Mobile IP Lessons Learned

advertisement
Mobile IP
Lessons Learned
The early years
Updated_03-09-01
© 2001, Cisco Systems, Inc.
1
Who needs
Mobile IP anyway?
Updated_03-09-01
Updated_01-02-01
© 2001, Cisco Systems, Inc.
2
A Word from the Nay Sayers
• “Nomads” don’t have
any problems today
• Dynamic addressing
works just fine
• We don’t have enough
v4 addresses as it is
Updated_03-09-01
© 2001, Cisco Systems, Inc.
3
Cellular Mobility
• User can handover mid flow
• Simplifies layer 2 macro
mobility
• Easier to manage than
dynamic address pools
• Important part of 3G standards
• Cleaner user experience
Updated_03-09-01
© 2001, Cisco Systems, Inc.
4
Multiple Media Networks
• Cost based network
selection
• Go between 802.11,
cellular, satellite, etc
• Supported in Cisco’s
IOS Mobile Network
Updated_03-09-01
© 2001, Cisco Systems, Inc.
5
Clients
Host device
Terminal
Based
Laptops,
PDAs, etc
Pros
More features
Cons
Hard to deploy
and manage
Embedded Handset,
Network
Proxy
Access pt.
Transparent to
Tied to media,
attached clients, fewer features,
Easier to manage less security
Mobile
Router
Clients not
mobile, Central
Management
Updated_03-09-01
© 2001, Cisco Systems, Inc.
Router
Harder to
provision and
deploy
6
Infrastructure
What you really need to
know to keep your job.
Updated_03-09-01
Updated_01-02-01
© 2001, Cisco Systems, Inc.
7
SAM, An Engineer’s Best Friend
• Scalability – Bigger is better
• Availability – Uptime is king
• Manageability –Knowledge is power
Updated_03-09-01
© 2001, Cisco Systems, Inc.
8
Scalability
• Maximum number of users
per box
• Number of users per rack
• Max Users  Throughput,
registration rate & memory
Updated_03-09-01
© 2001, Cisco Systems, Inc.
9
Did you know…
• …there is a significantly higher proportion
of signaling traffic to user traffic required
for mobility management than traditional
dynamic IP routing
• That’s why we use Mobile IP. Traditional
routing protocols would not scale with the
quantity and frequency of mobility
updates
Updated_03-09-01
© 2001, Cisco Systems, Inc.
10
Registration Rates
• Even with large foreign agent
provinces each user may
reregister every 1-2 hours
• 1 million users reregistering every
2 hours is ~140 registrations per
second.
Province – The
geographic
area covered
by a single
foreign agent
interface
• With 200k users per HA that’s 28
registrations per second
Updated_03-09-01
© 2001, Cisco Systems, Inc.
11
AAA requirements
• Every registration requires a Security
Association lookup
• SAs can be stored locally or in a AAA
server
• How do you handle
140 queries per
second per million
users?
Updated_03-09-01
© 2001, Cisco Systems, Inc.
12
AAA Deployment strategies
Pros
Cons
Centralized
Easy to manage and
provision
Hard to scale,
Latency can be a
problem
Distributed
No WAN concerns
or latency problems
Hard to plan,
manage, deploy and
provision
Central +
Cache
Best of both worlds
Cache Management
Problems
Updated_03-09-01
© 2001, Cisco Systems, Inc.
13
Tunnel requirements
• 1 tunnel per Foreign Agent
• 1 tunnel per co-located care of
address
• Tunnels can limit
scalability
Updated_03-09-01
© 2001, Cisco Systems, Inc.
14
Availability
• Uptime is king
• 100% SYSTEM uptime
is the goal
• Remember, system
uptime is not box
uptime
Updated_03-09-01
© 2001, Cisco Systems, Inc.
15
HA Availability
• MN does not learn
about HA failure until
re-registration
• Bindings are stateful
• HA usually hosts a
large number of
subscribers
Updated_03-09-01
© 2001, Cisco Systems, Inc.
16
Cisco’s HA Redundancy
• Built on HSRP
• Replicates bindings in near real time
• Transparent to Mobile Node
• Bindings AND cached Security
Associations
are replicated
Updated_03-09-01
© 2001, Cisco Systems, Inc.
17
Manageability
• Fast response to
outages
• Capacity Planning
• Performance
management
Updated_03-09-01
© 2001, Cisco Systems, Inc.
18
RFC 2006 MIB
• Good fault management support
Total and per user counters for
registrations and errors
• Poor capacity/performance
management support
Must iterate through the binding table
to count bindings
• Cisco MIB supports enhanced
features
Updated_03-09-01
© 2001, Cisco Systems, Inc.
19
Extracting Performance data
• HA Registration throughput and performance
haRegistrationAccepted & haRegRepliesSent vs time
faRegRepliesRelayed & haRegRepliesSent vs time
• FA Registration throughput and performance
faRegRequestsReceived & faRegRequestsRelayed vs time
faRegRepliesRelayed & faRegRepliesRelayed vs time
Updated_03-09-01
© 2001, Cisco Systems, Inc.
20
Internet Deployment
Updated_03-09-01
Updated_01-02-01
©
© 2001,
2001, Cisco
Cisco Systems,
Systems, Inc.
Inc.
21
Realities of MIP Deployment
• The Internet was designed
to support Broadband and
Dial-up
• Security concerns force
tight network
implementation
• Mobility doesn’t fit
naturally
Updated_03-09-01
© 2001, Cisco Systems, Inc.
22
Ingress filtering
• A “classic” problem in MIP
HA
• Network designers block
incoming traffic with an
internal source address
10.1.2.0
• Unicast RPF is probably a
more dangerous problem
• Reverse Tunnels offer a
solution
Internet
10.1.2.45
Updated_03-09-01
© 2001, Cisco Systems, Inc.
23
Ingress filtering
• A “classic” problem in MIP
HA
• Network designers block
incoming traffic with an
internal source address
10.1.2.0
• Unicast RPF is probably a
more dangerous problem
• Reverse Tunnels offer a
solution
Internet
10.1.2.45
Updated_03-09-01
© 2001, Cisco Systems, Inc.
24
Path MTU Discovery
• Many network designers block all inbound
ICMP
• Triangle routing causes problems not
normally seen
• TCP Session opens, but “hangs”
• Windows support “black hole detection”
Updated_03-09-01
© 2001, Cisco Systems, Inc.
25
WAP MTU length problems
• WAP relies on IP
fragmentation
• Fragmentation occurs at WAP
gateway servers MTU
• Fragments can’t be
fragmented
• Gateway MTU must be <= path
MTU including tunnel
Updated_03-09-01
© 2001, Cisco Systems, Inc.
26
Private Addressing
• Good for
“Walled Gardens”
• Large Scale NAT
can be difficult
• No support for overlapping
addresses in the FA
Updated_03-09-01
© 2001, Cisco Systems, Inc.
27
It is worth it!
Updated_03-09-01
Updated_01-02-01
©
© 2001,
2001, Cisco
Cisco Systems,
Systems, Inc.
Inc.
28
Don’t Worry
A Mobile IP network is
just as easy to build as
any IP network. There
are just a few new rules.
Updated_03-09-01
© 2001, Cisco Systems, Inc.
29
Sweet Rewards
• Seamless IP
connectivity
• Transparent user
experience
• Limitless
Possibilities
Updated_03-09-01
© 2001, Cisco Systems, Inc.
30
Are you Ready?
• There are plenty of
challenging problems
ahead, but the reward is
great.
Updated_03-09-01
© 2001, Cisco Systems, Inc.
31
Fire Away?
• Questions?
Updated_03-09-01
© 2001, Cisco Systems, Inc.
32
Download