Transcript mobopts-4
Media-Independent Preauthentication (MPA) Framework draft-ohba-mobopts-mpa-framework-04.txt Ashutosh Dutta Victor Fajardo Yoshihiro Ohba Kenichi Taniuchi Henning Schulzrinne (See also draft-ohba-mobopts-mpa-implementation-03.txt for performance results) Media-independent PreAuthentication (MPA) • MPA is a mobile-assisted higher-layer authentication, authorization and handover scheme that is performed before establishing L2 connectivity to a network where mobile may move in near future • MPA provides a secure and seamless mobility optimization that works for Inter-subnet handoff, Inter-domain handoff and Inter-technology handoff • MPA works with any mobility management protocol AP Discovery Conventional Method AP Switching Client IP address Authentic configuration ation & IP handover Time Pre-authentication MPA Time Packet Loss Period MPA Phases 1. Pre-authentication: EAP pre-authentication to CTN (Candidate Target Network) 2. Pre-configuration: Proactive IP address acquisition from CTN 3. Pre-switching: L3 HO execution over MN-nAR tunnel 4. Switching: L2 handover 5. Post-switching: Tunnel deletion Not all MPA phases have to be executed and can be replaced with other mechanisms MPA Operation can stop at phase 1 (pre-auth only) or at phase 2 (pre-auth + pre-authorization), Proactive Handover Tunnel in pre-switching phase Home Network HA CN BU AR Serving Network MN Target Network Tunneled Data Investigated Issues • Operational Issues: – – – – – – – • Pre-Authorization techniques: – – – • Pre-authentication to multiple Candidate Target Networks Tunnel management Ping-pong considerations Authentication state management Packet loss prevention techniques: Buffering, reachability test Authentication in initial network attachment Link-layer security and mobility (see mpa-implementation draft for results) Proactive IP address acquisition (IKEv2,DHCP,stateless autoconf, etc.) Proactive DAD / Address resolution issues Pre-allocation of QoS resources (for both end-to-end and edge network) Co-existence with other mobility management protocols – MIPv4 FA-CoA, ProxyMIPv6, FMIPv6 • • • In some case, proactive handover tunnel is terminated at serving AR instead of MN For ProxyMIPv6 + MPA, see draft-taniuchi-netlmm-mpa-proxymipv6-00.txt Multicast mobility Applicability Statement Added • MPA is categorized as a proactive handover optimization mechanism. In other words, MPA is more applicable where an accurate prediction of movement can be easily made • Even if accurate prediction of movement is easily made, effectiveness of MPA may be relatively reduced if the network employs network-controlled localized mobility management in which the MN does not need to change its IP address while moving within the network. • Effectiveness of MPA may also be relatively reduced if signaling for network access authentication is already optimized for movements within the network, e.g., when simultaneous use of multiple interfaces during handover is allowed • In other words, MPA is most viable solution for inter-administrative domain predictive handover without simultaneous use of multiple interfaces An administrative domain (or a domain hereafter) is a logical network that is administered by a single authority using its own authentication and authorization mechanisms Focus on inter-domain handover optimization • Problem Statement: Inter-domain handover optimization cannot be solved solely by existing mobility management protocols – Requires SA between mobility agents across domains – Different domains may use different M-M protocols (e.g., CMIPPMIP handover optimization) • MPA’s ability to work across multiple-domains can enhance performance of inter-domain handover – MPA as a helper for existing M-M protocols for inter-domain handover • More focus on pre-authorization and proactive handover tunneling part of MPA for inter-domain handover optimization – Pre-authentication signaling is being discussed in IETF / IEEE • Possible Research topics: Co-existence with FMIPv6, PMIP and 802.21 for inter-domain handover optimization Summary • The draft has been presented 4 times since IETF62 – Feedback from the members has been reflected – Experimental results have been shown in the past (MPA with MIPv6, MPA with bootstrapping L2sec, etc.) • Possible direction: focus on pre-authorization and proactive handover tunneling part of MPA for inter-domain handover – Possible Research topics: Co-existence with FMIPv6, PMIP and 802.21 for inter-domain handover optimization • We are willing to commit to work on this topic and provide more experimental results Thank You!