presented by Hasan SÖZER 1

PUBLIC ACCESS MOBILITY LAN:EXTENDING THE WIRELESS INTERNET INTO THELAN ENVIRONMENT

JUN LISTEPHEN B.WEINSTEIN

JUNBIAO ZHANGNAN TU

NEC USA INC.

presented by Hasan SÖZER 2

Outline Introduction PamLAN Architecture & Protocol

Components Security Issues Mobility Management Conclusion

presented by Hasan SÖZER 3

Introduction Aim is to meet

Ubiquitous access High data rate Local services

Need for Wireless LAN environments

presented by Hasan SÖZER 4

Introduction (cont’d) Architectural guidelines for WLAN

environments Large-scale IP-based Supporting mobile/portable

appliances

presented by Hasan SÖZER 5

Introduction (cont’d) IP-level service

Independence from wireless medium access technology

Multi-segment LAN Supporting handoffs

Based on wired LAN environment Wireless access points are imbeded

presented by Hasan SÖZER 6

Introduction (cont’d) Recent developments in

Cellular systems Wireless LAN technologies

Most WLANs are Either private (i.e. For companies) Or available through subscription

presented by Hasan SÖZER 7

PamLAN IP-based Public Access Mobility LAN Supports Internet Access via WLANs

Multiple air interfaces Multiple virtual operators Location dependent services Local IP mobility QoS (within wired network)

presented by Hasan SÖZER 8

PamLAN Stakeholders:

Network operators Hotel, airport, ...

Third-party service providers (like ISPs)

Franchises obtained from PamLAN operator

Also called: virtual operators End users

presented by Hasan SÖZER 9

PamLAN May have multiple LAN segments

Airports, hotels, universities, ... Can be built on existing LANs

By adding wireless access points

presented by Hasan SÖZER 10

PamLAN vs. Cellular Systems Even 3G mobile communication

systems would not be sufficient for evolving Internet applications 384 kb/s outdoors, 2 Mb/s indoors

downstream burst rates Intrinsic problem: providing continuous

coverage in reserved spectrum Investment/Capacity scalability???

presented by Hasan SÖZER 11

PamLAN vs. Cellular Systems WLANs have free spectrum Problem: Potential interfarence

i.e. IEEE 802.11b & Bluetooth Property owners may be agreed or

enforced on compatibility

presented by Hasan SÖZER 12

Promises of PamLAN Addresses problems in current WLANs

Lack of public access Being tied down to a single access point Single air interface

Not a breakthrough in technological capacities

Combination of available technologies

presented by Hasan SÖZER 13

PamLAN : Usage of WLAN WLANs

Has cost/performance advantages when compared with cellular mobile systems

Likely to be the prefered technology in future for Internet appliance communication sessions

presented by Hasan SÖZER 14

Architecture PamLAN/VOLAN/VLAN hierarchy

PamLAN: multiple virtual operators VOLAN: Virtual Operator LAN

Extends VLAN capabilities across subnetworks

VLAN: Virtual LAN Implements user group feaures Simulates a physical LAN on a

multisegment LAN environment

presented by Hasan SÖZER 15

Architecture (cont’d) Switched Ethernet LAN Access Points

Supporting IEEE, Bluetooth, Cellular, ...

IP-based access router with proxies Gateway routers

Internet access through IP-tunneling

presented by Hasan SÖZER 16

Architecture (cont’d)

presented by Hasan SÖZER 17

Architecture (cont’d) QoS is supported by Ethernet Switches

CSMA/CD + full duplex (no contention) Integration of Cellular IP & Mobile IP for

supporting mobility MPLS (Multi-Protocol Label Switching)

Brings QoS across multiple LAN segments

presented by Hasan SÖZER 18

Related Protocols & Standards IEEE VLAN standard 802.1Q

12 bit VLAN ID imbedded within 4 byte section of Ethernet header determines membership

IEEE 802.1p header for QoS 3 bit section in IEEE 802.1Q header

that differentiate 8 frame priorities

presented by Hasan SÖZER 19

Large Scale PamLAN For single VLAN QoS can be easily

supported For large scale WLANs?

Intermediate routers work at layer 3 Layer 2 information is lost

Source & destination addresses must be used for VOLAN membership

Intermediate routers must know all IP addresses for VLAN mapping

presented by Hasan SÖZER 20

Large Scale PamLAN (cont’d) Solution: MPLS

Simple & efficient Access points & Internet gateways

handle VOLAN provisioning Intermediate routers are shielded

from details VLAN for grouping traffic per

VOLAN MPLS for whole PamLAN

presented by Hasan SÖZER 21

MPLS (Multi-Protocol Label Switching) Tunnels traffic between gateways &

access points Intermediate routers only examine MPLS

labels, which imposes a path Forwarding Equivalence Class (FEC)

Formed based on VOLAN membership & QoS

FEC is inserted in MPLS label Used for 802.1p priority within VLAN

presented by Hasan SÖZER 22

MPLS (cont’d)

presented by Hasan SÖZER 23

MPLS (cont’d) Traffic engineered paths can be set

up among access points and Internet gateways according to service contracts between PamLan & virtual operators

presented by Hasan SÖZER 24

Protocol Stack

presented by Hasan SÖZER 25

Security Issues Mutual Authentication Secure Channel Establishement Authorization

Filtering at the access point

presented by Hasan SÖZER 26

Mutual Authentication RADIUS (Remote Authentication Dial-

In User Service) IP-based authentication (~802.11

proposal) 5 Basic Steps:

Obtaining IP (DHCP) Login session

access point: relay agent to virtual operator Challenge-responce protocol for authentication PKC for securing channel

presented by Hasan SÖZER 27

Mutual Authentication (cont’d)

presented by Hasan SÖZER 28

Securing Channel After authentication

User’s profile is transfered to the access point including his/her public key

Access point sends session key encrypted under the corresponding public key

IPSEC together with ESP can be used for security at IP layer depending on user requests

presented by Hasan SÖZER 29

Authorization Control Based on user credentials, packets

can be filtered at the access point

presented by Hasan SÖZER 30

Accounting 3 possible charging policies

Flat-fee based Per-session Usage based

Avoidance dispute by digital signature

presented by Hasan SÖZER 31

Mobility Issues Mobility should be supported at

layer 3 Multiple subnetworks within PamLAN

Micromobility Roaming within PamLAN

presented by Hasan SÖZER 32

Mobility Issues (cont’d) Possible approaches

Cellular IP: refreshing router contents can be a burden for too many users

MPLS based: only end points have to update location

Old, new access points and Internet gateway need to be informed

presented by Hasan SÖZER 33

Mobility Issues (cont’d) Fast handoff

No repetative authentication Move user profile from old access

point to the new one Access point re-establishes

connection with virtual operator Access point sends old session key

and new session key encrypted under user’s public key

presented by Hasan SÖZER 34

Conclusion Sequre Extensible Multiple services Multiple air interfaces

? Are all appliances capable of handling PKC opreations