Mobility Support in IPv6 (MIPv6)

1
Mobility Support in IPv6(MIPv6)

• Chun-Chuan Yang
• Dept. Computer Science Info. Eng.
• National Chi Nan University
• Jan. 29, 2008

2
Outline

• Introduction to Mobile Networking
• Background MIPv4
• MIPv6 Features
• MIPv6 Basic Operations
• MIPv6 Security
• MIPv6 vs. MIPv4

3
Mobile Networking

• Wireless devices offering IP connectivity
• PDA, handhelds, digital cellular phones, etc.
• Mobile networking
• Computing activities are not disrupted when the
  user changes the computers point of attachment
  to the Internet
• All the needed reconnection occurs automatically
  and non-interactively
• Technical obstacles
• Internet Protocol (IP) routing scheme
• Security concerns

4
Nomadicity (1)

• How mobility affects the protocol stack

5
Nomadicity (2)

• Layer 2 (data link layer)
• Collision detection ? collision avoidance
• Dynamic range of the signals is very large, so
  that a transmitting station cannot effectively
  distinguish incoming weak signals from noise and
  the effects of its own transmissions
• Cell size (frequency reuse)
• Layer 3 (network layer)
• Changing the routing of datagrams destined for
  the mobile nodes

6
Nomadicity (3)

• Layer 4 (transport layer)
• Congestion control is based on packet loss
• However, packet loss ? congestion?
• Other reasons for packet loss
• Noisy wireless channel, During handoff process
• Top layer (application layer)
• Automatic configuration
• Service discovery
• Link awareness ? adaptability
• Environment awareness

7
Mobile IPv4 (1)

• Basic idea
• New IP address associated with the new point of
  attachment is required
• Two IP addresses for mobile node
• Home address static
• Care-of address topologically significant
  address
• Home network, home agent
• Foreign network, foreign agent

8
Mobile IPv4 (2)

• Three Mobile IP mechanisms
• 1. Discovering the care-of address
• 2. Registering the care-of address
• 3. Tunneling to the care-of address

9
Mobile IPv4 (3)

• 1. Discovery
• Extension of ICMP Router Advertisement
• Home agents and foreign agents broadcast agent
  advertisements at regular intervals
• Agent advertisement
• Allows for the detection of mobility agents
• Lists one or more available care-of addresses
• Informs the mobile node about special features
• Mobile node selects its care-of address
• Mobile node checks whether the agent is a home
  agent or foreign agent
• Mobile node issues an ICMP router solicitation
  message

10
Mobile IPv4 (4)

• 2. Registration
• Once a mobile node has a care-of address, its
  home agent must find out about it

11
Mobile IPv4 (5)

• 3. Tunneling

Tunneling
12
Mobile IPv4 (6)
Registration request Message
Registration reply Message
13
Mobile IPv4 Route Optimization
14
Mobile IPv6 Features (1)

• IPv6 Mobility is based on core features of IPv6
• The base IPv6 was designed to support Mobility
• Mobility is not an Add-on features
• All IPv6 Networks are IPv6-Mobile Ready
• All IPv6 nodes are IPv6-Mobile Ready
• All IPv6 LANs/Subnets are IPv6 Mobile Ready
• IPv6 Neighbor Discovery and Address
  Autoconfiguration allow hosts to operate in any
  location without any special support

15
Mobile IPv6 Features (2)

• No Foreign Agent
• In a Mobile IP, an MN registers to a foreign node
  and borrows its address to build an IP tunnel so
  that the HA can deliver the packets to the MN.
  But in Mobile IPv6, the MN can get a new IPv6
  address, which can be only used by the MN and
  thus the FA no longer exists
• IPv6 Address auto-configuration MN can obtain a
  CoA in foreign network without any help of
  foreign agent
• More Scalable Better Performance
• Less traffic through Home Link
• Less redirection/re-routing (Traffic Optimization)

16
Mobile IPv6 Features (3)

• Bi-directional tunneling mode
• Does not require for the CN to support Mobile
  IPv6
• Use of Reverse tunneling
• Route Optimization (RO) mode
• Requires to register the MNs current binding at
  the CN
• Uses a new type of IPv6 routing header
• Type-2 routing header home address (Dest Addr
  MNs CoA)
• Shortest communications path
• Eliminates congestion at the MNs HA and home
  link
• Impact of any possible failure of the HA or
  networks on the path to or from it is reduced

17
Mobile IPv6 Features (4)

• Dynamic Home Agent Address Discovery
• Allows a MN to dynamically discover the IP
  address of a home agent on its home link
• ICMP Home Agent Address Discovery Request Message
• Destination address Home Agent anycast address
  for its own home subnet prefix
• Reply message
• HA list (with preferences) in the home link
• Each HA maintains the home agent lists

18
New IPv6 Protocol (1)

• Mobility Header
• Home Test Init, Home Test, Care-of Test Init,
  Care-of Test
• Perform the return routability procedure from MN
  to CN for ensuring authorization of subsequent
  Binding Updates
• Binding Update
• Binding Acknowledgement
• Binding Refresh Request
• Binding Error

19
New IPv6 Protocol (2)

• New IPv6 Destination Option
• Home Address destination option
• Type-2 Routing header route optimization
• New ICMPv6 Messages
• Home Agent Address Discovery Request
• Home Agent Address Discovery Reply
• Mobile Prefix Solicitation
• Mobile Prefix Advertisement

20
Mobility Header
Payload Proto Same as IPv6 Next Header MH Type
Identifies the particular mobility
message Message Data the data specific to the
indicated MH type
21
Binding Update Message

• MH Type5
• Message Data

A Acknowledge H Home Registration L
Link-Local Address Compatibility K Key
Management Mobility Capability
22
Binding Acknowledgement Message

• MH Type6
• Message Data

KKey Management Mobility Capability
23
MIPv6 Basic Operation (1)
CN
S MNs Home Address D CNs IP Address
Home Network
Internet
HA
Foreign Network
S CNs IP Address D MNs Home Address
Mobile Node
24
MIPv6 Basic Operation (2)
CN
Home Network
Internet
HA
Foreign Network
25
MIPv6 Basic Operation (3)
S CNs IP Address D MNs Home Address
CN
Internet
Home Network
HA
Tunneled packets
S HAs Address D MNs COA
Mobile Node
26
MIPv6 Basic Operation (4)
CN
Home Network
Internet
HA
Mobile Node
27
MIPv6 Basic Operation (5)
CN
Home Network
Internet
HA
Mobile Node
28
Movement

• Movement Detection Detect L3 handovers
• Neighbor Unreachability Detection (NUD)
• Default router is no longer bi-directionally
  reachable
• Router Discovery select a new default router
• Prefix Discovery form new care-of address
• Home registration
• Correspondent registration

29
Home Registration (1)

• Set H-bit A-bit in the Binding Updates sent to
  the HA
• MNs home address in Home Address destination
  option
• Source address Care-of address
• Set L-bit if the MNs link-local address (for the
  new care-of-address) has the same interface ID as
  the home address
• Set K-bit if the IPsec SAs between the MN and the
  HA have been established dynamically, and the
  mobile node has the capability to update its
  endpoint in the used key management protocol to
  the new care-of address every time it moves

30
Home Registration (2)

• Sequence
• Used by the receiving node to sequence BUs and by
  the sending node to match a returned BACK with
  this BU
• Lifetime
• The number of time units remaining before the
  binding must be considered expired
• One time unit is 4 seconds

31
Correspondent Registration (1)

• Allowing the CN to cache the MNs current care-of
  address
• Return Routability procedure registration
• After home registration, the MN should initiate a
  correspondent registration for each node that
  already appears in the MNs Binding Update List
• The initiated procedures can be used to either
  update or delete binding information in the CN
• In addition, MN initiate the registration in
  response to receiving a packet tunneled using
  IPv6 encapsulation

32
Correspondent Registration (2)

• A Binding Update is created as follows
• 1. Source address of the IPv6 header the
  current care-of address
• 2. Destination address the address of the CN
• 3. Mobility header with MH type 5, including
  the Binding Authorization Data and the Nonce
  Indices mobility options
• 4. Home Address destination option MNs home
  address

33
Conceptual Data Structures

• CN Binding Cache
• When sending a packet, the Binding Cache is
  searched before the Neighbor Discovery conceptual
  Destination Cache
• HA Binding Cache and Home Agents List
• The Home Agents List is used by the dynamic home
  agent address discovery mechanism
• MN Binding Update List
• It records information for each BU sent by this
  MN, in which the lifetime of the binding has not
  yet expired
• The Binding Update List includes all bindings
  sent by the MN either to its HA or CNs

34
MIPv6 Security

• Binding Updates to HA
• IPsec and ESP between MN and HA
• Key Distribution (IKE, Internet Key Exchange)
• Binding Updates to CN
• Return Routability Procedure to assure that the
  right MN is sending the message
• Binding management key (Kbm) for integrity and
  authenticity of the BU messages

35
IPsec Security Association

• An SA is a cryptographically protected connection
• There MUST be a SA between the MN and HA
• Provides integrity and autentication of BU and
  BACK
• An SA is defined by ltSPI, destination adress,
  flaggt
• One SA per home-address

IPsec Authentication Header (authentication only
service)
36
Encapsulating Security Payload

• ESP authentication encryption

37
IPsec AH vs. ESP
38
Binding Updates to CN

• Return Routability Procedure
• It enables CN to obtain some reasonable assurance
  that MN is in fact addressable at its claimed
  care-of address as well as at its home address
• Done by testing whether packets addressed to the
  two claimed addresses are routed to MN
• MN can pass the test only if it is able to supply
  proof that it received certain data (the keygen
  tokens) which CN sends to those addresses. These
  data are combined by MN into Kbm

39
Return Routability Procedure
40
RR Procedure Terminology (1)

• Node Key a secret key (20 octets), Kcn, at CN
• Nonce CN also generates nonces at regular
  intervals
• Cookie Random number used by MN
• To prevent spoofing by a bogus CN in the RR
  procedure
• Home init cookie
• A cookie sent to the CN in the Home Test Init
  message, to be returned in the Home Test message
• Care-of init cookie
• A cookie sent to the CN in the Care-of Test Init
  message, to be returned in the Care-of Test
  message

41
RR Procedure Terminology (2)

• Keygen Token
• Number supplied by CN to enable MN to compute the
  necessary binding management key for authorizing
  a BU
• Care-of keygen token Care-of Test message
• Home keygen token Home Test message
• Cryptographic Functions
• SHA Secure Hash Standard
• HMAC_SHA1 Keyed-Hashing for Message
  Authentication
• MAC Message Authentication Codes

42
Return Routability Test step 1
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 lthome
init cookiegt
ltCorrespondent Addressgt
Cookies
lthome init cookiegt
lthome keygen tokengt home nonce index 1
43
Return Routability Test step 2
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
ltcare-of keygen tokengt HMAC_SHA1Kcn
(ltcare-of-addressgt ltnonce1gt 1)
164ltcare-of init cookiegt
ltCorrespondent Addressgt
Cookies ltcare-of init cookiegt
ltcare-of keygen tokengt care-of nonce index 1
44
Secure Binding Update to CN
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 ltcare-of
keygen tokengt HMAC_SHA1Kcn (ltcare-of-addressgt
ltnonce1gt 1) 164
ltCorrespondent Addressgt
Once the correspondent node has verified the MAC,
it can create a Binding Cache entry for the
mobile.
Kbm SHA1 (lthome-keygen-tokengt ltcare-of keygen
tokengt) MAC HMAC_SHA1Kbm(ltcare-of-addressgtltcorr
espondent addressgtBU) 196
Cookiesltcare-of init cookiegtltcare-of keygen
tokengt care-of nonce index 1lthome init
cookiegt lthome keygen tokengt home nonce index 1
45
Mobile IPv4 vs. Mobile IPv6
Mobile IPv4 Mobile IPv6
Mobile node, home agent, home link, foreign link (same)
Mobile nodes home address Globally routable home address and link-local home address
Foreign agent A plain IPv6 router on the foreign link (foreign agent no longer exists)
Collocated care-of address A plain IPv6 router on the foreign link (foreign agent no longer exists)
Care-of address obtained via Agent Discovery, DHCP, or manually Care-of address obtained via Stateless Address Autoconfiguration, DHCP, or manually
Agent Discovery Router Discovery
Authenticated registration with home agent Authenticated notification of home agent and other correspondent nodes
Routing to mobile nodes via tunneling Routing to mobile nodes via tunneling and source routing
Route optimization via separate protocol specification Integrated support for route optimization
46
MIPv6 References

• RFC 3775 Mobility Support in IPv6
• RFC 4443 ICMPv6
• RFC 3776 Using IPsec for MIPv6
• RFC 2408 The Internet Key Exchange