1 / 39

MOBILE IP

MOBILE IP. Need for Mobile-IP. Current IP Routing is based upon Destination address. Processes communicating with each other use the IP address as a reference for communication end point

niran
Télécharger la présentation

MOBILE IP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MOBILE IP

  2. Need for Mobile-IP • Current IP Routing is based upon Destination address. • Processes communicating with each other use the IP address as a reference for communication end point • So, if a node changes its Link, it becomes unreachable for the processes communicating with processes running on that node. • Goal: To provide support for seemless mobility of hosts on the Internet.

  3. Need for Mobile-IP… • How about just changing the Node’s IP Address whenever it changes point of attachment? • Transport layer connections cannot survive a changing IP address, because they are based on the assumption that the IP address of the Source and Destination nodes will remain constant over the duration of a connection. • How to find a node whose IP address keeps changing?

  4. Need for Mobile IP… • Five characteristics to be considered as requirement to be satisfied by any candidate to be Mobile IP protocol. • MN should be able to maintain communication with other nodes after changing its link-layer point of attachment to the Internet, yet without changing its IP address • All messages used for transmitting information about a MN’s location must be authenticated • A mobile node should be able to communicate with any other mobile node that does not implement Mobile IP • Since the links directly attached to a MN is often a wireless link, control messages exchanged should be minimized • Mobile IP should place no additional constraints on the assignment of IP addresses. i.e., the address does not have to belong to any globally constrained range of addresses.

  5. Mobile IP : Terminology Home Net MN HA CN New Net Node Moves MN FA MN : Mobile Node. HA : Home Agent. FA : Foreign Agent. CN : Correspondent Node. COA : Care-of Address.

  6. Where does Mobile IP reside? • Mobile Protocols are to be implemented in three functional entities. • Mobile Node (MN) • Home Agent (HA) : A router with an interface on the mobile node’s home network, which is being informed by the MN of its current location (Care-of Address - COA). HA intercepts packets destined for the MN and tunnels them to the MN’s COA. • Foreign Agent (FA) : A router on the MN’s foreign network that assists the MN in informing its HA of its COA. Serves as default router for packets generated by the MN.

  7. Indirect Routing The route from the HA to FA is the TUNNEL. HA tunnels all packets for MN to FA, while FA detunnels them to the MN.

  8. Tunneling • A tunnel is the path followed by a first packet while it is encapsulated within the payload portion of a second packet.

  9. Agent Advertisement etc. • Agent Advertisement : An advertisement message constructed by attaching a special extension to the router advertisement message • Care-of-address :The termination point of the tunnel towards a MN. • Generally, the IP address of the FA (on any of its interfaces). • Co-located Care-of-Address : Externally obtained local address which the MN associates with its own network interface. • Home Address : Unchanging IP address of an MN. • Visitor List : The list of MNs visiting a FA (maintained at the FA).

  10. Mobile-IP Operation • Mobility Agents (HA & FA) advertise their presence via Agent Advertisement messages at regular time intervals. Also, an MN can solicit an Agent Adv. message. • These Agent Adv. messages help the MN to determine whether it is at Home or away. (Agent discovery) • MN operates without mobility services when at home, when it moves into a foreign network it obtains a COA. • MN at a foreign network, registers its new COA with its HA thro’ Registration Request and Reg. Reply messages.

  11. Mobile IP Operation… • HA intercepts all datagrams for the MN and tunnels them to the MN’s COA. • FA receives the datagrams and detunnels them to the MN. • In reverse direction, datagrams sent by the MN are delivered using standard IP Routing mechanisms.

  12. Details of Mobile IP • Agent Discovery : by the MN on receiving Agent advertisements. • Agent Advertisement : Limitation should be there on the rate of sending these advertisements. • Agent Solicitation : must be implemented at the MN, and limitation should be there on the rate of sending these solicitations. • All of the above are implemented by extending corresponding ICMP Router messages.

  13. How does the MN know it has moved? • Two primary mechanisms : • Lifetime field : If the MN fails to receive another Advertisement from the same agent within the specified Lifetime, it should assume it has lost contact. • Network Prefixes : If the prefixes of MN’s current COA and newly received Agent Advertisement differ, the MN may assume that it has moved.

  14. Registration • When a MN comes to know that it has moved, it needs to register the new COA with its HA. (sends a Registration Request) • Registration in most cases is through the FA. • If a MN returns to its Home, then it needs to deregister directly with its HA. • HA sends a Registration Reply to the MN through the FA. • Authentication : All these registration messages must be authenticated by a special extension field.

  15. Registration… Reg. Request Reg. Request MH FA HA Reg. Reply Reg. Reply Either FA or HA can deny a Registration Request, due to many reasons including Lifetime too long, Identification mismatch and authenticity failure. FA plays a passive role in Registration (just a mediator for MN and HA to talk !)

  16. Registration… • FA updates its Visitor list only after HA sends a valid Registration Reply. • HA also must update its Mobility binding after it accepts a Registration Request of an MN. • Tunneling: • FA and HA must support tunneling using IP in IP encapsulation (RFC 2003). • Also, MN must support tunneling if it is using co-located COA.

  17. Tunnel Management • The encapsulator maintains the following soft state information about each tunnel • MTU of the tunnel • TTL (path length) of the tunnel • Ability to reach the end of the tunnel • The encapsulator uses the ICMP messages it receives from the interior of the tunnel to update the soft-state information. This is maintained by using the following ICMP error messages received from inside the tunnel • Datagram too big • Time exceeded • Destination unreachable, etc • When the encapsulator checks the arrived datagram, it checks the soft-state of the tunnel to see if the datagram would cause an ICMP error message inside the tunnel, if so it will send an ICMP error message to the sender of the datagram

  18. Routing • MN Functions : • When at Home, an MN operates without the support of mobility services. • Choosing a router when registered at a Foreign network • If the mobile node is registered using a foreign agent’s care-of-address, then it may use that as the address of a default router. • If the mobile node has registered directly with the home agent using a co-located care-of address, then the MN should choose from the ICMP router advertisement messages it receives , the one with the same prefix as the care-of address chosen

  19. Routing… • HA Functions : • HA must be able to attract and intercept packets destined for the MN. Proxy and Gratuitous ARP may be used in enabling this interception. • A Proxy ARP is an ARP reply sent by one node on behalf of another node • A Gratuitous ARP is an ARP packet sent by a node to update ARP caches of other nodes • When it receives a datagram destined for a MN in its mobility binding list, it tunnels it to the MN’s COA. • If the HA supports optional capability of multiple simultaneous mobility bindings, it tunnels a copy to each care-of address in the binding list. • If the lifetime for a given mobility binding expires, it needs to be deleted from the mobility binding list, but it needs to keep any other non-expired simultaneous mobility bindings.

  20. Routing… • HA Functions …. • When HA receives a datagram, intercepted for one of its mobile nodes registered away from home, the HA checks if it is already encapsulated. If so, two cases arise: • If the inner (encapsulated) destination address is the same as the outer destination address (The MN’s home address), then the home agent examines the outer source address (i.e the source address of the tunnel). If the outer source address is same as the current care-of address of the MN, then it discards the datagram to prevent likely routing loop; else, it forwards the packet by simply altering the outer destination address to the current care-of address of the MN, rather than reencapsulating the datagram. • If the inner destination is not same as the outer destination address, it reencapsulates the datagram (recursive reencapsualtion) with the new outer destination address set to care-of address of the MN.

  21. Routing… • FA Functions : • On receipt of a datagram sent to its advertised COA, FA must compare the inner destination address to those entries in the Visitor list. If there is a match it needs to decapsulate the datagram and send it to the MN, else it discards the datagram. • Broadcast Datagrams:When a HA receives a broadcast datagram, • it only forwards it to mobile nodes in its list that have requested forwarding of broadcast datagrams. • A mobile node can set a specific bit in its registration request for doing this. • HA should never forward a ARP broadcast packet to a mobile node.

  22. Routing… • Multicast : MN must join a multicast group in order to receive multicast datagrams. It can do this in two ways. • MN can join a multicast group via a local multicast router (assuming there is one in the foreign network). • If the MN has a co-located care-of address, then it should use this as the IP source address for its IGMP (Internet Group Membership Protocol) messages; otherwise, it is required to use its home address • Alternatively, it may join multicast groups via a bidirectional tunnel to its home agent. • MN Sending multicast datagrams also has two options: • Either directly through the visited network. In this case the MN is required to use its co-located COA as source address. • Or via a tunnel to its HA. In this case the MN is required to use its home IP address as source address.

  23. Mobile Nodes as routers • A mobile node can be a router that is responsible for the mobility of one or more entire networks moving together, such as in airplanes, ships automobiles, etc. • The nodes connected to the network served by a mobile router may be fixed nodes, mobile nodes or routers • A mobile router may act as a foreign agent and provide a foreign agent care-of address to mobile nodes connected to the mobile network.

  24. Mobile Nodes as routers… • Typical routing to a mobile node via a mobile router • A laptop disconnected from home network and later attached to a network port on the seat back of an aircraft. Laptop uses mobile IP to register on this foreign network using a COA discovered through the aircraft’s agent advertisement • The aircraft network itself is mobile. Suppose the node serving as a foreign agent on the aircraft also serves as the default router that connects the aircraft network to the rest of the Internet. When the aircraft is at home, the the router is attached to a fixed network; while it is away it registers from time to time over its radio link with a series of foreign agents below it on the ground

  25. Mobile Nodes as routers… • Typical routing to a mobile node via a mobile router…. • Suppose some correspondent node sends a datagram to the laptop addressing the datagram to the laptop’s home address • Laptop’s home agent intercepts it and tunnels it to current care-of-address which in this example is an address of a router and foreign agent serving on the aircraft. Normal IP routing will route this to the airline’s headquarters • The home agent there intercepts this and tunnels it to the current care-of address, which in this example is some agent on the ground underneath the aircraft. The original datagram has now been encapsulated twice • The agent on the ground decapsulates it and sends it over the radio link to the aircraft. • The foreign agent on the aircraft decapsulates it yielding the original datagram and delivers it to the laptop’s link layer address.

  26. Security… • Mobile IP provides support for Registration authentication • Each mobile node, foreign agent and home agent is required to be able to support a mobility security association for mobile entities • The default algorithm used is keyed MD5 with a key size of 128 bits. • For this authentication to be useful, the key must be pseudorandom and secret, i.e., known only to authorized parties • Other authentication algorithms, algorithm modes, key distribution methods and key sizes may also be supported • Identification field is used to let the home agent verify that the registration message has been freshly generated, in order to prevent replay attacks

  27. Route optimization issues • Eliminating triangle routing involves • Supplying binding update to any correspondent node that needs one • Providing the means to create the needed authentication and replay protection so that the recipient of a binding update message can believe it. • Allowing the mobile node and foreign agent to create a registration key for later use in making smooth transition to a new point of attachment

  28. Route optimization solutions • Following are some ways for the mobile node and the foreign agent to obtain a registration key. • Use mobile node’s public key if it exists • Use foreign agent’s public key if it exists to enable home agent to create public keys for both entities • Use the security association scheme between foreign and home agents, if it exists, to enable the home agent to create registration keys for both entities • Use Diffe-Helman key exchange algorithm

  29. Route optimization overview • Binding caches • Allows any node to maintain a binding cache that contains the COA of one or more mobile nodes • A CN tunnels the packet directly to the COA of the mobile node if it has an entry in the binding cache • A node may create or update a binding cache entry for a mobile node only when it receives an authenticated binding • Each binding update message contains the lifetime of the binding • An entity responsible for sending binding update message is the home agent. When a home agent needs to tunnel a packet received from a source, it can send a binding update message to the source (no acks are needed for such messages because future such tunneling will trigger an update message, in case update messages are lost)

  30. Route optimization overview • Foreign agent smooth handoff • This provides a means for a MN’s previous foreign agent to be reliably notified of the MN’s new mobility binding, allowing the datagrams in flight to the MN’s previous foreign agent to be forwarded to the MN’s new COA. • A MN may request, as part of the registration procedure, that the new foreign agent notify its previous foreign agent. • The new foreign agent then builds a binding update message and sends it to the Mobile node’s previous foreign agent. • This will help the previous foreign agent forward any packets received by it while the MN is in transit.

  31. Route optimization overview • Foreign agent smooth handoff… • For the smooth handoff to be secure, during the registration with new foreign agent , usually the MN and the foreign agent need to establish a new shared secret key, called a registration key. This registration key is used to authenticate the notification sent to the previous foreign agent. • The mobile service extension of the foreign agent’s advertisement is revised under route optimization to include a bit indicating that the foreign agent supports smooth handoff. • This notification mechanism will be much more effective than a method involving the home agent because the current and previous foreign agents are likely to be close to each other.

  32. Miscellaneous issues and solutions • Firewalls and Ingress filtering: • Firewalls: Basic mechanism used by firewalls is filtering out any datagrams that do not meet specified criteria. For example, Enterprise firewalls are typically configured to block packets that appear to be emanating from local computers. This would prevent mobile nodes from communicating with nodes in their home network while they are away because the mobile nodes always use their home address. • Ingress filtering: (Ingress filtering was proposed to combat denial of service attacks) Many boarder routers discard packets that seem to emanate from an address that is external to the administrative domain. This will prevent a mobile node from sending packets from a foreign network.

  33. Miscellaneous issues... • Reverse tunneling • A solution to the problem caused by ingress filtering is to allow all datagrams from a mobile node registered away form its home network to be reverse tunneled or tunneled back to the home agent from its COA. • This would however degrade what was called triangle routing to quadrilateral routing • The advantage of reverse tunneling is that for the rest of the Internet, all datagrams from the mobile node seem to emanate from its home network

  34. Miscellaneous issues... • Two ways of Implementation of reverse tunneling (both use the COA as the source address of the tunnel as the IP header) • The foreign agent can keep track of the home agent with which the MN is registered and tunnel all datagrams from the MN to the home agent (a problem with this approach is that foreign agents are absolutely not required to perform encapsulation, this however is changing as per discussion in the mobile IP group) • The mobile node can perform the needed encapsulation (a problem with this approach is that the MN is seen as emanating a datagram from an IP source address that does not correspond to any IP address associated with its own network interfaces)

  35. IP Version 6 • Two constraints of IPv4 • Limited number of addresses (232) • Difficulty in managing routing tables • Today’s backbone routers must handle more than 30,000 routes • This is primarily due to the original design of the Internet address space, which partitioned the address space into Classes A, B,C, and D. In each class every network was of the same size. This led to highly fragmented address space

  36. IP Version 6 • Bigger address space • 128 bits of address space; sufficient to assign a separate address to nodes on every square inch of every planet in the solar system • Reduced administrative overhead • Much of the administrative load for IPv4 nodes involves allocating and managing their IPv4 addresses and their connectivity to the network • One requirement for IPv6 was the reduction or elimination of this work • Protocols such as Stateless address autoconfiguration (Thomson and Narten 1996) and neighbor discovery (Narten et al 1996) fulfilled this requirement • IPv6 nodes are able to configure their addresses automatically based on their individual characteristics and existing network configuration as disseminated by the routers on the networks.

  37. IP Version 6 • Support for address renumbering • Internet nodes cannot expect to keep the same address for their entire lifetime. E.g., a network or an enterprise Intranet will need to renumber the nodes based on topological change • An IPv6 node discovers the need for configuring a new IPv6 address for itself by means of messages defined as part of Neighbor discovery • Improved header processing • Reasonable security • Several security and authentication protocols have been implemented as part of any IPv6 product

  38. Support for Mobility in IPv6 • It borrows the ideas of home network, home agent and care-of-address form mobile IP for IPv4. Notably absent are foreign agents • In its broadest aspect, mobility is supported by the action of the mobile node, which takes the responsibility of supplying information to all corresponding nodes • The methods of IPv6 for automatic address configuration are perfect for configuring the new COA at each point of attachment. • Although the home agent, while not usually a node with which the mobile node maintains active connections, must nevertheless always be aware of any change in the care-of-address of the mobile node • When a home agent receives a datagram for a MN which has moved from home network, it uses IP6-in-IP6 encapsulation to deliver the datagram to the COA of the MN

  39. SourceRFC 2002 Mobile IP – by Charles E. Perkins

More Related