Title: A Framework of Media-Independent Pre-authentication (MPA) for Inter-domain Handover optimization
1A Framework of Media-Independent
Pre-authentication (MPA) for Inter-domain
Handover optimization
- draft-ohba-mobopts-mpa-framework-05.txt
- Ashutosh Dutta
- Victor Fajardo
- Yoshihiro Ohba
- Kenichi Taniuchi
- Henning Schulzrinne
(See also draft-ohba-mobopts-mpa-implementation-04
.txt for performance results)
2Media-independent Pre-Authentication (MPA)
- MPA is a mobile-assisted higher-layer
authentication, authorization and handover scheme
that is performed before establishing L2
connectivity to a network where mobile may move
in near future - MPA provides a secure and seamless mobility
optimization that works for Inter-subnet handoff,
Inter-domain handoff and Inter-technology handoff - MPA works with any mobility management protocol
Client Authentication
AP Switching
IP address configuration IP handover
AP Discovery
Conventional Method
Time
Pre-authentication
MPA
Time
Packet Loss Period
3MPA Phases
- Pre-authentication EAP pre-authentication to CTN
(Candidate Target Network) - Pre-configuration Proactive IP address
acquisition from CTN - Pre-switching L3 HO execution over MN-nAR tunnel
- Switching L2 handover
- Post-switching Tunnel deletion
Not all MPA phases have to be executed and can be
replaced with other mechanisms MPA Operation can
stop at phase 1 (pre-auth only) or at phase 2
(pre-auth pre-authorization),
4Proactive Handover Tunnelin pre-switching phase
CN
AR
Serving Network
Target Network
MN
5Agreement in IETF68
- Revise MPA framework draft to focus on
inter-domain handover problem - Specific changes are explained in next slides
6Inter-domain Handover Section Added
- Definition of an administrative domain (or a
domain) - Networks that are managed by a single
administrative entity - An administrative entity may be a service
provider, an enterprise and any organization. - An Inter-domain handover will by-default be
subjected to inter-subnet handover and in
addition it may be subjected to either
inter-technology or intra-technology handover. - Inter-domain handover will be subjected to all
the transition steps a subnet handover goes
through and in addition it will be subjected to
authentication and authorization process as well.
- It is also likely that type of mobility support
in each administrative domain will be different.
For example, administrative domain A may have
MIPv6 support, while administrative domain B may
use Proxy MIPv6.
7Inter-domain Handover between CMIPv6 PMIPv6
domains
CMIPv6 domain
PMIPv6 domain
HA
LMA
PMA
PMA
PMA
AR
AR
AR
MPA
MN
8Detailed Issues Section split
- MPA Operations (Section 7)
- 7.1 Discovery
- 7.2 Pre-authentication in multiple CTN
environment - 7.3 Proactive IP address acquisition
- 7.4 Address resolution
- 7.5 Tunnel management
- 7.6 Binding Update
- 7.7 Preventing packet loss
- 7.8 Link-layer security and mobility
- 7.9 IP layer security and mobility
- 7.10 Authentication in initial network
attachment - MPA Deployment Issues (Section 8)
- 8.1 Considerations for failed switching and
switch-back - 8.2 Pre-allocation of QoS resources
- 8.3 Resource allocation issue during
pre-authentication - MPA Case Studies for Inter-Domain Handoff
(Section 9) - 9.1 Homogeneous Mobility Protocol in each domain
(MIPv6, SIP Mobility, MIPv4 FA-CoA, PMIPv6)
9Applicability Statement Section moved to
earlier section (Section 4)
- MPA is categorized as a proactive handover
optimization mechanism. In other words, MPA is
more applicable where an accurate prediction of
movement can be easily made - Even if accurate prediction of movement is easily
made, effectiveness of MPA may be relatively
reduced if the network employs network-controlled
localized mobility management in which the MN
does not need to change its IP address while
moving within the network. - Effectiveness of MPA may also be relatively
reduced if signaling for network access
authentication is already optimized for movements
within the network, e.g., when simultaneous use
of multiple interfaces during handover is allowed - In other words, MPA is most viable solution for
inter-administrative domain predictive handover
without simultaneous use of multiple interfaces
10Performance result MPA with L2sec bootstrapping
- Use of MPA to bootstrap L2 security, e.g., IEEE
80211i, required for candidate networks, before
handover - Handover performance between network-layer
assisted pre-authentication and 802.11i
pre-authentication is similar - Network-layer assisted pre-authentication works
across multiple subnets/domains/media whereas
802.11i pre-authentication works only within the
802.11 and in the same ESS.
Type of authentication 802.11i post-authentication 802.11i post-authentication 802.11i pre-authentication 802.11i pre-authentication Network-layer assisted pre-authentication Network-layer assisted pre-authentication
Operation Non-roaming Roaming Non-roaming Roaming Non-roaming Roaming
Authentication and authorization delay 61ms 599ms 99ms 636ms 177ms 831ms
Configuration delay N/A N/A N/A N/A 17ms 17ms
Secure association 18m 17ms 16ms 17ms 17ms 17ms
Total 79m 616ms 115ms 655ms 211ms 865ms
Handover Delay 79m 616ms 16ms 17ms 17ms 17ms
11Performance result MPA with multiple Mobility
Management Protocols
12Summary
- MPA framework draft has been presented 5 times
since IETF62 - The draft has been revised to focus on
inter-domain handover and its in a good shape - The draft is fully ready to be a RG draft
13Thank You!
14MPA for L2 Pre-auth bootstrapping Scenario