IPv6 and IPv4

Mobile Networking Demonstration

 

 

Demonstration Schedule:

 

Demonstrations will occur on the half hour throughout the day.    There will be two mobile units, a large mobile networking experimental van and a conversion or minivan.  The large van will have the IPv6 network onboard and will have connectivity to the world via a T-Mobile network and the Globalstar satellite constellation.  This van can safely transport 4 participants/observers a driver, and a guide.  The conversion van will should be able to handle at least 4 participants/observers as well as a driver and a guide.

 

A booth will be set up in the ICNS exhibition area to explain the IPv4 and IPv6 networks prior to going on the road and to show off some of the technology pieces (encryptors, antennas, and routers).  Communication via the Internet to the mobile units will also be available from this booth.

 

Monday, April 26 – Transport mobile units from Cleveland, Ohio the Hyatt Hotel in Fairfax, Virginia

Tuesday, April 27 –    9:00-4:30  live demonstrations on the half hour  (sign up suggested)

Wednesday, April  28 –  All day off-site demonstrations in Washington D.C. area

Thusday, April 29 –    9:00-4:30  live demonstrations on the half hour  (sign up suggested)

Friday, April 30 –  Transport mobile units from Fairfax, Virginia to Cleveland, Ohio

 

 

Purpose:

  • Demonstration of sharing of network infrastructure.
    • Leasing bandwidth rather than owing infrastructure.
    • Operating a mobile network over someone else’s network!
  • Demonstration of IPv4 Mobile Networking with layered security.
  • Demonstration of current state-of-the-bleeding-edge IPv6 mobile networking capabilities.
  • Demonstrate migration path from IPv4 to IPv6 and IPv6/IPv4 interoperability.

 

 

IPv4 Network (Figure 1)

  • Emulates Aircraft command and Control Network secured from Aircraft Entertainment Services Network.
  • Emulates Secure Mobile Network – “Strategic Mode”
    • Cisco PIX firewalls used instead of High Assurance Internet Protocol Encryption (HAIPE) for ease of use, cost and controls.

 

In the IPv4 mobile networking demonstration, Cisco IPv4 Mobile Networking IOS code is utilized.  The mobile router is attached to two different wide area networks using current cellular technology.  Both Sprint and Verizon networks are utilized in order to show handoffs between diverse networks as well as used of sharing network infrastructure while still maintaining a secure mobile network.  WiFi may also be utilized if available – however, NAT transversal requirements may preclude use of WiFi for this demonstration due to the limitation of the current code build we will be using.  NAT/PAT transversal problems have been solved recently, but may not be available in the 3250 image in time for this demonstration.

 

The “secured mobile LAN” appears to the world to reside “inside” the protected  NASA Glenn Research Center (GRC) network and is forced to follow ALL the security policies of the GRC internal network (For example, PINGs will not work to machines on the Internet.)  User operating from the secured mobile network will pass through the GRC proxy when corresponding to nodes on the Internet.  In addition, nodes on the secured mobile LAN can initiate communication to nodes inside the GRC internal network.  All data coming from the secured mobile LAN will be encapsulated in an IPSec tunnel destined for the Cisco PIX firewall unit located on the GRC External Services Network.

 

The mobile router address space resides on the GRC External Services Network, the ESN.  The ESN resides inside the GRC firewall and rules have been established between the mobile network team and the GRC security team to ensure that only data on this subnetwork is treated as with the following rules: 

  1. Only mobile router tunnels can enter that network from outside GRC. 
  2. Any users trying to communicate from inside GRC with hosts on the secure mobile LAN are directed to the PIX firewall and that data is encapsulated in an IPSec tunnel destined for the mobile network PIX.
  3. The data from the “secured mobile LAN” has been encapsulated in an IPSec tunnel at the mobile router.  This IPSec tunnel is forwarded from the Home Agent to the ESN PIX firewall.
  4. All other data cannot get off the Home Agent subnet on the ESN. 

 

Because of these firewall rules, any machines on the “unsecured mobile LAN” can only communicate with the remote controlled camera or hosts residing on the Home Agent ESN subnetwork.  

 

In figure 1, the heavy black lines indicated IPv4 unsecured open network connections.  These connections correspond to unsecured network, also known as the “BLACK” network – the portion of the network that transports the “cipher text” or encrypted information.   The heavy red lines indicate the secured closed network.  These connections correspond to the secured network, also known and the “RED” network –  the portion of the network that contains “clear text” or unencrypted data.

 

 

Figure 1 – IPv4 Mobile Network

 

 

 

IPv6 Network (Figure 2)

  • All mobility is performed utilizing IPv6 mobile networking code.
  • IPv4 networks are used as the backbone network as this is the current state of the public network infrastructure in the United States
  • Cisco code developed in France that uses the IPv4 traversal for MIPv6 based Mobile Routers is used to transition the IPv4 Networks, including T-Mobiles network which uses NATs.
  • Demonstrates IPv6 mobile networking over a satellite network, the Globalstar constellation with HAIPE-capable encryption using Western Datacom’s IPE-2M encryption units.
    • Globalstar ground station is located in Smith Falls, Ontario Canada
    • 16 channel combiner is located at Qualcomm in San Diego
    • Network is and IPv4 backbone

 

In the IPv6 mobile networking demonstration, Cisco IPv6 Mobile Networking IOS code is utilized.  This code was developed by the Cisco development team in France and has functionality to automatically tunnel through IPv4 networks including transitioning NATs and PATs.  The mobile router is attached to two different wide area networks.  The first is to use T-Mobile’s General Packet Radio Services (GPRS) at 56kbps.  The T-Mobile network performs NATing in the IPv4 world.  The second network the will be used is via Globalstar.  On this link we will also demonstrate encryption using NSA’s High Assurance Internet Protocol Encryptor (HAIPE).  In the Globalstar system we will utilize Qualcomm’s MDSS-16 communication system.  The MDSS-16 operates at approximately 110 kbps of usable bandwidth and is accomplished by combining 16 Globalstar data channels.  One data multiplexer/demultiplexer resides with the antenna system.  The corresponding demultiplexer/multiplexer is located at Qualcomm’s facilities in San Diego, California.

 

Since the current backbones systems are IPv4, all IPv6 network clouds are connected via 6-to-4 tunnels.  Thus,  Eurocontrol , Computer Networks and Software Incorporated and NASA’s IPv6 networks are all connected via 6-to-4 tunnels.  Note, this does not effect of distract from the IPv6 mobility demonstration.

 

In the IPv6 demonstration, all IPv4 and IPv6 networks are, for the most part, open networks.  Some firewalls and minimal security is in place, but securing of this network is not an emphasis of this current IPv6 mobile network demonstration.  The HAIPE-capable encryptors are in place to simply demonstrate the capability to secure these networks.  Note, the BLACK and RED networks are tied together.  This is obviously not permissible in an operational deployment.

 

 

Figure 2 illustrates the mobile IPv6 network configuration and associated connections to the IPv4 backbone.  In figure 2, the heavy black lines indicated IPv4 open network connections.  The two heavy red lines indicated “clear text” data prior to encryption.  The blocks marked “Z” are the HAIPE-capable encryptors.  The heavy green lines and everything colored green is in the IPv6 network.   Note, the IPv4 mobile LAN is mobile simply because it is attaché to the IPv6 mobile router.  Thus, mobility occurs via IPv6 mobility.  The mobile IPv4 LAN was implemented to allow users to connect to applications that they are use to utilizing (Web browsing, email, instant messaging, etc…).   Current applications for IPv6 are rather limited relative to IPv4 applications as are the number of hosts one can communicate with.

 

 

 

Figure 2 – IPv6 Mobile Network

 

 

 

Monitoring:

 

  • To show transition through various networks, the mobile routers will be monitored for active tunnels and bindings.  This information shows which link is being utilized at any given time.
  • The encryptors will be monitored on the clear text and cipher text sides to show the data is being encrypted.
  • Various hosts will be continuously PINGed to show round trip time delays as well as the routes that were utilized.

 

Applications:

 

In the IPv4 mobile network and via the IPv4 mobile LAN, any application can be run.  However, link bandwidths are limited, particularly when considering that this is an entire network in motion.  Thus, applications such as streaming video can bog down the network.  We have place no QoS controls on the network for this demonstration.  However QoS techniques could be implemented for operational deployments.

 

  • A Web-based application will be utilized that take real time GPS data and sends it to a site on the Internet.  This site then returns a map to you location.  This will be done to show connectivity to the Internet and use of data available from the Internet.
  • A Web-based application will be utilized to show real-time flight, weather and other information useful to the aeronautics community, government organizations, and the military.
  • A remote controlled Web camera will be place on the IPv4 network.  Note, this system can only be controlled by one user at a time.
  • Instant Messaging is a nice application to run as it is readily available and used very little bandwidth.

 

In the IPv6 mobile network, applications are currently rather limited.  One of the easiest applications to demonstrate is Web Browsing.  If you can connect to a Web browser, you can pretty much do anything.

 

  • ICNS, Eurocontrol and NASA have been working on CPDLC applications and an emulation environment.  This may be demonstrated.
  • IPv6 Web servers exist on the Eurcontrol experimental network as well as on NASA’s network.  We hope to have a small Web server also place on CNS’s network.  These can then be accessed via the mobile terminal.
  • We are considering remote control of some small device such and an IPv6 based Web camera.  This will be demonstrated if IPv6 drivers become available or identified.

 

 

References:

 

For additional information on mobile networking and virtual mission operations see:

http://roland.grc.nasa.gov/~ivancic/papers_presentations/papers.html

 

A 2.4 Mbyte Microsoft PowerPoint presentation that animates the data flows for the IPv4 and IPv6 networks is available at the following URL:

http://roland.grc.nasa.gov/~ivancic/ICNS2004_Demo/ICNS2004_Demo.ppt

 

 

 

Last Updated: March 19, 2004

Will Ivancic