presented by hasan sÖzer1 public access mobility lan: extending the wireless internet into the lan...
Post on 21-Dec-2015
227 views
TRANSCRIPT
presented by Hasan SÖZER 1
PUBLIC ACCESS MOBILITY LAN:EXTENDING THE WIRELESS INTERNET INTO THELAN ENVIRONMENT
JUN LISTEPHEN B.WEINSTEIN
JUNBIAO ZHANGNAN TU
NEC USA INC.
presented by Hasan SÖZER 2
Outline Introduction PamLAN Architecture & Protocol
Components Security Issues Mobility Management Conclusion
presented by Hasan SÖZER 3
Introduction Aim is to meet
Ubiquitous access High data rate Local services
Need for Wireless LAN environments
presented by Hasan SÖZER 4
Introduction (cont’d) Architectural guidelines for WLAN
environments Large-scale IP-based Supporting mobile/portable
appliances
presented by Hasan SÖZER 5
Introduction (cont’d) IP-level service
Independence from wireless medium access technology
Multi-segment LAN Supporting handoffs
Based on wired LAN environment Wireless access points are imbeded
presented by Hasan SÖZER 6
Introduction (cont’d) Recent developments in
Cellular systems Wireless LAN technologies
Most WLANs are Either private (i.e. For companies) Or available through subscription
presented by Hasan SÖZER 7
PamLAN IP-based Public Access Mobility LAN Supports Internet Access via WLANs
Multiple air interfaces Multiple virtual operators Location dependent services Local IP mobility QoS (within wired network)
presented by Hasan SÖZER 8
PamLAN Stakeholders:
Network operators Hotel, airport, ...
Third-party service providers (like ISPs)
Franchises obtained from PamLAN operator
Also called: virtual operators End users
presented by Hasan SÖZER 9
PamLAN May have multiple LAN segments
Airports, hotels, universities, ... Can be built on existing LANs
By adding wireless access points
presented by Hasan SÖZER 10
PamLAN vs. Cellular Systems Even 3G mobile communication
systems would not be sufficient for evolving Internet applications 384 kb/s outdoors, 2 Mb/s indoors
downstream burst rates Intrinsic problem: providing continuous
coverage in reserved spectrum Investment/Capacity scalability???
presented by Hasan SÖZER 11
PamLAN vs. Cellular Systems WLANs have free spectrum Problem: Potential interfarence
i.e. IEEE 802.11b & Bluetooth Property owners may be agreed or
enforced on compatibility
presented by Hasan SÖZER 12
Promises of PamLAN Addresses problems in current WLANs
Lack of public access Being tied down to a single access point Single air interface
Not a breakthrough in technological capacities
Combination of available technologies
presented by Hasan SÖZER 13
PamLAN : Usage of WLAN WLANs
Has cost/performance advantages when compared with cellular mobile systems
Likely to be the prefered technology in future for Internet appliance communication sessions
presented by Hasan SÖZER 14
Architecture PamLAN/VOLAN/VLAN hierarchy
PamLAN: multiple virtual operators VOLAN: Virtual Operator LAN
Extends VLAN capabilities across subnetworks
VLAN: Virtual LAN Implements user group feaures Simulates a physical LAN on a
multisegment LAN environment
presented by Hasan SÖZER 15
Architecture (cont’d) Switched Ethernet LAN Access Points
Supporting IEEE, Bluetooth, Cellular, ...
IP-based access router with proxies Gateway routers
Internet access through IP-tunneling
presented by Hasan SÖZER 16
Architecture (cont’d)
presented by Hasan SÖZER 17
Architecture (cont’d) QoS is supported by Ethernet Switches
CSMA/CD + full duplex (no contention) Integration of Cellular IP & Mobile IP for
supporting mobility MPLS (Multi-Protocol Label Switching)
Brings QoS across multiple LAN segments
presented by Hasan SÖZER 18
Related Protocols & Standards IEEE VLAN standard 802.1Q
12 bit VLAN ID imbedded within 4 byte section of Ethernet header determines membership
IEEE 802.1p header for QoS 3 bit section in IEEE 802.1Q header
that differentiate 8 frame priorities
presented by Hasan SÖZER 19
Large Scale PamLAN For single VLAN QoS can be easily
supported For large scale WLANs?
Intermediate routers work at layer 3 Layer 2 information is lost
Source & destination addresses must be used for VOLAN membership
Intermediate routers must know all IP addresses for VLAN mapping
presented by Hasan SÖZER 20
Large Scale PamLAN (cont’d) Solution: MPLS
Simple & efficient Access points & Internet gateways
handle VOLAN provisioning Intermediate routers are shielded
from details VLAN for grouping traffic per
VOLAN MPLS for whole PamLAN
presented by Hasan SÖZER 21
MPLS (Multi-Protocol Label Switching) Tunnels traffic between gateways &
access points Intermediate routers only examine MPLS
labels, which imposes a path Forwarding Equivalence Class (FEC)
Formed based on VOLAN membership & QoS
FEC is inserted in MPLS label Used for 802.1p priority within VLAN
presented by Hasan SÖZER 22
MPLS (cont’d)
presented by Hasan SÖZER 23
MPLS (cont’d) Traffic engineered paths can be set
up among access points and Internet gateways according to service contracts between PamLan & virtual operators
presented by Hasan SÖZER 24
Protocol Stack
presented by Hasan SÖZER 25
Security Issues Mutual Authentication Secure Channel Establishement Authorization
Filtering at the access point
presented by Hasan SÖZER 26
Mutual Authentication RADIUS (Remote Authentication Dial-
In User Service) IP-based authentication (~802.11
proposal) 5 Basic Steps:
Obtaining IP (DHCP) Login session
access point: relay agent to virtual operator Challenge-responce protocol for authentication PKC for securing channel
presented by Hasan SÖZER 27
Mutual Authentication (cont’d)
presented by Hasan SÖZER 28
Securing Channel After authentication
User’s profile is transfered to the access point including his/her public key
Access point sends session key encrypted under the corresponding public key
IPSEC together with ESP can be used for security at IP layer depending on user requests
presented by Hasan SÖZER 29
Authorization Control Based on user credentials, packets
can be filtered at the access point
presented by Hasan SÖZER 30
Accounting 3 possible charging policies
Flat-fee based Per-session Usage based
Avoidance dispute by digital signature
presented by Hasan SÖZER 31
Mobility Issues Mobility should be supported at
layer 3 Multiple subnetworks within PamLAN
Micromobility Roaming within PamLAN
presented by Hasan SÖZER 32
Mobility Issues (cont’d) Possible approaches
Cellular IP: refreshing router contents can be a burden for too many users
MPLS based: only end points have to update location
Old, new access points and Internet gateway need to be informed
presented by Hasan SÖZER 33
Mobility Issues (cont’d) Fast handoff
No repetative authentication Move user profile from old access
point to the new one Access point re-establishes
connection with virtual operator Access point sends old session key
and new session key encrypted under user’s public key
presented by Hasan SÖZER 34
Conclusion Sequre Extensible Multiple services Multiple air interfaces
? Are all appliances capable of handling PKC opreations