360 likes | 468 Views
INFOCOM 2008. Wide-Area IP Network Mobility. Xin Hu 1 , Li (Erran) Li 2 , Z. Morley Mao 1 and Yang Richard Yang 3 1 Bell Labs, Alcatel-Lucent, Murray Hill, NJ 2 University of Michigan, Ann Arbor, MI 3 Yale University, New Haven, CT. Outline. Introduction Related Work Overview
E N D
INFOCOM 2008 Wide-Area IP Network Mobility Xin Hu1, Li (Erran) Li2, Z. Morley Mao1 and Yang Richard Yang3 1Bell Labs, Alcatel-Lucent, Murray Hill, NJ 2University of Michigan, Ann Arbor, MI 3Yale University, New Haven, CT
Outline • Introduction • Related Work • Overview • Basic Scheme: Inter-domain Mobility • Intra-domain Mobility • WINMO Properties • Implementation Issues • Evaluations • Conclusions and Future Work
Introduction • Since using mobile networksprovided by the transportation systemspresents minimal safety hazard and can significantly increase productivity, their popularity can only increase. • People expect that their Internet data sessions continue seamlessly while they are in transit • just as that a cellular phone conversation continues uninterrupted.
Introduction (cont.) • to support network mobility • directly use or extend the mobile IP protocol • mobile IP depends on public home agents, • but many users may NOT have static home addresses or home agents deployed at home. • triangular routing • Connexion [2] by Boeing • a commercial service to use BGP • removes inefficient routing • leads to positive user experiences • a large number of BGP updates • handles only when moves across ASes (autonomous systems) [2] A. Dul, Global IP Network Mobility using Border Gateway Protocol, Mar. 2006. [Online]
Introduction (cont.) • WINMO • an efficient protocol to support wide-area Internet network mobility • Both across ASes and within an AS • extensive evaluations are conducted to demonstrate the effectiveness
Related Work • The previous work on mobility spans all layers but focus on host mobility • Most of them depend on link layer handoffs to trigger mobility support, • but such handoffs may not be seen by all nodes • It is possible to apply some of them to each host • leads to significant inefficiency • requires individual infrastructure support for each host.
Related Work (cont.) • IETF NEMO • a first step to ensure uninterrupted connectivity to the mobile network nodes • does not address important issues such as route optimization and handoff. • For route optimization • [16]: performance evaluation of NEMO • Connexion [2] by Boeing • SIP-NEMO [17] • MIRON [18], ROTIO[19] • based on the NEMO basic protocol and do not handle inter-domain mobility • For handoff • outage prediction [20], enhanced HMIPv6 [21]
Overview - Design decisions • Global Network Architecture • roams most of the time within a single AS. • may switch to connect to another AS • Infrastructure Support • Require BSs and routers in an mobile ISP (MISP) • The service providers of the MISP may also contribute limited support • Addressing Scheme for Mobile Networks • a fixed network prefix • mobile host obtains a IP address (home address) from the prefix, for the duration in the mobile network.
End-host Support • Be transparent to mobile hosts (MH) • [option] OS support on correspondent host (CH) • Security Association • no security association between an MH and its CH • such associations would simplify network design (?), but establishing them • faces substantial security challenges or • requires fundamental change to the Internet architecture • Each MISP has at least one AAA server, • which has a security association with mobile network, BS and router • distributes a group key to the routers.
Overview - Performance Requirements • For network infrastructure • minimal routing overhead as a mobile network moves • The impact of DoS from outside the mobile network should be reduced • For end host • Minimal path inflation • Location privacy (from CH) • Tradeoff: • Avoiding path inflation vs. crippling the control plane vs. route optimizationvs. scalability
Each mobile network has a fixed network prefix allocated from the address space of its home mobility service provider
Outline • Introduction • Related Work • Overview • Basic Scheme: Inter-domain Mobility • Intra-domain Mobility • WINMO Properties • Implementation Issues • Evaluations • Conclusions and Future Work
Basic Scheme: Inter-domain Mobility • To correctly deliver traffic to its new location, BGP requires that • the new provider announce the newly arrived IP prefix • the previous provider withdraw the prefix. • Standard BGP • increase BGP routing table size • possibly resulting in global routing instability • a large number of updates when mobile networks move around • some routers could temporarily lose their routes to the prefix
For both global stability and application performance, we need to limit the propagation of BGP updates • without causing incorrect forwarding decisions at routers that do not receive those updates. • Techniques proposed • Mobile prefix • Aggregation routers • Mobility community • Scoped BGP updates • Tunnel mapping
Mobile Prefix • Each tier-1 (large) ISP designates a set of prefixes as its mobile prefixes: root mobile prefix • There should be a small number of root mobile prefixes • sub-prefixes are allocated from root mobile prefix to its customers • may be further divided • Can be simply configured to routers similar to the bogon list.
Aggregation Routers and Mobility Community • a tier-1 ISP configures that a subset of its routers (aggregation router, AR)advertise its root mobile prefix and know how to reach each sub-prefix. • To reduce the number of routers keeping explicit routing state for mobile networks, • ARs can partition the address space • approximate geographic distribution of the home location of mobile networks to minimize suboptimal routing. • send (standard) BGP UPDATE message to non-ARs • for mobile prefix with the next hop set to its own address • ARs of a tier-1 ISP form a connected topology • To reduce excessive path inflation, we require that each POP (point of presence) of a tier-1 ISP have an aggregation router
mobility community • a new BGP community attribute • To limit the propagation of BGP update messages only among ARs • controls the propagation of BGP UPDATE and WITHDRAWAL messages, • and the creation of tunnel mapping.
Scoped Inter-domain BGP Updates and Tunnel Mapping • BGP UPDATE • When a mobile network with prefix p switches to a new AS, the new BS will inject a BGP announcement on p with a mobility community attribute. • may propagate up along the AS hierarchy and reach a tier-1 ISP • When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP • may arrive at an provider AS with a previous route to p. • the AS is a common provider to both the previous and current AS which the mobile network attaches to. • the AS suppresses it • a change of BS does not trigger updates among any tier-1 ISPs.
BGP WITHDRAWAL • When a mobile network leaves an AS, the designated border router(?) will announce a BGP WITHDRAWAL message for p with the mobility community attribute • may propagate up along the AS hierarchy and reach a tier-1 ISP • When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP • stop at the common provider which has a new route
Tunnel Mapping • When a tier-1 ISP’s border router (Provider Edge, PE) receives a BGP UPDATE message for a p from its customer border router (Customer Edge, CE) • the PE propagates the BGP UPDATE to other ARs in ISPs with the CE’s IP address • Each AR create a tunnel using CE’s IP address as the tunnel endpoint • non-ARs have only a default route to its closest AR • all other non-tier-1 ISPs need not maintain detailed routes to the mobile prefixes • set up default routes (for the mobile prefixes) to its provider
Outline • Introduction • Related Work • Overview • Basic Scheme: Inter-domain Mobility • Intra-domain Mobility • WINMO Properties • Implementation Issues • Evaluations • Conclusions and Future Work
Infrastructure Support • To prevent iBGP (internal BGP) routing changes due to roaming within an AS, only a designated BGP speaking router (DBR) act as the origin p and announces p • a mobile network always update this router of its care-of-address. • how? by the MR or the BS? • Three additional flagsfor routing table entry in every routers • insideAS()whether a prefix is originating within an AS • origin() whether a given router originated a prefix (knows where to tunnel the packet) • mobilePrefix() whether a destination prefix is a mobile network
Packet Mobility State (MOS) • Three purposes: • Removal of triangular routing, • guarantee of location privacy, and also • prevention of DoS • The CH always uses the home address(assigned in the mobile network)of the MH for data packets.
Packet Mobility State (MOS) (cont.) • when a mobile network switches to a new BS, it (the MR) needs to authenticate itself • before a care-of-address can be allocated to it. • the mobile network needs to be sure that it is not attaching to a bogus BS • after a successful authentication, the AAA server returns to the BS an encrypted token t = Kmrg(HoP, COA) • the mobile network’s home network prefix (HoP) and care-of-address (COA) • The mobility router group includes all BGP (iBGP and eBGP included) speaking routers and some additional internal routers for performance improvement (and AAA server). • On the data path, t will be stamped by the BS into the IP packets originated from the mobile network. • stamped by BS Vs. by the MH => 1:2 • A CH (with updated OS) bounce the opaque token back to the MH. • authenticate the BS? 因為”bogus BS”不會收到AAA server來的t ?
Packet Mobility State (MOS) (cont.) //is a router in mobility router group //BS de-tunnel // to the DBR // the CH initiate connection or legacy OS on the CH // to the DBR // for DDoS
WINMO Properties • Global Reachability • Routing Optimality • Non-AR tunnels packet to AR • Routers not understanding MOS forward the packet to DBR
Security and Privacy • Assume that the border gateway routers and AAA servers are secure. • the BSs are more likely to be compromised • Defense against connection hijacking • an ongoing connection • A forgedt will not pass verification and will be dropped • Replayingt by a attacker will induce traffic from the CH to the MH. • not reach the attacker. (Replay t with old COAthe Kmrg is refreshed pereodically) • in contrast to the mobile IP solution, the attacker can hijack the connection • if an attacker is on the path between CH and the HA of the MH. (the compromised BS?)
Resilience to DDoS attack • For a packet destined to mobile networks, if it does not carry MOS, it will be demoted to a low priority queue. • Only attackers on the path between a legitimate CH and the mobile network can spoof the packet state. • Preservation of location privacy
Outline • Introduction • Related Work • Overview • Basic Scheme: Inter-domain Mobility • Intra-domain Mobility • WINMO Properties • Implementation Issues • Evaluations • Conclusions and Future Work
Evaluations - Effectiveness of Inter-domain Support • Simulate the mobility and routing changes using real Internet topology data. • treat each AS as one node, with a single prefix • each AS selects and exports routes using the standard policy based on AS business relationships • E.g. customer routes have the highest priority while provider routes have the lowest. • Each round randomly pick one AS as the attachment point. • For each mobility solution, compute the average path length between the attachment AS and all other ASes • the optimal path is calculated based on algorithm in [29] [29] X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, K. Claffy, and G. Riley, “AS Relationships: Inference and Validation,” ACM Computer Communication Review, vol. 37, no. 1, 2007.
The route selection of BGP takes into account various policies and preference (e.g., customer route is preferred over provider route). • sometimes results in suboptimal paths that traverse through an AS’s customers. • In WINMO, the provider route is selected with a shorter AS hop count • Default route for mobile prefix to provider normalized inflation
The disruption time is defined as the time duration when a router doesn’t have a route to reach the mobile prefix.
Evaluations - Effectiveness of Intra-domain Support • evaluate the intra-domain approach using the POP-level topologies of five large ISPs. • the intra-domain protocol is OSPF and • The shortest path is used to route packets
Conclusion and Future Work • WINMO, a simple, systematic, novel solution for wide-area IP network mobility. • achieve low stretch global Internet routing for mobile networks roaming across wide areas with minimal inter-domain routing overhead. • scoped BGP updates, route aggregation, tunneling, mobility packet state • evaluation shows that, • the average path length of WINMO is only 11% more when compared with Connexion; • the BGP update overhead of WINMO is orders of magnitude smaller than Connexion. • Specific deployments may need to make different tradeoffs according to user and network requirements. • We believe that our design is flexible and adaptable to many settings, and we will evaluate our design in more settings.