Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
TECHNISCHE
UNIVERSITÄT
ILMENAU
Inte
gra
ted
C
om
mu
nic
ati
on
Syste
ms G
rou
p
htt
p:/
/ww
w.t
u-ilm
enau
.de/iks
Mobility Management
Motivation
Approaches to mobility
management
Layer 2 mobility
Mobile IP (layer 3 mobility)
Data transfer
Encapsulation
IPv6
Problems
DHCP
Mobile Communication Networks 2 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
Routing
forwarding is based on some destination address (a locator)
change of location (due to mobility) requires change of destination address
or needs an update of routing tables
Ideas:
Specific routes to end systems (per-host forwarding)
Multicast
Modification of the destination address
Tunneling
Mobile Communication Networks 3 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
BS
BS
BS
BS
Source
Internet
Specific routes to end systems (per-host forwarding)
change of routing table entries to forward packets to the right destination
=> distribution of routing information for every mobile everywhere
=> does not scale to a large network
=> security problems (routing table updates)
Mobile Communication Networks 4 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
Multicast
Building of a multicast tree
=> security problem
=> Overhead
BS
BS
BS
BS
Source
Internet HA
Mobile Communication Networks 5 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
BS
BS
BS
BS
Source
Internet
Modification of the destination address
adjust the host address depending on the current location
=> problems to find a mobile host without a constant address
=> problems with application due to change of address
=> security problem HA
Mobile Communication Networks 6 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
BS
BS
BS
BS
Source
Internet
Tunneling
Separation of a terminal/user identificator from a topological locator
=> security problem (location update at home agent)
HA
Mobile Communication Networks 7 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Motivation
Important tasks of mobility management:
Find and address a mobile away from home
Support ``continuous´´ communication after change of location
Security: avoid misuse of mechanism
Privacy: hide location from others
Important criteria to compare mobility protocols:
Handover (HO) performance:
delay to update the route
packet loss due to handover
Protocol overhead: consumption of network resources
Scalability: protocol overhead in large networks with large numbers of
mobile nodes
Robustness: adaptability to different network conditions and failures
Ease of deployment: simplicity, suitability to different network scenarios
Mobile Communication Networks 8 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Approaches to Mobility (Which Layer Handles Mobility?)
Mobility may be supported at different layers:
Layer 1 (radio link addition or deletion – radio mobility)
UMTS/GSM: HO between cells supported by a single base station
Layer 2 (switching: mobility is hidden from layer 3 – micro mobility)
UMTS/GSM: HO in core network (SGSN) or in radio access network (RNC)
WLAN: change between access points belonging to same subnet
Layer 3 (routing: mobility beyond a single subnet – macro mobility)
Goal, No changes of upper layers protocols, change of network architecture is
allowed
Mobile IP and derivatives
Mobile Communication Networks 9 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Approaches to Mobility (Which Layer Handles Mobility?)
Layer 4 (transport)
Goal, keep the Internet infrastructure unchanged by allowing the end hosts to
take care of mobility
UMTS/GPRS: routing based on traffic flow template (QoS-specific)
considering port IDs, etc. (GTP-U)
Layer 5 (session)
Change of mapping of identity/number to destination address
Layer 7 (application)
No changes in the current networks
Extending IP telephony infrastructure to fulfil the mobility requirements
DNS: change of mapping of name (e.g. URL) to IP address
Hybrid Layers Mobility
Optimization of a certain layer mobility using information from other layers or
Integrated solution Instead of hybrid solution
Mobile Communication Networks 10 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Layer 2 Mobility (Micro Mobility)
Mobility is completely hidden from the IP layer
Mobility is handled by layer 2 either by
per-host forwarding: update of address tables in switches
tunneling: use of second address as locator
Examples:
802.11 uses ARP updates (per-host forwarding)
change of mapping of MAC address to output port
UMTS/GPRS applies
per-host forwarding between core network elements
tunneling to pass intermediate nodes (IP routers) between
network elements
Mobile Communication Networks 11 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Layer 2 Mobility in IEEE 802.11
4 phases
Recognizing the lost in the connection
Search and detection of new adequate AP
Re-/Authentication with the new discovered AP
Re-/Association with the new discovered AP
Recognizing the lost in the connection through the weakness of the
received signal or on the failed frame transmissions
Search and detection of new adequate AP through scanning the
medium, passive and active scanning are the standard methods
Mobile Communication Networks 12 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Layer 2 Mobility in 802.11
large variation for the same hardware
with same configuration
Scanning is the main factor in layer2
latency, about 90%.
Speeding the scanning, periodic
scanning, selective scanning
STA APs
Association phase
Authentication phase
Scanning phase
New AP
Mobile Communication Networks 13 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Layer 2 Mobility in UMTS/GPRS
L1
RLC
PDCP
MAC
E.g., IP,
PPP
Application
L1
RLC
PDCP
MAC
ATM
UDP/IP
GTP-U
AAL5
Relay
L1
UDP/IP
L2
GTP-U
E.g., IP,
PPP
3G-SGSNUTRANMS
Iu-PSUu Gn Gi
3G-GGSN
ATM
UDP/IP
GTP-U
AAL5
L1
UDP/IP
GTP-U
L2
Relay
Terminal IP to location IP mapping
(termination of IP tunnel) Per host routing Per-host routing
Tunneling via intermediate IP
routers
Mobile Communication Networks 14 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
IP-based Mobility
IP Routing
forwarding is based on IP destination address; network prefix (e.g. 129.13.42)
determines physical subnet
change of physical subnet implies change of IP address to have a topological correct
address (standard IP) or needs special entries in the routing tables
Basic Mechanisms:
Specific routes to end-system: per-host forwarding
distribution of routing information to every router/switch
change of multiple routing table entries upon terminal movement
does not scale well with the number of routers and mobile hosts
Separation of terminal identity from location: tunneling
terminal/user identifier and topological location address
high latency for updates
Multicast
Modification of destination address depending on current location
almost impossible to find a mobile system
DNS updates take to long time
TCP connections break
Mobile Communication Networks 15 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Mobile IP (Layer 3 – Macro Mobility)
Requirements for Mobile IP:
Transparency
mobile end-systems keep their IP address
continuation of communication after interruption of link
point of connection to the fixed network can be changed
Compatibility
support of the same layer 2 protocols as IP
no changes to current end-systems and routers required
mobile end-systems can communicate with fixed systems
Security
authentication of all registration messages
Efficiency and scalability
only little additional messages to the mobile system required (connection
typically via a low bandwidth radio link)
world-wide support of a large number of mobile systems in the whole
Internet
Mobile Communication Networks 16 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Mobile IP Basics: Example Network
mobile end-system Internet
router
router
router
end-system
FA
HA
MN
home network
foreign
network
(physical home network
for the MN)
(current physical network
for the MN)
9.4.1
CN
Mobile Communication Networks 17 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Mobile IP Terminology
Mobile Node (MN)
system (node) that can change the point of connection
to the network without changing its IP address
Home Agent (HA)
system in the home network of the MN, typically a router
registers the location of the MN, tunnels IP datagrams to the COA
Foreign Agent (FA)
system in the current foreign network of the MN, typically a router
forwards the tunneled datagrams to the MN, typically also the default
router for the MN
Care-of Address (COA)
address of the current tunnel end-point for the MN (at FA or MN)
current location of the MN from an IP point of view
can be chosen, e.g., via DHCP (Co-located COA)
Correspondent Node (CN)
communication partner
Mobile Communication Networks 18 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Basics: Data transfer to the mobile node
Internet
sender
FA
HA
MN
home network
foreign
network
receiver
1
2
3
1. Sender sends to the IP address of MN,
HA intercepts packet (proxy ARP)
2. HA tunnels packet to COA, here FA,
by encapsulation
3. FA forwards the packet
to the MN
CN
Mobile Communication Networks 19 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Basics: Data transfer from the mobile node
Internet
receiver
FA
HA
MN
home network
foreign
network
sender
1
1. Sender sends to the IP address
of the receiver as usual,
FA works as default router CN
Mobile Communication Networks 20 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Agent Discovery and Registration (IPv4)
Here the care-of address denotes the address of the FA
the MN could also get it directly via DHCP (co-located care-of address)
The binding update is a remote redirect and therefore needs authentication
After registration the HA tunnels data for the MN to the care-of address
IPv4
Foreign network
Home Agent
Foreign Agent advertises service
1. Foreign Agent, Care-of address
Mobile Node
2. MN sends Registration Request 3. FA relays Binding Update to HA
5. HA accepts binding or denies
6. FA relays status to MN
4. HA maintains the association between home address and current care-of address and registration lifetime (binding)
Home network
Mobile Communication Networks 21 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Agent Discovery and Registration
FA
FA
FA
FA
Source
Internet HA
10.10.0.0
9.9.0.0
Home address:10.10.0.10
CoA:
1- FA-CoA: 9.9.0.0 or
2- Co-located CoA: 9.9.x.x
Destination is: 10.10.0.10
Mobile Communication Networks 22 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Agent Discovery and Registration
FA
FA
FA
FA
Source
Internet HA
10.10.0.0
9.9.0.0
Home address:10.10.0.10
CoA:
1- FA-CoA: 9.9.0.0 or
2- Co-located CoA: 9.9.0.2
De-tunneling by MN
Mobile Communication Networks 23 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Agent Discovery and Registration
Agent Advertisement
HA and FA periodically send advertisement messages into their physical
subnets
MN listens to these messages and detects, if it is in the home or a foreign
network
MN reads a COA from the FA advertisement messages
Note: agent advertisement may be solicited by MN (agent solicitation msg)
Registration (always limited lifetime!)
MN signals COA to the HA via the FA, HA acknowledges via FA to MN
these actions have to be secured by authentication
Advertisement (ICMP extensions to RFC 1256)
HA advertises the IP address of the MN (as for fixed systems), i.e.
standard routing information
routers adjust their entries; these are stable for a longer time (HA
responsible for a MN over a longer period of time)
packets to the MN are sent to the HA, independent of changes in COA/FA
Mobile Communication Networks 24 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Tunneling
Encapsulation of one packet into another as payload
e.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone)
here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE (Generic Record Encapsulation)
IP-in-IP encapsulation (mandatory, RFC 2003)
tunnel between HA and COA
Care-of address COA IP address of HA
TTL IP identification
IP-in-IP IP checksum flags fragment offset
length TOS ver. IHL
IP address of MN IP address of CN
TTL IP identification
lay. 4 prot. IP checksum flags fragment offset
length TOS ver. IHL
TCP/UDP/ ... payload
MIP header
IP packet
Mobile Communication Networks 25 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Tunneling
Minimal encapsulation (optional)
avoids repetition of identical fields
e.g. TTL, IHL, version, TOS
only applicable for unfragmented packets, no space left for fragment
identification
care-of address COA IP address of HA
TTL IP identification
min. encap. IP checksum flags fragment offset
length TOS ver. IHL
IP address of MN original sender IP address (if S=1)
S lay. 4 protoc. IP checksum
TCP/UDP/ ... payload
reserved
MIP header
minimized
IP packet
Mobile Communication Networks 26 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Optimization of packet forwarding
Triangular Routing
sender sends all packets via HA to MN
=> higher latency and network load
Ideas for Solutions
sender learns the current location of MN
direct tunneling to this location
HA informs a sender about the location of MN
security problems with binding updates
Change of FA
packets on-the-fly during the change can be lost
new FA informs old FA to avoid packet loss, old FA now forwards
remaining packets to new FA
this information also enables the old FA to release resources for the MN
Mobile Communication Networks 27 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Tunneling and Route Optimization (IPv4)
The home agent can either use IP-within-IP or minimal encapsulation to reduce the header overhead
Route optimization can be done if the HA sends a Binding Update to the CN
=> subsequent packets can be tunneled directly from the CN to the FA
In the reverse direction normal standard IP routing mechanisms are used to deliver IP datagrams from the MN
Problems if the MN moves to another FA!
Home network
Foreign network
Home Agent Foreign Agent
Mobile Node
3. FA strips off the tunnel header and relays the rest to the MN
1. CN sends IP packet to home address of MN. Initially the CN only knows the home address of the MN
Correspondent Node
2. HA encapsulates the IP packet into a new IP packet by adding a tunneling header with the care-of address as destination. Tunnel source IP address is the HA address
4. HA can send a binding update to CN
5. The CN can tunnel IP packets directly to the FA
Mobile Communication Networks 28 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
After having moved to the new FA, the MN can also communicate its new care-of address to the previous FA
Note that most of the Binding Update messages are not emitted by the MN, thus they are not going over the wireless link
Problem if FA 1 does not know the new care-of address of the mobile node:
FA1 must re-route the traffic to the HA, which again handles it via a new tunnel to FA2
Foreign Agent 1 Mobile Node
Correspondent
Node 4. The FA 1 tunnels the IP
packets to the MN’s new
location (FA 2)
3. CN attempts to
reach the MN
using the obsolete
care-of address
Foreign Agent 2
1. MN moves to a new
subnet
5. FA 2
relays to
the MN
Home Agent 6. FA 1 sends the HA a Binding
Warning and asks the HA to
send the CN a Binding
Update
8. Now the CN can again
tunnel more directly to the
MN
7. HA sends a Binding
Update to the CN
Change of foreign agent (IPv4)
2. MN communicates its new
care-of address (of FA 2) to
the previous FA
Mobile Communication Networks 29 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Change of foreign agent
CN HA FAold FAnew MN
MN changes
location
t
Data Data Data Update
ACK
Data Data
Registration Update
ACK Data
Data Data Warning
Request
Update
ACK
Data Data
Mobile Communication Networks 30 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Reverse tunneling (RFC 3024)
Internet
receiver
FA
HA
MN
home network
foreign
network
sender
3
2
1
1. MN sends to FA
2. FA tunnels packets to HA
by encapsulation
3. HA forwards the packet to the
receiver (standard case)
CN
Mobile Communication Networks 31 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Mobile IP with reverse tunneling
Router accept often only “topological correct“ addresses (firewall!)
a packet from the MN encapsulated by the FA is now topological correct
furthermore multicast and TTL problems solved (TTL in the home
network correct, but MN is to far away from the receiver)
Reverse tunneling does not solve
problems with firewalls, the reverse tunnel can be abused to circumvent
security mechanisms (tunnel hijacking)
optimization of data paths, i.e. packets will be forwarded through the
tunnel via the HA to a sender (double triangular routing)
MIP reverse tunneling is backwards compatible
the extensions can be implemented easily and cooperate with current
implementations of Mobile IP without these extensions
agent advertisements can carry requests for reverse tunneling
Mobile Communication Networks 32 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Mobile IP and IPv6
Mobile IP was developed for IPv4, but IPv6 simplifies the protocols
security is integrated and not an add-on, authentication of
registration is included
COA can be assigned via auto-configuration (DHCPv6 is one
candidate), every node has address autoconfiguration
no need for a separate FA, all routers perform router advertisement
which can be used instead of the special agent advertisement;
addresses are always co-located
MN can signal a sender directly the COA, sending via HA not
needed in this case (automatic path optimization)
handover without packet loss, between two subnets is supported
MN sends the new COA to its old router
the old router encapsulates all incoming packets for the MN and
forwards them to the new COA
authentication is always granted
Mobile Communication Networks 33 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Changes with IPv6
Huge address space with IPv6 address renumbering scheme
Better mobility support
Mobile IP was designed as add-on to IPv4
majority of IPv4 nodes do not support Mobile IP
MN can use Address Autoconfiguration which eliminates the need of a Foreign Agent
Stateless: to configure its care-of address from a NW prefix of the foreign NW and a MN interface identifier. The needed information is published by neighboring routers through the Neighbor Discovery protocol in the foreign network (combined ARP/ICMP)
Statefull: by using a centralized DHCP server
Source Routing: Instead of tunneling packets using “IP in IP”, IPv6 Routing Headers are used
IPv6 does work smoothly with Ingress filtering
In IPv4 a border router may discard IP packets not originating from its own subnet, and MN use their home address always as source address
Every IPv6 node will have implemented IPv6 authentication headers to be used with binding updates
Mobile Communication Networks 34 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Tunneling Operation (IPv6)
Route Optimization: Only the MN can send a binding update, e.g. to the CN. If the CN knows the care-of address of the MN it can prevent triangle routing through the HA
Tunneling is facilitated using routing headers and not “IPv6 in IPv6”
No problems if the MN moves to another FA, as IPv6 requires that binding messages have to be send by the MN to the CN and HA directly every time the MN moves
IPv6 uses destination option headers to include the binding update in a normal IPv6 packet
Home network
Foreign network
Home Agent
Mobile Node
1. CN sends IP
packet to home
address of MN
Correspondent
Node
3. Strips off the tunnel header
and reads the packet
4. The MN sees that the packet
was routed through the HA
and therefore can send a
binding update to the CN
directly
5. The CN afterwards can send
packets directly to the CN by
using Routing headers
2. HA adds a routing header with the
care-of address as destination.
Mobile Communication Networks 35 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Moving to a new Location (IPv6)
All Binding Update messages intended for the CN are transmitted directly by the
MN. This becomes feasible as IPv6 uses destination option headers to include
the binding update in a normal IPv6 packet, e.g. in TCP ACK messages
Thus corresponding nodes are generally kept updated and can send nearly every
packet directly to the MN
Home network
New Foreign network
Home Agent
Mobile Node
Correspondent
Node
Situation after the MN has
moved to a new subnetwork
3. The CN again can send
packets directly to the CN by
using IPv6 Routing headers
2. MN also sends a Binding Update directly to
the CN
1. MN sends a Binding Update directly to the HA
Mobile Communication Networks 36 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Problems of Mobile IP
Security and Privacy
authentication with FA problematic where the FA belongs to another
organization
no protocol for key management and key distribution has been standardized
in the Internet (manual key distribution)
combination with IPsec is problematic (tunnel within tunnel)
no location privacy
Firewalls
typically Mobile IP cannot be used together with firewalls, special set-ups are
needed (such as reverse tunneling)
QoS
QoS needs to go in line with mobility support (handover requires update of
location information as well as QoS information)
Security, firewalls, QoS etc. are topics of current research and discussions!
Mobile Communication Networks 37 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
Dynamic Host Configuration Protocol (DHCP)
Application
simplification of installation and maintenance of networked
computers
supplies systems with all necessary information, such as IP
address, DNS server address, domain name, subnet mask, default
router etc.
enables automatic integration of systems into an Intranet or the
Internet
can be used to acquire a COA for Mobile IP (co-location of MN and
FA)
Client/Server-Model
the client sends via a MAC broadcast a request to the DHCP server
(might be via a DHCP relay)
client relay
client DHCP server
DHCPDISCOVER
DHCPDISCOVER
Mobile Communication Networks 38 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
DHCP – protocol mechanisms
server
(not selected) client server
(selected)
initialization
collection of replies
selection of configuration
initialization completed
release
confirmation of
configuration
delete context
determine the
configuration
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
(reject)
DHCPACK
DHCPRELEASE
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
(options)
determine the
configuration
Mobile Communication Networks 39 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
DHCP characteristics
Server
several servers can be configured for DHCP, coordination not yet
standardized (i.e. manual configuration)
Renewal of configurations
IP addresses have to be requested periodically, simplified protocol
Options (RFC 2132)
available for routers, subnet mask, NTP (network time protocol)
timeserver, SLP (service location protocol) directory,
DNS (domain name system)
Big security problems!
no authentication of DHCP information specified
Mobile Communication Networks 40 Andreas Mitschele-Thiel, Florian Evers 24-Jan-13
References
Books and Presentations
Jochen Schiller: Mobile Communications (German and English), Addison-
Wesley, 2000 (chapter 9 provides an overview on Mobile IP)
Charles Perkins: Mobile IP – Design Principles and Practises. Addisson
Wesley, 1998
Ramjee Prasad, Marina Ruggieri: Technology Trends in Wireless
Communications, Artech House, 2003
Wisely, Eardley, Burness: IP for 3G: Networking Technologies for Mobile
Communications, Wiley, 2002 (chapter 5 provides classification of mobility
mechanisms and overview on protocols, including session-layer mobility)
Important standards:
Mobile IP: RFC 3220, formerly: RFC 2002
Reverse tunneling: RFC 3024, formerly: 2344
DHCP: RFC 2131, RFC 2132
ICMP: RFC 1256