390 likes | 726 Views
Lecture 11: Introduction to Mobile IP. We will discuss : The basic framework in mobile IP The concepts of foreign network, home network and correspondent nodes Mobility binding and security issues Changes in IPv6 and future of mobile IP
E N D
Lecture 11: Introduction to Mobile IP We will discuss : • The basic framework in mobile IP • The concepts of foreign network, home network and correspondent nodes • Mobility binding and security issues • Changes in IPv6 and future of mobile IP This lecture is based on a tutorial on Mobile IP by, Charles E. Perkins Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Why do we need Mobile IP? • At present, any access to the internet has an inherent restriction of point of attachment. • We go to office, university or workplace and access the internet from a fixed IP address. This IP address may be for a desktop or laptop computer. • If we take our computer to a different place, outside our usual network, we have to reconfigure it with a new IP address. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Why do we need Mobile IP? • It will be very nice if mobility does not affect internet sessions. • For example, we should be able to take a laptop computer from our workplace to home without noticing any change in the internet connectivity. • In general, users should be able to move around seamlessly. Mobility of the computer should be completely transparent to the applications running on the computer. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Why do we need mobile IP? • For example, the user should continue to receive emails and keep connected to the internet. • Mobile IP makes mobility completely transparent to applications running on a mobile computer. • The applications feel that the mobile computer is connected to its usual IP address even if it is far away from its home network. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Comparison with telephones • A good comparison can be made with mobile telephone networks. • A user can move around and continue using a mobile phone without noticing any change in connectivity. • A fixed IP address is similar to a fixed home telephone connection. You can only communicate if you are at home. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Comparison with telephones • On the other hand mobile phones have given users complete freedom of communication. Users can communicate anytime and anywhere. • Users need not worry about their location and movement and connections are made in a completely transparent fashion. • However access to internet is not as transparent when users are mobile. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Difference between internet access and telephone • However, there is a clear difference between internet access and mobile telephones. • Users typically run applications that require resources from their home network. An example is emails. Users receive emails at their email address even though they are moving. • Hence there is a need to maintain connections with the user’s home network. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
The problem with Internet Protocol (IP) • IP routes packets to their destinations according to IP addresses. • An IP address is associated with a fixed network location. • When a user moves, each new point of attachment has a new IP address. Hence it is very difficult to keep mobility transparent. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
How IP works • Routing tables are used for routing packets. • The routing tables maintain the next hop information for each destination IP address. • A packet is forwarded from the incoming network interface to the outgoing interface according to the next hop information. • Hence, an IP address contains the information about the point of attachment of a computer. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
How TCP works • Most internet connections use TCP. A good example is email clients. • A TCP connection is uniquely identified by four components : <IP_source, port_source,IP_dest, port_dest> • If we change any one of these four components, the connection will be broken. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
How TCP works • If a packet has to be delivered to a mobile node’s current point of attachment, we need to change the destination IP address and port number. • It is impossible to do so once a connection has been established. • Mobile IP allows a mobile node to use twodifferent IP addresses. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Home address and Care-of address • The home address is static and effectively identifies the user to the internet. TCP connections are established using the home address. • The mobile node gets a new care-of address every time it connects to a new point ofattachment. • The home address is associated with the homenetwork and the care-of address is associated with a foreign network. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Foreign Network and Foreign Agent • When a mobile node moves, it first connects to a foreign agent in a foreign network. • Next, the mobile node is assigned a care-ofaddress (an IP address) by the foreign network. • The node now registers its care-of address with the home agent. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Home Network and Home Agent • The home network contains a network node called Home Agent. The home address of the mobile node is the IP address of the home agent. • The home agent is responsible for receiving all the packets sent to the mobile node when the mobile node is away. • It is the responsibility of the home agent to deliver the packets to the mobile node at its current point of attachment. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Correspondent Node • A correspondent node is a computer that sends packets to the mobile node. A correspondent node is typically connected to its own home network. • A correspondent node is aware of only the IP address of the mobile node in the home network of the mobile node. • Any packet from the correspondent node is delivered to the home agent. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
A Schematic Diagram of Mobile IP Mobile node Foreign agent Correspondent Node Home agent Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
The Basic Mechanisms in Mobile IP • The correct functioning of mobile IP depends upon the coordination of three differentactivities • Discovering the care-of address of a mobile node. • Registering the care-of address with the home agent. • Tunneling of packets from the home agent to the care-of address. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Discovering the care-of Address • In mobile IP, both a foreign agent and a home agent periodically broadcast agent advertisement messages. • The role of foreign and home agents have been kept similar for two reasons : • A home agent for one mobile node may act as a foreign agent for another mobile node. • A mobile node can decide whether it is in the home network or in a foreign network. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Agent Advertisements Hence, an agent advertisement has the functions : • It allows mobile nodes to discover foreign agents and get care-of addresses. • It allows the mobile node to know the services provided by the foreign agent. • It allows the mobile node to determine whether an agent is its home agent or a foreign agent. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Solicitation from a Mobile Node • A mobile node can generate agent solicitationmessages when it is looking for a foreign agent. • It may happen that a foreign agent has offered service, but the mobile node can no longer receive advertisements from the foreign agent. • The mobile node assumes that the foreign agent is out of range. It may contact other foreign agents whose advertisements it has received, or it may send solicitation messages. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Registering the Care-of Address • When a mobile node receives a care-of address from a foreign agent, its home agent needs to be informed. Image from the tutorial by Charles Perkins Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Registering the Care-of Address • The mobile node sends a registration request to its home agent through the foreign agent who has provided the new care-of address. • When the home agent receives the request, it updates its routing table and sends a registration reply back to the foreign agent. • The mobile node starts receiving packets from its home agent once the home agent has accepted its registration request. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Binding for a Mobile Node • The home agent associates the care-of address of the mobile node with its home address. • Any packet coming to the home agent will be tunneled to the mobile node in future. • The home agent also associates a registration lifetime for the mobile agent. • The three entities : home address, care-of address and registration lifetime is called a binding for the mobile node. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Authentication of a Registration Request • It is extremely important to authenticate a registration request. Otherwise, a malicious node may send fake registration requests. • Each mobile node and home agent must create digital signatures that cannot be forged. • This is done by using a one-way hash algorithm over all the data in the registration request. • However, there is still a possibility of a replay attack. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Prevention of Replay Attack • A malicious node may replay a valid registration request later. • It may be possible that the mobile node has now a new foreign agent and the home agent has no way to distinguish between a valid registration request and the replay of an old registration request. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Prevention of Replay Attack • Each new registration request must contain unique data so that two separate registrations will not have the same hash. • Each registration message has a special identification field that changes with each new registration message. • One possibility is to use a time stamp for identification as the time from the mobile node changes with each registration message. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Prevention of Replay Attack • However, there is a problem with using time stamps. The mobile node and the home agent may differ in their clocks more and more. • A better strategy is to use a random number for identification every time a new registration request is sent. • The chance that two 32-bit random numbers will be the same is very low. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Delivery of Packets to the Mobile Node • When the home agent receives a packet for the mobile node, it delivers the packet to the care-of address of the mobile node. • The home agent applies a transformation on the packet so that the care-of address becomes the destination address. • A reverse transformation is applied when the packet arrives at the care-of address. It appears as if the mobile node’s home address is the destination address. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Tunneling and IP-within-IP Image from the tutorial by Charles Perkins Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Tunneling and IP within IP • The transfer of the packet from the home agent to the care-of address is called tunneling. • The home agent is the source of the tunnel. The home agent inserts a new tunnel header in front of the IP header of a packet addressed to the mobile agent and received by the home agent. • The tunnel header is the care-of IP address of the mobile node. The old header is preserved as it was in the original packet. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Tunneling and IP within IP • The foreign agent is the receiver of the tunnel. • When the foreign agent receives the tunneled packet, it has to delete the tunnel header to recover the original packet. • The foreign agent delivers the packet to the mobile node after removing the tunnel header. • Hence, for the mobile node, the packet looks like a normal packet exactly similar to a packet that it receives when it is connected to the home network. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Communication with Correspondent Nodes Mobile node Foreign agent Correspondent Node Home agent Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Communication with Correspondent Nodes • The communication between the mobile node and a correspondent node is asymmetrical. • Once the mobile node knows the IP address of the correspondent node, it can send packets directly to the correspondent node. • However, the correspondent node cannot send packets directly to the care-of address of the mobile node. • The correspondent node has to send packets to the home agent. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Changes in Mobile IPv6 • IPv6 has many features for mobility that are not present in IPv4. • Most importantly, there is no need of a foreign agent for supporting mobility in IPv6. • A mobile node will be able to configure its own care-of address through stateless address autoconfiguration and neighbour discovery. • This will reduce latency and increase security in Mobile IPv6. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Changes in Mobile IPv6 • The tunneling mechanism for delivering packets from the home agent to the mobile node will remain similar. In particular, the details of IPv6-within-IPv6 has been already worked out. • However, one of the main changes in IPv6 will be route optimization. • When a correspondent node knows the current care-of address of a mobile node, it can send packets to the mobile node directly. Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Communication with Correspondent Nodes in IPv6 Mobile node Correspondent Node Home agent Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
End of the course I hope you enjoyed the course. Thank You Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)