Beruflich Dokumente
Kultur Dokumente
Byung-Jin Han
Internet Management Technology Lab. School of Information & Communication Engineering, h l f f i i i i i Sungkyunkwan Univ. 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, Korea. Tel : +82-31-290-7222, Fax : +82-31-299-6673 bjhan@imtl.skku.ac.kr
Contents
Introduction Terminology Overview of HMIPv6 Mobile IPv6 Extension Neighbor Discovery Extension g y Protocol Operation MAP Discovery Updating Previous MAPs Detection and Recovery from MAP Failures Security Considerations References
Introduction
Hierarchical Mobile IPv6
Utilizing a new node called the Mobility Anchor Point (MAP)
Limitation of MIPv6
MIPv6 allows nodes to move within the Internet topology while maintaining reachability and on-going connections between MN and CNs. CN
To do this a MN sends BUs to its HA and all CNs, every time it moves
Introduction
Location of MAP
MAP can be located at any level in a hierarchical network of routers (include AR)
Support FMIPv6 for achieving seamless mobility Allows MNs to hide their location from CNs and HAs while using route optimization
Terminology
Access Router
The AR is the MNs default router The AR aggregates the outbound traffic of MNs gg g
Overview of HMIPv6
HMIPv6 scheme introduces a new function
The MAP and minor extensions to the MN operation
Overview
An MN entering a MAP domain will receive RA containing information on one ore more local MAPs
The MN can bind its LCoA with RCoA h b d h MAP acting as a local HA
If the MN changes its current address with in a local MAP domain (LCoA)
It only needs to register the new address with MAP l d t i t th dd ith Only RCoA need to be registered with CN and HA
MAP domains boundaries are defined by the ARs advertising the MAP information to the attached MNs HMIPv6 is simply an extension of MIPv6
MAP HMIPv6-aware MN HMIP 6
HMIPv6 Operation
HMIPv6 Operation
HA Internet
CN
HA Internet
CN
MN (HoA) ( )
MN (HoA) ( )
Handoff
Handoff MAP
AR1
AR2
AR1
AR2
MN (CoA2)
MN (LCoA2,RCoA)
HMIPv6 Operation
New RA option
MN will discover the global address of the MAP New option contain this information (MAP option) Also inform distance of the MAP from MN
MAP discovery
Every time the MN detects movement
It will also detect whether it is still in the same MAP domain RA used to detect movement via MAP option When change MAP address MN change MAP by sending BU to its HA and CNs
A H L K M
M bit
If set to 1 it indicates a MAP registration
Type
IPv6 Neighbor Discovery option : 23
Dist
4-bit unsigned integer identifying the distance between MAP and the receiver Default 1, it does not mean hops
R
When set to 1, it indicates that the MN MUST from an RCoA based on the prefix in the MAP option
Global Address
One of the MAPs global addresses The 64-bit prefix extracted from this address MUST be configured in the MAP to be used for RCoA construction by the MN
10
Protocol Operation
Mobile Node Operation
When a MN moves into a new MAP domain
It needs to configure two CoAs An RCoA on the MAPs link and an on-link CoA (LCoA) The RCoA is formed in a stateless manner Local BU to the MAP with the A and M flags set After forming RCoA, MN send local BU Local BU include RCoA in Home Address Option No alternate-CoA option is need
S = LCoA D = MAP RCoA HoA Opt AH Hdr Payload Binding Update Option (Mobility Header)
This BU will bind RCoA and LCoA MAP perform DAD and return a BAck to MN BAck MUST with Type 2 Routing Header
11
Protocol Operation
Mobile Node Operation
RCoA
Multiple RCoA is allowed and MUST BU for each RCoA MUST NOT use one RCoA (from MAP1) as a CoA in its BU to another MAP (MAP2) This would force packets to be encapsulated several times
S = RCoA
D = HA HoA
HoA Opt
ESP Hdr
Payload
ESP Tail
Auth
Protocol Operation
Mobile Node Operation
Sending Packet to CNs
S = LCoA D = MAP ESP Hdr S = RCoA D = CN HoA Opt HoA Payload ESP Tail Auth
13
Protocol Operation
MAP Operation
The MAP act like a HA
It intercepts all packets addressed to registered MNs tunnels them to LCoA, which is stored in Binding Cache
MAP MUST be able to accept packets tunneled from the MN MAP intercepted packets addressed to the RCoA
Using proxy Neighbour Advertisement then encapsulated and routed to the MNs LCoA
Protocol Operation
Local Mobility Management Optimization with in a MAP Domain
For short-term communication in MIPv6
Particularly communication that may easily be retried upon failure MN MAY choose to directly use one of its CoA as the source of packet Does not requiring HoA destination option
Location Privacy L i Pi
In HMIPv6
An MN hides its LCoA from its CNs and its HA by using RCoA Tracking of a MN is difficult
15
MAP Discovery
MAP Discovery
Describes
How a MN obtains the MAP address and subnet Prefix How ARs in a domain discover MAPs
RAs are used for Dynamic MAP Discovery by introducing new option AR is required to send the MAP option in its Ras
MAP option includes distance vector, preference, MAPs global IP p ,p , g
16
MAP Discovery
Dynamic MAP Discovery
The AR within a MAP domain
May be configured dynamically with the information related to the MAP options ARs may obtain this information by listening for RAs with MAP options
17
MAP Discovery
Mobile Node Operation
An HMIPv6 aware MN
When Receives a RA, it should search for the MAP option An MN SHOULD register the highest preference value MAY choose MAP depend on Distance field Valid lifetime of zero mean MAP failure
An MN MAY
Choose to register with more than one MAP simultaneously Use both RCoA and LCoA as CoA simultaneously with different CNs
18
An Administrator
MAY restrict the MAP from forwarding packets to LCoAs outside the MAPs domain MAP s
RECOMMENDED
However, it is RECOMMENDED that MAPs be allowed to forward packets To LCoAs associated with some of the Ars in neighbouring MAP domain in same g g administrative domain
19
Receive and parse all MAP options Arrange MAPs in a descending order by furthest distance Select first MAP in list If either preference or lifetime fields are zero select the following zero, Repeat
MAP1
MAPs
20
If a MAP fails
Its binding cache content will be lost Resulting in loss of connection between MN and CNs
May be avoid by
Using more than one MAP on same link Some form of context transfer protocol between them p
21
Security Consideration
The security relationship between the MN and MAP
Must be strong It MUST involve
Mutual authentication Integrity protection Protection against replay attack Confidentiality May be needed for payload traffic Is not required for binding updates to the MAP
22
Security Consideration
MN-MAP security
Initial authorization MAY be needed
In order to allow an MN to use the MAPs forwarding service MAP s Specifically for the Service, not for the RCoA Authorizing a MN to use the MAP service Can be done based on the identity of the MN exchanged during SA negotiation The authorization may be granted based on the MNs identity or identity of CA (Certificate Authority) If MN has certificate signed by trusted entity, it would be sufficient for the MAP to authorize the use of its service
23
Security Consideration
MN-MAP security (contd)
The MAP does not need to have prior knowledge
the identity of MN nor its HoA As a result the SA between the MN and the MAP can be established using any key establishment protocols such as IKE
24
Security Consideration
MN CN security
HMIPv6 not impact to RR procedure
But careful In HOTI and COTI message Source address is HoA
S= LCoA D= MAP ESP Hdr S= RCoA D= HA ESP Hdr HOTI S= HoA D= CN Payy load ESP Tail Auth ESP Tail Auth
S= LCoA
D= MAP
ESP Hdr
S= RCoA
D= CN
Payload
ESP Tail
Auth
COTI
25
References
H. Soliman et al., Hierarchical Mobile IPv6 Mobility Management (HMIPv6)", RFC 4140, August 2005.
26