540 likes | 782 Views
Internet Mobility. Presented by: Nitin Bahadur. References. Mary Baker, Xinhua Zhao, Stuart Cheshire, Jonathan Stone, Supporting mobility in Mosquitonet, Proceedings of USENIX, Technical Conference, 1996. Stuart Cheshire and Mary Baker, Internet Mobility 4x4 , SIGCOMM ‘96.
E N D
Internet Mobility Presented by: Nitin Bahadur Distributed Systems
References • Mary Baker, Xinhua Zhao, Stuart Cheshire, Jonathan Stone, Supporting mobility in Mosquitonet, Proceedings of USENIX, Technical Conference, 1996. • Stuart Cheshire and Mary Baker, Internet Mobility 4x4, SIGCOMM ‘96. • Kevin Lai, Mema R., Diane Tang, Xinhua Zhao, Mary Baker, Experiences with a Mobile Testbed, Proceedings of WWCA ‘98. Distributed Systems
References • C. Perkins, IP Mobility Support for IPv4, Internet Draft, draft-ietf-mobileip-rfc2002-bis-01.txt, Jan 2000. • C. Perkins, Route optimization in Mobile IP, Internet Draft, deaft-ietf-mobileip-opim-09.txt, Feb 2000. • David Maltz, Pravin Bhagwat, MSOCKS: An Architecture for transport layer mobility, IEEE INFOCOM ‘98. Distributed Systems
Outline • Motivation and Challenges • Some proposed solutions • IP Mobility • Routing Optimizations • Security Issues • Recent Extensions • Conclusions Distributed Systems
Motivation • Ubiquitous connectivity, continuous connectivity. • Ability to maintain current conversations/connections during movement. • Move from one kind of network to another. • Move to networks that do NOT provide support for mobility. Distributed Systems
Challenges • Movement causes change in IP address • Problems with TCP connections • Maintaining transparency • Efficient routing to new location of mobile host • Security issues Distributed Systems
Some Solutions • Use Host specific routes - possible with IPv6. • Link Layer solutions • Limited to a single medium • A new solution for every medium • Compatibility issues with other mediums • Use extended DNS to register COA with DNS • Information propagation time • Global change in DNS Distributed Systems
Internet HA CH MH FA Basic Terminology • Mobile Host (MH) • Correspondent Host (CH) • Home Agent (HA) • Foreign Agent (FA) • Care of Address (COA) Distributed Systems
TCP - I Internet HA CH TCP - II Split TCP • Two TCP connections, CH<=>HA<=>MH • Transport Layer mechanism Distributed Systems
Split TCP Drawbacks • Two TCP connections instead of one • Changed end points • HA acks. packets to CH even before MH has • received them. • Home agent is responsible for final packet delivery • Multiple traversal through the TCP protocol stack • HA needs to maintain a TCP connection for every TCP • connection of all its mobile hosts Distributed Systems
Internet TCP - I HA CH TCP - II TCP Splicing • Two TCP connections, CH<=>HA<=>MH • Transport Layer mechanism • Acks are sent on TCP-I to CH only when MH sends them on TCP-II Distributed Systems
TCP Splicing + The scheme works like 1 TCP connection + Location transparency is maintained - Multiple traversal through the TCP protocol stack - HA still needs to maintain a TCP connection for every TCP connection of all its mobile hosts Distributed Systems
Mobility using Foreign Agent • MH obtains COA from FA • FA discovery using Agent Advertisement or Agent Solicitation messages • MH host registers COA with HA through FA • HA intercepts packets for MH • HA encapsulates and sends packets to FA • FA decapsulates packets and sends it to MH • Everything done at IP level……no TCP • Same mechanism in the reverse direction • This is called Bidirectional tunneling Distributed Systems
Internet HA CH FA Mobility using Foreign Agent Distributed Systems
Source = CH Source = CH Source = HA Destn = MH Destn = MH Destn = COA Source = CH DATA DATA DATA Destn = MH Encapsulation: IP in IP • Encapsulation maintains consistency in Source and Destination address fields. • Allows MH to receive packets as it moves from network to network. HA FA Distributed Systems
Encapsulation Issues • IP encapsulation and automatic decapsulation is dangerous • How can one verify if the inner packet has a source address if claims to be ! • Encapsulation can cause packet fragmentation • TCP breaks data in chunks of 1460 bytes and gives it to IP • Encapsulation will automatically lead to packet fragmentation in such cases. So extra overhead. Distributed Systems
Internet HA CH Mobility without Foreign Agent • MH obtains a COA using DHCP • MH registers COA with HA directly • MH performs encapsulation and decapsulation Distributed Systems
Implementation in MosquitoNet Altered the route lookup function ip_rt_route Mobile Policy Table helps in combination with ip_rt_route is used for making routing decisions Distributed Systems
Home Agent Functionality • Maintaining information about MH’s current location • Acting as an ARP proxy for MH • ARP…. to get link-layer address for an IP address • Proxy ARP…..done to answer a new ARP request on behalf on MH • Gratuitous ARP….done to update ARP information of MH in all nodes • Forwarding packets to CH and MH Distributed Systems
Movement of MH away from home network • Detection by MH • received a different agent advertisement message • stopped receiving agent advertisement messages • Disable ARP • Register with FA or HA • HA performs Gratuitous ARP on behalf of MH Distributed Systems
Movement of MH to home network • Re-enable ARP • De-register itself with HA • HA performs Gratuitous ARP on behalf of MH Distributed Systems
Advantages of using Foreign Agent • No need for a temporary COA for every MH • If MH leaves foreign network, then Inflight packets can de directed by FA to new location of MH • Less packet loss • Less complexity in MH Distributed Systems
Advantages of NOT using Foreign Agent • MH can visit networks without a foreign agent • FA is not a bottleneck or single point of failure • No need for a FA on each network Distributed Systems
CH MH Internet HA CH HA MH COA CH CH MH Triangular Routing • Proposed by Mobile IP working group • CH sends packets to HA which forwards it to MH • MH sends directly packets to CH Distributed Systems
Problems with Routing Techniques • Bidirectional tunneling and Triangular routing • Inefficient, increase in RTT, increase in path length • HA is a bottleneck and a single point of failure • Source address filtering problem with triangular routing Distributed Systems
Source Address Filtering Problem • Foreign network might not allow transit traffic Source = MH != foreign network Destination = CH != foreign network => TRANSIT TRAFFIC => DROP IT ! Distributed Systems
Source Address Filtering Problem • Filtering at CH network Source = MH = CH network But packet has come from a different network …..hmmm….drop it ! Distributed Systems
Routing Optimizations - I • Similar to triangular routing • MH encapsulates packet to avoid source-address filtering problem • Better than triangular routing and bidirectional tunneling ! Distributed Systems
CH MH COA Internet CH MH MH HA CH CH HA COA CH MH Routing Optimizations - I CH Distributed Systems
Drawbacks • CH needs to have decapsulation capability • Indirect delivery for CH • Will fail if CH border router does not admit packets from current (foreign) network of MH Routing Optimizations - I Advantages • Direct delivery to CH • Valid source address, so no source address problem • Location transparency is maintained • Will work in all situations Distributed Systems
Routing Optimizations - II • Direct delivery mechanism • Both MH and CH encapsulate packets and send directly to each other Distributed Systems
Internet CH CH CH COA HA MH MH CH MH Routing Optimizations - II CH Distributed Systems
COA Internet CH MH MH MH HA CH CH CH Routing Optimizations - II CH Distributed Systems
Drawbacks • CH needs to have en (de)capsulation capability • CH needs to be aware of current location of MH • Will fail if CH border router does not admit packets from current (foreign) network of MH • Validity of encapsulated packet ? Routing Optimizations - II Advantages • Direct delivery between CH and MH • Valid source address, so no source address problem Distributed Systems
Routing Optimizations - III • Direct delivery mechanism • Both MH and CH DO NOT encapsulate packets and send directly to each other using MH and not COA Distributed Systems
Internet CH MH HA CH Routing Optimizations - III Distributed Systems
Internet MH HA CH CH Routing Optimizations - III Distributed Systems
Drawbacks • CH needs to be aware of current location of MH • Invalid source address - security • Location transparency ? Routing Optimizations - III Applicability When MH and CH are on same link layer segment • Direct delivery between CH and MH Advantages Distributed Systems
Routing Optimizations - IV • Direct delivery mechanism • Both MH and CH DO NOT encapsulate packets and send directly to each other using COA and not MH Distributed Systems
Internet CH COA HA CH Routing Optimizations - IV Distributed Systems
Internet HA CH Routing Optimizations - IV COA CH Distributed Systems
Routing Optimizations - IV Advantages • Direct delivery between CH and MH • No encapsulation overhead Drawbacks • CH needs to be aware of current location of MH • No Location transparency • Packets will be lost if MH changes location Distributed Systems
Routing Optimizations - IV Applicability Short lived connections such as HTTP browsing Situations where location transparency is not an issue Distributed Systems
Making CH intelligent • Introducing mobile awareness in CH • Why - for efficient routing • How ? • Binding Warning messages are sent by MH to HA so that HA sends binding update message to CH • Binding update messages are sent by HA to CH whenever HA receives a tunneled packet • MH can also directly send binding update messages to CH MH can specify to HA which CH should be informed of its current location Distributed Systems
Gains using optimizations Distributed Systems
Practical implementation of optimizations • Optimizations must not cause break in connection or packet loss • Start with the most pessimistic routing method • do • Send ICMP echo messages in background using a better method • If that succeeds switch to the better method • while (no more methods) Distributed Systems
Security Issues • For registrations and communication between HA and MH an authenticator is used • Authenticator is optional for communications among HA - {CH, FA} and MH - {CH,FA} • Authenticator default algorithm is 128-bit keyed MD5 • Since key distribution may be a problem, messages with FA and CH may not be authenticated • Replay protection done using timestamps and/or nonces Distributed Systems
Mobile Policy Table Performance Distributed Systems
Mobile Policy Table and Flexibility • Supports multiple packet delivery methods simultaneously • Adaptively selects the most appropriate method according to characteristics of each traffic flow • Makes use of multiple network interfaces simultaneously • Controls interface selection of both outgoing and incoming packets for different packet flows • MH can register with HA flow specification and corresponding interface binding for that flow Distributed Systems
Why support multiple pkt delivery methods MH pays for extra cost of mobility support only when actually required Distributed Systems