Title: Mobility Support in IPv6 (MIPv6)
1Mobility Support in IPv6(MIPv6)
- Chun-Chuan Yang
- Dept. Computer Science Info. Eng.
- National Chi Nan University
- Jan. 29, 2008
2Outline
- Introduction to Mobile Networking
- Background MIPv4
- MIPv6 Features
- MIPv6 Basic Operations
- MIPv6 Security
- MIPv6 vs. MIPv4
3Mobile Networking
- Wireless devices offering IP connectivity
- PDA, handhelds, digital cellular phones, etc.
- Mobile networking
- Computing activities are not disrupted when the
user changes the computers point of attachment
to the Internet - All the needed reconnection occurs automatically
and non-interactively - Technical obstacles
- Internet Protocol (IP) routing scheme
- Security concerns
4Nomadicity (1)
- How mobility affects the protocol stack
5Nomadicity (2)
- Layer 2 (data link layer)
- Collision detection ? collision avoidance
- Dynamic range of the signals is very large, so
that a transmitting station cannot effectively
distinguish incoming weak signals from noise and
the effects of its own transmissions - Cell size (frequency reuse)
- Layer 3 (network layer)
- Changing the routing of datagrams destined for
the mobile nodes
6Nomadicity (3)
- Layer 4 (transport layer)
- Congestion control is based on packet loss
- However, packet loss ? congestion?
- Other reasons for packet loss
- Noisy wireless channel, During handoff process
- Top layer (application layer)
- Automatic configuration
- Service discovery
- Link awareness ? adaptability
- Environment awareness
7Mobile IPv4 (1)
- Basic idea
- New IP address associated with the new point of
attachment is required - Two IP addresses for mobile node
- Home address static
- Care-of address topologically significant
address - Home network, home agent
- Foreign network, foreign agent
8Mobile IPv4 (2)
- Three Mobile IP mechanisms
- 1. Discovering the care-of address
- 2. Registering the care-of address
- 3. Tunneling to the care-of address
9Mobile IPv4 (3)
- 1. Discovery
- Extension of ICMP Router Advertisement
- Home agents and foreign agents broadcast agent
advertisements at regular intervals - Agent advertisement
- Allows for the detection of mobility agents
- Lists one or more available care-of addresses
- Informs the mobile node about special features
- Mobile node selects its care-of address
- Mobile node checks whether the agent is a home
agent or foreign agent - Mobile node issues an ICMP router solicitation
message
10Mobile IPv4 (4)
- 2. Registration
- Once a mobile node has a care-of address, its
home agent must find out about it
11Mobile IPv4 (5)
Tunneling
12Mobile IPv4 (6)
Registration request Message
Registration reply Message
13Mobile IPv4 Route Optimization
14Mobile IPv6 Features (1)
- IPv6 Mobility is based on core features of IPv6
- The base IPv6 was designed to support Mobility
- Mobility is not an Add-on features
- All IPv6 Networks are IPv6-Mobile Ready
- All IPv6 nodes are IPv6-Mobile Ready
- All IPv6 LANs/Subnets are IPv6 Mobile Ready
- IPv6 Neighbor Discovery and Address
Autoconfiguration allow hosts to operate in any
location without any special support
15Mobile IPv6 Features (2)
- No Foreign Agent
- In a Mobile IP, an MN registers to a foreign node
and borrows its address to build an IP tunnel so
that the HA can deliver the packets to the MN.
But in Mobile IPv6, the MN can get a new IPv6
address, which can be only used by the MN and
thus the FA no longer exists - IPv6 Address auto-configuration MN can obtain a
CoA in foreign network without any help of
foreign agent - More Scalable Better Performance
- Less traffic through Home Link
- Less redirection/re-routing (Traffic Optimization)
16Mobile IPv6 Features (3)
- Bi-directional tunneling mode
- Does not require for the CN to support Mobile
IPv6 - Use of Reverse tunneling
- Route Optimization (RO) mode
- Requires to register the MNs current binding at
the CN - Uses a new type of IPv6 routing header
- Type-2 routing header home address (Dest Addr
MNs CoA) - Shortest communications path
- Eliminates congestion at the MNs HA and home
link - Impact of any possible failure of the HA or
networks on the path to or from it is reduced
17Mobile IPv6 Features (4)
- Dynamic Home Agent Address Discovery
- Allows a MN to dynamically discover the IP
address of a home agent on its home link - ICMP Home Agent Address Discovery Request Message
- Destination address Home Agent anycast address
for its own home subnet prefix - Reply message
- HA list (with preferences) in the home link
- Each HA maintains the home agent lists
18New IPv6 Protocol (1)
- Mobility Header
- Home Test Init, Home Test, Care-of Test Init,
Care-of Test - Perform the return routability procedure from MN
to CN for ensuring authorization of subsequent
Binding Updates - Binding Update
- Binding Acknowledgement
- Binding Refresh Request
- Binding Error
19New IPv6 Protocol (2)
- New IPv6 Destination Option
- Home Address destination option
- Type-2 Routing header route optimization
- New ICMPv6 Messages
- Home Agent Address Discovery Request
- Home Agent Address Discovery Reply
- Mobile Prefix Solicitation
- Mobile Prefix Advertisement
20Mobility Header
Payload Proto Same as IPv6 Next Header MH Type
Identifies the particular mobility
message Message Data the data specific to the
indicated MH type
21Binding Update Message
A Acknowledge H Home Registration L
Link-Local Address Compatibility K Key
Management Mobility Capability
22Binding Acknowledgement Message
KKey Management Mobility Capability
23MIPv6 Basic Operation (1)
CN
S MNs Home Address D CNs IP Address
Home Network
Internet
HA
Foreign Network
S CNs IP Address D MNs Home Address
Mobile Node
24MIPv6 Basic Operation (2)
CN
Home Network
Internet
HA
Foreign Network
25MIPv6 Basic Operation (3)
S CNs IP Address D MNs Home Address
CN
Internet
Home Network
HA
Tunneled packets
S HAs Address D MNs COA
Mobile Node
26MIPv6 Basic Operation (4)
CN
Home Network
Internet
HA
Mobile Node
27MIPv6 Basic Operation (5)
CN
Home Network
Internet
HA
Mobile Node
28Movement
- Movement Detection Detect L3 handovers
- Neighbor Unreachability Detection (NUD)
- Default router is no longer bi-directionally
reachable - Router Discovery select a new default router
- Prefix Discovery form new care-of address
- Home registration
- Correspondent registration
29Home Registration (1)
- Set H-bit A-bit in the Binding Updates sent to
the HA - MNs home address in Home Address destination
option - Source address Care-of address
- Set L-bit if the MNs link-local address (for the
new care-of-address) has the same interface ID as
the home address - Set K-bit if the IPsec SAs between the MN and the
HA have been established dynamically, and the
mobile node has the capability to update its
endpoint in the used key management protocol to
the new care-of address every time it moves
30Home Registration (2)
- Sequence
- Used by the receiving node to sequence BUs and by
the sending node to match a returned BACK with
this BU - Lifetime
- The number of time units remaining before the
binding must be considered expired - One time unit is 4 seconds
31Correspondent Registration (1)
- Allowing the CN to cache the MNs current care-of
address - Return Routability procedure registration
- After home registration, the MN should initiate a
correspondent registration for each node that
already appears in the MNs Binding Update List - The initiated procedures can be used to either
update or delete binding information in the CN - In addition, MN initiate the registration in
response to receiving a packet tunneled using
IPv6 encapsulation
32Correspondent Registration (2)
- A Binding Update is created as follows
- 1. Source address of the IPv6 header the
current care-of address - 2. Destination address the address of the CN
- 3. Mobility header with MH type 5, including
the Binding Authorization Data and the Nonce
Indices mobility options - 4. Home Address destination option MNs home
address
33Conceptual Data Structures
- CN Binding Cache
- When sending a packet, the Binding Cache is
searched before the Neighbor Discovery conceptual
Destination Cache - HA Binding Cache and Home Agents List
- The Home Agents List is used by the dynamic home
agent address discovery mechanism - MN Binding Update List
- It records information for each BU sent by this
MN, in which the lifetime of the binding has not
yet expired - The Binding Update List includes all bindings
sent by the MN either to its HA or CNs
34MIPv6 Security
- Binding Updates to HA
- IPsec and ESP between MN and HA
- Key Distribution (IKE, Internet Key Exchange)
- Binding Updates to CN
- Return Routability Procedure to assure that the
right MN is sending the message - Binding management key (Kbm) for integrity and
authenticity of the BU messages
35IPsec Security Association
- An SA is a cryptographically protected connection
- There MUST be a SA between the MN and HA
- Provides integrity and autentication of BU and
BACK - An SA is defined by ltSPI, destination adress,
flaggt - One SA per home-address
IPsec Authentication Header (authentication only
service)
36Encapsulating Security Payload
- ESP authentication encryption
37IPsec AH vs. ESP
38Binding Updates to CN
- Return Routability Procedure
- It enables CN to obtain some reasonable assurance
that MN is in fact addressable at its claimed
care-of address as well as at its home address - Done by testing whether packets addressed to the
two claimed addresses are routed to MN - MN can pass the test only if it is able to supply
proof that it received certain data (the keygen
tokens) which CN sends to those addresses. These
data are combined by MN into Kbm
39Return Routability Procedure
40RR Procedure Terminology (1)
- Node Key a secret key (20 octets), Kcn, at CN
- Nonce CN also generates nonces at regular
intervals - Cookie Random number used by MN
- To prevent spoofing by a bogus CN in the RR
procedure - Home init cookie
- A cookie sent to the CN in the Home Test Init
message, to be returned in the Home Test message - Care-of init cookie
- A cookie sent to the CN in the Care-of Test Init
message, to be returned in the Care-of Test
message
41RR Procedure Terminology (2)
- Keygen Token
- Number supplied by CN to enable MN to compute the
necessary binding management key for authorizing
a BU - Care-of keygen token Care-of Test message
- Home keygen token Home Test message
- Cryptographic Functions
- SHA Secure Hash Standard
- HMAC_SHA1 Keyed-Hashing for Message
Authentication - MAC Message Authentication Codes
42Return Routability Test step 1
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 lthome
init cookiegt
ltCorrespondent Addressgt
Cookies
lthome init cookiegt
lthome keygen tokengt home nonce index 1
43Return Routability Test step 2
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
ltcare-of keygen tokengt HMAC_SHA1Kcn
(ltcare-of-addressgt ltnonce1gt 1)
164ltcare-of init cookiegt
ltCorrespondent Addressgt
Cookies ltcare-of init cookiegt
ltcare-of keygen tokengt care-of nonce index 1
44Secure Binding Update to CN
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 ltcare-of
keygen tokengt HMAC_SHA1Kcn (ltcare-of-addressgt
ltnonce1gt 1) 164
ltCorrespondent Addressgt
Once the correspondent node has verified the MAC,
it can create a Binding Cache entry for the
mobile.
Kbm SHA1 (lthome-keygen-tokengt ltcare-of keygen
tokengt) MAC HMAC_SHA1Kbm(ltcare-of-addressgtltcorr
espondent addressgtBU) 196
Cookiesltcare-of init cookiegtltcare-of keygen
tokengt care-of nonce index 1lthome init
cookiegt lthome keygen tokengt home nonce index 1
45Mobile IPv4 vs. Mobile IPv6
Mobile IPv4 Mobile IPv6
Mobile node, home agent, home link, foreign link (same)
Mobile nodes home address Globally routable home address and link-local home address
Foreign agent A plain IPv6 router on the foreign link (foreign agent no longer exists)
Collocated care-of address A plain IPv6 router on the foreign link (foreign agent no longer exists)
Care-of address obtained via Agent Discovery, DHCP, or manually Care-of address obtained via Stateless Address Autoconfiguration, DHCP, or manually
Agent Discovery Router Discovery
Authenticated registration with home agent Authenticated notification of home agent and other correspondent nodes
Routing to mobile nodes via tunneling Routing to mobile nodes via tunneling and source routing
Route optimization via separate protocol specification Integrated support for route optimization
46MIPv6 References
- RFC 3775 Mobility Support in IPv6
- RFC 4443 ICMPv6
- RFC 3776 Using IPsec for MIPv6
- RFC 2408 The Internet Key Exchange