Download presentation
Presentation is loading. Please wait.
Published byJoel Cummings Modified over 8 years ago
1
49th IETF - San Diego - 1 Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt - Thierry Ernst - MOTOROLA Labs Ludovic Bellier - INRIA (Planete project) Claude Castelluccia - INRIA (Planete project) Hong-Yon Lach - MOTOROLA Labs
2
Ernst Thierry - 49th IETF San Diego - 2 Definition and Terminology Mobile Node = a node that changes its point of attachment u by means of Mobile IPv6 Mobile Network = an entire network that changes its point of attachment u A IP subnet or a collection of IP subnets u Mobile Router (MR) + its attached Nodes and Routers. u SNs = all stationary nodes located in mobile network ( SNs are not Mobile Nodes !) u Future needs require to consider (potentially large) mobile networks CNs = all nodes communicating with SNs Aim of this work is to: u Provide continuous Internet connectivity to SNs u Offer optimal routing between CNs and SNs Mobile IPv6 specification: u Mobile IPv6 nodes may either be Mobile Hosts or Mobile Routers. u But no explicit mention of mobile networks.
3
Ernst Thierry - 49th IETF San Diego - 3 Experimentation: Test Bed Francis Dupont INRIA IPv6 Implementation under FreeBSD 3.3 MR has two interfaces u One on the home / foreign link in the home / foreign network u One on the internal link in the mobile network Mobile Network attaches to foreign link : u MR obtains a care-of address on the foreign link u MR registers care-of address with HA. u HA opens an IPv6-in-IPv6 tunnel to MR’s careof address u HA adds a host-specific route for MR’s home address to MR’s careof address
4
Ernst Thierry - 49th IETF San Diego - 4 Experimentation: Ping between CN and MR No problem, MR receives the packet => Redirection works fine whether Mobile Node is a Host or a Router u Packet is routed to BR u BR sends NDP messages to discover MR’s MAC address u BR HA replies with HA’s address on behalf of MR u HA intercepts packets addressed to MR u HA routes the packet to the IPv6-in-IPv6 tunnel u HA tunnels the packet to MR’s care-of address I ’m MR MR ?
5
Ernst Thierry - 49th IETF San Diego - 5 Experimentation: Ping between CN and SN Routing Loop MR ? I ’m MR u Packet is routed to BR u In BR’s routing table, MR' home address is the next hop towards SN u BR sends NDP messages to discover MR’s MAC address u HA replies with HA’s address on behalf of MR u HA intercepts but does not have an entry for SN’s address u HA sends the packet to its default route, i.e. the BR u The packet enters in a routing loop Problem, SN never receives the packet => Redirection to SNs impossible
6
Ernst Thierry - 49th IETF San Diego - 6 Our Solution: Network Scope Binding Updates Assumption: all nodes in the mobile network share a common IP prefix = Mobile Network Prefix u if only one subnet -> internal link ’s prefix u If several subnets -> a common prefix identifying (sub-SLA) all subnets in the mobile network Our solution: all packets with a destination address corresponding to the Mobile Network Prefix are routed to the MR ’s careof address. Means: u A Binding between the Mobile Network Prefix and the MR’s careof address. u a new Sub-Option to carry the Mobile Network Prefix + a ‘P’ flag u Prefix and flag are recorded in the binding cache u Binding Cache is searched for a Prefix for those records showing the ‘P’ flag. u BUs containing the Mobile Network Prefix are sent: To the HA to allow redirection To all CNs to allow optimal routing u BUs are sent by the MR, not by individual SNs: mobility of network is transparent to SNs mobility management is aggregated (a given CN only gets 1 BU whatever # SNs)
7
Ernst Thierry - 49th IETF San Diego - 7 Our Solution: Security Issues Existing Mobile IPv6 for Mobile Nodes: u Authentication of BU’s sender: MN authenticated thanks to IPSec u Authorization of MN = allowing MN to send BUs no explicit authorization If sender is authenticated, the Mobile IPv6 policy is to accept, record, and use whatever received careof address Mobile IPv6 extensions to support Mobile Networks: u Authentication of BU’s sender: MR is authenticated thanks to IPSec - (same as for a single MN) u Authorization of MR = allowing the MR to manage mobility of an entire network If the Mobile IPv6 policy says that a careof-address can be registered for a prefix, then MR has the right to register a binding between the Mobile Network Prefix and its address. Authorization may be provided by a certificate: exchanged during SA negociation to guarantee that MR actually serves the mobile network with the specified Prefix. Our solution is a matter of Authorization, not a matter of Authentication
8
Ernst Thierry - 49th IETF San Diego - 8 Mobile IP Working Group Item ? Does the Mobile IP WG agree that: u HA is unable to redirect packets sent to nodes in the mobile network ? (if the final destination is not the Mobile Router itself) u CN is unable to directly route packets to nodes in the mobile network) (if the final destination is not the Mobile Router itself) => no redirection + no optimal routing = SNs are unreachable This should be addressed by the Mobile IP WG => Add « Support of Mobile Networks » as a work item of the Mobile IP WG and include it in the charter.
9
Ernst Thierry - 49th IETF San Diego - 9 For More Information draft-ernst-mobileip-v6-network-01.txt Thierry Ernst thierry.ernst@inrialpes.fr http:// www.inrialpes.fr/planete This is a joint work between and
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.