MOBILE IP Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and...
-
Upload
emma-dennis -
Category
Documents
-
view
214 -
download
0
Transcript of MOBILE IP Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and...
MOBILE IPMOBILE IP
Ian F. AkyildizIan F. Akyildiz
Broadband & Wireless Networking LaboratoryBroadband & Wireless Networking Laboratory
School of Electrical and Computer EngineeringSchool of Electrical and Computer Engineering
Georgia Institute of TechnologyGeorgia Institute of Technology
Tel: 404-894-5141; Fax: 404-894-7883 Tel: 404-894-5141; Fax: 404-894-7883
Email: [email protected]: [email protected]
Web: http://www.ece.gatech.edu/research/labs/bwnWeb: http://www.ece.gatech.edu/research/labs/bwn
2IFA’2004
INTERNETINTERNET
The Telephone network is no longer the The Telephone network is no longer the basis for most forms of communication.basis for most forms of communication.
The Internet is…The Internet is…– Commercially viableCommercially viable– Available worldwideAvailable worldwide– Designed for a multi-network Designed for a multi-network
environmentenvironment What are the implications for a What are the implications for a
seamless global network based on the seamless global network based on the Internet?Internet?
3IFA’2004
What is the What is the Internet?Internet?
– A large collection of networks,A large collection of networks,of various types (e.g. Ethernet, ATM, IEEE 802.11, Bluetooth)of various types (e.g. Ethernet, ATM, IEEE 802.11, Bluetooth)at various speeds (kbit/s - Gbit/s)at various speeds (kbit/s - Gbit/s)
– Interconnected by routers,Interconnected by routers,all acting on a common protocol: IPall acting on a common protocol: IP
– With applications running on the end systems With applications running on the end systems (hosts)(hosts)Using either TCP or UDP as a transport protocol,Using either TCP or UDP as a transport protocol,Example applications are WWW (using http), email (smtp/ Example applications are WWW (using http), email (smtp/
pop3/ imap), news (nntp), telnet, ftp.pop3/ imap), news (nntp), telnet, ftp.
4IFA’2004
Internet Protocol Internet Protocol StackStack
Application
Link
Network
Transport
Device Driver and Interface Card
IP, ICMP
TCP, UDP
Telnet, FTP, HTTP, SMTP, POP3, IMAP, NNTP
5IFA’2004
The InternetThe Internet
IP
Application
TCP / UDP
Subnet Subnet Subnet Subnet Subnet Subnet Subnet
IP
Application
TCP / UDP
IP IP
e.g. Ethernet e.g. E1 e.g. PPP over Modem
Host HostSwitch / Bridge Router Router
6IFA’2004
The InternetThe Internet
Ethernet
Token Ring
ATM
Modem
ISDN
ATM
R
R
R
R
RR
OC3
T1 / E1
T1 / E1
7IFA’2004
Routing in the Routing in the InternetInternet
Packets flow from link (subnetwork) to link via routersPackets are routed individually, based on their IP
addresses Routing is based on the (sub)network prefix of the IP
address
8IFA’2004
Today’s Internet ProtocolToday’s Internet Protocol
Packets are routed to destinations Packets are routed to destinations based on IP addressbased on IP address
128.1430.71.5 128.143.77.83
router 71
INTERNET
9IFA’2004
Levels of Addresses in the Internet
Domain name (DNS address)Domain name (DNS address)a location independent identifier of a hosta location independent identifier of a host
versace.ece.gatech.eduversace.ece.gatech.edu
Internet address (IP address)Internet address (IP address)the logical location of a host (interface)the logical location of a host (interface)
i.e., (sub)network id followed by host id 130.89.16.82i.e., (sub)network id followed by host id 130.89.16.82
Physical address (MAC address)Physical address (MAC address)the hardware address of an interface cardthe hardware address of an interface card
00 a4 24 4a 82 0700 a4 24 4a 82 07
10IFA’2004
IP Address IP Address AssignmentAssignment
The Internet Network Information Center The Internet Network Information Center (NIC) assigns Network IP addresses to (NIC) assigns Network IP addresses to different organizations.different organizations.
Then, the network administrator at the Then, the network administrator at the local site assigns the subnet IDs.local site assigns the subnet IDs.
So, when a computer is moved to So, when a computer is moved to another subnet, the IP address must be another subnet, the IP address must be changed to match that subnet.changed to match that subnet.
11IFA’2004
How to obtain an IP AddressHow to obtain an IP Address
ManuallyAutomatically
– PPP (Point-to-Point Protocol) / IPCP (IP Control Protocol)
– BOOTP (Bootstrap Protocol)– DHCP (Dynamic Host
Configuration Protocol)
12IFA’2004
Truly Mobile NetworkingTruly Mobile Networking
Provide reliable access to the Provide reliable access to the Internet Internet anytime, anywhereanytime, anywhere
Mobility transparent to Mobility transparent to applications and higher level applications and higher level protocols such as TCPprotocols such as TCP
13IFA’2004
Why Mobility at the Network (IP) Layer?
– Network layer is present in all Internet nodes
– Network layer is responsible for routing packets to the proper location
– Mobility across the entire Internet, even changing physical medium is possible
– Application transparent– Universal solution for all applications
14IFA’2004
Mobile IP (RFC Mobile IP (RFC 2002)2002)
Leaves Internet routing fabric Leaves Internet routing fabric unchangedunchanged
Does not assume “base stations” exist Does not assume “base stations” exist everywhereeverywhere
SimpleSimple Correspondent Nodes do not need to Correspondent Nodes do not need to
know about mobilityknow about mobility Works both for changing domains and Works both for changing domains and
network interfacesnetwork interfaces
15IFA’2004
Apply to Mobile NetworkingApply to Mobile Networking
128.143.71.50 128.143.77.84
IP Network
16IFA’2004
Apply to Mobile Apply to Mobile NetworkingNetworking
128.143.71.50
IP Network
128.143.77.84
X
17IFA’2004
How Mobile IP WorksHow Mobile IP Works
128.143.71.50
router 71router 77
virginia.net
IP Network
128.143.77.84
HA
18IFA’2004
128.143.71.50
router 71router 77
virginia.net
IP Network
How Mobile IP How Mobile IP WorksWorks
128.143.77.84
HA
FA
Register
Discovery
Discovering the care-of address Registering the care-of address Tunneling to the care-of address
19IFA’2004
Mobile IP Mobile IP (Terminology)(Terminology)
Mobile Node (MN):Mobile Node (MN): A computer that can change its A computer that can change its location and consequently its point of attachment.location and consequently its point of attachment.
Correspondent Node (CN):Correspondent Node (CN): Partner for Partner for communication.communication.
Home Network:Home Network: IP network where the MN resides. IP network where the MN resides. The network at which the MNThe network at which the MN seems reachable to seems reachable to the rest of the Internet by virtue of its assigned IP the rest of the Internet by virtue of its assigned IP address.address.
Foreign Network:Foreign Network: IP network where the MN is IP network where the MN is visiting. The network to which the visiting. The network to which the MNMN is attached is attached when it is not attached to its when it is not attached to its home networkhome network, and , and on which the on which the care-of addresscare-of address is reachable from the is reachable from the rest of the Internet. rest of the Internet.
20IFA’2004
Mobile IP Mobile IP (Terminology)(Terminology)
Home Address of an MN: * Long-term IP address assigned to the MN that * Long-term IP address assigned to the MN that is part of the IP home network (it remains is part of the IP home network (it remains unchanged regardless of where the MN is). unchanged regardless of where the MN is). * It is used for DNS determination of the MN’s IP* It is used for DNS determination of the MN’s IP address. address. * The IP address assigned to the MN, making it* The IP address assigned to the MN, making it logically appear attached to its logically appear attached to its home networkhome network..
21IFA’2004
Mobile IP Mobile IP (Terminology)(Terminology)
Care-of Address (COA): An IP address in the foreign network, i.e., an IP address at the n IP address at the MN’sMN’s current point of attachment to the Internet, current point of attachment to the Internet, when the MN is not attached to the when the MN is not attached to the home home networknetwork..
Home Agent (HA): is the anchor in the home network for the MN. All packets addressed to the MN reach the HA first, unless the MN is located in its home network. In other words, a router on the router on the home networkhome network that effectively that effectively causes the MN to be reachable at its home causes the MN to be reachable at its home address even when the mobile node is not address even when the mobile node is not attached to its home network. attached to its home network.
22IFA’2004
Mobile IP Mobile IP (Terminology)(Terminology)
Foreign Agent (FA): * Acts as the reference point in the foreign
network for the MN (in IPv4). * The CoA is usually the address of the FA. * An MN can act as its own FA, in which case it is called a co-located COA. * In other words, a router in the foreign router in the foreign network that can assist the MN in receiving network that can assist the MN in receiving packets delivered to the CoA.packets delivered to the CoA.
23IFA’2004
Example NetworkExample Network
Mobile End-System
Internet
Router
Router
Router
End-System
FA
HA
MN
Home Network
Foreign Network
(Physical Home Networkfor the MN)
(Current Physical Network for the MN)
CN
24IFA’2004
Data Transfer to the Mobile SystemData Transfer to the Mobile System
Internet
Sender
FA
HA
MN
Home Network
ForeignNetwork
Receiver
1
2
3
1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP)2. HA tunnels packet to COA, here FA, by encapsulation3. FA forwards the packet to the MN
CN
25IFA’2004
Another ViewAnother View
Sending Host Mobile Host
Home Network
Foreign Network
g Foreign Agent
f
LD Home Agent
f : Encapsulation and re-addressingg : Decapsulation and forwardingLD : Location Directory
26IFA’2004
Another ViewAnother View
Sending HostgMobile Host
using DHCP
Home Network
f
LD Home Agent
f : Encapsulation and re-addressingg : Decapsulation and forwardingLD : Location Directory
27IFA’2004
Another ViewAnother View
MN = Mobile NodeCN = Correspondent NodeHA = Home AgentFA = Foreign Agent
• MH registers new “care-of address” (FA) with HA• HA tunnels packets to FA• FA decapsulates packets and delivers them to MH
HA
CN
Home Network Foreign Network
FA MN
28IFA’2004
When Mobile Node Moves When Mobile Node Moves AgainAgain
HA
CN
Home Network Foreign Network #1
FA #1 MN
Foreign Network #2
FA #2 MN
•MN registers new address (FA #2) with HA & FA #1•HA tunnels packets to FA #2, which delivers them to MN•Packets in flight can be forwarded from FA #1 to FA #2
29IFA’2004
How Mobile IP WorksHow Mobile IP Works
Messages from a computer destined for the MN are always sent to MN’s home address (network) first.
The messages are routed from MN’s home network to the current location of the MN.
Two IP addresses are used: A fixed home address and a CoA.
NOTE: Home address remains always fixed while CoA changes at different access points.
30IFA’2004
How Mobile IP WorksHow Mobile IP Works
The HA maintains a database in which the MN’s home address resides.
When the MN moves to a foreign network, it establishes an association with its FA which, in turn, establishes an association with the MN’s HA.
(BINDING PROCESS)
In other words, the MN updates its registration with its HA through the FA.
31IFA’2004
Data Transfer from the Mobile SystemData Transfer from the Mobile System
Internet
Receiver
FA
HA
MN
Home Network
ForeignNetwork
Sender
1
1. Sender sends to the IP address of the receiver as usual, FA works as default router
CN
32IFA’2004
Another ViewAnother View
HA
CN
Home Network Foreign Network
FA MN
Mobile Nodes also send packets
•Mobile Node uses its home IP address as source address-Lower latency-Still transparent to correspondent node-No obvious need to encapsulate packet to CN
33IFA’2004
OverviewOverview
CN
routerHA
routerFA
Internet
router
1.
2.
3.
homenetwork
MN
foreignnetwork
4.
CN
routerHA
routerFA
Internet
router
homenetwork
MN
foreignnetwork
COA
34IFA’2004
How Mobile IP Works?How Mobile IP Works?
* * Each MN has two IP addresses:– A fixed home address for identification, and– A care-of-address (CoA) for routing.
* Mobile IP uses an agent concept.– Home Agent (HA) intercepts packets on the home
link destined to the MN’s home address, encapsulates them, and tunnels them to the MN’s registered CoA.
– Foreign Agent (FA) is a router with which an MN establishes an association when it moves away from home. Therefore, the MN updates its locations with the HA through an FA.
35IFA’2004
3 Parts of Mobile IP3 Parts of Mobile IP
Advertising Care-of AddressesAdvertising Care-of Addresses
(Agent Discovery)(Agent Discovery)RegistrationRegistrationTunnelingTunneling
36IFA’2004
3 Parts of Mobile IP3 Parts of Mobile IP
1. Advertising/Agent 1. Advertising/Agent Discovery:Discovery:
An MN determines its new attachment point or IP An MN determines its new attachment point or IP address through address through agent advertisementsagent advertisements..– Determine to which link it is connectedDetermine to which link it is connected– Detect if it has changed its point of attachmentDetect if it has changed its point of attachment– Obtain a CoA if it is connected to a foreign Obtain a CoA if it is connected to a foreign
networknetwork– Allowed to send agent solicitation requests to Allowed to send agent solicitation requests to
agentagent– Agent discovery messages are carried by the Agent discovery messages are carried by the
ICMP packets.ICMP packets.
37IFA’2004
3 Parts of Mobile IP3 Parts of Mobile IP
2. Registration: 2. Registration: An MN requests service from an FA and informs its An MN requests service from an FA and informs its
HA of a new CoA.HA of a new CoA.– Involves registration and deregistration with its Involves registration and deregistration with its
HAHA– Registration message is carried by the UDP Registration message is carried by the UDP
packets.packets.
3. Tunneling (Routing):3. Tunneling (Routing): Mobile IP tunnels datagram to the MN, whether it is Mobile IP tunnels datagram to the MN, whether it is
away from its home network or not.away from its home network or not.– Encapsulation at the entering point of a tunnelEncapsulation at the entering point of a tunnel– Decapsulation at the exit point of a tunnelDecapsulation at the exit point of a tunnel
38IFA’2004
How Mobile IP WorksHow Mobile IP Works(OPERATIONS)(OPERATIONS)
1.1. ADVERTISINGADVERTISING * HA and FA periodically send agent advertisement messages into their physical subnets to make themselves known. * MNs periodically receive these unsolicited MNs periodically receive these unsolicited agentagent advertisementadvertisement messages messages. . * MN listens to these messages and detects, if it is in the home network or a foreign network. * If the MN is in its home network, it works like any other node, i.e., it routes packets using traditional IP routing protocols.
39IFA’2004
How Mobile IP WorksHow Mobile IP Works(OPERATIONS)(OPERATIONS)
* When the MN moves away from its home network, it obtains a CoA on the foreign network by soliciting or listening for agent advertisements.
* MN reads a CoA from the FA advertisement messages. * MN registers each new CoA with its HA by way of a FA.
* Packets sent to MN’s home address are intercepted by its HA, and are tunneled to the CoA.
40IFA’2004
Advertising Care-of AddressesAdvertising Care-of Addresses
A A mobility agentmobility agent is either a FA or a HA or both is either a FA or a HA or bothMobility agents broadcast agent advertisementsMobility agents broadcast agent advertisements
(ICMP messages)(ICMP messages)Mobile Nodes (MNs) can solicit for an Mobile Nodes (MNs) can solicit for an
advertisementadvertisementAdvertisements contain:Advertisements contain:
mobility agent addressmobility agent address
care-of addressescare-of addresses
lifetimelifetime
flagsflags
41IFA’2004
Home Network & Move Home Network & Move DetectionDetection
Home Network is detected if:– Network Prefix IP Source Address advertisement
= Network Prefix Home Address
Move is detected if:– No advertisement has been received within
Lifetime– Network Prefixes have changed
No advertisements --> Use assistance from higher/lower layers
42IFA’2004
Agent Discovery ProcedureAgent Discovery Procedure
* A MN determines its new attachment point or IP address as it moves from place to place within the wireless segment of the wireless/IP network. * By agent discovery a MN can a) Determine whether it is connected to its home network or foreign network. b) Detect whether it has changed its point of attachment
Registration procedure follows once the MN gets a new CoA.
44IFA’2004
Agent DiscoveryAgent Discovery
Agent Solicitation MessageAgent Solicitation Message– Identical to ICMP router solicitations, except having IP Identical to ICMP router solicitations, except having IP
time to Live fieldtime to Live field set to 1. set to 1.– When an HA or FA receives one, it should immediately When an HA or FA receives one, it should immediately
respond by transmitting an respond by transmitting an Agent Advertisement .Agent Advertisement .
Time to Live = 1 Protocol = ICMP header Checksum
Type = 10 Code = 10 Checksum
Vers =4 Type of service Total length
Desti Addr = 255.255.255.255 (broadcast) or 224.0.0.2 (multicast)
Identification Flags Fragment Offset
Source Address = Mobile node’s home address
Reserved
4 bytes (32 bits)
45IFA’2004
Agent Discovery (2)Agent Discovery (2) Agent Advertisement MessagesAgent Advertisement Messages
– They are formed by appending one or more of the They are formed by appending one or more of the extensions defined by Mobile IP to the ICMP extensions defined by Mobile IP to the ICMP router advertisement message (RFC 1256).router advertisement message (RFC 1256).
– The mobility agent advertisement extension must The mobility agent advertisement extension must be included by agents.be included by agents.
Care of Address (1)….
IP Header (RFC 791)
(maximum) registration lifetime Reserved
ICMP Router Advertisement (RFC 1256)
Type = 16 Length Sequence number
Type = 19 Length Prefix-length [1] Prefix-length [2](Optional)
4 bytes (32 bits)
20 bytes
Mobility agentAdvertisement
Extension (RFC 2002)
46IFA’2004
ExampleExample
A mobile node has a home A mobile node has a home address of 136.142.117.21 address of 136.142.117.21 and a care-of address of and a care-of address of 130.216.16.5. 130.216.16.5. It listens to agent It listens to agent advertisements periodically.advertisements periodically.– The agent advertisement The agent advertisement
indicates that the care-of indicates that the care-of address is 130.216.45.3. address is 130.216.45.3. What happens? Why?What happens? Why?
– The agent advertisement The agent advertisement indicates that the care-of indicates that the care-of address is 136.142.117.21. address is 136.142.117.21. What happens? Why?What happens? Why?
The MN will register with the new FA. The new FA will send the registration request to the HA and await the registration response.
The agent advertisement indicates that the MN is back in its home network.
47IFA’2004
How Mobile IP WorksHow Mobile IP Works(OPERATIONS)(OPERATIONS)
2. REGISTRATION: 2. REGISTRATION: The MN obtains a new Care-of Address (CoA)The MN obtains a new Care-of Address (CoA) The MN sends registration message to the The MN sends registration message to the
HAHA The HA updates the binding of the home The HA updates the binding of the home
address and the CoA of the MN.address and the CoA of the MN. MN signals COA to the HA via the FA, HA MN signals COA to the HA via the FA, HA
acknowledges via FA to MN.acknowledges via FA to MN. These actions have to be secured by These actions have to be secured by
authentication authentication
48IFA’2004
RegistrationRegistration
Binding: (home address, care-of address, lifetime)Registration is needed to update the bindingRegistration requires authenticationRegistration uses UDP
49IFA’2004
Registration Scenarios
MobileHost
ForeignAgent
HomeAgent
Registration Request
Registration Reply
MobileHost
HomeAgent
Registration Request
Registration Reply
MobileHost
HomeAgent
Registration Request
Registration Reply
50IFA’2004
Simultaneous Simultaneous BindingsBindings
– A Mobile Node may register multiple A Mobile Node may register multiple bindings simultaneouslybindings simultaneously
– The Home Agent makes multiple The Home Agent makes multiple copies of packets destined for the copies of packets destined for the MN, and tunnels a copy to each CoA.MN, and tunnels a copy to each CoA.
– Simultaneous bindings may be used Simultaneous bindings may be used totofacilitate seamless hand-offfacilitate seamless hand-offavoid too frequent registrationsavoid too frequent registrations
51IFA’2004
Mobile IP Mobile IP Registration ProcedureRegistration Procedure
When registering, the MN sends a registration When registering, the MN sends a registration request to the HA through the FA.request to the HA through the FA.– The HA creates a The HA creates a mobility bindingmobility binding between the between the
MN’s home address and the current CoA that MN’s home address and the current CoA that has a fixed lifetime.has a fixed lifetime.
– The MN should reregister before the expiration The MN should reregister before the expiration of the bindingof the binding
– A registration reply indicates whether the A registration reply indicates whether the registration was successful. registration was successful. Rejection reasons: insufficient resources, the Rejection reasons: insufficient resources, the
HA is unreachable, too many simultaneous HA is unreachable, too many simultaneous bindings, failed authentication, etc.bindings, failed authentication, etc.
52IFA’2004
Mobile IP Mobile IP Registration ProcedureRegistration Procedure
If an MN does not know the Home Agent (HA) address, If an MN does not know the Home Agent (HA) address, it will send a broadcast registration to its home it will send a broadcast registration to its home network called anetwork called a direct broadcast. direct broadcast.
Every valid HA will respond and the MN uses the Every valid HA will respond and the MN uses the address of a valid HA to make a registration request.address of a valid HA to make a registration request.
The HA and FA are similar to home and visiting The HA and FA are similar to home and visiting databasesdatabases
– Upon a valid registration, the HA creates an entry for Upon a valid registration, the HA creates an entry for an MN containing: the MN’s CoA, an identification an MN containing: the MN’s CoA, an identification field, and the remaining lifetime of the registration.field, and the remaining lifetime of the registration.
– Each Foreign Agent (FA) maintains a visitor list Each Foreign Agent (FA) maintains a visitor list containing: link layer address of the MN, MN’s home containing: link layer address of the MN, MN’s home IP address, UDP registration source port, HA IP IP address, UDP registration source port, HA IP address, an identification field, the registration address, an identification field, the registration lifetime, and the remaining life time of current or lifetime, and the remaining life time of current or pending registration.pending registration.
53IFA’2004
RegistrationRegistration
MH=MN: Mobile Host/Node; FA: Foreign Agent; HA: Home Agent
Exchange of Registration Request and Registration Reply messages: UDP
54IFA’2004
Registration and Registration and DeregistrationDeregistration
When an MN moves to a visiting location, it When an MN moves to a visiting location, it needs to register with its HA. When it returns needs to register with its HA. When it returns to its home network, it also needs to to its home network, it also needs to deregister with its HA to update its current deregister with its HA to update its current CoA (home address).CoA (home address).
1.1. Registration with Care-of-addressRegistration with Care-of-address
FAInternet Backbone
Internet Backbone
Home network/Subnet
Foreign Network/Subnet
HA
Registration requestRegistration reply
55IFA’2004
Registration and Registration and Deregistration (2)Deregistration (2)
1.1. Registration with care-of-addressRegistration with care-of-address2.2. Registration with colocated care-of-address: an IP address Registration with colocated care-of-address: an IP address
that represents the current position of the MN on the that represents the current position of the MN on the foreign network and can be used by only one MN at a time.foreign network and can be used by only one MN at a time.
3.3. Deregistration with the HADeregistration with the HA
FAInternet Backbone
Internet Backbone
Home network/Subnet
Foreign Network/Subnet
HA
Registration requestRegistration reply
56IFA’2004
FA
1
1”
1’
Beacon Signal
I am new here
OK, send information
Here is my HA and binding infomation. 3 CoA or C-CoA created
MNHA
2
(Any one new)
4
4’ Same as step
Here is CoA or co-located CoA (C-CoA) for this MN
Acknowledge Registration + binding
4
4” Same as step
4
Registration ProcessRegistration Process
57IFA’2004
Foreign Agent ConsiderationForeign Agent Consideration
Each foreign agent must be configured with a Each foreign agent must be configured with a CoACoA
For each pending or current registration, the For each pending or current registration, the foreign agent maintains a visitor list entry foreign agent maintains a visitor list entry containing:containing:– Link-layer source address of the MNLink-layer source address of the MN– The MN’s Home AddressThe MN’s Home Address– The Home Agent addressThe Home Agent address– The Identification FieldThe Identification Field– The requested registration LifetimeThe requested registration Lifetime– The remaining Lifetime of the pending or The remaining Lifetime of the pending or
current registrationcurrent registration
58IFA’2004
How Mobile IP WorksHow Mobile IP Works
3. TUNNELING:3. TUNNELING:
Packets sent by a correspondent node Packets sent by a correspondent node (CN) to the MN are intercepted by the HA(CN) to the MN are intercepted by the HA
The HA encapsulates the packetsThe HA encapsulates the packetsPackets are tunneled to the CoA of the Packets are tunneled to the CoA of the
MNMN
59IFA’2004
TunnelingTunneling
– Packets destined to the MN are routed to Packets destined to the MN are routed to the home network (normal IP operation)the home network (normal IP operation)
– HA intercepts packets on the home HA intercepts packets on the home networknetwork
– HA encapsulates packets, and tunnels HA encapsulates packets, and tunnels them to the CoAthem to the CoA
– At the CoA (either FA or co-located), the At the CoA (either FA or co-located), the packet is decapsulated, and delivered to packet is decapsulated, and delivered to the MNthe MN
60IFA’2004
IP Packet FormatIP Packet Format
Version IHL Type of Service Total Length
Identification Flags Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options + Padding
0 4 8 16 19 31 bits
Data Field
61IFA’2004
Packet AddressingPacket Addressing
Source Address = Address of CNDestination Address = Home IP Address of MNPayload
Source Address = Address of HADestination Address = Care-of-Address of MNSource Address = Address of CNDestination Address = Home IP Address of MNOriginal Payload
Packet from CN to MN
HA intercepts above packet and tunnels it
62IFA’2004
Mobile IP:Mobile IP:IP in IP IP in IP EncapsulationEncapsulation
Forwarding packets Forwarding packets between between Correspondence Node Correspondence Node (CN) and MN is (CN) and MN is achieved by achieved by encapsulation encapsulation (tunneling).(tunneling).
A virtual pipe between A virtual pipe between the HA and FA is the HA and FA is created through a created through a packet that includes packet that includes the packet from CN as the packet from CN as its payload.its payload.
63IFA’2004
TunnelingTunneling
Home agent tunnels (encapsulates) packets to care-of address
Tunnel source is the home agent’s addressTunnel destination is the care-of address
IP within IP (other ways exist):
64IFA’2004
Source To MN Payload DataIncoming message for MN
HA
HA CoA/C-CoA Source To MN Payload Data
Encapsulation
FA
Source To MN Payload Data
Forwarding through intermediate router if CoA used
Decapsulation
Decapsulation done at MN
Forwarding not through intermediate router if C-CoA used
MN
TunnelingTunneling(Message Forwarding)(Message Forwarding)
65IFA’2004
Tunneling and Tunneling and RoutingRouting
Tunneling is a process in which the Tunneling is a process in which the HA encapsulates the message from HA encapsulates the message from the IP host for delivery to the MN the IP host for delivery to the MN via its FA.via its FA.
Binding: the association of the Binding: the association of the home address of an MN with a CoA home address of an MN with a CoA for that MN, along with the for that MN, along with the remaining lifetime of that remaining lifetime of that association.association.
67IFA’2004
Triangle RoutingTriangle Routing
1.1. A datagram is sent from A datagram is sent from the CN to the MN’s HA the CN to the MN’s HA through IP.through IP.
2.2. The HA intercepts the The HA intercepts the datagram and tunnels the datagram and tunnels the datagram to the MN’s datagram to the MN’s CoA.CoA.
3.3. At the FA, the datagram At the FA, the datagram is decapsulated and is decapsulated and delivered to the MN.delivered to the MN.
4.4. For datagram sent by the For datagram sent by the MN, standard IP routing MN, standard IP routing is used to deliver each is used to deliver each datagram to the datagram to the destination.destination.
FA
Internet Backbone
Internet Backbone
Packet to the CN routedUsing standard IP routing
HA
Packet from the CN routed indirectly through the HA
CN
Encapsulation
68IFA’2004
HA
Home Agent
FA
Foreign Agent
Correspondent Node
Mobile Node (MN)
Mobile Node (MN)
Global Internet
(1)
(3) Location Update
(2)Tunneling
Location Update
(4)
Triangle Routing in Mobile IPTriangle Routing in Mobile IP
69IFA’2004
Triangle RoutingTriangle Routing
(1) (1) The correspondent node (CN) transmits a packet to the MN. The The correspondent node (CN) transmits a packet to the MN. The packet is routed to the MN’s home network.packet is routed to the MN’s home network.
(2) The Home Agent (HA) intercepts the packet, encapsulates and (2) The Home Agent (HA) intercepts the packet, encapsulates and tunnels it to the Foreign Agent (FA)tunnels it to the Foreign Agent (FA)
(3) The FA decapsulates and forwards the packet to the MN(3) The FA decapsulates and forwards the packet to the MN(4) Packets from the CN to the MN are now routed directly (4) Packets from the CN to the MN are now routed directly
(tunneling). It looks like a single hop within the Internet.(tunneling). It looks like a single hop within the Internet.
70IFA’2004
Triangle Routing Triangle Routing (Another View)(Another View)
Triangle routing is undesirable becausehome agent is the bottleneckmore network load, and sensitivity to network partitionIn case of reverse tunneling, the situation is even worse Route optimization: Get binding to the correspondent host
71IFA’2004
Triangle RoutingTriangle RoutingAdvantages & DisadvantagesAdvantages & Disadvantages
ADVANTAGES:– It is simple– The number of control messages to be exchanged is limited.– The address bindings are highly consistent since they are
kept at one single point for a given host.DISADVANTAGES:– The destination HA is fixed redirection point for exchanging
every IP packet even if a shorter route is available between source and destination.
– This can lead to unnecessarily large end-to-end packet delay.
– Network links connecting a HA to the network can easily be overloaded.
72IFA’2004
Optimized RoutingOptimized Routing
The MN informs The MN informs the CN of its CoA the CN of its CoA addressaddress
The CN can tunnel The CN can tunnel the packets the packets directly to the MN directly to the MN by bypassing the by bypassing the HA.HA.
Every traffic Every traffic resource is allowed resource is allowed to cache and use to cache and use binding copies.binding copies.
FA
Internet Backbone
Internet Backbone
Packet to the CN routedUsing standard IP routing
HA
Packet from the CN routed indirectly through the HA
CN
Update binding
Authorization & processing
73IFA’2004
Local Anchor for Mobile Local Anchor for Mobile IPIP
Choose one agent as the center of an anchoring Choose one agent as the center of an anchoring region and name this agent as an anchor.region and name this agent as an anchor.
When an MN moves within the anchoring region, it When an MN moves within the anchoring region, it does not need to register with its HA; instead, it does not need to register with its HA; instead, it registers with the anchor, like a registers with the anchor, like a virtual HA.virtual HA.
When the MN moves out of the anchoring region, it When the MN moves out of the anchoring region, it register with its HA and the new FA will become the register with its HA and the new FA will become the center of the new anchoring region.center of the new anchoring region.
HA
CN
AnchorServing FA
MN
Packet forwarding process
74IFA’2004
Local Anchor for Mobile IP Local Anchor for Mobile IP (2)(2)
RegistrationRegistration– Either the new FA or the anchor agent Either the new FA or the anchor agent
decides whether the MN should decides whether the MN should register with its HA.register with its HA.
– Static method is to measure the Static method is to measure the distance from the old anchor agent to distance from the old anchor agent to the new FA to decide whether to the new FA to decide whether to establish a new anchoring region.establish a new anchoring region.
– Dynamic method can based on user Dynamic method can based on user mobility pattern, traffic load, as well as mobility pattern, traffic load, as well as objectives.objectives.
75IFA’2004
Local Anchor for Mobile IP Local Anchor for Mobile IP (3)(3)
1.1. The MN sends the registration request, indicating the current anchor The MN sends the registration request, indicating the current anchor and the HA.and the HA.
2.2. There are two cases:There are two cases: The new FA decides that the MN is still in its current anchoring The new FA decides that the MN is still in its current anchoring
region, so it forwards the MN’s request to the anchor.region, so it forwards the MN’s request to the anchor. The new FA decides that the MN is out of its current anchoring The new FA decides that the MN is out of its current anchoring
region, so it forwards the MN’s registration request to the HA.region, so it forwards the MN’s registration request to the HA.3.3. The anchor or the HA sends registration reply back to the serving FA.The anchor or the HA sends registration reply back to the serving FA.4.4. The FA returns an ACK to the MN and indicates who, the anchor or The FA returns an ACK to the MN and indicates who, the anchor or
the HA sends this reply.the HA sends this reply.
HA
AnchorServing FA
MN
76IFA’2004
Mobile IP and IPv6Mobile IP and IPv6
Mobile IP was developed for IPv4, but IPv6 simplifies the protocolsMobile IP was developed for IPv4, but IPv6 simplifies the protocols– Security is integrated and not an add-on, authentication of Security is integrated and not an add-on, authentication of
registration is includedregistration is included– CoA can be assigned via auto-configuration (DHCPv6 is one CoA can be assigned via auto-configuration (DHCPv6 is one
candidate), every node has address autoconfigurationcandidate), every node has address autoconfiguration– No need for a separate FA, No need for a separate FA, allall routers perform router routers perform router
advertisement which can be used instead of the special agent advertisement which can be used instead of the special agent advertisement; addresses are always co-locatedadvertisement; addresses are always co-located
– MN can signal a sender directly the CoA, sending via HA not MN can signal a sender directly the CoA, sending via HA not needed in this case (automatic path optimization)needed in this case (automatic path optimization)
– „„Soft“ hand-over, i.e., without packet loss, between two subnets Soft“ hand-over, i.e., without packet loss, between two subnets is supportedis supportedMN sends the new CoA to its old routerMN sends the new CoA to its old routerthe old router encapsulates all incoming packets for the MN the old router encapsulates all incoming packets for the MN
and forwards them to the new CoAand forwards them to the new CoAauthentication is always grantedauthentication is always granted
77IFA’2004
Mobility for IPv6Mobility for IPv6
– All nodes can handle bindingsAll nodes can handle bindingsNo triangular routingNo triangular routing
– Binding updates are carried in Binding updates are carried in Destination OptionDestination OptionSmall overhead for distributing bindingsSmall overhead for distributing bindings
– Mobile host can create its own care-Mobile host can create its own care-of address using link-local address of address using link-local address and automatic address configuration and automatic address configuration (combine advertised subnet prefix (combine advertised subnet prefix with own hardware address)with own hardware address)No need for foreign agentNo need for foreign agent
78IFA’2004
Changes with IP Version Changes with IP Version 66
Route OptimizationRoute Optimization– When it knows the MN's current CoA When it knows the MN's current CoA
address, a CN can deliver packets address, a CN can deliver packets directly to the MN's home address directly to the MN's home address without any assistance from the HA.without any assistance from the HA.
SecuritySecurity– Strong authentication and Strong authentication and
encryption features are included in encryption features are included in IP V6IP V6
79IFA’2004
Mobile IPv6Mobile IPv6
Based on IPv6, using IP routing header, Based on IPv6, using IP routing header, authentication header, and route optimization.authentication header, and route optimization.
There is NO foreign agent. The MN obtains a There is NO foreign agent. The MN obtains a colocated care-of-address on a foreign link, colocated care-of-address on a foreign link, and reports to its HA. and reports to its HA.
One MN may have multiple care-of-addresses. One MN may have multiple care-of-addresses. The security functions are mandatory instead The security functions are mandatory instead
of optional.of optional. Binding: The association of the home address Binding: The association of the home address
of an MN with a care-of-address that MN, along of an MN with a care-of-address that MN, along with the remaining lifetime of that association.with the remaining lifetime of that association.
80IFA’2004
Mobile IPv6 Mobile IPv6 MessagesMessages
Mobile IPv6 requires the exchange of additional Mobile IPv6 requires the exchange of additional information. All new messages used in mobile IPv6 are information. All new messages used in mobile IPv6 are defined as IPv6 destination options.defined as IPv6 destination options.– Binding UpdateBinding Update: an MN informs its HA or any other : an MN informs its HA or any other
CNs about its current CoA. Any packet including a CNs about its current CoA. Any packet including a Binding Update must also include an AH Binding Update must also include an AH (Authentication Header) or ESP (Encapsulating (Authentication Header) or ESP (Encapsulating Security Payload) header. Security Payload) header.
– Binding AcknowledgementBinding Acknowledgement: to acknowledge the : to acknowledge the receipt of a Binding Update, if an ACK was receipt of a Binding Update, if an ACK was requested, it must also include an AH or ESP requested, it must also include an AH or ESP header.header.
– Binding RequestBinding Request: for any node to request an MN to : for any node to request an MN to send a Binding Update with the current CoA.send a Binding Update with the current CoA.
– Home AddressHome Address : used in a packet sent by an MN to : used in a packet sent by an MN to inform the receiver of this packet about the MN’s inform the receiver of this packet about the MN’s home address. This message must also be covered home address. This message must also be covered by the authentication.by the authentication.
81IFA’2004
Data StructuresData Structures
Binding CacheBinding Cache: Every IPv6 node has a Binding : Every IPv6 node has a Binding Cache which is used to hold the bindings for Cache which is used to hold the bindings for other nodes. If a node receives a Binding Update, other nodes. If a node receives a Binding Update, it will add this binding to its Binding Cache.it will add this binding to its Binding Cache.
Binding Update ListBinding Update List: Every MN has a Binding : Every MN has a Binding Update List which is used to store information Update List which is used to store information about each Binding Update sent by this MN for about each Binding Update sent by this MN for which the lifetime has not expired. It contains all which the lifetime has not expired. It contains all Binding Updates sent to any CNs and to its HA.Binding Updates sent to any CNs and to its HA.
Home Agent ListHome Agent List: Each HA generates a list, which : Each HA generates a list, which contains information about other HAs on a home contains information about other HAs on a home link. link.
82IFA’2004
Mobile IPv6 Mobile IPv6 OperationOperation
Internet Backbone
Internet Backbone
Home network/Subnet
Foreign Network/Subnet
CN knows theMN’s CoA
CN do not know the MN’s CoA
HA
FA
83IFA’2004
Home Agent Home Agent RegistrationRegistration
Route Optimization: To avoid triangle routing, an MN can send Binding Update to any CN. This allows IPv6 nodes to cache the current CoA address and send packets directly to an MN.
FAInternet Backbone
Internet Backbone
Home network/Subnet
Foreign Network/Subnet
HA
The MN sends a Binding Update to the HA
The HA accepts the Binding Update and returns a Binding Acknowledgement
84IFA’2004
Route OptimizationRoute Optimization
Any IPv6 node sending a packet first checks its Binding Any IPv6 node sending a packet first checks its Binding Cache for this destination address. Cache for this destination address. – If there is an entry, it will send the packet to the MN If there is an entry, it will send the packet to the MN
using a routing header (rather than IPv6 encapsulation). using a routing header (rather than IPv6 encapsulation). The route specified by this routing header has two hops:The route specified by this routing header has two hops:The first hop is the CoA.The first hop is the CoA.The second hop is the home address of the MN.The second hop is the home address of the MN.Afterwards, the packet will be processed in the same Afterwards, the packet will be processed in the same
way as if the MN was at home.way as if the MN was at home. If the Binding cache has no entry, this packet will be routed If the Binding cache has no entry, this packet will be routed
to the specified network and received by the Dest. Node. to the specified network and received by the Dest. Node. – If the MN is away from home, the packet will be If the MN is away from home, the packet will be
intercepted by the HA on the home link and tunneled to intercepted by the HA on the home link and tunneled to the MN.the MN.
85IFA’2004
Route OptimizationRoute Optimization
MN informs the CN of its CoA and has the packets MN informs the CN of its CoA and has the packets directly to the MN, bypassing the HA.directly to the MN, bypassing the HA.
This allows every traffic source to cache and use binding This allows every traffic source to cache and use binding copies.copies.
It supports a further update process by which a binding It supports a further update process by which a binding copy can be sent to the requiring nodes which may keep copy can be sent to the requiring nodes which may keep it in their cache for immediate or future use.it in their cache for immediate or future use.
Local bindings enable most packets to be delivered by Local bindings enable most packets to be delivered by direct routing, with an apparent gain in terms of QoS and direct routing, with an apparent gain in terms of QoS and scalability.scalability.
Also a MN can always inform its previous FA about the Also a MN can always inform its previous FA about the new CoA so that packets tunneled to the old location can new CoA so that packets tunneled to the old location can be forwarded to the current location.be forwarded to the current location.
This increases the QoS in case of high mobility.This increases the QoS in case of high mobility.
86IFA’2004
Route Optimization Route Optimization (removes triangle route)(removes triangle route)
Home Agent
Router
CorrespondentNode
Foreign Agent
Router
MobileNode
Router
87IFA’2004
Route OptimizationRoute Optimization
Get binding to relevant Correspondent Get binding to relevant Correspondent Nodes for optimal routing:Nodes for optimal routing:Binding warning (Mobility Agent Binding warning (Mobility Agent CN) CN)Binding request (CN Binding request (CN HA) HA)Binding update (HA Binding update (HA CN) CN)Binding acknowledge (optional)Binding acknowledge (optional)
Security association between CN and HA is Security association between CN and HA is needed for authentication.needed for authentication.
88IFA’2004
Route OptimizationRoute Optimization
Get binding to old Foreign Agent for smooth handoff:Previous FA notification extension
(mobile host new FA)Binding update (new FA old FA)Binding acknowledge (old FA MN)MN and FA need to exchange
registration key for authenticationLast resort: Special tunnel (old FA
tunnels packet back to the HA)
89IFA’2004
Route OptimizationRoute OptimizationDisadvantagesDisadvantages
– Quite complex – The overhead incurred by message exchanges and
processing (due to cache queries) can be critical.– Cached bindings are possibly inconsistent since they are
being kept in a distributed fashion.– The main obstacle to implementing optimized routing
resides in security issues.– CN must be informed of the MN’s CoA in order to tunnel
data to the MN.– In a hostile environment, an intruder can easily cut off all
communications to the MN by sending a bogus registration if he/she knows the MN’s CoA.
– Therefore, authentication/security measures have to be incorporated in the optimized routing.
90IFA’2004
Route OptimizationRoute Optimization
– Triangle routing is much simpler than optimized routing.
– This is the preferred mode!!!– For MN’s moving further away from its home
network, the cost (delay) involved in the registration with
the HA can become very large.– Methods to reduce registration costs are
desirable.
91IFA’2004
Security Considerations in RegistrationSecurity Considerations in Registration
Danger:Danger: Registration Request works Registration Request works remotely to the home agent to affect the remotely to the home agent to affect the home agent's routing tablehome agent's routing table
Security:Security: Authentication:Authentication: Home agents and mobile Home agents and mobile nodes perform authentication using MD5 nodes perform authentication using MD5 algorithm and key size of 128 bits.algorithm and key size of 128 bits.Replay Protection:Replay Protection: The Identification field is The Identification field is used to verify that a registration message used to verify that a registration message has been freshly generated.has been freshly generated.
timestamp, random numbertimestamp, random number
92IFA’2004
Hierarchical Mobile IP: Hierarchical Mobile IP: SecuritySecurity
Advantages:Advantages:
– Local COAs can be hidden,Local COAs can be hidden,which provides some location privacywhich provides some location privacy
– Direct routing between CNs sharing the same Direct routing between CNs sharing the same link is possible (but might be dangerous)link is possible (but might be dangerous)
Potential problems:Potential problems:
– Decentralized security-critical functionalityDecentralized security-critical functionality(handover processing) in mobility anchor points(handover processing) in mobility anchor points
– MNs can (must!) directly influence routing MNs can (must!) directly influence routing entries via binding updates (authentication entries via binding updates (authentication necessary)necessary)
93IFA’2004
Security in Mobile Security in Mobile IPIP
Security requirements (Security Architecture for the Security requirements (Security Architecture for the Internet Protocol, RFC 1825)Internet Protocol, RFC 1825)– IntegrityIntegrity
any changes to data between sender and receiver can be any changes to data between sender and receiver can be detected by the receiverdetected by the receiver
– AuthenticationAuthenticationsender address is really the address of the sender and all sender address is really the address of the sender and all data received is really data sent by this senderdata received is really data sent by this sender
– ConfidentialityConfidentialityonly sender and receiver can read the dataonly sender and receiver can read the data
– Non-RepudiationNon-Repudiationsender cannot deny sending of datasender cannot deny sending of data
– Traffic AnalysisTraffic Analysiscreation of traffic and user profiles should not be possiblecreation of traffic and user profiles should not be possible
– Replay ProtectionReplay Protectionreceivers can detect replay of messagesreceivers can detect replay of messages
94IFA’2004
IP Security Architecture IP Security Architecture
Two or more partners have to negotiate security Two or more partners have to negotiate security mechanisms to setup a security associationmechanisms to setup a security association– Typically, all partners choose the same Typically, all partners choose the same
parameters and mechanismsparameters and mechanisms Two headers have been defined for securing IP Two headers have been defined for securing IP
packets:packets:– Authentication-HeaderAuthentication-Header
Guarantees integrity and authenticity of IP Guarantees integrity and authenticity of IP packetspackets
Asymmetric encryption schemes are used.Asymmetric encryption schemes are used.
– Encapsulation Security PayloadEncapsulation Security PayloadProtects confidentiality between Protects confidentiality between
communication partnerscommunication partners
95IFA’2004
Key DistributionKey Distribution
Home agent distributes session keysHome agent distributes session keys
foreign agent has a security association with the home foreign agent has a security association with the home agentagent
mobile host registers a new binding at the home agentmobile host registers a new binding at the home agent home agent answers with a new session key for foreign home agent answers with a new session key for foreign
agent and mobile nodeagent and mobile node
FA MH
HA
response:EHA-FA {session key}EHA-MH {session key}
96IFA’2004
Summary of Mobile IPv6Summary of Mobile IPv6 IPv6 has overcome the problem of address shortage in
IPv4. IPv6 enables a node to send a packet to one out of
several systems by using anycast address. Mobile IPv6 uses this feature by sending a Binding Update to the HA anycast address and getting response from exactly one of several HAs. IPv4 cannot provide this solution.
Using stateless address autoconfiguration and neighbor discovery mechanism, Mobile IPv6 neither needs DHCP nor FAs on foreign links to configure the CoAs of MNs.
Mobile IPv6 can user IPSec for all security requirements.
Route Optimization is an integral part of Mobile IPv6 to avoid triangle routing.
Multicast operations and protocols
97IFA’2004
ReferencesReferences
1. "Mobile Networking through Mobile IP," C. Perkins, 1. "Mobile Networking through Mobile IP," C. Perkins,
IEEE Internet ComputingIEEE Internet Computing, Vol. 2, No. 1, 1998., Vol. 2, No. 1, 1998.
2. "Mobile IP ," C. Perkins, 2. "Mobile IP ," C. Perkins,
IEEE Communications MagazineIEEE Communications Magazine, Vol. 35, No. 5, 1997., Vol. 35, No. 5, 1997.
3. “Mobile IP, Design Principles and Practices”3. “Mobile IP, Design Principles and Practices”Book by Charles E. PerkinsBook by Charles E. Perkins
4. “Mobile IP, The Internet Unplugged”4. “Mobile IP, The Internet Unplugged” Book by James D. Solomon Book by James D. Solomon
5. IETF Mobile IP WG:5. IETF Mobile IP WG: http://www.ietf.org/html.charters/mobileip-charter.html http://www.ietf.org/html.charters/mobileip-charter.html