Mobile Networking

1
Mobile Networking
Prasun Dewan
Department of Computer Science University of
North Carolina dewan_at_unc.edu
2
Problem

• How to provide mobility-transparent network
  access?

3
INS Support for Mobility

• Client never sees physical address
• Query serves as intentional name for source and
  destination
• Discovery infrastructure also does message
  routing
• Conventional model
• Get address from query
• Use address to send message
• INS model
• Send message with query
• What if multiple services
• Anycast
• Send to service with least value of metric
• Multicast
• Send to all matching services
• Cannot use internet multicast!

4
INS Problem

• New communication paradigm
• Implemented on top of existing transport layer
• Not as efficient?
• Designed for interaction with mobile appliances
• Not traditional applications on mobile nodes
• No support for stream-based interaction

5
Link-Level Support
Migrating station
6
Handoff Schemes

• Some central server/router per wireless LAN knows
  MH and base station mapping
• Old base station buffers messages and forwards to
  new one
• Adjacent base stations join a multicast group and
  buffer messages
• Works only for migration within a wireless LAN
• Can build on the multicast and forwarding ideas?

7
Building on Multicast Idea

• Each mobile host has an associated unique
  internet multicast group
• Moving from internet address A to B ?
• A leaves multicast group
• B joins it
• Multicast group provides the indirection.
• Use of multicast here different from traditional
  multicast
• Sparse groups
• Efficient wide area multicast not available
  anyway

8
Building on Forwarding Idea

• A permanent home address assigned to a mobile
  host.
• An agent able to intercept messages sent to that
  address keeps track of current location of host
  and forwards it to the new location.

9
Excerpt from Zhang00

• Start of excerpt

10
Mobility at the Network Layer

• Where can you manage mobility?
• Application
• Session
• Transport
• Network
• Data-link
• Physical
• Mobile-IP an extension to current IP
  architecture
• To manage mobility at the IP layer
• To hide mobility from the upper layers

11
Terminology

• Mobile Node (MN or MH)
• Correspondent Node (CN or CH)
• Home Network and Foreign Network
• Mobility Agent
• Home Agent (HA) and Foreign Agent (FA)
• Home Address (HoA) and Care-of Address (CoA)
• Binding and Binding Update

12
IETF Mobile-IP Basic Concept

• MN always uses its home address HoA
• When MN visits a foreign network,
• Registration with FA
• Discover mobile agents and CoA
• Registration with HA
• Binding update (HoA -gt CoA)
• When CN communicates with MN, it uses HoA
• HA forwards packet from HoA to CoA

13
Agent Discovery

• Through Agent Discovery Process
• Agent advertisement (beaconing)
• Mobile agent broadcast agent advertisement at
  regular intervals (I am here)
• Agent solicitation
• MN can solicit advertisement (anyone here?)
• Mobile agent respond to agent solicitation
• Question
• why agent solicitation?

14
Functions of Agent Advertisement

• Allow for the detection of mobility agents
• Let the MN know whether the agent is a HA, or a
  FA
• List one or more available care-of addresses
• Inform the MN about special features provided by
  FA
• Example Alternative encapsulation techniques
• Let MN determine the network number and status of
  their link to the Internet

15
CoA

• Two types of CoA
• FAs IP address
• MNs temporary address
• Locally-assigned address in the foreign network
• E.g., DHCP address
• Depends on foreign network configuration
• Foreign network may or may not hand out addresses
  to visitors

16
Implementing Agent Discovery

• Protocol details
• Built on top of an existing standard protocol
  Router Advertisement (RFC 1256)
• Simply extends the fields of existing router
  advertisements

17
Registering CoA

• HA must know a MHs CoA (binding update)
• Binding (HoA-gtCoA)
• Binding has a lifetime (can expire)
• Registration process
• MH sends a registration request with CoA
  information
• HA authenticate the request
• HA approves or disapproves the request
• HA adds the necessary information to its routing
  table
• HA sends a registration reply back to MH

18
Registration Operations
19
Authentication

• A malicious node could cause remote redirect
• Authentication and protection against replay
  attacks, and need for unique identification field
• Timestamp and Pseudorandom Number

20
Automatic Home Agent Discovery

• Problem what if MH never knew its HA?
• Example MH reboots and losses all states
• Subnet-wise broadcast packet is sent to the home
  network
• Subnet-wise broadcast cell-cast
• HA responds
• If more than one, other HAs on the home network
  send rejection notice

21
Forwarding to CoA

• Encapsulation
• Sending the original packet (CH-gtMH) in another
  packet (HA-gtCoA)
• Default encapsulation mechanism
• IP-within-IP (tunnel)
• Tunnel header A new IP header inserted by the
  tunnel source (home agent)
• Destination IP CoA
• Alternative encapsulation mechanism
• Minimal encapsulation

22
Tunneling Operations in Mobile IP
23
The Triangle Routing Problem

• MH-gtCH direct CH-gtMH CH-gtHA-gtMH
• Inefficient
• Solution Route optimization in Mobile-IP
• Deliver binding updates directly to CH

24
Discussion

• System issues

25
Home Network

• Where Can We Put the Home Agent?
• At the router?
• As a separate server?
• At the router
• What if there is multiple routers for the home
  network?
• As a separate server
• How can it pick up a packet CH?MH?

26
Foreign Network

• Where is FA? (Router or Separated Server?)
• How Can FA deliver MH the packet CH?MH
• Normally, CH?MH would go straight to a router
  (because MH is foreign)
• Is There Adequate Support at A Foreign Network
• What if there is no FA at the network you visit?
• Co-located FA
• What is the Minimum Requirement from the Foreign
  Network?
• Keep it as small as possible

27
Security Issues

• Visitors Are Threats!
• How to provision your LAN to support nomadic
  users
• And to protect your LAN from nomadic users
• Foreign Network Firewall Traversal
• Can firewall allows inbound HA?FA tunnel?
• Can MH?CH pass through an egress filter?
• Bi-directional tunneling
• Mutual Authentication
• Can you trust MH?
• Can you trust FA?

28
Mobile Computing Model

• What is the binding in IETF Mobile-IP?
• HoA -gt CoA (one level of indirection)
• Where is the binding being managed?
• HA
• In the route optimization case CH
• Scale of mobility?
• Internet-wide
• What is a cell in Mobile-IP?
• Subnet

29
Further Discussions

• Variants of IETF Mobile-IP
• Implementation issues
• Mobility Scope
• Macro-mobility Mobile-IP
• Micro-mobility Hierarchical Mobile-IP,
  Cellular-IP, HAWAII, TeleMIP, EMA,
• Combining network-layer mobility with link-layer
  mobility
• Features fast handoff, paging, etc.
• Mobility in a higher layer
• Transport layer, session layer

30
Excerpt from Zhang00

• End of excerpt

31
Triangle routing from MH to SH

• Needed to send messages to MH
• Also for sending messages from MH
• Mobile Host source address needs to be home
  address
• But for security reasons, local network will not
  route messages with non- local submet mask
• Like mail severs not forwarding messages if
  reply-to address is not local
• So MH sends message to Home Agent with local care
  of address
• Home Agent changes it to home address
• Reverse tunneling
• Thus triangle routing from and to MH

32
Key Mobile Networking Ideas/Issues

• Location-independent ID
• Home IP address, Multicast address
• Dynamic binding of EID to location
• Foreign agent contacting home agent
• Joining/leaving multicast group
• Binding may be stored remote and/or local to
  communicating party
• Home agent stores it remote
• Multicast groups stored remote and cached?
• Cache refresh problem need to determine where
  cached
• Remote Binding may be accessed at
• Connection time
• What to do if binding changes after connection
• Does not work for non connection-oriented
  communication (UDP)
• Message delivery time
• Mobile IP
• Performance problem

33
DNS based Solution

• Location-independent ID
• DNS name
• Dynamic binding of ID to location
• MH gets IP address from local network (DHCP
  server)
• DNS system of (home domain) informed about it
• By DHCP server or MH
• Binding may be stored remote and/or local to
  communicating party
• DNS bindings replicated and cached
• Time to live of cache 0 to avoid cache update
• Of MH, not the name server holding the mapping
• Search does not have to start at root
• What if MH moves after address fetched from NS
• Try again if TCP connection fails
• Address is hint rather than absolute

34
DNS based Solution

• Remote Binding accessed at
• Connection time
• What to do if binding changes after connection
• Mobile TCP/IP

35
Mobile TCP/IP

• TCP connection identified by
• ltsource address, source port, source port,
  destination address, dest portgt
• Need an ID that is address independent
• Connection time, token returned
• Now connection identified by
• ltaddress, port, tokengt
• Moving end can send migrate message to other end
• with connection ID and new address
• This message not acked
• Next message from stationary end to new address
  implicitly acks migrate message

36
Migrate Architecture
Correspondent Host
xxx.xxx.xxx.xxx
From snoeren00
37
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
From snoeren00
38
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
From snoeren00
39
TCP ConnectionMigration
1. Initial SYN 2. SYN/ACK 3. ACK (with
data) 4. Normal data transfer 5. Migrate
SYN 6. Migrate SYN/ACK 7. ACK (with data)
(Note typo in proceedings)
From snoeren00
40
Race Conditions

• Both end points migrate at same time
• Solution assumes one fixed host
• Migrating hosts old address reassigned before it
  has issued Migrate request
• That would issue an RST message
• Wait for migrate request before closing connection

41
TCP StateMachineChanges

• 2 new transitions between existing states
• - and -
• 1 new state handles pathological race condition

appl migrate send SYN (migrate T, R)
recv SYN (migrate T, R) send SYN, ACK
recv SYN (migrate T, R) send SYN, ACK
recv RST
2MSL timeout
MIGRATE_WAIT
From snoeren00
42
Security Issues

• Third part can change DNS mapping
• Secure DNS needed
• Third party can move connection
• Token prevents this
• Replay attack
• Sequence number of request prevents this
• Denial of service
• SYN Flooding
• Token validation can be expensive
• A simpler to validate token sent with actual
  token