire interface Wireless interface
Folie 13
3 LAB SETUP3. LAB SETUP
• Software packages:
Note Software VersionHome Agent MIPv6 kernel patch 2.6.22-14
• Software packages:
(AAA) MIPv6 DeamonRadvd
Racoon2 Mysql
0.41.00.6
5.0.45Mysql Freeradius Daloradius
1.1.30.9-7
Mobile Node MIPv6 kernel patch 2.6.22-14MIPv6 Deamon
Racoon2 Wpa_supplicant
0.40.6
0.5.8Access Router Rad d 1 0Access Router
1Radvd 1.0
Access Router 2
Radvd 1.0
Folie 14
2Access Point 1 Madwifi
Hostapd0.9.20.5.5
3 LAB SETUP3. LAB SETUP
• The Problems:• The Problems:- MIPv6 Kernel patch- IPSec Configuration
C tifi t- Certificates
• The Goal:After the Setup, we should have a wireless lab which supports:- Security wireless authentication- MIPv6
Folie 15
4 DEMONSTRATIONS 4. DEMONSTRATIONS
• Radius:• Radius: Radius Connection (inclusive Handoff):
Trying to associate with 00:1c:f0:0f:20:16 (SSID='accesspointA' freq=2417 MHz)Associated with 00:1c:f0:0f:20:16f fCTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1c:f0:0f:20:16 [PTK=CCMP GTK=CCMP]
CTRL EVENT DISCONNECTED Di t t k
WPA: Key negotiation completed with 00:1c:f0:0f:20:16 [PTK=CCMP GTK=CCMP]CTRL-EVENT-CONNECTED - Connection to 00:1c:f0:0f:20:16 completed (auth) [id=1
id_str=]WPA: Group rekeying completed with 00:1c:f0:0f:20:16 [GTK=CCMP]CTRL EVENT DISCONNECTED Di t t kCTRL-EVENT-DISCONNECTED - Disconnect event - remove keysTrying to associate with 00:1c:f0:0f:20:16 (SSID='accesspointA' freq=2417 MHz)Authentication with 00:00:00:00:00:00 timed out.Trying to associate with 00:1a:70:e0:f8:e4 (SSID='accesspointB' freq=2462 MHz)Associated with 00:1a:70:e0:f8:e4
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keysTrying to associate with 00:1c:f0:0f:20:16 (SSID='accesspointA' freq=2417 MHz)Authentication with 00:00:00:00:00:00 timed out.Trying to associate with 00:1a:70:e0:f8:e4 (SSID='accesspointB' freq=2462 MHz)Associated with 00:1a:70:e0:f8:e4CTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1a:70:e0:f8:e4 [PTK=CCMP GTK=TKIP]CTRL-EVENT-CONNECTED - Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id=0 id str=]
CTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1a:70:e0:f8:e4 [PTK=CCMP GTK=TKIP]CTRL-EVENT-CONNECTED - Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id=0 id str=]
Folie 16
CTRL EVENT CONNECTED Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id 0 id_str ]CTRL EVENT CONNECTED Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id 0 id_str ]
4 DEMONSTRATIONS 4. DEMONSTRATIONS
• Radius:• Radius: Radius Connection (inclusive Handoff):
Trying to associate with 00:1c:f0:0f:20:16 (SSID='accesspointA' freq=2417 MHz)Associated with 00:1c:f0:0f:20:16CTRL EVENT EAP STARTED EAP th ti ti t t dCTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1c:f0:0f:20:16 [PTK=CCMP GTK=CCMP]CTRL-EVENT-CONNECTED - Connection to 00:1c:f0:0f:20:16 completed (auth) [id=1 id_str=]p ( ) [ _ ]WPA: Group rekeying completed with 00:1c:f0:0f:20:16 [GTK=CCMP]CTRL-EVENT-DISCONNECTED - Disconnect event - remove keysTrying to associate with 00:1c:f0:0f:20:16 (SSID='accesspointA' freq=2417 MHz)Authentication with 00:00:00:00:00:00 timed out.
CTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL EVENT EAP SUCCESS EAP h i i l d f ll
Trying to associate with 00:1a:70:e0:f8:e4 (SSID='accesspointB' freq=2462 MHz)Associated with 00:1a:70:e0:f8:e4CTRL-EVENT-EAP-STARTED EAP authentication startedCTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selectedCTRL EVENT EAP SUCCESS EAP h i i l d f llCTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1a:70:e0:f8:e4 [PTK=CCMP GTK=TKIP]CTRL-EVENT-CONNECTED - Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id=0 id_str=]
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfullyWPA: Key negotiation completed with 00:1a:70:e0:f8:e4 [PTK=CCMP GTK=TKIP]CTRL-EVENT-CONNECTED - Connection to 00:1a:70:e0:f8:e4 completed (reauth) [id=0 id_str=]
Folie 17
4 DEMONSTRATIONS 4. DEMONSTRATIONS
Radius Wireshark: Radius Wireshark:
Folie 18
4 DEMONSTRATIONS 4. DEMONSTRATIONS
Radius Wireshark: Radius Wireshark:
Folie 19
4 DEMONSTRATIONS 4. DEMONSTRATIONS
Radius Wireshark: Radius Wireshark:
AVP: l=58 t=Vendor-Specific(26) v=Microsoft(311)VSA l 52 t MS MPPE R K (17) E2FDF6715DCBFA8A91A024F9E83D3E68D51DC1D53BC3910FVSA: l=52 t=MS-MPPE-Recv-Key(17): E2FDF6715DCBFA8A91A024F9E83D3E68D51DC1D53BC3910F...
MS-MPPE-Recv-Key: E2FDF6715DCBFA8A91A024F9E83D3E68D51DC1D53BC3910F...AVP: l=58 t=Vendor-Specific(26) v=Microsoft(311)
VSA: l=52 t=MS-MPPE-Send-Key(16): EFD45FA0614C44F618A7894832431833DB83E2D540597DF6...VSA: l 52 t MS MPPE Send Key(16): EFD45FA0614C44F618A7894832431833DB83E2D540597DF6...MS-MPPE-Send-Key: EFD45FA0614C44F618A7894832431833DB83E2D540597DF6...
Folie 20
4 DEMONSTRATIONS 4. DEMONSTRATIONS
• MIPv6:• MIPv6: MIPv6 Connection:
Fri Nov 21 22:34:18 __md_discover_router: discover link on iface ath0 (6)Fri Nov 21 22:34:18 md change default router: add new router fe80:0:0:0:215:17ff:fe4a:5ff0 _ g _ f _ f ff f ff
on interface ath0 (6)Fri Nov 21 22:34:18 md_update_router_stats: add coa 2001:db8:5:0:217:9aff:feb7:5671 on
interface (6)Fri Nov 21 22:34:20 mn move: 1751
Fri Nov 21 22:34:20 mn_block_rule_add: blackhole is already set.Fri Nov 21 22:34:20 mn_send_home_bu: 789Fri Nov 21 22:34:20 mn_get_home_lifetime: CoA lifetime 2591998 s, HoA lifetime 4294967295 s, BU
_Fri Nov 21 22:34:20 mn_move: in foreign netFri Nov 21 22:34:20 mn_block_rule_add: blackhole is already set.Fri Nov 21 22:34:20 mn_send_home_bu: 789Fri Nov 21 22:34:20 mn_get_home_lifetime: CoA lifetime 2591998 s, HoA lifetime 4294967295 s, BU g f f , f ,
lifetime 262140 sFri Nov 21 22:34:20 process_first_home_bu: New bule for HAFri Nov 21 22:34:20 bul_add: Adding bule
g f f , f ,lifetime 262140 s
Fri Nov 21 22:34:20 process_first_home_bu: New bule for HAFri Nov 21 22:34:20 bul_add: Adding bule
Folie 21
4 DEMONSTRATIONS 4. DEMONSTRATIONS
• MIPv6:• MIPv6: MIPv6 Connection:Fri Nov 21 22:34:18 __md_discover_router: discover link on iface ath0 (6)Fri Nov 21 22:34:18 md_change_default_router: add new router fe80:0:0:0:215:17ff:fe4a:5ff0 on interface ath0 (6)Fri Nov 21 22:34:18 md_update_router_stats: add coa 2001:db8:5:0:217:9aff:feb7:5671 on interface (6)Fri Nov 21 22:34:20 mn_move: 1751Fri Nov 21 22:34:20 mn_move: in foreign netFri Nov 21 22:34:20 mn_block_rule_add: blackhole is already set.
F i N d h b 7Fri Nov 21 22:34:20 mn_send_home_bu: 789Fri Nov 21 22:34:20 mn_get_home_lifetime: CoA lifetime 2591998 s, HoA lifetime
4294967295 s, BU lifetime 262140 sFri Nov 21 22:34:20 process_first_home_bu: New bule for HAFri Nov 21 22:34:20 bul_add: Adding bule
Folie 22
4 DEMONSTRATIONS 4. DEMONSTRATIONS
MIPv6 Connection (from the MN Side): MIPv6 Connection (from the MN Side):== BUL_ENTRY ==Home address 2001:db8:0:0:0:0:0:beefCare-of address 2001:db8:5:0:217:9aff:feb7:5671
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:20 mn send home bu: New bule for HA
Care of address 2001:db8:5:0:217:9aff:feb7:5671CN address 2001:db8:0:0:0:0:0:1lifetime = 262140, delay = 1500flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:20 mn send home bu: New bule for HAFri Nov 21 22:34:20 mn_send_home_bu: New bule for HAFri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ipsec ESP
Fri Nov 21 22:34:20 mn_send_home_bu: New bule for HAFri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ocoa 2001:db8:0:0:0:0:0:beef
Fri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ocoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ncoa 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 mh_send: sending MH type 5from 2001:db8:0:0:0:0:0:beefto 2001:db8:0:0:0:0:0:1
Fri Nov 21 22:34:20 dump_migrate: ncoa 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 mh_send: sending MH type 5from 2001:db8:0:0:0:0:0:beefto 2001:db8:0:0:0:0:0:1
Folie 23
to 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 mh_send: local CoA 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 bul_update_timer: Updating timer
to 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 mh_send: local CoA 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 bul_update_timer: Updating timer
4 DEMONSTRATIONS 4. DEMONSTRATIONS
MIPv6 Connection (from the MN Side): MIPv6 Connection (from the MN Side):== BUL_ENTRY ==Home address 2001:db8:0:0:0:0:0:beefCare-of address 2001:db8:5:0:217:9aff:feb7:5671CN address 2001:db8:0:0:0:0:0:1lifetime = 262140, delay = 1500flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:20 mn_send_home_bu: New bule for HA
d f d Fri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ipsec ESPp g pFri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump migrate: ocoa 2001:db8:0:0:0:0:0:beef
Fri Nov 21 22:34:20 mh_send: sending MH type 5f 2001 db8 0 0 0 0 0 b f
Fri Nov 21 22:34:20 dump_migrate: ocoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ncoa 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 mh_send: sending MH type 5f 2001 db8 0 0 0 0 0 b f
Folie 24
from 2001:db8:0:0:0:0:0:beefto 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 mh_send: local CoA 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 bul_update_timer: Updating timer
from 2001:db8:0:0:0:0:0:beefto 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 mh_send: local CoA 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 bul_update_timer: Updating timer
4 DEMONSTRATIONS 4. DEMONSTRATIONS
MIPv6 Connection (from the MN Side): MIPv6 Connection (from the MN Side):== BUL_ENTRY ==Home address 2001:db8:0:0:0:0:0:beefCare-of address 2001:db8:5:0:217:9aff:feb7:5671CN address 2001:db8:0:0:0:0:0:1lifetime = 262140, delay = 1500flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:20 mn_send_home_bu: New bule for HAFri Nov 21 22:34:20 dump migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 dump migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: ifindex 15Fri Nov 21 22:34:20 dump_migrate: hoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ha 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 dump_migrate: ocoa 2001:db8:0:0:0:0:0:beefFri Nov 21 22:34:20 dump_migrate: ncoa 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 dump_migrate: ipsec ESPFri Nov 21 22:34:20 mh_send: sending MH type 5from 2001:db8:0:0:0:0:0:beefto 2001:db8:0:0:0:0:0:1
Folie 25Fri Nov 21 22:34:20 bul_update_timer: Updating timer
to 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 mh_send: local CoA 2001:db8:5:0:217:9aff:feb7:5671Fri Nov 21 22:34:20 bul_update_timer: Updating timer
4 DEMONSTRATIONS 4. DEMONSTRATIONS
MIPv6 Connection (from the MN Side): MIPv6 Connection (from the MN Side):== BUL_ENTRY ==Home address 2001:db8:0:0:0:0:0:beefCare-of address 2001:db8:5:0:217:9aff:feb7:5671CN address 2001:db8:0:0:0:0:0:1CN address 2001:db8:0:0:0:0:0:1lifetime = 262140, delay = 1500flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:20 tunnel_mod: modifying tunnel 15 end points with from
2001:db8:5:0:217:9aff:feb7:5671 to 2001:db8:0:0:0:0:0:12001:db8:5:0:217:9aff:feb7:5671 to 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:20 __tunnel_mod: modified tunnel iface ip6tnl1 (15)from
2001:db8:5:0:217:9aff:feb7:5671 to 2001:db8:0:0:0:0:0:1Fri Nov 21 22:34:21 mn_recv_ba: 1039Fri Nov 21 22:34:21 mn recv ba: Got BA from 2001:db8:0:0:0:0:0:1 to home address
Fri Nov 21 22:34:21 mn_recv_ba: Dumping corresponding BULE
Fri Nov 21 22:34:21 mn_recv_ba: Got BA from 2001:db8:0:0:0:0:0:1 to home address2001:db8:0:0:0:0:0:beef with coa 2001:db8:5:0:217:9aff:feb7:5671 and status 0
Fri Nov 21 22:34:21 mn_recv_ba: Dumping corresponding BULE
Folie 26
4 DEMONSTRATIONS 4. DEMONSTRATIONS
MIPv6 Connection (from the MN Side): MIPv6 Connection (from the MN Side):== BUL_ENTRY ==Home address 2001:db8:0:0:0:0:0:beefCare-of address 2001:db8:5:0:217:9aff:feb7:5671CN address 2001:db8:0:0:0:0:0:1CN address 2001:db8:0:0:0:0:0:1lifetime = 262140, delay = 249033000flags: IP6_MH_BU_HOME IP6_MH_BU_ACK IP6_MH_BU_KEYMFri Nov 21 22:34:23 mpd_schedule_first_mps: schedule MPS in 2332795 s
Fri Nov 21 22:34:27 md update router stats: add coa 2001:db8:5:0:217:9aff:feb7:5671 on Fri Nov 21 22:34:27 md_update_router_stats: add coa 2001:db8:5:0:217:9aff:feb7:5671 on interface (6)
Folie 27
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• How long is the connection time and how fast goes the signal down ?• How long is the connection time and how fast goes the signal down ?• Test Object:- An Access Point with a D-Link DWL-G520 and a Laptop with a DWL-650
wireless card :wireless card : Receiver Sensitivity: -68 dBm for 54 Mbps
-89 dBm for 1 MbpsT itt O t t P 15 dB ± 2dBTransmitter Output Power: 15 dBm ± 2dB
• Test Procedure:- A bash script is written to automatic establish and disestablish the
i l tiwireless connection- A script is run 1000 times
Folie 28
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• The Floor Plan:• The Floor Plan:
1.75mAP
15m20m32m
Folie 29
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• Signal To Noise Ratio :• Signal To Noise Ratio :
Folie 30
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• Signal To Noise Ratio :• Signal To Noise Ratio :- The distance doesn’t mean everything in our experiment- The wireless environment are also calculated
Th th l d l d t fi t h f t th bil d- The path loss model are used to figure out how fast the mobile node signal will be lost when it’s moving.
10 X
Whereas:
0 10 100
+ X
n : path loss exponentd0: the close-in reference distanced: the T-R distanceX: a Gaussian random variable
- The path loss exponent n in our experiment is 3.9- The shadowing variance in our experiment is 3.6
Folie 31
g p
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
The test result of the RADIUS connection
Folie 32
79.4% 72.5% 15m1.8m80%
80%
60% 60%
40%40%
20%
40%
20%
0.3% 0.1%2 3 4 5 6 7 10 11
0 02 3 4 5 6 7 10 13
66 8%20m 32m80%
30%66.8%
16 2%
27.2%60%
40%
30%
20%16.2%40%
20% 10%
0.9%03 4 5 6 7 11 14 >20
01 2 3 4 5 6 7 8 10 12 14 15 16 18 20 >20
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
The test result of the MIPv6 connection
Folie 34
72.4% 67.9%1.8m 15m80% 80%
60%
40%
60%
40%
0 5% 0 6%
20% 20%
0.5% 0.6%3 4 5 6 7 8 13 14 15 16 17 >20
0 03 4 5 6 7 8 13 14 15 16 >20
48.6%20m60%
40%
20.5%20%
03 4 5 6 7 8 10 11 13 14 15 16 17 19 >20
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• The summary of the Radius and MIP Connection :
Radius
conn
ectMIPv6
ssib
le to
cIm
po
Folie 36
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• The Timer:
RADIUS Radvd MIPv6
Resend: 5 secs Resend: 10 secs Resend: 10 secsIKE Phase 1: 15 secs IKE Phase 2: 10 secsIKE Phase 2: 10 secs
Folie 37
6 SUMMARY AND CONCLUSIONS 6. SUMMARY AND CONCLUSIONS
• Conclusions:• Conclusions:- The RADIUS can be operated in at the coverage limit 4 dBm Signal to
Noise ratioThe MIPv6 is impossible when the Signal to Noise ratio is under 10 dBm- The MIPv6 is impossible when the Signal to Noise ratio is under 10 dBm
- The MIPv6 can be operated in the office environment, which has a 2x20m distance between two access points
• Challenge and future works: MIPv6 deamon is still beta
I f i t i ibl t t t Iperf is not impossible to test MIPv6 Handoff is too long because of wpa_supplicant
Folie 38
Thank You Very MuchQ ti ?Question ?
Folie 39
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• Radius:• Radius: The most successfully Radius Connection
79.4%72.5% 66.8%
800
66.8%600
27.2%400
200
1.75 15 20 320
Folie 40
1.75 15 20 32
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• Radius:• Radius: The failed Radius Connection
16.2%160
120
80
40
0.3% 0.1% 0.9%
1.75 15 20 320
Folie 41
1.75 15 20 32
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• MIPv6:• MIPv6: The most successfully MIP Connection
72.4% 67.9%800
48.6%600
400400
200
0%1.75 15 20 32
0
Folie 42
1.75 15 20 32
5 EXPERIMENTAL RESULTS 5. EXPERIMENTAL RESULTS
• MIPv6:• MIPv6: The failed MIP Connection
100%
1200
1000
800
600
20 5%
600
400
0.5% 0.6%
20.5%
1.75 15 20 32
200
0
Folie 43
1.75 15 20 32
2 BACKGROUND2. BACKGROUND
• IPv6IPv6- Longer addresses- Stateless address
autoconfigurationautoconfiguration - Increase security- Support realtime data traffic
(quality of service)(quality of service)- Support mobility (MIPv6)
Next ength Type ReservedNext Header
ength Type Reserved
Checksum Data
Folie 44
Mobility Header IPSec Header
2. BACKGROUND2. BACKGROUND
• How does Radius work ?• How does Radius work ?
NAS N t k A S
Folie 45
NAS: Network Access ServerAAA: Authentication, Authorization & Accounting