Mobile IP Lessons Learned
advertisement
Mobile IP Lessons Learned The early years Updated_03-09-01 © 2001, Cisco Systems, Inc. 1 Who needs Mobile IP anyway? Updated_03-09-01 Updated_01-02-01 © 2001, Cisco Systems, Inc. 2 A Word from the Nay Sayers • “Nomads” don’t have any problems today • Dynamic addressing works just fine • We don’t have enough v4 addresses as it is Updated_03-09-01 © 2001, Cisco Systems, Inc. 3 Cellular Mobility • User can handover mid flow • Simplifies layer 2 macro mobility • Easier to manage than dynamic address pools • Important part of 3G standards • Cleaner user experience Updated_03-09-01 © 2001, Cisco Systems, Inc. 4 Multiple Media Networks • Cost based network selection • Go between 802.11, cellular, satellite, etc • Supported in Cisco’s IOS Mobile Network Updated_03-09-01 © 2001, Cisco Systems, Inc. 5 Clients Host device Terminal Based Laptops, PDAs, etc Pros More features Cons Hard to deploy and manage Embedded Handset, Network Proxy Access pt. Transparent to Tied to media, attached clients, fewer features, Easier to manage less security Mobile Router Clients not mobile, Central Management Updated_03-09-01 © 2001, Cisco Systems, Inc. Router Harder to provision and deploy 6 Infrastructure What you really need to know to keep your job. Updated_03-09-01 Updated_01-02-01 © 2001, Cisco Systems, Inc. 7 SAM, An Engineer’s Best Friend • Scalability – Bigger is better • Availability – Uptime is king • Manageability –Knowledge is power Updated_03-09-01 © 2001, Cisco Systems, Inc. 8 Scalability • Maximum number of users per box • Number of users per rack • Max Users Throughput, registration rate & memory Updated_03-09-01 © 2001, Cisco Systems, Inc. 9 Did you know… • …there is a significantly higher proportion of signaling traffic to user traffic required for mobility management than traditional dynamic IP routing • That’s why we use Mobile IP. Traditional routing protocols would not scale with the quantity and frequency of mobility updates Updated_03-09-01 © 2001, Cisco Systems, Inc. 10 Registration Rates • Even with large foreign agent provinces each user may reregister every 1-2 hours • 1 million users reregistering every 2 hours is ~140 registrations per second. Province – The geographic area covered by a single foreign agent interface • With 200k users per HA that’s 28 registrations per second Updated_03-09-01 © 2001, Cisco Systems, Inc. 11 AAA requirements • Every registration requires a Security Association lookup • SAs can be stored locally or in a AAA server • How do you handle 140 queries per second per million users? Updated_03-09-01 © 2001, Cisco Systems, Inc. 12 AAA Deployment strategies Pros Cons Centralized Easy to manage and provision Hard to scale, Latency can be a problem Distributed No WAN concerns or latency problems Hard to plan, manage, deploy and provision Central + Cache Best of both worlds Cache Management Problems Updated_03-09-01 © 2001, Cisco Systems, Inc. 13 Tunnel requirements • 1 tunnel per Foreign Agent • 1 tunnel per co-located care of address • Tunnels can limit scalability Updated_03-09-01 © 2001, Cisco Systems, Inc. 14 Availability • Uptime is king • 100% SYSTEM uptime is the goal • Remember, system uptime is not box uptime Updated_03-09-01 © 2001, Cisco Systems, Inc. 15 HA Availability • MN does not learn about HA failure until re-registration • Bindings are stateful • HA usually hosts a large number of subscribers Updated_03-09-01 © 2001, Cisco Systems, Inc. 16 Cisco’s HA Redundancy • Built on HSRP • Replicates bindings in near real time • Transparent to Mobile Node • Bindings AND cached Security Associations are replicated Updated_03-09-01 © 2001, Cisco Systems, Inc. 17 Manageability • Fast response to outages • Capacity Planning • Performance management Updated_03-09-01 © 2001, Cisco Systems, Inc. 18 RFC 2006 MIB • Good fault management support Total and per user counters for registrations and errors • Poor capacity/performance management support Must iterate through the binding table to count bindings • Cisco MIB supports enhanced features Updated_03-09-01 © 2001, Cisco Systems, Inc. 19 Extracting Performance data • HA Registration throughput and performance haRegistrationAccepted & haRegRepliesSent vs time faRegRepliesRelayed & haRegRepliesSent vs time • FA Registration throughput and performance faRegRequestsReceived & faRegRequestsRelayed vs time faRegRepliesRelayed & faRegRepliesRelayed vs time Updated_03-09-01 © 2001, Cisco Systems, Inc. 20 Internet Deployment Updated_03-09-01 Updated_01-02-01 © © 2001, 2001, Cisco Cisco Systems, Systems, Inc. Inc. 21 Realities of MIP Deployment • The Internet was designed to support Broadband and Dial-up • Security concerns force tight network implementation • Mobility doesn’t fit naturally Updated_03-09-01 © 2001, Cisco Systems, Inc. 22 Ingress filtering • A “classic” problem in MIP HA • Network designers block incoming traffic with an internal source address 10.1.2.0 • Unicast RPF is probably a more dangerous problem • Reverse Tunnels offer a solution Internet 10.1.2.45 Updated_03-09-01 © 2001, Cisco Systems, Inc. 23 Ingress filtering • A “classic” problem in MIP HA • Network designers block incoming traffic with an internal source address 10.1.2.0 • Unicast RPF is probably a more dangerous problem • Reverse Tunnels offer a solution Internet 10.1.2.45 Updated_03-09-01 © 2001, Cisco Systems, Inc. 24 Path MTU Discovery • Many network designers block all inbound ICMP • Triangle routing causes problems not normally seen • TCP Session opens, but “hangs” • Windows support “black hole detection” Updated_03-09-01 © 2001, Cisco Systems, Inc. 25 WAP MTU length problems • WAP relies on IP fragmentation • Fragmentation occurs at WAP gateway servers MTU • Fragments can’t be fragmented • Gateway MTU must be <= path MTU including tunnel Updated_03-09-01 © 2001, Cisco Systems, Inc. 26 Private Addressing • Good for “Walled Gardens” • Large Scale NAT can be difficult • No support for overlapping addresses in the FA Updated_03-09-01 © 2001, Cisco Systems, Inc. 27 It is worth it! Updated_03-09-01 Updated_01-02-01 © © 2001, 2001, Cisco Cisco Systems, Systems, Inc. Inc. 28 Don’t Worry A Mobile IP network is just as easy to build as any IP network. There are just a few new rules. Updated_03-09-01 © 2001, Cisco Systems, Inc. 29 Sweet Rewards • Seamless IP connectivity • Transparent user experience • Limitless Possibilities Updated_03-09-01 © 2001, Cisco Systems, Inc. 30 Are you Ready? • There are plenty of challenging problems ahead, but the reward is great. Updated_03-09-01 © 2001, Cisco Systems, Inc. 31 Fire Away? • Questions? Updated_03-09-01 © 2001, Cisco Systems, Inc. 32
