Presentation is loading. Please wait.

Presentation is loading. Please wait.

T-110.5110 Computer Networks II Mobility Issues 28.09.2009 Prof. Sasu Tarkoma.

Published byRoderick Whitehead Modified over 8 years ago

Similar presentations

Presentation on theme: "T-110.5110 Computer Networks II Mobility Issues 28.09.2009 Prof. Sasu Tarkoma."— Presentation transcript:

1 T-110.5110 Computer Networks II Mobility Issues 28.09.2009 Prof. Sasu Tarkoma

2 Contents Overview Mobile IP NEMO Transport layer solutions i3 SIP mobility

3 Mobility in the Internet This topic pertains to mobility of –Networks –Hosts –Transport connections –Sessions –Objects (passive, active) –Services –Users Many solutions are needed on multiple layers –Link layer, network, transport, application –Vertical and horizontal handoffs

4 No mobility High mobility mobile wireless user, using same access point mobile user, passing through multiple access point while maintaining ongoing connections (like cell phone) mobile user, connecting/ disconnecting from network using DHCP Moderate mobility Mobility Classification Protocols

5 Example topology A C B A5A5 B1B1 A1A1 A2A2 A3A3 A4A4 B4B4 B3B3 C1C1 C3C3 C4C4 C2C2 B2B2 AS10 Transit Stub AS20 Stub AS30 Stub AS40 Overlay node Regular node

6 Mobility What happens when network endpoints start to move? What happens when networks move? Problem for on-going conversations –X no longer associated with address –Solution: X informs new address Problem for future conversations –Where is X? what is the address? –Solution: X makes contact address available In practice not so easy. Security is needed!

7 Mobility Micro Macro Global Intra-subnet Intra-domain Inter-domain Cellular IP (1998) TMIP (2001) Hierarchical MIP (1996) Hawaii (1999) Dynamic Mobility Agent (2000) HMIPv6 (2001) MIP (1996) MIPv6 (2001) Time (evolutionary path) Classifying Mobility Protocols

8 Routing vs. mobility Topology data aggregation is necessary –Cannot track all hosts in the world –IP addresses determined by topology Network gives the routing prefix Mobile hosts must change their IP addresses –Causes sockets / connections to break How to communicate address changes? Two approaches: –Let routing handle it  not scalable Done by ad hoc routing protocols –Let end-systems handle it  protocol is needed Goal of a mobility protocol –Transport and applications do not see address changes –Mobility transparency

9 Networks: Mobility R Public Switched Data Network Router R RR R Backbone LAN Router MAN NAT AP GPRS/UMTS Access network NAT BS MH Ad hoc MH

10 Rendezvous How to find the moving end-point? –Tackling double jump What if both hosts move at the same time? Requires a rendezvous point Mobility management is needed! –Initial rendezvous –Can be based on directories –Requires fast updates to directories Does not work well for DNS

11 Security issues Address stealing –Alice and Bob communicate –Mallory tells Alice Bob is now at C Address flooding –Mallory downloads from Alice, Bob, etc. –Mallory tells everybody I have moved to C

12 Mobile IP Two versions –IPv4 (optional) –integrated into IPv6 (with IPSec security) Home Agent (HA) –Home address –Initial reachability –Triangular routing / reverse tunneling Route optimization –Tunnels to bypass HA –HA as a rendezvous point

13 Mobility Example:Mobile IP Triangular Routing Home agent Correspondent host Foreign agent Mobile host Home linkForeign link Ingress filtering causes problems for IPv4 (home address as source), IPv6 uses CoA so not a problem. Solutions: (reverse tunnelling) or route optimization Foreign agent left out of MIPv6. No special support needed with IPv6 autoconfiguration DELAY! Care-of-Address (CoA)

14 Ingress Filtering home agent correspondent host Packet from mobile host is deemed "topologically incorrect“ (as in source address spoofing) With ingress filtering, routers drop source addresses that are not consistent with the observed source of the packet

15 Reverse Tunnelling Home agent Correspondent host Router Mobile host Home linkForeign link DELAY! Care-of-Address (CoA) Firewalls and ingress filtering no longer a problem Double triangular routing leads to overhead and increases congestion Firewalls and ingress filtering no longer a problem Double triangular routing leads to overhead and increases congestion

16 Mobility Example:Mobile IPv6 Route Optimization Home agent Correspondent host Router Mobile host Home linkForeign link MH sends a binding update to CH when it receives a tunnelled packet. CH sends packets using routing header First, a Return Routability test to CH. CH sends home test and CoA test packets. When MH receives both, It sends the BU with the Kbm key. Secure tunnel (ESP)

17 Differences between MIPv4 and MIPv6 No FA is needed (no infrastructure change) Address auto-configuration helps in acquiring COA MH uses COA as the source address in foreign link, so no ingress filtering Option headers, and neighbor discovery of IPv6 protocol are used to perform mobility functions 128 bit IP addresses help deployment of mobile IP in large environments Route optimization is supported by header options

18 MIPv6 MIP6 utilizes IPv6 header options for signalling between the HA and CN. The important changes are a new extension header (mobility header) for the creation and management of binding, a new routing header type to allow packets to be routed directly from CN to a MN CoA (home address in ext), and a new destination type (MN to CN, home address again) MIP6 uses the new IPv6 autoconfiguration mechanism to determine the CoA, and thus does not need a FA. Using autoconfiguration, the MN receives Router Advertisements that contain the routing prefixes of the visited network. This prefix information is then combined with the interface ID (MAC address) of the MN to obtain the CoA. MIP6 also supports the dynamic discovery of the HA or HAs.

19 Extension Headers Mobility Header Upper Layer headers Data MH CN to MNMN to CN MN, HA, and CN for Binding MH Type in Mobility Header: Binding Update, Binding Ack, Binding Err, Binding refresh Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007

20 MIPv6 Operation: Mobile on a Foreign network 1 Stateless address Auto configuration (Acquiring COA) 2 Foreign Network 4 3 Duplicate address detection, Proxy neighbor discovery, and Binding cache update 5 Update Binding Update List Bidirectional tunnel Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007

21 MIPv6: Dynamic Home Agent Discovery 1 2 Home Agents List Preference Value Home Agent 26 Home Agent 12 Home Agents List Preference Value Home Agent 26 Home Agent 12 1 Dynamic Home Agent Address Discovery request to anycast address 2 DHAAD reply with addresses of home agents with their preferences Mobile Node 1 2 Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007

22 Source: Microsoft, Understanding Mobile IPv6

23 Security in Mobile IP MIPv6 RFC 3775/3776 –Protection of Binding Updates HA, CNs –IPsec extension headers or the binding authorization data option –Binding management key, Kbm, which is established through return routability procedure –Protection of mobile prefix discovery –Protection of the mechanisms that MIPv6 uses for transporting data Protecting binding updates –Must be secured through IPsec –ESP is used for updates and acks Shoulds: init messages, prefix discovery

24 Return Routability Mobile NodeCorrespondent NodeHome Agent HOTI ( HOme address Test Init) COTI ( Care-Of address Test Init ) HOTI COT ( Care-Of Test ) HOT ( HOme Test) HOT BU ACK BU

25 MN CN HA 4123 Can see HOT but not COT Claim to own home address Use current address as CoA. Offpath attack using refresh Sends COTI and HOTI to CN, construct Kbm  claim ownership of CoA send binding updates, break comms. with CN. Offpath attack Both HOTI and HOT are encrypted. Malicious node may be able to forward traffic to neighbor if has a valid HA MiTM attacks. Cannot construct Kbm.

26 Offpath attacks DoS attacks: memory/processing capability exhaustion. Connection termination. Reflection attacks. Victim’s IP address is spoofed, receiver will respond, causing messages sent to the victim –Ingress filtering can help MiTM attacks. Attacker compromises routers on-path. Route injection.

27 MIP specific attacks Prevent connections between CN and MN by picking a home address and RR Attacker can move to another location and refresh binding, continue deny service to MN while offpath Solutions –When location changes, MN runs RR (malicious node fails this if offpath) –Public keys and certificates, IKE –Cryptographically generated address (CGA)

28 CGA and MIP Each node has a key-pair Produce h(PK, data)  64 bits that can be used as the interface identifier Put this into IPv6 address host part  cryptographically generated address MN can prove it owns such an address by providing a signature inside a message CGA can be used to prove that a noede owns a particular addres, but not that a node is currently located at this address –  RR is needed

29 Other Issues in Mobile IP How does a Mobile node acquire a care-of-address in the foreign network?  By DHCP, Router advertisements, Manually If Home agent does not reply to registration request  Send the request to broadcast address (redundancy) Reducing registration frequency (in high mobility scenario)  FAs into a multicast group, into an anycast group, Hierarchy Security (denial of service attack by bogus registration request)  Authentication using MD5 hashes  Replay attacks are prevented by (timestamp or nonce) Source Routing Option to avoid Tunneling and triangular routing  Not feasible as the load on intermediate routers will be more

30 Hierarchical Mobile IP HMIPv6 is specified in RFC 4140 Introduces local Mobility Anchor Points (MAP) that are essentially Home Agents MAPs can be located at any level in a hierarchical network of routers, including the access routers. The aim of the HMIPv6 is to minimize the signaling latency and reduce the number of required signaling messages. As long as the MN stays inside one MAP domain it only needs to update its location with the MAP. The localized mobility management can also be completely handled on the network side without MN's involvement at the IP mobility protocol level.

31 NEMO It is also possible for a whole subnetwork to roam from one part of the Internet to another. Network Mobility (NEMO) is specified in RFC 3963 The technical solution of NEMO is based on MIP6. NEMO allows subnetworks to change their location in a network. This is realized using a mobile router that manages the mobile network. The mobile router updates its HA regarding the CoA of the mobile router. A NEMO compliant HA can act also as a MIP6 HA. The basic solution creates a bi-directional tunnel between the mobile router and the HA, which effectively keeps the mobile network reachable. Hosts behind the mobile router do not need to be aware of mobility in any way.

32 NEMO: Nested Tunneling Suboptimal routing (bidirectional tunnel) Header overhead (many headers) Resilience of HA (single HA) Long packet delay (many tunnels) Problems: Nested Mobile networks: A PAN in a train or a car

33 Hierarchical Mobile IP (HMIP) Internet Localizing Registrations HA FA 1 FA 2 FA 3 FA 4 FA 5 FA 6 MH@FA 1 MH@FA 2 MH@FA 4 MH@VL Lineage MH@FA 5 Common ancestor = FA 2 (nearest) Common ancestor = FA 1 (nearest) MH@FA 3 MH@FA 6 MH@VL Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007

34 Multi-layer Operation Mobility and multi-homing can be realized on different layers –Network Mobile IP, HMIP, NEMO –Between network and transport Host Identity Protocol (HIP) –Transport (SCTP) TCP extensions, SCTP (TrASH) –Application SIP, Wireless CORBA, overlays Re-establish TCP-sessions after movement

35 TCP Solutions to Mobility When MN initiates a connection, it tells the CN it’s new IP address through SYN CN uses DNS lookup to locate a MN TCP Migrate option is used to migrate to a new connection (s_ip, s_port, d_ip, d_port) to (s_ip, s_port, d_ip’,d_port’) Segmented TCP, Indirect TCP (I-TCP) SCTP multihoming can be used as well CN MN CN MN after movement (Migrate SYN, Migrate SYN/ACK, ACK) Source: Chittaranjan Hota, Computer Networks II lecture 22.10.2007

36 SIP Mobility Session mobility allows a user to maintain and manage a media session across devices Terminal mobility allows a device to move between IP subnets while continuing to be reachable for incoming requests and maintaining sessions across subnet changes Personal mobility allows the addressing of a single user Located at different terminals by using the same logical address Service mobility allows users to maintain access to services while moving or changing devices and network service providers SIP implements these using URLs, proxies, and redirect servers. The home domain keeps track of users and devices. Message forking

37 Mobility using SIP SIP Redirect Server SIP Proxy Server Foreign Network Mobile Host Home Network Corresponding Host 12 3 6 4 5 1 INVITE 2 302 moved temporarily 3, 4 INVITE 5, 6 OK 7 Data Benefits: Global mobility, No tunneling, No change to routing 7

38 IMS Example of call routing User A HSS Interrogating CSCF Serving CSCF Invite From: sip:userA@isp.com To: sip:userB@isp.com Call-ID Location Query User B Ok Multimedia session Serving CSCF CSCF = Call State Control Function HSS = Home Subscriber Service

39 Host Identity Protocol New cryptographic namespace Connection endpoints mapped to 128 bit host identity tags (hashes of public keys) Mapping at HIP layer 4-phase Base Exchange with cryptographic puzzle for DoS prevention IPSec for network-level security

40 Identity/Locator split Process Transport ID Layer IP Layer Link Layer identifier locator

41 ESP from MN to CN Mobility protocol Mobile Corresponding UPDATE: HITs, new locator(s), sig UPDATE: HITs, RR challenge, sig ESP on both directions UPDATE: HITs, RR response, sig

42 Basic HIP rendezvous Rendezvous server Server Client Rendezvous registration I1 R1 I2 R2

43 Application-layer mobility Many application-layer protocols are, in principle, similar to Mobile IP Moving entity may differ –Instead of host we have object, session, entity, or interests For example: –Object mobility Wireless CORBA –Session mobility SIP –Interest mobility Content-based routing –Generic mobility i3 overlay, service composition

44 Application-layer mobility Many application-layer protocols are, in principle, similar to Mobile IP Moving entity may differ –Instead of host we have object, session, entity, or interests For example: –Object mobility Wireless CORBA –Session mobility SIP –Interest mobility Content-based routing –Generic mobility i3 overlay, service composition

45 Internet Indirection Infrastructure (i3) An Overlay infrastructure. Every packet is associated with an identifier. Receiver receives using identifier A Trigger (Natural Support for Mobility) Movement with a different address [Source: http://i3.cs.berkeley.edu/]

46 i3: How it Works? (A Receiver R inserts a trigger into i3) (A Sender S sends a packet with same identifier 37, that is delivered to R) CHORD ensures O (log N ) no. of intermediate hops to reach at the destination [http://i3.cs.berkeley.edu/]

47 Mobile Web Server Gateway Browser Webserver Operator Firewall 2.5/3G Internet DNS 12 3 By courtesy of Johan Wikman Presented in EuroOSCON 2006

48 Indirection Points Mobility may be characterized by indirection points –Mobile IP Single fixed indirection point –Location / Identity split Single indirection point –SIP Single fixed indirection point (home domain) (other are possible) –Content-based routing Many indirection points

49 Lessons to learn Hierarchical routing likely to stay –Addresses carry topological information –Efficient and well established Applications face changing connectivity –QoS varies –periods of non-connectivity Identifiers and locators likely to split Mobility management is needed Probably changes in directory services –Overlays have been proposed

50 Summary Topology based routing is necessary Mobility causes address changes Address changes must be signalled end-to-end –Alternative: use triangular routing as in Mobile IP Mobility management needed –Initial rendezvous: maybe a directory service –Double jump problem: rendezvous needed Many engineering trade-offs

Download ppt "T-110.5110 Computer Networks II Mobility Issues 28.09.2009 Prof. Sasu Tarkoma."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IP Mobility Support Basic idea of IP mobility management

IP Mobility Support Basic idea of IP mobility management
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
MOBILE NETWORK LAYER Mobile IP.

MOBILE NETWORK LAYER Mobile IP.
IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
Inter-Subnet Mobile IP Handoffs in 802.11b Wireless LANs Albert Hasson.

Inter-Subnet Mobile IP Handoffs in b Wireless LANs Albert Hasson.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
T-110.6120 Special Course in Data Communication Software Mobility in the Internet 25.9.2009 Prof. Sasu Tarkoma.

T Special Course in Data Communication Software Mobility in the Internet Prof. Sasu Tarkoma.
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG

Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Mobile IP Overview: Standard IP Standard IP Evolution of Mobile IP Evolution of Mobile IP How it works How it works Problems Assoc. with it Problems Assoc.

Similar presentations

Ads by Google