lehrstuhl für informatik 4 kommunikation und verteilte …lehrstuhl für informatik 4 kommunikation...

Lehrstuhl für Informatik 4

Kommunikation und verteilte Systeme

1Chapter 4.1: Mobility on the Network Layer

Network Layer

• Mobile IP• Routing in Ad-Hoc Networks

Chapter 2• Technical Basics: Layer 1• Methods for Medium Access: Layer 2

Chapter 3• Wireless Networks: Bluetooth, WLAN,

WirelessMAN, WirelessWAN

• Mobile Networks: GSM, GPRS, UMTS

Chapter 4• Mobility on the network layer• Mobility on the transport layer

• Mobility support on the application layer




IP and Mobility

Routing in IP

• Bases on IP destination address, network prefix (e.g. 129.13.42) determines physical subnet

• When changing a subnet, the IP address has to be changed (basic IP) or a special routing entry has to be done

Specific routes to an end device?

• Adaptation of all routing tables for allowing for a re-route of packets• Does not scale with the number of mobile devices and with frequently

changing locations

Change of IP address?• Choice of IP address basing on the current location (e.g. per DHCP)

• How to find a device at its new location - DNS does not support often changes, it needs some time to adapt!

• TCP connections break down




Requirements to a “Mobile” IP

Transparency• Mobile devices keep their IP address

• Continuation of a communication after a parting• Access point to a network can be changed

Compatibility• Support of the same layer 2 protocols as IP

• No changes in existing computers and routers• Mobile devices have to be able to communicate with fixed ones

Security• All registration messages have to be authenticated

Efficiency and scalability• As little additional data to a device as possible

• A large number of mobile devices should be supported Internet-wide

Mobile IP




Terminology in Mobile IP

Mobile Node (MN)

• Node which can change the access point to a network without changing its IP address

Home Agent (HA)

• Entity in the “home network” of the MN, typically a router• Manages current location of the MN, tunnels IP packets to that location (COA)

Foreign Agent (FA)• Entity in the current “foreign” network of the MN, typically a router

• Forwarding of tunneled packets to the MN, usually also default router for the MN, provides COA

Care-of Address (COA)

• Valid address of the MN at the current tunnel end-point (either address at the FA, or directly assigned with the MN (co-located COA)

• From view of IP it is the current location of the MN

• Assigned e.g. via DHCP

Correspondent Node (CN): communication partner




Example Network

mobiles device

router

router

router

fixed device

FA

MN

home network

foreign network(physical home network for MN)

(current physical subnet for MN)

CN

Internet

HA137.226.12/24

137.226.12.98

141.17.63/24

141.17.63.124COA




Internet

Data Transfer to the Mobile Node

sender

receiver

1

2

3

1. Sender transmits to IP address of MN,HA intercepts packets

2. HA tunnels packet to COA (here FA) by encapsulation

3. FA forwards the packet to MN

FA

HAMN

CN

home network

foreign network




Internet

Data Transfer from the Mobile Node

receiver

sender

1

1. Sender transmits to IP address of the receiver as usual,FA serves as standard router

FA

MN

CN

HA

home network

foreign network




Overview

CN

RouterHA

RouterFA

Internet

Router

1.

2.

3.Home

NetworkMN

ForeignNetwork

4.

CN

RouterHA

RouterFA

Internet

Router

HomeNetwork

MN

ForeignNetwork

COATunnel




Network Integration

Agent Advertisement

• HA and FA periodically send special messages about themselves in their physical subnets

• A MN receives those messages and recognizes if it is in the home or a foreign network

• MN also can read a COA from the messages of the FA

Registration (only for limited time!)

• MN notifies the COA to its HA (via FA), the HA acknowledges via FA to MN• Those actions are protected by authentication

Advertisement• HA advertises the IP address of the MN (as for fixed systems), i.e. standard

routing information

• Routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time)

• Packets to the MN are sent to the HA, independent of changes in COA and FA




Agent Advertisement

Mobility-specific part• type = 16• length = 6 + 4 * #COAs• R: registration required• B: busy, no more registrations• H: home agent• F: foreign agent• M: minimal encapsulation• G: GRE encapsulation• r: =0, ignored (former Van Jacobson compression)• T: FA supports reverse tunneling• reserved: =0, ignored

ICMP-Header• type = 9, code = 0/16• lifetime: validity time of advertisement• Router address/preference:

addresses of responsible routers for the subnet preference level 1

router address 1#addresses

typeaddress size lifetime

checksum

COA 1COA 2

type = 16 sequence numberlength

0 7 8 15 16 312423code

preference level 2router address 2

. . .

registration lifetime

. . .

R B H F M G r reservedT




MN: Registration Request

• S: simultaneous bindings• B: broadcast datagram• D: decapsulation by MN• M minimal encapsulation• G: GRE encapsulation• r: =0, ignored• T: reverse tunneling requested• x: =0, ignored• lifetime is validity duration of the registration; deregistration, if 0

The MN registers via FA by sending a UDP datagram with • Source address = address of MN• Destination address/port = FA address / 434and the content:

home agenthome address

type = 1 lifetime0 7 8 15 16 312423

T x

identification

COA

extensions . . .

S B DMG r




Example codes:registration successful

0 registration accepted1 registration accepted, but simultaneous mobility bindings unsupported

registration denied by FA65 administratively prohibited66 insufficient resources67 mobile node failed authentication68 home agent failed authentication69 requested Lifetime too long

registration denied by HA129 administratively prohibited131 mobile node failed authentication133 registration Identification mismatch135 too many simultaneous mobility bindings

FA: Registration Reply

home agenthome address

type = 3 lifetime0 7 8 15 16 31

code

identification

extensions . . .




Encapsulation

• Encapsulation of one packet into another as payload� E.g. IPv6 in IPv4 (6Bone), Multicast in Unicast (Mbone)� Here: e.g. IP-in-IP-encapsulation, minimal encapsulation or GRE

(Generic Record Encapsulation)• IP-in-IP-encapsulation (mandatory, RFC 2003)

� Tunnel between HA and COA

Care-of address COAIP address of HA

TTLIP identification

IP-in-IP IP checksumflags fragment offset

lengthDS (TOS)ver. IHL

IP address of MNIP address of CN


layer 4 prot. IP checksumflags fragment offset


TCP/UDP/ ... payload




Encapsulation

• Minimal encapsulation (optional)

� Avoids repetition of identical fields� E.g. TTL, IHL, version, DS (RFC 2474, old: TOS)

� Only applicable for unfragmented packets, no space left for fragment identification

care-of address COAIP address of HA


min. encap. IP checksumflags fragment offset


IP address of MNoriginal sender IP address (if S=1)

Slayer 4 prot. IP checksum


reserved




Generic Routing Encapsulation

If other formats than only IP should be tunneled:

• Checksum: header and payload• Routing: source routing parameters• Offset because of variable length of

routing parameters• Key: authentication• s: strict source routing• Rec.: Recursion Control (maximum

number of recursed encapsulations)

Simplified version (RFC 2784)

originalheader

original data

new datanew header

outer headerGRE

headeroriginal data

originalheader

Care-of address COAIP address of HA


GRE IP checksumflags fragment offset


IP address of MNIP address of CN


layer 4 prot. IP checksumflags fragment offset



routing (optional)sequence number (optional)

key (optional)offset (optional)checksum (optional)

protocolrec. rsv. ver.CRK S s

RFC 1701

reserved1 (=0)checksum (optional)protocolreserved0 ver.C




Optimization of Data Path

Problem: Triangular Routing� Sender sends all packets via HA to MN

� Higher latency and network load• “Solutions”

� Sender learns the current location of MN� Direct tunneling to this location� HA informs a sender about the location of MN

� Big security problems!• Change of FA

� Packets on-the-fly during the change can be lost� New FA informs old FA to avoid packet loss, old FA now forwards

remaining packets to new FA

� This information also enables the old FA to release resources for the MN

Some problems remain… too small TTL, multicast groups, firewalls…

HA1

HA2




Change of Foreign Agent

CN HA FAold FAnew MN

MN changeslocation

t

Data Data DataUpdate

ACK

Data Data

RegistrationUpdateACK

DataData Data

Warning

RequestUpdate

ACK

DataData




Internet

Reverse Tunneling

receiver

FA

HA MN

home network

foreign network

sender

3

2

1

1. MN sends to FA (maybe encapsulated)2. FA tunnels packet to HA by

encapsulation3. HA forwards the packet to the receiver

as usual

CN




Characteristics of Mobile IP with Reverse Tunneling

Router accept often only “topological correct“ addresses (firewall!)• A packet from the MN encapsulated by the FA is now topological correct

• Furthermore multicast and TTL problems solved (TTL in the home network correct, but MN is to far away from the receiver)

Reverse tunneling does not solve

• Problems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking)

• Optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing)

The standard is backwards compatible

• The extensions can be implemented easily and cooperate with current implementations without these extensions

• Agent Advertisements can carry requests for reverse




Some Problems with Mobile IP

Security

• Authentication with FA problematic, for the FA typically belongs to another organization

• No protocol for key management and key distribution has been standardized in the Internet

Firewalls

• Typically mobile IP cannot be used together with firewalls, special set-ups are needed (such as reverse tunneling)

QoS

• Many new reservations in case of RSVP• Tunneling makes it hard to give a flow of packets a special treatment needed

for the QoS

Security, firewalls, QoS etc. are topics of current research and discussions!




Mobile IP and IPv6

Mobile IP was developed for IPv4, but IPv6 simplifies the protocols• Security is integrated and not an add-on, authentication of registration is

included• COA can be assigned via auto-configuration (DHCPv6 is one candidate),

every node has address autoconfiguration

• No need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisement; addresses are always co-located

• MN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization)

• „Soft“ hand-over, i.e. without packet loss, between two subnets is supported� MN sends the new COA to its old router

� The old router encapsulates all incoming packets for the MN and forwards them to the new COA

� Authentication is always granted




IP Micro-Mobility Support

Micro-mobility support• Mobile IP: large overhead for only small changes in location

• Efficient local handover inside a foreign domainwithout involving a home agent

• Reduces control traffic on backbone

• Especially needed in case of route optimization

Example approaches:• Cellular IP

• HAWAII• Hierarchical Mobile IP (HMIP)

Important criteria:Security Efficiency, Scalability, Transparency, Manageability




Cellular IP (CIP)

Operation:

• „CIP Nodes“ maintain routing entries (soft state) for MNs

• Multiple entries possible

• Routing entries updated based on packets sent by MN

CIP Gateway:

• Mobile IP tunnel endpoint• Initial registration processing

Security provisions:• All CIP Nodes share

„network key“

• MN key: MD5(net key, IP address)• MN gets key upon registration

CIP-Gateway

Internet

BS

MN1

data / controlpackets

from MN1

Mobile IP

BSBS

MN2

Packets fromMN2 to MN1




Cellular IP

Advantages

• Initial registration comprises authentication of MNs and is done centrally by the CIP gateway

• All control messages of MN are authenticated, simple and elegantarchitecture

• Mostly self-configuring (small management overhead)• Integration in firewalls / private addresses can be supported

Possible problems• Not transparent for MNs (additional control messages)

• Public-key encryption of MN keys maybe problematic for MNs with restricted resources

• Multiple-path propagation of data can lead to inefficient network capacity usage

• MNs directly can influence routing entries• Network keys are known to many components




HAWAII

Handoff-Aware Wireless Access Internet Infrastructure

• Operation:� MN obtains co-located COA

and registers with HA

� Handover: MN keeps COA,new BS answers registration requestand updates routers

� MN sees BS as foreign agent

• Security:

� MN-FA authentication mandatory

� Challenge/Response Extensions mandatory

BS

12

3

BackboneRouter

Internet

BS

MN

BS

MN

CrossoverRouter

DHCPServer

HA

DHCP

Mobile IP

Mobile IP

1

24

34




HAWAII

Advantages:• Mostly transparent to MNs (MN sends/receives standard Mobile IP messages)• Explicit support for dynamically assigned home addresses

• Mutual authentication and C/R extensions mandatory• Only infrastructure components can influence routing entries

Possible problems:• Mixture of co-located COA and FA concepts may not be supported by some

MN implementations

• No private address support possible because of co-located COA• Co-located COA raises DHCP security issues (DHCP has no strong

authentication)

• Decentralized security-critical functionality (Mobile IP registration processing during handover) in base stations

• Authentication of HAWAII protocol messages unspecified (potential attackers: stationary nodes in foreign network)




Hierarchical Mobile IPv6 (HMIPv6)

Operation:

• Network contains a Mobility Anchor Point (MAP)� Mapping of regional COA (RCOA) to link

COA (LCOA)

• Upon handover, MN informs MAP only� Gets new LCOA, keeps RCOA

• HA is only contacted if MAP changes

Security:• No HMIP-specific security provisions• Binding updates should be authenticated

MAP

Internet

AR

MN

AR

MN

HA

bindingupdate

RCOA

LCOAoldLCOAnew




Hierarchical Mobile IP

Vorteile:

• Handover requires minimum number of overall changes to routing tables• Integration with firewalls / private address support possible

• Local COAs can be hidden, which provides some location privacy• Direct routing between CNs sharing the same link is possible (but might be

dangerous)

Mögliche Probleme:• Not transparent to MNs

• Handover efficiency in wireless mobile scenarios:� Complex MN operations

� All routing reconfiguration messages sent over wireless link• MNs can (must!) directly influence routing entries via binding updates

(authentication necessary)




Ad-Hoc Networks

• Standard Mobile IP needs an infrastructure

� Home Agent/Foreign Agent in the fixed network� DNS, routing etc. are not designed for mobility

• Sometimes there is no infrastructure!� remote areas, ad-hoc meetings, disaster areas� cost can also be an argument against an infrastructure!

• Main topic: routing� no default router available

� every node should be able to forward

A B C




Manet: Mobile Ad-hoc Networking

FixedNetwork

MobileDevices

MobileRouter

Manet

Mobile IP, DHCP

Router End system




Traditional Routing Algorithms

• Distance Vector

� Periodic exchange of messages with all physical neighbors that contain information about who can be reached at what distance

� Selection of the shortest path if several paths available

� Inefficient in ad-hoc networks

• Link State

� Periodic notification of all routers about the current state of all physical links

� Router get a complete picture of the network

� Completely fails in ad-hoc networks

• Example

� ARPA packet radio network (1973), DV-Routing� Every 7.5s exchange of routing tables including link quality

� Updating of tables also by reception of packets� Routing problems solved with limited flooding




Problems of Traditional Routing Algorithms

Asymmetric connection

• The transmission quality in both directions can differ heavily• If a route in one direction exists, maybe it does not hold for the other direction

Redundant links• Maybe a whole mesh of connections exists – complex network, thus high

computation overhead for routers

Limited performance of mobile systems• Periodic updates of routing tables need energy without contributing to the

transmission of user data, sleep modes difficult to realize• Limited bandwidth of the system is reduced even more due to the exchange of

routing information

Interference• Data loss rate

• But also can be useful to “learn” about the topology




Problems of Traditional Routing Algorithms

Dynamic of topology

• Largest problem: frequent changes of connections, connection quality, participants!

N1

N4

N2

N5

N3

N1

N4

N2

N5

N3

good connectionbad connection

time = t1 time = t2




First Approach: Dynamic Source Routing

Split routing into discovering a path and maintaining a path

• Discover a path

� Only if a path for sending packets to a certain destination is needed and no path is currently available

� Broadcast a packet with destination address and unique ID

� If a station receives a broadcast packet• If the station is the receiver (i.e., has the correct destination address)

then return the packet to the sender (path was collected in the packet)

• If the packet has already been received earlier (identified via ID) then discard the packet

• Otherwise, append own address and broadcast packet � Sender receives packet with the current path (address list)� The destination can read out the path and answer the same way

(symmetric paths!) or starts the same procedure in the other direction




Dynamic Source Routing

Optimizations• Restriction by maximum “range” of the network (if known)

• Caching of path information using passing packets (usage for own or foreign path choice)




Dynamic Source Routing

• Maintain a path� After sending a packet

• Wait for a layer 2 acknowledgement (if applicable)

• Listen into the medium to detect if other stations forward the packet (if possible)

• Request an explicit acknowledgement

� If a station encounters problems it can inform the sender of a packet or look-up a new path locally

� Only while the path is in use one has to make sure that it can be used continuously

Thus:

• No periodic updates needed!• But: delay before a sending and after problems arose




DSDV (Destination Sequenced Distance Vector)

• Enhancement of Distance Vector Routing

• Each host manages a distance table which contains the number of hops to other hosts

• Routing tables are exchanged if changes occur (full dump and incremental dump)

• Again: discovery and maintenance of a path, but only counting of number of hops to a destination

• Sequence number for each path update

� Guarantee for correct order of all updates� Avoid loops and inconsistencies

• Slow down of changes� Storage of the time between first and best announcement of a path

� Delay of an update if the path probably is not stable (basing on the stored time)




DSDV

Variant: Ad Hoc On-Demand Distance Vector Routing (AODV)• Demand-driven variant

• Update only if currently a transmission is ongoing• Store routing information only for needed destinations




Interference-Based Routing

Routing based on assumptions about interference between signals:

S1

N5

N3

N4

N1 N2

E1

E2N6

N8

S2

N9N7

Neighbors(i.e. in radio range)

Interference




Examples for Interference-Based Routing

Least Interference Routing (LIR)

• Calculate the cost of a path based on the number of stations that can receive a transmission

• LIR is very simple to implement, only information from direct neighbors is necessary

Max-Min Residual Capacity Routing (MMRCR)• Calculate the cost of a path based on a probability function of successful

transmissions and interference

Least Resistance Routing (LRR)• Calculate the cost of a path based on interference, jamming and other

transmissions




Fisheye State Routing

• Bases on Link State Routing

• Load caused by information exchange is reduced: Logically subdivide the nodes in zones which centrically surround a node. The exchange frequency decreases with increasing zone distance

• Information exchange like in DSDV




Ant Routing

Other method: look at techniques from nature, e.g. orientation of ants when searching for food




Clustering of Ad-Hoc Networks

Internet

super cluster

cluster

base station

cluster access point

Hierarchical structure for large networks




A Multitude of Ad-Hoc Routing Protocols

• Flat, proactive

� FSLS – Fuzzy Sighted Link State� FSR – Fisheye State Routing

� OLSR – Optimised Link State Routing Protocol� TBRPF – Topology Broadcast Based on Reverse Path Forwarding

• Flat, reactive� AODV – Ad hoc On demand Distance Vector� DSR – Dynamic Source Routing

• Hierarchical� CGSR – Clusterhead-Gateway Switch Routing

� HSR – Hierarchical State Routing� LANMAR – Landmark Ad Hoc Routing

� ZRP – Zone Routing Protocol• Geographic position assisted (e.g. GPS)

� DREAM – Distance Routing Effect Algorithm for Mobility� GeoCast – Geographic Addressing and Routing

� GPSR – Greedy Perimeter Stateless Routing� LAR – Location-Aided Routing




Conclusion

Transfer protocols• The network layer “is” the Internet - IP has central role• For a mobile IP: no changes of existing systems, only adding mobility to the

classical IP• DHCP supports Mobile IP• Many topics are still under research (security, QoS, …)

• A change to IPv6 would make easier many things

Routing protocols

• Ad-hoc networks give additional requirements to routing algorithms• Flat approaches only for small networks, otherwise hierarchical routing is needed

• Current research topic

lehrstuhl für informatik 4 kommunikation und verteilte …lehrstuhl für informatik 4 kommunikation...

Documents