Beruflich Dokumente
Kultur Dokumente
Module E
http://mobnet.epfl.ch
1
Some slides addapted from Jochen H. Schiller (www.jochenschiller.de)
Outline
2
Enablers of IP mobility
Wireless technologies
Wireless LANs (IEEE 802.11)
Bluetooth (www.bluetooth.com)
3
Problem with IP mobility
IP1
mail.epfl.ch
WLAN 802.11
IP2
Need to establish a new TCP
connection, old connection broken
4
IP mobility and cellular networks
• Assign IP address
GPRS (or EDGE) tunnel • Tunnel IP packets
IP link • Always in the path
IP1
IP1
mail.epfl.ch
IP1
WLAN 802.11
IP2
• Assign a new IP address via DHCP
5
Courtesy E. Corthay, Swisscom
TCP/IP was not designed for mobility
6
Routing in the Internet
7
Update routing tables?
Quick ‘solution’
Keep IP address constant
Update routing tables to forward packets to the right location
Not feasible
Does not scale with number of mobile hosts and frequent
changes in location
Routers are designed for fast forwarding, not fast
updates
Routers have limited memory (cannot store separate
entry for every mobile host)
Route updates consume network throughput
Security problems
8
Case-study of two solutions
Mobile IP
Support mobility transparently to TCP and applications
Rely on existing protocols
9
Mobile IP
Requirements to Mobile IP
Transparency
Mobile end-systems (hosts) keep their IP address
Maintain communication in spite of link breakage
Enable change of point of connection to the fixed network
Compatibility
Support the same Layer 2 protocols as IP
No changes to current end-systems and routers
Mobile end-systems can communicate with fixed systems
Security
Authentication of all registration messages
Efficiency and scalability
Only little additional messages to the mobile system required
(connection may be over a low-bandwidth radio link)
World-wide support of a large number of mobile systems
11
Terminology
Mobile Node (MN)
Entity (node) that can change its point of connection
to the network without changing its IP address
Home Agent (HA)
Entity in the home network of the MN, typically a router
Registers the MN location, encapsulates and tunnels IP packets to the COA
Foreign Agent (FA)
System in the current foreign network of the MN, typically a router
Decapsulates and forwards the tunneled packets to the MN
Care-of Address (COA)
Address of the current tunnel end-point for the MN
Foreign Agent COA or
Co-located COA (no FA, MN performs decapsulation)
Actual location of the MN from an IP point of view
Co-located COA typically acquired via DHCP
Correspondent Node (CN)
Communication partner
12
Data transfer to the mobile node:
HA
2
MN
FA foreign
network
HA 2
MN
Internet
home network receiver
3 foreign
network
HA
4 MN
FA foreign
network
receiver
15
Mobile IP mechanisms
Agent Discovery
MN discovers its location (home network, foreign network)
MN learns a COA
Registration
MN securely signals the COA to the HA (via the FA)
Tunneling
MN encapsulates IP packets from CN and sends them to the
COA
FA (or MN) decapsulates these packets and sends them to
the MN
16
Agent discovery
Agent Advertisement
HA and FA periodically send advertisement messages into their
physical subnets
MN listens to these messages and detects, if it is in the home or a
foreign network (standard case for home network)
MN reads a COA from the FA advertisement messages
Agent Solicitation
MN can request an Agent Advertisement message with a Agent
Solicatation message
Helps decrease disconnection time
Simple extension of ICMP Router Discovery (RFC 1256)
0 7 8 15 16 23 24 31
type code checksum
#addresses addr. size lifetime
router address 1
RFC 1256 preference level 1
router address 2
preference level 2
...
type = 16
length = 6 + 4 * #COAs type = 16 length sequence number
R: registration required registration lifetime R B H F M G r T reserved
B: busy, no more registrations COA 1
H: home agent COA 2
F: foreign agent ...
M: minimal encapsulation
G: GRE encapsulation
r: =0, ignored (former Van Jacobson compression)
T: FA supports reverse tunneling
reserved: =0, ignored
18
Registration
1. Registration
5. Registration reply Note: HA can allow for multiple
request
simultanous mobilty bindings.
In that case, a packet from CN is
forwarded to all active COAs
Mobile Node
(COA)
19
Mobile IP registration request
0 7 8 15 16 23 24 31
type = 1 S B DMG r T x lifetime
home address
home agent
UDP
COA
message
identification
extensions . . .
21
Security associations and registration keys
Foreign Home
Agent Agent
Mobile Node
22
Tunneling
Correspondent
Node Src Dest Payload
CN MN abcdefghij
1
Binding
Foreign 2
Home
Agent Agent
Src Dest Src Dest Payload
HA COA CN MN abcdefghij
Encapsulated datagram
3
Src Dest Payload
CN MN abcdefghij
Mobile Node
23
IP-in-IP encapsulation
24
Minimal encapsulation
25
Generic Routing Encapsulation
original
original data
header
GRE original
outer header original data
header header
26
“Triangle” routing
Correspondent
Node
Home
Agent
Mobile
Node Foreign
Agent
Drawbacks
Inefficiency
MN sends IP packets with topologically incorrect source
For security reasons, router can be configured to drop
topologically incorrect packets (ingress filtering) 27
Route Optimization in Mobile IP
Route optimization
HA provides the CN with the current location of MN (FA)
CN sends tunneled traffic directly to FA
Optimization of FA handover
Packets on-the-fly during FA change can be lost
New FA informs old FA to avoid packet loss, old FA now
forwards remaining packets to new FA
This information also enables the old FA to release
resources for the MN
Extension: not part of the core Mobile IP (RFC 3344)
Violates compatibility (CN needs to be Mobile-IP-aware)
Security problems
28
Route and FA handover optimizations
CN HA FA FAnew MN
Request
Update
ACK
Data
Data
MN changes
location
Registration
Update
ACK
Data
Data Data
Warning
Request
Update
ACK
Data
Data
t
29
Reverse tunneling
HA
2
MN
FA foreign
network
1. MN sends to FA
3 2. FA tunnels packets to HA
CN by encapsulation
3. HA forwards the packet to the
receiver receiver (standard case)
30
Mobile IP with reverse tunneling
31
Firewalls
Correspondent Filtering of incoming packets:
Domain Discard packets that seem to emanate
from an address internal to the domain
Correspondent (even if they are tunneled)
Node
FW
Home Domain
Global FW
Internet Home
Agent
FW
Foreign
Domain
Filtering of outgoing packets: discard packets that seem
Foreign to emanate from an address external to the domain
Agent (even if they are tunneled)
Possible solutions:
Mobile • Manual configuration
Node • Isolation of Mobile Nodes 32
(pockets)
Mobile IP and IPsec
Security in Mobile IP
Authentication in registration messages
No protection of data transmission (tunneling)
33
IPsec: Brief reminder
Application Application
IP IP IP
IPsec Router
mechanisms
Input IP packet:
... src IP dst IP payload - authenticated
with auth
IP header
AH transport mode:
src IP dst IP ... SPI seq auth payload
IP header AH
AH tunnel mode:
src IP’ dst IP’ ... SPI seq auth IP header payload
37
IP Micro-mobility support
Micro-mobility support:
Efficient local handover inside a foreign domain
without involving a home agent
Reduces control traffic on backbone
Especially needed in case of route optimization
Example:
Hierarchical Mobile IP (HMIP)
Important criteria:
Security Efficiency, Scalability, Transparency,
Manageability
38
Hierarchical Mobile IPv6
Operation:
Network contains mobility anchor point (MAP)
mapping of regional COA (RCOA) to link COA
(LCOA)
Internet
Upon handover, MN informs HA
MAP only
gets new LCOA, keeps RCOA RCOA
HA is only contacted if MAP MAP
changes
binding AR AR
Security provisions:
update
No HMIP-specific
security provisions LCOAnew LCOAold
Binding updates should be MN MN
authenticated
39
Hierarchical Mobile IP: Security
Advantages:
Local COAs can be hidden,
which provides at least some location privacy
Direct routing between CNs sharing the same link is
possible (but might be dangerous)
Potential problems:
Decentralized security-critical functionality
(handover processing) in mobility anchor points
MNs can (must!) directly influence routing entries via binding
updates (authentication necessary)
40
Hierarchical Mobile IP: Other issues
Advantages:
Handover requires minimum number
of overall changes to routing tables
Integration with firewalls / private address support possible
Potential problems:
Not transparent to MNs
Handover efficiency in wireless mobile scenarios:
Complex MN operations
All routing reconfiguration messages
sent over wireless link
41
Mobile IP summary
42
Host Identity Protocol (HIP)
43
Architectural background
44
New requirements to Internet addressing
Mobile Hosts
Need to change IP address dynamically
Multi-interface hosts
Have multiple independent addresses
45
HIP: A new global Internet name space
46
HIP: A new layer
Process
IP layer IP address
Link Layer
47
HIP bindings
48
HIP overview
HIP identifiers
Establishing a shared context between two host
HIP base exchange
Data communication
By default protected with IPsec ESP
Mobility during data communication
HIP locator update
Finding a host
HIP DNS extensions
HIP Rendezvous extension
Multihoming
49
HIP identifiers
50
HIP base exchange
Initiator (I) Responder (R)
I1: IPI, IPR, HITI, HITR
R1: IPI, IPR, HITI, HITR, DHR, HIR, sig, ESPtransform, puzzle
I2: IPI, IPR, HITI, HITR, DHI, HII, sig, ESPtransform, ESPinfo, solution
R2: IPI, IPR, HITI, HITR, sig, ESPinfo
51
HIP base exchange
Initiator (I) Responder (R)
I1: IPI, IPR, HITI, HITR
R1: IPI, IPR, HITI, HITR, DHR, HIR, sig, ESPtransform, puzzle
I2: IPI, IPR, HITI, HITR, DHI, HII, sig, ESPtransform, ESPinfo, solution
R2: IPI, IPR, HITI, HITR, sig, ESPinfo
SPIIR SPIIR
HII IPI IPR HIR
SPIRI SPIRI
53
HIP base exchange
Initiator (I) Responder (R)
I1: IPI, IPR, HITI, HITR
R1: IPI, IPR, HITI, HITR, DHR, HIR, sig, ESPtransform, puzzle
I2: IPI, IPR, HITI, HITR, DHI, HII, sig, ESPtransform, ESPinfo, solution
R2: IPI, IPR, HITI, HITR, sig, ESPinfo
54
Mobile Host
Mobility with HIP
IP Address 1
Correspondent
Host
Correspondent
Host
57
HIP and DNS: static case
DNS
DNS
RVS
(details in RFC 5203)
UPDATE IP
Mobile Host
FQDNMH HIMH, HITMH, IPRVS new IP address
62
References
63
Routing in
mobile ad hoc networks
The classic solution for mobile networks
67
WSN: Earthquake detection
Temperature management
Monitor heating and cooling of a building in an integrated way
Temperature in different rooms is monitored centrally
A power consumption profile is to be drawn in order to save energy
in the future
Lighting management:
Detect human presence in a
room to automatically switch
lights on and off
Responds to manual activation/
deactivation of switches
Tracks movement to anticipate
the activation of light-switches
on the path of a person
70
WSN: Precision Agriculture management
If we have:
- n identical randomly located nodes
- each capable of transmitting W bits/s
Then the throughput ( n ) obtainable by each node
for a randomly chosen destination is
W
(n )
n log n
N nodes (users)
Peculiarities
Node mobility
High rate of link failure
Traditional routing approaches are not well suited
Assumptions
Multihop communication
Symmetric links (in most cases)
Omnidirectional antennas (in most cases)
All nodes have equal capabilities and responsibilities
Figures of merit
Latency of route discovery
Overhead (bandwidth, energy, processing power)
Security
Current status of research:
Many, many proposals
Optimal solution depends on deployment scenario: mobility
patterns, radio model, traffic characteristics,…
74
Brief reminder : Link-state protocols
Example: OSPF
May consume a lot of resources to update the routes
Techniques to alleviate the problem: limit the
propagation of information
Does not seem to be well suited to cope with mobility
75
Distance vector routing (1/2)
B
A B C D Distance
vector 3
A 0 1 5 ¥ 1 1
A D
B 1 0 1 3 5 7
C 5 1 0 7 C
D ¥ 3 7 0
2 1 2 4 Cost to dest.
via B
0 1 2,B 4,B
76
Distance vector routing (2/2)
77
Routing protocols for wireless ad hoc
networks
Response time,
Energy
bandwidth
Proactive Reactive
protocols protocols
Dynamic
Optimized Link- Ad Hoc On-Demand
Destination-Sequenced Source Geography- Cluster-based
State Routing Distance-Vector
Distance-Vector (DSDV) Routing based routing (or hierarchical)
(OLSR) (AODV)
(DSR) routing
Geodesic
packet 78
forwarding
Dynamic source routing (DSR)
79
DSR: Route discovery (1)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
80
DSR: Route discovery (2)
F K
H
Q A
S E G D P
(S)
J
B M
R
I
L
C
N
81
DSR: Route discovery (3)
(S,A) K
F H
Q A
(S,E)
S E G D P
J
B M
R
I
L
C
N
82
DSR: Route discovery (4)
F K
H
Q A
S E G (S,E,G) D P
J
B M
R
I
L
C
(S,B,C) N
83
DSR: Route discovery (5)
(S,A,F,H)
F K
H
Q A
S E G (S,E,G,J)D P
J
B M
R
I
L
C
N
84
DSR: Route discovery (6)
F K
H (S,A,F,H,K)
Q A
S E G D P
J
B M
R
I
L
C
N
85
DSR: Route discovery (7)
F K
H
Q A
S E G D P
J (S,A,F,H,K,P)
B M
R
I
L
C
N
86
DSR: Route discovery (8)
F K
H
Q A
S E G D P
J RREP(S,E,G,J,D)
B M
R
I
L
C
N
87
DSR: Route Discovery (9)
88
DSR: Data delivery
F K
H
Q A
DATA(S,E,G,J,D)
S E G D P
J
B M
R
I
L
C
N
89
DSR: Route maintenance (1)
F K
H
Q A
DATA(S,E,G,J,D)
E P
X
S G D
J
B M
R
I
L
C
N
90
DSR: Route maintenance (2)
F K
H
Q A
RERR(G-J)
E P
X
S G D
J
B M
R
I
L
C
N When receiving the Route Error message (RERR),
S removes the broken link from its cache.
It then tries another route stored in its cache; if none,
91
it initializes a new route discovery
DSR: Optimization of route discovery:
route caching
Principle: each node caches a new route it learns by
any means
Examples
When node S finds route (S, E, G, J, D) to D, it also learns
route (S, E, G) to node G
In the same way, node E learns the route to D
Same phenomenon when transmitting route replies
Moreover, routes can be overheard by nodes in the
neighbourhood
However, route caching has its downside: stale
caches can severely hamper the performance of the
network
92
DSR: Strengths
93
DSR: Weaknesses
94
Ad Hoc On-Demand Distance Vector
Routing (AODV)
As it is based on source routing, DSR includes
source routes in data packet headers
Large packet headers in DSR risk of poor
performance if the number of hops is high
AODV uses a route discovery mechanism similar to
DSR, but it maintains routing tables at the nodes
AODV ages the routes and maintains a hop count
AODV assumes that all links are bi-directional
95
AODV : Route discovery (1)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
96
AODV : Route discovery (2)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
99
AODV : Route discovery (5)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
100
AODV : Route discovery (6)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
101
AODV : Route discovery (7)
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
102
AODV : Route reply and setup of the
forward path
F K
H
Q A
S E G D P
J
B M
R
I
L
C
N
104
AODV : Data delivery
F K
H
Q A
Data
S E G D P
J
B M
R
I
L
C
N
F K
H
Q A
Data
E P
S G
X J
D
B M
R
I
L
C
N
106
AODV : Route maintenance (2)
F K
H
Q A
RERR(G-J)
E P
S G
X J
D
B M
R
I
L
C
N
108
AODV : Avoiding the usage of stale
1. S A
routing
… D
tables …
2. S A
DSN(D) = 5
DSN(D) = 5
B B
DSN(D) = 8
: Forward path D
3.
S A … 4.
S A …
RREQ DSN(D) = 5 RREP DSN(D) = 5
B B
DSN(D) = 8 DSN(D) = 8
109
D D
AODV : Avoiding loops
A B S X D
C
: Forward path
• Assume there is a route between A and D; link S-D breaks; assume A is not aware of this, e.g. because
RERR sent by S is lost
• Assume now S wants to send to D. It performs a RREQ, which can be received by A via path S-C-A
• Node A will reply since it knows a route to D via node B
• This would result in a loop (S-C-A-B-S)
• The presence of sequence numbers will let S discover that the routing information from A is outdated
• Principle: when S discovers that link S-D is broken, it increments its local value of DSN(D). In this way,
the new local value will be greater than the one stored by A.
110
AODV (unicast) : Conclusion
111
A proposal from EPFL
112
NIC (Nokia)
115
References on wireless ad hoc
networks
Overview of ad hoc network routing protocols: see the references
mentioned at:
http://en.wikipedia.org/wiki/Ad_hoc_networking
116