Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University.

Published byMarianna Grimes Modified over 10 years ago

Similar presentations

Presentation on theme: "Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University."— Presentation transcript:

1 Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University

2 Contents Mobile IPv6 Introduction Mobile IPv6 Introduction Mobile IPv6 Operation and Examples Mobile IPv6 Operation and Examples Mobile IPv6 Security and Privacy Mobile IPv6 Security and Privacy Technical Challenges Technical Challenges Summary Summary

3 MIPv6 Introduction Routing protocol for mobile IPv6 hosts Routing protocol for mobile IPv6 hosts –Transparent to upper layer protocols and applications Uncommon protocol architecture… Uncommon protocol architecture… –Avoids actively involving routers! –Protocol state held in end-hosts Mobile nodes Mobile nodes Correspondent nodes Correspondent nodes –One exception… the Home Agent

4 MIPv6 Operation Mobile Nodes Acquire Mobile Nodes Acquire –Home address –Home agent When away from home When away from home –Acquire care-of address –Register care-of address with home agent and any relevant correspondent nodes… –Mobile IPv6 ensures correct routing

5 MIPv6 Bindings Cache Maintains a mapping between the mobile nodes home address and its current care-of address Maintains a mapping between the mobile nodes home address and its current care-of address Held by home agents and correspondent nodes Held by home agents and correspondent nodes Provides info to allow correct routing of IPv6 packets to mobile node via IPv6 routing header… Provides info to allow correct routing of IPv6 packets to mobile node via IPv6 routing header… Provides a de-coupling between an IPv6 address and routing information Provides a de-coupling between an IPv6 address and routing information

6 Mobile IPv6 Example Mobile Node on home network IPv6 Data Home Address 2001:630:80:7000::1

7 Mobile IPv6 Example Mobile Node on foreign network Home Agent IPv6 Data Binding Update Router Advertisement Router Solicitation IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1

8 Mobile IPv6 Example Route Optimisation Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

9 Mobile IPv6 Example Okay, but what if we move again? Okay, but what if we move again? Two cases Two cases –Move from one foreign network to another –Return home… Need to send more binding updates… Need to send more binding updates…

10 Mobile IPv6 Example Optimised MN-CN session Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

11 Mobile IPv6 Example MN moves again! Stale Bindings Cache Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Router Advertisement Router Solicitation Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache

12 How to update CN? Bindings cache entry out of date… Bindings cache entry out of date… Solution Solution –Maintain a list of active correspondent nodes in mobile node. –Generated when a tunnelled packet received from home agent –Known as the binding update list

13 Mobile IPv6 Example MN maintains BU list Home Agent IPv6 Data Binding Update IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1 CNs IPv6 Address Binding Update List CN

14 Mobile IPv6 Example Optimised Route Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1 CNs IPv6 Address Binding Update List CN

15 Mobile IPv6 Example MN uses its BU list Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Router Advertisement Router Solicitation Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CNs IPv6 Address Binding Update List Binding Update 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CN

16 Mobile IPv6 Example Optimised Route Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache Home Address: 2001:630:80:7000::1 Care-of Address: 2001:630:80:9000::1 2001:630:80:7000::1 2001:630:80:9000::1 Bindings Cache CNs IPv6 Address Binding Update List CN

17 What address do we use? When away from home what address does a mobile node use as its source address? When away from home what address does a mobile node use as its source address?

18 Its Home Address? But ingress filtering? But ingress filtering? –Implemented by many border routers to avoid spoofing attacks. –Any packets received by a router on an interface which do not match the source address of that packet are discarded. Cant source from home address, as its prefix doesnt match current location… Cant source from home address, as its prefix doesnt match current location…

19 Its Care-Of Address? But what about TCP? But what about TCP? –TCP uses the IP(v6) source address as an index –Without a device using a consistent IPv6 address, the TCP connection would break… Cant source from care-of address, for reasons of protocol stability… Cant source from care-of address, for reasons of protocol stability… The solution? The solution?

20 Source from BOTH… New IPv6 destination option New IPv6 destination option The Home Address Option The Home Address Option Included in EVERY outgoing packet Included in EVERY outgoing packet Understood by all correspondent nodes Understood by all correspondent nodes Home address replaces source address on reception by destination (correspondent node) Home address replaces source address on reception by destination (correspondent node) IPv6 packets IPv6 packets sourced from care-of address sourced from care-of address Contain home address as an option Contain home address as an option

21 What about network errors? Mobile IPv6 bindings are soft state Mobile IPv6 bindings are soft state –Refreshed periodically –Contain sequence numbers –Can be ackd- binding acknowledgements –Binding Updates and Acks are retransmitted (rate limited) until the protocol converges

22 What Format are the Control Messages? New IPv6 extension header Mobility Header New IPv6 extension header Mobility Header –Binding Updates –Return Routability –BU, BA, CoTi, CoT, HoTi, HoT Home Address option is carried in an IPv6 destination option Home Address option is carried in an IPv6 destination option –Not reliant on higher level protocols –Multiple messages per IP packet –Messages can append existing packets –E.g. TCP connection requests…

23 Security and Privacy Authentication Authentication –Massive security / denial of service attack in MIPv6 as described so far. –Whats to stop an attacker sending bogus Binding Update messages? –IPSec protects signalling between mobile node and its home agent –Return Routability test allows correspondent nodes to determine binding updates are authentic Privacy Privacy –IPSec between the mobile node and its home agent is control traffic only!

24 Mobile IPv6 Example MiTM attack! Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1 Care-of Address: dead:dead:dead::1 2001:630:80:7000::1 dead:dead:dead::1 Bindings Cache Binding Update

25 Return Routability… …or Route Equivalence. …or Route Equivalence. Argument: Argument: All that really matters is that the optimized route is functionally equivalent to a non- optimized route

26 Return Routability Home Agent implicitly trusted Home Agent implicitly trusted –Assumed it is hosted on secure site –Assumed that IPsec is used between mobile host and its home agent. Dynamic key distribution for use with correspondent nodes. Dynamic key distribution for use with correspondent nodes. Uses cookies to build session keys… Uses cookies to build session keys…

27 HoT Cookie Return Routability Home Agent IPv6 Data CoTi Message IPv6 Data Care-of Address: 2001:630:80:8000::1 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Home Address: 2001:630:80:7000::1 CoT Cookie HoT Cookie + CoT Cookie = Session Key Binding Update + Session Key HoTi Message HoTi message

28 Mobile IPv6 Example Home Agent IPv6 Data 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache 2001:630:80:7000::1 2001:630:80:8000::1 Bindings Cache Care-of Address: 2001:630:80:8000::1 Home Address: 2001:630:80:7000::1

29 Technical Challenges Things to think about if you wish to deploy MIPv6 services Bootstrapping Bootstrapping Security and Privacy Security and Privacy AAA AAA Handover Latencies Handover Latencies Firewalls and NATs Firewalls and NATs IPv4 / IPv6 co-existence IPv4 / IPv6 co-existence

30 Bootstrapping How does the MN discover... How does the MN discover... –its Home Address? static home address assignment is really the only home address configuration technique compatible with the current specification static home address assignment is really the only home address configuration technique compatible with the current specification dynamic assignment is more desirable dynamic assignment is more desirable –its Home Agent? –the SA with its Home Agent?

31 Security and Privacy RR gives some protection as described RR gives some protection as described RFC 4285 alternative authentication between MN and HA RFC 4285 alternative authentication between MN and HA –negates the need to have IPSec SA Privacy between MN and CN Privacy between MN and CN Location privacy concerns Location privacy concerns

32 AAA 2 different types 2 different types mobility service provider (home network) mobility service provider (home network) network service provider (at foreign network) network service provider (at foreign network) AAA for MSP needs to be integrated with MIPv6 AAA for MSP needs to be integrated with MIPv6 –has implications for bootstrapping procedure for bootsrapping away from home needs to be defined procedure for bootsrapping away from home needs to be defined AAA for foreign networks can be transparent to MIPv6 AAA for foreign networks can be transparent to MIPv6 Or integrate both types? Or integrate both types?

33 Handover Latencies HO times in the order of seconds! HO times in the order of seconds! –no good for real-time services Fast Handovers for MIPv6 (RFC 4068) Fast Handovers for MIPv6 (RFC 4068) –Enables MN to pre-configure new address before moving –Requires cooperation between previous and next access routers Hierarchical Mobile IPv6 (RFC 4140) Hierarchical Mobile IPv6 (RFC 4140) –Uses a Mobility Anchor Point to reduce HO times when roaming within same foreign network

34 NATs and Firewalls The Care of Address MUST be global! The Care of Address MUST be global! –thus obtaining a private address behind a NAT is problematic Firewalls will block BUs until user has been authenticated Firewalls will block BUs until user has been authenticated Stateful Firewall at CN site may block traffic from MN Stateful Firewall at CN site may block traffic from MN –new CoA not recognised

35 IPv4 / IPv6 Coexistence How does MIPv6 work with transition mechanisms? How does MIPv6 work with transition mechanisms? –Provided MN obtains a globally routable CoA things should work What about IPv4 only networks? What about IPv4 only networks? –Possibilities: CN is in an IPv4 only network CN is in an IPv4 only network HA is in an IPv4 only network HA is in an IPv4 only network MN moves into an IPv4 only network MN moves into an IPv4 only network

36 Other Issues DHCPv6 vs SLAAC DHCPv6 vs SLAAC –SLAAC faster can even fine tune RA intervals can even fine tune RA intervals –DHCPv6 gives more control SSIDs should be broadcasted SSIDs should be broadcasted –how else can MN seamlessly associate with new AP? –any manual intervention affects HO times! The CN problem! The CN problem! –not mandated in IPv6 stacks! –thus non-optimised routing

37 Summary MIPv6 allows IPv6 hosts to be mobile without breaking applications MIPv6 allows IPv6 hosts to be mobile without breaking applications Mobile Nodes can perform RO to avoid triangular routing problem Mobile Nodes can perform RO to avoid triangular routing problem RR test provides protection against 3 rd party attacks RR test provides protection against 3 rd party attacks Handover latencies do not support real-time services (yet) Handover latencies do not support real-time services (yet) Further problems to be solved! Further problems to be solved!

38 Questions?

Download ppt "Mobile IPv6: An Overview Dr Martin Dunmore, Lancaster University."

Similar presentations

Security Issues In Mobile IP

Security Issues In Mobile IP
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.

All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Secure Mobile IP Communication

Secure Mobile IP Communication
Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?

Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
IPv6 Mobility Support Henrik Petander

IPv6 Mobility Support Henrik Petander
INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.

INTRODUCTION WIRELESS TECHNOLOGY BECOMING HOTTER WIRELESS TECHNOLOGY BECOMING HOTTER TRANSITION TOWARDS MOBILITY OVER PAST 20 YEARS TRANSITION TOWARDS.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.

Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack.
MIP Extensions: FMIP & HMIP

MIP Extensions: FMIP & HMIP
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
MOBILE NETWORK LAYER Mobile IP.

MOBILE NETWORK LAYER Mobile IP.
資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.

資 管 Lee Lesson 12 IPv6 Mobility. 資 管 Lee Lesson Objectives Components of IPv6 mobility IPv6 mobility messages and options IPv6 mobility data structures.
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
1 Mobile IP Myungchul Kim Tel: 042-866-6127.

1 Mobile IP Myungchul Kim Tel:
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)

Irish IPv6 Task Force - Irish IPv6 Task Force Mobility in IPv6 (MIPv6)

Similar presentations

Ads by Google