Mobility Support in IPv6 (MIPv6) - PowerPoint PPT Presentation

About This Presentation
Title:

Mobility Support in IPv6 (MIPv6)

Description:

Title: PowerPoint Presentation Last modified by: Chun-Chuan Yang Created Date: 1/1/1601 12:00:00 AM Document presentation format: Other titles – PowerPoint PPT presentation

Number of Views:84
Avg rating:3.0/5.0
Slides: 47
Provided by: erdosCsi
Category:

less

Transcript and Presenter's Notes

Title: Mobility Support in IPv6 (MIPv6)


1
Mobility Support in IPv6(MIPv6)
  • Chun-Chuan Yang
  • Dept. Computer Science Info. Eng.
  • National Chi Nan University
  • Jan. 29, 2008

2
Outline
  • Introduction to Mobile Networking
  • Background MIPv4
  • MIPv6 Features
  • MIPv6 Basic Operations
  • MIPv6 Security
  • MIPv6 vs. MIPv4

3
Mobile Networking
  • Wireless devices offering IP connectivity
  • PDA, handhelds, digital cellular phones, etc.
  • Mobile networking
  • Computing activities are not disrupted when the
    user changes the computers point of attachment
    to the Internet
  • All the needed reconnection occurs automatically
    and non-interactively
  • Technical obstacles
  • Internet Protocol (IP) routing scheme
  • Security concerns

4
Nomadicity (1)
  • How mobility affects the protocol stack

5
Nomadicity (2)
  • Layer 2 (data link layer)
  • Collision detection ? collision avoidance
  • Dynamic range of the signals is very large, so
    that a transmitting station cannot effectively
    distinguish incoming weak signals from noise and
    the effects of its own transmissions
  • Cell size (frequency reuse)
  • Layer 3 (network layer)
  • Changing the routing of datagrams destined for
    the mobile nodes

6
Nomadicity (3)
  • Layer 4 (transport layer)
  • Congestion control is based on packet loss
  • However, packet loss ? congestion?
  • Other reasons for packet loss
  • Noisy wireless channel, During handoff process
  • Top layer (application layer)
  • Automatic configuration
  • Service discovery
  • Link awareness ? adaptability
  • Environment awareness

7
Mobile IPv4 (1)
  • Basic idea
  • New IP address associated with the new point of
    attachment is required
  • Two IP addresses for mobile node
  • Home address static
  • Care-of address topologically significant
    address
  • Home network, home agent
  • Foreign network, foreign agent

8
Mobile IPv4 (2)
  • Three Mobile IP mechanisms
  • 1. Discovering the care-of address
  • 2. Registering the care-of address
  • 3. Tunneling to the care-of address

9
Mobile IPv4 (3)
  • 1. Discovery
  • Extension of ICMP Router Advertisement
  • Home agents and foreign agents broadcast agent
    advertisements at regular intervals
  • Agent advertisement
  • Allows for the detection of mobility agents
  • Lists one or more available care-of addresses
  • Informs the mobile node about special features
  • Mobile node selects its care-of address
  • Mobile node checks whether the agent is a home
    agent or foreign agent
  • Mobile node issues an ICMP router solicitation
    message

10
Mobile IPv4 (4)
  • 2. Registration
  • Once a mobile node has a care-of address, its
    home agent must find out about it

11
Mobile IPv4 (5)
  • 3. Tunneling

Tunneling
12
Mobile IPv4 (6)
Registration request Message
Registration reply Message
13
Mobile IPv4 Route Optimization
14
Mobile IPv6 Features (1)
  • IPv6 Mobility is based on core features of IPv6
  • The base IPv6 was designed to support Mobility
  • Mobility is not an Add-on features
  • All IPv6 Networks are IPv6-Mobile Ready
  • All IPv6 nodes are IPv6-Mobile Ready
  • All IPv6 LANs/Subnets are IPv6 Mobile Ready
  • IPv6 Neighbor Discovery and Address
    Autoconfiguration allow hosts to operate in any
    location without any special support

15
Mobile IPv6 Features (2)
  • No Foreign Agent
  • In a Mobile IP, an MN registers to a foreign node
    and borrows its address to build an IP tunnel so
    that the HA can deliver the packets to the MN.
    But in Mobile IPv6, the MN can get a new IPv6
    address, which can be only used by the MN and
    thus the FA no longer exists
  • IPv6 Address auto-configuration MN can obtain a
    CoA in foreign network without any help of
    foreign agent
  • More Scalable Better Performance
  • Less traffic through Home Link
  • Less redirection/re-routing (Traffic Optimization)

16
Mobile IPv6 Features (3)
  • Bi-directional tunneling mode
  • Does not require for the CN to support Mobile
    IPv6
  • Use of Reverse tunneling
  • Route Optimization (RO) mode
  • Requires to register the MNs current binding at
    the CN
  • Uses a new type of IPv6 routing header
  • Type-2 routing header home address (Dest Addr
    MNs CoA)
  • Shortest communications path
  • Eliminates congestion at the MNs HA and home
    link
  • Impact of any possible failure of the HA or
    networks on the path to or from it is reduced

17
Mobile IPv6 Features (4)
  • Dynamic Home Agent Address Discovery
  • Allows a MN to dynamically discover the IP
    address of a home agent on its home link
  • ICMP Home Agent Address Discovery Request Message
  • Destination address Home Agent anycast address
    for its own home subnet prefix
  • Reply message
  • HA list (with preferences) in the home link
  • Each HA maintains the home agent lists

18
New IPv6 Protocol (1)
  • Mobility Header
  • Home Test Init, Home Test, Care-of Test Init,
    Care-of Test
  • Perform the return routability procedure from MN
    to CN for ensuring authorization of subsequent
    Binding Updates
  • Binding Update
  • Binding Acknowledgement
  • Binding Refresh Request
  • Binding Error

19
New IPv6 Protocol (2)
  • New IPv6 Destination Option
  • Home Address destination option
  • Type-2 Routing header route optimization
  • New ICMPv6 Messages
  • Home Agent Address Discovery Request
  • Home Agent Address Discovery Reply
  • Mobile Prefix Solicitation
  • Mobile Prefix Advertisement

20
Mobility Header
Payload Proto Same as IPv6 Next Header MH Type
Identifies the particular mobility
message Message Data the data specific to the
indicated MH type
21
Binding Update Message
  • MH Type5
  • Message Data

A Acknowledge H Home Registration L
Link-Local Address Compatibility K Key
Management Mobility Capability
22
Binding Acknowledgement Message
  • MH Type6
  • Message Data

KKey Management Mobility Capability
23
MIPv6 Basic Operation (1)
CN
S MNs Home Address D CNs IP Address
Home Network
Internet
HA
Foreign Network
S CNs IP Address D MNs Home Address
Mobile Node
24
MIPv6 Basic Operation (2)
CN
Home Network
Internet
HA
Foreign Network
25
MIPv6 Basic Operation (3)
S CNs IP Address D MNs Home Address
CN
Internet
Home Network
HA
Tunneled packets
S HAs Address D MNs COA
Mobile Node
26
MIPv6 Basic Operation (4)
CN
Home Network
Internet
HA
Mobile Node
27
MIPv6 Basic Operation (5)
CN
Home Network
Internet
HA
Mobile Node
28
Movement
  • Movement Detection Detect L3 handovers
  • Neighbor Unreachability Detection (NUD)
  • Default router is no longer bi-directionally
    reachable
  • Router Discovery select a new default router
  • Prefix Discovery form new care-of address
  • Home registration
  • Correspondent registration

29
Home Registration (1)
  • Set H-bit A-bit in the Binding Updates sent to
    the HA
  • MNs home address in Home Address destination
    option
  • Source address Care-of address
  • Set L-bit if the MNs link-local address (for the
    new care-of-address) has the same interface ID as
    the home address
  • Set K-bit if the IPsec SAs between the MN and the
    HA have been established dynamically, and the
    mobile node has the capability to update its
    endpoint in the used key management protocol to
    the new care-of address every time it moves

30
Home Registration (2)
  • Sequence
  • Used by the receiving node to sequence BUs and by
    the sending node to match a returned BACK with
    this BU
  • Lifetime
  • The number of time units remaining before the
    binding must be considered expired
  • One time unit is 4 seconds

31
Correspondent Registration (1)
  • Allowing the CN to cache the MNs current care-of
    address
  • Return Routability procedure registration
  • After home registration, the MN should initiate a
    correspondent registration for each node that
    already appears in the MNs Binding Update List
  • The initiated procedures can be used to either
    update or delete binding information in the CN
  • In addition, MN initiate the registration in
    response to receiving a packet tunneled using
    IPv6 encapsulation

32
Correspondent Registration (2)
  • A Binding Update is created as follows
  • 1. Source address of the IPv6 header the
    current care-of address
  • 2. Destination address the address of the CN
  • 3. Mobility header with MH type 5, including
    the Binding Authorization Data and the Nonce
    Indices mobility options
  • 4. Home Address destination option MNs home
    address

33
Conceptual Data Structures
  • CN Binding Cache
  • When sending a packet, the Binding Cache is
    searched before the Neighbor Discovery conceptual
    Destination Cache
  • HA Binding Cache and Home Agents List
  • The Home Agents List is used by the dynamic home
    agent address discovery mechanism
  • MN Binding Update List
  • It records information for each BU sent by this
    MN, in which the lifetime of the binding has not
    yet expired
  • The Binding Update List includes all bindings
    sent by the MN either to its HA or CNs

34
MIPv6 Security
  • Binding Updates to HA
  • IPsec and ESP between MN and HA
  • Key Distribution (IKE, Internet Key Exchange)
  • Binding Updates to CN
  • Return Routability Procedure to assure that the
    right MN is sending the message
  • Binding management key (Kbm) for integrity and
    authenticity of the BU messages

35
IPsec Security Association
  • An SA is a cryptographically protected connection
  • There MUST be a SA between the MN and HA
  • Provides integrity and autentication of BU and
    BACK
  • An SA is defined by ltSPI, destination adress,
    flaggt
  • One SA per home-address

IPsec Authentication Header (authentication only
service)
36
Encapsulating Security Payload
  • ESP authentication encryption

37
IPsec AH vs. ESP
38
Binding Updates to CN
  • Return Routability Procedure
  • It enables CN to obtain some reasonable assurance
    that MN is in fact addressable at its claimed
    care-of address as well as at its home address
  • Done by testing whether packets addressed to the
    two claimed addresses are routed to MN
  • MN can pass the test only if it is able to supply
    proof that it received certain data (the keygen
    tokens) which CN sends to those addresses. These
    data are combined by MN into Kbm

39
Return Routability Procedure
40
RR Procedure Terminology (1)
  • Node Key a secret key (20 octets), Kcn, at CN
  • Nonce CN also generates nonces at regular
    intervals
  • Cookie Random number used by MN
  • To prevent spoofing by a bogus CN in the RR
    procedure
  • Home init cookie
  • A cookie sent to the CN in the Home Test Init
    message, to be returned in the Home Test message
  • Care-of init cookie
  • A cookie sent to the CN in the Care-of Test Init
    message, to be returned in the Care-of Test
    message

41
RR Procedure Terminology (2)
  • Keygen Token
  • Number supplied by CN to enable MN to compute the
    necessary binding management key for authorizing
    a BU
  • Care-of keygen token Care-of Test message
  • Home keygen token Home Test message
  • Cryptographic Functions
  • SHA Secure Hash Standard
  • HMAC_SHA1 Keyed-Hashing for Message
    Authentication
  • MAC Message Authentication Codes

42
Return Routability Test step 1
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 lthome
init cookiegt
ltCorrespondent Addressgt
Cookies
lthome init cookiegt
lthome keygen tokengt home nonce index 1
43
Return Routability Test step 2
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
ltcare-of keygen tokengt HMAC_SHA1Kcn
(ltcare-of-addressgt ltnonce1gt 1)
164ltcare-of init cookiegt
ltCorrespondent Addressgt
Cookies ltcare-of init cookiegt
ltcare-of keygen tokengt care-of nonce index 1
44
Secure Binding Update to CN
Secret Key ltKcngt
Temporary Nonces 1 - ltnonce1gt2 - ltnonce2gt ...
Correspondent Node
lthome keygen tokengt HMAC_SHA1Kcn
(lthome-addressgt ltnonce1gt 0) 164 ltcare-of
keygen tokengt HMAC_SHA1Kcn (ltcare-of-addressgt
ltnonce1gt 1) 164
ltCorrespondent Addressgt
Once the correspondent node has verified the MAC,
it can create a Binding Cache entry for the
mobile.
Kbm SHA1 (lthome-keygen-tokengt ltcare-of keygen
tokengt) MAC HMAC_SHA1Kbm(ltcare-of-addressgtltcorr
espondent addressgtBU) 196
Cookiesltcare-of init cookiegtltcare-of keygen
tokengt care-of nonce index 1lthome init
cookiegt lthome keygen tokengt home nonce index 1
45
Mobile IPv4 vs. Mobile IPv6
Mobile IPv4 Mobile IPv6
Mobile node, home agent, home link, foreign link (same)
Mobile nodes home address Globally routable home address and link-local home address
Foreign agent A plain IPv6 router on the foreign link (foreign agent no longer exists)
Collocated care-of address A plain IPv6 router on the foreign link (foreign agent no longer exists)
Care-of address obtained via Agent Discovery, DHCP, or manually Care-of address obtained via Stateless Address Autoconfiguration, DHCP, or manually
Agent Discovery Router Discovery
Authenticated registration with home agent Authenticated notification of home agent and other correspondent nodes
Routing to mobile nodes via tunneling Routing to mobile nodes via tunneling and source routing
Route optimization via separate protocol specification Integrated support for route optimization
46
MIPv6 References
  • RFC 3775 Mobility Support in IPv6
  • RFC 4443 ICMPv6
  • RFC 3776 Using IPsec for MIPv6
  • RFC 2408 The Internet Key Exchange
Write a Comment
User Comments (0)
About PowerShow.com