1 / 39

Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment

Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment. JUN LI, STEPHEN B.WEINSTEIN, JUNBIAO ZHANG,NAN TU . NEC USA Inc. IEEE Wireless Communications June 2002. 報告者 : 通訊所 鍾國麟. Introduction. Aim is to meet Ubiquitous access High data rate Local services

kelvin
Download Presentation

Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Access Mobility LAN:Extending The Wireless Internet into The LAN Environment JUN LI, STEPHEN B.WEINSTEIN, JUNBIAO ZHANG,NAN TU . NEC USA Inc. IEEE Wireless Communications June 2002 報告者: 通訊所 鍾國麟

  2. Introduction • Aim is to meet • Ubiquitous access • High data rate • Local services • Need for Wireless LAN environments

  3. Introduction (cont’d) • Architectural guidelines for WLAN environments • Large-scale • IP-based • Supporting mobile/portable appliances

  4. Introduction (cont’d) • 公眾WLAN目前的問題 • End User • 網路環境提供業者(Hotel,機場,餐廳..etc) • ISPs

  5. 交200元無線上網 User

  6. 漫遊 ? QoS ? 買xxx上網易付卡

  7. User的需要: • 帳號,密碼,帳單能統一 • Mobility • Qos

  8. ISPs… 提供無線場地的業者 1.愈多人來上網愈好 2.設備維護 3.管理方便 4.拆帳 5.商業形像..etc ISP業者 1.無線環境範圍愈大愈好 2.設備維護方便 3.提供USER不同QoS 4.提供Mobility

  9. PamLAN • IP-based Public Access Mobility LAN • Supports Internet Access via WLANs • Multiple air interfaces • Multiple virtual operators(isp,電信業者) • Location dependent services • Local IP mobility • QoS (within wired network)

  10. PamLAN business model • Network operators • Hotel, airport, ... • Third-party service providers (like ISPs) • Franchises obtained from PamLAN operator • Also called: virtual operators • End users

  11. PamLAN • May have multiple LAN segments • Airports, hotels, universities, ... • Can be built on existing LANs • By adding wireless access points

  12. PamLAN vs. Cellular Systems • Even 3G mobile communication systems would not be sufficient for evolving Internet applications • 384 kb/s outdoors, 2 Mb/s indoors downstream burst rates • Intrinsic problem: providing continuous coverage in reserved spectrum • Investment/Capacity scalability???

  13. PamLAN vs. Cellular Systems • WLANs have free spectrum • Problem: Potential interfarence • i.e. IEEE 802.11b & Bluetooth • Property owners may be agreed or enforced on compatibility

  14. Promises of PamLAN • Addresses problems in current WLANs • Lack of public access • Being tied down to a single access point • Single air interface • Not a breakthrough in technological capacities • Combination of available technologies

  15. Architecture • PamLAN/VOLAN/VLAN hierarchy • PamLAN: multiple virtual operators • VOLAN: Virtual Operator LAN • Extends VLAN capabilities across subnetworks • VLAN: Virtual LAN • Implements user group feaures • Simulates a physical LAN on a multisegment LAN environment

  16. ISPs VOLAN1 VOLAN2 vlan2 PamLAN vlan1 vlan3 vlan4

  17. Architecture (cont’d)

  18. Architecture (cont’d) • Switched Ethernet LAN • Access Points • Supporting IEEE, Bluetooth, Cellular, ... • IP-based access router with proxies • Gateway routers

  19. Architecture (cont’d) • QoS is supported by Ethernet Switches • CSMA/CD + full duplex (no contention) • Integration of Cellular IP & Mobile IP for supporting mobility • MPLS (Multi-Protocol Label Switching) • Brings QoS across multiple LAN segments

  20. Large Scale PamLAN • For single VLAN QoS can be easily supported • For large scale WLANs? • Intermediate routers work at layer 3 • Layer 2 information is lost • Source & destination addresses must be used for VOLAN membership • Intermediate routers must know all IP addresses for VLAN mapping

  21. Large Scale PamLAN (cont’d) • Solution: MPLS • Simple & efficient • Access points & Internet gateways handle VOLAN provisioning • Intermediate routers are shielded from details • VLAN for grouping traffic per VOLAN • MPLS for whole PamLAN

  22. MPLS (Multi-Protocol Label Switching) • Tunnels traffic between gateways & access points • Intermediate routers only examine MPLS labels, which imposes a path • Forwarding Equivalence Class (FEC) • Formed based on VOLAN membership & QoS • FEC is inserted in MPLS label • Used for 802.1p priority within VLAN

  23. MPLS (cont’d)

  24. MPLS (cont’d) • Traffic engineered paths can be set up among access points and Internet gateways according to service contracts between PamLan & virtual operators

  25. Protocol Stack

  26. Security Issues • Mutual authentication • user和AP都需經過Virtual operators‘s RADIUS 認證 • Secure Channel Establishement • Public-key-based secure channel establishment • Authorization • Filtering at the access point

  27. Mutual Authentication • IP-based authentication • 5 Basic Steps: • MN 經由AP取得 IP (DHCP) • MN Login session • access point: relay agent to virtual operator(ISP’s RADIUS) • Challenge-responce protocol for authentication • Public key for securing channel

  28. Mutual Authentication (cont’d)

  29. MN AP/Radius client Radius(RS) UID UserID A(UID,Krc) Krc是ap和Radius serve互相知道的key A(UID,s1,E(E(s1,kmu),krc)),krc) UID,s1(亂數) Kmu是MN和RS之間的key UID,s1,E(s1,kmu),s2 A((UID,E(s1,kmu),s2,krc) A((UID,s1,E(E(s1,kmu),krc),Pkmu),krc) UID,EP((E(s2,kmu),SK,Pkmu) Pkmu是mn的public key A(M,k) MD5系統

  30. Securing Channel • After authentication • AP 有user的 profile (public key, qos 等級, 會員資料等..) • AP sends session key encrypted under the corresponding public key • IPSEC together with ESP can be used for security at IP layer depending on user requests

  31. Authorization Control • Based on user credentials, packets can be filtered at the access point • 使用者可以經由PamLAN上Internet • 使用者可以使用當地的printer或是其他服務

  32. Accounting • 3 possible charging policies • Flat-fee based • PamLAN管理員和ISP收取一定費用,則該isp user可以無限制使用 • Per-session • ISP依USER使用時間收錢.(IDLE….? ) • Usage based(計量) • Avoidance dispute by digital signature

  33. Mobility Issues • Micromobility • Roaming within PamLAN • Possible approaches • Cellular IP: refreshing router contents can be a burden for too many users • MPLS based: only end points have to update location • Old, new access points and Internet gateway need to be informed

  34. Mobility Issues • Fast handoff • 一個MN移動到了新的AP還要在做一次認證是很浪費時間的 • Move user profile from old AP to the new AP

  35. Fast handoff flow • 新AP向舊AP拿取user的profile(Public-key, Session-key,IP, policies….) • 舊AP向Radius發出訊息終止現在的session 計費. • 新的AP產生新的Session key,在將新的S-KEY和舊的S-key用user的Public-key封裝給user. • User比對Session key資料,用新的S-key和新AP傳輸資料 • 新AP上的IP filter資料由舊AP取得,同時發訊息給Radius開始計費.

  36. Experimental Implementation • 一台12port switch • 三台PC,OS:Linux • 二台PC裝了802.11b 卡當成是AP • 測試方法 • 1.確認Vlan和diffserv可以在switch上使用 • 2.結合cellular ip protocol 在這個網路上 • 3. 實作基本的AAA 功能

  37. Experimental Implementation • Mobility • Cellular IP • Linux Kernel(AP) • IP Filter • IPSEC • OpenSource • Radius client(AP)

  38. Further work • MPLS-based Mobility • QoS admission control

  39. Conclusion • Extensible • Multiple services • Multiple air interfaces • Are all appliances capable of handling PKC opreations?

More Related