Transcript Sub4_1_2_mipv6_v3

Mobile IPv6
Outline

Introduction to MIPv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
Outline

Introduction to MIPv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
MIPv6 Vs MIPv4
˙它取消了原來在IPv4中Foreign Agent實體，而由
路由器取代.
˙IPv6定位址數量遠遠多於IPv4的定址數量
˙自動定址 (Auto-configure)，自動化設定位址及
預設閘道路由器，使用者方便取得IP .
˙封包傳送時利用IPv6 Destination Option同時傳
送 Mobile IPv6的 訊息，簡化了Mobile IPv6的
控制訊息
˙採用路由最佳化(Route Optimization)機制，解
決三角繞路的問 題
˙採用Anycast Address方式來搜尋Home Agent
Introduction to MIPv6
Mobile IPv6
Mobile IPv4
Foreign Agent
No
YES
Care-of Address
CCoA only
Foreign Agent or CCoA
Obtaining Care-of Address
IPv6 stateless and stateful mechanism
By Foreign Agent or DHCPv4
Route Optimization
Mandatory
Option
Packet tunnel during route
optimization
Forward packets with no tunneling
Require packet tunneling
between Mobile Node and
Correspondent Node
Home Agent involves route
optimization
No
YES
Mobile IP message format
IP Headers and ICMP Packets
ICMP and UDP packets
Mobile IP message
Reduced and allow piggybacked in header
Reg. Req, Bing Update, …
Smooth Handover
Mandatory
Option
Reverse tunneling
No ingress filtering problem
Solve ingress filtering
Mobile IPv6網路系統架構

取消FA：


MIPv6取消了原先FA存在的必要性，將其功能
融入IPv6路由器之中。
取消Foreign Agent CoA：

MIPv6取消了Foreign Agent CoA的設計，改為
使用IPv6裡定義，類似DHCP運作的stateful
Auto-configuration，以及藉由Neighbor
Discovery做IP重複位置確認 (Duplicate Address
Detection, DAD)的stateless Auto-configuration
產生CoA。
Mobile IPv6網路系統架構

路由最佳化：

MIPv6將路由最佳化列為必要項目，當MN位於
Foreign Network時將會同時傳送位址更新訊息
(BU)給HA以及CN，路由最佳化則是可以解決
所有封包皆須經由HA轉送的三角路由問題。
Mobile IPv6 Benefits




No Foreign Agent needed in MIPv6 Infrastructures do not
need an upgrade to accept Mobile IPv6 nodes
auto-configuration simplifies mobile node Care of Address
(CoA) assignment
option headers, neighbor discovery
Optimized routing – avoids triangular routing


Scales easier, but creates network management challenges
Mobile nodes work transparently even with other nodes
that do not support mobility

Albeit without route optimisation
Mobile IPv6 Terms













home address
home subnet prefix
home link
mobile node
Movement
L2 handover
L3 handover
correspondent node
foreign subnet prefix
foreign link
care-of address
home agent
binding
Outline

Introduction to ipv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
Basic Operation

A mobile node is always expected to be
addressable at its home address, whether it
is currently attached to its home link or is
away from home.
Mobility Header之前

在擁有Mobility Header之前(Draft第15版前)，
許多功能都是定義在Destination Options的
Options裡：
在第15版裡
Binding Update Option：
Option type=128
Binding Acknowledgment Option：
Option type=7
Mobility Header選項


IPv6封包增加了Mobility Header選項 。
封包格式
Mobility Header選項






Payload Proto:8-bit selector,和Next Heaer相同，用以指明下
一個Header。
Header Len:8-bit unsigned integer,除了前8個byte外的
Mobility Header長度。
MH Type:8-bit selector,用來識別各種特殊的Mobility訊息，
用來決定Message Data的型態。
Reserved:8bit,留做將來用。
Checksum:16bit unsigned integer,用“pseudo-header”的方式
。
Message Data:它的內容由MＨ Type來決定。
Binding Update Message
MH Type=5
Message Data:
A:Acknowledge
H:Home Registration
L:Link-Local Address Compatibility
K:Key Management Mobility Capability
Binding Acknowledgement Message
MH Type=6
Message Data:
K:Key Management Mobility Capability
Mobility Options



Option Type:8bit,Option的類型,同時也決定了Option
Data的格式。
Option Length:8-bit unsigned integer,除了Option Type和
Option Length外的Mobility Options長度。
Option Data:它的格式會隨著Option Type來定。
Binding Updates to Correspondent
Nodes

Registration
Authorizing Binding Management
Messages
Outline

Introduction to ipv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
IPv6 Host Address AutoConfiguration

Auto-configuration 目的


合法IP的取得
Router位置的取得（在沒有Router的情況下也
要能夠自動發現無Router存在）
IPv6 Host Address AutoConfiguration

Auto-configuration 運作原理


IPv6已內建提供stateless auto-configuration之
能力(RFC-2461)，這主要是利用Neighbor
Discovery（以下簡稱ND）來達成的。
ND的主要目標：




辨認在同一link之其他主機的link-layer位置
尋找位於同一link上之router
追蹤同一link上所有主機的狀態（是否仍在線上）
收集用來進行auto-configuration之資訊。
Outline

Introduction to ipv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
DAD (Duplicate Address Detection)

DAD的原理


跟目前在IPv4上利用ARP來檢查重覆IP的方式類
似
只是DAD發出的是Neighbor solicitation而不
是ARP request。
DAD (Duplicate Address Detection)
DAD的觸發



當MN檢測出已發生移動，使用IPv6機制產生新的轉交
位址.
取得路由器Pre-fix加上MAC產生Global Address.
• 為防止位址衝突執行DAD檢測驗證合法性。考慮有
多個移動點同時移動點進入相同網域同時進行DAD
檢測,每個移動點應該隨機延遲一段時間
(0~1000ms)[2]再傳送檢測要求等待聆聽1000ms有
無節點回應.因此DAD檢測在換手過程佔最長時間.
Outline

Introduction to ipv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
MIPv6 Operation -Handover

Network initiated Handover


The network determines the Handover
Mobile initiated Handover

The MN determines the Handover
Mobile IPv6運作流程
1.
2.
3.
4.
5.
6.
7.
當MN從Router A移動到Router B之下，會收到新網域中Router
B所發出來的RA，因為此RA中所帶的Network Prefix與原來不
相同，所以MN會察覺到已經到了新網域，而自動設定其COA
。
COA可以說是MN目前所在的資訊，在取得COA後，MN會送出
Binding Update封包給HA，在Binding Update中會帶有CoA
Option。
當HA收到BU時會更新其Binding Cache Entry並且會回覆給MN
一個Binding Ack。
而此時當CN要傳送封包給MN時，會透過HA，利用Tunnel轉
送封包給MN。
當MN收到由HA轉送來的封包後，MN知道尚有CN尚未更新其
Binding Cache Entry，此時MN將對CN發送出Binding Update。
而CN將更新其Binding Cache Entry，並回覆Binding ACK給MN
。
在此之後，CN和MN將不需再透過HA，可以直接溝通。
Mobile IPv6 : Concepts [3]
IP Header
PayLoad
CN
S：MN’s Home Address
D：CN’s IP
Home Network
Internet
HA
Foreign Network
IP Header
PayLoad
S：CN’s IP
D：MN’s Home Address
Mobile Node
Mobile IPv6 : Concepts
S： MN’s CoA
D： Home Agent’s address
Home Network
CN
IP Header
Mobilty Header
PayLoad
Internet
Binding Update
MH=5
HA
Binding Ack
IP Header
S： Home Agent’s address
Mobilty Header
Foreign Network
PayLoad
MH=6
D：MN’s CoA
Mobile Node
Mobile IPv6 : Concepts
IP Header
PayLoad
CN
S：CN’s IP
D：MN’s Home Address
Home Network
Internet
HA
Tunneled packets
New IP Header Old IP Header
Foreign Network
PayLoad
Ｓ：:Home Agent’s address
Ｓ：:CN’s IP
D：MN’s COA
D：MN’s Home Address
Mobile Node
Mobile IPv6 : Concepts
S： MN’s CoA
D： CN’s IP
CN
Home Network
IP Header
Internet
HA
Mobilty Header
PayLoad
MH=5
Binding Ack
IP Header
S： CN’s IP
Mobilty Header
PayLoad
MH=6
D： MN’s CoA
Mobile Node
Binding Update
Mobile IPv6 : Concepts
CN
Home Network
Internet
HA
IP Header
Routing Header
(includes MN’s
Home Address)
S：CN’s IP
D：MN’s COA
IP Header
S：MN’s COA
HA DestOpt
PayLoad
(includes MN’s
Home Address)
D：CN’s IP
Mobile Node
PayLoad
Mobile IPv6 Latency
□ MIPv6換手延遲時間
˙ Layer 2延遲
MH移動到新網域必須依照802.11協定跟AP作連結,
這段時間依照各家廠牌有不同延遲時間.以D-Link為
例在50~70ms.
˙ 移動偵測延遲
MH進入到Overlay Area收到新路由器廣播而且發
現離開原有網路稱為移動偵測.這段時間決定在路由
器廣播時間間隔,MH沒收到原路由器連續兩次廣播得
知已離開原網域.RFC 規定路由器廣播間隔3s,支援
Mobile IP建議300ms
Mobile IPv6 Latency
DAD位址偵測延遲


IPV6環境使用DAD(Duplicate Address Detection)來偵測
網域其它節點是否有使用相同位址.MN使用Neighbor
Discovery 送出欲偵測IP

等待聆聽1000ms如果沒有節點回應此訊息表示IP沒有重覆,MN
便會將該IP指定給網卡介面.DAD偵測平均花費1787ms[1].
註冊延遲


MN對Home Agent和CH註冊更新.MH送出Binding Update更新
Home agent和CH Binding cache.此時MN在新網域才能接收
到CN封包
Mobile IPv6 Latency
□ MIPv6 Handoff Time
D= Dl2 + D movement detection + Ddad +Dreg
Outline

Introduction to ipv6
Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration

DAD (Duplicate Address Detection)






MIPv6 Operation –Handover
Return Routability
Conclusions
References
路由返回程序 (Return Routability)


RR是在MN發BU之前作的
為了防止有人假冒行動節點發送連結更新
給對應節點，所以在這邊做簡單但是有效
的的確認程序
Return Routability:Step1 [3]
MN requests tokens by sending:
•Home Test Init(HoTI) Message
•Care-of Test Init(CoTI) Message
CN
Home Network
Internet
IP
Header
PayLoad
MH=1
HA
IP
Header
Mobilty
Header
Parameters:
Mobilty
Header
PayLoad
+home init cookie
MH=2
Parameters:
Care-of Test Init
+Care-of Init Cookie
Home Test
Init
Mobile
Node
Return Routability:Step1

MN會發送本地測試初始(Home Test Init，
HoTI)訊息和轉交測試初始(Coa-of Test Init
，CoTI)訊息到對應節點


兩個封包都有夾帶著cookie 資料。
讓兩個封包走不同的路徑

是為了不讓有惡意的攻擊者同時攔截到兩個封
包。
Return Routability:Step2
CN sends tokens to MN by sending:
•Home Test (HoT) Message
•Care-of Test (CoT) Message
CN
IP
Header
Home Network
Mobilty
Header
PayLoad
MH=4
Internet
Parameters:
HA
+Care-of Init Cookie
+Care-of Keygen Token
+Care-of Nonce Index
IP
Header
Mobilty
Header
MH=3
PayLoad
Home Test
Care-of
Test
Parameters:
+Home Init Cookie
+Home Keygen Token
+Home Nonce Index
Mobile
Node
Return Routability:Step3

當成功產生連結管理金鑰(Kbm)後，返回路
由能力流程即完成。


而其後行動節點所發送的連結更新訊息都要夾
帶一個連結驗證資料給對應節點驗證，驗證資
料的計算方式如下：
如此對應節點就可藉由驗證此資料是否正
確，用來避免收到偽造的行動節點發送出
假的連結更新訊息。
Return Routability:Step3
•MN and CN generate the shared key from the tokens
•MN signs a BU message with the key, CN verifies
the BU message with the key
Home Network
Internet
CN
IP
Header
Mobilty
Header
HA
Shared Key(Kbm) =
SHA1(home keygen token | care-of keygen token)
PayLoad
MH=5
Binding Update protected
by the shared key
Mobile
Node
Return Routability--Home
Test Init(HoTI)
MH Type=1
Message Data:
Return Routability-Care-of
Test Init(CoTI)
MH Type=2
Message Data:
Return Routability-Home
Test(HoT)
MH Type=3
Message Data:
home keygen token :=
First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))
Return Routability-Care-of Test(CoT)
MH Type=4
Message Data:
care-of keygen token :=
First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))
Return Routability Procedure
CN
HoT
Im ; Init messgae
Tm ; Test
message
HoTI
Tbu ; Binding Update
HA
CoTI
Binding Update
CoT
MN
Return Routability Procedure
(cont’d)
Mobile node
Home agent
Correspondent nod
Home Test Init(HoTI)
Care-of Test Init(CoTI)
Home Test(HoT)
Care-of Test(CoT)
Home Test Init&Care-of
Test Init
Home Test
Init
Care-of
Test Init
*Source Address =
home address
* Destination
Address =
correspondent
* Parameters:
+ home init
*Source Address =
care-of address
* Destination Address
= correspondent
* Parameters:
+ careof init cookie
Home Test & Care-of
Test
Home Test
Care-of Test
* Source Address =
* Source Address =
correspondent
correspondent
* Destination
* Destination
Address = home
Address = care-of
address
address
* Parameters:
* Parameters:
+ home init cookie
+ care-of init
+ home keygen token
cookie
home
keygen
token
:=
+ home
nonce
index
+ care-of keygen
First (64, HMAC_SHA1 (Kcn, token
(home address | nonce
care-of nonce
care-of keygen token+ :=
First (64, HMAC_SHA1index
(Kcn, (care-of addres
Conclusion

我們可以發現在MIPv6下的特色



架構的改變
路由最佳化
也可針對MIPv6的作其他研究



快速換手的機制
移動偵測的演算法
換手策略最佳化
Questions






以下何者不是MIPv6的特色
1. routing optimization
2. option headers, neighbor discovery
3. new message type
4. cancel the home agent
5. cancel the foreign agent
Questions

Which message is not the New Internet
Control Message





New IPv6 ICMP Messages
Home Agent Address Discovery Request
Home Agent Address Discovery Reply
Mobile Prefix Solicitation
All of the above
Reference




Introduction to MIPv6
www.item.ntnu.no/fag/tm8100/Pensumstoff2004/mipv6bra.ppt
C. Perkins, “Mobility for IPv6,” Internet Draft, June 2002.
K. El-Malki, P. Calhoun, T. Hiller, J. Kempf, P.J. McCann, A.
Singh, H. Soliman, S. Thalanany, "Low latency Handoffs in
Mobile IPv4", Internet Engineering Task Force draft-ietfmobileip-lowlatency-Handoffs-v4-01.txt, May 2001.
G. Tsirtsis, A. Yegin, C. Perkins, G. Dommety, K. El-Malki, M.
Khalil, "Fast Handovers for Mobile IPv6", Internet
Engineering Task Force draft-ietf-mobileip-fast-mipv600.txt, February 2001.
Reference


[1] 高志名,預先註冊之快速換手階層化行動式IPV6研究,
國立中央大學,民國九十四年七月
[2] S.Thomson,T.Narten,and T.Jinmei,”IPV6 Stateless Auto
address configuration”, RFC 2462,December 1998

[3]趙涵捷,“IPv6 Tutorial: Mobility “