Transcript Slides - TERENA Networking Conference 2006

OBAN
Open Broadband Access
Networks
H. Almus, TU Berlin, EANTC Research
The OBAN project is funded by the European Community’s
Sixth Framework Programme, project partners
and the Swiss Bundesamt für Bildung und Wissenschaft
The information in this document is provided as is and
no guarantee or warranty is given that the information
is fit for any particular purpose. The user thereof uses
the information at its sole risk and liability
An Open Network
© 2006 H. Almus
TERENA Networking Conference 2006
2
OBAN Concept
•
To open private WLANs for public use
– Allowing people who are passing by (visiting users) to get broadband access via
privately owned WLAN access points
•
Business idea beyond
– Visiting users pay according to there usage
– Contracts between all involved parties will assure appropriate earnings
•
OBAN mobility support
– Seamless handover and roaming
Public use
• Limited to velocities ≤ 15 km/h
WLAN
•
Access to broadband
network
Private use
© 2006 H. Almus
ISP
OBAN integrated extended
services
– Voice (VoWLAN, VoIP), Video
– Location specific services
• Local content based on knowledge
of coordinates of used broadband
access
TERENA Networking Conference 2006
3
Broadband access
today and tomorrow
• xDSL technologies
– Example ADSL, typical configured bandwidth 1 to 2 Mbps, mostly
8 Mbps possible
– Example ADSL 2+, VDSL, VDSL2 provides from 24 Mbps to 40-50
Mbps
• Cable modems in TV distribution networks
• Fiber cable to the home
• Wireless technologies
– Extended use expected
• According to BT Group: WiMAX for home installation available at the
end of 2006
• Private flats and houses do have broadband access !!!
– 23% of the European households are using broadband
connections
– Broadband connections in Germany (end of 2005)
• around 10,4 million connections (27 % of German households)
© 2006 H. Almus
TERENA Networking Conference 2006
4
Use of capacities
• Most private users are using the rented
bandwidth only for minor downloads
– Usage heavily depends on the daytime
• Mostly used in the evening and on weekends
• Minor usage during common working hours
• Rented bandwidth usually below technical available bandwidth
– Caused by price policy of ISPs
– Most often, the rented bandwidth is 1 or 2 Mbit/s (downlink)
– On average, the installed broadband access
technology allows around 8 Mbit/s (downlink)
– Estimated average use of a broadband access: ≤ 10
GByte per month
• Only around 3-4 % of the rented bandwidth is actually
used
• Regarding the technical available bandwidth at the access
points, only around 0,5 % is used
© 2006 H. Almus
TERENA Networking Conference 2006
5
Network evolution
• Today's mobile networks are evolving to broadband
– Number of base stations and feeder lines will increase
dramatically
– Next step from today's UMTS may require optical cables in the
feeder network
– Granularity will become comparable to that of the fixed network
• The fixed network is continuously updated with
advanced DSL technologies and optical cables
– Most of the connected households and businesses will use
WLAN technologies for in-house networking
Extended use of WLANs as well as growing bandwidth
demands will lead to a convergence of booth
networks
© 2006 H. Almus
TERENA Networking Conference 2006
6
Networks & Cell sizes
today
WLAN
and tomorrow
Mobile network
© 2006 H. Almus
TERENA Networking Conference 2006
7
VU
Parties involved
ISP-VU
AP
AP
HU
HU
VU
ANP
ISP
RG
AP
© 2006 H. Almus
Internet
ANP
RG
= Home User
= Visiting User
= Access Network Provider
= Internet Service Provider
= Residential Gateway (OBAN extended Access-Router)
= WLAN Accesspoint
TERENA Networking Conference 2006
ISP-HU
8
OBAN
bandwidth management
•
Simple bandwidth management
– Home user retains the rented bandwidth and performance, independent from any
access and usage by visiting users
• Conventional sharing concepts are based on a common use of the bandwidth rented by
the home user (Boingo, Linkspot etc.)
– Use of additional available bandwidth for visiting users
– Solution by adapted bandwidth management
• 2 data paths with fixed, well defined access rates
•
Extended bandwidth management
– Bandwidth actually not used by the home user will be available for visiting users
in addition to the extended bandwidth statically reserved for visiting users
– Realization requires strict prioritization of the private users traffic in the limits of
the rented bandwidth
•
The OBAN approach is a provider oriented solution – it requires the
involvement of the access network provider!
– Solutions as offered by Boingo are just roaming agreements
© 2006 H. Almus
TERENA Networking Conference 2006
9
QoS in OBAN
• Bandwidth management, prioritization
– based on 802.11e / WMM
– OBAN QoS Broker
• Knows the capacity of the access network
– Traffic policing, priority queuing
• manages QoS-Profiles for each OBAN user
– Integrated in the backend, could be integrated in AAA server
– Residential Gateway
• Capacity Distribution Algorithm (CDA) defines, which capacity an
end system (terminal) gets assigned at a given time
• Traffic policing / shaping, priority queuing to ensure proper use
• Capacity tracking and adoption according to changing conditions
– Terminal
• Supports traffic shaping, capacity tracking
• WLAN:
– QoS enabled MAC (802.11e/WMM); priorities are mapped to WLAN
access categories
© 2006 H. Almus
TERENA Networking Conference 2006
10
Mobility in OBAN
• Basic objectives of the OBAN project:
– „Smart change“ of the IP network as well as seamless
roaming between service providers
– Single Sign On
• The user has to authenticate only once
– Seamless IP Connectivity
• Change of network access, IP subnet as well as roaming
shall not disturb or (noticeable) interrupt currently used IP
services
– No loss of TCP connections, SIP session etc.
» Supported by use of Mobile IPv4 (MIP)
© 2006 H. Almus
TERENA Networking Conference 2006
11
Security in OBAN
• Security and privacy protection
– Questions and requirements
• Who must have access to which data?
• Who isn't allowed to have access to which data?
• How can a OBAN network be realized in line with local and
European laws?
– 25 country specific laws and regulations regarding service
provisioning, protection of private data, encryption etc.
• Acceptance of OBAN by private and visiting users?
– What kind of data security as well as privacy protection has to
be offered?
© 2006 H. Almus
TERENA Networking Conference 2006
12
Security
Extended requirements
• Extended protection against manipulation required because
– OBAN WLAN APs and RG are located in private homes
• HU could try to fake an OBAN WLAN AP and to forward modified visiting
user data to the RG (Man-in-the-Middle-Attack)
• HU could also manipulate the RG itself to modify information (e.g. billing
relevant date)
– OBAN WLAN APs are interconnected to the private network of the HU
• VUs could attack and try to manipulate OBAN WLAN AP to get access to
private data of the HU
• OBAN networks have to securely separate the data of HUs and VUs
– Separated VPNs for HU and VU are required
– The identity of the HU has to be hidden to the VUs as well as vice versa
• OBAN hardware and software components must be protected
against manipulation and misuse
© 2006 H. Almus
TERENA Networking Conference 2006
13
Mobility
MIP / Handover
• OBAN has to support a secured data exchange in combination with
a change of the used network without service interruption
– OBAN project objectives include the support of interactive multimedia
services like videoconferencing and VoIP
– OBAN tries to achieve handover times less than 120 ms (Layer 3)
• Typical handover times of 350 ms ore even higher (like 8-10 s in MIP
environments) are not acceptable.
• Consequences:
– The handover process including re-authentication has to take place
automatically - without any user interaction
– The used Mobile IP solution has to be compatible with common
encryption techniques (VPN, IPSec and SSL)
• Encryption must be setup as overlay on top of MIP, end points of encrypted
tunnels are terminated in MIP
• OBAN terminals (notebooks, PDAs) have to support Mobile IP as
well as some OBAN specific extensions
• OBAN users will have to install some OBAN specific software
© 2006 H. Almus
TERENA Networking Conference 2006
14
Handover performance
• How to minimize the WLAN handover delay?
• Code optimization alone will not be a solution to the OBAN goal (< 120 ms
on Layer 3)
• WLAN technology doesn’t support “make before break” as used in
GSM/UMTS networks
• Extended mobility management is required
– Residential Gateway (RG) acts as access router
• Extended functions to avoid painful delays (DHCP etc.)
– Sophisticated authentication mechanisms
• To support fast and automated re-authentication
– Extended services and functions to be implemented
• proxy servers
• mobility broker
– Knows about neighbored APs, network configuration
– Supports fast re-authentication
• QoS broker
– Knows about currently available QoS on neighbored APs
© 2006 H. Almus
TERENA Networking Conference 2006
15
Authentication
•
•
Full authentication (via AAA server) when changing AP / roaming is by far to
slow
Alternate solutions discussed within OBAN
1. Delayed Authentication
1. Data traffic without previous authentication allowed for a limited time period
2. Full authentication done immediately in parallel to initial use
2. Use of Kerberos Tickets
1. Split of authentication process
1. Traditional full authentication via AAA server for the 1st access
2. Specific authentication on shared secrets, partly shared in advance
3. Time-shifted computing
1. Based on mutual authentication between terminal and Residential Gateway in conjunction
with a secured information and trusted points
•
Solution 1
– Delayed authentication may be forbidden by law
• at least in some European countries the ISP has explicitly inform the user about the
approach and the risks regarding the initial data exchange
•
Solution 2 and 3
– Use of topographic knowledge required (neighborhood relations)
• Knowledge about reachable APs, additional information for re-authentication, Protocol
extensions (801.X, EAP-xxx)
© 2006 H. Almus
TERENA Networking Conference 2006
16
OBAN proof of concept
•
Field trial (Telenor)
– continuously used to test solutions as soon as available,
•
Testbed at TU Berlin
– Used for additional functional testing
•
Field Trial in Paris (France Telecom)
– scheduled for the final phase of the project to test the integrated OBAN
environment
•
Portable Demonstrator
– Used for specific tests as well as for demonstration purposes at exhibitions
HA,
ISPIPC Gateway
ISPIPC
Monitor1
Terminal
Host
AP2
ISPRG
Monitor2 ISPRG Gateway
© 2006 H. Almus
AP1
RGW
1
Internet
Portable demonstrator:
Configuration example for "interprovider handover” testing
SSID:
hansen
TERENA Networking Conference 2006
RGW
2
SSID:
larsen
17
Extended Services
IP Zones, SIP-UA, …
• Different portals for Visiting Users (VU) und Home Users (HU)
– VU: location specific offers
Exact location of Residential Gateway is known!
• Local events, special offers, …
• Taxi stand next door, timetable of nearby located bus stops & undergrounds
• Navigation: distance to events, friends, ….
– HU: may offer specific services to VUs
• Garage sale today
• Print Service (if HU is at home)
• SIP-UA: OBAN aware application
– SIP based videoconferencing with automated adaptations
• Adopt codec used and image size in accordance with available QoS
– Information provided by OBAN QoS broker
© 2006 H. Almus
TERENA Networking Conference 2006
18
OBAN project partners
• The OBAN concepts, ideas
and solutions presented are
the results of the common
efforts of all OBAN partners
© 2006 H. Almus
TERENA Networking Conference 2006
19
Thank you! Questions?
More information is available
on the OBAN public web
pages:
www.ist-oban.org
© 2006 H. Almus
TERENA Networking Conference 2006
20