mobile ipv6 activities at lancaster university - 6net · mobile ipv6 activities at lancaster...
TRANSCRIPT
Mobile IPv6 Activities at Mobile IPv6 Activities at Lancaster UniversityLancaster University
Martin DunmoreMartin DunmoreLancaster University, UKLancaster University, UK
[email protected]@comp.lancs.ac.uk
AgendaAgenda
Overview of Mobile IPv6Overview of Mobile IPv6
(Mobile) IPv6 projects at Lancaster(Mobile) IPv6 projects at Lancaster
Wireless Overlay Wireless Overlay NetworksNetworks
Large number of heterogeneous networks…Large number of heterogeneous networks…SatelliteSatelliteGSMGSMCDPD/GPRSCDPD/GPRSDECTDECTWireless LANWireless LANBluetoothBluetoothIRIRWired Networks
USRAGPRS
UTRA WLANPicocell
Microcell
Macrocell
Satellite
Wired Networks
In combination, these form Overlay Networks
System RequirementsSystem Requirements
In a word, In a word, connectivityconnectivity–– Roaming across heterogeneous networksRoaming across heterogeneous networks–– Rapid response to changes in network Rapid response to changes in network
environmentenvironment–– Effective bandwidth Effective bandwidth utilisationutilisation–– TransparencyTransparency–– Support for continuous mediaSupport for continuous media
InternetworkInternetwork RoamingRoaming
Need for an Need for an InternetworkInternetwork Protocol…Protocol…–– What Protocol?What Protocol?–– Deployment time of UMTS / uptake of Deployment time of UMTS / uptake of
overlay networksoverlay networks–– Support for Support for
ScalabilityScalabilityMultimediaMultimediaAutoconfigurationAutoconfigurationInteroperabilityInteroperability
What about Roaming?What about Roaming?
IPv6 gives you scalability and IPv6 gives you scalability and heterogeneity…heterogeneity…What about mobility?What about mobility?
Why IPv6 doesn’t work…Why IPv6 doesn’t work…
IPv6 routes packets based on network IPv6 routes packets based on network prefix information…prefix information…
IPv6 Data
IPv6Network
Why IPv6 doesn’t work…Why IPv6 doesn’t work…
IPv6 routes packets based on network IPv6 routes packets based on network prefix information…prefix information…
IPv6Network
IPv6 Data
Mobile IPv6 OverviewMobile IPv6 Overview
Routing protocol for mobile IPv6 hostsRouting protocol for mobile IPv6 hosts–– Nothing more, nothing lessNothing more, nothing less–– Transparent to upper layer protocols and Transparent to upper layer protocols and
applicationsapplicationsUncommon protocol architecture…Uncommon protocol architecture…–– Tries to avoid actively involving routers!Tries to avoid actively involving routers!–– Protocol state held in endProtocol state held in end--stationsstations
Mobile nodesMobile nodesCorrespondent nodesCorrespondent nodes
–– One exception… the One exception… the Home AgentHome Agent
Mobile IPv6 OperationMobile IPv6 Operation
Mobile Nodes ‘Acquire’Mobile Nodes ‘Acquire’–– Home addressHome address–– Home agentHome agent
When away from homeWhen away from home–– Acquire careAcquire care--of addressof address–– Register careRegister care--of address with home agent of address with home agent
and any relevant correspondent nodes…and any relevant correspondent nodes…–– Mobile IPv6 ensures correct routingMobile IPv6 ensures correct routing
Mobile IPv6 Operation Mobile IPv6 Operation ctdctd..
Mobile IPv6 bindings cacheMobile IPv6 bindings cache–– Maintains a mapping between mobile node’s Maintains a mapping between mobile node’s
home and its current carehome and its current care--of addressof address–– Held by home agents and correspondentsHeld by home agents and correspondents–– Provides info to allow correct routing of IPv6 Provides info to allow correct routing of IPv6
packets to mobile node via IPv6 routing packets to mobile node via IPv6 routing header…header…
–– Provides a deProvides a de--coupling between an IPv6 coupling between an IPv6 address and routing informationaddress and routing information
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
IPv6 Data
IPv6 DataBinding Update
Binding Update
Router AdvertisementRouter Solicitation
IPv6 Data
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Home Agent
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Home Agent
IPv6Network
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
Okay, but what if we move again?Okay, but what if we move again?
Two casesTwo cases–– Move from on foreign network to anotherMove from on foreign network to another–– Return home…Return home…
Need to send more binding updates…Need to send more binding updates…
Mobile IPv6 ExampleMobile IPv6 Example
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Home Agent
IPv6Network
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Router AdvertisementRouter Solicitation
Binding Update
2001:630:80:7000::12001:630:80:9000::1
Bindings Cache
Home Agent
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:9000::1
How to update How to update correspondent?correspondent?
Bindings cache entry out of date…Bindings cache entry out of date…
SolutionSolution–– Maintain a list of active correspondent nodes Maintain a list of active correspondent nodes
in mobile node.in mobile node.–– Generated when a tunnelled packet received Generated when a tunnelled packet received
from home agentfrom home agent–– Known as the Known as the binding update listbinding update list
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
IPv6 Data
IPv6 Data
Binding UpdateIPv6 Data
CN’s IPv6 AddressBinding Update List
2001:630:80:7000::12001:630:80:8000::1
Bindings CacheCN
Home Agent
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
2001:630:80:7000::12001:630:80:8000::1
Bindings CacheCN
Home Agent
IPv6Network
CN’s IPv6 AddressBinding Update List
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Router AdvertisementRouter Solicitation
Binding Update
2001:630:80:7000::12001:630:80:9000::1
Bindings Cache
CN’s IPv6 AddressBinding Update List
2001:630:80:7000::12001:630:80:9000::1
Bindings Cache
CNHome Agent
IPv6 Data
Binding UpdateHome Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:9000::1
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache2001:630:80:7000::12001:630:80:9000::1
Bindings Cache
2001:630:80:7000::12001:630:80:9000::1
Bindings Cache
CN’s IPv6 AddressBinding Update List
CNHome Agent
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:9000::1
What address do we use?What address do we use?
When away from home what address When away from home what address does a mobile node source from?does a mobile node source from?
Its Home Address?Its Home Address?
But what about ingress filtering?But what about ingress filtering?–– Ingress filtering is a security measure taken Ingress filtering is a security measure taken
by many border routers.by many border routers.–– Any packets received by a router on an Any packets received by a router on an
interface which interface which do not matchdo not match the source the source address of that packet are discarded.address of that packet are discarded.
–– Avoids many ‘spoofing’ attacks…Avoids many ‘spoofing’ attacks…
Can’t source from home address, as its Can’t source from home address, as its prefix doesn’t match current location…prefix doesn’t match current location…
Its CareIts Care--Of Address?Of Address?
But what about TCP?But what about TCP?–– TCP uses the IP(v6) source address as an TCP uses the IP(v6) source address as an
indexindex–– Without a device using a consistent IPv6 Without a device using a consistent IPv6
address, no the TCP connection would address, no the TCP connection would break…break…
Can’t source from careCan’t source from care--of address, for of address, for reasons of protocol stability…reasons of protocol stability…The solution?The solution?
Source from BOTH…Source from BOTH…
New IPv6 destination optionNew IPv6 destination optionThe The Home AddressHome Address OptionOption
Included in Included in EVERYEVERY outgoing packetoutgoing packetUnderstood by all correspondent nodesUnderstood by all correspondent nodesHome address replaces source address on Home address replaces source address on reception by destination (correspondent node)reception by destination (correspondent node)
IPv6 packetsIPv6 packetssourced from caresourced from care--of addressof addressContain home address as an optionContain home address as an option
What about network What about network errors?errors?
Mobile IPv6 bindings are Mobile IPv6 bindings are soft statesoft state–– Refreshed periodicallyRefreshed periodically–– Contain sequence numbersContain sequence numbers–– Can be Can be ack’dack’d-- binding binding
acknowledgementsacknowledgements
–– Binding Updates and Binding Updates and AcksAcks are are retransmitted (rate limited) until the retransmitted (rate limited) until the protocol convergesprotocol converges
What Format are the What Format are the Control Messages?Control Messages?
MIPv6 control messages are carried MIPv6 control messages are carried using IPv6 destination optionsusing IPv6 destination options–– Not reliant on higher level protocolsNot reliant on higher level protocols–– Multiple messages per IP packetMultiple messages per IP packet–– Messages can append existing packetsMessages can append existing packets–– E.g. TCP connection requests…E.g. TCP connection requests…
One problem remains…One problem remains…
AuthenticationAuthentication–– Massive security / denial of service attack Massive security / denial of service attack
in MIPv6 as described so far.in MIPv6 as described so far.
–– What’s to stop an attacker sending bogus What’s to stop an attacker sending bogus Binding Update messages?Binding Update messages?
Mobile IPv6 ExampleMobile IPv6 Example
IPv6Network
IPv6 Data
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Care-of Address: dead:dead:dead::1
2001:630:80:7000::1dead:dead:dead::1
Bindings Cache
Binding Update
Home Agent
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
IPv6 and SecurityIPv6 and Security
IPv6 specifies the ESP and AH headers for security IPv6 specifies the ESP and AH headers for security + existing mechanisms (e.g. SSL and IPSEC)+ existing mechanisms (e.g. SSL and IPSEC)
Intended to employ Intended to employ IPSecIPSec to provide algorithms, to provide algorithms, policies and key exchange.policies and key exchange.
Mobile IPv6 was the first foray into the field, and Mobile IPv6 was the first foray into the field, and fell foul of fell foul of IPsec’sIPsec’s lack of progress in lack of progress in standardization and deployment… (IKE + AAA)standardization and deployment… (IKE + AAA)
Return Reachability…Return Reachability…
……or or Route EquivalenceRoute Equivalence..
Argument:Argument:
“All that really matters is that the optimized “All that really matters is that the optimized route is functionally equivalent to a nonroute is functionally equivalent to a non--optimized route”optimized route”
Return ReachabilityReturn Reachability
Home Agent implicitly trustedHome Agent implicitly trusted–– Assumed it is hosted on secure siteAssumed it is hosted on secure site–– Assumed that Assumed that IPsecIPsec is used between mobile host is used between mobile host
and its home agent.and its home agent.
Dynamic key distribution for use with Dynamic key distribution for use with correspondent nodes.correspondent nodes.
Uses cookies to build session keys…Uses cookies to build session keys…
Return ReachabilityReturn Reachability
IPv6Network
Home AgentIPv6 Data
IPv6 Data
Binding Update
HoTI Message
Router AdvertisementRouter Solicitation
IPv6 Data
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
CoT Cookie
HoT Cookie
HoT Cookie
Binding Update+ Session Key
HoT Cookie+
CoT Cookie=
Session Key
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 ExampleMobile IPv6 Example
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
2001:630:80:7000::12001:630:80:8000::1
Bindings Cache
Home Agent
IPv6Network
IPv6 Data
Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1
Mobile IPv6 StatusMobile IPv6 StatusSome interesting facts…Some interesting facts…–– Ericsson: Ericsson:
Developing MIPv6 clients for Developing MIPv6 clients for SymbianSymbian……Demonstrated endDemonstrated end--toto--end IPv6 over GPRS, 14end IPv6 over GPRS, 14thth
November 2000.November 2000.
–– Nokia Nokia IPv6 over live GSM network, 10IPv6 over live GSM network, 10thth May 2000May 2000Work toward IP based GSM interconnectsWork toward IP based GSM interconnects
–– MicrosoftMicrosoftWindows XP shipping with IPv6 support (some MIPv6)Windows XP shipping with IPv6 support (some MIPv6)Windows XP serverWindows XP serverWindows CE 3.1 / 4.0Windows CE 3.1 / 4.0
–– CiscoCiscoIOS image supporting home agent on requestIOS image supporting home agent on request
Mobile IPv6 StatusMobile IPv6 Status
Mobile IPv6 currently at draft v18Mobile IPv6 currently at draft v18–– v19 likely to go to RFCv19 likely to go to RFC
Most implementations still around v15Most implementations still around v15–– No reverse reachability supportNo reverse reachability support–– … watch this space… watch this space
10/8/200310/8/2003 Joe Finney, Lancaster UniversityJoe Finney, Lancaster University
Mobile Mobile IPIPvv66Systems Research Systems Research LaboratoryLaboratory
A joint project between:A joint project between:Cisco, Lancaster University, Cisco, Lancaster University, Microsoft and OrangeMicrosoft and Orange
Main areas of interestMain areas of interestThe workplace
Wireless coverage of lecture theatres will allow experimentation using novel teaching methods and provide better support for conferences.
The use of mobile devices in offices is now fairly commonplace, however, such a diverse test-bed offers many new opportunities for experimentation.
Providing wireless connectivity around hotels means visitors can be permanently on-line -- to the home, the office, or connected just for fun.
Main areas of interestMain areas of interestThe home
Though mainly concerned with mobile systems, the project will also deploy services to homes and University residences. …we aren’t always mobile!
There are many situations where wireless access would make life easier, including home working, database access, or just for entertainment.
Another aspect of the project will be to extend our previous work on context aware systems to many environments, including the home.
Main areas of interestMain areas of interestOut and about
We already have a wireless network around the City providing tourist information. The system also allows families to keep in touch as they roam.
Checking lecture times while on the move or downloading an e-Book while relaxing in a Cafe. …wireless coverage of leisure areas is also high on our list.
Extending our City-wide wireless network would allow new services such as instant price comparisons and access to product information.
Real TournamentReal Tournament
An Augmented Reality Multiplayer An Augmented Reality Multiplayer Gaming EnvironmentGaming Environment
Real TournamentReal Tournament
Take a local park…Take a local park…Enable it with IPv6 connectivityEnable it with IPv6 connectivity
Real TournamentReal Tournament
A team of approx. four playersA team of approx. four playersEach player equipped with an IPv6 Each player equipped with an IPv6 enabled PDA…enabled PDA…
Real TournamentReal Tournament
……and a GPS to track locationand a GPS to track locationWilliamson park idealWilliamson park ideal–– Open spaceOpen space–– Well mappedWell mapped
–– Also a compass for orientationAlso a compass for orientation
Real TournamentReal Tournament
PDA displays location of players, teamPDA displays location of players, team--mates mates … and (of course) monsters… and (of course) monsters
Real TournamentReal Tournament
Synchronisation performed via Synchronisation performed via whatever network is available.whatever network is available.–– 802.11 hotspots allow streamed media802.11 hotspots allow streamed media–– GPRS fallback GPRS fallback –– MIPv6 provides transparencyMIPv6 provides transparency
–– PDAsPDAs have Bluetoothhave Bluetooth–– I/F to GPRS phoneI/F to GPRS phone–– CF 802.11CF 802.11
Real TournamentReal Tournament
Team gameTeam game–– Player need to synchronise their actions Player need to synchronise their actions
to achieve their goal (more points)to achieve their goal (more points)
RealReal--time communicationstime communications–– Group Voice over IPv6 app to Group Voice over IPv6 app to allow players to synchronizeallow players to synchronizeattacksattacks JustTalk Button
Real TournamentReal Tournament
Add Streaming media for a little more Add Streaming media for a little more excitement…excitement…
Stream ID Textual Description Media Server Local IDEncodings
123
45
Babylon 5 TrailerGoodtimesHappy Days - Weezers
FirestarterTrapdoor
MPEG1MPEG1MPEG1H.263MPEG1MPEG1H.263
1.2 Mbps1.1 Mbps1.1 Mbps8 kbps1.3 Mbps1.1Mbps8kbps
10.0.0.210.0.0.2
10.0.0.3
10.0.0.2
10.0.0.3
123
12
In Summary…In Summary…
Application which stresses the testbedApplication which stresses the testbed–– Novel and nonNovel and non--trivialtrivial–– Standard componentsStandard components–– IPv6 enabledIPv6 enabled–– RealReal--timetime–– Context sensitiveContext sensitive
Network environment, user’s location, orientationNetwork environment, user’s location, orientationMore to comeMore to come
… but also provides good PR as a … but also provides good PR as a demonstratordemonstrator
Watch this spaceWatch this space
Real TournamentReal Tournament–– To go live (alpha) in early October 2002To go live (alpha) in early October 2002
Once in prototypeOnce in prototype–– Trial against real users… Trial against real users… –– ReRe--evaluate against standard approachesevaluate against standard approaches
SIP ‘presence’ vs. contextSIP ‘presence’ vs. contextService discoveryService discoveryBroader deployment model for appsBroader deployment model for apps
–– Evaluate testbed InfrastructureEvaluate testbed Infrastructure