Transcript S22Kappler

Network Composition
between Ambient Networks
Cornelia Kappler, Siemens AG
ITG Fachgruppentreffen in Aachen, 4./5. Mai 2006
1
Outline
Motivation for Composition
Composition Examples
Composition Process
GANS Protocol
Identifiers in Composition
Detailed Use Case
Standardization
Summary
2
Motivation: Why Composition?
 Number and heterogeneity of networks increases
 Common interface for data communication (IP)
exists
 But what about control signalling?
 Networks have different capabilities/resources
 How to extend the capabilities/resources of
networks?
 Networks are moving
 How to attach/detach moving networks?
 Radio resources are not the bottleneck
 But how to exploit them?
3
Motivation: What is Composition
 A central concept of Ambient Networks is Composition
 Composition is…
 a uniform, dynamic procedure for network interworking on the control plane
 Control Plane Interworking regarding
 routing, addressing, mobility, QoS, security, charging,..
 Uniform procedure
 independent of network type and technology
 Dynamic procedure
 minimize human intervention
4
Composition Examples
Attaching the Access Network
to the Cellular Network
UMTS
WLAN
WLAN Access
Network in a Café
Creation of PAN 1
Cellular Operator
Network B
Cellular Operator
Network A
Automatic establishment or dynamic update of Roaming Agreements
5
Composition Examples
 Types of Composition
Increasing control plane interworking
 Network Integration
• Involved networks merge into one common network
• E.g. creation of a PAN
 Control Delegation
• One AN delegates certain control functions to the other AN
• 3GPP-WLAN interworking:
WLAN delegates authentication, authorization and charging
to 3GPP network
• Mobility delegation a la nemo
 Network Interworking
• Cooperation but no control delegation
• E.g. dynamic roaming agreements
6
Composition Procedure
FE: Functional Entity
Ambient
Service
Interface
Network A+B
Ambient Control Space
Ambient Control Space
FE1
Ambient
FE1
Network
Interface
FE2
Ambient
Connectivity
Composition
FE
FE5
Ambient Control Space
Ambient
QoS-FE
FE1
Ambient
FE5
Connectivity Connectivity
Mobility FE6
FE
FE 4
FE 3
Composition
FE
FE2
Ambient
Composition
Resource
Interface
FE
FE4
FE6
FE 4
FE 3
FE 4
FE 3
7
Ambient
Network
Interface
Composition Procedure
Media
sense
Media
Sense
Discovery
/
Discovery
/ Advertisement
ANI
AN 1
FE A1
AN
AN 22
FE A2
FE B1
FE B2
FE C1
GANS
FE C2
Security and Internetworking
Establishment
Composition Agreement
Composition
Negotiation
Communication of
Functional Entities (FEs)
across ANI
Composition Agreement
Realization
8
GANS Signaling
ANI
AN 1
AN 2
FE x
FE y
GANS
 Protocol for communication of FEs across ANI (and intra-AN)
 To facilitate composition
• E.g. QoS FEs negotiate SLA
 Is backwards compatible with NSIS protocols
 standardized by NSIS (Next Steps In Signaling) WG of IETF
 NSIS is a general protocol suite control signaling
• Modular and extensible
• Signaling flow-related
• Signaling to entities on the flow path
 GANS generalization
 Signaling composition related rather than flow-related
 control signaling between FEs rather than along data path
 Symbolic addressing of FEs
9
GANS Signaling
 Two layer approach:
 Lower layer for transporting signaling messages and common functions
 Upper layer for signaling applications
• Upper layer GSLPs (Application Layer)
 Actual signaling application, e.g. SLA negotiation
• Lower layer GTLP (Transport Layer) provides common
message transport services
– Resolves abstract name (“FEy.AN1”) into host ID/locator
(e.g. IP address)
– Locates signaling peer, i.e. FE in other AN
 Establishes security association between pairs of signaling FEs
 Establishes signaling relation between pairs of signaling FEs
• maintained if a peer FE is relocated/reconfigured
QoS NSIS
Application
NAT/FW NSIS
Application
SLS Negotiation
GANS Application
Other GANS
Applications
Abstract Addressing Resolution
Lower NSIS / GANS Layer
NSIS GANS
10
Identifiers in Composition
Problem
 How identify entities as belonging to a particular
AN
• E.g. nodes, FEs,…
 How dynamically change this identification upon
composition?
 Identification includes
• Authentication
• Establishing a security association
• …
11
Identifiers in Composition
 Solution
 Each security domain (e.g. ANs α and φ) is identified by a public key
• E.g. α, φ
• These identifier / public keys are exchanged in the Discovery/Advertisment phase
 The associated private key is located with the security manager of the AN
• E.g. Nodes B, F
 Each entity owns a self-generated private/public key pair
• E.g. A, A*
 Each entity belonging to the same AN owns a certificate by the security manager, signed
with the private key
• This way entities belonging to this AN can authenticate themselves
12
Identifiers in Composition
– Rearrangement of identifiers upon composition
– Example: network integration, φ absorbs α
•
•
•
•
Security manager of AN α sends list of all entities belonging to α to security manager φ
• E.g. entities A, B, C
Security manager of AN φ issues membership certificates to A, B, C
Security manager of AN φ installs the membership certificates in each A, B, C
• with an assertion from manager of AN α
Security manager of AN α removes its own membership certificates
from A, B and C
13
Composition Use Case:
Extension of an Access Networks
Internet
RADIUS
WLAN
Cafe AN
DHCP
Operator
Network
RADIUS
As 3GPP-WLAN interworking
in 23.234, but plug&play
and more flexible
 Café sets up WLAN network to offer Internet Access to its customers
 has corresponding agreement with Operator Network
 Case 1: Customer is authenticated and charged by Operator Network
 Case 2: Customer is authenticated and charged by Café Network
 Café and Operator have SLA guaranteeing access and bandwidth
14
Composition Use Case:
Extension of an Access Networks
Mapping onto Composition Process
 Discovery
 WLAN Access Router has preconfigured access information
• IP address of Operator gateway ->Ambient Network ID
 WLAN sends discovery message to Operator gateway
 Security and Internetworking Establishment
 Authentication and Authorisation
 Establishment of IPSec tunnel for control signaling
 On basis of pre-established shared secret
 Composition Agreement preconfigured. May detail control
delegation:




Who is responsible for allocating addresses?
Who is responsible for authentication and authorization?
Who is responsible for charging?
QoS (may still adjust this via SLA negotiation)
 Composition Realization
15
Composition Use Case:
Extension of an Access Networks
New Functionality needed
 Discovery
 WLAN-internal logic decides to send discovery messages upon
detecting Internet connectivity
 Protocol for such messages
 Operator gateway-internal logic allows acting upon reception of
discovery messages
 Dynamic automated agreement establishment between Café
Network and Operator Network
 Preconfigured Agreements
 Protocol for agreement establishment
 Dynamic agreement realization
 WLAN may have to activate DHCP Server, accounting…
16
Composition - Standardization
 The Ambient Networks Project established a
Study Item “Network Composition” in 3GPP SA1
 TR 22.980
„Network composition feasibility study; (Release 7)”
 Content






Purpose and benefits of composition
Use cases
Requirement
Composition Process
New functionality in 3GPP networks
Relation to other functionality in evolving 3GPP architecture
• AIPN,…
17
Summary
 Composition is a uniform, dynamic procedure for network
interworking in the control plane
 Feasibility study in 3GPP
 Composition process




Discovery/ Advertisment
Security and Internetworking establishment
Composition Agreement negotiation
Composition Agreement realization
 GANS is the protocol for negotiating and realizing
Composition Agreements
 Based on NSIS work
 ANs and their members are identified by a cryptographic key
 Certificates based on this key identify members
 Certificates are updated upon composition
 Composition is a Study Item in 3GPP SA1
18
Thank you!
Ambient Control Space
FE1
FE1
FE5
Ambient Control Space
FE5
FE1
QoS-FE
Ambient
FE5
Any Questions?
Ambient
Connectivity
FE2
Composition
FE
Connectivity
MobilityFE6
FE2
FE
FE 4
FE 3
FE2
Composition
FE
FE6
FE4
FE 4
FE 3
Decomposing
19
Backup
20
GANS Signaling – GTLP and DEEP

DEEP (Destination Endpoint Exploring Protocol)


Supporting distributed name resolution of abstract name into host ID/locator (e.g. IP
address)
Flexible regarding name resolution infrastructure (DNS, more dynamic
mechanisms,…)

Not tied to any particular name resolution mechanism/concept
FE x
GANS
GANS
FE y
GANS
GSLP
GSLP
name
resolution
name
resolution
GTLP
GTLP
AN 1
DEEP
name
resolution
AN 2
name
resolution
21
Composition Agreement - Overview
 The agreement made between two ANs during the composition
is called the Composition Agreement
 Can pre-establish and re-use Composition Agreements
• E.g. for reoccurring compositions
 A Composition Agreement covers
Commercial and Technical issues
 Details of composing AN‘s relationship
22
Composition Agreement Information Model
Composition Agreement
Identification
Legal Issues
Service
description
Financial Issues
QoS related part
Monitoring &
performance
reporting
Problem reporting
&
Troubleshooting
Other issues
23
Different Composition Agreements
 Depending on compensation involved different forms of Composition
Agreements may be required
 medium or large amount of compensation, e.g. 3GPP networks composition
• preestablished paper Composition Agreements giving legal framework, possible range of
cooperation
• During composition procedure determine specific parameters
 low or no amount of compensation, e.g. small AN networks, or PANs composing
• electronic Composition Agreements
 Electronic Composition Agreements may revolutionize network cooperation,
in a way credit cards have revolutionized the way we pay!
24