Outline. CS5984 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Host Mobility Problem Solutions. Network Layer Solutions Model

Similar documents
Outline. CS6504 Mobile Computing. Host Mobility Problem 1/2. Host Mobility Problem 2/2. Dr. Ayman Abdel-Hamid. Mobile IPv4.

LECTURE 8. Mobile IP

11. IP Mobility 최 양 희 서울대학교 컴퓨터공학부

Fixed Internetworking Protocols and Networks. IP mobility. Rune Hylsberg Jacobsen Aarhus School of Engineering

Obsoletes: 2002 January 2002 Category: Standards Track

Mobile IP. rek. Petr Grygárek Petr Grygarek, Advanced Computer Networks Technologies 1

How Mobile IP Works? Presenter: Ajoy Singh

Mobile IP Overview. Based on IP so any media that can support IP can also support Mobile IP

Mohammad Hossein Manshaei 1393

ECS-087: Mobile Computing

Module 28 Mobile IP: Discovery, Registration and Tunneling

Mobile IP. Mobile Computing. Mobility versus Portability

CSE 123A Computer Netwrking

CSE 123b Communications Software

Quick announcements. CSE 123b Communications Software. Today s issues. Last class. The Mobility Problem. Problems. Spring 2004

What is mobility? Mobile IP. Mobility Impact on Protocol Stack (cont.) Advanced Topics in Computer Networks

Communications Software. CSE 123b. CSE 123b. Spring Lecture 10: Mobile Networking. Stefan Savage

Quick announcement. CSE 123b Communications Software. Last class. Today s issues. The Mobility Problem. Problems. Spring 2003

CS5984 Mobile Computing

Mobile & Wireless Networking. Lecture 9: Mobile IP. [Schiller, Section 8.1]

Mobility Support in IPv6

Binding information contains the entries in the mobility binding table.

Mobile Communications Mobility Support in Network Layer

Mobile Communications Chapter 9: Network Protocols/Mobile IP

Introduction Mobility Support Handover Management Conclutions. Mobility in IPv6. Thomas Liske. Dresden University of Technology

CSE 4215/5431: Mobile Communications Winter Suprakash Datta

Mobility Management - Basics

MOBILE IP AND WIRELESS APPLICATION PROTOCOL

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

Mobile IP. Page 1. 10/5/98 Mohamed Khalil IP10 MKIPM001

Mobile IP. Mobile IP 1

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

On using Mobile IP Protocols

MESSAGES error-reporting messages and query messages. problems processes IP packet specific information

Introduction to IPv6. IPv6 addresses

Introduction to IPv6. IPv6 addresses

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Introduction to IPv6. IPv6 addresses

Mobility Management Basics

Network Security. Security of Mobile Internet Communications. Chapter 17. Network Security (WS 2002): 17 Mobile Internet Security 1 Dr.-Ing G.

CMPE 257: Wireless and Mobile Networking

SJTU 2018 Fall Computer Networking. Wireless Communication

Mobility Support in Internet and Mobile IP. Gianluca Reali

Mobile Communications Chapter 8: Network Protocols/Mobile IP

CMPE 257: Wireless and Mobile Networking

Mobile IP and Mobile Transport Protocols

CMPE 257: Wireless and Mobile Networking

Outline. CS5984 Mobile Computing. Wireless Access Networks model 1/3. Wireless Access Network and Mobile IP. Dr. Ayman Abdel-Hamid

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Outline. CS5984 Mobile Computing. Local-area Mobility Solutions. Dr. Ayman Abdel-Hamid, CS5984. Regional Registration Framework (MIP_RR) 1/3

Security Issues In Mobile IP

Mobility Support in Internet and Mobile IP

King Fahd University of Petroleum & Minerals Computer Engineering g Dept

Mobility Management. Advanced Mobile Communication Networks. Integrated Communication Systems Group Ilmenau University of Technology

312 D.B. Johnson /Scalable support for transparent mobile host internetworking work, it is then delivered to the correct individual host on that netwo

Network Working Group. Category: Informational February 1997

Mobility Management. Advanced Mobile Communication Networks. Integrated Communication Systems Group Ilmenau University of Technology

Internet Engineering Task Force (IETF) Ericsson July 2011

Modification to Ipv6 Neighbor Discovery and Mobile Node Operation

IPv4 Care-of Address Registration for IPv4 Support on the NEMO Basic Support Protocol

1 Introduction. In this paper, we describe the design of a new protocol. of IP (IPv4) [22]. IPv6 is in the nal stages of design

Network Layer (4): ICMP

Lecture 7: Mobile IP (Part 1) Dr. Reynold Cheng

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Network Layer: Internet Protocol

Outline. CS5984 Mobile Computing. Taxonomy of Routing Protocols AODV 1/2. Dr. Ayman Abdel-Hamid. Routing Protocols in MANETs Part I

This chapter introduces protocols and mechanisms developed for the network

Chapter 8 LOCATION SERVICES

IPv6: An Introduction

PMIPv6 PROXY MOBILE IPV6 OVERVIEW OF PMIPV6, A PROXY-BASED MOBILITY PROTOCOL FOR IPV6 HOSTS. Proxy Mobile IPv6. Peter R. Egli INDIGOO.COM. indigoo.

TSIN02 - Internetworking

Master Course Computer Networks IN2097

TODAY AGENDA. VOIP Mobile IP

Request for Comments: Wichorus G. Tsirtsis Qualcomm T. Ernst INRIA K. Nagami INTEC NetCore October 2009

Da t e: August 2 0 th a t 9: :00 SOLUTIONS

Different Layers Lecture 20

More Internet Support Protocols

Deploying Mobile IP. Session ACC Copyright 2003, Cisco Systems, Inc. All rights reserved. Printed in USA. 8018_05_2003_c1.

Network Working Group Request for Comments: Nokia Research Center F. Dupont GET/ENST Bretagne June 2004

Overview of the MIPv6 Implementation

Category: Standards Track June Mobile IPv6 Support for Dual Stack Hosts and Routers

ETSI TS V ( )

Last time. BGP policy. Broadcast / multicast routing. Link virtualization. Spanning trees. Reverse path forwarding, pruning Tunneling

Mobile Computing. Chapter 8: Mobile Network Layer

Mobile IP and its trends for changing from IPv4 to IPv6

A Mobile Host Protocol Supporting Route Optimization and Authentication

FA Service Configuration Mode Commands

Mobile IPv4 Secure Access to Home Networks. Jin Tang

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Internet Protocols (chapter 18)

Fast Handover in Mobile IPv4 and IPv6

Chapter 09 Network Protocols

Internet Control Message Protocol (ICMP)

Chapter 8 ARP(Address Resolution Protocol) Kyung Hee University

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Network Working Group. Category: Standards Track Tohoku University K. Nagami INTEC NetCore Inc. S. Gundavelli Cisco Systems Inc.

Outline. SC/CSE 3213 Winter Sebastian Magierowski York University. ICMP ARP DHCP NAT (not a control protocol) L9: Control Protocols

Mobile IP Support for RFC 3519 NAT Traversal

EEC-684/584 Computer Networks

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

Transcription:

CS5984 Mobile Computing Outline Host Mobility problem and solutions IETF Mobile IPv4 Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech Mobile IPv4 1 2 Host Mobility Problem 1/2 Host Mobility Problem 2/2 An IP address reflects a host s point of attachment to the Example: TCP connection identified by a 4-tuple < source IP address, source TCP port, destination IP address, destination TCP port > if either host move, and acquire a new IP address, the TCP connection breaks Fundamental Problem an IP address serves dual purpose Transport and application layer perspective: endpoint identifier Network Layer: routing directive 3 Packets to Mobile Host routed to home R Internet Subnet 128.82.9 Mobile Host 128.82.9.60 Stationary Host R Subnet 128.80.10 Mobile Host 128.80.10.50 4 Host Mobility Problem Solutions Network Layer Solutions Model Network layer solutions -IETF Mobile IP ( and MIPv6) uses Mobility agents hides a change of IP address, when a mobile host is moving between IP s. Application layer solutions -Mobility support using Session Initiation Protocol used for real-time mobile communications problem with TCP connections, suggests using mobile IP for TCP connections End-to-End Host Mobility support Relies on DNS secure dynamic updates TCP option for connection migration (suspend TCP connection and reactivate it from another IP address) 5 two-level addressing architecture home address & care-of address key mechanisms address translation map home address to care-of address packet forwarding tunnel packets to care-of address location management update mobile host s location 6 1

IETF Mobile IPv4 1/4 IETF Mobile IPv4 2/4 Assigned a unique IP address on home HA:Home Agent FA: Foreign Agent : Mobile Host HA Home Registration Process 3. registration reply 2. registration request 4. registration reply FA 1. Registration request Obtains a colocated care of address in the foreign Provides a care-of address to in the foreign 2. Datagram intercepted by HA (through ARP) and tunneled to care-of address (FA) HA 1. Datagram to arrives on home via standard IP routing CH Triangular Routing tunnel CH: Correspondent Host 3. Datagram detunneled and delivered to FA Unicast datagram routing to the s care-of address 4. Datagrams sent by are delivered through standard IP routing. In this case FA is 's default router 7 8 IETF Mobile IPv4 3/4 IETF Mobile IPv4 4/4 2. Binding Update HA informs CH about current care-of address HA 1. Datagram to arrives on home via standard IP routing Route optimization CH Cache new tunnel Old tunnel 3. CH caches care-of address and uses it for any subsequent datagrams destined to FA 2 FA 1 Forwarding pointer Previous FA notification inform previous FA of the new care-of address for. Previous FA tunnels in-flight packets, and packets from CH with out-of-date location cache entries to new FA. (Handoff) Problems triangular routing (sub-optimal routing) tunneling overhead use of route optimization solves the triangular routing problem, BUT requires change in the IP stack of CH large signaling overhead (registration), if movement within the same domain (local-area mobility). has to inform the HA whenever it changes its point of attachment. 9 10 Outline A more detailed look to Mobile IPv4 Architectural Entities Operation Outline Agent Discovery Registration Datagram Routing Reverse Tunneling Replay Protection Mobile Node Architectural Entities A host or router that changes its point of attachment from one or sub to another Home Agent A router on a mobile node's home which tunnels datagrams for delivery to the mobile node when it is away from home maintains current location information for the mobile node Foreign Agent A router on a mobile node's visited which provides routing services to the mobile node while registered detunnels and delivers datagrams to the mobile node that were tunneled by the mobile node's home agent. 11 12 2

Operation Outline 1/3 Mobility agents advertise presence via Agent Advertisement messages A mobile node may optionally solicit such message through an Agent Solicitation message A mobile node determines whether in a home or foreign In home operates without mobility services If returning to its home, the mobile node deregisters with its home agent In a foreign, it obtains a care-of address from a foreign agent's advertisements (a foreign agent care-of address) by some external assignment mechanism such as DHCP (a colocated care-of address) Operation Outline 2/3 The mobile node operating away from home registers its new care-of address with its home agent through exchange (possibly via a foreign agent) Datagrams sent to the mobile node's home address intercepted by its home agent tunneled by the home agent to the mobile node's care-of address received at the tunnel endpoint, and finally delivered to the mobile node In the reverse direction, datagrams sent by the mobile node are generally delivered to their destination using standard IP routing mechanisms 13 14 2. Datagram intercepted by HA (through ARP) and tunneled to care-of address (FA) HA 1. Datagram to arrives on home via standard IP routing Operation Outline 3/3 CH tunnel CH: Correspondent Host 3. Datagram detunneled and delivered to FA Unicast datagram routing to the s care-of address 4. Datagrams sent by are delivered through standard IP routing. In this case FA is 's default router Message Format and Protocol Extensibility 1/2 Mobile IP defines a set of new control messages, sent with UDP using well-known port number 434 (Registration request and reply) For Agent Discovery: use of the existing Router Advertisement and Router Solicitation messages defined for ICMP Router Discovery Mobile IP defines a general Extension mechanism to allow optional information to be carried by Mobile IP control messages or by ICMP Router Discovery messages Extensions format Type-Length-Value Extension Format (Type-Length(8 bits)-data) Long Extension Format (Type SubType Length (16 bits)-data) Short Extension Format (Type-SubType-length(8 bits)-data) 15 16 Message Format and Protocol Extensibility 2/2 Type-Length-Value Extension Format Long Extension Format Short Extension Format Agent Discovery 1/2 An Agent Advertisement is formed by including a Mobility Agent Advertisement Extension in an ICMP Router Advertisement message An Agent Solicitation is identical to an ICMP Router Solicitation with the further restriction that the IP TTL Field MUST be set to 1 IP Fields in ICMP router advertisement message (Mobile agents multicast group is 224.0.0.11) TTL: set to 1 Destination address: "all systems on this link" multicast address (224.0.0.1) the "limited broadcast" address (255.255.255.255). When unicast to a mobile node, the IP home address of the mobile node 17 18 3

Agent Discovery 2/2 Mobility Agent Advertisement Extension T Reverse tunneling Length is 6 + 4 * number of care-of addresses Sequence number is the count of Agent Advertisement messages sent since the agent was initialized. Initially 0. Upon rollover, start from 256 (why?) R Registration required B Busy H Home Agent F Foreign Agent M Minimal Encapsulation G GRE Encapsulation r sent as Zero 19 Registration 1/2 request forwarding services when visiting a foreign inform home agent of current care-of address renew a registration which is due to expire deregister when they return home Optionally maintain multiple simultaneous registrations, so that a copy of each datagram will be tunneled to each active care-of address deregister specific care-of addresses while retaining other mobility bindings discover the address of a home agent, if not already configured with such information 20 Assigned a unique IP address on home HA:Home Agent FA: Foreign Agent : Mobile Host HA Home Registration Process Registration 2/2 3. registration reply 2. registration request 4. registration reply FA 1. Registration request Obtains a colocated care of address in the foreign Provides a care-of address to in the foreign 21 Registration Authentication Each mobile node, foreign agent, and home agent MUST be able to support a mobility security association for mobile entities, indexed by their SPI and IP address. In the case of the mobile node, this must be its Home Address Mobility Security Association (MSA) A collection of mobile IP security contexts, between a pair of nodes. Each context indicates an authentication algorithm and mode, a secret (a shared key, or appropriate public/private key pair), and a style of replay protection Security Parameter Index (SPI) An index identifying a security context between a pair of nodes among the contexts available in the MSA. 22 Registration Request Registration Reply Mobile IP Fields in registration request Identification used to match replies versus requests and for replay protection S Simultaneous binding B Broadcast datagrams D Decapsulation by M Minimal Encapsulation G GRE Encapsulation r sent as Zero T Reverse tunneling x sent as Zero A value of zero in lifetime indicates request for deregistration Mobile IP Fields in registration reply 23 24 4

Registration extensions Computing authentication extension values The default authentication algorithm compute a 128-bit "message digest" of the registration message Mobile-Home Authentication Extension Must be present in registration requests and in registration replies generated by HA The data over which the digest is computed is defined as the UDP payload (Registration Request or Registration Reply data) all prior Extensions in their entirety the Type, Length, and SPI of this Extension The same format is used for Mobile-Foreign and Foreign-Home authentication extensions 25 26 Extensions order 1/2 Extensions order 2/2 The following order must be adhered to in registration requests The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration Request If present, any non-authentication Extensions expected to be used by the home agent (which may or may not also be useful to the foreign agent) An authorization-enabling extension If present, any non-authentication Extensions used only by the foreign agent The Mobile-Foreign Authentication Extension, if present. The following order must be adhered to in registration replies The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration If present, any non-authentication Extensions used by the mobile node (which may or may not also be used by the foreign agent) The Mobile-Home Authentication Extension If present, any non-authentication Extensions used only by the foreign agent The Foreign-Home Authentication Extension, if present. 27 28 Data Structures at HA and FA Mobility binding entry at HA the mobile node's home address the mobile node's care-of address the Identification field from the Registration Reply the remaining Lifetime of the registration Visitor list entry at FA (for each pending or current registration) the link-layer source address of the mobile node the IP Source Address the IP Destination Address (FA IP address might be unknown to ) the UDP Source Port the Home Agent address the Identification field the requested registration Lifetime the remaining Lifetime of the pending or current registration. 29 Datagram routing 1/5 Broadcast datagrams must have requested forwarding of broadcast datagrams Tunnel to co-located care-of address If FA care-of address, encapsulate into unicast datagram destined to home address, then encapsulate into a unicast datagram to FA address ( must be able to decapsulate received datagram) Multicast datagram routing To receive Join via a local multicast router in foreign Join via a bi-directionnal tunnel to its HA (assuming HA is a multicast router) To send Send directly on visited (must use a co-located care-of addr) Send via a tunnel to its home agent (use home IP address) 30 5

Datagram routing 2/5 A Proxy ARP is an ARP Reply sent by one node on behalf of another node which is unable or, unwilling to answer its own ARP Requests (provide linklayer address) The node receiving the Reply will then associate this linklayer address with the IP address of the original target node Will transmit future datagrams for this target node to the node with that link-layer address A Gratuitous ARP is an ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache 31 Datagram routing 3/5 While a mobile node is registered on a foreign its home agent uses proxy ARP to reply to ARP Requests it receives that seek the mobile node's link-layer address provide its own link-layer address When a mobile node leaves its home and registers a binding on a foreign its home agent uses gratuitous ARP to update the ARP caches of nodes on the home such nodes will associate the link-layer address of the home agent with the mobile node's home (IP) address 32 Datagram routing 4/5 ARP Processing rules when leaves home The mobile node disables its own future processing of any ARP Requests relating to its home address (unless request is by FA) When the mobile node's home agent receives and accepts the Registration Request performs a gratuitous ARP on behalf of the mobile node, and begins using proxy ARP to reply to ARP Requests that it receives requesting the mobile node's link- layer address Datagram routing 5/5 ARP Processing rules when returns to home Before transmitting the Registration Request, the reenables its own future processing of any ARP Requests relating to its home address The performs a gratuitous ARP for itself When the mobile node's HA receives and accepts the Registration Request it stops using proxy ARP to reply to ARP Requests, and then performs a gratuitous ARP on behalf of the mobile node 33 34 Reverse Tunneling 1/5 MIP uses tunneling from the home agent to the mobile node's careof address, but rarely in the reverse direction Usually, a mobile node sends its packets through a router on the foreign, and assumes that routing is independent of source address When this assumption is not true, it is convenient to establish a topologically correct reverse tunnel from the care-of address to the home agent Use of s home address makes the reverse tunnel topologically incorrect Reverse Tunneling 2/5 Two packet delivery styles from to FA Direct Delivery Style the mobile node designates the foreign agent as its default router proceeds to send packets directly to the foreign agent, that is, without encapsulation The foreign agent intercepts them, and tunnels them to the home agent Encapsulating Delivery Style the mobile node encapsulates all its outgoing packets to the foreign agent The foreign agent decapsulates and re-tunnels them to the home agent, using the foreign agent's care-of address as the entry-point of this new tunnel 35 36 6

Reverse Tunneling 3/5 Direct Delivery Style ( must designate FA as default router) Packet format received by the foreign agent IP fields Destination Address = correspondent host's address Packet format forwarded by the FA IP fields (encapsulating header) Source Address = foreign agent's care-of address Destination Address = home agent's address Protocol field: 4 (IP in IP) IP fields (original header) Destination Address = correspondent host's address 37 Reverse Tunneling 4/5 Encapsulating Delivery Style ( must perform encapsulation) Packet format received by the foreign agent (Encapsulating Delivery Style) IP fields (encapsulating header) Destination Address = foreign agent's address Protocol field: 4 (IP in IP) IP fields (original header) Destination Address = correspondent host's address 38 Reverse Tunneling 5/5 Encapsulating Delivery Style ( must perform encapsulation) Packet format forwarded by the foreign agent IP fields (encapsulating header) Source Address = foreign agent's care-of address Destination Address = home agent's address Protocol field: 4 (IP in IP) IP fields (original header) Destination Address = correspondent host's address Replay Protection 1/4 The Identification field is used to let the HA verify that a registration message has been freshly generated by the mobile node Style of replay protection part of MSA Timestamp-based replay protection Nonce-based replay protection In either approach, low-order 32 bits of the Identification MUST be copied unchanged from the Registration Request to the Reply The FA uses those bits (and the mobile node's home address) to match Registration Requests with corresponding replies The mobile node MUST verify that the low-order 32 bits of any Registration Reply are identical to the bits it sent in the Registration Request. 39 40 Replay Protection 2/4 Replay Protection 3/4 Timestamp-based replay protection The node generating a message inserts the current time of day, and the node receiving the message checks that this timestamp is sufficiently close to its own time of day (Implication?) A timestamp is valid if it is close to HA time and greater than all previously accepted timestamps If the timestamp is valid, the HA copies the entire Identification field into the Registration Reply If the timestamp is not valid, the HA copies only the low-order 32 bits into the Registration Reply, and supplies the high-order 32 bits from its own time of day Nonce-based replay protection The basic principle of nonce replay protection is that node A includes a new random number in every message to node B, and checks that node B returns that same number in its next message to node A. Both messages use an authentication code to protect against alteration by an attacker. At the same time node B can send its own nonces in all messages to node A (to be echoed by node A), so that it too can verify that it is receiving fresh messages. 41 42 7

Replay Protection 4/4 Nonce-based replay protection The HA inserts a new nonce as the high-order 32 bits of the identification field of every Registration Reply. The HA copies the low-order 32 bits of the Identification from the Registration Request message into the low-order 32 bits of the Identification in the Registration Reply. When the mobile node receives an authenticated Registration Reply from the home agent, it saves the high-order 32 bits of the identification for use as the high-order 32 bits of its next Registration Request. If a registration message is rejected because of an invalid nonce, the Reply always provides the mobile node with a new nonce to be used in the next registration. 43 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback