ILNP - Identifier-Locator Network Protocol:
FreeBSD 14.0 @ IETF118/Prague

FreeBSD code development by Gregor Haywood.
Experiment conducted by Saleem Bhatti and Ryo Yanagida from the Hackathon at IETF118/Prague, 04-05 Nov 2023.

This page is documentation of a successful experiment to test basic, international connectivity for the FreeBSD implementation of the Identifier Locator Network Protocol (ILNP). The experiment was run between a client system connected to the IETF network at the Hackathon (at IETF118/Prague, Czech Republic), and a server at the University of St Andrews (Scotland, UK). The experiment used native IPv6 applications to show that they can benefit directly from use of ILNP without needing to be modified (i.e. using the standard C sockets API), and working directly over an existing IPv6 network, with no proxies, no tunnelling, no address translation, and using standard unicast routing.

The experiment scenario was a simple client-server communication to demonstrate that the following mechanisms could operate across the Internet (at least between Prague and St Andrews):

Use of the end-to-end ILNP addressing architecture as described in RFC6740(E) [1] and RFC6741(E) [2].
The ILNP Nonce (the IPv6 Nonce Header Destination Option, an IPv6 end-to-end extension header) as described in RFC6744(E) [3].
Use of ephemeral node identifiers (ephemeral NIDs) for privacy, as described in this paper [4].

The Hackathon Experiment, 04-05 Nov 2023

On the client system, ietf118-client-alice, the following were executed: ping, an rsync file download, and an ssh session.

IETF118 demo schematic diagram — A diagram of the layer-3 end-to-end connectivity for the testing and demonstration at the IETF118 Hackathon.

IETF118 Hackathon set-up — The testbed set-up at IETF118/Prague. *ietf118-client-alice* is the first desktop machine to the right of the display, with both the keyboard and display connected to it. The single router is a commercial unit (the black unit just in front of the display, Ubiquiti EdgeRouter ER-6P), to act like a home router, i.e. a router connecting a site to the Internet. The white switch is provided by the IETF118 NOC to connect this desktop "site" network to the Internet (i.e. like an ISP).
Photo by Saleem Bhatti.

Below is a link to the data-set from the experiment, with .pcap files captured at ietf118-server from the Hackathon testing, all runs conducted from ietf118-client-alice. Inspection of the .pcap files shows the ILNP Nonce (ala RFC6744(E)) present in all packets, which can also be seen in the text versions of the .pcap files (generated using tshark -V on the .pcap files). Note the change in the lower 64 bits in the address field for ietf118-client-alice in each .pcap file (address value 2001:67c:1232:eee1::/64), as the ephemeral NID mechanism generates and uses fresh NID values for each communication session.

ILNP - Identifier-Locator Network Protocol : FreeBSD 14.0 @ IETF118/Prague (dataset), DOI: 10.17630/8a1f128b-8362-446e-8e7e-fea5a2dab97f

IETF118 Hackathon : Saleem and Ryo working (1) — Photos from the Hackathon at IETF118/Prague, 04-05 Nov 2023, with thanks to Richard Stonehouse (Stonehouse Photographic).

IETF118 Hackathon : Saleem and Ryo working (2) — Photos from the Hackathon at IETF118/Prague, 04-05 Nov 2023, with thanks to Richard Stonehouse (Stonehouse Photographic).

The official demonstration at the "Hackdemo Happy Hour", 06 Nov 2023

A presentation describing the demonstration of the connectivity above is here. Below are two videos showing a quick run of the demo. This was filmed "live" at the "Hackdemo Happy Hour", so the sound is noisy.

Demonstration of connectivity between ietf118-client-alice (in Prague) and ietf118-server (University of St Andrews, Scotland, UK). First a traceroute to show that there is an end-to-end path using IPv6, but using ILNP; then ping using ILNP; followed by ssh between using ILNP. The sound on the video can be ignored until near the end, when Saleem speaks to explain what has been seen (as noted in the first part of this caption).
Video with thanks to Maciek Konstantynowicz.

Packet level inspection of the communication between ietf118-client-alice (Prague) and ietf118-server (University of St Andrews, Scotland, UK). Ryo explains that all the packets contain the ILNP Nonce (IPv6 Destination Option ala RFC6744(E)), which do indeed make it across the network between Prague and St Andrews. The Nonce provides protection against off-path spoofing attacks, as well as signalling to end-systems that this is an ILNP packet.
Video with thanks to Maciek Konstantynowicz.

References

[1] RFC6740(E) Identifier-Locator Network Protocol (ILNP) Architectural Description (Nov 2012).
[2] RFC6741(E) Identifier-Locator Network Protocol (ILNP) Engineering Considerations (Nov 2012).
[3] RFC6744(E) IPv6 Nonce Destination Option for the Identifier-Locator Network Protocol for IPv6 (ILNPv6) (Nov 2012).
[4] End-to-End Privacy for Identity & Location with IP. NIPAA-21 - 2nd Workshop on New Internetworking Protocols, Architecture and Algorithms (ICNP 2021). Virtual event (COVID-19). Nov 2021. DOI: 10.1109/ICNP52444.2021.9651909.

Acknowledgements

For helping with some initial work on the FreeBSD implementation of ILNP, thanks go to netDEF, Inc, a 501(c)(3) organisation based in California (USA), and the following individuals: Alistair Woodman, Rodney Grimes, David Lamparter, Martin Winter.

Contact

Saleem Bhatti (ILNP Project Lead).
ILNP main page.

ILNP - Identifier-Locator Network Protocol: FreeBSD 14.0 @ IETF118/Prague