Upload
aman
View
27
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Mobile IP. Miae Woo. Motivation for Mobile IP. Routing based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet - PowerPoint PPT Presentation
Citation preview
Mobile IP
Miae Woo
By Miae Woo 2
Motivation for Mobile IP
• Routing based on IP destination address, network prefix (e.g. 129.13.42) determines
physical subnet change of physical subnet implies change of IP address to have a
topological correct address (standard IP) or needs special entries in the routing tables
• Specific routes to end-systems? change of all routing table entries to forward packets to the right destination does not scale with the number of mobile hosts and frequent changes in the
location, security problems
• Changing the IP-address? adjust the host IP address depending on the current location almost impossible to find a mobile system, DNS updates take to long time TCP connections break, security problems
By Miae Woo 3
What is Mobile IP?
• A modification to IP that allows nodes to continue to receive datagrams no matter where they happen to be attached to the Internet
• Topics Advertisement - Agent discovery Registration Tunneling Route optimization
By Miae Woo 4
Functional Entities
• Mobile node (MN) a host or router that changes its point of attachment without changing its IP address
• Home agent (HA) a router on a mobile node’s home network delivers datagrams to departed MNs maintains current location information for each departed MN
• Foreign agent (FA) a router on a mobile node’s visited network coorporates with the the HA to complete the delivery of datagrams to the departed MN
• Correspondent Node (CN) Communication partner
CN
Internet
MN
HA
FA
Subnet A - a physical network for mobile hosts
Subnet C
Subnet B
FA
FA
MN
By Miae Woo 5
Protocol Overview
• Agent discovery HAs and FAs advertise their availability
• Registration Request / Reply Registers MN’s care-of address (COA) to the HA
• authentication
• registration lifetime
Registration response and binding
• Tunneling To deliver datagram to the MN, the HA tunnels the datagram to the COA
• IP-in-IP Encapsulation
• Minimal Encapsulation
• Generic Record Encapsulation (GRE)
By Miae Woo 6
Protocol Procedures
Internet
Subnet A
Subnet C
Subnet B
FA
1. Agent Advertisement
0. MN moves to subnet B
2. Determine whether it is on its home network or a foreign network3. Obtain a care-of address4. Registration Request
5. Registration Response and binding
CorrespondentNode
6. Datagram to MN arrive on home network via standard IP routing
7. Datagram is intercepted by HA and tunneled to care-of address
HA
By Miae Woo 7
IP Datagram Flow
Internet
Subnet A
Subnet C
Subnet B
FA1. A datagram to the MN arrives on the home network via standard IP routing.
CorrespondentNode
4. Standard IP routing delivers each datagram sent by the MN to its destination.
HA2. The datagram is intercepted by the HA and is tunneled to the care-of address.
3. The datagram is detunneled and delivered to the MN.
By Miae Woo 8
Care-of Address Acquisition
• A FA care-of address a care-of address provided by a FA through its agent advertisement messa
ges. The care-of address is an IP address of the FA. FA :
• the endpoint of the tunnel
• decapsulates tunneled datagrams and delivers the inner datagram to the MN
Advantage : no demand for IPv4 address space
• A colocated care-of address a care-of address acquired by the MN as a local IP address through some e
xternal means, which the mobile node then associate with one of its own network interfaces.
Advantage • MN : serves as the end point of the tunnel and performs decapsulation of the dat
agram
• No need for the service of any HA.
By Miae Woo 9
Agent Discovery
• The method by which a MN determines whether it is currently connected to its home network or to a fore
ign network detects when it has moved from one network to another
• Agent advertisement formed by including a mobility agent advertisement extension in an ICMP (I
nternet Control Message Protocol) Router Advertisement message• A mobility agent transmits agent advertisements to advertise its services on a lin
k. (max : 1/sec)
• MNs use these advertisement to determine their current point of attachment to the Internet.
• No authentication required
By Miae Woo 10
Mobility Agent Extension Format
• type : type to distinguish between various kinds of extensions; 16
• length : length of this single extension; (6+4*N), where N is the number of COA advertised
• sequence number : count of agent advertisement messages sent since the agent was initialized
• lifetime : the longest lifetime that this agent is willing to accept in any registration request
• R : registration required (rather than using a colocated COA)
• B : FA is busy
• H : Home agent
• F : Foreign agent
• M : Minimal encapsulation
• G : generic record encapsulation (GRE)
• V : Van Jacobson header compression
• care-of address : the advertised foreign agent care-of address provided by this FA
By Miae Woo 11
Agent Discovery by MN
• Registration required when MN receives an agent advertisement with the R bit set Intended to allow sites to enforce visiting policies, which require exchange
of authorization
• Returning home when it receives an agent advertisement from its own HA configure its routing table appropriately for its home network deregister with its HA
By Miae Woo 12
Registration
• Provides a flexible and reliable mechanism for MNs to communicate their current reachability information to their HA
• Method used by MN to request forwarding services when visiting a foreign network inform its home agent of its current care-of address renew a binding that is due to expire deregister when it returns home
• Registration messages exchange the MN’s current binding information among a MN, its HA, and possibly a FA to create/modify a mobility binding at the HA associate the MN’s home address with its care-of address for the registratio
n lifetime
By Miae Woo 13
Registration Overview
FAadvertises
service
MN FA HA
MNrequestservice FA relays
request to HA
HA acceptsor denies
FA relaysstatus to MN
MN HA
MNrequestservice
HA acceptsor denies
without intermediaryby means of a foreign agent
if a MN uses a colocated COA if a MN is deregistering with its HA if a MN is registering a foreign agent COA
By Miae Woo 14
Registration Messages
• Types registration request registration reply
• Use UDP
Mobile IP defines its own retransmission to handle cases of dropped packets.
By Miae Woo 15
Registration Request Fields
• Type : 1 (registration request)
• S : Simultaneous bindings; If set, the MN is requesting that the HA retain its prior mobility bindings
• B : Broadcast datagrams; If set, the MN request that the HA tunnel to it any broadcast datagrams that it receives on the home network
• D : Decapsulation; If set, the MN informs the HA that it will decapsulate datagram that are sent to the care-of address
• Lifetime : The number of seconds remaining before the registration is considered expired
• Identification : used for matching registration requests/replies and for preventing against replay attacks
By Miae Woo 16
Authentication
• Registration messages between a MN and its HA are required to be authenticated with the mobile-home authentication extension.
• Type of authentication extensions The mobile-home authentication extension : require in all registration request/reply The mobile-foreign authentication extension The foreign-home authentication extension
• SPI (Security parameter index) select the authentication algorithm and mode, and secret used to compute the
authenticator 0 ~ 255 : reserved
• Authenticator : variable length, depending on the SPI
By Miae Woo 17
Tunneling
• Encapsulation
• General tunneling
• Generally useful for multicast and multiprotocol operation, security, privacy
• Available methods IP-in-IP encapsulation Minimal encapsulation GRE
Decapsulation
Source
Encapsulation
Destination
By Miae Woo 18
IP-in-IP Encapsulation
• The outer IP header source and destination addresses identify the end-points of the tunnel.
• The inner IP header source and destination addresses identify the original sender and recipient of the datagram.
• No change in the inner IP header except to decrement the TTL by 1• Other headers
IP authentication header
• Allows fragmentation at the HA when needed to deal with tunnels with smaller path MTUs.
Original IP Header Original IP Payload
Inner IP Header Original IP PayloadOuter IP Header
TunnelEndpoints
Other headers(optional)
By Miae Woo 19
Minimal Encapsulation
• To eliminate the duplication occurred in IP-in-IP encapsulation
• Restriction on fragmentation
• Header format
Original IP Header Original IP Payload
Original IP PayloadMinimal Encapsulator HeaderOuter IP Header
TunnelEndpoints
Destination IPaddress
By Miae Woo 20
Generic Record Encapsulation
• Can encapsulate numerous other protocols besides IP
originalheader
original data
new datanew header
outer headerGRE
headeroriginal data
originalheader
By Miae Woo 21
ARP, Proxy ARP, Gratuitous ARP
• The HA is required to broadcast gratuitous ARPs as soon as the MN moves away from its home network and register a new care-of address.
• The HA will continue to proxy ARP for MN until MN returns home.• After returning home, MN broadcasts gratuitous ARPs before deregistration.• The HA broadcasts gratuitous ARPs after accepting deregistration request.
Router
HomeAgent
X YZ
ARP Reply: Z_IP Z_MAC
Router
HomeAgent
X Y
ARP Reply: Z_IP HA_MAC
By Miae Woo 22
Route Optimization
• To eliminate triangle routing problem
• Route optimization extensions Objective : route datagrams from a correspondent node to a MN without goi
ng to the HA first Allow datagrams in flight when a MN moves and datagrams sent based on
an out-of-date cached binding to be forwarded directly to the MN’s new care-of address
• Authentication
By Miae Woo 23
Route Optimization Overview
• Update binding caches
• Managing smooth handoffs between FAs
• Acquiring registration keys for smooth handoffs
• Using special tunnels
• Concerned areas Supplying a binding update to any correspondent node that needs one Providing the means to create the needed authentication and replay protecti
on so that the recipient of a binding update message can believe it Allowing for the MN and FA to create a registration key for later use in maki
ng a smooth transition to a new point of attachment
By Miae Woo 24
Foreign Agent Smooth Handoff
• Make the transition as smooth as possible as MN moves from one point of attachment to the next Achievable by delivering datagrams correctly even though they may arrive a
t the old care-of address
• The new FA sends a binding update message to the previous FA as part of registration, requesting an ack from the previous FA.
• The previous FA creates a binding cache entry for the MN to serve as a forwarding pointer.
• MN and FA need to establish a new registration key
By Miae Woo 25
Route Optimization Scenario
FA1Internet
Subnet A
Subnet DSubnet C
FA2
Host
HA
Subnet B
By Miae Woo 26
Route Optimization Procedure
Internet Host HA FA1 MN FA2
Registration requestRegistration request
Registration reply Registration replyPacket to MN
TunnelingDeliveryBinding Update
Packet to MN Delivery
MNMoved Registration request
Registration request
Binding Update
Binding Ack
Registration reply
Packet to MNDelivery
Binding WarningBinding Update
Registration reply
By Miae Woo 27
Reverse tunneling (RFC 2344)
Internet
receiver
FA
HAMN
home network
foreignnetwork
sender
3
2
1
1. MN sends to FA2. FA tunnels packets to HA by encapsulation3. HA forwards the packet to the receiver (standard case)
CN
By Miae Woo 28
Mobile IP with reverse tunneling
• Router accept often only “topological correct“ addresses (firewall!) a packet from the MN encapsulated by the FA is now topological correct furthermore multicast and TTL problems solved (TTL in the home network
correct, but MN is to far away from the receiver)
• Reverse tunneling does not solve problems with firewalls, the reverse tunnel can be abused to circumvent
security mechanisms (tunnel hijacking) optimization of data paths, i.e. packets will be forwarded through the tunnel
via the HA to a sender (double triangular routing)
• The new standard is backwards compatible the extensions can be implemented easily and cooperate with current
implementations without these extensions
By Miae Woo 29
Mobile IP and IPv6
• Mobile IP was developed for IPv4, but IPv6 simplifies the protocols security is integrated and not an add-on, authentication of registration is incl
uded (?) COA can be assigned via auto-configuration (DHCPv6 is one candidate), ev
ery node has address autoconfiguration no need for a separate FA, all routers perform router advertisement which c
an be used instead of the special agent advertisement MN can signal a sender directly the COA, sending via HA not needed in this
case (automatic path optimization) ”soft“ hand-over, i.e. without packet loss, between two subnets is supported MN sends the new COA to its old router the old router encapsulates all incoming packets for the MN and forwards th
em to the new COA authentication is always granted
By Miae Woo 30
Problems with mobile IP
• Security authentication with FA problematic, for the FA typically belongs to another o
rganization no protocol for key management and key distribution has been standardized
in the Internet patent and export restrictions
• Firewalls typically mobile IP cannot be used together with firewalls, special set-ups ar
e needed (such as reverse tunneling)
• QoS many new reservations in case of RSVP tunneling makes it hard to give a flow of packets a special treatment needed
for the QoS
• Security, firewalls, QoS etc. are topics of current research and discussions!
By Miae Woo 31
• Application simplification of installation and maintenance of networked computers supplies systems with all necessary information, such as IP address, DNS
server address, domain name, subnet mask, default router etc. enables automatic integration of systems into an Intranet or the Internet,
can be used to acquire a COA for Mobile IP
• Client/Server-Model the client sends via a MAC broadcast a request to the DHCP server (might
be via a DHCP relay)
DHCP: Dynamic Host Configuration Protocol
client relay
clientserver
DHCPDISCOVER
DHCPDISCOVER
By Miae Woo 32
DHCP - protocol mechanismsclient
time
server(not selected)
server(selected)initialization
collection of replies
selection of configuration
initialization completed
release
confirmation ofconfiguration
delete context
determine theconfiguration
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST(reject)
DHCPACK
DHCPRELEASE
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST(options)
determine theconfiguration
By Miae Woo 33
DHCP characteristics
• Server several servers can be configured for DHCP, coordination not yet
standardized (i.e., manual configuration)
• Renewal of configurations IP addresses have to be requested periodically, simplified protocol
• Options available for routers, subnet mask, NTP (network time protocol) timeserver,
SLP (service location protocol) directory, DNS (domain name system)
• Big security problems! no authentication of DHCP information specified