Session: 14S. K. Nayak14.1 Mobile Computing Session 14 Mobile IP S. K. Nayak Synergy, Dhenkanal.
-
Upload
rosaline-flowers -
Category
Documents
-
view
217 -
download
0
Transcript of Session: 14S. K. Nayak14.1 Mobile Computing Session 14 Mobile IP S. K. Nayak Synergy, Dhenkanal.
Session: 14 S. K. Nayak 14.1
Mobile Computing
Session 14Mobile IP
S. K. NayakSynergy, Dhenkanal
Session: 14 S. K. Nayak 14.2
Effect of Mobility on Protocol Stack
• Application: new applications and adaptations• Transport: congestion and flow control• Network: addressing and routing• Link: media access and handoff• Physical: transmission errors and interference
Session: 14 S. K. Nayak 14.3
Routing and Mobility
• Finding a path from a source to a destination• Issues
– Frequent route changes– Route changes may be related to host movement– Low bandwidth links
Session: 14 S. K. Nayak 14.4
Routing and Mobility (contd)
• Goal of routing protocols– decrease routing-related overhead– find short routes– find “stable” routes (despite mobility)
Session: 14 S. K. Nayak 14.5
Mobile IP (RFC 3344): Motivation
• Traditional routing– based on IP address; network prefix determines the
subnet– change of physical subnet implies
• change of IP address (conform to new subnet), or
• special routing table entries to forward packets to new subnet
Session: 14 S. K. Nayak 14.6
Mobile IP motivation • Changing of IP address
– DNS updates take to long time– TCP connections break– security problems
• Changing entries in routing tables– does not scale with the number of mobile hosts and
frequent changes in the location– security problems
Session: 14 S. K. Nayak 14.7
Mobile IP requirements
• Solution requirements– retain same IP address– use same layer 2 protocols– authentication of registration messages, …
Session: 14 S. K. Nayak 14.8
Mobile IP: Basic Idea
Router1
Router3
Router2
S MN
Home agent
Source: Vaidya
Session: 14 S. K. Nayak 14.9
Mobile IP: Basic Idea
Router1
Router3
Router2
S MN
Home agent
Foreign agent
move
Packets are tunneledusing IP in IP
Source: Vaidya
Session: 14 S. K. Nayak 14.10
Mobile IP: Terminology
• Mobile Node (MN)– node that moves across networks without changing
its IP address• Correspondent Node (CN)
– host with which MN is “corresponding” (TCP)• Home Agent (HA)
– host in the home network of the MN, typically a router– registers the location of the MN, tunnels IP packets to
the COA
Session: 14 S. K. Nayak 14.11
Terminology (contd.)
• Foreign Agent (FA)– host in the current foreign network of the MN,
typically a router– forwards tunneled packets to the MN, typically the
default router for MN• Care-of Address (COA)
– address of the current tunnel end-point for the MN (at FA or MN)
– actual location of the MN from an IP point of view
Session: 14 S. K. Nayak 14.12
Data transfer to the mobile system
Internet
sender
FA
HA
MN
home network
foreignnetwork
receiver
1
2
3
1. Sender sends to the IP addr of MN, HA intercepts packet (proxy ARP)2. HA tunnels packet to COA, here FA, by encapsulation3. FA forwards the packet to the MN
Source: Schiller
CN
Session: 14 S. K. Nayak 14.13
Data transfer from the mobile system
Internet
receiver
FA
HA
MN
home network
foreignnetwork
sender
1
1. Sender sends to the IP address of the receiver as usual, FA works as default router
Source: Schiller
CN
Session: 14 S. K. Nayak 14.14
Mobile IP: Basic Operation
• Agent Advertisement• MN Registration • HA Proxy• Packet Tunneling
Session: 14 S. K. Nayak 14.15
Agent Advertisement
• HA/FA periodically send advertisement messages into their physical subnets
• MN listens to these messages and detects, if it is in home/foreign network
• MN reads a COA from the FA advertisement messages
Session: 14 S. K. Nayak 14.16
Agent advertisement
preference level 1router address 1
#addressestype
addr. size lifetimechecksum
COA 1COA 2
type sequence numberlength
0 7 8 15 16 312423code
preference level 2router address 2
. . .
registration lifetime
. . .
R B H F M G V reserved
Session: 14 S. K. Nayak 14.17
MN Registration
• MN signals COA to the HA via the FA• HA acknowledges via FA to MN• limited lifetime, need to be secured by authentication
Session: 14 S. K. Nayak 14.18
Registration
t
MN HAregistrationrequest
registration
reply
t
MN FA HAregistrationrequestregistrationrequest
registration
reply
registration
reply
Session: 14 S. K. Nayak 14.19
Registration request
home agent
home address
type lifetime
0 7 8 15 16 312423
rsv
identification
COA
extensions . . .
SBDMGV
Session: 14 S. K. Nayak 14.20
HA Proxy and Tunneling• HA Proxy
– HA advertises the IP address of the MN (as for fixed systems)
– packets to the MN are sent to the HA – independent of changes in COA/FA
• Packet Tunneling– HA to MN via FA
Session: 14 S. K. Nayak 14.21
Encapsulation
original IP header original data
new datanew IP header
outer header inner header original data
Session: 14 S. K. Nayak 14.22
IP-in-IP encapsulation• IP-in-IP-encapsulation (mandatory in RFC 2003)
– tunnel between HA and COA
Care-of address COAIP address of HA
TTLIP identification
IP-in-IP IP checksumflags fragment offset
lengthTOSver. IHL
IP address of MNIP address of CN
TTLIP identification
lay. 4 prot. IP checksumflags fragment offset
lengthTOSver. IHL
TCP/UDP/ ... payload
Session: 14 S. K. Nayak 14.23
IP header fields
Source and Destination addresses are those of the tunnel end points
• Internet header length : – Length of outer header in 32 bit words
• Total length :– Measures length of entire encapsulated IP datagram
• Don’t fragment bit :– Copied from inner header if set
• Time to live TTL: – Appr time to deliver to tunnel exit
Session: 14 S. K. Nayak 14.24
Routing failures
• If IP source addr of datagram matches that of the receiving router itself, then discard packet
• If IP source addr matches that of the tunnel exit point, then discard packet
Session: 14 S. K. Nayak 14.25
ICMP messages from the tunnel
Encapsulator may receive ICMP messages from any intermediate router in the tunnel other than exit
• Network unreachable:– Return dest unreachable message to org sender
• Host unreachable:– Return host unreachable message
• Datagram too big:– Relay ICMP datagram too big to org sender
Session: 14 S. K. Nayak 14.26
ICMP error messages (contd.)
• Source route failed:– Handled by encapsulator itself and MUST NOT relay
message to orginal sender• Source quench:
– SHOULD NOT relay message to original sender , SHOULD activate congestion control mechanism
• Time exceeded:– MUST be reported to original sender as host
unreachable message
Session: 14 S. K. Nayak 14.27
Tunnel management
• ICMP requires routers to return 8 bytes of datagram beyond IP header– This may not contain the original datagram
• So not always possible for encapsulator to relay ICMP messages from interior of tunnel to original sender
Session: 14 S. K. Nayak 14.28
Tunnel soft state
• Encapsulator maintains “soft state” about tunnel– MTU of the tunnel– TTL (path length) of tunnel– Reachability of the tunnel
• Encapsulator updates soft state based on ICMP messages received
Session: 14 S. K. Nayak 14.29
Tunnel management (example)
• If TTL of received packet is less than the TTL value in soft state, then return error message to sender
• If size of received datagram is bigger than MTU of tunnel and if “don’t fragment” bit set, then return datagram too big message to sender
Session: 14 S. K. Nayak 14.30
Mobile IP: Other Issues
• Reverse Tunneling– firewalls permit only “topological correct“ addresses
• Optimizations– Triangular Routing: HA informs sender the current
location of MN – Change of FA: new FA informs old FA to avoid packet
loss
Session: 14 S. K. Nayak 14.31
Reverse tunneling (RFC 3024)
Internet
receiver
FA
HA
MN
home network
foreignnetwork
sender
3
2
1
1. MN sends to FA2. FA tunnels packets to HA by encapsulation3. HA forwards the packet to the receiver (standard case)
CN
Session: 14 S. K. Nayak 14.32
Mobile IP: Reverse tunneling
• Router accept often only “topological correct“ addresses (firewall!)– a packet from the MN encapsulated by the FA is
now topological correct– furthermore multicast and TTL problems solved
(TTL in the home network correct, but MN is too far away from the receiver)
Session: 14 S. K. Nayak 14.33
Reverse tunneling
• Reverse tunneling does not solve– problems with firewalls, the reverse tunnel can be
abused to circumvent security mechanisms (tunnel hijacking)
– optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing)
Session: 14 S. K. Nayak 14.34
Optimization of forwarding
• Triangular Routing– sender sends all packets via HA to MN– higher latency and network load
• “Solutions”– sender learns the current location of MN– direct tunneling to this location– HA informs a sender about the location of MN
Session: 14 S. K. Nayak 14.35
Binding
• Registration: When node acquires a new care-of address
• Intimation: Node must intimate to – HA– Correspondent node
• Binding Ack: Node may expect an Ack• Life-time: Node should know its likely time of
association.
Session: 14 S. K. Nayak 14.36
Binding Update
Option Type
A H L RESUME LIFE TIME
IDENTIFICATION
CARE-OF ADDRESS
Node maintains a counter and increments it as and when itacquires a c/o addrBinding update is identified by this field.
Care of address acquired by node is reflected in this field
Binding updatesurvives for the time specified as Life Time
Distinguishing Link-Local address
H=1 : Request to serve as Home AgentL=1 : Link-Local Address included A=1 : Ack reqd.
HOME LINK LEVEL ADDRESS
Option Length
Session: 14 S. K. Nayak 14.37
Binding Ack Option Type Option Length
IDENTIFICATION
Refrsh Life Time
Field copied fromreceived
Binding-update
Life -time for whichBinding will be cached
Session: 14 S. K. Nayak 14.38
Mobile Node Operation
• IP decapsulation• Send Binding updates• Receive Binding Ack• Keep track of Nodes (because of Life-time)• Send Binding Updates using Routing Header
Session: 14 S. K. Nayak 14.39
Correspondent Node Operations
• Process received Binding Updates
• Send Binding-Ack
• Maintain Binding-Cache
• Maintain Security Association
Session: 14 S. K. Nayak 14.40
Packet Delivery at CN
Entries inBinding-
Cache
YesNo
Send to HAUsing NormalProcedure
Send Directly to Care-of Addr
ICMPError
MessageRecd
Yes
Delete entry inBinding -CacheWait for fresh Binding
Session: 14 S. K. Nayak 14.41
Home Agent Operations
• Send Binding-Ack to Binding Updates• Encapsulate Packets for tunneling• Neighbour Advertisement• Proxy Neighbour Advertisement• Home Agent Discovery• Handle returned ICMP errors
Session: 14 S. K. Nayak 14.42
Change of FA
• packets on-the-fly during the change can be lost• new FA informs old FA to avoid packet loss, old FA
now forwards remaining packets to new FA• this information also enables the old FA to release
resources for the MN
Session: 14 S. K. Nayak 14.43
Change of foreign agent CN HA FAold FAnew MN
t
request
update
ACK
data dataMN changeslocation
registration
update
ACKdata
data datawarning
update
ACK
datadata
registration
Session: 14 S. K. Nayak 14.44
Mobile IP Summary
• Mobile node moves to new location• Agent Advertisement by foreign agent• Registration of mobile node with home agent• Proxying by home agent for mobile node• Encapsulation of packets• Tunneling by home agent to mobile node via
foreign agent