Presentation is loading. Please wait.

Presentation is loading. Please wait.

SYZYGY Engineering 1 Mobile Networking Mobile-IP Mobile Networking Ad Hoc Network ACP/WG N Meeting 06 WGN06 – IP13 ACP/WG N/SG N1 WP904 (APC) WP-N1-IP-701.

Similar presentations


Presentation on theme: "SYZYGY Engineering 1 Mobile Networking Mobile-IP Mobile Networking Ad Hoc Network ACP/WG N Meeting 06 WGN06 – IP13 ACP/WG N/SG N1 WP904 (APC) WP-N1-IP-701."— Presentation transcript:

1 SYZYGY Engineering 1 Mobile Networking Mobile-IP Mobile Networking Ad Hoc Network ACP/WG N Meeting 06 WGN06 – IP13 ACP/WG N/SG N1 WP904 (APC) WP-N1-IP-701 Latest available information as of 03/26/2006 Will Ivancic © 2004 Syzygy Engineering – Will Ivancic

2 SYZYGY Engineering 2 Outline Mobile Networking Solutions Mobile-IPv4 Operation (mip4) Mobile-IPv6 Operation (mip6) Networks In Motion (nemo) Mobile Nodes and Multiple Interfaces in IPv6 (monami6) Ad Hoc Networks © 2004 Syzygy Engineering – Will Ivancic

3 SYZYGY Engineering 3 What is Mobility? Transportable –Telecommuter –Traveler –Relatively static once connected –Single point of connection –Connectivity IPv6 Autoconfiguration VPN Mobile –Mobile Devices PDAs Cell Phones –Mobile Networks Trains Planes Automobiles –Connectivity Mobile-IP Networks in Motion (NEMO) Ad Hoc Networks © 2004 Syzygy Engineering – Will Ivancic

4 SYZYGY Engineering 4 Mobile Networking Solutions Routing Protocols – Route Optimization – Convergence Time – Sharing Infrastructure – who owns the network? Mobile-IP – Route Optimization Optimization for MIPv6 No Optimization for NEMOv6 (Basic) Optimization can be problematic for security (if reverse tunneling is required) – Convergence Time – Sharing Infrastructure – Security – Relatively Easy to Secure Domain Name Servers – Route Optimization – Convergence Time – Reliability Source – Will Ivancic

5 SYZYGY Engineering 5 Mobility at What Layer? Layer-2 (Radio Link) –Fast and Efficient –Proven Technology within the same infrastructure Cellular Technology Handoffs WiFi handoffs Layer-3 (Network Layer) –Slower Handover between varying networks –Layer-3 IP address provides identity –Security Issues Need to maintain address Layer-4 (Transport Layer) –Research Area –Identity not tied to layer-3 IP address –Proposed Solutions HIP – Host Identity Protocol SCTP – Stream Control Transport Protocol © 2004 Syzygy Engineering – Will Ivancic

6 SYZYGY Engineering 6 Location Identifier Internet Alice (Mobile Node) Headquarters (Location Manager) HQ Keeps Track of Alice. Bob (Corresponding Node) Where is Alices Location Manager? I am in Cleveland, Ohio Hello Alice Hello Bob, I am in Cleveland, Ohio What is the Weather like in Cleveland? © 2004 Syzygy Engineering – Will Ivancic

7 SYZYGY Engineering 7 Moblile-IP Operation IPv4 © 2004 Syzygy Engineering – Will Ivancic

8 SYZYGY Engineering 8 Mobile IPv4 Header Considerations Source is always home network address! –Easy to secure due to consistent end-point! –But, results in topologically incorrect address when away from home. Security Issue, Ingress and Egress Filtering Reverse Tunneling –Fixes topologically incorrect addressing problem –Eases secure deployment. VersionIHL Type of Service Total Length Identification Flag s Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address OptionsPadding IPv4 Header 20 bytes © 2004 Syzygy Engineering – Will Ivancic

9 Mobile Node Foreign Agent Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Foreign Agents Bi-directional Tunnel if Reverse Tunneling Is specified. Source – Will Ivancic

10 Mobile Node Foreign Agent Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Foreign Agents Source – Will Ivancic

11 Mobile Node Foreign Agent Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Foreign Agents (Reverse Tunneling) Source – Will Ivancic

12 Mobile Node Access Router Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Collocated Care-Of-Address DHCP or Connection Established Bi-directional Tunnel if Reverse Tunneling Is specified. Source – Will Ivancic

13 Mobile Node Access Router Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Collocated Care-Of-Address Source – Will Ivancic

14 Mobile Node Access Router Home Agent NASA Ames Corresponding Node Internet or Intranet NASA Glenn Home IP Care-Off-Address NASA Goddard Mobile-IP (IPv4) using Collocated Care-Of-Address (Reverse Tunneling) Source – Will Ivancic

15 Bi-directional Tunnel if Reverse Tunneling Is specified. Tunnel-0 Tunnel-1 Mobile Router (Mobile Node) Foreign Agent Home Agent Corresponding Node Internet WAN Internet WAN Internet Roaming Interface Virtual LAN Interface HA Loopback Virtual Interface FA WAN MR Loopback Virtual Interface COA Mobile-Router (IPv4) Mobile Router Source – Will Ivancic

16 Mobile Router (Mobile Node) Foreign Agent Home Agent Corresponding Node Internet WAN Tunnel Internet WAN Internet Roaming Interface Tunnel HA Loopback Virtual Interface FA WAN Mobile-Router (IPv4) Mobile Router (Reverse Tunneling) Virtual LAN Interface MR Loopback Virtual Interface COA Source – Will Ivancic

17 Mobile Router (Mobile Node) Home Agent Corresponding Node Internet WAN Tunnel Internet WAN Roaming Interface Foreign Agent Tunnel HA Loopback Virtual Interface FA WAN Mobile-Router (IPv4) Collocated Care-Of-Address Internet No Foreign Agent No Second Tunnel Virtual LAN Interface MR Loopback Virtual Interface COA Source – Will Ivancic

18 Mobile Router (Mobile Node) Home Agent Corresponding Node Internet WAN Tunnel Internet WAN Internet Roaming Interface HA Loopback Virtual Interface Mobile-Router (IPv4) Collocated Care-Of-Address Access Router Virtual LAN Interface MR Loopback Virtual Interface COA Source – Will Ivancic

19 SYZYGY Engineering 19 Mobile Networking Additional Features Geographically Distributed Home Agents Asymmetrical Pathing Source – Will Ivancic

20 SYZYGY Engineering 20 Secondary Home Agent (reparenting the HA) Primary Home Agent Secondary Home Agent Reparenting Home Agent Helps resolve triangular routing Problem over long distances X Source – Will Ivancic

21 SYZYGY Engineering 21 Emergency Backup (Hub / Spoke Network) If primary control site becomes physically inaccessible but can be electronically connected, a secondary site can be established. If primary control site is physically incapacitated, there is no backup capability. Source – Will Ivancic

22 SYZYGY Engineering 22 Secondary Home Agent (Fully Meshed Network) 1 If primary control site is physically incapacitated, a second or third or forth site take over automatically. Source – Will Ivancic

23 SYZYGY Engineering 23 Asymmetrical Pathing Mobile Router MilStar, Globalstar, Others DVB Satellite Internet Home AgentForeign Agent Source – Will Ivancic

24 SYZYGY Engineering 24 Securing Mobile and Wireless Networks Some ways may be better than others! Source – Will Ivancic

25 SYZYGY Engineering 25 Constraints / Tools Policy Architecture Protocols Source – Will Ivancic

26 SYZYGY Engineering 26 Public Internet FA MR US Coast Guard Mobile Network HA US Coast Guard Operational Network (Private Address Space) CN IPv4 Utopian Operation Triangular Routing Source – Will Ivancic

27 SYZYGY Engineering 27 IPv4 Mobile-IP Addressing Source Address is obtained from –Foreign Agent –Static Collocated Care-of-Address (CCoA) –DHCP via Access Router (Dynamic CCoA) Private Address space is not routable via the Open Internet Topologically Incorrect Addresses should be blocked via Ingress or Egress filtering Source – Will Ivancic

28 SYZYGY Engineering 28 Public Internet FA MR US Coast Guard Mobile Network HA US Coast Guard Operational Network (Private Address Space) CN IPv4 Real World Operation PROXyPROXy Proxy had not originated the request; therefore, the response is squelched. Peer-to-peer networking becomes problematic at best. Glenn Research Center Policy: No UDP, No IPSec, etc… Mobile-IP stopped in its tracks. Whats your policy? Ingress or Egress Filtering stops Transmission due to topologically Incorrect source address. IPv6 Corrects this problem. USCG Requires 3DES encryption. WEP is not acceptable due to known deficiencies. Source – Will Ivancic

29 SYZYGY Engineering 29 Public Internet FA MR US Coast Guard Mobile Network HA US Coast Guard Operational Network (Private Address Space) CN Current Solution – Reverse Tunneling PROXyPROXy Anticipate similar problems for IPv6. Adds Overhead and kills route optimization. Source – Will Ivancic

30 SYZYGY Engineering 30 Public Internet FA MR US Coast Guard Canadian Coast Guard ACME Shipping HA ACME SHIPPING MRMR US Navy Shared Network Infrastructure Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue. Source – Will Ivancic

31 SYZYGY Engineering 31 IPv6 Mobile-IP © 2004 Syzygy Engineering – Will Ivancic

32 SYZYGY Engineering 32 Mobile-IPv6 No "foreign agent routers Route optimization is a fundamental part of the protocol Mobile IPv6 route optimization can operate securely even without pre-arranged security associations Route optimization coexists efficiently with routers that perform "ingress filtering" The movement detection mechanism in Mobile IPv6 provides bidirectional confirmation of a mobile node's ability to communicate with its default router in its current location Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 routing header rather than IP encapsulation © 2004 Syzygy Engineering – Will Ivancic

33 SYZYGY Engineering 33 Mobile-IPv6 Modes for communications between the mobile node and a correspondent node –Bidirectional tunneling Does not require Mobile IPv6 support from the correspondent node –Route Optimization Requires the mobile node to register its current binding at the correspondent node. Packets from the correspondent node can be routed directly to the care-of address of the mobile node Source – Will Ivancic

34 SYZYGY Engineering 34 IPv6 Extension Headers © 2004 Syzygy Engineering – Will Ivancic

35 SYZYGY Engineering 35 Source-Routed Packet Source Address = mobile nodes care-of-address Destination Address = correspondent nodes address Topologically Correct Address If we loose contact, Home knows where I am. © 2004 Syzygy Engineering – Will Ivancic

36 SYZYGY Engineering 36 Routing in Mobile IPv6 Mobile Node visiting a foreign link Home Agent Correspondent which does not know the care-of address Correspondent which knows the care-of address Source Routing Tunneling

37 Mobile Node Access Router Home Agent Corresponding Node Internet or Intranet Mobile-IPv6 using Reverse Tunneling Source – Will Ivancic

38 Mobile Node Access Router Home Agent Corresponding Node Internet or Intranet Mobile-IPv6 using Route Optimization Source – Will Ivancic

39 Mobile Node Access Router Home Agent Corresponding Node Internet or Intranet Mobile-IPv6 Binding Updates x Binding Updates Link UP The number of Binding Updates is A Scalability Problem for Mobile Networks Source – Will Ivancic

40 SYZYGY Engineering 40 Mobile IPv6 Security Binding Updates use IPsec extension headers, or by the use of the Binding Authorization Data option Prefix discovery is protected through the use of IPsec extension headers Mechanisms related to transporting payload packets - such as the Home Address destination option and type 2 routing header have been specified in a manner which restricts their use in attacks Source – Will Ivancic

41 SYZYGY Engineering 41 NEMO NEtworks in Motion charter.html Source – Will Ivancic

42 SYZYGY Engineering 42 Networks In Motion (NEMO) Working Group established in IETF in December 2002 Concerned with managing the mobility of an entire network, which changes, as a unit, its point of attachment to the Internet and thus its reachability in the topology. Source – Will Ivancic

43 SYZYGY Engineering 43 Goals Standardizing some basic support mechanisms based on the bidirectional tunneling approach –Competed January 2005 Study the possible approaches and issues with providing more optimal routing –Ongoing as of January 2006 Source – Will Ivancic

44 SYZYGY Engineering 44 Network Mobility (NEMO) Basic Support Protocol (RFC 3963)(RFC 3963) The basic solution MUST use bi-directional tunnels MNNs MUST be reachable at a permanent IP address and name. MUST maintain continuous sessions (both unicast and multicast) between MNNs and arbitrary CNs after IP handover of (one of) the MRs. The solution MUST not require modifications to any node other than MRs and HAs. The solution MUST support fixed nodes, mobile hosts and mobile routers in the mobile network. The solution MUST not prevent the proper operation of Mobile IPv6 (i.e. the solution MUST support MIPv6-enabled MNNs and MUST also allow MNNs to receive and process Binding Updates from arbitrary Mobile Nodes.) The solution MUST treat all the potential configurations the same way (whatever the number of subnets, MNNs, nested levels of MRs, egress interfaces,...) The solution MUST support mobile networks attaching to other mobile networks (nested mobile networks). Source – Will Ivancic

45 SYZYGY Engineering 45 Work In Progress Route Optimization Load Sharing (monami) Policy Based Routing (monami) Multiple Home Agents from different Service Providers –Security Issues –Desirable for some applications (i.e. air traffic control, airline maintenance, entertainment) Source – Will Ivancic

46 Mobile Network Access Router Home Agent Corresponding Node Internet or Intranet Basic Mobile Network Support for IPv6 x Link UP Mobile Network Nodes Binding Update Source – Will Ivancic

47 SYZYGY Engineering 47 Mobile Nodes and Multiple Interfaces in IPv6 (monami6)

48 SYZYGY Engineering 48 monami6 Produce standard track specifications to the straight-forward problems associated with the simultaneous use of multiple addresses for either mobile hosts using Mobile IPv6 or mobile routers using NEMO Basic Support and their variants (FMIPv6, HMIPv6, etc) Provide standardized support for simultaneous differentiated use of multiple access technologies –802.11*, , , UMTS, Bluetooth and others WG Deliverables: –Documentation of motivations for a node using multiple interfaces and the scenarios where it may end up with multiple global addresses on its interfaces [Informational] –Analysis document explaining what are the limitations for mobile hosts using multiple simultaneous Care-of Addresses and Home Agent addresses using Mobile IPv6, whether issues are specific to Mobile IPv6 or not [Informational]. –A protocol extension to Mobile IPv6 (RFC 3775) and NEMO Basic Support (RFC 3963) to support the registration of multiple Care-of Addresses at a given Home Agent address [Standard Track]. –A "Flow/binding policies exchange" solution for an exchange of policies from the mobile host/router to the Home Agent and from the Home Agent to the mobile host/router influencing the choice of the Care-of Address and Home Agent address [Standard Track].

49 SYZYGY Engineering 49 High speed link int2 int3 Routing Policy int1 Low latency link Reliable link ATC AOC P-DATA Home Agent Policy-Base Routing Airline Example P-DATA: Passenger Data (Non-Critical Information) AOC: Airline Operations Control (2 nd Highest Priority) ATC: Air Traffic Management (Highest Priority - Safety of Flight)

50 SYZYGY Engineering 50 High speed link int2 int3 Routing Policy int1 Low latency link Reliable link ATC AOC P-DATA Home Agent Policy-Base Routing Airline Example P-DATA: Passenger Data (Non-Critical Information) AOC: Airline Operations Control (2 nd Highest Priority) ATC: Air Traffic Management (Highest Priority - Safety of Flight)

51 SYZYGY Engineering 51 High speed link int2 int3 Routing Policy Home Agent int1 Low latency link Reliable link ATC AOC P-DATA Policy-Base Routing Airline Example P-DATA: Passenger Data (Non-Critical Information) AOC: Airline Operations Control (2 nd Highest Priority) ATC: Air Traffic Management (Highest Priority - Safety of Flight)

52 SYZYGY Engineering 52 Mobile Ad Hoc Networks (MANET) © 2004 Syzygy Engineering – Will Ivancic

53 SYZYGY Engineering 53 MANET Characteristics What is Mobile Ad-Hoc Networking (MANET) –Self-configuring and self-organizing network of mobile nodes usually connected via wireless links –Consists of mobile platforms / nodes (e.g., a router with multiple hosts) which are free to move about arbitrarily. –Initial research and development based on mutual trust and cooperation –MANET routing is a layer-3, network layer technology. Dynamic, changing,random, multi-hop topologies may require traversing multiple links to reach a destination May have frequent network partitions and merging Routing may change because of mobility (or wireless link dynamics – fading) Routing functionality need to support robust and efficient operation May require energy-constrained operation Source: Albert Young - Boeing

54 SYZYGY Engineering 54 MANET Characteristics Bandwidth constrained,variable capacity wireless links Effective throughput is much less than a radio maximum transmission rate after accounting for the effects of multiple access, fading, noise, propagation path loss and interference Limited physical security –Increased possibility of eavesdropping, spoofing, and denial-of-service attacks Ad-hoc network clusters can operate autonomously or be attached at some point(s) to the fixed Internet –Stub network The decentralized nature of network control in MANETs provides additional robustness against the single points of failure of more centralized approaches. Equipped with wireless transceivers using antennas which may be omni-directional (broadcast),directional (point-to- point), possibly electronically steerable or a combination. Source: Albert Young - Boeing

55 SYZYGY Engineering 55 Applications Sensor Webs –Forest Fires Monitoring –Pollution Monitoring –Environmental Monitoring Inexpensive alternatives or enhancements to cell- based mobile network infrastructures. Military networking for robust, IP-compliant data services within mobile wireless communication networks consist of highly-dynamic autonomous topology segments. Homeland Security –Scenarios requiring rapidly-deployable communications with survivable, efficient dynamic networking © 2004 Syzygy Engineering – Will Ivancic

56 SYZYGY Engineering 56 Status of MANET Defense Programs are extremely interested in MANETs –Self-Organizing, robust, self-healing –Major research funding source. IETF MANET working –Promoting a few experimental deployments (a reactive and a proactive routing technique) –Using mature components from previous work on experimental reactive and proactive protocols, the WG will develop two Standards track routing protocol specifications: Reactive MANET Protocol (RMP) Proactive MANET Protocol (PMP) –Develop a scoped forwarding protocol that can efficiently flood data packets to all participating MANET nodes. The primary purpose of this mechanism is a simplified best effort multicast forwarding function. © 2004 Syzygy Engineering – Will Ivancic

57 SYZYGY Engineering 57 Deployments (Sampling – Many others are available) Dynamic MANET On-demand (DYMO) routing protocol –http://moment.cs.ucsb.edu/dymo/index.phphttp://moment.cs.ucsb.edu/dymo/index.php Ad hoc On Demand Distance Vector (AODV) –http://www.nmsl.cs.ucsb.edu/~krishna/aodv-linksys/http://www.nmsl.cs.ucsb.edu/~krishna/aodv-linksys/ –http://w3.antd.nist.gov/wctg/aodv_kernel/http://w3.antd.nist.gov/wctg/aodv_kernel/ –http://crl.se/?go=aodv6http://crl.se/?go=aodv6 Optimized Link State Routing Protocol (OLSR) –Navy Research Lab, INRIA (fr), NIIGATA (jp), GRC, LRI (fr), Communication Research Centre in Canada, UniK University URL for all sources: Dynamic Source Routing (DSR) –http://www.monarch.cs.rice.edu/dsr-impl.htmlhttp://www.monarch.cs.rice.edu/dsr-impl.html –http://pdos.csail.mit.edu/grid/software.html#installhttp://pdos.csail.mit.edu/grid/software.html#install –http://core.it.uu.se/AdHoc/DsrUUImpltp://core.it.uu.se/AdHoc/DsrUUImplhttp://core.it.uu.se/AdHoc/DsrUUImpltp://core.it.uu.se/AdHoc/DsrUUImpl

58 SYZYGY Engineering 58 Routing Standards and Research One Size Does Not Fit All! No single routing protocol works well in all environments –Which approach to choose depends on the traffic and mobility patterns, and QoS requirements –Proactive routing protocols Optimized Link State Routing (OLSR), Open Shortest Path First (OSPF) extension Applicable for relatively stable networks Suitable for large and dense networks –Reactive routing protocol Ad Hoc On-Demand Distance Vector (AODV), Dynamic Source Routing protocol (DSR), Dynamic MANET On-demand (DYMO) Enables reactive, multihop routing between participating nodes that wish to communicate. Applicable to highly dynamic networks –Motivation is for interoperability with the wired –Modification (e.g. neighbor establishment) and scalability enhancements to OSPFv3 that is designed for IPv6 –Specifically in reducing the size of Hello packets, and optimizing flooding of routing updates. © 2004 Syzygy Engineering – Will Ivancic

59 SYZYGY Engineering 59 Benefits of IPv6 in MANETs IPv6 couple together with MANET offers ease and speed of deployment, and decreased dependence on infrastructure Provide End-to-End Global Addressing Autoconfiguration of link-local addresses Possible End-to-End Security with integrated IPSec Support for source routing Full support of mobility No broadcast traffic to hamper wireless network efficiency Potential support of real-time delivery of data with QoS Potential to utilize Anycast addressing © 2004 Syzygy Engineering – Will Ivancic

60 SYZYGY Engineering 60 Challenges Denial of Service –DAD DoS, Uncooperative Router, etc… –Neighbor Discovery trust and threats Network Discovery –Reachback, DNS, Key Manager Security –IPSec / HAIPES tunnel end-points –Security Policies in a dynamic environment –Is layer-2 encryption sufficient security? –Insecure routing Attackers may inject erroneous routing information to divert network traffic, or make routing inefficient Key Management –Lack of key distribution mechanism –Hard to guarantee access to any particular node (e.g. obtain a secret key) © 2004 Syzygy Engineering – Will Ivancic

61 SYZYGY Engineering 61 Challenges Duplicate Address Discovery –Not suitable for multi-hop ad hoc networks that have dynamic network topology –Need to address situation where two MANET partitions merge Radio Technology –Layer-2 media access often incompatible with layer-3 MANET routing protocol Battery exhaustion threat –A malicious node may interact with a mobile node very often trying to drain the mobile nodes battery Testing of Applications Integrating MANET into the Internet © 2004 Syzygy Engineering – Will Ivancic

62 SYZYGY Engineering 62 Integrating MANET into the Internet Unicast Address Autoconfiguration Multicast Address Autoconfiguration Multicast Name Resolution Service Discovery Global Connectivity between MANET and Internet Source:


Download ppt "SYZYGY Engineering 1 Mobile Networking Mobile-IP Mobile Networking Ad Hoc Network ACP/WG N Meeting 06 WGN06 – IP13 ACP/WG N/SG N1 WP904 (APC) WP-N1-IP-701."

Similar presentations


Ads by Google