Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

mobile ip - School of Electrical and Computer Engineering

advertisement 
MOBILE IP
Ian F. Akyildiz
Broadband & Wireless Networking Laboratory
School of Electrical and Computer Engineering
Georgia Institute of Technology
Tel: 404-894-5141; Fax: 404-894-7883
Email: ian@ece.gatech.edu
Web: http://www.ece.gatech.edu/research/labs/bwn
INTERNET
 The Telephone network is no longer the
basis for most forms of communication.
 The Internet is…
– Commercially viable
– Available worldwide
– Designed for a multi-network
environment
 What are the implications for a seamless
global network based on the Internet?
IFA’2004
2
What is the Internet?
– A large collection of networks,
 of various types (e.g. Ethernet, ATM, IEEE 802.11, Bluetooth)
 at various speeds (kbit/s - Gbit/s)
– Interconnected by routers,
 all acting on a common protocol: IP
– With applications running on the end systems (hosts)
 Using either TCP or UDP as a transport protocol,
 Example applications are WWW (using http), email (smtp/ pop3/
imap), news (nntp), telnet, ftp.
IFA’2004
3
Internet Protocol Stack
Application
Transport
Network
Link
IFA’2004
Telnet, FTP, HTTP, SMTP, POP3, IMAP, NNTP
TCP, UDP
IP, ICMP
Device Driver and Interface Card
4
The Internet
Host
Switch / Bridge
Router
Router
Host
Application
Application
TCP / UDP
TCP / UDP
IP
Subnet
IP
Subnet
e.g. Ethernet
IFA’2004
Subnet
IP
Subnet
Subnet
e.g. E1
IP
Subnet
Subnet
e.g. PPP over Modem
5
The Internet
Modem
Token Ring
R
T1 / E1
R
T1 / E1
R
R
ATM
OC3
R
R
Ethernet
ATM
ISDN
IFA’2004
6
Routing in the Internet
 Packets flow from link (subnetwork) to link via routers
 Packets are routed individually, based on their IP addresses
 Routing is based on the (sub)network prefix of the IP address
IFA’2004
7
Today’s Internet Protocol
 Packets are routed to destinations based
on IP address
128.1430.71.5
128.143.77.83
router 71
INTERNET
IFA’2004
8
Levels of Addresses in the Internet
Domain name (DNS address)
a location independent identifier of a host
versace.ece.gatech.edu
Internet address (IP address)
the logical location of a host (interface)
i.e., (sub)network id followed by host id 130.89.16.82
Physical address (MAC address)
the hardware address of an interface card
00 a4 24 4a 82 07
IFA’2004
9
IP Address Assignment
 The Internet Network Information Center
(NIC) assigns Network IP addresses to
different organizations.
 Then, the network administrator at the local
site assigns the subnet IDs.
 So, when a computer is moved to another
subnet, the IP address must be changed to
match that subnet.
IFA’2004
10
How to obtain an IP Address
Manually
Automatically
– PPP (Point-to-Point Protocol) / IPCP
(IP Control Protocol)
– BOOTP (Bootstrap Protocol)
– DHCP (Dynamic Host Configuration
Protocol)
IFA’2004
11
Truly Mobile Networking
Provide reliable access to the Internet
anytime, anywhere
Mobility transparent to applications and
higher level protocols such as TCP
IFA’2004
12
Why Mobility at the Network (IP) Layer?
– Network layer is present in all Internet
nodes
– Network layer is responsible for routing
packets to the proper location
– Mobility across the entire Internet, even
changing physical medium is possible
– Application transparent
– Universal solution for all applications
IFA’2004
13
Mobile IP (RFC 2002)
 Leaves Internet routing fabric unchanged
 Does not assume “base stations” exist
everywhere
 Simple
 Correspondent Nodes do not need to know
about mobility
 Works both for changing domains and
network interfaces
IFA’2004
14
Apply to Mobile Networking
128.143.71.50
IP
IFA’2004
128.143.77.84
Network
15
Apply to Mobile Networking
128.143.71.50
X
IP
Network
128.143.77.84
IFA’2004
16
How Mobile IP Works
128.143.71.50
128.143.77.84
router
IP
71
HA router 77
Network
virginia.net
IFA’2004
17
How Mobile IP Works
128.143.71.50
router
IP
71
Discovering
the care-of address
Registering the care-of address
Tunneling to the care-of address
HA router 77
Register
Network
FA
virginia.net
IFA’2004
Discovery
128.143.77.84
18
Mobile IP (Terminology)
 Mobile Node (MN): A computer that can change its
location and consequently its point of attachment.
 Correspondent Node (CN): Partner for communication.
 Home Network: IP network where the MN resides.
The network at which the MN seems reachable to the
rest of the Internet by virtue of its assigned IP
address.
 Foreign Network: IP network where the MN is
visiting. The network to which the MN is attached
when it is not attached to its home network, and on
which the care-of address is reachable from the rest
of the Internet.
IFA’2004
19
Mobile IP (Terminology)
Home Address of an MN:
* Long-term IP address assigned to the MN that
is part of the IP home network (it remains
unchanged regardless of where the MN is).
* It is used for DNS determination of the MN’s IP
address.
* The IP address assigned to the MN, making it
logically appear attached to its home network.
IFA’2004
20
Mobile IP (Terminology)
 Care-of Address (COA): An IP address in the foreign
network, i.e., an IP address at the MN’s current
point of attachment to the Internet, when the MN is
not attached to the home network.
 Home Agent (HA): is the anchor in the home network
for the MN. All packets addressed to the MN reach
the HA first, unless the MN is located in its home
network. In other words, a router on the home
network that effectively causes the MN to be
reachable at its home address even when the mobile
node is not attached to its home network.
IFA’2004
21
Mobile IP (Terminology)
 Foreign Agent (FA):
* Acts as the reference point in the foreign network
for the MN (in IPv4).
* The CoA is usually the address of the FA.
* An MN can act as its own FA, in which case
it is called a co-located COA.
* In other words, a router in the foreign
network that can assist the MN in receiving
packets delivered to the CoA.
IFA’2004
22
Example Network
HA
MN
Mobile End-System
Router
Home Network
Internet
FA
(Physical Home Network
for the MN)
Foreign
Network
Router
(Current Physical Network
for the MN)
CN
End-System
IFA’2004
Router
23
Data Transfer to the Mobile System
HA
2
MN
Home Network
Internet
Receiver
3
FA
Foreign
Network
Sender
CN
1
IFA’2004
1. Sender sends to the IP address of MN,
HA intercepts packet (proxy ARP)
2. HA tunnels packet to COA, here FA,
by encapsulation
3. FA forwards the packet
24
to the MN
Another View
Home Network
LD
f : Encapsulation and re-addressing
g : Decapsulation and forwarding
LD : Location Directory
Home Agent
f
Foreign Network
g
Sending Host
IFA’2004
Foreign Agent
Mobile Host
25
Another View
Home Network
LD
Home Agent
f : Encapsulation and re-addressing
g : Decapsulation and forwarding
LD : Location Directory
f
Sending Host
IFA’2004
Mobile Host
using DHCP
g
26
Another View
MN =
CN =
HA =
FA =
Mobile Node
Correspondent Node
Home Agent
Foreign Agent
CN
Home Network
HA
Foreign Network
FA
MN
• MH registers new “care-of address” (FA) with HA
• HA tunnels packets to FA
• FA decapsulates packets and delivers them to MH
IFA’2004
27
When Mobile Node Moves Again
CN
Home Network
HA
Foreign Network #1
FA #1
MN
Foreign Network #2
FA #2
MN
•MN registers new address (FA #2) with HA & FA #1
•HA tunnels packets to FA #2, which delivers them to MN
•Packets in flight can be forwarded from FA #1 to FA #2
IFA’2004
28
How Mobile IP Works
 Messages from a computer destined for the MN are always sent
to MN’s home address (network) first.
 The messages are routed from MN’s home network to the
current location of the MN.
 Two IP addresses are used:
A fixed home address and a CoA.
 NOTE: Home address remains always fixed while CoA changes at
different access points.
IFA’2004
29
How Mobile IP Works
 The HA maintains a database in which the MN’s home
address resides.
 When the MN moves to a foreign network, it
establishes an association with its FA which, in turn,
establishes an association with the MN’s HA.
(BINDING PROCESS)
 In other words, the MN updates its registration with
its HA through the FA.
IFA’2004
30
Data Transfer from the Mobile System
HA
1
Home Network
MN
Sender
Internet
FA
Foreign
Network
Receiver
CN
IFA’2004
1. Sender sends to the IP address
of the receiver as usual,
FA works as default router
31
Another View
Mobile Nodes also send packets
CN
Home Network
HA
Foreign Network
FA
MN
•Mobile Node uses its home IP address as source address
-Lower latency
-Still transparent to correspondent node
-No obvious need to encapsulate packet to CN
IFA’2004
32
Overview
COA
home
network
router
FA
router
HA
MN
foreign
network
Internet
CN
router
3.
home
network
router
HA
router
FA
2.
MN
4.
Internet
foreign
network
1.
CN
IFA’2004
router
33
How Mobile IP Works?
* Each MN has two IP addresses:
– A fixed home address for identification, and
– A care-of-address (CoA) for routing.
* Mobile IP uses an agent concept.
– Home Agent (HA) intercepts packets on the home link
destined to the MN’s home address, encapsulates them,
and tunnels them to the MN’s registered CoA.
– Foreign Agent (FA) is a router with which an MN
establishes an association when it moves away from home.
Therefore, the MN updates its locations with the HA
through an FA.
IFA’2004
34
3 Parts of Mobile IP
Advertising Care-of Addresses
(Agent Discovery)
Registration
Tunneling
IFA’2004
35
3 Parts of Mobile IP
1. Advertising/Agent Discovery:
An MN determines its new attachment point or IP address
through agent advertisements.
– Determine to which link it is connected
– Detect if it has changed its point of attachment
– Obtain a CoA if it is connected to a foreign network
– Allowed to send agent solicitation requests to agent
– Agent discovery messages are carried by the ICMP
packets.
IFA’2004
36
3 Parts of Mobile IP
2. Registration:
An MN requests service from an FA and informs its HA of
a new CoA.
– Involves registration and deregistration with its HA
– Registration message is carried by the UDP packets.
3. Tunneling (Routing):
Mobile IP tunnels datagram to the MN, whether it is away
from its home network or not.
– Encapsulation at the entering point of a tunnel
– Decapsulation at the exit point of a tunnel
IFA’2004
37
How Mobile IP Works
(OPERATIONS)
1. ADVERTISING
* HA and FA periodically send agent advertisement
messages into their physical subnets to make themselves
known.
* MNs periodically receive these unsolicited agent
advertisement messages.
* MN listens to these messages and detects, if it is in the home
network or a foreign network.
* If the MN is in its home network, it works like any other node,
i.e., it routes packets using traditional IP routing protocols.
IFA’2004
38
How Mobile IP Works
(OPERATIONS)
* When the MN moves away from its home network, it
obtains a CoA on the foreign network by soliciting or
listening for agent advertisements.
* MN reads a CoA from the FA advertisement messages.
* MN registers each new CoA with its HA by way of a FA.
* Packets sent to MN’s home address are intercepted by its
HA, and are tunneled to the CoA.
IFA’2004
39
Advertising Care-of Addresses
A mobility agent is either a FA or a HA or both
Mobility agents broadcast agent advertisements
(ICMP messages)
Mobile Nodes (MNs) can solicit for an advertisement
Advertisements contain:
mobility agent address
care-of addresses
lifetime
flags
IFA’2004
40
Home Network & Move Detection
Home Network is detected if:
– Network Prefix IP Source Address advertisement =
Network Prefix Home Address
Move is detected if:
– No advertisement has been received within Lifetime
– Network Prefixes have changed
No advertisements --> Use
assistance from higher/lower layers
IFA’2004
41
Agent Discovery Procedure
* A MN determines its new attachment point or IP address
as it moves from place to place within the wireless segment
of the wireless/IP network.
* By agent discovery a MN can
a) Determine whether it is connected to its home network
or foreign network.
b) Detect whether it has changed its point of attachment
Registration procedure follows once the MN gets a new CoA.
IFA’2004
42
Agent Discovery Procedure
IFA’2004
43
Agent Discovery
 Agent Solicitation Message
– Identical to ICMP router solicitations, except having IP
time to Live field set to 1.
– When an HA or FA receives one, it should immediately
respond by transmitting an Agent Advertisement .
Vers =4
Type of service
Identification
Flags
Total length
Fragment Offset
Time to Live = 1 Protocol = ICMP header Checksum
Source Address = Mobile node’s home address
Desti Addr = 255.255.255.255 (broadcast) or 224.0.0.2 (multicast)
Type = 10 Code = 10 Checksum
Reserved
IFA’2004
4 bytes (32 bits)
44
Agent Discovery (2)
 Agent Advertisement Messages
– They are formed by appending one or more of the
extensions defined by Mobile IP to the ICMP router
advertisement message (RFC 1256).
– The mobility agent advertisement extension must be
included by agents.
IP Header (RFC 791)
20 bytes
ICMP Router Advertisement (RFC 1256)
Type = 16 Length
Sequence number
(maximum) registration lifetime
Reserved
Care of Address (1)….
Type = 19
IFA’2004
Length
Prefix-length [1] Prefix-length [2]
(Optional)
4 bytes (32 bits)
Mobility agent
Advertisement
Extension
(RFC 2002)
45
Example
 A mobile node has a home address
of 136.142.117.21 and a care-of
address of 130.216.16.5.
It listens to agent advertisements
periodically.
– The agent advertisement
indicates that the care-of
address is 130.216.45.3.
What happens? Why?
The MN will register with the new FA.
The new FA will send the registration
request to the HA and await the
registration response.
– The agent advertisement
indicates that the care-of
address is 136.142.117.21.
What happens? Why?
The agent advertisement indicates that the MN is back
in its home network.
IFA’2004
46
How Mobile IP Works
(OPERATIONS)
2. REGISTRATION:
 The MN obtains a new Care-of Address (CoA)
 The MN sends registration message to the HA
 The HA updates the binding of the home address
and the CoA of the MN.
 MN signals COA to the HA via the FA, HA
acknowledges via FA to MN.
 These actions have to be secured by
authentication
IFA’2004
47
Registration
IFA’2004
 Binding: (home address, care-of address, lifetime)
 Registration is needed to update the binding
 Registration requires authentication
 Registration uses UDP
48
Registration Scenarios
Registration Request
Mobile
Host
Foreign
Agent
Home
Agent
Registration Reply
Registration Request
Mobile
Host
Home
Agent
Registration Reply
Registration Request
Home
Agent
Mobile
Host
Registration Reply
IFA’2004
49
Simultaneous Bindings
– A Mobile Node may register multiple
bindings simultaneously
– The Home Agent makes multiple copies of
packets destined for the MN, and tunnels
a copy to each CoA.
– Simultaneous bindings may be used to
 facilitate seamless hand-off
 avoid too frequent registrations
IFA’2004
50
Mobile IP
Registration Procedure
 When registering, the MN sends a registration request to
the HA through the FA.
– The HA creates a mobility binding between the MN’s
home address and the current CoA that has a fixed
lifetime.
– The MN should reregister before the expiration of
the binding
– A registration reply indicates whether the registration
was successful.
 Rejection reasons: insufficient resources, the HA
is unreachable, too many simultaneous bindings,
failed authentication, etc.
IFA’2004
51
Mobile IP
Registration Procedure
 If an MN does not know the Home Agent (HA) address,
it will send a broadcast registration to its home network
called a direct broadcast.
 Every valid HA will respond and the MN uses the address
of a valid HA to make a registration request.
 The HA and FA are similar to home and visiting
databases
– Upon a valid registration, the HA creates an entry for
an MN containing: the MN’s CoA, an identification field,
and the remaining lifetime of the registration.
– Each Foreign Agent (FA) maintains a visitor list
containing: link layer address of the MN, MN’s home IP
address, UDP registration source port, HA IP address,
an identification field, the registration lifetime, and the
remaining life time of current or pending registration.
IFA’2004
52
Registration
Exchange of Registration Request and
Registration Reply messages: UDP
MH=MN: Mobile Host/Node; FA: Foreign Agent; HA: Home Agent
IFA’2004
53
Registration and Deregistration
When an MN moves to a visiting location, it needs to
register with its HA. When it returns to its home
network, it also needs to deregister with its HA to
update its current CoA (home address).
1. Registration with Care-of-address
HA
Internet
Backbone
Home network/ Registration request
Subnet
Registration reply
IFA’2004
FA
Foreign Network/
Subnet
54
Registration and Deregistration (2)
1. Registration with care-of-address
2. Registration with colocated care-of-address: an IP address
that represents the current position of the MN on the
foreign network and can be used by only one MN at a time.
3. Deregistration with the HA
HA
Internet
Backbone
Home network/ Registration request
Subnet
Registration reply
IFA’2004
FA
Foreign Network/
Subnet
55
Registration Process
HA
MN
FA
1 Beacon Signal
(Any one new)
1’ I am new here
1” OK, send
information
2 Here is my HA
and binding
infomation.
4
CoA or C-CoA created
Here is CoA or co-located CoA (C-CoA) for this MN
4’
4”
3
Same as
step
Same as
4
step
Acknowledge Registration + binding
IFA’2004
4
56
Foreign Agent Consideration
 Each foreign agent must be configured with a CoA
 For each pending or current registration, the
foreign agent maintains a visitor list entry
containing:
–
–
–
–
–
–
Link-layer source address of the MN
The MN’s Home Address
The Home Agent address
The Identification Field
The requested registration Lifetime
The remaining Lifetime of the pending or current
registration
IFA’2004
57
How Mobile IP Works
3. TUNNELING:
Packets
the MN
The HA
Packets
IFA’2004
sent by a correspondent node (CN) to
are intercepted by the HA
encapsulates the packets
are tunneled to the CoA of the MN
58
Tunneling
– Packets destined to the MN are routed to
the home network (normal IP operation)
– HA intercepts packets on the home network
– HA encapsulates packets, and tunnels them
to the CoA
– At the CoA (either FA or co-located), the
packet is decapsulated, and delivered to the
MN
IFA’2004
59
IP Packet Format
0
4
Version
8
IHL
16
Type of Service
Identification
Time to Live
19
31 bits
Total Length
Flags
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options + Padding
Data Field
IFA’2004
60
Packet Addressing
Packet from CN to MN
Source Address = Address of CN
Destination Address = Home IP Address of MN
Payload
HA intercepts above packet and tunnels it
Source Address = Address of HA
Destination Address = Care-of-Address of MN
Source Address = Address of CN
Destination Address = Home IP Address of MN
Original Payload
IFA’2004
61
Mobile IP:
IP in IP Encapsulation
 Forwarding packets
between
Correspondence Node
(CN) and MN is
achieved by
encapsulation
(tunneling).
 A virtual pipe between
the HA and FA is
created through a
packet that includes
the packet from CN as
its payload.
IFA’2004
62
Tunneling
 Home agent tunnels (encapsulates) packets to care-of
address
 Tunnel source is the home agent’s address
 Tunnel destination is the care-of address
 IP within IP (other ways exist):
IFA’2004
63
Tunneling
(Message Forwarding)
Incoming
message for
MN
Source
To MN
Payload Data
HA
Encapsulation
HA CoA/C-CoA
Source
To MN
Payload Data
Forwarding through
intermediate router if CoA used
FA
Decapsulation
Source
MN
IFA’2004
To MN
Forwarding not
through
intermediate
router if C-CoA
used
Payload Data
Decapsulation done at MN
64
Tunneling and Routing
 Tunneling is a process in which the HA
encapsulates the message from the IP
host for delivery to the MN via its FA.
 Binding: the association of the home
address of an MN with a CoA for that
MN, along with the remaining lifetime of
that association.
IFA’2004
65
Two Routing Approaches
–Triangle Routing
–Optimized Routing
IFA’2004
66
Triangle Routing
1.
2.
3.
4.
A datagram is sent from
the CN to the MN’s HA
through IP.
The HA intercepts the
datagram and tunnels the
datagram to the MN’s CoA.
At the FA, the datagram is
decapsulated and delivered
to the MN.
For datagram sent by the
MN, standard IP routing
is used to deliver each
datagram to the
destination.
IFA’2004
Packet from the CN routed
indirectly through the HA
CN
HA
Internet
Backbone
Packet to the CN routed
Using standard IP routing
Encapsulation
FA
67
Triangle Routing in Mobile IP
Correspondent Node
(1)
HA
Home Agent
Mobile Node
(MN)
IFA’2004
Global
Internet
Location Update
Tunneling
(2)
(4)
FA
Foreign Agent
(3)
Location Update
Mobile Node
(MN)
68
Triangle Routing
(1) The correspondent node (CN) transmits a packet to the MN. The packet is
routed to the MN’s home network.
(2) The Home Agent (HA) intercepts the packet, encapsulates and tunnels it to
the Foreign Agent (FA)
(3) The FA decapsulates and forwards the packet to the MN
(4) Packets from the CN to the MN are now routed directly (tunneling). It
looks like a single hop within the Internet.
IFA’2004
69
Triangle Routing
(Another View)
IFA’2004
Triangle routing is undesirable because
 home agent is the bottleneck
 more network load, and sensitivity to network partition
In case of reverse tunneling, the situation is even worse
 Route optimization: Get binding to the correspondent host
70
Triangle Routing
Advantages & Disadvantages
ADVANTAGES:
– It is simple
– The number of control messages to be exchanged is limited.
– The address bindings are highly consistent since they are kept at
one single point for a given host.
DISADVANTAGES:
– The destination HA is fixed redirection point for exchanging every
IP packet even if a shorter route is available between source and
destination.
– This can lead to unnecessarily large end-to-end packet delay.
– Network links connecting a HA to the network can easily be
overloaded.
IFA’2004
71
Optimized Routing
 The MN informs the
CN of its CoA
address
 The CN can tunnel
the packets directly
to the MN by
bypassing the HA.
 Every traffic resource
is allowed to cache
and use binding
copies.
Packet from the CN routed
indirectly through the HA
CN
HA
Internet
Backbone
Update
binding
Packet to the CN routed
Using standard IP routing
FA
Authorization &
processing
IFA’2004
72
Local Anchor for Mobile IP
 Choose one agent as the center of an anchoring
region and name this agent as an anchor.
 When an MN moves within the anchoring region, it
does not need to register with its HA; instead, it
registers with the anchor, like a virtual HA.
 When the MN moves out of the anchoring region,
it register with its HA and the new FA will become
the center of the new anchoring region.
MN
HA
CN
Serving FA
IFA’2004
Anchor
Packet forwarding process
73
Local Anchor for Mobile IP (2)
 Registration
– Either the new FA or the anchor agent
decides whether the MN should register with
its HA.
– Static method is to measure the distance
from the old anchor agent to the new FA to
decide whether to establish a new anchoring
region.
– Dynamic method can based on user mobility
pattern, traffic load, as well as objectives.
IFA’2004
74
Local Anchor for Mobile IP (3)
1.
The MN sends the registration request, indicating the current anchor
and the HA.
2. There are two cases:
 The new FA decides that the MN is still in its current anchoring
region, so it forwards the MN’s request to the anchor.
 The new FA decides that the MN is out of its current anchoring
region, so it forwards the MN’s registration request to the HA.
3. The anchor or the HA sends registration reply back to the serving FA.
4. The FA returns an ACK to the MN and indicates who, the anchor or the
HA sends this reply.
HA
MN
IFA’2004
Serving FA
Anchor
75
Mobile IP and IPv6
 Mobile IP was developed for IPv4, but IPv6 simplifies the protocols
– Security is integrated and not an add-on, authentication of
registration is included
– CoA can be assigned via auto-configuration (DHCPv6 is one
candidate), every node has address autoconfiguration
– No need for a separate FA, all routers perform router advertisement
which can be used instead of the special agent advertisement;
addresses are always co-located
– MN can signal a sender directly the CoA, sending via HA not needed
in this case (automatic path optimization)
– „Soft“ hand-over, i.e., without packet loss, between two subnets is
supported
 MN sends the new CoA to its old router
 the old router encapsulates all incoming packets for the MN and
forwards them to the new CoA
 authentication is always granted
IFA’2004
76
Mobility for IPv6
– All nodes can handle bindings
 No triangular routing
– Binding updates are carried in Destination
Option
 Small overhead for distributing bindings
– Mobile host can create its own care-of
address using link-local address and
automatic address configuration (combine
advertised subnet prefix with own
hardware address)
 No need for foreign agent
IFA’2004
77
Changes with IP Version 6
Route Optimization
– When it knows the MN's current CoA
address, a CN can deliver packets
directly to the MN's home address
without any assistance from the HA.
Security
– Strong authentication and encryption
features are included in IP V6
IFA’2004
78
Mobile IPv6
 Based on IPv6, using IP routing header,
authentication header, and route optimization.
 There is NO foreign agent. The MN obtains a
colocated care-of-address on a foreign link, and
reports to its HA.
 One MN may have multiple care-of-addresses.
 The security functions are mandatory instead of
optional.
 Binding: The association of the home address of an
MN with a care-of-address that MN, along with
the remaining lifetime of that association.
IFA’2004
79
Mobile IPv6 Messages
 Mobile IPv6 requires the exchange of additional information.
All new messages used in mobile IPv6 are defined as IPv6
destination options.
– Binding Update: an MN informs its HA or any other CNs
about its current CoA. Any packet including a Binding
Update must also include an AH (Authentication Header) or
ESP (Encapsulating Security Payload) header.
– Binding Acknowledgement: to acknowledge the receipt of a
Binding Update, if an ACK was requested, it must also
include an AH or ESP header.
– Binding Request: for any node to request an MN to send a
Binding Update with the current CoA.
– Home Address : used in a packet sent by an MN to inform
the receiver of this packet about the MN’s home address.
This message must also be covered by the authentication.
IFA’2004
80
Data Structures
 Binding Cache: Every IPv6 node has a Binding Cache
which is used to hold the bindings for other nodes.
If a node receives a Binding Update, it will add this
binding to its Binding Cache.
 Binding Update List: Every MN has a Binding Update
List which is used to store information about each
Binding Update sent by this MN for which the
lifetime has not expired. It contains all Binding
Updates sent to any CNs and to its HA.
 Home Agent List: Each HA generates a list, which
contains information about other HAs on a home
link.
IFA’2004
81
Mobile IPv6 Operation
Home network/
Subnet
CN do not know
the MN’s CoA
HA
Internet
Backbone
CN knows the
MN’s CoA
FA
Foreign Network/
Subnet
IFA’2004
82
Home Agent Registration
The MN sends a Binding Update to the HA
HA
Internet
Backbone
Home network/
Subnet
FA
Foreign Network/
Subnet
The HA accepts the Binding Update and
returns a Binding Acknowledgement
 Route Optimization: To avoid triangle routing, an MN can send
Binding Update to any CN. This allows IPv6 nodes to cache the
current CoA address and send packets directly to an MN.
IFA’2004
83
Route Optimization
 Any IPv6 node sending a packet first checks its Binding Cache for
this destination address.
– If there is an entry, it will send the packet to the MN using a
routing header (rather than IPv6 encapsulation). The route
specified by this routing header has two hops:
 The first hop is the CoA.
 The second hop is the home address of the MN.
 Afterwards, the packet will be processed in the same way
as if the MN was at home.
 If the Binding cache has no entry, this packet will be routed to
the specified network and received by the Dest. Node.
– If the MN is away from home, the packet will be intercepted
by the HA on the home link and tunneled to the MN.
IFA’2004
84
Route Optimization
 MN informs the CN of its CoA and has the packets
directly to the MN, bypassing the HA.
 This allows every traffic source to cache and use binding
copies.
 It supports a further update process by which a binding
copy can be sent to the requiring nodes which may keep it
in their cache for immediate or future use.
 Local bindings enable most packets to be delivered by
direct routing, with an apparent gain in terms of QoS and
scalability.
 Also a MN can always inform its previous FA about the new
CoA so that packets tunneled to the old location can be
forwarded to the current location.
 This increases the QoS in case of high mobility.
IFA’2004
85
Route Optimization
(removes triangle route)
Home Agent
Correspondent
Node
Router
Router
Router
Mobile
Node
IFA’2004
Foreign
Agent
86
Route Optimization
Get binding to relevant Correspondent Nodes
for optimal routing:
Binding warning (Mobility Agent  CN)
Binding request (CN  HA)
Binding update (HA  CN)
Binding acknowledge (optional)
Security association between CN and HA is needed
for authentication.
IFA’2004
87
Route Optimization
Get binding to old Foreign Agent for
smooth handoff:
Previous FA notification extension (mobile
host  new FA)
Binding update (new FA  old FA)
Binding acknowledge (old FA  MN)
MN and FA need to exchange registration
key for authentication
Last resort: Special tunnel (old FA tunnels
packet back to the HA)
IFA’2004
88
Route Optimization
Disadvantages
– Quite complex
– The overhead incurred by message exchanges and processing (due
to cache queries) can be critical.
– Cached bindings are possibly inconsistent since they are being kept
in a distributed fashion.
– The main obstacle to implementing optimized routing resides in
security issues.
– CN must be informed of the MN’s CoA in order to tunnel data to
the MN.
– In a hostile environment, an intruder can easily cut off all
communications to the MN by sending a bogus registration if
he/she knows the MN’s CoA.
– Therefore, authentication/security measures have to be
incorporated in the optimized routing.
IFA’2004
89
Route Optimization
– Triangle routing is much simpler than optimized routing.
– This is the preferred mode!!!
– For MN’s moving further away from its home network,
the cost (delay) involved in the registration with the HA
can become very large.
– Methods to reduce registration costs are desirable.
IFA’2004
90
Security Considerations in Registration
 Danger: Registration Request works remotely to
the home agent to affect the home agent's routing
table
 Security:
Authentication: Home agents and mobile nodes
perform authentication using MD5 algorithm and
key size of 128 bits.
Replay Protection: The Identification field is used
to verify that a registration message has been
freshly generated.
timestamp, random number
IFA’2004
91
Hierarchical Mobile IP:
Security
 Advantages:
– Local COAs can be hidden,
which provides some location privacy
– Direct routing between CNs sharing the same link is
possible (but might be dangerous)
 Potential problems:
– Decentralized security-critical functionality
(handover processing) in mobility anchor points
– MNs can (must!) directly influence routing entries via
binding updates (authentication necessary)
IFA’2004
92
Security in Mobile IP
 Security requirements (Security Architecture for the Internet
Protocol, RFC 1825)
– Integrity
any changes to data between sender and receiver can be
detected by the receiver
– Authentication
sender address is really the address of the sender and all
data received is really data sent by this sender
– Confidentiality
only sender and receiver can read the data
– Non-Repudiation
sender cannot deny sending of data
– Traffic Analysis
creation of traffic and user profiles should not be possible
– Replay Protection
receivers can detect replay of messages
IFA’2004
93
IP Security Architecture
 Two or more partners have to negotiate security
mechanisms to setup a security association
– Typically, all partners choose the same parameters
and mechanisms
 Two headers have been defined for securing IP packets:
– Authentication-Header
 Guarantees integrity and authenticity of IP packets
 Asymmetric encryption schemes are used.
– Encapsulation Security Payload
 Protects confidentiality between communication
partners
IFA’2004
94
Key Distribution
 Home agent distributes session keys
FA
HA
MH
response:
EHA-FA {session key}
EHA-MH {session key}
 foreign agent has a security association with the home agent
 mobile host registers a new binding at the home agent
 home agent answers with a new session key for foreign agent
and mobile node
IFA’2004
95
Summary of Mobile IPv6
 IPv6 has overcome the problem of address shortage in
IPv4.
 IPv6 enables a node to send a packet to one out of
several systems by using anycast address. Mobile IPv6
uses this feature by sending a Binding Update to the HA
anycast address and getting response from exactly one of
several HAs. IPv4 cannot provide this solution.
 Using stateless address autoconfiguration and neighbor
discovery mechanism, Mobile IPv6 neither needs DHCP nor
FAs on foreign links to configure the CoAs of MNs.
 Mobile IPv6 can user IPSec for all security requirements.
 Route Optimization is an integral part of Mobile IPv6 to
avoid triangle routing.
 Multicast operations and protocols
IFA’2004
96
References
1. "Mobile Networking through Mobile IP," C. Perkins,
IEEE Internet Computing, Vol. 2, No. 1, 1998.
2. "Mobile IP ," C. Perkins,
IEEE Communications Magazine, Vol. 35, No. 5, 1997.
3. “Mobile IP, Design Principles and Practices”
Book by Charles E. Perkins
4. “Mobile IP, The Internet Unplugged”
Book by James D. Solomon
5. IETF Mobile IP WG:
http://www.ietf.org/html.charters/mobileip-charter.html
IFA’2004
97
Related documents
Wraps, Platforms and Nucleus` Place within them by Paul
Wraps, Platforms and Nucleus` Place within them by Paul
Moblie IP
Moblie IP
Excellence in Brand Management - International Food Associates
Excellence in Brand Management - International Food Associates
Operational Value - Devex Conference
Operational Value - Devex Conference
Land Use EPA Dr Jonathan Derham 080414
Land Use EPA Dr Jonathan Derham 080414
poster.qfever.aacc.2013
poster.qfever.aacc.2013
Cathi Harrison - Money Marketing RDR Invitational
Cathi Harrison - Money Marketing RDR Invitational
Adaptive Forwarding In Named Data Networking
Adaptive Forwarding In Named Data Networking
5GACPA 2013.GIFMIS
5GACPA 2013.GIFMIS
Download
advertisement