Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Toshiba SureLink

advertisement 
Toshiba Magnia SureLink
Mobile IP Explained
Whitepaper Version 1.1
Tim Craven
1
Table of Contents
1. Background
2. SureLink Mobile IP
3. A Practical Example
4. Independence of Network Type
5. Total Transparency to Applications
6. Ease of Deployment and Centralised Management
7. Flexible Security
8. Advanced Features – NAT Traversal
9. Supported Standards
REASONABLE EFFORT IS MADE TO ENSURE ACCURACY OF THE INFORMATION CONTAINED WITHIN
THIS DOCUMENT. THIS MANUAL AND ANY OTHER DOCUMENTATION DISTRIBUTED TO YOU AT ANY
TIME IN CONNECTION WITH TOSHIBA PRODUCTS & SOLUTIONS ARE PROVIDED BY TOSHIBA "AS IS"
WITHOUT WARRANTY, CONDITIONS OR OTHER TERMS OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY
QUALITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO
THE ACCURACY AND COMPLETENESS OF THE DOCUMENTATION, IS WITH YOU. IN NO EVENT WILL
TOSHIBA BE LIABLE TO YOU FOR ANY LOSS OR DAMAGES, WHETHER DIRECT OR INDIRECT,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL, DAMAGES ARISING OUT OF OR
IN CONNECTION WITH THE DOCUMENTATION OR ANY INFORMATION CONTAINED HEREIN OR THE USE
THEREOF, OR ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT OR SOLUTIION
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES
SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE HOTSPOT TO OPERATE WITH ANY
OTHER PROGRAMS), EVEN IF TOSHIBA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR
DAMAGES.
ACKNOWLEDGEMENT TO SECGO GROUP OY
2
1.
Background
Internet capable devices have become increasingly mobile with the advent of laptops
and PDAs with different wired and wireless Internet connections. However, the
Internet protocol itself was not designed with such mobility in mind. Internet
addresses are bound to the physical equipment that makes up the Internet, and are thus
bound to physical locations. The problems pile up when an Internet device such as a
laptop moves from one location to another, or switches from one network media to
another. All ongoing Internet sessions and connections will break down as the device
changes Internet address.
The anticipated solution to the mobility problem is an Internet standard called Mobile
IP. Mobile IP is standardised by the Internet Engineering Task Force (IETF), and has
reached the status of a proposed standard. To realise the importance of Mobile IP as a
standard, it should be noted that major players such as Cisco and Nokia endorse it.
Mobile IP is also part of the CDMA2000 standard for third generation cellular
networking.
2.
SureLink Mobile IP
The SureLink Mobile IP product is a complete solution for handling the Internet
connections of a mobile device such as a Toshiba laptop. It is based on the Mobile IP
standard, and is therefore compatible with software and hardware from other
standard-supporting vendors such as Cisco.
Mobile IP defines three components for managing the mobility of Internet devices:
the Home Agent (HA), the Foreign Agent (FA) and the Mobile Node (MN). The
Surelink Mobile IP product implements all three agents. The SureLink Mobile IP
server takes care of the home agent and foreign agent functionality while the SureLink
Mobile IP client takes care of the mobile node functionality.
3.
A Practical Example
As a practical example of Mobile IP operation, let us take a Z310 with the SureLink
Mobile IP server, and a Tecra with the SureLink Mobile IP client. The Tecra is well
equipped with Internet connection options. It has a built-in Ethernet NIC (Network
Interface Card/Controller) and built-in WLAN NIC, Bluetooth, and PC Card
expansion slots that can be used for cellular data connections, e.g. GPRS.
The client's home network is the network where its server is located. In our example,
the home network would be the Ethernet LAN. Any network other than the home
network is called a foreign network. Examples of foreign networks in this example
are: WLAN, an Ethernet LAN at a customer, a WLAN hotspot at a hotel or a GPRS
connection.
As long as the client stays in the home network the server plays a passive role, and the
Internet operates normally in the same way as it would without Mobile IP. When
moving to a foreign network, the client registers its new location with the server. All
Internet traffic destined for the client will end up in the client's home network.
However, after a successful registration, the server will start forwarding all data to the
client's new location. While away, the client will also send all Internet traffic via the
server to its final destination.
3
Example: The client Tecra is in its home network, connected to the Ethernet LAN.
The user is downloading a PowerPoint presentation from the file server. As the client
is in the home network, the IP traffic flows directly between the file server and the
client without the Mobile IP server interfering. The user pulls out the Ethernet cable in
order to move to a nearby meeting room. The Surelink Mobile IP client notices that
the Ethernet LAN is not available anymore, and immediately finds the second best
connection, the built-in WLAN NIC. The client registers its new location to the
Mobile IP server. Now the Surelink Mobile IP server intercepts the traffic from the
file server, and sends it on to the client. The client sends return traffic back to the
server, which forwards it to the file server. The download continues without the user
noticing any outage.
The server function described above is what the Mobile IP standard calls a home
agent. The Surelink Mobile IP server also supports the functionality of the foreign
agent defined in the Mobile IP standard. The foreign agent operates in a foreign
network, and offers Mobile IP services to clients visiting the network. It is an optional
component in that it is not mandatory for proper operation.
Examples of benefits achieved by using foreign agents are:
 The foreign agent provides the client with all necessary information to register its
location in the network. Without a foreign agent the client needs to obtain an IP
address (e.g. using DHCP) and it needs to find out what modes of operation are
supported using a trial-and-error procedure.
 Increased performance: The extra work mentioned above takes time. With a
foreign agent the time to switch networks (handover time) can be reduced to a
fraction of the time it takes without a foreign agent.
 Increased scalability: In systems with many users, using foreign agents can reduce
the load on the home agent and NAT gateways.
 Access control and accounting: The foreign agent can be used to control which
clients have access to a network, e.g., it can grant network access in a meeting
room WLAN to only employees, customers and partners.
This part of the SureLink solution is based on the SG Series product and is referred to
as the Branch Office server.
4.
Independence of Network Type
A user has WLAN, Ethernet and GPRS adapters in his Tecra laptop. He is connected
to the Ethernet interface. Without SureLink Mobile IP, if he unplugs the Ethernet
cable and starts using WLAN instead, all his open sessions will break. Applications
may stop working or crash and lose important data, and the user possibly needs to log
out and in again or even reboot the computer. With SureLink Mobile IP, the user can
move freely between all network types with all sessions intact. The Surelink Mobile
IP client will automatically select the best available network and ensure that the user
is constantly connected.
4
5.
Total Transparency to Applications
SureLink Mobile IP works on the Internet protocol level, and is therefore totally
transparent to Internet applications. Employing SureLink Mobile IP does not
necessitate any configuration or other changes to existing applications. All
applications become automatically mobile: WWW, e-mail, CRM, VoIP, fileshares,
printing, calendar and collaboration tools such as netmeeting.
6.
Ease of Deployment and Centralised Management
Installation and management often present a surprisingly large portion of the total cost
of the operation of a computer system. SureLink Mobile IP offers several features that
ease deployment and provide for efficient management.
The following includes some highlights of how these powerful features are employed
together on the Toshiba:
 The Enterprise business model comprises of Mobile IP servers on both Z series
and SG series servers. The Z310 hosts centralised management and remote
configuration of clients, users and SG20 server via the Easy Admin service.
 The SureLink Mobile IP server can be configured to use LDAP or RADIUS
services as user database backends. This makes it easy to integrate the Mobile IP
service with an existing corporate user management infrastructure. User
information is stored in one place only, which facilitates management and
improves security.
7.
Flexible Security
Surelink Mobile IP does not place any artificial restrictions on the data security
solution used to secure IP traffic. SureLink Mobile IP is designed to support all
possible modes of VPN employment and to be compatible with all IPSec and other
VPN products. This differentiates it from many other solutions that tie Mobile IP and
VPN together in inflexible ways.
Examples of how a decoupled solution can benefit the customer are:
 A corporation has made a large investment in an IPSec based VPN solution. It
now wishes to offer mobility management services to its mobile laptop users.
Buying a bundled product would imply replacing the existing IPSec infrastructure
with the new product. The previous investment would then be lost, and expensive
installation of new clients and servers would be required. Investing in SureLink
Mobile IP would simply add Mobile IP support to the existing infrastructure. The
existing IPSec clients and gateways would work without modification, thus saving
money and installation work.
 SureLink Mobile IP can be combined with SureLink Crypto IP to support a vast
number of different VPN employment models. As an example, other solutions
often require the VPN gateway to be on the same machine as the Mobile IP server,
which effectively hinders offering Mobile IP as a service.
5
8.
Advanced Features: NAT Traversal
SureLink Mobile IP follows closely the standards that define Mobile IP mobility
management. Standards compliance is important, but it is not enough to ensure
smooth and reliable mobile access in the diverse Internet of today. Surelink Mobile
IP therefore offers several proprietary, advanced features that improve end-user
experience and overall performance of the system, but without breaking compliance
with the Mobile IP standard. One such feature is NAT traversal. Mobile IP access will
not work if the client visits a network that uses NAT. With the NAT traversal option
offered by SureLink Mobile IP clients and servers, access from a network behind a
NAT is as transparent as from any other network.
The following is a list of examples of networks from which standard Mobile IP access
is not possible, but Surelink Mobile IP access is:




9.
IKE:
IPSec:
GPRS networks in Europe
Most WLAN hotspots
The Ethernet and WLAN interfaces of the Magnia SG series
Most consumer broadband services e.g. ADSL, cable modem, dial-up
Supported Standards
- AES/MD5
- AES/SHA1
- Blowfish/MD5
- Blowfish/SHA1
- CAST128/MD5
- CAST128/SHA1
- 3DES/MD5
- 3DES/SHA1
- DES/MD5
- DES/SHA1
(used)
- AES/MD5-96
- AES/SHA1-96
- Blowfish/MD5-96
- Blowfish/SHA1-96
- CAST128/MD5-96
- CAST128/SHA1-96
- 3DES/MD5-96
- 3DES/SHA1-96
- DES/MD5-96
- DES/SHA1-96
(used)
6
Related documents
NOXON 2 radio for iPod Spec
NOXON 2 radio for iPod Spec
Ampito Group
Ampito Group
Chapter 4
Chapter 4
Establishment of the VPN connection with the
Establishment of the VPN connection with the
Peplink SpeedFusion
Peplink SpeedFusion
Network Address Translation
Network Address Translation
200Mbps Powerline Mini Passthrough Wallmount Adapter
200Mbps Powerline Mini Passthrough Wallmount Adapter
Download
advertisement