Univ. of TehranComputer Network1 Special Topics on Wireless Ad-hoc Networks University of Tehran Dept. of EE and Computer Engineering By: Dr. Nasser Yazdani Wireless Internet, Mobile IP Lecture 10: Wireless Internet, Mobile IP
Univ. of TehranComputer Network2 Covered topics How to build a global wireless network? Some considerations Mobility Routing Transport layer References Chapter 4 of the book Alex C. Snoeren and Hari Balakrishnan, “An End-to-End Approach to Host Mobility”
Univ. of TehranComputer Network3 Outline Mobility consideration Mobile IP Multicast approach End to End approach
Univ. of TehranComputer Network4 Motivation Connectivity everywhere Overlapping, heterogeneous networks Small, portable devices Maintaining ongoing connections as the user moves Why maintain connectivity? Avoid restarting applications/networks Avoid losing “distributed state”
Problems? The IP address associated with a mobile host is network dependent! When user connects to another network, IP address needs to change Packets belonging to ongoing connections somehow need to be delivered to the mobile host Solutions?
Univ. of TehranComputer Network6 Build in the network The traditional approach: support in the network Intelligence and expense is in the network End-points are cheap (handsets) Allows for supporting infrastructure Requires agreements/trust amongst multiple vendors Examples: A link/physical level (many wireless networks) At routing level (Columbia, VIP) Doesn’t work when switching between technologies and often not between vendors In Internet would require modifying lots of routers
Univ. of TehranComputer Network7 Build in end points The Internet approach: end-to-end Intelligence (and expense) is in the end-points Network is cheap (relatively) and as fast as possible Implies self-support for many activities Less work/trust required amongst multiple vendors End-to-end support at transport/naming/application levels May be ideal in future, but requires extensive changes Not currently backwards compatible
Univ. of TehranComputer Network8 Problems in Wireless Mobility: Nodes move from a network to another. How to keep connectivity Broken connectivity and high error rate in the link: Degrades badly the performance. TCP timeout How to deal with Mobility?: Any solution should satisfy Compatibility Scalability Transparency
Univ. of TehranComputer Network9 E2E in routing level Use end-to-end support at routing level Makes problem transparent at layers above and below Current Internet standard: Mobile IP (RFC 2002) application transport routing link physical Modify all applications? Modify TCP, UDP, etc.? Modify IP end-points? Modify all device drivers? How does this work across network technologies? TCP/IP network stack:
Univ. of TehranComputer Network10 IP address problem Internet hosts/interfaces are identified by IP address Domain name service translates host name to IP address IP address identifies host/interface and locates its network Mixes naming and location Moving to another network requires different network address But this would change the host’s identity How can we still reach that host?
Univ. of TehranComputer Network11 Domains versus interfaces Switching domains & switching interfaces are the same problem at the routing level Network interfaces: Administrative domains: Mobile host ether radio X X Stanford.edu Berkeley.edu X.X X.X
Intuitive Solution Take up the analogy of you moving from one apartment to another What do you do? Leave a forwarding address with your old post-office! The old post-office forwards mails to your new post-office, which then forwards them to you
Reverse path? Same as in the post-office analogy Packets originating from the mobile host go directly to the static corresponding host … HA SH MH FA MH Hence the name triangular routing
Univ. of TehranComputer Network14 Basic Mobile IP MH = mobile host CH = correspondent host HA = home agent FA = foreign agent (We’ll see later that FA is not necessary or even desirable) MH registers new “care-of address” (FA) with HA HA tunnels packets to FA FA decapsulates packets and delivers them to MH HA CH Home network Foreign network FAMH
Univ. of TehranComputer Network15 Packet Tunneling Source address = address of CH Destination address = home IP address of MH Payload Source address = address of HA Destination address = care-of address of MH Source address = address of CH Destination address = home IP address of MH Original payload Packet from CH to MH Home agent intercepts above packet and tunnels it
Univ. of TehranComputer Network16 host moves again HA CH Home network Foreign network #1 FA #1MH Foreign network #2 FA #2MH MH registers new address (FA #2) with HA & FA #1 HA tunnels packets to FA #2, which delivers them to MH Packets in flight can be forwarded from FA #1 to FA #2
Univ. of TehranComputer Network17 Basic Mobile IP (cont) HA CH Home network Foreign network FAMH Mobile hosts also send packets Mobile host uses its home IP address as source address -Lower latency -Still transparent to correspondent host -No obvious need to encapsulate packet to CH This is called a “triangle route”
Univ. of TehranComputer Network18 Mobile IP (RFC 2002) Leaves Internet routing fabric unchanged Does assume “foreign Agent ” exist everywhere Simple Correspondent hosts don’t need to know about mobility Works both for changing domains and network interfaces
Univ. of TehranComputer Network19 Problems with ingress filtering HA CH Home network Foreign network MH Mobile host uses its home IP address as source address Security-conscious boundary routers will drop this packet
Univ. of TehranComputer Network20 Solution: bi-directional tunnel Provide choice of “safe” route through home agent both ways HA CH Home networkForeign network MH This is the slowest but most conservative option At the other extreme…
Discovering the care-of address Discovery process built on top of an existing standard protocol: router advertisement (RFC 1256) Router advertisements extended to carry available care-of addresses called: agent advertisements Foreign agents (and home agents) send agent advertisements periodically A mobile host can choose not to wait for an advertisement, and issue a solicitation message
Registering the Care-of Address Once mobile host receives care-of address, it registers it with the home agent A registration request is first sent to the home agent (through the foreign agent) Home agent then approves the request and sends a registration reply back to the mobile host Security?
Registration Authentication Mobile IP requires the home agent and mobile host to share a security association MD5 with 128-bit keys to create digital signatures for registration requests to be used (registration message & header used for creating signature) Any problems? – replay attacks Solved by using an unique message identifier (timestamp or pseudorandom number)
Foreign Agent Security? No foreign agent authentication required Foreign agent can potentially discard data once registration happens However, the problem is same as in unauthenticated route advertisements (RFC 1256) in the wireline context
Home agent discovery If the mobile host is unable to communicate with the home agent, a home agent discovery message is used The message is sent as a broadcast to the home agents in the home network
Univ. of TehranComputer Network26 Problems with Foreign Agents Assumption of support from foreign networks A foreign agent exists in all networks you visit? The foreign agent is robust and up and running? The foreign agent is trustworthy? Correctness in security-conscious networks “triangle route” has problems MH under its own control can eliminate this problem Other undesirable features Some performance improvements are harder with FAs We want end-to-end solution that allows flexibility
Univ. of TehranComputer Network27 Solution HA CH Home network Foreign network MH Mobile host is responsible for itself (With help from infrastructure in its home network) -Mobile host decapsulates packets -Mobile host sends its own packets -“Co-located” FA on MH MH must acquire its own IP address in foreign network This address is its new “care-of” address Mobile IP spec allows for this option
Univ. of TehranComputer Network28 Obtaining a foreign IP address Can we expect to obtain an IP address? DHCP becoming more common Dynamic IP address binding like some dial-up services Your friend can reserve an IP address for you Various other tricks More support for dynamic IP address binding in IPv6 This assumes less than getting others to run a FA
Univ. of TehranComputer Network29 Design implications New issues: the mobile host now has two roles: Home role Local role - More complex mobile host - Loss of in-flight packets? (This can happen anyway.) + Can visit networks without a foreign agent + Can join local multicast groups, etc. + More control over packet routing = more flexibility
Univ. of TehranComputer Network30 Problem: performance Example: short-lived communication When accessing a web server, why pay for mobility? Do without location-transparency Unlikely to move during transfer; can reload page Works when CH keeps no state about MH
Univ. of TehranComputer Network31 Solution: yet more flexibility HA CH Home network Foreign network MH Use current care-of address and send packet directly -This is regular IP! More generally: -MH should have flexibility to adapt to circumstances -A range of options: from slow-but-safe to regular IP -Should be an end-to-end packet delivery decision (no FA)
Univ. of TehranComputer Network32 Forwarding options Allow MH to choose from among all forwarding options Options: Encapsulate packet or not? Use home address or care-of address as source address? Tunnel packet through home agent or send directly? Choice determined by: Performance Desire for transparent mobility Mobile-awareness of correspondent host Security concerns of networks traversed Equivalent choices for CH sending packets to MH
Univ. of TehranComputer Network33 Mobility 4x4 Outgoing Indirect, Encapsulated Outgoing Direct, Encapsulated Outgoing Direct, Home Address Outgoing Direct, Temp. Address Incoming Indirect, Encapsulated Most reliable, least efficient Requires decapsulation on CH No security- conscious routers on path Incoming Direct, Encapsulated Requires fully mobile-aware CH No security- conscious routers on path Incoming Direct, Home Address Requires both hosts to be on same net. seg. Incoming Direct, Temp. Address Most efficient, no mobility support
Univ. of TehranComputer Network34 Which to use? With bidirectional tunneling Probe destination using triangle route If it works, switch to that option With triangle route If packets aren’t getting through after some number of tries
Univ. of TehranComputer Network35 Local ARP cache problem ARP caches store (IP address, HW address) pairs MH host visits foreign network Wants to talk directly back and forth to local hosts If it wants to maintain connectivity with them after moving Use home IP address Other hosts address MH by HW address on local link But if MH moves again, ARP cache entries are wrong If it doesn’t care Use local IP address If MH moves, ARP cache is wrong, but nobody cares
Multicast-based Architecture Very different from the mobile-IP model Based on the IP-multicast approach Leverages the similarities in the two problems (multicast and mobility) Minor modifications to IP-multicast required
Multicast Multicast: group membership, packets sent to a multicast address have to be delivered to all members of the group Members of a multicast group can be located “anywhere” IP-multicast infrastructure is overlayed on the Internet (construction of infrastructure a separate problem by itself – DVMRP, CBT, etc.) Forwarding of data happens on the overlayed infrastructure, and routing is group specific
Multicast (Illustration) Tunnels
Multicast & Mobility Tunnels CH Use IP-multicasting to support mobility!
End-to-End Approach Internet infrastructure does not change (like in mobile IP) Changes required at both the sender and receiver Connection migrates when mobile-host moves
E2E Approach (Contd.) Hostname used as the invariant to identify mobile host Mobile host uses DNS updates to change hostname to IP address mapping No consistency problem as DNS entries can be made un-cacheable If client is mobile, DNS-support not used
E2E Approach (Contd.) When a mobile-host undergoes a handoff, it re-issues a SYN (with a MIGRATE option identifying the previous connection) A unique token exchanged during initial connection set-up used to identify connection The receiver of the SYN changes its state to represent the new address of the mobile-host Connection proceeds as a regular TCP connection from thereon Trade-offs?
Univ. of TehranComputer Network43 TCP-level mobility support Use dynamic DNS for initial name lookup If name/address changes during a connect, use TCP migrate option If name changes between DNS lookup and TCP connection, then do another DNS lookup
Univ. of TehranComputer Network44 TCP-level advantages and disadvantages + No tunneling + No need to modify IP layer + Possibly more input from applications - Requires secure dynamic DNS - Scalability issue not entirely dismissable - What if both endpoints are mobile? - Need to modify multiple transport layers - More transport-level changes required than IP-level additions - Security issues more severe (1 st paragraph of Section 5 is false) - Requires application-level changes for DNS retries
Univ. of TehranComputer Network45 Overall TCP-level questions Are IP address changes a routing responsibility or an application responsibility? Is this really end-to-end? With dynamic DNS requirements, application-level changes, and TCP changes, why not just do DNS retry every time a connection fails?