1 / 33

Mobile IP

Mobile IP. Miae Woo. Motivation for Mobile IP. Routing based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet

aman
Télécharger la présentation

Mobile IP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile IP Miae Woo

  2. Motivation for Mobile IP • Routing • based on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet • change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables • Specific routes to end-systems? • change of all routing table entries to forward packets to the right destination • does not scale with the number of mobile hosts and frequent changes in the location, security problems • Changing the IP-address? • adjust the host IP address depending on the current location • almost impossible to find a mobile system, DNS updates take to long time • TCP connections break, security problems

  3. What is Mobile IP? • A modification to IP that allows nodes to continue to receive datagrams no matter where they happen to be attached to the Internet • Topics • Advertisement - Agent discovery • Registration • Tunneling • Route optimization

  4. Mobile node (MN) a host or router that changes its point of attachment without changing its IP address Home agent (HA) a router on a mobile node’s home network delivers datagrams to departed MNs maintains current location information for each departed MN Foreign agent (FA) a router on a mobile node’s visited network coorporates with the the HA to complete the delivery of datagrams to the departed MN Correspondent Node (CN) Communication partner Internet Subnet A - a physical network for mobile hosts MN FA HA Subnet B Subnet C MN FA FA Functional Entities CN

  5. Protocol Overview • Agent discovery • HAs and FAs advertise their availability • Registration Request / Reply • Registers MN’s care-of address (COA) to the HA • authentication • registration lifetime • Registration response and binding • Tunneling • To deliver datagram to the MN, the HA tunnels the datagram to the COA • IP-in-IP Encapsulation • Minimal Encapsulation • Generic Record Encapsulation (GRE)

  6. Protocol Procedures Subnet A 5. Registration Response and binding 7. Datagram is intercepted by HA and tunneled to care-of address HA 6. Datagram to MN arrive on home network via standard IP routing Internet Subnet B Subnet C FA 0. MN moves to subnet B 1. Agent Advertisement Correspondent Node 2. Determine whether it is on its home network or a foreign network 3. Obtain a care-of address 4. Registration Request

  7. IP Datagram Flow Subnet A 2. The datagram is intercepted by the HA and is tunneled to the care-of address. HA FA Internet 1. A datagram to the MN arrives on the home network via standard IP routing. 3. The datagram is detunneled and delivered to the MN. Subnet B Subnet C 4. Standard IP routing delivers each datagram sent by the MN to its destination. Correspondent Node

  8. Care-of Address Acquisition • A FA care-of address • a care-of address provided by a FA through its agent advertisement messages. • The care-of address is an IP address of the FA. • FA : • the endpoint of the tunnel • decapsulates tunneled datagrams and delivers the inner datagram to the MN • Advantage : no demand for IPv4 address space • A colocated care-of address • a care-of address acquired by the MN as a local IP address through some external means, which the mobile node then associate with one of its own network interfaces. • Advantage • MN : serves as the end point of the tunnel and performs decapsulation of the datagram • No need for the service of any HA.

  9. Agent Discovery • The method by which a MN • determines whether it is currently connected to its home network or to a foreign network • detects when it has moved from one network to another • Agent advertisement • formed by including a mobility agent advertisement extension in an ICMP (Internet Control Message Protocol) Router Advertisement message • A mobility agent transmits agent advertisements to advertise its services on a link. (max : 1/sec) • MNs use these advertisement to determine their current point of attachment to the Internet. • No authentication required

  10. Mobility Agent Extension Format • type : type to distinguish between various kinds of extensions; 16 • length : length of this single extension; (6+4*N), where N is the number of COA advertised • sequence number : count of agent advertisement messages sent since the agent was initialized • lifetime : the longest lifetime that this agent is willing to accept in any registration request • R : registration required (rather than using a colocated COA) • B : FA is busy • H : Home agent • F : Foreign agent • M : Minimal encapsulation • G : generic record encapsulation (GRE) • V : Van Jacobson header compression • care-of address : the advertised foreign agent care-of address provided by this FA

  11. Agent Discovery by MN • Registration required • when MN receives an agent advertisement with the R bit set • Intended to allow sites to enforce visiting policies, which require exchange of authorization • Returning home • when it receives an agent advertisement from its own HA • configure its routing table appropriately for its home network • deregister with its HA

  12. Provides a flexible and reliable mechanism for MNs to communicate their current reachability information to their HA Method used by MN to request forwarding services when visiting a foreign network inform its home agent of its current care-of address renew a binding that is due to expire deregister when it returns home Registration messages exchange the MN’s current binding information among a MN, its HA, and possibly a FA to create/modify a mobility binding at the HA associate the MN’s home address with its care-of address for the registration lifetime Registration

  13. FA advertises service Registration Overview by means of a foreign agent without intermediary MN HA MN FA HA MN request service MN request service FA relays request to HA HA accepts or denies HA accepts or denies FA relays status to MN • if a MN uses a colocated COA • if a MN is deregistering with its HA • if a MN is registering a foreign agent COA

  14. Registration Messages • Types • registration request • registration reply • Use UDP • Mobile IP defines its own retransmission to handle cases of dropped packets.

  15. Registration Request Fields • Type : 1 (registration request) • S : Simultaneous bindings; If set, the MN is requesting that the HA retain its prior mobility bindings • B : Broadcast datagrams; If set, the MN request that the HA tunnel to it any broadcast datagrams that it receives on the home network • D : Decapsulation; If set, the MN informs the HA that it will decapsulate datagram that are sent to the care-of address • Lifetime : The number of seconds remaining before the registration is considered expired • Identification : used for matching registration requests/replies and for preventing against replay attacks

  16. Registration messages between a MN and its HA are required to be authenticated with the mobile-home authentication extension. Type of authentication extensions The mobile-home authentication extension : require in all registration request/reply The mobile-foreign authentication extension The foreign-home authentication extension SPI (Security parameter index) select the authentication algorithm and mode, and secret used to compute the authenticator 0 ~ 255 : reserved Authenticator : variable length, depending on the SPI Authentication

  17. Encapsulation Decapsulation Destination Source Tunneling • Encapsulation • General tunneling • Generally useful for multicast and multiprotocol operation, security, privacy • Available methods • IP-in-IP encapsulation • Minimal encapsulation • GRE

  18. Original IP Header Original IP Payload Tunnel Endpoints Outer IP Header Inner IP Header Original IP Payload Other headers (optional) IP-in-IP Encapsulation • The outer IP header source and destination addresses identify the end-points of the tunnel. • The inner IP header source and destination addresses identify the original sender and recipient of the datagram. • No change in the inner IP header except to decrement the TTL by 1 • Other headers • IP authentication header • Allows fragmentation at the HA when needed to deal with tunnels with smaller path MTUs.

  19. Tunnel Endpoints Original IP Header Original IP Payload Destination IP address Outer IP Header Minimal Encapsulator Header Original IP Payload Minimal Encapsulation • To eliminate the duplication occurred in IP-in-IP encapsulation • Restriction on fragmentation • Header format

  20. original header original data outer header GRE header originalheader original data new header new data Generic Record Encapsulation • Can encapsulate numerous other protocols besides IP

  21. Router ARP Reply: Z_IP Z_MAC Z Home Agent X Y Router ARP Reply: Z_IP HA_MAC Home Agent X Y ARP, Proxy ARP, Gratuitous ARP • The HA is required to broadcast gratuitous ARPs as soon as the MN moves away from its home network and register a new care-of address. • The HA will continue to proxy ARP for MN until MN returns home. • After returning home, MN broadcasts gratuitous ARPs before deregistration. • The HA broadcasts gratuitous ARPs after accepting deregistration request.

  22. Route Optimization • To eliminate triangle routing problem • Route optimization extensions • Objective : route datagrams from a correspondent node to a MN without going to the HA first • Allow datagrams in flight when a MN moves and datagrams sent based on an out-of-date cached binding to be forwarded directly to the MN’s new care-of address • Authentication

  23. Route Optimization Overview • Update binding caches • Managing smooth handoffs between FAs • Acquiring registration keys for smooth handoffs • Using special tunnels • Concerned areas • Supplying a binding update to any correspondent node that needs one • Providing the means to create the needed authentication and replay protection so that the recipient of a binding update message can believe it • Allowing for the MN and FA to create a registration key for later use in making a smooth transition to a new point of attachment

  24. Foreign Agent Smooth Handoff • Make the transition as smooth as possible as MN moves from one point of attachment to the next • Achievable by delivering datagrams correctly even though they may arrive at the old care-of address • The new FA sends a binding update message to the previous FA as part of registration, requesting an ack from the previous FA. • The previous FA creates a binding cache entry for the MN to serve as a forwarding pointer. • MN and FA need to establish a new registration key

  25. Route Optimization Scenario Subnet B Subnet A HA FA1 Internet Subnet C Subnet D FA2 Host

  26. Route Optimization Procedure Internet Host HA FA1 MN FA2 Registration request Registration request Registration reply Registration reply Packet to MN Tunneling Delivery Binding Update Packet to MN Delivery MN Moved Registration request Registration request Registration reply Registration reply Binding Update Binding Ack Packet to MN Delivery Binding Warning Binding Update

  27. HA 2 MN Internet home network 1 sender FA foreignnetwork 1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case) 3 CN receiver Reverse tunneling (RFC 2344)

  28. Mobile IP with reverse tunneling • Router accept often only “topological correct“ addresses (firewall!) • a packet from the MN encapsulated by the FA is now topological correct • furthermore multicast and TTL problems solved (TTL in the home network correct, but MN is to far away from the receiver) • Reverse tunneling does not solve • problems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking) • optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing) • The new standard is backwards compatible • the extensions can be implemented easily and cooperate with current implementations without these extensions

  29. Mobile IP and IPv6 • Mobile IP was developed for IPv4, but IPv6 simplifies the protocols • security is integrated and not an add-on, authentication of registration is included (?) • COA can be assigned via auto-configuration (DHCPv6 is one candidate), every node has address autoconfiguration • no need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisement • MN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization) • ”soft“ hand-over, i.e. without packet loss, between two subnets is supported • MN sends the new COA to its old router • the old router encapsulates all incoming packets for the MN and forwards them to the new COA • authentication is always granted

  30. Problems with mobile IP • Security • authentication with FA problematic, for the FA typically belongs to another organization • no protocol for key management and key distribution has been standardized in the Internet • patent and export restrictions • Firewalls • typically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling) • QoS • many new reservations in case of RSVP • tunneling makes it hard to give a flow of packets a special treatment needed for the QoS • Security, firewalls, QoS etc. are topics of current research and discussions!

  31. DHCP: Dynamic Host Configuration Protocol • Application • simplification of installation and maintenance of networked computers • supplies systems with all necessary information, such as IP address, DNS server address, domain name, subnet mask, default router etc. • enables automatic integration of systems into an Intranet or the Internet, can be used to acquire a COA for Mobile IP • Client/Server-Model • the client sends via a MAC broadcast a request to the DHCP server (might be via a DHCP relay) DHCPDISCOVER DHCPDISCOVER server client client relay

  32. server (not selected) server (selected) initialization DHCPDISCOVER DHCPDISCOVER determine the configuration determine the configuration DHCPOFFER DHCPOFFER collection of replies selection of configuration time DHCPREQUEST(reject) DHCPREQUEST(options) confirmation of configuration DHCPACK initialization completed release DHCPRELEASE delete context DHCP - protocol mechanisms client

  33. DHCP characteristics • Server • several servers can be configured for DHCP, coordination not yet standardized (i.e., manual configuration) • Renewal of configurations • IP addresses have to be requested periodically, simplified protocol • Options • available for routers, subnet mask, NTP (network time protocol) timeserver, SLP (service location protocol) directory, DNS (domain name system) • Big security problems! • no authentication of DHCP information specified

More Related