mobile networking prasun dewan department of computer science university of north carolina...
TRANSCRIPT
![Page 1: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/1.jpg)
Mobile Networking
Prasun Dewan
Department of Computer Science University of North Carolina
![Page 2: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/2.jpg)
2
Problem
How to provide mobility-transparent network access?
![Page 3: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/3.jpg)
3
INS Support for Mobility Client never sees physical address
Query serves as intentional name for source and destination
Discovery infrastructure also does message routing Conventional model
Get address from query Use address to send message
INS model Send message with query What if multiple services
Anycast• Send to service with least value of metric
Multicast• Send to all matching services• Cannot use internet multicast!
![Page 4: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/4.jpg)
4
INS Problem New communication paradigm
Implemented on top of existing transport layer Not as efficient?
Designed for interaction with mobile appliances
Not traditional applications on mobile nodes No support for stream-based interaction
![Page 5: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/5.jpg)
5
Link-Level Support
Migrating station
![Page 6: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/6.jpg)
6
Handoff Schemes Some central server/router per wireless LAN knows MH
and base station mapping Old base station buffers messages and forwards to new
one Adjacent base stations join a multicast group and buffer
messages Works only for migration within a wireless LAN Can build on the multicast and forwarding ideas?
![Page 7: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/7.jpg)
7
Building on Multicast Idea Each mobile host has an associated unique internet
multicast group Moving from internet address A to B
A leaves multicast group B joins it
Multicast group provides the indirection. Use of multicast here different from traditional multicast
Sparse groups Efficient wide area multicast not available anyway
![Page 8: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/8.jpg)
8
Building on Forwarding Idea
A permanent home address assigned to a mobile host.
An agent able to intercept messages sent to that address keeps track of current location of host and forwards it to the new location.
![Page 9: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/9.jpg)
9
Excerpt from Zhang’00
Start of excerpt
![Page 10: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/10.jpg)
10
Mobility at the Network Layer
Where can you manage mobility? Application Session Transport Network Data-link Physical
Mobile-IP: an extension to current IP architecture To manage mobility at the IP layer To hide mobility from the upper layers
![Page 11: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/11.jpg)
11
Terminology
Mobile Node (MN or MH) Correspondent Node (CN or CH) Home Network and Foreign Network Mobility Agent
Home Agent (HA) and Foreign Agent (FA)
Home Address (HoA) and Care-of Address (CoA)
Binding and Binding Update
![Page 12: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/12.jpg)
12
IETF Mobile-IP: Basic Concept
MN always uses its home address HoA When MN visits a foreign network,
Registration with FA Discover mobile agents and CoA
Registration with HA Binding update (HoA -> CoA)
When CN communicates with MN, it uses HoA
HA forwards packet from HoA to CoA
![Page 13: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/13.jpg)
13
Agent Discovery
Through Agent Discovery Process Agent advertisement (beaconing):
Mobile agent broadcast agent advertisement at regular intervals (“I am here”)
Agent solicitation: MN can solicit advertisement (“anyone here?”) Mobile agent respond to agent solicitation
Question: why agent solicitation?
![Page 14: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/14.jpg)
14
Functions of Agent Advertisement
Allow for the detection of mobility agents Let the MN know whether the agent is a HA, or
a FA List one or more available care-of addresses Inform the MN about special features provided
by FA Example: Alternative encapsulation techniques
Let MN determine the network number and status of their link to the Internet
![Page 15: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/15.jpg)
15
CoA
Two types of CoA: FA’s IP address MN’s temporary address
Locally-assigned address in the foreign network
E.g., DHCP address Depends on foreign network
configuration Foreign network may or may not hand
out addresses to visitors
![Page 16: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/16.jpg)
16
Implementing Agent Discovery
Protocol details Built on top of an existing standard
protocol: Router Advertisement (RFC 1256)
Simply extends the fields of existing router advertisements
![Page 17: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/17.jpg)
17
Registering CoA
HA must know a MH’s CoA (binding update) Binding: (HoA->CoA)
Binding has a lifetime (can expire) Registration process
MH sends a registration request with CoA information
HA authenticate the request HA approves or disapproves the request HA adds the necessary information to its routing
table HA sends a registration reply back to MH
![Page 18: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/18.jpg)
18
Registration Operations
![Page 19: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/19.jpg)
19
Authentication
A malicious node could cause remote redirect
Authentication and protection against replay attacks, and need for unique identification field Timestamp and Pseudorandom Number
![Page 20: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/20.jpg)
20
Automatic Home Agent Discovery
Problem: what if MH never knew its HA? Example: MH reboots and losses all
states Subnet-wise broadcast packet is sent to
the home network Subnet-wise broadcast: cell-cast
HA responds If more than one, other HAs on the home
network send rejection notice
![Page 21: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/21.jpg)
21
Forwarding to CoA
Encapsulation Sending the original packet (CH->MH) in
another packet (HA->CoA) Default encapsulation mechanism:
IP-within-IP (tunnel) Tunnel header: A new IP header inserted
by the tunnel source (home agent) Destination IP: CoA
Alternative encapsulation mechanism: Minimal encapsulation
![Page 22: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/22.jpg)
22
Tunneling Operations in Mobile IP
![Page 23: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/23.jpg)
23
The Triangle Routing Problem
MH->CH: direct; CH->MH: CH->HA->MH Inefficient
Solution: Route optimization in Mobile-IP Deliver binding updates directly to CH
![Page 24: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/24.jpg)
24
Discussion
System issues
![Page 25: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/25.jpg)
25
Home Network
Where Can We Put the Home Agent? At the router? As a separate server?
At the router What if there is multiple routers for the
home network? As a separate server
How can it pick up a packet [CHMH]?
![Page 26: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/26.jpg)
26
Foreign Network
Where is FA? (Router or Separated Server?) How Can FA deliver MH the packet [CHMH]
Normally, [CHMH] would go straight to a router (because MH is foreign)
Is There Adequate Support at A Foreign Network What if there is no FA at the network you visit? Co-located FA
What is the Minimum Requirement from the Foreign Network? Keep it as small as possible
![Page 27: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/27.jpg)
27
Security Issues
Visitors Are Threats! How to provision your LAN to support nomadic
users And to protect your LAN from nomadic users
Foreign Network Firewall Traversal Can firewall allows inbound [HAFA] tunnel? Can [MHCH] pass through an egress filter?
Bi-directional tunneling Mutual Authentication
Can you trust MH? Can you trust FA?
![Page 28: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/28.jpg)
28
Mobile Computing Model
What is the binding in IETF Mobile-IP? HoA -> CoA (one level of indirection)
Where is the binding being managed? HA In the route optimization case: CH
Scale of mobility? Internet-wide
What is a cell in Mobile-IP? Subnet
![Page 29: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/29.jpg)
29
Further Discussions
Variants of IETF Mobile-IP Implementation issues
Mobility Scope Macro-mobility: Mobile-IP Micro-mobility: Hierarchical Mobile-IP, Cellular-
IP, HAWAII, TeleMIP, EMA, … Combining network-layer mobility with link-layer
mobility Features: fast handoff, paging, etc.
Mobility in a higher layer Transport layer, session layer
![Page 30: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/30.jpg)
30
Excerpt from Zhang’00
End of excerpt
![Page 31: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/31.jpg)
31
Triangle routing from MH to SH
Needed to send messages to MH Also for sending messages from MH Mobile Host source address needs to be home
address But for security reasons, local network will not
route messages with non- local submet mask Like mail severs not forwarding messages if
reply-to address is not local So MH sends message to Home Agent with
local care of address Home Agent changes it to home address Reverse tunneling Thus triangle routing from and to MH
![Page 32: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/32.jpg)
32
Key Mobile Networking Ideas/IssuesLocation-independent ID
Home IP address, Multicast address Dynamic binding of EID to location
Foreign agent contacting home agent Joining/leaving multicast group
Binding may be stored remote and/or local to communicating party Home agent stores it remote Multicast groups stored remote and cached?
Cache refresh problem – need to determine where cached Remote Binding may be accessed at
Connection time What to do if binding changes after connection Does not work for non connection-oriented communication (UDP)
Message delivery time Mobile IP Performance problem
![Page 33: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/33.jpg)
33
DNS based SolutionLocation-independent ID
DNS name Dynamic binding of ID to location
MH gets IP address from local network (DHCP server) DNS system of (home domain) informed about it
By DHCP server or MH Binding may be stored remote and/or local to communicating
party DNS bindings replicated and cached Time to live of cache 0 to avoid cache update
Of MH, not the name server holding the mapping Search does not have to start at root
What if MH moves after address fetched from NS Try again if TCP connection fails Address is hint rather than absolute
![Page 34: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/34.jpg)
34
DNS based Solution Remote Binding accessed at
Connection time What to do if binding changes after connection
• Mobile TCP/IP
![Page 35: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/35.jpg)
35
Mobile TCP/IP
TCP connection identified by <source address, source port, source port, destination
address, dest port> Need an ID that is address independent
Connection time, token returned Now connection identified by
• <address, port, token> Moving end can send migrate message to other end
with connection ID and new address This message not acked
Next message from stationary end to new address implicitly acks migrate message
![Page 36: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/36.jpg)
36
Migrate Architecture
DNS Server
Mobile Hostfoo.bar.edu
Location Query(DNS Lookup)
Connection Initiation
Location Update(Dynamic DNS Update)
Connection Migration
xxx.xxx.xxx.xxxyyy.yyy.yyy.yyy
CorrespondentHost
From snoeren’00
![Page 37: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/37.jpg)
TCP ConnectionMigration
1. Initial SYN
2. SYN/ACK
3. ACK (with data)
4. Normal data transfer
5. Migrate SYN
6. Migrate SYN/ACK
7. ACK (with data)
From snoeren’00
![Page 38: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/38.jpg)
TCP ConnectionMigration
1. Initial SYN
2. SYN/ACK
3. ACK (with data)
4. Normal data transfer
5. Migrate SYN
6. Migrate SYN/ACK
7. ACK (with data)
From snoeren’00
![Page 39: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/39.jpg)
TCP ConnectionMigration
1. Initial SYN
2. SYN/ACK
3. ACK (with data)
4. Normal data transfer
5. Migrate SYN
6. Migrate SYN/ACK
7. ACK (with data)(Note typo in proceedings)
From snoeren’00
![Page 40: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/40.jpg)
40
Race Conditions
Both end points migrate at same time Solution assumes one fixed host
Migrating host’s old address reassigned before it has issued Migrate request
That would issue an RST message Wait for migrate request before closing
connection
![Page 41: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/41.jpg)
TCP State
MachineChanges
MIGRATE_WAIT2MSL timeout
recv
: SY
N (
mig
rate
T, R
)se
nd: S
YN
, AC
K
recv:
RST
appl:
migrate
send:
SYN (migr
ate T, R
)recv: SYN (migrate T, R)
send: SYN, ACK
• 2 new transitions between existing states
- and -• 1 new state
handles pathological race condition
From snoeren’00
![Page 42: Mobile Networking Prasun Dewan Department of Computer Science University of North Carolina dewan@unc.edu](https://reader035.vdocuments.us/reader035/viewer/2022070406/56649e0e5503460f94af8117/html5/thumbnails/42.jpg)
42
Security Issues Third part can change DNS mapping
Secure DNS needed Third party can move connection
Token prevents this Replay attack
Sequence number of request prevents this Denial of service
SYN Flooding Token validation can be expensive A simpler to validate token sent with actual token