1 / 21

Yoshihiro Ohba, Ashutosh Dutta (Ed.), Victor Fajardo, Kenichi Taniuchi, Rafa Lopez,

Media Independent Pre-Authentication and Implementation (draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt). Yoshihiro Ohba, Ashutosh Dutta (Ed.), Victor Fajardo, Kenichi Taniuchi, Rafa Lopez, Henning Schulzrinne Presented by: Ashutosh Dutta

lilike
Télécharger la présentation

Yoshihiro Ohba, Ashutosh Dutta (Ed.), Victor Fajardo, Kenichi Taniuchi, Rafa Lopez,

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Media Independent Pre-Authentication and Implementation(draft-ohba-mobopts-mpa-framework-03.txt) (draft-ohba-mobopts-mpa-implementation-03.txt) Yoshihiro Ohba, Ashutosh Dutta (Ed.), Victor Fajardo, Kenichi Taniuchi, Rafa Lopez, Henning Schulzrinne Presented by: Ashutosh Dutta 67th IETF, San Diego

  2. Outline • Motivation • Related Work • MPA Framework Overview • Optimization Features • Implementation Results • Intra-technology, Inter-domain • Inter-technology, Inter-domain • Bootstrapping Layer 2 • Deployment Considerations • Conclusion & Future Work

  3. Motivation • Secured seamless convergence requires that jitter, delay and packet loss are limited for real-time applications without compromising the security • ITU G.114 defines 150 ms end-to-end delay and 3% packet loss for VoIP • Handoff delays exist at several layers • Layer 2 (handoff between AP/BS), Layer 3 (IP address acquisition and other configuration parameters), Binding Update, Authentication, Authorization • The challenge is even greater when moving between heterogeneous networks • Mutiple access characteristics (802.11, CDMA, 802.16, GSM) • Multiple AAA domains • Diverse QoS requirement • Different configuration mechanism (e.g., DHCP, PPP) • Different mobility requirement (802.11, GPRS, 802.16)

  4. Mobility Optimization - Related Work • Cellular IP, HAWAII - Micro Mobility • MIP-Regional Registration, Mobile-IP low latency, IDMP • FMIPv6, HMIPv6 (IPv6) • Yokota et al - Link Layer Assisted handoff • Shin et al, Velayos et al - Layer 2 delay reduction • Gwon et al, - Tunneling between FAs, Enhanced Forwarding PAR • SIP-Fast Handoff - Application layer mobility optimization • DHCP Rapid-Commit, Optimized DAD - Faster IP address acquisition

  5. Media-independent Pre-Authentication (MPA) • MPA is a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed a-priori to establishing L2 connectivity to a network where mobile may move in near future • Primarily three phases • Pre-authentication • Pre-configuration • Proactive Handover • MPA provides a secure and seamless mobility optimization that works for Inter-subnet handoff, Inter-domain handoff and Inter-technology handoff • MPA works with any mobility management protocol • Works with any network discovery scheme (IEEE 802.21, 802.11u, CARD etc.) Client Authentication AP Switching IP address configuration & IP handover AP Discovery Conventional Method Time Pre-authentication MPA Time Packet Loss Period

  6. Home Network HA MN-AR key MN-CA key Data in new domain BU Pre configuration Tunneled Data Proactive handover tunneling end procedure pre-authentication L2 handoff procedure MN A(Y) MPA Overview (Inter-domain, Intra-Tech) 1. DATA[CN<->A(X)] 2. DATA [CN<->A(Y)] over proactive handover tunnel [AR<->A(X)] CN 3. DATA[CN<->A(Y)] BA AA CA AR Domain X Domain Y Data in old domain MN CN: Correspondent Node MN: Mobile Node AA: Authentication Agent CA: Configuration Agent AR: Access Router BA: Buffering Agent A(X)

  7. MN-CA key MN-CA key AA AA CA CA Mobile AR MPA-assisted Seamless Handoff (a deploymentscenario) CTN – Candidate Target Networks TN – Target Network Network 4 AR Information Server CN INTERNET Network 3 Network 2 AR Current Network 1 TN AR CTN AP1 AP2 AP3 AP1 Coverage Area AP 2 & 3 Coverage Area

  8. Key Optimization Features for MPA • Pre-authentication • L3 , L2 layer pre-authentication • Pre-Configuration • Proactive IP Address Acquisition (Stateful, Stateless) • Proactive Duplicate IP Address Detection • Proactive Address Resolution • Proactive Mobility Binding Update • Security bootstrapping • Link Layer • IP Layer • Layer 2 optimization • Dynamic Buffering Scheme • Buffering and Copy-Forwarding • Tunnel Management

  9. Protocol Set for current MPA prototype

  10. Comparison - Intra-Technology, Inter-domain Handover (Case- I) Audio output comparison Delay and packet loss statistic

  11. Inter Technology, Inter-domain • Scenario 1: If multiple interfaces can be simultaneously used during handover • Scenario 2: If multiple interfaces cannot be simultaneously used during handover, then it is not easy to support seamless handover from one interface to another • This can happen when the old interface suddenly becomes unavailable (this can happen over Wi-Fi link) Application Traffic CN CN Application Traffic Wi-Fi EV-DO Wi-Fi EV-DO Sudden Link down Handover Signaling MN MN During Handover (Packet loss incurred) After Handover MN: Mobile Node CN: Correspondent Node Scenario 2: Multiple Interfaces cannot be used simultaneously

  12. MPA Framework - Inter-domain, Inter-Tech • Demonstration Scenario • Sudden Disconnection from WiFi Network • The handover tunnel server is placed outside the EV-DO network, instead of placing it at the access router of EV-DO • MN: Linux PC • CN: Linux PC or Windows CE cell-phone • Handover tunnel server: Linux PC • Wireless LAN: 802.11b • Handover tunnel encapsulation method: IP-in-IP • Handover tunnel management protocol: PANA • Application: Skype CN (Linux PC or WinCE cell-phone) Handover Tunnel Server (Linux PC) Wi-Fi (802.11b) EV-DO • Packet loss = 0 • Handoff Delay = 50 – 60 ms • Duplicate Packets = 10 MN (Linux PC)

  13. Typical Roaming architecture

  14. Layer 2 Pre-authentication and bootstrapping

  15. MPA L2 pre-authentication

  16. Deployment Considerations • Authentication State Management • Pre-allocation of QoS resources • Scalability and Resource Allocation • Failed Switchover during handover • Ping-Pong Effect • Pre-authentication with multiple CTNs • Multicast Mobility • MPA for IMS Networks • Applicability to other Fast-handoff approaches • L3 and L2 pre-authentication • MPA’s stateful proactive configuration

  17. MPA and Multicast Mobility • Communicates the group address during pre-authentication phase • Provides multicast stream proactively • Reduces JOIN latency • Applicable to Remote subscription-based and home subscription-based approach NAR AA PAR Home subscription-based approach Remote subscription-based approach

  18. MPA for IMS/MMD Network SPE AS Home Network WiFi Network AAA/HSS DHCP HA Network 3 Internet S/I-CSCF P/I-CSCF DHCP DHCP Network 2 Network 1 PDIF/PDG P/I-CSCF PDSN P/I-CSCF PDSN DHCP AP PCF PCF

  19. MPA to pre-allocate end-to-end QoS • Use MPA and NSIS to reserve the end-to-end QoS guarantee for the new interface and the target network while using the old interface • Choose the target network based on the available end-to-end QoS

  20. Related Drafts • draft-ohba-mobopts-heterogeneous-requirement-01.txt • draft-ohba-pana-preauth-00.txt • draft-ohba-preauth-ps-00.txt • draft-yacine-preauth-ipsec-01.txt

  21. MPA attempts to address the issues of inter-domain handover and heterogeneous handover MPA framework in conjunction with network discovery provides an optimized handover solution independent of mobility management protocol Current Implementation results of MPA Inter-domain, Intra-tech Inter-domain, Inter-tech Layer 2 bootstrapping MIPv6 and SIP-based mobility Protocols Results of FMIPv6 without pre-authentication support and MPA exhibit comparable performance characteristics and is bound by layer 2 delay MPA’s pre-authentication part has been adopted by HOKEY WG Implement other functionalities of MPA Performance results with multiple pre-authentication in the neighboring networks Performance of MPA for IMS/MMD network Performance of MPA for Multicast Mobility Experiment with MPA’s pre-authentication mechanism to augment FMIPv6 Conclusions Future Work

More Related