MOBILE IP Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and...

MOBILE IPMOBILE IP

Ian F. AkyildizIan F. Akyildiz

Broadband & Wireless Networking LaboratoryBroadband & Wireless Networking Laboratory

School of Electrical and Computer EngineeringSchool of Electrical and Computer Engineering

Georgia Institute of TechnologyGeorgia Institute of Technology

Tel: 404-894-5141; Fax: 404-894-7883 Tel: 404-894-5141; Fax: 404-894-7883

Email: [email protected]: [email protected]

Web: http://www.ece.gatech.edu/research/labs/bwnWeb: http://www.ece.gatech.edu/research/labs/bwn

2IFA’2004

INTERNETINTERNET

The Telephone network is no longer the The Telephone network is no longer the basis for most forms of communication.basis for most forms of communication.

The Internet is…The Internet is…– Commercially viableCommercially viable– Available worldwideAvailable worldwide– Designed for a multi-network Designed for a multi-network

environmentenvironment What are the implications for a What are the implications for a

seamless global network based on the seamless global network based on the Internet?Internet?

3IFA’2004

What is the What is the Internet?Internet?

– A large collection of networks,A large collection of networks,of various types (e.g. Ethernet, ATM, IEEE 802.11, Bluetooth)of various types (e.g. Ethernet, ATM, IEEE 802.11, Bluetooth)at various speeds (kbit/s - Gbit/s)at various speeds (kbit/s - Gbit/s)

– Interconnected by routers,Interconnected by routers,all acting on a common protocol: IPall acting on a common protocol: IP

– With applications running on the end systems With applications running on the end systems (hosts)(hosts)Using either TCP or UDP as a transport protocol,Using either TCP or UDP as a transport protocol,Example applications are WWW (using http), email (smtp/ Example applications are WWW (using http), email (smtp/

pop3/ imap), news (nntp), telnet, ftp.pop3/ imap), news (nntp), telnet, ftp.

4IFA’2004

Internet Protocol Internet Protocol StackStack

Application

Link

Network

Transport

Device Driver and Interface Card

IP, ICMP

TCP, UDP

Telnet, FTP, HTTP, SMTP, POP3, IMAP, NNTP

5IFA’2004

The InternetThe Internet

IP

Application

TCP / UDP

Subnet Subnet Subnet Subnet Subnet Subnet Subnet

IP

Application

TCP / UDP

IP IP

e.g. Ethernet e.g. E1 e.g. PPP over Modem

Host HostSwitch / Bridge Router Router

6IFA’2004

The InternetThe Internet

Ethernet

Token Ring

ATM

Modem

ISDN

ATM

R

R

R

R

RR

OC3

T1 / E1

T1 / E1

7IFA’2004

Routing in the Routing in the InternetInternet

Packets flow from link (subnetwork) to link via routersPackets are routed individually, based on their IP

addresses Routing is based on the (sub)network prefix of the IP

address

8IFA’2004

Today’s Internet ProtocolToday’s Internet Protocol

Packets are routed to destinations Packets are routed to destinations based on IP addressbased on IP address

128.1430.71.5 128.143.77.83

router 71

INTERNET

9IFA’2004

Levels of Addresses in the Internet

Domain name (DNS address)Domain name (DNS address)a location independent identifier of a hosta location independent identifier of a host

versace.ece.gatech.eduversace.ece.gatech.edu

Internet address (IP address)Internet address (IP address)the logical location of a host (interface)the logical location of a host (interface)

i.e., (sub)network id followed by host id 130.89.16.82i.e., (sub)network id followed by host id 130.89.16.82

Physical address (MAC address)Physical address (MAC address)the hardware address of an interface cardthe hardware address of an interface card

00 a4 24 4a 82 0700 a4 24 4a 82 07

10IFA’2004

IP Address IP Address AssignmentAssignment

The Internet Network Information Center The Internet Network Information Center (NIC) assigns Network IP addresses to (NIC) assigns Network IP addresses to different organizations.different organizations.

Then, the network administrator at the Then, the network administrator at the local site assigns the subnet IDs.local site assigns the subnet IDs.

So, when a computer is moved to So, when a computer is moved to another subnet, the IP address must be another subnet, the IP address must be changed to match that subnet.changed to match that subnet.

11IFA’2004

How to obtain an IP AddressHow to obtain an IP Address

ManuallyAutomatically

– PPP (Point-to-Point Protocol) / IPCP (IP Control Protocol)

– BOOTP (Bootstrap Protocol)– DHCP (Dynamic Host

Configuration Protocol)

12IFA’2004

Truly Mobile NetworkingTruly Mobile Networking

Provide reliable access to the Provide reliable access to the Internet Internet anytime, anywhereanytime, anywhere

Mobility transparent to Mobility transparent to applications and higher level applications and higher level protocols such as TCPprotocols such as TCP

13IFA’2004

Why Mobility at the Network (IP) Layer?

– Network layer is present in all Internet nodes

– Network layer is responsible for routing packets to the proper location

– Mobility across the entire Internet, even changing physical medium is possible

– Application transparent– Universal solution for all applications

14IFA’2004

Mobile IP (RFC Mobile IP (RFC 2002)2002)

Leaves Internet routing fabric Leaves Internet routing fabric unchangedunchanged

Does not assume “base stations” exist Does not assume “base stations” exist everywhereeverywhere

SimpleSimple Correspondent Nodes do not need to Correspondent Nodes do not need to

know about mobilityknow about mobility Works both for changing domains and Works both for changing domains and

network interfacesnetwork interfaces

15IFA’2004

Apply to Mobile NetworkingApply to Mobile Networking

128.143.71.50 128.143.77.84

IP Network

16IFA’2004

Apply to Mobile Apply to Mobile NetworkingNetworking

128.143.71.50

IP Network

128.143.77.84

X

17IFA’2004

How Mobile IP WorksHow Mobile IP Works

128.143.71.50

router 71router 77

virginia.net

IP Network

128.143.77.84

HA

18IFA’2004

128.143.71.50

router 71router 77

virginia.net

IP Network

How Mobile IP How Mobile IP WorksWorks

128.143.77.84

HA

FA

Register

Discovery

Discovering the care-of address Registering the care-of address Tunneling to the care-of address

19IFA’2004

Mobile IP Mobile IP (Terminology)(Terminology)

Mobile Node (MN):Mobile Node (MN): A computer that can change its A computer that can change its location and consequently its point of attachment.location and consequently its point of attachment.

Correspondent Node (CN):Correspondent Node (CN): Partner for Partner for communication.communication.

Home Network:Home Network: IP network where the MN resides. IP network where the MN resides. The network at which the MNThe network at which the MN seems reachable to seems reachable to the rest of the Internet by virtue of its assigned IP the rest of the Internet by virtue of its assigned IP address.address.

Foreign Network:Foreign Network: IP network where the MN is IP network where the MN is visiting. The network to which the visiting. The network to which the MNMN is attached is attached when it is not attached to its when it is not attached to its home networkhome network, and , and on which the on which the care-of addresscare-of address is reachable from the is reachable from the rest of the Internet. rest of the Internet.

20IFA’2004


Home Address of an MN: * Long-term IP address assigned to the MN that * Long-term IP address assigned to the MN that is part of the IP home network (it remains is part of the IP home network (it remains unchanged regardless of where the MN is). unchanged regardless of where the MN is). * It is used for DNS determination of the MN’s IP* It is used for DNS determination of the MN’s IP address. address. * The IP address assigned to the MN, making it* The IP address assigned to the MN, making it logically appear attached to its logically appear attached to its home networkhome network..

21IFA’2004


Care-of Address (COA): An IP address in the foreign network, i.e., an IP address at the n IP address at the MN’sMN’s current point of attachment to the Internet, current point of attachment to the Internet, when the MN is not attached to the when the MN is not attached to the home home networknetwork..

Home Agent (HA): is the anchor in the home network for the MN. All packets addressed to the MN reach the HA first, unless the MN is located in its home network. In other words, a router on the router on the home networkhome network that effectively that effectively causes the MN to be reachable at its home causes the MN to be reachable at its home address even when the mobile node is not address even when the mobile node is not attached to its home network. attached to its home network.

22IFA’2004


Foreign Agent (FA): * Acts as the reference point in the foreign

network for the MN (in IPv4). * The CoA is usually the address of the FA. * An MN can act as its own FA, in which case it is called a co-located COA. * In other words, a router in the foreign router in the foreign network that can assist the MN in receiving network that can assist the MN in receiving packets delivered to the CoA.packets delivered to the CoA.

23IFA’2004

Example NetworkExample Network

Mobile End-System

Internet

Router

Router

Router

End-System

FA

HA

MN

Home Network

Foreign Network

(Physical Home Networkfor the MN)

(Current Physical Network for the MN)

CN

24IFA’2004

Data Transfer to the Mobile SystemData Transfer to the Mobile System

Internet

Sender

FA

HA

MN

Home Network

ForeignNetwork

Receiver

1

2

3

1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP)2. HA tunnels packet to COA, here FA, by encapsulation3. FA forwards the packet to the MN

CN

25IFA’2004

Another ViewAnother View

Sending Host Mobile Host

Home Network

Foreign Network

g Foreign Agent

f

LD Home Agent

f : Encapsulation and re-addressingg : Decapsulation and forwardingLD : Location Directory

26IFA’2004


Sending HostgMobile Host

using DHCP

Home Network

f

LD Home Agent

f : Encapsulation and re-addressingg : Decapsulation and forwardingLD : Location Directory

27IFA’2004


MN = Mobile NodeCN = Correspondent NodeHA = Home AgentFA = Foreign Agent

• MH registers new “care-of address” (FA) with HA• HA tunnels packets to FA• FA decapsulates packets and delivers them to MH

HA

CN

Home Network Foreign Network

FA MN

28IFA’2004

When Mobile Node Moves When Mobile Node Moves AgainAgain

HA

CN

Home Network Foreign Network #1

FA #1 MN

Foreign Network #2

FA #2 MN

•MN registers new address (FA #2) with HA & FA #1•HA tunnels packets to FA #2, which delivers them to MN•Packets in flight can be forwarded from FA #1 to FA #2

29IFA’2004


Messages from a computer destined for the MN are always sent to MN’s home address (network) first.

The messages are routed from MN’s home network to the current location of the MN.

Two IP addresses are used: A fixed home address and a CoA.

NOTE: Home address remains always fixed while CoA changes at different access points.

30IFA’2004


The HA maintains a database in which the MN’s home address resides.

When the MN moves to a foreign network, it establishes an association with its FA which, in turn, establishes an association with the MN’s HA.

(BINDING PROCESS)

In other words, the MN updates its registration with its HA through the FA.

31IFA’2004

Data Transfer from the Mobile SystemData Transfer from the Mobile System

Internet

Receiver

FA

HA

MN

Home Network

ForeignNetwork

Sender

1

1. Sender sends to the IP address of the receiver as usual, FA works as default router

CN

32IFA’2004


HA

CN

Home Network Foreign Network

FA MN

Mobile Nodes also send packets

•Mobile Node uses its home IP address as source address-Lower latency-Still transparent to correspondent node-No obvious need to encapsulate packet to CN

33IFA’2004

OverviewOverview

CN

routerHA

routerFA

Internet

router

1.

2.

3.

homenetwork

MN

foreignnetwork

4.

CN

routerHA

routerFA

Internet

router

homenetwork

MN

foreignnetwork

COA

34IFA’2004

How Mobile IP Works?How Mobile IP Works?

* * Each MN has two IP addresses:– A fixed home address for identification, and– A care-of-address (CoA) for routing.

* Mobile IP uses an agent concept.– Home Agent (HA) intercepts packets on the home

link destined to the MN’s home address, encapsulates them, and tunnels them to the MN’s registered CoA.

– Foreign Agent (FA) is a router with which an MN establishes an association when it moves away from home. Therefore, the MN updates its locations with the HA through an FA.

35IFA’2004

3 Parts of Mobile IP3 Parts of Mobile IP

Advertising Care-of AddressesAdvertising Care-of Addresses

(Agent Discovery)(Agent Discovery)RegistrationRegistrationTunnelingTunneling

36IFA’2004


1. Advertising/Agent 1. Advertising/Agent Discovery:Discovery:

An MN determines its new attachment point or IP An MN determines its new attachment point or IP address through address through agent advertisementsagent advertisements..– Determine to which link it is connectedDetermine to which link it is connected– Detect if it has changed its point of attachmentDetect if it has changed its point of attachment– Obtain a CoA if it is connected to a foreign Obtain a CoA if it is connected to a foreign

networknetwork– Allowed to send agent solicitation requests to Allowed to send agent solicitation requests to

agentagent– Agent discovery messages are carried by the Agent discovery messages are carried by the

ICMP packets.ICMP packets.

37IFA’2004


2. Registration: 2. Registration: An MN requests service from an FA and informs its An MN requests service from an FA and informs its

HA of a new CoA.HA of a new CoA.– Involves registration and deregistration with its Involves registration and deregistration with its

HAHA– Registration message is carried by the UDP Registration message is carried by the UDP

packets.packets.

3. Tunneling (Routing):3. Tunneling (Routing): Mobile IP tunnels datagram to the MN, whether it is Mobile IP tunnels datagram to the MN, whether it is

away from its home network or not.away from its home network or not.– Encapsulation at the entering point of a tunnelEncapsulation at the entering point of a tunnel– Decapsulation at the exit point of a tunnelDecapsulation at the exit point of a tunnel

38IFA’2004

How Mobile IP WorksHow Mobile IP Works(OPERATIONS)(OPERATIONS)

1.1. ADVERTISINGADVERTISING * HA and FA periodically send agent advertisement messages into their physical subnets to make themselves known. * MNs periodically receive these unsolicited MNs periodically receive these unsolicited agentagent advertisementadvertisement messages messages. . * MN listens to these messages and detects, if it is in the home network or a foreign network. * If the MN is in its home network, it works like any other node, i.e., it routes packets using traditional IP routing protocols.

39IFA’2004


* When the MN moves away from its home network, it obtains a CoA on the foreign network by soliciting or listening for agent advertisements.

* MN reads a CoA from the FA advertisement messages. * MN registers each new CoA with its HA by way of a FA.

* Packets sent to MN’s home address are intercepted by its HA, and are tunneled to the CoA.

40IFA’2004

Advertising Care-of AddressesAdvertising Care-of Addresses

A A mobility agentmobility agent is either a FA or a HA or both is either a FA or a HA or bothMobility agents broadcast agent advertisementsMobility agents broadcast agent advertisements

(ICMP messages)(ICMP messages)Mobile Nodes (MNs) can solicit for an Mobile Nodes (MNs) can solicit for an

advertisementadvertisementAdvertisements contain:Advertisements contain:

mobility agent addressmobility agent address

care-of addressescare-of addresses

lifetimelifetime

flagsflags

41IFA’2004

Home Network & Move Home Network & Move DetectionDetection

Home Network is detected if:– Network Prefix IP Source Address advertisement

= Network Prefix Home Address

Move is detected if:– No advertisement has been received within

Lifetime– Network Prefixes have changed

No advertisements --> Use assistance from higher/lower layers

42IFA’2004

Agent Discovery ProcedureAgent Discovery Procedure

* A MN determines its new attachment point or IP address as it moves from place to place within the wireless segment of the wireless/IP network. * By agent discovery a MN can a) Determine whether it is connected to its home network or foreign network. b) Detect whether it has changed its point of attachment

Registration procedure follows once the MN gets a new CoA.

43IFA’2004

Agent Discovery Agent Discovery ProcedureProcedure

44IFA’2004

Agent DiscoveryAgent Discovery

Agent Solicitation MessageAgent Solicitation Message– Identical to ICMP router solicitations, except having IP Identical to ICMP router solicitations, except having IP

time to Live fieldtime to Live field set to 1. set to 1.– When an HA or FA receives one, it should immediately When an HA or FA receives one, it should immediately

respond by transmitting an respond by transmitting an Agent Advertisement .Agent Advertisement .

Time to Live = 1 Protocol = ICMP header Checksum

Type = 10 Code = 10 Checksum

Vers =4 Type of service Total length

Desti Addr = 255.255.255.255 (broadcast) or 224.0.0.2 (multicast)

Identification Flags Fragment Offset

Source Address = Mobile node’s home address

Reserved

4 bytes (32 bits)

45IFA’2004

Agent Discovery (2)Agent Discovery (2) Agent Advertisement MessagesAgent Advertisement Messages

– They are formed by appending one or more of the They are formed by appending one or more of the extensions defined by Mobile IP to the ICMP extensions defined by Mobile IP to the ICMP router advertisement message (RFC 1256).router advertisement message (RFC 1256).

– The mobility agent advertisement extension must The mobility agent advertisement extension must be included by agents.be included by agents.

Care of Address (1)….

IP Header (RFC 791)

(maximum) registration lifetime Reserved

ICMP Router Advertisement (RFC 1256)

Type = 16 Length Sequence number

Type = 19 Length Prefix-length [1] Prefix-length [2](Optional)

4 bytes (32 bits)

20 bytes

Mobility agentAdvertisement

Extension (RFC 2002)

46IFA’2004

ExampleExample

A mobile node has a home A mobile node has a home address of 136.142.117.21 address of 136.142.117.21 and a care-of address of and a care-of address of 130.216.16.5. 130.216.16.5. It listens to agent It listens to agent advertisements periodically.advertisements periodically.– The agent advertisement The agent advertisement

indicates that the care-of indicates that the care-of address is 130.216.45.3. address is 130.216.45.3. What happens? Why?What happens? Why?

– The agent advertisement The agent advertisement indicates that the care-of indicates that the care-of address is 136.142.117.21. address is 136.142.117.21. What happens? Why?What happens? Why?

The MN will register with the new FA. The new FA will send the registration request to the HA and await the registration response.

The agent advertisement indicates that the MN is back in its home network.

47IFA’2004


2. REGISTRATION: 2. REGISTRATION: The MN obtains a new Care-of Address (CoA)The MN obtains a new Care-of Address (CoA) The MN sends registration message to the The MN sends registration message to the

HAHA The HA updates the binding of the home The HA updates the binding of the home

address and the CoA of the MN.address and the CoA of the MN. MN signals COA to the HA via the FA, HA MN signals COA to the HA via the FA, HA

acknowledges via FA to MN.acknowledges via FA to MN. These actions have to be secured by These actions have to be secured by

authentication authentication

48IFA’2004

RegistrationRegistration

Binding: (home address, care-of address, lifetime)Registration is needed to update the bindingRegistration requires authenticationRegistration uses UDP

49IFA’2004

Registration Scenarios

MobileHost

ForeignAgent

HomeAgent

Registration Request

Registration Reply

MobileHost

HomeAgent


Registration Reply

MobileHost

HomeAgent


Registration Reply

50IFA’2004

Simultaneous Simultaneous BindingsBindings

– A Mobile Node may register multiple A Mobile Node may register multiple bindings simultaneouslybindings simultaneously

– The Home Agent makes multiple The Home Agent makes multiple copies of packets destined for the copies of packets destined for the MN, and tunnels a copy to each CoA.MN, and tunnels a copy to each CoA.

– Simultaneous bindings may be used Simultaneous bindings may be used totofacilitate seamless hand-offfacilitate seamless hand-offavoid too frequent registrationsavoid too frequent registrations

51IFA’2004

Mobile IP Mobile IP Registration ProcedureRegistration Procedure

When registering, the MN sends a registration When registering, the MN sends a registration request to the HA through the FA.request to the HA through the FA.– The HA creates a The HA creates a mobility bindingmobility binding between the between the

MN’s home address and the current CoA that MN’s home address and the current CoA that has a fixed lifetime.has a fixed lifetime.

– The MN should reregister before the expiration The MN should reregister before the expiration of the bindingof the binding

– A registration reply indicates whether the A registration reply indicates whether the registration was successful. registration was successful. Rejection reasons: insufficient resources, the Rejection reasons: insufficient resources, the

HA is unreachable, too many simultaneous HA is unreachable, too many simultaneous bindings, failed authentication, etc.bindings, failed authentication, etc.

52IFA’2004

Mobile IP Mobile IP Registration ProcedureRegistration Procedure

If an MN does not know the Home Agent (HA) address, If an MN does not know the Home Agent (HA) address, it will send a broadcast registration to its home it will send a broadcast registration to its home network called anetwork called a direct broadcast. direct broadcast.

Every valid HA will respond and the MN uses the Every valid HA will respond and the MN uses the address of a valid HA to make a registration request.address of a valid HA to make a registration request.

The HA and FA are similar to home and visiting The HA and FA are similar to home and visiting databasesdatabases

– Upon a valid registration, the HA creates an entry for Upon a valid registration, the HA creates an entry for an MN containing: the MN’s CoA, an identification an MN containing: the MN’s CoA, an identification field, and the remaining lifetime of the registration.field, and the remaining lifetime of the registration.

– Each Foreign Agent (FA) maintains a visitor list Each Foreign Agent (FA) maintains a visitor list containing: link layer address of the MN, MN’s home containing: link layer address of the MN, MN’s home IP address, UDP registration source port, HA IP IP address, UDP registration source port, HA IP address, an identification field, the registration address, an identification field, the registration lifetime, and the remaining life time of current or lifetime, and the remaining life time of current or pending registration.pending registration.

53IFA’2004

RegistrationRegistration

MH=MN: Mobile Host/Node; FA: Foreign Agent; HA: Home Agent

Exchange of Registration Request and Registration Reply messages: UDP

54IFA’2004

Registration and Registration and DeregistrationDeregistration

When an MN moves to a visiting location, it When an MN moves to a visiting location, it needs to register with its HA. When it returns needs to register with its HA. When it returns to its home network, it also needs to to its home network, it also needs to deregister with its HA to update its current deregister with its HA to update its current CoA (home address).CoA (home address).

1.1. Registration with Care-of-addressRegistration with Care-of-address

FAInternet Backbone

Internet Backbone

Home network/Subnet

Foreign Network/Subnet

HA

Registration requestRegistration reply

55IFA’2004

Registration and Registration and Deregistration (2)Deregistration (2)

1.1. Registration with care-of-addressRegistration with care-of-address2.2. Registration with colocated care-of-address: an IP address Registration with colocated care-of-address: an IP address

that represents the current position of the MN on the that represents the current position of the MN on the foreign network and can be used by only one MN at a time.foreign network and can be used by only one MN at a time.

3.3. Deregistration with the HADeregistration with the HA

FAInternet Backbone

Internet Backbone

Home network/Subnet


HA

Registration requestRegistration reply

56IFA’2004

FA

1

1”

1’

Beacon Signal

I am new here

OK, send information

Here is my HA and binding infomation. 3 CoA or C-CoA created

MNHA

2

(Any one new)

4

4’ Same as step

Here is CoA or co-located CoA (C-CoA) for this MN

Acknowledge Registration + binding

4

4” Same as step

4

Registration ProcessRegistration Process

57IFA’2004

Foreign Agent ConsiderationForeign Agent Consideration

Each foreign agent must be configured with a Each foreign agent must be configured with a CoACoA

For each pending or current registration, the For each pending or current registration, the foreign agent maintains a visitor list entry foreign agent maintains a visitor list entry containing:containing:– Link-layer source address of the MNLink-layer source address of the MN– The MN’s Home AddressThe MN’s Home Address– The Home Agent addressThe Home Agent address– The Identification FieldThe Identification Field– The requested registration LifetimeThe requested registration Lifetime– The remaining Lifetime of the pending or The remaining Lifetime of the pending or

current registrationcurrent registration

58IFA’2004


3. TUNNELING:3. TUNNELING:

Packets sent by a correspondent node Packets sent by a correspondent node (CN) to the MN are intercepted by the HA(CN) to the MN are intercepted by the HA

The HA encapsulates the packetsThe HA encapsulates the packetsPackets are tunneled to the CoA of the Packets are tunneled to the CoA of the

MNMN

59IFA’2004

TunnelingTunneling

– Packets destined to the MN are routed to Packets destined to the MN are routed to the home network (normal IP operation)the home network (normal IP operation)

– HA intercepts packets on the home HA intercepts packets on the home networknetwork

– HA encapsulates packets, and tunnels HA encapsulates packets, and tunnels them to the CoAthem to the CoA

– At the CoA (either FA or co-located), the At the CoA (either FA or co-located), the packet is decapsulated, and delivered to packet is decapsulated, and delivered to the MNthe MN

60IFA’2004

IP Packet FormatIP Packet Format

Version IHL Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options + Padding

0 4 8 16 19 31 bits

Data Field

61IFA’2004

Packet AddressingPacket Addressing

Source Address = Address of CNDestination Address = Home IP Address of MNPayload

Source Address = Address of HADestination Address = Care-of-Address of MNSource Address = Address of CNDestination Address = Home IP Address of MNOriginal Payload

Packet from CN to MN

HA intercepts above packet and tunnels it

62IFA’2004

Mobile IP:Mobile IP:IP in IP IP in IP EncapsulationEncapsulation

Forwarding packets Forwarding packets between between Correspondence Node Correspondence Node (CN) and MN is (CN) and MN is achieved by achieved by encapsulation encapsulation (tunneling).(tunneling).

A virtual pipe between A virtual pipe between the HA and FA is the HA and FA is created through a created through a packet that includes packet that includes the packet from CN as the packet from CN as its payload.its payload.

63IFA’2004

TunnelingTunneling

Home agent tunnels (encapsulates) packets to care-of address

Tunnel source is the home agent’s addressTunnel destination is the care-of address

IP within IP (other ways exist):

64IFA’2004

Source To MN Payload DataIncoming message for MN

HA

HA CoA/C-CoA Source To MN Payload Data

Encapsulation

FA

Source To MN Payload Data

Forwarding through intermediate router if CoA used

Decapsulation

Decapsulation done at MN

Forwarding not through intermediate router if C-CoA used

MN

TunnelingTunneling(Message Forwarding)(Message Forwarding)

65IFA’2004

Tunneling and Tunneling and RoutingRouting

Tunneling is a process in which the Tunneling is a process in which the HA encapsulates the message from HA encapsulates the message from the IP host for delivery to the MN the IP host for delivery to the MN via its FA.via its FA.

Binding: the association of the Binding: the association of the home address of an MN with a CoA home address of an MN with a CoA for that MN, along with the for that MN, along with the remaining lifetime of that remaining lifetime of that association.association.

66IFA’2004

Two Routing ApproachesTwo Routing Approaches

–Triangle Routing–Optimized Routing

67IFA’2004

Triangle RoutingTriangle Routing

1.1. A datagram is sent from A datagram is sent from the CN to the MN’s HA the CN to the MN’s HA through IP.through IP.

2.2. The HA intercepts the The HA intercepts the datagram and tunnels the datagram and tunnels the datagram to the MN’s datagram to the MN’s CoA.CoA.

3.3. At the FA, the datagram At the FA, the datagram is decapsulated and is decapsulated and delivered to the MN.delivered to the MN.

4.4. For datagram sent by the For datagram sent by the MN, standard IP routing MN, standard IP routing is used to deliver each is used to deliver each datagram to the datagram to the destination.destination.

FA

Internet Backbone

Internet Backbone

Packet to the CN routedUsing standard IP routing

HA

Packet from the CN routed indirectly through the HA

CN

Encapsulation

68IFA’2004

HA

Home Agent

FA

Foreign Agent

Correspondent Node

Mobile Node (MN)

Mobile Node (MN)

Global Internet

(1)

(3) Location Update

(2)Tunneling

Location Update

(4)

Triangle Routing in Mobile IPTriangle Routing in Mobile IP

69IFA’2004

Triangle RoutingTriangle Routing

(1) (1) The correspondent node (CN) transmits a packet to the MN. The The correspondent node (CN) transmits a packet to the MN. The packet is routed to the MN’s home network.packet is routed to the MN’s home network.

(2) The Home Agent (HA) intercepts the packet, encapsulates and (2) The Home Agent (HA) intercepts the packet, encapsulates and tunnels it to the Foreign Agent (FA)tunnels it to the Foreign Agent (FA)

(3) The FA decapsulates and forwards the packet to the MN(3) The FA decapsulates and forwards the packet to the MN(4) Packets from the CN to the MN are now routed directly (4) Packets from the CN to the MN are now routed directly

(tunneling). It looks like a single hop within the Internet.(tunneling). It looks like a single hop within the Internet.

70IFA’2004

Triangle Routing Triangle Routing (Another View)(Another View)

Triangle routing is undesirable becausehome agent is the bottleneckmore network load, and sensitivity to network partitionIn case of reverse tunneling, the situation is even worse Route optimization: Get binding to the correspondent host

71IFA’2004

Triangle RoutingTriangle RoutingAdvantages & DisadvantagesAdvantages & Disadvantages

ADVANTAGES:– It is simple– The number of control messages to be exchanged is limited.– The address bindings are highly consistent since they are

kept at one single point for a given host.DISADVANTAGES:– The destination HA is fixed redirection point for exchanging

every IP packet even if a shorter route is available between source and destination.

– This can lead to unnecessarily large end-to-end packet delay.

– Network links connecting a HA to the network can easily be overloaded.

72IFA’2004

Optimized RoutingOptimized Routing

The MN informs The MN informs the CN of its CoA the CN of its CoA addressaddress

The CN can tunnel The CN can tunnel the packets the packets directly to the MN directly to the MN by bypassing the by bypassing the HA.HA.

Every traffic Every traffic resource is allowed resource is allowed to cache and use to cache and use binding copies.binding copies.

FA

Internet Backbone

Internet Backbone

Packet to the CN routedUsing standard IP routing

HA

Packet from the CN routed indirectly through the HA

CN

Update binding

Authorization & processing

73IFA’2004

Local Anchor for Mobile Local Anchor for Mobile IPIP

Choose one agent as the center of an anchoring Choose one agent as the center of an anchoring region and name this agent as an anchor.region and name this agent as an anchor.

When an MN moves within the anchoring region, it When an MN moves within the anchoring region, it does not need to register with its HA; instead, it does not need to register with its HA; instead, it registers with the anchor, like a registers with the anchor, like a virtual HA.virtual HA.

When the MN moves out of the anchoring region, it When the MN moves out of the anchoring region, it register with its HA and the new FA will become the register with its HA and the new FA will become the center of the new anchoring region.center of the new anchoring region.

HA

CN

AnchorServing FA

MN

Packet forwarding process

74IFA’2004

Local Anchor for Mobile IP Local Anchor for Mobile IP (2)(2)

RegistrationRegistration– Either the new FA or the anchor agent Either the new FA or the anchor agent

decides whether the MN should decides whether the MN should register with its HA.register with its HA.

– Static method is to measure the Static method is to measure the distance from the old anchor agent to distance from the old anchor agent to the new FA to decide whether to the new FA to decide whether to establish a new anchoring region.establish a new anchoring region.

– Dynamic method can based on user Dynamic method can based on user mobility pattern, traffic load, as well as mobility pattern, traffic load, as well as objectives.objectives.

75IFA’2004

Local Anchor for Mobile IP Local Anchor for Mobile IP (3)(3)

1.1. The MN sends the registration request, indicating the current anchor The MN sends the registration request, indicating the current anchor and the HA.and the HA.

2.2. There are two cases:There are two cases: The new FA decides that the MN is still in its current anchoring The new FA decides that the MN is still in its current anchoring

region, so it forwards the MN’s request to the anchor.region, so it forwards the MN’s request to the anchor. The new FA decides that the MN is out of its current anchoring The new FA decides that the MN is out of its current anchoring

region, so it forwards the MN’s registration request to the HA.region, so it forwards the MN’s registration request to the HA.3.3. The anchor or the HA sends registration reply back to the serving FA.The anchor or the HA sends registration reply back to the serving FA.4.4. The FA returns an ACK to the MN and indicates who, the anchor or The FA returns an ACK to the MN and indicates who, the anchor or

the HA sends this reply.the HA sends this reply.

HA

AnchorServing FA

MN

76IFA’2004

Mobile IP and IPv6Mobile IP and IPv6

Mobile IP was developed for IPv4, but IPv6 simplifies the protocolsMobile IP was developed for IPv4, but IPv6 simplifies the protocols– Security is integrated and not an add-on, authentication of Security is integrated and not an add-on, authentication of

registration is includedregistration is included– CoA can be assigned via auto-configuration (DHCPv6 is one CoA can be assigned via auto-configuration (DHCPv6 is one

candidate), every node has address autoconfigurationcandidate), every node has address autoconfiguration– No need for a separate FA, No need for a separate FA, allall routers perform router routers perform router

advertisement which can be used instead of the special agent advertisement which can be used instead of the special agent advertisement; addresses are always co-locatedadvertisement; addresses are always co-located

– MN can signal a sender directly the CoA, sending via HA not MN can signal a sender directly the CoA, sending via HA not needed in this case (automatic path optimization)needed in this case (automatic path optimization)

– „„Soft“ hand-over, i.e., without packet loss, between two subnets Soft“ hand-over, i.e., without packet loss, between two subnets is supportedis supportedMN sends the new CoA to its old routerMN sends the new CoA to its old routerthe old router encapsulates all incoming packets for the MN the old router encapsulates all incoming packets for the MN

and forwards them to the new CoAand forwards them to the new CoAauthentication is always grantedauthentication is always granted

77IFA’2004

Mobility for IPv6Mobility for IPv6

– All nodes can handle bindingsAll nodes can handle bindingsNo triangular routingNo triangular routing

– Binding updates are carried in Binding updates are carried in Destination OptionDestination OptionSmall overhead for distributing bindingsSmall overhead for distributing bindings

– Mobile host can create its own care-Mobile host can create its own care-of address using link-local address of address using link-local address and automatic address configuration and automatic address configuration (combine advertised subnet prefix (combine advertised subnet prefix with own hardware address)with own hardware address)No need for foreign agentNo need for foreign agent

78IFA’2004

Changes with IP Version Changes with IP Version 66

Route OptimizationRoute Optimization– When it knows the MN's current CoA When it knows the MN's current CoA

address, a CN can deliver packets address, a CN can deliver packets directly to the MN's home address directly to the MN's home address without any assistance from the HA.without any assistance from the HA.

SecuritySecurity– Strong authentication and Strong authentication and

encryption features are included in encryption features are included in IP V6IP V6

79IFA’2004

Mobile IPv6Mobile IPv6

Based on IPv6, using IP routing header, Based on IPv6, using IP routing header, authentication header, and route optimization.authentication header, and route optimization.

There is NO foreign agent. The MN obtains a There is NO foreign agent. The MN obtains a colocated care-of-address on a foreign link, colocated care-of-address on a foreign link, and reports to its HA. and reports to its HA.

One MN may have multiple care-of-addresses. One MN may have multiple care-of-addresses. The security functions are mandatory instead The security functions are mandatory instead

of optional.of optional. Binding: The association of the home address Binding: The association of the home address

of an MN with a care-of-address that MN, along of an MN with a care-of-address that MN, along with the remaining lifetime of that association.with the remaining lifetime of that association.

80IFA’2004

Mobile IPv6 Mobile IPv6 MessagesMessages

Mobile IPv6 requires the exchange of additional Mobile IPv6 requires the exchange of additional information. All new messages used in mobile IPv6 are information. All new messages used in mobile IPv6 are defined as IPv6 destination options.defined as IPv6 destination options.– Binding UpdateBinding Update: an MN informs its HA or any other : an MN informs its HA or any other

CNs about its current CoA. Any packet including a CNs about its current CoA. Any packet including a Binding Update must also include an AH Binding Update must also include an AH (Authentication Header) or ESP (Encapsulating (Authentication Header) or ESP (Encapsulating Security Payload) header. Security Payload) header.

– Binding AcknowledgementBinding Acknowledgement: to acknowledge the : to acknowledge the receipt of a Binding Update, if an ACK was receipt of a Binding Update, if an ACK was requested, it must also include an AH or ESP requested, it must also include an AH or ESP header.header.

– Binding RequestBinding Request: for any node to request an MN to : for any node to request an MN to send a Binding Update with the current CoA.send a Binding Update with the current CoA.

– Home AddressHome Address : used in a packet sent by an MN to : used in a packet sent by an MN to inform the receiver of this packet about the MN’s inform the receiver of this packet about the MN’s home address. This message must also be covered home address. This message must also be covered by the authentication.by the authentication.

81IFA’2004

Data StructuresData Structures

Binding CacheBinding Cache: Every IPv6 node has a Binding : Every IPv6 node has a Binding Cache which is used to hold the bindings for Cache which is used to hold the bindings for other nodes. If a node receives a Binding Update, other nodes. If a node receives a Binding Update, it will add this binding to its Binding Cache.it will add this binding to its Binding Cache.

Binding Update ListBinding Update List: Every MN has a Binding : Every MN has a Binding Update List which is used to store information Update List which is used to store information about each Binding Update sent by this MN for about each Binding Update sent by this MN for which the lifetime has not expired. It contains all which the lifetime has not expired. It contains all Binding Updates sent to any CNs and to its HA.Binding Updates sent to any CNs and to its HA.

Home Agent ListHome Agent List: Each HA generates a list, which : Each HA generates a list, which contains information about other HAs on a home contains information about other HAs on a home link. link.

82IFA’2004

Mobile IPv6 Mobile IPv6 OperationOperation

Internet Backbone

Internet Backbone

Home network/Subnet


CN knows theMN’s CoA

CN do not know the MN’s CoA

HA

FA

83IFA’2004

Home Agent Home Agent RegistrationRegistration

Route Optimization: To avoid triangle routing, an MN can send Binding Update to any CN. This allows IPv6 nodes to cache the current CoA address and send packets directly to an MN.

FAInternet Backbone

Internet Backbone

Home network/Subnet


HA

The MN sends a Binding Update to the HA

The HA accepts the Binding Update and returns a Binding Acknowledgement

84IFA’2004

Route OptimizationRoute Optimization

Any IPv6 node sending a packet first checks its Binding Any IPv6 node sending a packet first checks its Binding Cache for this destination address. Cache for this destination address. – If there is an entry, it will send the packet to the MN If there is an entry, it will send the packet to the MN

using a routing header (rather than IPv6 encapsulation). using a routing header (rather than IPv6 encapsulation). The route specified by this routing header has two hops:The route specified by this routing header has two hops:The first hop is the CoA.The first hop is the CoA.The second hop is the home address of the MN.The second hop is the home address of the MN.Afterwards, the packet will be processed in the same Afterwards, the packet will be processed in the same

way as if the MN was at home.way as if the MN was at home. If the Binding cache has no entry, this packet will be routed If the Binding cache has no entry, this packet will be routed

to the specified network and received by the Dest. Node. to the specified network and received by the Dest. Node. – If the MN is away from home, the packet will be If the MN is away from home, the packet will be

intercepted by the HA on the home link and tunneled to intercepted by the HA on the home link and tunneled to the MN.the MN.

85IFA’2004


MN informs the CN of its CoA and has the packets MN informs the CN of its CoA and has the packets directly to the MN, bypassing the HA.directly to the MN, bypassing the HA.

This allows every traffic source to cache and use binding This allows every traffic source to cache and use binding copies.copies.

It supports a further update process by which a binding It supports a further update process by which a binding copy can be sent to the requiring nodes which may keep copy can be sent to the requiring nodes which may keep it in their cache for immediate or future use.it in their cache for immediate or future use.

Local bindings enable most packets to be delivered by Local bindings enable most packets to be delivered by direct routing, with an apparent gain in terms of QoS and direct routing, with an apparent gain in terms of QoS and scalability.scalability.

Also a MN can always inform its previous FA about the Also a MN can always inform its previous FA about the new CoA so that packets tunneled to the old location can new CoA so that packets tunneled to the old location can be forwarded to the current location.be forwarded to the current location.

This increases the QoS in case of high mobility.This increases the QoS in case of high mobility.

86IFA’2004

Route Optimization Route Optimization (removes triangle route)(removes triangle route)

Home Agent

Router

CorrespondentNode

Foreign Agent

Router

MobileNode

Router

87IFA’2004


Get binding to relevant Correspondent Get binding to relevant Correspondent Nodes for optimal routing:Nodes for optimal routing:Binding warning (Mobility Agent Binding warning (Mobility Agent CN) CN)Binding request (CN Binding request (CN HA) HA)Binding update (HA Binding update (HA CN) CN)Binding acknowledge (optional)Binding acknowledge (optional)

Security association between CN and HA is Security association between CN and HA is needed for authentication.needed for authentication.

88IFA’2004


Get binding to old Foreign Agent for smooth handoff:Previous FA notification extension

(mobile host new FA)Binding update (new FA old FA)Binding acknowledge (old FA MN)MN and FA need to exchange

registration key for authenticationLast resort: Special tunnel (old FA

tunnels packet back to the HA)

89IFA’2004

Route OptimizationRoute OptimizationDisadvantagesDisadvantages

– Quite complex – The overhead incurred by message exchanges and

processing (due to cache queries) can be critical.– Cached bindings are possibly inconsistent since they are

being kept in a distributed fashion.– The main obstacle to implementing optimized routing

resides in security issues.– CN must be informed of the MN’s CoA in order to tunnel

data to the MN.– In a hostile environment, an intruder can easily cut off all

communications to the MN by sending a bogus registration if he/she knows the MN’s CoA.

– Therefore, authentication/security measures have to be incorporated in the optimized routing.

90IFA’2004


– Triangle routing is much simpler than optimized routing.

– This is the preferred mode!!!– For MN’s moving further away from its home

network, the cost (delay) involved in the registration with

the HA can become very large.– Methods to reduce registration costs are

desirable.

91IFA’2004

Security Considerations in RegistrationSecurity Considerations in Registration

Danger:Danger: Registration Request works Registration Request works remotely to the home agent to affect the remotely to the home agent to affect the home agent's routing tablehome agent's routing table

Security:Security: Authentication:Authentication: Home agents and mobile Home agents and mobile nodes perform authentication using MD5 nodes perform authentication using MD5 algorithm and key size of 128 bits.algorithm and key size of 128 bits.Replay Protection:Replay Protection: The Identification field is The Identification field is used to verify that a registration message used to verify that a registration message has been freshly generated.has been freshly generated.

timestamp, random numbertimestamp, random number

92IFA’2004

Hierarchical Mobile IP: Hierarchical Mobile IP: SecuritySecurity

Advantages:Advantages:

– Local COAs can be hidden,Local COAs can be hidden,which provides some location privacywhich provides some location privacy

– Direct routing between CNs sharing the same Direct routing between CNs sharing the same link is possible (but might be dangerous)link is possible (but might be dangerous)

Potential problems:Potential problems:

– Decentralized security-critical functionalityDecentralized security-critical functionality(handover processing) in mobility anchor points(handover processing) in mobility anchor points

– MNs can (must!) directly influence routing MNs can (must!) directly influence routing entries via binding updates (authentication entries via binding updates (authentication necessary)necessary)

93IFA’2004

Security in Mobile Security in Mobile IPIP

Security requirements (Security Architecture for the Security requirements (Security Architecture for the Internet Protocol, RFC 1825)Internet Protocol, RFC 1825)– IntegrityIntegrity

any changes to data between sender and receiver can be any changes to data between sender and receiver can be detected by the receiverdetected by the receiver

– AuthenticationAuthenticationsender address is really the address of the sender and all sender address is really the address of the sender and all data received is really data sent by this senderdata received is really data sent by this sender

– ConfidentialityConfidentialityonly sender and receiver can read the dataonly sender and receiver can read the data

– Non-RepudiationNon-Repudiationsender cannot deny sending of datasender cannot deny sending of data

– Traffic AnalysisTraffic Analysiscreation of traffic and user profiles should not be possiblecreation of traffic and user profiles should not be possible

– Replay ProtectionReplay Protectionreceivers can detect replay of messagesreceivers can detect replay of messages

94IFA’2004

IP Security Architecture IP Security Architecture

Two or more partners have to negotiate security Two or more partners have to negotiate security mechanisms to setup a security associationmechanisms to setup a security association– Typically, all partners choose the same Typically, all partners choose the same

parameters and mechanismsparameters and mechanisms Two headers have been defined for securing IP Two headers have been defined for securing IP

packets:packets:– Authentication-HeaderAuthentication-Header

Guarantees integrity and authenticity of IP Guarantees integrity and authenticity of IP packetspackets

Asymmetric encryption schemes are used.Asymmetric encryption schemes are used.

– Encapsulation Security PayloadEncapsulation Security PayloadProtects confidentiality between Protects confidentiality between

communication partnerscommunication partners

95IFA’2004

Key DistributionKey Distribution

Home agent distributes session keysHome agent distributes session keys

foreign agent has a security association with the home foreign agent has a security association with the home agentagent

mobile host registers a new binding at the home agentmobile host registers a new binding at the home agent home agent answers with a new session key for foreign home agent answers with a new session key for foreign

agent and mobile nodeagent and mobile node

FA MH

HA

response:EHA-FA {session key}EHA-MH {session key}

96IFA’2004

Summary of Mobile IPv6Summary of Mobile IPv6 IPv6 has overcome the problem of address shortage in

IPv4. IPv6 enables a node to send a packet to one out of

several systems by using anycast address. Mobile IPv6 uses this feature by sending a Binding Update to the HA anycast address and getting response from exactly one of several HAs. IPv4 cannot provide this solution.

Using stateless address autoconfiguration and neighbor discovery mechanism, Mobile IPv6 neither needs DHCP nor FAs on foreign links to configure the CoAs of MNs.

Mobile IPv6 can user IPSec for all security requirements.

Route Optimization is an integral part of Mobile IPv6 to avoid triangle routing.

Multicast operations and protocols

97IFA’2004

ReferencesReferences

1. "Mobile Networking through Mobile IP," C. Perkins, 1. "Mobile Networking through Mobile IP," C. Perkins,

IEEE Internet ComputingIEEE Internet Computing, Vol. 2, No. 1, 1998., Vol. 2, No. 1, 1998.

2. "Mobile IP ," C. Perkins, 2. "Mobile IP ," C. Perkins,

IEEE Communications MagazineIEEE Communications Magazine, Vol. 35, No. 5, 1997., Vol. 35, No. 5, 1997.

3. “Mobile IP, Design Principles and Practices”3. “Mobile IP, Design Principles and Practices”Book by Charles E. PerkinsBook by Charles E. Perkins

4. “Mobile IP, The Internet Unplugged”4. “Mobile IP, The Internet Unplugged” Book by James D. Solomon Book by James D. Solomon

5. IETF Mobile IP WG:5. IETF Mobile IP WG: http://www.ietf.org/html.charters/mobileip-charter.html http://www.ietf.org/html.charters/mobileip-charter.html

MOBILE IP Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and...

Documents

Transcript of MOBILE IP Ian F. Akyildiz Broadband & Wireless Networking Laboratory School of Electrical and...