Chapter 6.pdf
Document Details
Uploaded by LeadingOnyx
University of Jordan
Tags
Full Transcript
CCCN 422 Wireless Communication Networks Dr. Mohammed Balfaqih Assistant Professor [email protected] @modditto Lecture Outline ▪ Mobile IP • Limitations of conventional TCP/IP • Mobile IP, Security, MIPv6, PMIPv6 • Micro mobility support, Locator/ID split Dr. Mohammed Balfaqih CCCN 422: Wire...
CCCN 422 Wireless Communication Networks Dr. Mohammed Balfaqih Assistant Professor [email protected] @modditto Lecture Outline ▪ Mobile IP • Limitations of conventional TCP/IP • Mobile IP, Security, MIPv6, PMIPv6 • Micro mobility support, Locator/ID split Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Limitations of conventional TCP/IP • The IP address is used for dual purposes – for routing packets through the Internet and also as an end-point identifier for applications in end-hosts. • The connections in an IP network use sockets to communicate between clients and servers. A socket consists of the following tuple: <source IP address, source port, destination IP address, destination port>. • A transmission control protocol (TCP) connection cannot survive any address change because it relies on the socket to determine a connection. • However, when a terminal moves from one network to another, its address changes. This is because the Internet uses domain names that are converted to an IP addresses. Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Limitations of conventional TCP/IP • A packet addressed to one IP address gets routed to the same place always since the IP address also points to the location of a physical network. • Mobile IP tries to address this issue by creating an “anchor” for a mobile host that takes care of packet forwarding and location management. • The basic design criteria for a mobile IP were: a) compatibility with existing network protocols, b) transparency to higher layers (TCP through application) and to the user, c) scalability and efficiency in terms of not requiring a great deal of additional traffic or network elements, and d) security due to changing locations of the mobile node. The way Mobile IP handles location and handoff management is discussed below, starting with some terminology. Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Mobile IPv4 • History - RFC 2002 (IP Mobility Support for IPv4), Oct. 1996 - RFC 3344 (IP Mobility Support for IPv4), Aug. 2002 - draft-ietf-mip4-rfc3344bis-03.txt (IP Mobility Support for IPv4, revised), March 2007 • Operation of Mobile IP - FA – Foreign Agent - MN – Mobile Node Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Mobile IPv4 • History - RFC 2002 (IP Mobility Support for IPv4), Oct. 1996 - RFC 3344 (IP Mobility Support for IPv4), Aug. 2002 - draft-ietf-mip4-rfc3344bis-03.txt (IP Mobility Support for IPv4, revised), March 2007 • Operation of Mobile IP - Mobile node is assigned to a particular network – home network IP address on home network is static – home address Mobile node can move to another network – foreign network Mobile node registers with network node on foreign network – foreign agent Mobile node gives care-of address to agent on home network – home agent Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Normal routing MN in Home Network 사 사 사 IP Network AR FA (PAA) AP AR (PAA) MN has only HoA • Major Component - HA – Home Agent - FA – Foreign Agent - MN – Mobile Node Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Normal routing MN in Home Network 사 사 사 IP Network AR FA (PAA) AP Dr. Mohammed Balfaqih AR (PAA) MN has only HoA CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Normal routing MN in Home Network 사 사 사 IP Network AR FA (PAA) AP Dr. Mohammed Balfaqih AR (PAA) MN has only HoA CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Normal routing 사 사 사 IP Network AR FA (PAA) AR (PAA) AP 1) Agent Solicitation MN in Foreign Network Dr. Mohammed Balfaqih 2) Agent Advertisement 3) MN obtains a new CoA (FA-CoA) CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA 2) Registration Request Normal routing Binding Cache HoA CoA 사 사 사 IP Network AR FA (PAA) AR (PAA) 3) Registration Reply AP 1) Registration Request 4) Registration Reply MN in Foreign Network Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Binding Cache HoA CoA 사 사 사 IP Network AR FA (PAA) AR (PAA) AP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Binding Cache HoA CoA 사 사 사 IP Network AR FA (PAA) AR (PAA) AP 1) Agent Solicitation 2) Agent Advertisement 3) MN obtains a new CoA (FA-CoA) Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 2) Registration Request CN Public Internet HA Binding Cache HoA New CoA 사 사 사 IP Network AR FA (PAA) AR (PAA) 3) Registration Reply AP 4) Registration Reply Dr. Mohammed Balfaqih 1) Registration Request CCCN 422: Wireless Communication Networks Mobile IP ▪ Basic Operation of Mobile IPv4 CN Public Internet HA Binding Cache HoA New CoA 사 사 사 IP Network AR FA (PAA) AR (PAA) AP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Mobile IP Messages flow Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Capabilities of Mobile IP • Discovery – mobile node uses discovery procedure to identify prospective home and foreign agents • Registration – mobile node uses an authenticated registration procedure to inform home agent of its care-of address • Tunneling – used to forward IP datagrams from a home address to a care-of address Dr. Mohammed Balfaqih Mobile IP ▪ Discovery • Mobile node is responsible for ongoing discovery process - Must determine if it is attached to its home network or a foreign network • Transition from home network to foreign network can occur at any time without notification to the network layer • Mobile node listens for agent advertisement messages - Compares network portion of the router's IP address with the network portion of home address Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Agent Solicitation • Foreign agents are expected to issue agent advertisement messages periodically • If a mobile node needs agent information immediately, it can issue ICMP router solicitation message - Any agent receiving this message will then issue an agent advertisement Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Move Detection • Mobile node may move from one network to another due to some handoff mechanism without IP level being aware - Agent discovery process is intended to enable the agent to detect such a move • Algorithms to detect move: - Use of lifetime field – mobile node uses lifetime field as a timer for agent advertisements - Use of network prefix – mobile node checks if any newly received agent advertisement messages are on the same network as the node's current care-of address Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Co-Located Addresses • If mobile node moves to a network that has no foreign agents, or all foreign agents are busy, it can act as its own foreign agent • Mobile agent uses co-located care-of address - IP address obtained by mobile node associated with mobile node's current network interface • Means to acquire co-located address: - Temporary IP address through an Internet service, such as DHCP - May be owned by the mobile node as a long-term address for use while visiting a given foreign network Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Co-Located Addresses Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Registration Process • Mobile node sends registration request to foreign agent requesting forwarding service • Foreign agent relays request to home agent • Home agent accepts or denies request and sends registration reply to foreign agent • Foreign agent relays reply to mobile node ▪ Registration Operation Messages • Registration request message Fields = type, S, B, D, M, V, G, lifetime, home address, home agent, care-of-address, identification, extensions • Registration reply message Fields = type, code, lifetime, home address, home agent, identification, extensions Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Registration Procedure Security • Mobile IP designed to resist attacks - Node pretending to be a foreign agent sends registration request to a home agent to divert mobile node traffic to itself - Agent replays old registration messages to cut mobile node from network • For message authentication, registration request and reply contain authentication extension - Fields = type, length, security parameter index (SPI), authenticator ▪ Types of Authentication Extensions • Mobile-home – provides for authentication of registration messages between mobile node and home agent; must be present • Mobile-foreign – may be present when a security association exists between mobile node and foreign agent • Foreign-home – may be present when a security association exists between foreign agent and home agent CCCN 422: Wireless Communication Networks Mobile IP ▪ Tunneling • Home agent intercepts IP datagrams sent to mobile node's home address - Home agent informs other nodes on home network that datagrams to mobile node should be delivered to home agent • Datagrams forwarded to care-of address via tunneling - Datagram encapsulated in outer IP datagram Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP ▪ Mobile IP Encapsulation Options • IP-within-IP – entire IP datagram becomes payload in new IP datagram - Original, inner IP header unchanged except TTL decremented by 1 - Outer header is a full IP header • Minimal encapsulation – new header is inserted between original IP header and original IP payload - Original IP header modified to form new outer IP header • Generic routing encapsulation (GRE) – developed prior to development of Mobile IP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IP Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) • RFC 3775, Mobility Support in IPv6, June 2004 - D. Johnson (Rice Univ.), C. Perkins (Nokia), J. Arkko (Ericsson) - It takes almost 3 years to make it RFC. • Major Components - HA - MN - (no FA) • MIPv6 is a network-layer protocol, while MIPv4 is a application-layer protocol (with network-layer modification). Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ New Message and Options of Mobile IPv6 • New Signal Message related with Binding Management - Binding Update (BU) Binding Acknowledgement (BAck) Binding Refresh Request (BRR) Binding Error (BE) • New Signal Message related with Binding Authentication - Home Test Init (HoTI) Care-of Test Init (CoTI) Home Test (HoT) Care-of Test (CoT) • New Destination Option - Home Address Destination Option • New Routing Header Type - Routing Header Type 2 Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • MN in Home Network CN Internet Home N/W AR HA MN with Home Address Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • Movement to a Foreign Network Internet Home N/W Foreign N/W 3) MN sends a BU AR HA AR 4) HA acknowledges by returning BAck to MN 5) Setup Proxy Neighbor Cache 1) MN detects its Movements 2) MN configures New CoA Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • Intercept packets sent from CNs CN Internet Home N/W AR HA HA intercepts packets with Home Address as its destination address Dr. Mohammed Balfaqih Foreign N/W AR MN CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • Packet Tunneling CN Internet Home N/W AR Foreign N/W AR HA MN HA sends encapsulated packets to MN’s CoA Looping Back Process the packet (Decapsulation) Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • Return Routability with CN CN 4) MN sends CoTI to CN directly Internet Home N/W AR HA Foreign N/W AR 3) MN sends HoTI to CN via HA MN 1) MN guesses that the CN has no Binding Cache for me 2) MN executes Return Routability Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 5) MN sends BU with binding authorization data • Return Routability with CN CN 6) CN need not return Binding Acknowledgement Internet Home N/W AR HA 2) CN sends CoT to MN directly Foreign N/W AR 1) CN sends HoT to MN via HA MN 3) MN generates ‘binding management key’ 4) MN computes binding authorization data (signature) for BU meesage Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • Data Routing after BU with CN CN CN directly sends packets to MN’s CoA using Routing header type 2 Internet Home N/W AR HA Foreign N/W AR MN Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Operation of Mobile IPv6 • When the binding’s lifetime of CN is near expiration CN 1) CN guesses that it is actively communicating with the mobile node and has indications, such as an open TCP connection to the MN 2) CN sends a BRR to the MN Internet Home N/W AR Foreign N/W AR HA MN 3) MN replies by returning a BU to the CN Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Characteristics of Mobile IPv6 • How to make CoA? - Auto-configuration Without DHCP With DHCP - Duplication Address Detection (DAD) is required. • Route optimization supported - Triangle routing avoided - But, CN is required to be modified for the route optimization • Security MN → HA : Strong Security (IPSec) MN → CN : Weak Security (Return Routability) Handover latency increased Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Mobile IPv6 (RFC 3775) ▪ Handover Latency of Mobile IPv6 Standard MIPv6 (Reactive) L2 handover MD DAD BU time Up to 2.5 seconds • MD: Movement Detection • DAD: Duplicate Address Detection • BU: Binding Update • Mobile IPv6 is not a handover-related protocol, rather it is a location (and route) update protocol. Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) • Host-based Mobile IPv4/v6 (RFC 3344/3775) has not been yet deployed that much. • Why host-based MIP is not deployed yet? • Too heavy specification to be implemented at a small terminal • RFC 3344 (MIPv4): 99 pages • RFC 3775 (MIPv6): 165 pages • Battery problem • Waste of air resource • No Stable MIPv4/v6 stack executed in Microsoft Windows CE OS Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) • WLAN switch device starts to provide link specific and proprietary solution for IP handover. registration • No change in MN protocol stack required! • Goal • This protocol is for providing mobility support to any IPv6 host within a restricted and topologically localized portion of the network and without requiring the host to participate in any mobility related signaling. Dr. Mohammed Balfaqih PMIPv6 Scenario (being extended) CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) LMA: Localized Mobility Agent MAG: Mobile Access Gateway IP Tunnel A IPinIP tunnel LMA and MAG. Home Network LMA MN’s Home Network Prefix (MN-HNP) CAFE:1:/64 MN’s Home Network (Topological Anchor Point) MAG1 Host A LMA Address (LMAA) MAG2 LMM (Localized Mobility Management) Domain That will be the tunnel entrypoint. MN’s Home Network Prefix (MN-HNP) CAFE:2:/64 Host B MN Home Address (MN-HoA) MN continues to use it as long as it roams within a same domain Dr. Mohammed Balfaqih Proxy Binding Update (PBU) Control message sent out by MAG to LMA to register its correct location Proxy Care of Address (Proxy-CoA) The address of MAG. That will be the tunnel end-point. CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) • New entities • LMA (Local Mobility Anchor) • Home Agent for the mobile node in the PMIPv6 domain • Assigns MN's home prefix and manages the MN's reachability state • MAG (Mobile Access Gateway) • Manages the mobility related signaling for a mobile node • Tracking the mobile node's attachment to the link and for signaling the MN's LMA • Assumptions (or Restrictions) • Link between MN and MAG is a point-to-point link (not shared link) • Logically exclusive layer 3 link between MN and MAG • Per-MN Prefix model • unique home network prefix is assigned to MN • Support both Steteless and Stateful address configuration modes Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) ▪ PMIPv6 Operation Flow MN PBU: Proxy Binding Update PBA: Proxy Binding Ack. MAG MN Attachment RA* AAA&Policy Store LMA CN AAA Query with MN-ID AAA Reply with Profile PBU with MN-ID, Home Network Prefix option, Timestamp option RA** PBA with MN-ID, Home Network Prefix option Tunnel Setup Optional DHCP Request DHCP Server DHCP Request DHCP Response DHCP Response [Proxy-CoA:LMAA][MN-HoA:CN](data) [MN-HoA:CN](data) [MN-HoA:CN](data) RA*: MN Prefix Policy Store Router Advertisement RA**: MN Prefix LMA Router Advertisement Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) ▪ PMIPv6 Features • Home in Any Place • Network Entry (or Handover) Procedures • After MN attachment, MAG gets MN’s profile • MN-Identity • LMA address and other configuration parameters • Obtain MN’s home network prefix information • Static Scheme • Get it from Profile • Dynamic Scheme • Get it from LMA via PBU/PBA • Now MAG have enough information to emulate MN’s home link • Send the RA (Router Advertisement) messages advertising MN’s home network prefix and other parameters • MN will always obtain its “home network prefix”, any where in the network. • MAG runs on the access router will emulate the home link on its access link. Dr. Mohammed Balfaqih • It will ensure that MN believes it is at its home. CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) ▪ PMIPv6 Features • Proxy Registration • LMA needs to understand the Proxy Registration • RFC 3775 MIPv6 BU/Back Reuse PBU (Proxy Binding Update) PBA (Proxy Binding Acknowledgement) Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) ▪ PMIPv6 Features • M:1 Tunnel • LMA-MAG tunnel is a shared tunnel among many MNs. • 1:1 relation ➔ m:1 relation • One tunnel is associated to multiple MNs’ Binding Caches. • Life-time of a tunnel should not be dependent on the life time of any single BCE. • LMA’s Prefix-based Routing • LMA will add prefix routes to MN’s home network prefix over the tunnel. - Routing State for a MN stored in LMA Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Proxy MIPv6 (PMIPv6) (RFC 5213) ▪ PMIPv6 Features MAG establishes IPv6 in IPv6 tunnel with LMA - Routing State for a MN stored in MAG RA (Router Advertisement) should be UNICASTed to an MN It will contain MN’s Home Network Prefix Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks IP Micro-mobility support ▪ IP Micro-mobility support • What happens if, e.g., a student changes subnets on a campus frequently? - Involvement of the HA each time - Reveals precise “location” • Micro-mobility support: - Efficient local handover inside a foreign domain without involving a home agent - Reduces control traffic on backbone - Especially needed in case of route optimization • Lot of research, not everything in products • Important criteria: - Security Efficiency, Scalability, Transparency, Manageability Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks IP Micro-mobility support ▪ Hierarchical Mobile IPv6 (RFC 5380, was: 4140) • Operation: - Network contains mobility anchor point (MAP) Internet mapping of regional COA (RCOA) to link COA (LCOA) - Upon handover, MN informs MAP only RCOA gets new LCOA, keeps RCOA MAP - HA is only contacted if MAP changes • Security provisions: - no HMIP-specific security provisions - binding updates should be authenticated Dr. Mohammed Balfaqih HA binding update AR AR LCOAnew LCOAold MN MN CCCN 422: Wireless Communication Networks IP Micro-mobility support ▪ Hierarchical Mobile IPv6 (RFC 5380, was: 4140) • Security - Advantages: Local COAs can be hidden, which provides at least some location privacy Direct routing between CNs sharing the same link is possible (but might be dangerous) Handover requires minimum number of overall changes to routing tables - Potential problems: Decentralized security-critical functionality (handover processing) in mobility anchor points MNs can (must!) directly influence routing entries via binding updates (authentication necessary) Not transparent to MNs Handover efficiency in wireless mobile scenarios: All routing reconfiguration messages sent over wireless link Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Locator/ID split ▪ Split the two roles of an IP address: localization and identification • Host Identity Protocol v2 (HIPv2, RFC 7401, was: 5201, updated by 6253, 8002) - Introduction of HIP layer between routing and transport, Alternative to Mobile IP - IP addresses for routing only, change depending on location (must be topological correct!) - Identification via Host Identity Tag, used e.g. for TCP connection identification instead of IP address - Host Identity Tag based on public keys Communication requires Diffie Hellman key exchange - Pro No intermediate agent, normal IP routing - Con Extra RTT due to key exchange, firewalls, extra layer - See also RFCs 5202, 5203, 5204, 5205, 5206, 5207, 5770… Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Locator/ID split ▪ Split the two roles of an IP address: localization and identification • Locator/ID Separation Protocol (LISP, RFC 6830) - New routing concept, tunneling for data transport, no changes to hosts or core - RLOC (Routing Locator): topologically assigned, used for routing - EID (Endpoint Identifier): administratively assigned, used for identification Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks Thank you Dr. Mohammed Balfaqih CCCN 422: Wireless Communication Networks
