Transcript S22Kappler
Network Composition
between Ambient Networks
Cornelia Kappler, Siemens AG
ITG Fachgruppentreffen in Aachen, 4./5. Mai 2006
1
Outline
Motivation for Composition
Composition Examples
Composition Process
GANS Protocol
Identifiers in Composition
Detailed Use Case
Standardization
Summary
2
Motivation: Why Composition?
Number and heterogeneity of networks increases
Common interface for data communication (IP)
exists
But what about control signalling?
Networks have different capabilities/resources
How to extend the capabilities/resources of
networks?
Networks are moving
How to attach/detach moving networks?
Radio resources are not the bottleneck
But how to exploit them?
3
Motivation: What is Composition
A central concept of Ambient Networks is Composition
Composition is…
a uniform, dynamic procedure for network interworking on the control plane
Control Plane Interworking regarding
routing, addressing, mobility, QoS, security, charging,..
Uniform procedure
independent of network type and technology
Dynamic procedure
minimize human intervention
4
Composition Examples
Attaching the Access Network
to the Cellular Network
UMTS
WLAN
WLAN Access
Network in a Café
Creation of PAN 1
Cellular Operator
Network B
Cellular Operator
Network A
Automatic establishment or dynamic update of Roaming Agreements
5
Composition Examples
Types of Composition
Increasing control plane interworking
Network Integration
• Involved networks merge into one common network
• E.g. creation of a PAN
Control Delegation
• One AN delegates certain control functions to the other AN
• 3GPP-WLAN interworking:
WLAN delegates authentication, authorization and charging
to 3GPP network
• Mobility delegation a la nemo
Network Interworking
• Cooperation but no control delegation
• E.g. dynamic roaming agreements
6
Composition Procedure
FE: Functional Entity
Ambient
Service
Interface
Network A+B
Ambient Control Space
Ambient Control Space
FE1
Ambient
FE1
Network
Interface
FE2
Ambient
Connectivity
Composition
FE
FE5
Ambient Control Space
Ambient
QoS-FE
FE1
Ambient
FE5
Connectivity Connectivity
Mobility FE6
FE
FE 4
FE 3
Composition
FE
FE2
Ambient
Composition
Resource
Interface
FE
FE4
FE6
FE 4
FE 3
FE 4
FE 3
7
Ambient
Network
Interface
Composition Procedure
Media
sense
Media
Sense
Discovery
/
Discovery
/ Advertisement
ANI
AN 1
FE A1
AN
AN 22
FE A2
FE B1
FE B2
FE C1
GANS
FE C2
Security and Internetworking
Establishment
Composition Agreement
Composition
Negotiation
Communication of
Functional Entities (FEs)
across ANI
Composition Agreement
Realization
8
GANS Signaling
ANI
AN 1
AN 2
FE x
FE y
GANS
Protocol for communication of FEs across ANI (and intra-AN)
To facilitate composition
• E.g. QoS FEs negotiate SLA
Is backwards compatible with NSIS protocols
standardized by NSIS (Next Steps In Signaling) WG of IETF
NSIS is a general protocol suite control signaling
• Modular and extensible
• Signaling flow-related
• Signaling to entities on the flow path
GANS generalization
Signaling composition related rather than flow-related
control signaling between FEs rather than along data path
Symbolic addressing of FEs
9
GANS Signaling
Two layer approach:
Lower layer for transporting signaling messages and common functions
Upper layer for signaling applications
• Upper layer GSLPs (Application Layer)
Actual signaling application, e.g. SLA negotiation
• Lower layer GTLP (Transport Layer) provides common
message transport services
– Resolves abstract name (“FEy.AN1”) into host ID/locator
(e.g. IP address)
– Locates signaling peer, i.e. FE in other AN
Establishes security association between pairs of signaling FEs
Establishes signaling relation between pairs of signaling FEs
• maintained if a peer FE is relocated/reconfigured
QoS NSIS
Application
NAT/FW NSIS
Application
SLS Negotiation
GANS Application
Other GANS
Applications
Abstract Addressing Resolution
Lower NSIS / GANS Layer
NSIS GANS
10
Identifiers in Composition
Problem
How identify entities as belonging to a particular
AN
• E.g. nodes, FEs,…
How dynamically change this identification upon
composition?
Identification includes
• Authentication
• Establishing a security association
• …
11
Identifiers in Composition
Solution
Each security domain (e.g. ANs α and φ) is identified by a public key
• E.g. α, φ
• These identifier / public keys are exchanged in the Discovery/Advertisment phase
The associated private key is located with the security manager of the AN
• E.g. Nodes B, F
Each entity owns a self-generated private/public key pair
• E.g. A, A*
Each entity belonging to the same AN owns a certificate by the security manager, signed
with the private key
• This way entities belonging to this AN can authenticate themselves
12
Identifiers in Composition
– Rearrangement of identifiers upon composition
– Example: network integration, φ absorbs α
•
•
•
•
Security manager of AN α sends list of all entities belonging to α to security manager φ
• E.g. entities A, B, C
Security manager of AN φ issues membership certificates to A, B, C
Security manager of AN φ installs the membership certificates in each A, B, C
• with an assertion from manager of AN α
Security manager of AN α removes its own membership certificates
from A, B and C
13
Composition Use Case:
Extension of an Access Networks
Internet
RADIUS
WLAN
Cafe AN
DHCP
Operator
Network
RADIUS
As 3GPP-WLAN interworking
in 23.234, but plug&play
and more flexible
Café sets up WLAN network to offer Internet Access to its customers
has corresponding agreement with Operator Network
Case 1: Customer is authenticated and charged by Operator Network
Case 2: Customer is authenticated and charged by Café Network
Café and Operator have SLA guaranteeing access and bandwidth
14
Composition Use Case:
Extension of an Access Networks
Mapping onto Composition Process
Discovery
WLAN Access Router has preconfigured access information
• IP address of Operator gateway ->Ambient Network ID
WLAN sends discovery message to Operator gateway
Security and Internetworking Establishment
Authentication and Authorisation
Establishment of IPSec tunnel for control signaling
On basis of pre-established shared secret
Composition Agreement preconfigured. May detail control
delegation:
Who is responsible for allocating addresses?
Who is responsible for authentication and authorization?
Who is responsible for charging?
QoS (may still adjust this via SLA negotiation)
Composition Realization
15
Composition Use Case:
Extension of an Access Networks
New Functionality needed
Discovery
WLAN-internal logic decides to send discovery messages upon
detecting Internet connectivity
Protocol for such messages
Operator gateway-internal logic allows acting upon reception of
discovery messages
Dynamic automated agreement establishment between Café
Network and Operator Network
Preconfigured Agreements
Protocol for agreement establishment
Dynamic agreement realization
WLAN may have to activate DHCP Server, accounting…
16
Composition - Standardization
The Ambient Networks Project established a
Study Item “Network Composition” in 3GPP SA1
TR 22.980
„Network composition feasibility study; (Release 7)”
Content
Purpose and benefits of composition
Use cases
Requirement
Composition Process
New functionality in 3GPP networks
Relation to other functionality in evolving 3GPP architecture
• AIPN,…
17
Summary
Composition is a uniform, dynamic procedure for network
interworking in the control plane
Feasibility study in 3GPP
Composition process
Discovery/ Advertisment
Security and Internetworking establishment
Composition Agreement negotiation
Composition Agreement realization
GANS is the protocol for negotiating and realizing
Composition Agreements
Based on NSIS work
ANs and their members are identified by a cryptographic key
Certificates based on this key identify members
Certificates are updated upon composition
Composition is a Study Item in 3GPP SA1
18
Thank you!
Ambient Control Space
FE1
FE1
FE5
Ambient Control Space
FE5
FE1
QoS-FE
Ambient
FE5
Any Questions?
Ambient
Connectivity
FE2
Composition
FE
Connectivity
MobilityFE6
FE2
FE
FE 4
FE 3
FE2
Composition
FE
FE6
FE4
FE 4
FE 3
Decomposing
19
Backup
20
GANS Signaling – GTLP and DEEP
DEEP (Destination Endpoint Exploring Protocol)
Supporting distributed name resolution of abstract name into host ID/locator (e.g. IP
address)
Flexible regarding name resolution infrastructure (DNS, more dynamic
mechanisms,…)
Not tied to any particular name resolution mechanism/concept
FE x
GANS
GANS
FE y
GANS
GSLP
GSLP
name
resolution
name
resolution
GTLP
GTLP
AN 1
DEEP
name
resolution
AN 2
name
resolution
21
Composition Agreement - Overview
The agreement made between two ANs during the composition
is called the Composition Agreement
Can pre-establish and re-use Composition Agreements
• E.g. for reoccurring compositions
A Composition Agreement covers
Commercial and Technical issues
Details of composing AN‘s relationship
22
Composition Agreement Information Model
Composition Agreement
Identification
Legal Issues
Service
description
Financial Issues
QoS related part
Monitoring &
performance
reporting
Problem reporting
&
Troubleshooting
Other issues
23
Different Composition Agreements
Depending on compensation involved different forms of Composition
Agreements may be required
medium or large amount of compensation, e.g. 3GPP networks composition
• preestablished paper Composition Agreements giving legal framework, possible range of
cooperation
• During composition procedure determine specific parameters
low or no amount of compensation, e.g. small AN networks, or PANs composing
• electronic Composition Agreements
Electronic Composition Agreements may revolutionize network cooperation,
in a way credit cards have revolutionized the way we pay!
24