Transcript KANTOR-A_POLICY-BASED_PER

A policy-based per-flow
mobility management system
design
M. Kantor, G. Ormazabal, R. State, T. Engel
IPTComm 2015, 6th October 2015, Chicago
Agenda
• Motivation
• Network architecture
• OpenFlow-enabled Multi-Mode Terminal mobile
device (OF-MMT) architecture
• Per-flow mobility management architecture
• Policy engine logic architecture
• End-to-end network connectivity
• Conclusions
Motivation (1)
• Mobile devices
– support a variety of network interfaces (Wi-Fi, 3G, WiMAX, LTE, ...)
– connect to several networks at the same time
• Diverse and heterogeneous network connectivity
– increase reliability and performance, using the links
•
sequentially
•
in parallel
– schedule intelligently applications
•
smart selection of network access
•
best user experience while consuming network services
Seamless handover!
Motivation (2)
• Seamless handover requirements
–
routing / rerouting
–
reconfiguration
–
location management
–
address management
–
session identification
–
session migration
–
smart selection of network access
Network Function Virtualization (NFV) + Software Defined Networking (SDN)
Network Architecture
OF-MMT Architecture
OF-MMT’s Open vSwitch Architecture
Per-flow Mobility Management Architecture
Policy Engine Logic Architecture
End-to-end Network Connectivity
• SDN network attachment
• SDN network connectivity management
• Host-based mobility - tunnel establishment
• Per-application flow table
• Data transfer
SDN Network Attachment
•
•
•
•
•
Detection of a mobile device attachment
–
Based on mobile device's physical interface MAC address
–
OF-enabled switch  SDN domain controller: Packet-in message
SDN device access control
–
Authentication request: SDN Flow Manager  candidate network SDN domain controller
–
Security Manager  MAC layer credential data
Network authentication and IP address assignment
–
Local SDN controller  DHCP request IP address for physical mobile device interface
–
Before assigning IP address  interception for network authentication procedure
–
Security Manager  IP layer credential data
Binding cache entry created at candidate network SDN domain controller
–
Mobile device’s physical interface routable IP address
–
Mobile device's physical interface MAC address
–
First-hop OF-enabled switch’ s identifier
–
Binding entry lifetime
Binding cache entry forwarded to the MCN
Host-based Mobility – Tunnel Establishment
• Virtual IP address assigned to VMI virtual interface
–
Identifies the mobile device's VMI at the CN
–
Remains constant independently of any IP readdressing of the mobile device's physical interfaces
• Tunneling mechanisms used to encapsulate VMI's applications generated
packets
–
Mapping virtual IP address to physical IP address
–
Virtual IP address used as a source IP address
–
Mobile device's physical interface IP stack hidden to the VMI's applications
–
Tunnel-flow association
Applied overlay tunneling approach  full decoupling of the real
mobile device physical interfaces and the VMIs virtual interfaces
Per-application Flow Table
•
Flow handover decision: PE Flow Manager  SDN Flow Manager
•
SDN Flow Manager tasks
– Selection of the physical tunnel
– Binding creation between the flow identifier FID and the tunnel identifier TID
– Creation and management of per-application flow entry in flow table
Flows switched seamlessly
between different physical access transport networks
without affecting any active TCP sessions
sourced by VMI's applications!
SDN Network Connectivity Management
•
Routable IP address assigned to physical interface
–
•
•
•
IP address from mobile device’s network of the initial attachment (home domain)
Several collaborating SDN domains
–
at least one SDN domain controller per SDN domain
–
network path between mobile devices  SDN domain controller(s)
–
communication between SDN domain controllers  through east/westbound interface
–
SDN domain controller  no location information outside of its own controlled domain
Mobility Control Node (MCN)
–
keeps the current location information of mobile devices
–
randevouz point when both mobile devices are moving concurrently
–
supports inter-domain path computation between OF-MMT and CN
Inter-domain route distribution
–
traditional routing protocols, BGP and OSPF, may be leveraged and extended
Data Transfer
• Forwarding of flow packets in mobile device
– realized by the Open vSwitch kernel module
– follows the installed flow entry
– packets encapsulated in the selected tunnel
– sent through mobile device's physical interface towards the corresponding VMI in CN
• Forwarding of flow packets in the network
– packets transmitted through the network path
Conclusions
• Context-aware per-flow mobility-enabled architecture involving novel network
tools afforded by SDN/NFV technology
• SDN architecture complemented with a control middleware abstracting
networking complexity, and providing a policy-based decision making system
• Policies taking into account context information, providing granular network
access control, on a per-application basis
• Provisioning of mobility capabilities by using physical to virtual address
encapsulation (tunneling)
–
Mobility execution by a simple flow table entry update
• Proposed approach providing user and mobile device independence, from
network and access technologies
Thank you!
Flowchart
General Open vSwitch Architecture