190 likes | 293 Views
CMSC 628 - Presentation. An End-to-End Approach to Host Mobility Alex C. Snoeren and Hari Balakrishnan. Overview. Introduction Mobile IP Other IP layer approaches to mobility Transport layer approaches Proposed architecture Issues Conclusions. Introduction.
E N D
CMSC 628 - Presentation An End-to-End Approach to Host Mobility Alex C. Snoeren and Hari Balakrishnan
Overview • Introduction • Mobile IP • Other IP layer approaches to mobility • Transport layer approaches • Proposed architecture • Issues • Conclusions
Introduction • Routing issue with legacy TCP/IP stack • Host location and hand-off support • End-End Vs other approaches • Keeping mobility transparent from the transport layer
Mobile IP • Essentially, mobility handled by ‘third party’ • Triangle routing and tunneling • Pure routing solution • Only IP substrate changed
Other network layer approaches • For the most part, enhancements of Mobile IP • Cache care-of address of mobile host • IPv6 mobility support
Transport layer approaches • Migration NOT transparent to TCP • Proxy approaches: transparent to sender • Current approach
The End-to-End architecture • Addressing • Host location • TCP connection migration • Security
Host Location • In case of fixed servers, no special service required • In case of mobile servers, use dynamic DNS updates • Set TTL of DNS cache entries to zero • Problems with fast mobility
TCP connection migration • Use secure tokens to identify TCP connections • Token negotiated during handshake • Migrate-permitted option to negotiate token • Migrate option to migrate a connection
TCP connection migration • Migrate Permitted option
TCP connection migration • SYN from client contains client’s public key • Likewise for SYN from the server • Shared secret key computed from the above • Token computed as a hash of the shared key and initial sequence numbers
TCP connection migration • Migrate option
TCP connection migration • Migrate option used in the SYN after migration • ReqNo used to order migrate requests • Token identifies the connection • Request is an authentication mechanism • Essentially, hash of the initial sequence numbers, shared key, request number, and the migrate SYN segment
TCP connection migration • At the other end, compare token • Check if ReqNo is one greater than prev • Compute request hash and compare • Update destination address and port • The Migrate-Wait state
Security • Denial of Service • Connection Hijacking • Key security
Limitations • Slow start begins after migration • Both hosts cannot move simultaneously • Address caching
Conclusions • End-to-End architecture • Transport layer aware of mobility • Hosts have choice over approach used, hence more flexible • Pretty secure • Some limitations