1 / 96

Mobile Networking

Mobile Networking. As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will Ivancic – wivancic@grc.nasa.gov. Outline. Mobile Networking Solutions Aeronautical Telecommunication Network (ATN) Mobile-IPv4 Operation

keren
Télécharger la présentation

Mobile Networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile Networking As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will Ivancic – wivancic@grc.nasa.gov

  2. Outline • Mobile Networking Solutions • Aeronautical Telecommunication Network (ATN) • Mobile-IPv4 Operation • Secure Mobile Network Demonstration • Mobile-IPv6 Operation • Networks In Motion (NEMO) • NASA Glenn Research Center Research

  3. Mobile Networking Solutions • Routing Protocols •  Route Optimization •  Convergence Time •  Sharing Infrastructure – who owns the network? • Mobile-IP •  Route Optimization •  Convergence Time •  Sharing Infrastructure •  Security – Relatively Easy to Secure • Domain Name Servers •  Route Optimization •  Convergence Time •  Reliability

  4. Aeronautical Communication Requirements for ATN • Interoperability with existing subnetworks • High availability • Mobile Communication • Message prioritization • Policy based routing • Security • Just now being considered • Bit Efficiency • Support for multiple mobile subnetworks • Mobile platform forms its own Routing domain

  5. Aeronautical Communication Requirements – Questions? • How much is politics, how much is technical requirements. • Policy based routing • Is this a political or technical requirement? • Security – Previously undefined • Can Links handle Authentication, Authorization, Accounting and Encryption? • Bit Efficiency • Is this due to limited links. • Load Sharing of RF links • Is this specified, implied or not necessary • Current (and perhaps future) implementations of Mobile Networking do not support this.

  6. ATN Non-Requirements • Sharing Infrastructure • Multicasting • Interoperate with non-ATN applications • Unidirectional Link Routing • Use of Commodity products and protocols • Cost Effective • Flexible • Adaptable • Evolvable

  7. ATN Solutions for Mobility • Uses Inter-Domain Routing Protocol (IDRP) for routing • Implements distributed IDRP directory using Boundary Intermediate Systems (BISs) • Two level directory • ATN Island concept consisting of backbone BISs • Home BISs concept • Scalability obtained by the two level structure • Resilience is provided by the distributed approach

  8. ATN • ATN Routing uses the IDRP Routing Protocol • IDRP supports policy IDRP supports policy-based based routing which allows administrations to autonomously control use of their network • IDRP supports mobility by permitting aggregate routes to be selectively propagated through the network

  9. Mobile RD Mobile RD Non-ATN RD Fixed ATN ERD Fixed ATN ERD ATN Island Routing Domain Confederation Structure To another ATN Island ATN Backbone RDC ATN TRD ATN TRD ATN TRD ERD – End RD RDC – RD Confederation ATN Island RDC TRD – Transit RD

  10. Mobile RD Internet Internet Fixed ATN ERD Pick Your Satellite Service Suppliers Pick Your Radio (i.e.802.11) ATN Backbone RDC ATN TRD ATN TRD ATN Island RDC

  11. Moblile-IP Operation IPv4

  12. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames Bi-directional Tunnel if Reverse Tunneling Is specified. 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  13. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  14. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents (Reverse Tunneling) Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  15. DHCP or Connection Established Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames Bi-directional Tunnel if Reverse Tunneling Is specified. 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  16. Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  17. Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address (Reverse Tunneling) Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

  18. Tunnel-0 Tunnel-1 Internet Mobile-Router (IPv4) Mobile Router 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface Bi-directional Tunnel if Reverse Tunneling Is specified. 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 139.88.100.1 FA WAN Foreign Agent 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

  19. Internet Mobile-Router (IPv4) Mobile Router (Reverse Tunneling) 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 FA WAN Tunnel-1 Foreign Agent 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

  20. Tunnel-1 Foreign Agent No Foreign Agent No Second Tunnel Internet Mobile-Router (IPv4) Collocated Care-Of-Address 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 FA WAN 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

  21. Internet Mobile-Router (IPv4) Collocated Care-Of-Address 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 Access Router 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

  22. Mobile Networking Additional Features Geographically Distributed Home Agents Asymmetrical Pathing

  23. X Secondary Home Agent Secondary Home Agent(reparenting the HA) Primary Home Agent Reparenting Home Agent Helps resolve triangular routing Problem over long distances

  24. If primary control site becomes physically inaccessible but can be electronically connected, a secondary site can be established. If primary control site is physically incapacitated, there is no backup capability. Emergency Backup(Hub / Spoke Network)

  25. If primary control site is physically incapacitated, a second or third or forth site take over automatically. Secondary Home Agent(Fully Meshed Network) 3 5 1 4 2

  26. Internet Home Agent Foreign Agent Foreign Agent Asymmetrical Pathing DVB Satellite MilStar, Globalstar, Others Mobile Router

  27. Securing Mobile and Wireless Networks Some ways may be “better” than others!

  28. Constraints / Tools • Policy • Architecture • Protocols

  29. IPv4 Utopian Operation CN US Coast Guard Operational Network (Private Address Space) Public Internet US Coast Guard Mobile Network HA Triangular Routing FA MR

  30. IPv4 Mobile-IP Addressing • Source Address is obtained from • Foreign Agent • Static Collocated Care-of-Address (CCoA) • DHCP via Access Router (Dynamic CCoA) • Private Address space is not routable via the Open Internet • Topologically Incorrect Addresses should be blocked via Ingress or Egress filtering

  31. Proxy had not originated the request; therefore, the response is squelched. Peer-to-peer networking becomes problematic at best. Glenn Research Center Policy: No UDP, No IPSec, etc… Mobile-IP stopped in its tracks. What’s your policy? USCG Requires 3DES encryption. WEP is not acceptable due to known deficiencies. Ingress or Egress Filtering stops Transmission due to topologically Incorrect source address. IPv6 Corrects this problem. IPv4 “Real World” Operation CN US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA FA MR

  32. Current Solution – Reverse Tunneling CN Adds Overhead and kills route optimization. US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA FA Anticipate similar problems for IPv6. MR

  33. MR MR ACME Shipping Canadian Coast Guard FA FA ACME SHIPPING HA Public Internet MR HA US Coast Guard HA Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue. MR HA US Navy Shared Network Infrastructure

  34. ENCRYPTION ON THE RF LINK ENCRYPTION AT THE NETWORK LAYER VIRTUAL PRIVATE NETWORK HEADER HEADER HEADER HEADER PAYLOAD ORIGINAL PACKET Security • Security  Bandwidth Utilization  • Security  Performance  • Tunnels Tunnels Tunnels and more Tunnels • Performance  Security   User turns OFF Security to make system usable! • Thus, we need more bandwidth to ensure security.

  35. Additional and FutureSecurity Solutions • AAA • Routers (available today) • Wireless bridges and access points (available 2002) • IPSec on router interface • Encrypted radio links • IPSec, type1 or type2, and future improved WEP

  36. Conclusions • Security Breaks Everything  • At least it sometimes feels like that. • Need to change policy where appropriate. • Need to develop good architectures that consider how the wireless systems and protocols operate. • Possible solutions that should be investigated: • Dynamic, Protocol aware firewalls and proxies. • Possibly incorporated with Authentication and Authorization.

  37. USCGC Neah Bay Project Mobile Networking in an Operational Network

  38. Mobile Network Design Goals • Secure • Scalable • Manageable • Ability to sharing network infrastructure • Robust

  39. Neah Bay / Mobile Router Project Detroit Foreign-Agent Neah Bay Outside of wireless LAN range, connected to FA via Inmarsat. Neah Bay Connected to FA via wireless LAN at Cleveland harbor Foreign-Agent Somewhere, USA Cleveland Foreign-Agent Internet Home-Agent Anywhere, USA

  40. Why NASA/USCG/Industry • Real world deployment issues can only be addressed in an operational network. • USCG has immediate needs, therefore willingness to work the problem. • USCG has military network requirements. • USCG is large enough network to force full us to investigate full scale deployment issues • USCG is small enough to work with. • NASA has same network issues regarding mobility, security, network management and scalability.

  41. Mobile-Router Advantages • Share wireless and network resources with other organizations • $$$ savings • Set and forget • No onsite expertise required • However, you still have to engineer the network • Continuous Connectivity • (May or may not be important to your organization) • Robust • Secondary Home Agent (Reparenting of HA)

  42. MR MR ACME Shipping Canadian Coast Guard FA FA ACME SHIPPING HA Public Internet MR HA US Coast Guard HA Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue. MR HA US Navy Shared Network Infrastructure

  43. We Are Running with Reverse Tunneling • Pros • Ensures topologically correct addresses on foreign networks • Required as requests from MR LAN hosts must pass through Proxy inside main firewall • Greatly simplifies setup and management of security associations in encryptors • Greatly simplifies multicast – HA makes for an excellent rendezvous point. • Cons • Uses additional bandwidth • Destroys route optimization

  44. MR Tunnel Endpoint (Public Space) PROXY USCG INTRANET 10.x.x.x HA Tunnel Endpoint (Public Space) Encryption Mobile LAN 10.x.x.x INTERNET FIREWALL FA - Detroit Encryption HA FA – Cleveland 802.11b link Public Address

  45. PROXY USCG INTRANET 10.x.x.x Open Network Data Transfers Dock Encryption Mobile LAN 10.x.x.x EAST WEST INTERNET FIREWALL FA - Detroit Dock Encryption EAST WEST HA FA Cleveland 802.11b link Public Address USCG Officer’s Club

  46. PROXY USCG INTRANET 10.x.x.x Encrypted Network Data Transfers Dock Encryption Mobile LAN 10.x.x.x EAST WEST INTERNET FIREWALL FA - Detroit Encryption EAST WEST HA Dock FA Cleveland 802.11b link Public Address USCG Officer’s Club

  47. RF Bandwidth 7 Kbps to 56 Kbps in 7 Kbps chunks (1 to 2.5 seconds delay) 11.0 Mbps (auto-negotiated and shared with Officer’s Club) Dock Encryption Mobile LAN 10.x.x.x EAST 1.0 Mbps (manually set) 1.0 Mbps (manually set) WEST

  48. Globalstar/Sea Tel MCM-8 • Initial market addresses maritime and pleasure boaters. • Client / Server architecture • Current implementation requires call to be initiated by client (ship). • Multiplexes eight channels to obtain 56 kbps total data throughput. • Full bandwidth-on-demand. • Requires use of Collocated Care-of-Address

  49. RF Technologies • Globalstar (L-Band) • Globalstar MCM-8 (Client/Server) • Seatel MCM-3 (Client/Server) • Qualcomm MDSS-16 • Boeing Connex (Ku-Band) • INMARSAT Swift 64 • General Packet Radio Service (GPRS) • 802.11 • VHF

More Related