Host Mobility for IP Networks

1
Host Mobility for IP Networks

• Mobility stresses the Internet architecture
• Mobility requires additional mechanisms to be
  implemented at both end host and network
• Mobility Management mechanisms
• IETF's Mobile IP has progressed slowly
• DHCP and VPN tunnelling
• Firewall deployment and NATs has blocked MIP

2
Requirements for Mobility Management

• Location-independent identifier
• Static id across locations
• Compatibility w/ IP routing
• Location management (peers, clients)
• Transparency
• Security

3
Alternative Mobility Management Solutions

• Transport-layer approaches
• Application-level approaches
• Session mobility (context transfer)
• Personal mobility
• Service mobility
• Alternative architectures

4
Mobile IP

• Originally developed as an extension to Ipv4
  protocols (MIPv4)
• Mobile IPv6 (MIPv6) has been developed as an
  integral part of Ipv6
• Both offers a mode operation using home agents
• MIPv6 has a second mode of operation called MIP
  with route optimisation

5
Mobile IP through a home agent

• Assigned a unique home address (endpoint
  identifier)
• Corresponding packets are routed to through the
  home network
• When host is mobile, home agent takes
  responsibility of intercepting for the host and
  tunnelling them to mobile host current location
• In MIPv4, mobile host uses a foreign agent
• In MIPv6, mobile host acquires an address
  (care-of address)

6
Mobile host sending packets

• When in home network, it uses it EID
• When in visited network
• Use EID
• Reverse tunnel back to home agent
• Internet RFC 3344
• secure the various protocol transactions
• dynamically discover agents
• intercept packets in the home network
• Strength no need to implement protocol extensions

7
Mobile IP with route optimisations

• Standardised only for MIPv6
• Default use of home agents
• Mobile nodes can notify and interact directly
  with corresponding node
• Improves scalability, reliability and reduces
  network load

8
Mobile IP with route optimisations basics

• Corresonding node maintains a binding cache that
  stores the current care-of address of the mobile
  node
• The mobile node uses a binding update message to
  notify the corresponding node of an address
  change
• When sending a packet to a mobile node, the
  corresponding node includes a special IPv6
  routing header to carry the home address (but
  uses the current care-of address)

9
Mobile IP with route optimisations basics cont
...

• Need for optimisation is to establish security
  parameters (signalling messages)
• Crucial for preventing denial of service attacks
  (connection hijacking)
• Current MIPv6 draft describes return routability
  procedures that allow for a security association
  between two nodes that is at least as trustworthy
  as the packet routing infrastructure
• A key is generated to authenticate the subsequent
  binding update

10
Mobile IP Extensions

• Micromobility
• Highly mobile nodes
• Frequent updates
• Packet loss
• Goal is to localise effects of mobility
• Access Control
• Mobile nodes must be able to obtain access from
  networks with different admin domains
• Avoidance of a Home Network
• Robustness and performance issues

11
(No Transcript)
12
Micromobilty Proposals

• Host-based routing
• distributed location database (visited network)
• Manages care-of address
• Hierarchical tunnelling-based
• Provides local anchor points (binding updates
  terminated here)
• Received packets are tunnelled to current
  address
• Smooth handover
• Used of signalling (access routers)

13
Access Control

• Goal is to integrate Mobile IP binding updates
  into a single procedure
• RFC 2977 provides requirements for AAA servers

14
Avoidance of a home network

• Reliance on home network
• single point of failure
• latency and overhead issues
• proposals
• geographically distributed home registrars
  (HLRs)
• requires additional infra and looses transparency
• Homeless extension to MIPv6
• Operates without a unique home address (always
  away)
• Host maintains a host/foreign cache of
  source/destination addresses valid for a
  connection

15
Migrate (Snoeren and Balakrsihnan 2000)

• Invokes the classic end2end argument
• Host mobility may be best provided for some
  applications on an e2e basis w/o reliance to new
  network mechanisms
• Key is the use of fully qualified domain names
  (FQDN)
• Portability can achieved using DHCP (similar to
  MIP)
• But location determantion is done on the basis of
  DNS lookups on a per-session basis

16
Migrate cont ...(Snoeren and Balakrsihnan 2000)

• DNS is always consulted
• On mobility, host updates mappings between
  hostname and IP addresses in the DNS server
  within the host's home domain
• Stale DNS bindings are avoided by making the
  binding unreachable via zero ttl values in the
  records

17
Migrate cont ...(Snoeren and Balakrsihnan 2000)

• Session maintenance is the hardest challenge
• Requires e2e participation of the host and
  modification of TCP
• Authors propose a Migrate option to TCP that
  allows an existing TCP connection to be migrated
  by either host from an old IP address to a new IP
  address
• Accomplished using to TCP segments (SYN with
  Migrate option and ACK of that segment)

18
Migrate cont ...(Snoeren and Balakrsihnan 2000)

• To prevent connection hijacking, the exchange can
  be secured using IPsec (or optional
  Diffie-Hellman key exchange at connection onset)

19
Host Identity Protocol(Moscowitz 2001)

• Context
• several advocates for the separation of IP
  addresses and EIDs in the Internet architecture
• IRTF Name Space Research Group is investigating
  whether a new name space between the network and
  application would help solve architecural strain
• (overlading of IP addresses -gt locations,
  interfaces, hostnames and TCP connection
  identifiers)

20
Host Identity Protocol(Moscowitz 2001)

• Suggest a new cyrptography-based name space that
  may solve a number of problems
• Routing table growth (multihoming)
• Lightweight Ipsec key establishment
• Mobility management
• Assigns globally unique name for any host with an
  IP stack (public key)
• Host identity can be used to autheticate
  transactions

21
Host Identity Protocol cont ...(Moscowitz 2001)

• A HIP protocol layer is placed between IP and
  transport layers
• Allows decoupling of transport connections from
  IP addresses
• Packets always carry a representation of host
  identity
• Host identity can be stored in DNS or a PKI or
  anonymous

22
Host Identity Protocol cont ...(Moscowitz 2001)

• Requires an initial four-packet stateless
  handshake to set up keying material for
  connection (similar to a simpler IKE if datagrams
  are encrypted and piggy-backed
• Compressed representation of the host identity is
  used in the socket identifiers
• On mobility, host sned a HIP Readdress packet to
  any HIP-enabled correspondent peer

23
Performance Issues
24
Scalabilty Issues
25
Robustness Issues
26
Strengths and WeaknessesMobile IP

• No deployment of host modifications
• Can support mobile networks that do/can not need
  address change
• Support for simultaneous mobility
• History of RD

• Per-packet overheads
• Networks w/ multiple addressing schemes
• Tunneling can conflict with firewall and Ipsec
• Complicaitons of third party agents in network

27
Strengths and WeaknessesMigrate

• Better path selection
• Easier integration with NATs and firewalls
• No per-packet overhead
• No changes in infra

• Requires changes to TCP implementations
• Concerns over DNS scalability due to loss of
  caching and DNS database distribution frequency
• TCP-centric

28
Strengths and WeaknessesHIP

• Better path selection
• No per-packet overhead beyond IPsec
• Natural for networks with multiple addressing
  schemes
• Integrated with IP security protocols
• Natural for multihoming

• Little implementations
• Deployment barriers (Ipsec deployment)
• Lacks micromobility, mobile router, simultaneous
  node movement capabilities
• High overhead for short transactions