Transcript PPT

Special Topics
on
Wireless Ad-hoc Networks
Lecture 9: Wireless Internet,
Mobile IP
University of Tehran
Dept. of EE and Computer Engineering
By:
Dr. Nasser Yazdani
Univ. of Tehran
Computer Network
1
Covered topics

How to build a global wireless network?

Some considerations




Mobility
Routing
Transport layer
References


Chapter 4 of the book
Alex C. Snoeren and Hari Balakrishnan, “An
End-to-End Approach to Host Mobility”
Univ. of Tehran
Computer Network
2
Outline




Mobility consideration
Mobile IP
Multicast approach
End to End approach
Univ. of Tehran
Computer Network
3
Motivation

Connectivity everywhere




Overlapping, heterogeneous networks
Small, portable devices
Maintaining ongoing connections as the
user moves
Why maintain connectivity?


Avoid restarting applications/networks
Avoid losing “distributed state”
Univ. of Tehran
Computer Network
4
Problems?




The IP address associated with a mobile
host is network dependent!
When user connects to another network,
IP address needs to change
Packets belonging to ongoing connections
somehow need to be delivered to the
mobile host
Solutions?
Build in the network

The traditional approach: support in the network





Intelligence and expense is in the network
End-points are cheap (handsets)
Allows for supporting infrastructure
Requires agreements/trust amongst multiple vendors
Examples:




A link/physical level (many wireless networks)
At routing level (Columbia, VIP)
Doesn’t work when switching between technologies and
often not between vendors
In Internet would require modifying lots of routers
Univ. of Tehran
Computer Network
6
Build in end points

The Internet approach: end-to-end





Intelligence (and expense) is in the end-points
Network is cheap (relatively) and as fast as possible
Implies self-support for many activities
Less work/trust required amongst multiple vendors
End-to-end support at transport/naming/application
levels



May be ideal in future, but requires extensive changes
Not currently backwards compatible
TRIAD may be interesting approach
Univ. of Tehran
Computer Network
7
Problems in Wireless


Mobility: Nodes move from a network to
another. How to keep connectivity
Broken connectivity and high error rate in the
link: Degrades badly the performance.


TCP timeout
How to deal with Mobility?: Any solution
should satisfy



Compatibility
Scalability
Transparency
Univ. of Tehran
Computer Network
8
E2E in routing level

Use end-to-end support at routing level


Makes problem transparent at layers above and below
Current Internet standard: Mobile IP (RFC 2002)
TCP/IP network stack:
application
transport
routing
link
physical
Univ. of Tehran
Modify all applications?
Modify TCP, UDP, etc.?
Modify IP end-points?
Modify all device drivers?
How does this work across
network technologies?
Computer Network
9
IP address problem

Internet hosts/interfaces are identified by IP
address




Domain name service translates host name to IP address
IP address identifies host/interface and locates its
network
Mixes naming and location
Moving to another network requires different
network address


But this would change the host’s identity
How can we still reach that host?
Univ. of Tehran
Computer Network
10
Domains versus interfaces

Switching domains & switching interfaces
are the same problem at the routing level
Network interfaces:
Administrative domains:
Mobile host
ether 171.64.14.X
Stanford.edu
171.64.X.X
Berkeley.edu
radio 42.13.0.X
Univ. of Tehran
128.32.X.X
Computer Network
11
Intuitive Solution




Take up the analogy of you moving from
one apartment to another
What do you do?
Leave a forwarding address with your old
post-office!
The old post-office forwards mails to your
new post-office, which then forwards
them to you
Reverse path?


Same as in the post-office analogy
Packets originating from the mobile
host go directly to the static
corresponding host …
HA
SH
• Hence the name
triangular routing
MH
MH
FA
Basic Mobile IP
MH = mobile host
CH = correspondent host
HA = home agent
FA = foreign agent
(We’ll see later that FA
is not necessary or even
desirable)
CH
Home network
HA
Foreign network
FA
MH
•MH registers new “care-of address” (FA) with HA
•HA tunnels packets to FA
•FA decapsulates packets and delivers them to MH
Univ. of Tehran
Computer Network
14
Packet Tunneling
Packet from CH to MH
Source address = address of CH
Destination address = home IP address of MH
Payload
Home agent intercepts above packet and tunnels it
Source address = address of HA
Destination address = care-of address of MH
Source address = address of CH
Destination address = home IP address of MH
Original payload
Univ. of Tehran
Computer Network
15
host moves again
CH
Home network
HA
Foreign network #1
FA #1
MH
Foreign network #2
FA #2
MH
•MH registers new address (FA #2) with HA & FA #1
•HA tunnels packets to FA #2, which delivers them to MH
•Packets in flight can be forwarded from FA #1 to FA #2
Univ. of Tehran
Computer Network
16
Basic Mobile IP (cont)
Mobile hosts also send packets
CH
Home network
HA
Foreign network
FA
MH
•Mobile host uses its home IP address as source address
-Lower latency
-Still transparent to correspondent host
-No obvious need to encapsulate packet to CH
•This is called a “triangle route”
Univ. of Tehran
Computer Network
17
Mobile IP (RFC 2002)





Leaves Internet routing fabric unchanged
Does assume “foreign Agent ” exist
everywhere
Simple
Correspondent hosts don’t need to know
about mobility
Works both for changing domains and
network interfaces
Univ. of Tehran
Computer Network
18
Problems with ingress filtering
Home network
CH
HA
Foreign network
MH
•Mobile host uses its home IP address as source address
•Security-conscious boundary routers will drop this packet
Univ. of Tehran
Computer Network
19
Solution: bi-directional tunnel
•Provide choice of “safe” route through home agent both ways
Home network
CH
HA
Foreign network
MH
•This is the slowest but most conservative option
At the other extreme…
Univ. of Tehran
Computer Network
20
Discovering the care-of
address




Discovery process built on top of an existing
standard protocol: router advertisement (RFC
1256)
Router advertisements extended to carry
available care-of addresses called: agent
advertisements
Foreign agents (and home agents) send agent
advertisements periodically
A mobile host can choose not to wait for an
advertisement, and issue a solicitation message
Agent advertisements




Foreign agents send advertisements to
advertise available care-of addresses
Home agents send advertisements to make
themselves known
Mobile hosts can issue agent solicitations to
actively seek information
If mobile host has not heard from a foreign
agent its current care-of address belongs to, it
seeks for another care-of address
Registering the Care-of
Address




Once mobile host receives care-of address, it
registers it with the home agent
A registration request is first sent to the home
agent (through the foreign agent)
Home agent then approves the request and
sends a registration reply back to the mobile
host
Security?
Registration Authentication




Mobile IP requires the home agent and mobile
host to share a security association
MD5 with 128-bit keys to create digital
signatures for registration requests to be used
(registration message & header used for
creating signature)
Any problems? – replay attacks
Solved by using an unique message identifier
(timestamp or pseudorandom number)
Foreign Agent Security?



No foreign agent authentication required
Foreign agent can potentially discard
data once registration happens
However, the problem is same as in
unauthenticated route advertisements
(RFC 1256) in the wireline context
Home agent discovery


If the mobile host is unable to
communicate with the home agent, a
home agent discovery message is used
The message is sent as a broadcast to
the home agents in the home network
Problems with Foreign Agents

Assumption of support from foreign networks




Correctness in security-conscious networks



“triangle route” has problems
MH under its own control can eliminate this problem
Other undesirable features


A foreign agent exists in all networks you visit?
The foreign agent is robust and up and running?
The foreign agent is trustworthy?
Some performance improvements are harder with FAs
We want end-to-end solution that allows flexibility
Univ. of Tehran
Computer Network
27
Solution
•Mobile host is responsible for itself (With help from infrastructure
in its home network)
-Mobile host decapsulates packets
-Mobile host sends its own packets
-“Co-located” FA on MH
CH
Home network
HA
Foreign network
MH
MH must acquire its own IP address in foreign network
This address is its new “care-of” address
Mobile IP spec allows for this option
Univ. of Tehran
Computer Network
28
Obtaining a foreign IP address

Can we expect to obtain an IP address?






DHCP becoming more common
Dynamic IP address binding like some dial-up
services
Your friend can reserve an IP address for you
Various other tricks
More support for dynamic IP address binding in
IPv6
This assumes less than getting others to run a
FA
Univ. of Tehran
Computer Network
29
Design implications

New issues: the mobile host now has two roles:


Home role
Local role
- More complex mobile host
- Loss of in-flight packets? (This can happen anyway.)
+ Can visit networks without a foreign agent
+ Can join local multicast groups, etc.
+ More control over packet routing = more flexibility
Univ. of Tehran
Computer Network
30
Problem: performance

Example: short-lived communication




When accessing a web server, why pay for
mobility?
Do without location-transparency
Unlikely to move during transfer; can reload
page
Works when CH keeps no state about MH
Univ. of Tehran
Computer Network
31
Solution: yet more flexibility
CH
Home network
HA
Foreign network
MH
•Use current care-of address and send packet directly
-This is regular IP!
•More generally:
-MH should have flexibility to adapt to circumstances
-A range of options: from slow-but-safe to regular IP
-Should be an end-to-end packet delivery decision (no FA)
Univ. of Tehran
Computer Network
32
Forwarding options


Allow MH to choose from among all forwarding
options
Options:




Choice determined by:





Encapsulate packet or not?
Use home address or care-of address as source address?
Tunnel packet through home agent or send directly?
Performance
Desire for transparent mobility
Mobile-awareness of correspondent host
Security concerns of networks traversed
Equivalent choices for CH sending packets to MH
Univ. of Tehran
Computer Network
33
Mobility 4x4
Incoming
Indirect,
Encapsulated
Outgoing
Indirect,
Encapsulated
Outgoing
Direct,
Encapsulated
Outgoing
Direct, Home
Address
Most reliable,
least efficient
Requires
decapsulation
on CH
No securityconscious
routers on path
Requires fully
mobile-aware
CH
No securityconscious
routers on path
Incoming
Direct,
Encapsulated
Incoming
Direct, Home
Address
Requires both
hosts to be on
same net. seg.
Incoming
Direct, Temp.
Address
Univ. of Tehran
Outgoing
Direct, Temp.
Address
Most efficient,
no mobility
support
Computer Network
34
Which to use?

With bidirectional tunneling



Probe destination using triangle route
If it works, switch to that option
With triangle route

If packets aren’t getting through after some
number of tries
Univ. of Tehran
Computer Network
35
Mobile IP issues on local
network

Host visiting local network with foreign agent


No real presence on local network
Host visiting local network with its own IP address






Has a role on local network
Reverse name lookups through special name?
Or do you change the DNS entry?
Its IP address / HW address gets into local hosts’ ARP
caches
Which IP address should go into cache?
How do you update caches if host moves again?
Univ. of Tehran
Computer Network
36
Local ARP cache problem



ARP caches store (IP address, HW address) pairs
MH host visits foreign network
Wants to talk directly back and forth to local hosts

If it wants to maintain connectivity with them after
moving




Use home IP address
Other hosts address MH by HW address on local link
But if MH moves again, ARP cache entries are wrong
If it doesn’t care


Use local IP address
If MH moves, ARP cache is wrong, but nobody cares
Univ. of Tehran
Computer Network
37
Multicast-based Architecture




Very different from the mobile-IP model
Based on the IP-multicast approach
Leverages the similarities in the two
problems (multicast and mobility)
Minor modifications to IP-multicast
required
Multicast




Multicast: group membership, packets sent
to a multicast address have to be delivered to
all members of the group
Members of a multicast group can be located
“anywhere”
IP-multicast infrastructure is overlayed on
the Internet (construction of infrastructure a
separate problem by itself – DVMRP, CBT,
etc.)
Forwarding of data happens on the
overlayed infrastructure, and routing is group
specific
Multicast (Illustration)
Tunnels
Multicast & Mobility
CH
Tunnels
Use IP-multicasting to support mobility!
End-to-End Approach



Internet infrastructure does not change
(like in mobile IP)
Changes required at both the sender and
receiver
Does connection migration when mobilehost moves
E2E Approach (Contd.)




Hostname used as the invariant to identify
mobile host
Mobile host uses DNS updates to change
hostname to IP address mapping
No consistency problem as DNS entries can be
made un-cacheable
If client is mobile, DNS-support not used
E2E Approach (Contd.)





When a mobile-host undergoes a handoff, it
re-issues a SYN (with a MIGRATE option
identifying the previous connection)
A unique token exchanged during initial
connection set-up used to identify connection
The receiver of the SYN changes its state to
represent the new address of the mobile-host
Connection proceeds as a regular TCP
connection from thereon
Trade-offs?
TCP-level mobility support



Use dynamic DNS for initial name lookup
If name changes during a connect, use
TCP migrate option
If name changes between DNS lookup
and TCP connection, then do another
DNS lookup
Univ. of Tehran
Computer Network
45
TCP-level advantages and
disadvantages
+
+
+
-
No tunneling
No need to modify IP layer
Possibly more input from applications
Requires secure dynamic DNS
Scalability issue not entirely dismissable
What if both endpoints are mobile?
Need to modify multiple transport layers
More transport-level changes required than IP-level
additions
- Security issues more severe (1st paragraph of Section 5 is
false)
- Requires application-level changes for DNS retries
Univ. of Tehran
Computer Network
46
Overall TCP-level questions



Are IP address changes a routing
responsibility or an application responsibility?
Is this really end-to-end?
With dynamic DNS requirements,
application-level changes, and TCP changes,
why not just do DNS retry every time a
connection fails?
Univ. of Tehran
Computer Network
47