survivability evaluation of sigma and mobile ip

Wireless Pers CommunDOI 10.1007/s11277-007-9267-2

Survivability evaluation of SIGMA and mobile IP

Shaojian Fu · Mohammed Atiquzzaman

Received: 22 May 2006 / Accepted: 22 January 2007© Springer Science+Business Media B.V. 2007

Abstract Mobile IP has been developed by IETFto handle mobility of Internet hosts at the networklayer. Mobile IP suffers from a number of draw-backs, including low survivability due to single-pointfailure of Home Agents. Recently, Seamless IPdiversity based Generalized Mobility Architecture(SIGMA) was proposed to support low latency,low packet loss mobility of IP hosts. In this pa-per, we show that the location management schemeused in SIGMA enhances the survivability of theSIGMA-based mobile network. We develop ananalytical model to evaluate and compare the sur-vivability of SIGMA with that of Mobile IP.Numerical results show the improvement in sys-tem response time and service blocking probabil-ity of SIGMA over Mobile IP in the presence ofhardware failures and Distributed Denial of Ser-vice (DDoS) attacks.

The research reported in this paper was funded by NASAGrants NAG3-2922 and NNX06AE44G

S. FuOPNET Technologies, 7255 Woodmont Avenue,Bethesda, MD 20814-7900, USA

M. Atiquzzaman (B)School of Computer Science, University of Oklahoma,Norman, OK 73019-6151, USAe-mail: [email protected]

Keywords Mobility Management ·Survivability · Mobile IP · Modeling

1 Introduction

Mobile IP (MIP) [13] is designed to handle mobil-ity of Internet hosts at the network layer. MIP suf-fers from a number of drawbacks, one of whichis low survivability due to single-point failure ofHome Agents. MIP is based on the concept ofHome Agent (HA) for recording the current loca-tion of the Mobile Host (MH), and forwardingpackets to MH when it moves out of its home net-work. In MIP, the location database of the mobilenodes are distributed across all the HAs that arescattered at different locations (home networks).According to principles of distributed computing,this approach appears to have good survivabil-ity. However, MIP’s location management schemesuffers from the following two major drawbacks,resulting in low survivability:

• Each user’s location and account informationis only accessible through its HA. The transpar-ent replication of the HA, if not impossible, isnot an easy task as it involves extra signalingsupport as proposed in [9].

• HAs have to reside in the home network of anMH in order to intercept the packets sent to theMH. For scenarios where the complete home

S. Fu, M. Atiquzzaman

network is located in a hostile environment, thefailure of the home network makes all the MHsof the home network inaccessible, regardless ofwhether a specific MH is physically attached tothe home network.

As the amount of real-time traffic over wirelessnetworks keeps growing, the deficiencies of thenetwork layer based Mobile IP, in terms of highlatency and packet loss, becomes more obvious.Since most of the applications in the Internet areend-to-end, a transport layer mobility solutionwould be a natural candidate as an alternativeapproach. A number of transport layer mobilityprotocols have been proposed, for example,MSOCKS [10] and connection migration solution[15] in the context of TCP, and M-SCTP [18] andmobile SCTP [8] in the context of SCTP [5]. In ourprevious study in [6], we proposed a new archi-tecture for supporting low latency, low packet lossmobility, called Seamless IP diversity based Gener-alized Mobility Architecture (SIGMA), and eval-uated its handover performance compared withMIP and its enhancements.

The location management and data traffic for-warding functions in SIGMA are decoupled, allow-ing it to overcome the drawbacks of MIP in termsof survivability. In SIGMA, location managementcan be achieved by DNS servers, which can bedeployed anywhere in the Internet and in a highlysecure location. Also, it would be fairly straightfor-ward to duplicate the Location Managers (LMs)since they are not responsible for user data for-warding.

The location management of SIGMA does notrequire any manual configuration among the rootservers. Only the Authorative Name Server (ANS)of DNS is periodically updated using the securedynamic DNS update protocol [17] to reflect thenew location of the mobile node. The ANS is thelast server in the DNS hierarchy which can be up-dated without any scalability issues. For example,secure dynamic DNS update is currently used byInternet search companies like Yahoo and Go-ogle to balance the load among their differentservers. SIGMA uses the well tested and widelyused stable DNS system which has beenshown to work reliably in the currentInternet.

In the literature, two recent papers haveaddressed the problem of MIP survivability [19]and [7]. T. You et al. proposed allowing MH to reg-ister with multiple Mobility Anchor Points (MAPs)to avoid single point of failure [19]. Jan et al. [7]used a similar idea as SIGMA; the authors pro-posed a scheme to move HA (they call it Loca-tion Register) to a secure location, and duplicateHA through some translation servers or a QuorumConsensus algorithm borrowed from distributeddatabase systems [7]. Lin and Arul [9] proposedusing backup mobility agents to increase the sur-vivability of MIP. They have shown analytically theimprovement in MIP’s ability to survive failures ofmobility agents. Pack et al. [19] proposed usingmultiple Mobility Anchor Points to increase thefaulty tolerance of Hierarchical Mobile IP. How-ever, none of the above papers analytically mod-eled the survivability of MIP. The objective of thispaper is to show, using analytical models, that thelocation management scheme used in SIGMA en-hances the survivability of a mobile network. Thecontributions of this paper can be summarized as:

• Investigate reasons for higher survivability ofSIGMA over MIP.

• Develop an analytical model based MarkovReward Process to determine the survivabilityof SIGMA.

• Compare the survivability of SIGMA and MIPin terms of system availability and user responsetime.

The rest of this paper is structured as follows:Section 2 reviews the basic idea of SIGMA andits location management scheme, Sect. 3 illustratesthe basic reason for SIGMA achieving higher sur-vivability than MIP. The analytical models forSIGMA and MIP survivability are described inSect. 4, and followed by the numerical results inSect. 5. Finally, concluding remarks are presentedin Sect. 6.

2 A brief introduction to SIGMA and itsLocation Management

Seamless IP diversity based Generalized Mobili-ty Architecture (SIGMA) [6] is a new scheme forsupporting low latency, low packet loss mobility


for IP hosts. It can cooperate with normal IPv4 orIPv6 infrastructure without the support of MobileIP. The basic idea of handover in SIGMA is to ex-ploit IP diversity (multihoming) to keep the oldpath alive during the process of setting up the newpath to achieve a seamless handover. SIGMA re-lies on the signaling message exchange between theMH, correspondent node (CN), and location man-ager (LM). For every handover, MH sends bindingupdate and location update to CN and LM, respec-tively.

2.1 Handover process of SIGMA

A typical mobile handover in SIGMA using SCTPas an illustration is shown in Fig. 1, where theMobile Host (MH) is multi-homed node connectedthrough two wireless access networks. Correspon-dent node (CN) is a single-homed node sendingtraffic to MH.

The handover process of SIGMA can be de-scribed by the following five steps [6]: (1) obtainnew IP address; (2) add IP addresses into the trans-port layer association (this requires the transportlayer protocol supporting multihoming); (3) redi-rect data packets to new IP address; (4) Updatelocation manager (LM); (5) Delete or deactivateobsolete IP address.

Fig. 1 An SCTP association with multi-homed mobile host

2.2 Location management of SIGMA

SIGMA needs to setup the LM for maintaininga database of the correspondence between MH’sidentity and its current IP address. Unlike MIP, thelocation manager in SIGMA is not restricted tothe same subnet as MH’s home network (in fact,SIGMA has no concept of home or foreign net-work). The location of the LM has no impact onthe handover performance of SIGMA. This willmake the deployment of SIGMA much more flex-ible than MIP.

The location management is done as shown inFig. 2: (1) MH updates the location manager withthe current primary IP address. (2) When CN wantsto setup a new association with MH, CN sends aquery to the location manager with MH’s iden-tity (home address, domain name, or public key,etc.) (3) Location manager replies to CN with thecurrent primary IP address of MH. (4) CN sends asignaling message to MH’s new primary IP addressto setup the association.

If we use domain name as MH’s identity, we canmerge the location manager into a DNS server.The idea of using a DNS server to locate mobileusers can be traced back to [18]. The advantage ofthis approach is its transparency to existing net-work applications that use domain name to IPaddress mapping. An Internet administrative do-main can allocate one or more location serversfor its registered mobile users. Compared to MIP’srequirement that each subnet must have a location

Fig. 2 Location management in SIGMA


management entity (which is HA), SIGMA sig-nificantly reduces system complexity and operatingcost significantly by not having such a requirement.Moreover, the survivability of the whole system isalso enhanced as discussed in Sect. 3. Note thatIn SIGMA, the location lookup operation is onlyrequired once at transport layer association setuptime. After that, no location lookup required forcurrently connected correspondent nodes, even ifmobile host changes location. Generally, users aremuch more tolerant to the latency incurred at asso-ciation setup time, so the location lookup latencycaused by DNS queries is acceptable. The moredetailed discuss on SIGMA location managementcan be found in the other two papers of us [1,14].

3 Survivability comparison of SIGMA and MIP

In this section we discuss the survivability of MIPand SIGMA. We highlight the limitations of MIPin terms of survivability, and discuss how those lim-itations are avoided in SIGMA.

3.1 Survivability of MIP

In MIP, the location database of the mobile nodesare distributed across the HAs that are scatteredat different locations (home networks). Accordingto principles of distributed computing, thisapproach appears to have good survivability. How-ever, MIP’s location management scheme suffersfrom the following two major drawbacks as givenbelow:

• If we examine the distribution of the mobileusers’ location information in the system, weobserve that each user’s location and accountinformation can only be accessible through itsHA; these information are not truly distributedto increase the survivability of the system. Thetransparent replication of the HA, if not impos-sible, is not an easy task as it involves extrasignaling support as described in [9].

• Even if we replicate a HA to another agent,these HAs have to be located in the home net-work of an MH for intercepting packets sentto the MH. If the complete home network is

located in a hostile environment, such as a bat-tlefield, the possibility of all HAs being de-stroyed is relatively high. In the case of failureof a home network, all the MHs belonging tothe home network would be inaccessible.

3.2 Centralized location management of SIGMAoffers higher survivability

Referring to Fig. 2, SIGMA uses a centralizedlocation management approach. As discussed inSect. 2, the location management and data traf-fic forwarding functions in SIGMA are decoupled,allowing it to overcome many of the drawbacksof MIP in terms of survivability (see Sect. 3.1) asgiven below:

• The LMs can be based on a DNS-like struc-ture, or can be combined with a DNS server.It is, therefore, easy to replicate the LocationManager of SIGMA at distributed secure loca-tions to improve survivability.

• Only location updates/queries have to be di-rected to the LM. Data traffic do not passthrough the LM. Thus, the LM does not haveto be located in a specific network to interceptdata packets destined to a particular MH. It isthus possible to avoid physically locating theLM in a hostile environment; it can be locatedin a secure environment, making it highly avail-able.

Figure 3 illustrates the survivability of SIGMA’slocation management, implemented using DNSservers. Currently, 13 servers in the Internet [3]constitute the root of the DNS name space hierar-chy. There are also several delegated name serversin the DNS zone [16], one of which is primary andthe rest are for backup and they share a commonlocation database. If an MH’s domain name be-longs to a DNS zone, the MH is managed by thename servers in that zone. When the CN wishes toestablish a connection with the MH, it first sends arequest to one of the root name servers, which di-rects the CN to query the intermediate name serv-ers in the hierarchy. Eventually, CN obtains the IPaddresses of the name servers in the DNS zoneto which the MH belongs. The CN then tries tocontact the primary name server to obtain MH’s


Fig. 3 Survivability of SIGMA’s location management

current location. If the primary server is down,CN drops the previous request and retries backupname server 1, and so on. When a backup serverreplies with the MH’s current location, the CNsends a connection setup message to MH. Thereis an important difference between the concept ofMH’s DNS zone in SIGMA and MH’s home net-work in MIP. The former is a logical or soft bound-ary defined by domain names, while the latter isa hard boundary determined by IP routing infra-structure.

If special software is installed in the primary/backup name servers to constitute a high-availabilitycluster, the location lookup latency can be furtherreduced. During normal operation, heart beat sig-nals are exchanged within the cluster. When theprimary name server goes down, a backup nameserver automatically takes over the IP address ofthe primary server. A query request from a CNis thus transparently routed to the backup serverwithout retransmission of the request from the CN.

Other benefits of SIGMA’s centralized locationmanagement over MIP’s location management canbe summarized as follows:

• Security: Storing user location information ina central secure database is much more sec-ure than being scattered over various HomeAgents located at different sub-networks (inthe case of Mobile IP).

• Scalability: SIGMA’s location servers do notintervene with data forwarding task, whichhelps in adapting to the growth in the numberof mobile users gracefully.

• Manageability: SIGMA’s centralized locationmanagement provides a mechanism for anorganization/service provider to control useraccesses from a single server.

4 Analytical model

The aim of our model is to perform a combinedanalysis of system availability and performanceevaluation. J. Meyer defined a new measure calledperformability [11,12], which will be used in thispaper to measure the survivability of SIGMA andMIP. A performability model consists of an avail-ability sub-model, a performance sub-model, anda glue model that combines these two sub-models.We choose Markov Reward Model as the glue modelsince it provides a natural framework for an inte-grated specification of state transitions due to serverfailures and system performance (equivalent to re-ward) under each system state.

4.1 Networking architecture

Our analytical model is based on the networkingarchitecture shown in Fig. 4. The router forwardslocation updates from MHs, location queries fromCNs, and Distributed Denial of Service (DDoS) [4]attack traffic to N location managers according toa round-robin policy. Each location manager hasan independent queue of size K packets. Afterprocessing of a packet by a location manager, theacknowledgement/reply to the update/query/attackpackets are transmitted back to their originators.

Router

S1

S2

SN

K

Locationupdates/queries/

DDoS attacks

Ack/Replies

Fig. 4 Queuing model of N location managers


4.2 Assumptions and notations

We have made the following assumptions in ouranalytical model to make it computationally trac-table:

• Arrival of location updates, queries, and DDoSattacks are Poisson processes.

• Location managers can not differentiate DDoSattack traffic from legitimate traffic.

• All location managers share common set ofMH’s mobility bindings.

• Processing time of location updates, queries,and DDoS attacks are exponential distributedand have same mean value. We assume DDoSattacks have same processing time as locationupdates or queries since these attacks will eitheremulate a update or a query packet to get aroundthe firewall. We assume the location update andquery have same processing time mainly to con-trol the complexity of the underlying CTMC.

• Hardware failures can be perfectly covered1,i.e. system can degrade gracefully when one ofthe working server fails.

• Hardware failures always occur on the serverswith heaviest load.

Following are the notations that will be used inour analytical model:

N total number of location managers.λu, λq, λa arrival rate of location updates, queries,

and DDoS attacks, respectively.λ summation of λu, λq, λa.µ location manager processing rate.K queue size of each location manager

(packets).γ , δ hardware failure rate and repair rate,

respectively.τ Mean Time To Failure (MTTF)φ Mean Time To Repair (MTTR)

4.3 Combined system availability & performancemodel for SIGMA survivability

The objective of our model is to determine theaverage response time and blocking probability of

1 In an imperfect coverage system, some failures are impos-sible to be detected and the failure of one component willhalt the whole system.

SIGMA due to hardware failures and DDoS att-acks. We use a two-dimensional Continuous TimeMarkov Chain (CTMC) to capture system char-acteristics. The state transition diagram is shownin Fig. 5, in which each state is labelled as (Nw,L), where Nw is the number of currently workingservers and L is the total number of packets inthe system. When Nw equals N, since each serverhas a queue size of K, the maximum value of L isK′′ = N ×K. Similarly, When Nw equals N −1, themaximum value of L is K′ = (N − 1) × K.

We illustrate the transition diagram through sev-eral transition types:

• Current state is (s,p) with p < s × K, arrivalof one update/query/attack packet will changethe state to (s,p + 1). Since router use a round-robin policy, each server has equal share ofload. Therefore, the transition rate is λ/N.

• Current state is (s,p) p ≥ 1, departure of onepacket will change the state to (s,p − 1). Sinceeach server has equal processing rate of µ, the-refore, the transition rate is µ.

• Current state is (s,0) with s ≥ 1, the hardwarefailure of any one server (happens with a rateof Nγ ) will make the next state (s − 1,p).

• Current state is (s,p) with s, p ≥ 1 and, onehardware failure will make the next state (s −1,p − 1). Since we assume the hardware failurealways occurs on the servers with heaviest load(equals one in this case), the packets assignedto the failed server will be lost.

• Current state is (s,p) with s < N, the repair ofthe failed server will change the state of (s +1,p).

We can determine each element of infinitesimalgenerator matrix Q of CTMC shown in Fig. 5 asfollows:

qi,j =

⎧⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎨

⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎩

λ/Nw j = i + 1, Li ≤ NwK (arrival)

µ j = i − 1, Li ≥ 1 (departure)

γ Nw j = i −⌈

i−1Nw

⌉− K(Nw−1)

2 (failure)

δ j = i + NwK + 1 (repair)

0 other j �= i

−∑mk=1 qi,k j = i, k �= i

(1)


Fig. 5 State digram of Nlocation managers

Where Li is the total number of packets in systemwhen current state is labelled as i, and m is the sizeof matrix, which is given by:

m = KN(N + 1)

2+ (N + 1) (2)

The j in arrival, departure, and repair cases ofEq. 1 are self-describing. Equation 3 shows howj is determined in the failure case of Eq. 1.

j =⎛

⎝i − 1 −Nw−1∑

x=0

xK∑

z=0

1

⎞

⎠

−⎡

⎢⎢⎢

(i − 1 − ∑Nw−1

x=0∑xK

z=0 1)

Nw

⎤

⎥⎥⎥

+⎛

⎝1 +Nw−2∑

x=0

xK∑

z=0

1

⎞

⎠

= [i − (Nw − 1)K − 1

]

−⎡

⎢⎢⎢

(i − 1 − ∑Nw−1

x=0∑xK

z=0 1)

Nw

⎤

⎥⎥⎥

= i −⌈

i − 1Nw

⌉

− K(Nw − 1)

2(3)

Once we have determined the infinitesimal gen-erator matrix Q, we can compute the stationarydistribution of the CTMC π by:

πQ = 0 (4)

When a packet arrives, if the system is in state (0,0)or state (Nw,NwK), the packet is dropped since noservice is possible. Therefore, the blocking proba-bility can be calculated by:

Pb = πBT

where B = [1, B1, . . . Bj . . . BN],and Bj = [0, . . . 0, 1]jK+1, j = 1, . . . , N (5)

The average number of packets in the whole sys-tem can be calculated by:

E[n] = πvT

where v = [v0, v1, . . . vj . . . vN],and vj = [0, 1, . . . jK], j = 0, . . . , N (6)

According to Little’s law, the system response timecan be determined by:

E[T] = E[n]λaccepted

= E[n]λ(1 − Pb)

(7)


4.4 Analytical model for MIP survivability

In this section, the survivability of MIP is analyzed.We use the same assumptions and notations as usedfor SIGMA in Sect. 4.2. Additionally, if λd is thearrival payload data traffic rate at HA, then λ =λu + λq + λa + λd. Two modes of MIP will be con-sidered here:

• Single server mode: only one HA is availablefor a network. Once failure happens, all servicerequests are blocked until the server repaired.

• Standby mode: there are multiple HAs avail-able, one of which is the primary HA. Once theprimary HA fails, one of the backup HAs willbe switched in within time Tsw. During Tsw, allservice requests are blocked.

Both these two MIP modes can be modelledby a CMTC as shown in Fig. 6. At any time in-stants, at most one HA can be serving requests.Any hardware failure will move the state from(1,L), (L = 1, 2, . . . , K) to (0,0). In the single servermodel, state (0,0) models the time for server repair,whereas in standby mode, state (0,0) models thetime required for switching a standby server into aprimary one. Therefore, the value of δ in Fig. 6 canbe determined as follows:

δ ={

1MTTR (single server mode)

1Tsw

(standby mode)(8)

From now on, we will use the same techniqueas used in Sect. 4.3 to compute the average systemresponse time and service blocking probability bysetting N = 1, and δ to the value given in Eq. 8.

We can determine each element of infinitesimalgenerator matrix Q of MIP CTMC shown in Fig. 6as follows:

Fig. 6 State digram of MIP HA

qi,j =

⎧⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎨

⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎪⎩

λ j = i + 1, Li ≤ K (arrival)

µ j = i − 1, Li ≥ 1 (departure)

γ j = 1 (failure)

δ i = 1, j = 2 (repair)

0 other j �= i

−∑mk=1 qi,k j = i, k �= i

(9)

We can follow the same procedure shown inEqs. 4–7 to calculate the number of packets in sys-tem and the system response time in MIP CTMC.

5 Numerical Results

In this section, we evaluate the survivability ofSIGMA using the analytical model developed inSect. 4. The survivability of SIGMA is also com-pared with that of MIP. The survivability ismeasured by the combined performance index con-sisting of system response time and blocking prob-ability.

5.1 SIGMA survivability

First, we look at the impact of DDoS attackstrength (λa) on the system response time. We setN = 3, λu = 0.2, λq = 0.4, µ = 2, 1/δ = 24 h, andK = 10 packets. As shown in Fig. 7, with increasingDDoS attack strength, the system response timeincreases dramatically compared to its normal val-ues. Also, with more frequent hardware failures(smaller MTTF values), the system response timealso increases due to less working server availableto process client requests.

Next, we look at the impact of DDoS attackstrength on the system blocking probability. Asshown in Fig. 8, with increasing DDoS attackstrength, the system blocking probability increases,due to fewer buffer space available to serve legit-imate client requests. As expected, the impact ofDDoS attack on blocking probability increases asK decreases. Therefore, increasing the value ofK can decrease the sensitivity of system blockingprobability to DDoS attack.


0 0.5 1 1.5 2 2.5 30

0.2

0.4

0.6

0.8

1

1.2

1.4

DDoS attack strength (λa)

Sys

tem

res

pons

e tim

e (s

ec)

MTTF=120 hoursMTTF=240 hoursMTTF=480 hoursMTTF=960 hours

Fig. 7 Impact of DDoS attack strength on system responsetime

0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 20.035

0.04

0.045

0.05

0.055

0.06

0.065

0.07

0.075

0.08


Ser

vice

blo

ckin

g pr

obab

lity

K=10K=20K=30K=40

Fig. 8 Impact of DDoS attack strength on blocking proba-bility

Figure 9 shows the impact of MTTR on sys-tem response time. We can observe the average re-sponse time increases with increasing repair time.This is because once a server fails, it needs longertime to repair. Thus fewer working server are avail-able to process client requests when MTTR is high,resulting in a high response time.

Finally, Fig. 10 shows the impact of LimitingAvailability on system response time. The limitingavailability is defined as α = MTTF

MTTF+MTTR , whichdenotes the long range average percentage of avail-able time. As expected, when α increase, the systemresponse time decrease.

0 5 10 15 20 250.25

0.3

0.35

0.4

0.45

0.5

0.55

0.6

0.65

MTTR (hours)

Sys

tem

res

pons

e tim

e (s

ec)

MTTF=120 hoursMTTF=240 hoursMTTF=480 hoursMTTF=960 hours

Fig. 9 Impact of MTTR on system response time

0.9 0.91 0.92 0.93 0.94 0.95 0.96 0.97 0.98 0.99 10.25

0.3

0.35

0.4

0.45

0.5

0.55

0.6

0.65

0.7

0.75

Limiting Availability (α)

Sys

tem

res

pons

e tim

e (s

ec)

K=10K=20K=30K=40

Fig. 10 Impact of hardware limiting availability on systemresponse time

5.2 Survivability comparison of SIGMA and MIP

Now, we compare the survivability of SIGMAagainst MIP. First, we look at the impact of DDoSattack strength (λa) on the system response time,with λd = 0 and Tsw = 10 min, as shown in Fig. 11.The average response time for both modes of MIPis much higher than that of SIGMA, even withλd = 0. MTTF does not have an impact on theresponse time of MIP. This is because we only con-sider the response time for non-blocked requests.Higher MTTF will results in the system staying inthe available state for longer time, at the expenseof higher queueing delays. These two effects cancelout, leaving no effect on the overall response time.

Next, we compare the impact of DDoS attackstrength on the service blocking probability of


SIGMA against MIP. As shown in Fig. 12, forincreasing DDoS attack strength, all schemes in-cur a higher service blocking probability. However,SIGMA has a lower blocking probability than bothmodes of MIP. For MIP standby mode, MTTF doesnot have any obvious impact on the service block-ing probability. This is because Tsw is 10 min, whichis very small compared to MTTF. Once HA fails,it is deemed to be replaced by a new one immedi-ately.

Figure 13 compares the impact of data trafficstrength (λd) on the service blocking probability ofSIGMA against MIP, with λa = 1. Since SIGMAdecouples location management from data forwar-ding, the data traffic strength does not have im-pact on the service blocking probability. For MIP,

1 1.5 2 2.5 3 3.5 4 4.5 50

0.5

1

1.5

2

2.5

3

3.5

4

4.5

5


Sys

tem

res

pons

e tim

e (s

ec)

MIP single mode, MTTF=120 hoursMIP standby mode, MTTF=120 hoursSIGMA, MTTF=120 hoursMIP single mode, MTTF=960 hoursMIP standby mode, MTTF=960 hoursSIGMA, MTTF=960 hours

Fig. 11 Impact of DDoS attack strength on systemresponse time for λd = 0

0 2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1


Ser

vice

blo

ckin

g pr

obab

lity


Fig. 12 Impact of DDoS attack strength on blocking prob-ability for λd = 0

0 2 4 6 8 10 12 14 16 18 200

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Data traffic arrival rate (λd)

Ser

vice

blo

ckin

g pr

obab

lity


Fig. 13 Impact of data traffic strength on blocking proba-bility

0.82 0.84 0.86 0.88 0.9 0.92 0.94 0.96 0.98 10

0.5

1

1.5

2

2.5

Limiting Availability (α)

Sys

tem

res

pons

e tim

e (s

ec)

MIP single mode, K=10MIP standby mode, K=10SIGMA, K=10MIP single mode, K=40MIP standby mode, K=40SIGMA, K=40

Fig. 14 Impact of hardware limiting availability on systemresponse time

the data traffic contends with location manage-ment traffic for the buffer slots, which increasesthe blocking probability. This observation justifiesour initial design of decoupling the location man-agement from data forwarding function in SIGMA.

Figure 14 compares the impact of hardware lim-iting availability on the response time of SIGMAagainst MIP. As in the case of MTTF in Fig. 11, thelimiting availability does not affect the responsetime of MIP. Since MTTR is fixed, the limitingavailability only depends on MTTF according to itsdefinition. In comparison, higher α (which impliesmore reliable server hardware) results in a lowerresponse time for SIGMA.


6 Conclusions

In this paper, we show that the location manage-ment scheme used in SIGMA enhances the sur-vivability of the mobile network. We developed ananalytical model based Markov Reward Processto evaluate the survivability of location manage-ment schemes of SIGMA and Mobile IP. Numeri-cal results have shown the improvement in systemresponse time and service blocking probability ofSIGMA over Mobile IP in practical environmentsin the presence of the risk of hardware failures andDistributed Denial of Service attacks. The resultsalso justified some choices we have made in design-ing SIGMA, such as, decoupling the location man-agement from data forwarding function to improvethe survivability of SIGMA.

References

1. Atiquzzaman, M., Reaz, A., Fu, S., & Ivancic, W. (2005).Location management of sigma. In NASA earth sciencetechnology conference. Maryland, June 2005.

2. Awerbuch, B., & Peleg, D. Concurrent online trackingof mobile users. In ACM SIGCOMM symposium oncommunications, architectures and protocols (pp. 221–233). September 1991.

3. Bush, R., Karrenberg, D., Kosters, M., & Plzak, R.(2000). Root name server operational requirements.IETF RFC 2870, June 2000.

4. Chang, R. K. C. (2002). Defending against flooding-based distributed denial-of-service attacks: A tutorial.IEEE Communications Magazine, 40(10), 42–51.

5. Fu, S., & Atiquzzaman, M. (2004). SCTP: State of the artin research, products, and technical challenges. IEEECommunications Magazine, 42(4), 64–76.

6. Fu, S., Atiquzzaman, M., Ma, L., & Lee, Y. (2005). Sig-naling cost and performance of SIGMA: A seamlesshandover scheme for data networks. Journal of WirelessCommunications and Mobile Computing, 5(7), 825–845.

7. Jan, R., Raleigh, T., Yang, D., & Chang L. F. et al.Enhancing survivability of mobile Internet access usingmobile IP with location registers. In IEEE INFOCOM,pp. 3–11, March 1999.

8. Koh, S. J., Lee, M. J., Ma, M. L., & Tuexen, M. (2004).Mobile SCTP for Transport Layer Mobility. draft-sjkoh-sctp-mobility-03.txt, February 2004.

9. Lin, J.W., & Arul, J. (2003). An efficient fault-tolerantapproach for Mobile IP in wireless systems. IEEETransactions on Mobile Computing, 2(3), 207–220.

10. Maltz, D. A., & Bhagwat, P. (1998). MSOCKS: Anarchitecture for transport layer mobility. In INFOCOM(pp. 1037–1045). San Francisco, USA, March 1998.

11. Meyer, J. (1980). On evaluating the performability ofdegradable computing systems. IEEE Transactions onComputers, 29(8), 720–731.

12. Meyer, J. (1982). Closed-form solutions of performabil-ity. IEEE Transactions on Computers, 31(7), 648–657.

13. Perkins, C. E. (ed.) (2002). IP Mobility Support. IETFRFC 3344, August 2002.

14. Reaz, A., Fu, S., & Atiquzzaman, M. (2005). Lperfor-mance of dns as a location manager for mobile net-works. In IEEE electro/information technology confer-ence, Lincoln, NE, May 2005.

15. Snoeren, A. C., & Balakrishnan, H. (2000). An end-to-end approach to host mobility. In ACM MobiCom (pp.155–166). Boston, MA, August 2000

16. Stevens, W. R. (1994). TCP/IP Illustrated, Vol 1 (TheProtocols), Addison Wesley, November 1994.

17. Vixie, P., Thompson, S., Rekhtar, Y., & Bound, J. (1997).Dynamic updates in the domain name system (DNSupdate). IETF RFC 2136.

18. Xing, W., Karl, H., & Wolisz, A. (2002). M-SCTP: De-sign and prototypical implementation of an end-to-endmobility concept. In 5th international workshop on theinternet challenge: Technology and applications. Berlin,Germany, October 2002.

19. You, T., Pack, S., & Choi, Y. (2003). Robust hierarchi-cal mobile IPv6 (RH-MIPv6): an enhancement for sur-vivability and fault-tolerance in mobile IP systems. InIEEE 58th vehicular technology conference (pp. 2014–2018). October Fall 2003.

Shaojian Fu receiveda B.E. degree in trans-portation engineeringin 1997 and an M.E.degree in systems engi-neering in 2000, bothfrom Northern Jiao-tong University, Beij-ing, P. R. China.During 2000–2001 heworked with Bell LabsChina, Lucent Tech-nologies in the area ofnetwork surveillanceand performance man-agement. He earned

his Ph.D. degree at the School of Computer Science, Uni-versity of Oklahoma, and currently works at OPNET. Hisresearch interests are in the areas of wireless communica-tions, IP mobility, transport protocols, network simulation,and embedded reconfigurable computing.


Mohammed Atiquzz-aman ([email protected])received M.Sc. andPh.D. degrees in elec-trical engineering fromthe University ofManchester, England.Currently he is a pro-fessor of ComputerScience at the Univer-sity of Oklahoma. Heis Co-Editor-in-Chiefof Computer Commu-nications Journal, andserves on the editorialboards of IEEE Com-

munications Magazine, Wireless and Optical NetworksJournal, Real Time Imaging Journal, International Jour-nal of Sensor Networks, and Telecommunication Systems.

He was technical co-chair of HPSR 2003 and the SPIE Qual-ity of Service over Next-Generation Data Networks Con-ference (2001, 2002, and 2003). He serves on the technicalprogram committee of many national and international con-ferences, including IEEE INFOCOM and IEEE GLOBE-COM. His current research interests are in wireless, satel-lite, and mobile networks, QoS for next-generation Inter-net, broadband networks, and multimedia over high speednetworks. He is the c-chair of Next Generation Networks.Symposium at Globecom’06 and Wireless CommunicationsSymposium at ICC’06. He is a coauthor of the book TCP/IPover ATM Networks. He has taught many short coursesto industry in the area of computer and telecommunica-tion networking. His research has been supported by stateand federal agencies like NSF, NASA, U.S. Air Force, OhioBoard of Regents, and DITARD (Australia). He has over150 refereed publications in the above areas, most of whichcan be accessed at http://www.cs.ou.edu/∼atiq.

survivability evaluation of sigma and mobile ip

Documents