1 / 56

Mobile IPv6

Mobile IPv6. Outline. Introduction to MIPv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References. Outline. Introduction to MIPv6 Overview of Mobile IPv6

isanne
Download Presentation

Mobile IPv6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mobile IPv6

  2. Outline • Introduction to MIPv6 • Overview of Mobile IPv6 • IPv6 Host Address Auto-Configuration • DAD (Duplicate Address Detection) • MIPv6 Operation –Handover • Return Routability • Conclusions • References

  3. Outline Introduction to MIPv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References

  4. MIPv6 Vs MIPv4 ˙它取消了原來在IPv4中Foreign Agent實體,而由路由器取代. ˙IPv6定位址數量遠遠多於IPv4的定址數量 ˙自動定址 (Auto-configure),自動化設定位址及預設閘道路由器,使用者方便取得IP . ˙封包傳送時利用IPv6 Destination Option同時傳送 Mobile IPv6的 訊息,簡化了Mobile IPv6的控制訊息 ˙採用路由最佳化(Route Optimization)機制,解決三角繞路的問 題 ˙採用Anycast Address方式來搜尋Home Agent

  5. Introduction to MIPv6

  6. Mobile IPv6網路系統架構 • 取消FA: • MIPv6取消了原先FA存在的必要性,將其功能融入IPv6路由器之中。 • 取消Foreign Agent CoA: • MIPv6取消了Foreign Agent CoA的設計,改為使用IPv6裡定義,類似DHCP運作的stateful Auto-configuration,以及藉由Neighbor Discovery做IP重複位置確認 (Duplicate Address Detection, DAD)的stateless Auto-configuration產生CoA。

  7. Mobile IPv6網路系統架構 • 路由最佳化: • MIPv6將路由最佳化列為必要項目,當MN位於Foreign Network時將會同時傳送位址更新訊息(BU)給HA以及CN,路由最佳化則是可以解決所有封包皆須經由HA轉送的三角路由問題。

  8. Mobile IPv6 Benefits • No Foreign Agent needed in MIPv6 Infrastructures do not need an upgrade to accept Mobile IPv6 nodes • auto-configuration simplifies mobile node Care of Address (CoA) assignment • option headers, neighbor discovery • Optimized routing – avoids triangular routing • Scales easier, but creates network management challenges • Mobile nodes work transparently even with other nodes that do not support mobility • Albeit without route optimisation

  9. Mobile IPv6 Terms • home address • home subnet prefix • home link • mobile node • Movement • L2 handover • L3 handover • correspondent node • foreign subnet prefix • foreign link • care-of address • home agent • binding

  10. Outline Introduction to ipv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References

  11. Basic Operation • A mobile node is always expected to be addressable at its home address, whether it is currently attached to its home link or is away from home.

  12. Mobility Header之前 • 在擁有Mobility Header之前(Draft第15版前),許多功能都是定義在Destination Options的Options裡: 在第15版裡 Binding Update Option: Option type=128 Binding Acknowledgment Option: Option type=7

  13. Mobility Header選項 • IPv6封包增加了Mobility Header選項 。 • 封包格式

  14. Mobility Header選項 • Payload Proto:8-bit selector,和Next Heaer相同,用以指明下一個Header。 • Header Len:8-bit unsigned integer,除了前8個byte外的Mobility Header長度。 • MH Type:8-bit selector,用來識別各種特殊的Mobility訊息,用來決定Message Data的型態。 • Reserved:8bit,留做將來用。 • Checksum:16bit unsigned integer,用“pseudo-header”的方式。 • Message Data:它的內容由MH Type來決定。

  15. Binding Update Message MH Type=5 Message Data: A:Acknowledge H:Home Registration L:Link-Local Address Compatibility K:Key Management Mobility Capability

  16. Binding Acknowledgement Message MH Type=6 Message Data: K:Key Management Mobility Capability

  17. Mobility Options • Option Type:8bit,Option的類型,同時也決定了Option Data的格式。 • Option Length:8-bit unsigned integer,除了Option Type和Option Length外的Mobility Options長度。 • Option Data:它的格式會隨著Option Type來定。

  18. Binding Updates to Correspondent Nodes • Registration

  19. Authorizing Binding Management Messages

  20. Outline Introduction to ipv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References

  21. IPv6 Host Address Auto-Configuration • Auto-configuration 目的 • 合法IP的取得 • Router位置的取得(在沒有Router的情況下也要能夠自動發現無Router存在)

  22. IPv6 Host Address Auto-Configuration • Auto-configuration 運作原理 • IPv6已內建提供stateless auto-configuration之能力(RFC-2461),這主要是利用Neighbor Discovery(以下簡稱ND)來達成的。 • ND的主要目標: • 辨認在同一link之其他主機的link-layer位置 • 尋找位於同一link上之router • 追蹤同一link上所有主機的狀態(是否仍在線上) • 收集用來進行auto-configuration之資訊。

  23. Outline Introduction to ipv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References

  24. DAD (Duplicate Address Detection) • DAD的原理 • 跟目前在IPv4上利用ARP來檢查重覆IP的方式類似 • 只是DAD發出的是Neighbor solicitation而不是ARP request。

  25. DAD (Duplicate Address Detection) DAD的觸發 當MN檢測出已發生移動,使用IPv6機制產生新的轉交位址. 取得路由器Pre-fix加上MAC產生Global Address. 為防止位址衝突執行DAD檢測驗證合法性。考慮有多個移動點同時移動點進入相同網域同時進行DAD檢測,每個移動點應該隨機延遲一段時間(0~1000ms)[2]再傳送檢測要求等待聆聽1000ms有無節點回應.因此DAD檢測在換手過程佔最長時間.

  26. Outline Introduction to ipv6 Overview of Mobile IPv6 IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References

  27. MIPv6 Operation -Handover • Network initiated Handover • The network determines the Handover • Mobile initiated Handover • The MN determines the Handover

  28. Mobile IPv6運作流程 • 當MN從Router A移動到Router B之下,會收到新網域中Router B所發出來的RA,因為此RA中所帶的Network Prefix與原來不相同,所以MN會察覺到已經到了新網域,而自動設定其COA。 • COA可以說是MN目前所在的資訊,在取得COA後,MN會送出Binding Update封包給HA,在Binding Update中會帶有CoA Option。 • 當HA收到BU時會更新其Binding Cache Entry並且會回覆給MN一個Binding Ack。 • 而此時當CN要傳送封包給MN時,會透過HA,利用Tunnel轉送封包給MN。 • 當MN收到由HA轉送來的封包後,MN知道尚有CN尚未更新其Binding Cache Entry,此時MN將對CN發送出Binding Update。 • 而CN將更新其Binding Cache Entry,並回覆Binding ACK給MN。 • 在此之後,CN和MN將不需再透過HA,可以直接溝通。

  29. IP Header IP Header PayLoad PayLoad Mobile IPv6 : Concepts[3] CN S:MN’s Home Address D:CN’s IP Home Network Internet HA Foreign Network S:CN’s IP D:MN’s Home Address Mobile Node

  30. IP Header IP Header Mobilty Header Mobilty Header PayLoad PayLoad Mobile IPv6 : Concepts S: MN’s CoA D: Home Agent’s address CN Home Network Internet Binding Update HA MH=5 Binding Ack Foreign Network S: Home Agent’s address D:MN’s CoA MH=6 Mobile Node

  31. IP Header PayLoad Tunneled packets New IP Header Old IP Header PayLoad Mobile IPv6 : Concepts CN S:CN’s IP D:MN’s Home Address Home Network Internet HA Foreign Network S::Home Agent’s address D:MN’s COA S::CN’s IP D:MN’s Home Address Mobile Node

  32. IP Header IP Header Mobilty Header Mobilty Header PayLoad PayLoad Mobile IPv6 : Concepts S: MN’s CoA D: CN’s IP CN Home Network Internet HA MH=5 Binding Ack Binding Update S: CN’s IP D: MN’s CoA MH=6 Mobile Node

  33. IP Header Routing Header PayLoad (includes MN’s Home Address) IP Header HA DestOpt PayLoad (includes MN’s Home Address) Mobile IPv6 : Concepts CN Home Network Internet HA S:CN’s IP D:MN’s COA S:MN’s COA D:CN’s IP Mobile Node

  34. Mobile IPv6 Latency □ MIPv6換手延遲時間 ˙ Layer 2延遲 MH移動到新網域必須依照802.11協定跟AP作連結,這段時間依照各家廠牌有不同延遲時間.以D-Link為例在50~70ms. ˙ 移動偵測延遲 MH進入到Overlay Area收到新路由器廣播而且發現離開原有網路稱為移動偵測.這段時間決定在路由器廣播時間間隔,MH沒收到原路由器連續兩次廣播得知已離開原網域.RFC 規定路由器廣播間隔3s,支援Mobile IP建議300ms

  35. Mobile IPv6 Latency • DAD位址偵測延遲 • IPV6環境使用DAD(Duplicate Address Detection)來偵測網域其它節點是否有使用相同位址.MN使用Neighbor Discovery 送出欲偵測IP • 等待聆聽1000ms如果沒有節點回應此訊息表示IP沒有重覆,MN便會將該IP指定給網卡介面.DAD偵測平均花費1787ms[1]. • 註冊延遲 • MN對Home Agent和CH註冊更新.MH送出Binding Update更新Home agent和CH Binding cache.此時MN在新網域才能接收到CN封包

  36. Mobile IPv6 Latency □ MIPv6 Handoff Time D= Dl2 + D movement detection + Ddad +Dreg

  37. Outline • Introduction to ipv6 • Overview of Mobile IPv6 • IPv6 Host Address Auto-Configuration • DAD (Duplicate Address Detection) • MIPv6 Operation –Handover • Return Routability • Conclusions • References

  38. 路由返回程序 (Return Routability) • RR是在MN發BU之前作的 • 為了防止有人假冒行動節點發送連結更新給對應節點,所以在這邊做簡單但是有效的的確認程序

  39. IP Header IP Header Mobilty Header Mobilty Header PayLoad PayLoad Care-of Test Init Home Test Init Return Routability:Step1 [3] • MN requests tokens by sending: • Home Test Init(HoTI) Message • Care-of Test Init(CoTI) Message CN Home Network Internet MH=1 Parameters: +home init cookie HA MH=2 Parameters: +Care-of Init Cookie Mobile Node

  40. Return Routability:Step1 • MN會發送本地測試初始(Home Test Init,HoTI)訊息和轉交測試初始(Coa-of Test Init,CoTI)訊息到對應節點 • 兩個封包都有夾帶著cookie 資料。 • 讓兩個封包走不同的路徑 • 是為了不讓有惡意的攻擊者同時攔截到兩個封包。

  41. IP Header IP Header Mobilty Header Mobilty Header PayLoad PayLoad Home Test Care-of Test Return Routability:Step2 • CN sends tokens to MN by sending: • Home Test (HoT) Message • Care-of Test (CoT) Message CN Home Network Internet MH=4 Parameters: +Care-of Init Cookie +Care-of Keygen Token +Care-of Nonce Index HA MH=3 Parameters: +Home Init Cookie +Home Keygen Token +Home Nonce Index Mobile Node

  42. Return Routability:Step3 • 當成功產生連結管理金鑰(Kbm)後,返回路由能力流程即完成。 • 而其後行動節點所發送的連結更新訊息都要夾帶一個連結驗證資料給對應節點驗證,驗證資料的計算方式如下: • 如此對應節點就可藉由驗證此資料是否正確,用來避免收到偽造的行動節點發送出假的連結更新訊息。

  43. IP Header Mobilty Header PayLoad Return Routability:Step3 • MN and CN generate the shared key from the tokens • MN signs a BU message with the key, CN verifies • the BU message with the key CN Home Network Internet HA MH=5 Shared Key(Kbm) = SHA1(home keygen token | care-of keygen token) Binding Update protected by the shared key Mobile Node

  44. Return Routability--Home Test Init(HoTI) MH Type=1 Message Data:

  45. Return Routability-Care-of Test Init(CoTI) MH Type=2 Message Data:

  46. Return Routability-Home Test(HoT) MH Type=3 Message Data: home keygen token := First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))

  47. Return Routability-Care-of Test(CoT) MH Type=4 Message Data: care-of keygen token := First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))

  48. Return Routability Procedure CN Im ; Init messgae HoT Tm ; Test message HoTI Tbu ; Binding Update HA CoTI Binding Update CoT MN

  49. Return Routability Procedure (cont’d) Correspondent node Mobile node Home agent Home Test Init(HoTI) Care-of Test Init(CoTI) Home Test(HoT) Care-of Test(CoT)

  50. Home Test Init&Care-of Test Init Home Test Init *Source Address = home address * Destination Address = correspondent * Parameters: + home init cookie • Care-of Test Init • *Source Address = care-of address • * Destination Address = correspondent • * Parameters: • + care-of init cookie

More Related