T-110.6120 Special Course in Data T-110.6120 Special Course in Data Communication SoftwareCommunication Software
Mobility in the InternetMobility in the Internet
25.9.200925.9.2009Prof. Sasu Tarkoma
ContentsContents
•Overview
•Mobile IP
•NEMO
•Transport layer solutions
• i3
•SIP mobility
Mobility in the InternetMobility in the Internet
•This topic pertains to mobility of
– Networks
– Hosts
– Transport connections
– Sessions
– Objects (passive, active)
– Services
– Users
•Many solutions are needed on multiple layers
– Link layer, network, transport, application
– Vertical and horizontal handoffs
MobilityMobility
•What happens when network endpoints start to move?
•What happens when networks move?
•Problem for on-going conversations– X no longer associated with address– Solution: X informs new address
•Problem for future conversations– Where is X? what is the address?– Solution: X makes contact address available
•In practice not so easy. Security is needed!
Mobility
Micro Macro Global
Intra-subnet
Intra-domain Inter-domain
Cellular IP (1998)
TMIP (2001)
Hierarchical MIP (1996)
Hawaii (1999)
Dynamic Mobility Agent (2000)
HMIPv6 (2001)
MIP (1996)
MIPv6 (2001)
Time (evolutionary path)
Classifying Mobility ProtocolsClassifying Mobility Protocols
Routing vs. mobilityRouting vs. mobility
• Topology data aggregation is necessary
– Cannot track all hosts in the world
– IP addresses determined by topology
• Network gives the routing prefix
• Mobile hosts must change their IP addresses
– Causes sockets / connections to break
• How to communicate address changes?
• Two approaches:
– Let routing handle it not scalable
• Done by ad hoc routing protocols
– Let end-systems handle it protocol is needed
• Goal of a mobility protocol
– Transport and applications do not see address changes
– Mobility transparency
RendezvousRendezvous
•How to find the moving end-point?
– Tackling double jump
• What if both hosts move at the same time?
• Requires a rendezvous point
•Mobility management is needed!
– Initial rendezvous
– Can be based on directories
– Requires fast updates to directories
• Does not work well for DNS
Security issuesSecurity issues
•Address stealing
– Alice and Bob communicate
– Mallory tells Alice
• Bob is now at C
•Address flooding
– Mallory downloads from Alice, Bob, etc.
– Mallory tells everybody
• I have moved to C
Mobile IPMobile IP
•Two versions
– IPv4 (optional)
– integrated into IPv6 (with IPSec security)
•Home Agent (HA)
– Home address
– Initial reachability
– Triangular routing / reverse tunneling
•Route optimization
– Tunnels to bypass HA
– HA as a rendezvous point
Mobility Example:Mobile IP Mobility Example:Mobile IP Triangular RoutingTriangular Routing
Home agent
Correspondenthost
Foreign agent
Mobile host
Home link Foreign link
Ingress filtering causes problems for IPv4 (home address as source), IPv6 uses CoA
so not a problem . Solutions:(reverse tunnelling) or
route optimization
Foreign agent left out of MIPv6. No special
support needed withIPv6 autoconfigurationDELAY!
Care-of-Address (CoA)
Reverse TunnellingReverse Tunnelling
Home agent
Correspondenthost
Router
Mobile host
Home link Foreign link
DELAY!
Care-of-Address (CoA)
Firewalls and ingress filtering no longer a
problemDouble triangular routing leads to overhead and increases congestion
Firewalls and ingress filtering no longer a
problemDouble triangular routing leads to overhead and increases congestion
Mobility Example:Mobile IPv6 Mobility Example:Mobile IPv6 Route OptimizationRoute Optimization
Home agent
Correspondenthost
Router
Mobile host
Home link Foreign link
MH sends a binding update to CHwhen it receives a tunnelled packet.
CH sends packets using routing header
First, a Return Routability test to CH. CH sends home test and CoA test packets. When MH receives both,
It sends the BU with the Kbm key.
Secure tunnel (ESP)
MIPv6MIPv6
• MIP6 utilizes IPv6 header options for signalling between the HA and CN.
• The important changes are a new extension header (mobility header)
for the creation and management of binding, a new routing header
type to allow packets to be routed directly from CN to a MN CoA (home
address in ext), and a new destination type (MN to CN, home address
again)
• MIP6 uses the new IPv6 autoconfiguration mechanism to determine the
CoA, and thus does not need a FA.
• Using autoconfiguration, the MN receives Router Advertisements that
contain the routing prefixes of the visited network. This prefix
information is then combined with the interface ID (MAC address) of the
MN to obtain the CoA.
• MIP6 also supports the dynamic discovery of the HA or HAs.
Security in Mobile IPSecurity in Mobile IP
• MIPv6 RFC 3775/3776– Protection of Binding Updates HA, CNs– IPsec extension headers or the binding authorization data
option– Binding management key, Kbm, which is established through
return routability procedure– Protection of mobile prefix discovery– Protection of the mechanisms that MIPv6 uses for
transporting data
• Protecting binding updates– Must be secured through IPsec– ESP is used for updates and acks
• Shoulds: init messages, prefix discovery
Hierarchical Mobile IPHierarchical Mobile IP
•HMIPv6 is specified in RFC 4140
•Introduces local Mobility Anchor Points (MAP) that are essentially Home Agents
•MAPs can be located at any level in a hierarchical network of routers, including the access routers.
•The aim of the HMIPv6 is to minimize the signaling latency and reduce the number of required signaling messages.
•As long as the MN stays inside one MAP domain it only needs to update its location with the MAP.
•The localized mobility management can also be completely handled on the network side without MN's involvement at the IP mobility protocol level.
NEMONEMO
•It is also possible for a whole subnetwork to roam from one part of the Internet to another.
•Network Mobility (NEMO) is specified in RFC 3963
•The technical solution of NEMO is based on MIP6. NEMO allows subnetworks to change their location in a network.
•This is realized using a mobile router that manages the mobile network. The mobile router updates its HA regarding the CoA of the mobile router.
•A NEMO compliant HA can act also as a MIP6 HA. The basic solution creates a bi-directional tunnel between the mobile router and the HA, which effectively keeps the mobile network reachable.
•Hosts behind the mobile router do not need to be aware of mobility in any way.
Multi-layer OperationMulti-layer Operation
•Mobility and multi-homing can be realized on different layers
– Network
• Mobile IP, HMIP, NEMO
– Between network and transport
• Host Identity Protocol (HIP)
– Transport (SCTP)
• TCP extensions, SCTP (TrASH)
– Application
• SIP, Wireless CORBA, overlays
• Re-establish TCP-sessions after movement
Host Identity ProtocolHost Identity Protocol
•New cryptographic namespace
•Connection endpoints mapped to 128 bit host identity tags (hashes of public keys)
•Mapping at HIP layer
•4-phase Base Exchange with cryptographic puzzle for DoS prevention
•IPSec for network-level security
ESP from MN to CNESP from MN to CNESP from MN to CNESP from MN to CN
Mobility protocolMobility protocol
Mobile Corresponding
UPDATE: HITs, new locator(s), sig
UPDATE: HITs, RR challenge, sig
ESP on both directionsESP on both directionsESP on both directionsESP on both directions
UPDATE: HITs, RR response, sig
Basic HIP rendezvousBasic HIP rendezvous
Rendezvous server
Server
Client
Rendezvousregistration
I1
R1I2R2
Application-layer mobilityApplication-layer mobility
•Many application-layer protocols are, in principle, similar to Mobile IP
•Moving entity may differ
– Instead of host we have object, session, entity, or interests
•For example:
– Object mobility
• Wireless CORBA
– Session mobility
• SIP
– Interest mobility
• Content-based routing
– Generic mobility
• i3 overlay, service composition
SIP MobilitySIP Mobility•Session mobility allows a user to maintain and manage a
media session across devices
•Terminal mobility allows a device to move between IP subnets while continuing to be reachable for incoming requests and maintaining sessions across subnet changes
•Personal mobility allows the addressing of a single user
•Located at different terminals by using the same logical address
•Service mobility allows users to maintain access to services while moving or changing devices and network service providers
•SIP implements these using URLs, proxies, and redirect servers. The home domain keeps track of users and devices. Message forking
IMSIMS
•Example of call routing•Example of call routing
User A
HSS
Interrogating CSCF
ServingCSCF
InviteFrom: sip:[email protected]: sip:[email protected]
Location Query
User B
Ok
Multimedia session
ServingCSCF
CSCF = Call State Control FunctionHSS = Home Subscriber Service
Internet Indirection Infrastructure (i3) Internet Indirection Infrastructure (i3)
• An Overlay infrastructure.
• Every packet is associated with an identifier.
• Receiver receives using identifier
A Trigger
(Natural Support for Mobility)
Movement with a different address
[Source: http://i3.cs.berkeley.edu/]
Mobile Web ServerMobile Web Server
Gateway
BrowserWebserver
Operator
Firewall
2.5/3G
InternetDNS
12
3
By courtesy of Johan WikmanPresented in EuroOSCON 2006
Mobile Middleware IMobile Middleware I
•Middleware is typically designed and implemented for fixed-network hosts
– High bandwidth, low latency, reliable communication
– Persistent storage and sufficient computing power
– No mobility
•Mobile environment requires new solutions
– Existing middleware services do not scale
– Previous lectures: mobility is challenging
– Small devices / embedded systems pose totally different challenges
Mobile Middleware IIMobile Middleware II
•Goals for middleware:
– fault-tolerance, adaptability, heterogeneity,scalability, resource sharing
•Mobile middleware
– dynamically changing context
– decoupled
• events, tuple spaces
– Basic solution for wireless
• Use a proxy
Wireless CORBAWireless CORBA
•CORBA does not support accessing mobile objects or wireless communication
– Wireless CORBA specification
•Three basic requirements
– Invocations from mobile objects
– Invocations to mobile objects
– Wireless communication
• Home bridge
•Access bridges
•Tunnelling over wireless
•Handoff protocols
Mobile IP vs. WCORBAMobile IP vs. WCORBA
•MIP addresses host mobility, not object mobility
•MIP does not specifically support wireless protocols
•MIP hides all handoff events
– location-aware services difficult to implement
ArchitectureArchitecture• Redirects requests for services on the terminal• Keeps track of the current access bridge• Other side end of the Access Bridge
• Encapsulate/decapsulates msgs• Generates mobility events
• Encapsulates, forwards or ignores incoming GIOP messages• Decapsulates and forwards messages from the GIOP tunnel• Generates mobility events• Lists available services
• Abstract transport-independent tunnel for GIOP messages• Concrete tunnels for TCP/IP, UDP/IP and WAP WDP.• Protocol requires reliable and ordered delivery
HandoffsHandoffs
•Network initiated handoff
– started by an external application
– optional to support make-before-break
•Terminal initiated handoff
– terminal discovered a new Access Bridge
– make-before-break is required
•Access recovery
•The Home Location Agent is updated
•Old Access Bridges are informed
•Mobility events are generated in the visited domain and the terminal domain
Indirection PointsIndirection Points
•Mobility may be characterized by indirection points
– Mobile IP
• Single fixed indirection point
– Location / Identity split
• Single indirection point
– SIP
• Single fixed indirection point (home domain) (other are possible)
– Content-based routing
• Many indirection points
Lessons to learnLessons to learn
•Hierarchical routing likely to stay
– Addresses carry topological information
– Efficient and well established
•Applications face changing connectivity
– QoS varies
– periods of non-connectivity
•Identifiers and locators likely to split
•Mobility management is needed
•Probably changes in directory services
– Overlays have been proposed
SummarySummary
•Topology based routing is necessary
•Mobility causes address changes
•Address changes must be signalled end-to-end
– Alternative: use triangular routing as in Mobile IP
•Mobility management needed
– Initial rendezvous: maybe a directory service
– Double jump problem: rendezvous needed
•Many engineering trade-offs