CMSC 628 - Presentation

1
CMSC 628 - Presentation

• An End-to-End Approach to Host Mobility
• Alex C. Snoeren and Hari Balakrishnan

2
Overview

• Introduction
• Mobile IP
• Other IP layer approaches to mobility
• Transport layer approaches
• Proposed architecture
• Issues
• Conclusions

3
Introduction

• Routing issue with legacy TCP/IP stack
• Host location and hand-off support
• End-End Vs other approaches
• Keeping mobility transparent from the transport
  layer

4
Mobile IP

• Essentially, mobility handled by third party
• Triangle routing and tunneling
• Pure routing solution
• Only IP substrate changed

5
Other network layer approaches

• For the most part, enhancements of Mobile IP
• Cache care-of address of mobile host
• IPv6 mobility support

6
Transport layer approaches

• Migration NOT transparent to TCP
• Proxy approaches transparent to sender
• Current approach

7
The End-to-End architecture

• Addressing
• Host location
• TCP connection migration
• Security

8
Host Location

• In case of fixed servers, no special service
  required
• In case of mobile servers, use dynamic DNS
  updates
• Set TTL of DNS cache entries to zero
• Problems with fast mobility

9
TCP connection migration

• Use secure tokens to identify TCP connections
• Token negotiated during handshake
• Migrate-permitted option to negotiate token
• Migrate option to migrate a connection

10
TCP connection migration
11
TCP connection migration

• Migrate Permitted option

12
TCP connection migration

• SYN from client contains clients public key
• Likewise for SYN from the server
• Shared secret key computed from the above
• Token computed as a hash of the shared key and
  initial sequence numbers

13
TCP connection migration

• Migrate option

14
TCP connection migration

• Migrate option used in the SYN after migration
• ReqNo used to order migrate requests
• Token identifies the connection
• Request is an authentication mechanism
• Essentially, hash of the initial sequence
  numbers, shared key, request number, and the
  migrate SYN segment

15
TCP connection migration

• At the other end, compare token
• Check if ReqNo is one greater than prev
• Compute request hash and compare
• Update destination address and port
• The Migrate-Wait state

16
Security

• Denial of Service
• Connection Hijacking
• Key security

17
Performance
18
Limitations

• Slow start begins after migration
• Both hosts cannot move simultaneously
• Address caching

19
Conclusions

• End-to-End architecture
• Transport layer aware of mobility
• Hosts have choice over approach used, hence more
  flexible
• Pretty secure
• Some limitations