syzygy engineering 1 mobile networking mobile-ip mobile networking ad hoc network acp/wg n meeting...

1

SYZYGY Engineering

Mobile NetworkingMobile-IP

Mobile NetworkingAd Hoc Network

ACP/WG N Meeting 06 WGN06 – IP13 ACP/WG N/SG N1 WP904

(APC) WP-N1-IP-701Latest available information as of 03/26/2006

Will Ivancic

© 2004 Syzygy Engineering – Will Ivancic

2

SYZYGY Engineering

Outline

• Mobile Networking Solutions• Mobile-IPv4 Operation (mip4)• Mobile-IPv6 Operation (mip6)• Networks In Motion (nemo)• Mobile Nodes and Multiple

Interfaces in IPv6 (monami6)• Ad Hoc Networks


3

SYZYGY Engineering

What is Mobility?

• Transportable– Telecommuter– Traveler– Relatively static once

connected– Single point of connection– Connectivity

• IPv6 Autoconfiguration

• VPN

• Mobile– Mobile Devices

• PDAs

• Cell Phones

– Mobile Networks• Trains

• Planes

• Automobiles

– Connectivity• Mobile-IP

• Networks in Motion (NEMO)

• Ad Hoc Networks


4

SYZYGY Engineering

Mobile Networking Solutions

• Routing Protocols Route Optimization Convergence Time Sharing Infrastructure – who owns the network?

• Mobile-IP Route Optimization

• Optimization for MIPv6• No Optimization for NEMOv6 (Basic)• Optimization can be problematic for security (if reverse tunneling is

required) Convergence Time Sharing Infrastructure Security – Relatively Easy to Secure

• Domain Name Servers Route Optimization Convergence Time Reliability

Source – Will Ivancic

5

SYZYGY Engineering

Mobility at What Layer?

• Layer-2 (Radio Link)– Fast and Efficient– Proven Technology within the same infrastructure

• Cellular Technology Handoffs • WiFi handoffs

• Layer-3 (Network Layer)– Slower Handover between varying networks– Layer-3 IP address provides identity– Security Issues

• Need to maintain address

• Layer-4 (Transport Layer)– Research Area– Identity not tied to layer-3 IP address– Proposed Solutions

• HIP – Host Identity Protocol• SCTP – Stream Control Transport Protocol


6

SYZYGY Engineering

Location Identifier

Internet Alice(Mobile Node)

Headquarters(Location Manager)

HQ Keeps Track of

Alice.

Bob(Corresponding Node)

Where is Alice’sLocation

Manager?

I am inCleveland,

Ohio

Hello Alice

Hello Bob,I am in Cleveland,

Ohio

What is the Weather like in

Cleveland?


7

SYZYGY Engineering

Moblile-IP Operation

IPv4


8

SYZYGY Engineering

Mobile IPv4 Header Considerations

• Source is always home network address!– Easy to secure due to

consistent end-point!– But, results in topologically

incorrect address when away from home.

• Security Issue, Ingress and Egress Filtering

• Reverse Tunneling– Fixes topologically incorrect

addressing problem– Eases secure deployment.

Version IHLType of Service

Total Length

IdentificationFlag

sFragment

Offset

Time to Live

ProtocolHeader

Checksum

Source Address

Destination Address

Options Padding

IPv4 Header 20 bytesIPv4 Header 20 bytes


Mobile Node

Foreign Agent Foreign Agent

Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node

Internet or Intranet

139.88.112.1NASA Glenn

143.232.48.1

Home IP 128.183.13.103Care-Off-Address139.88.111.50

128.183.13.1NASA Goddard

Mobile-IP (IPv4) using Foreign Agents

Bi-directional Tunnel

if Reverse Tunneling

Is specified.


Mobile Node


Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node



143.232.48.1



Mobile-IP (IPv4) using Foreign Agents


Mobile Node


Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node



143.232.48.1



Mobile-IP (IPv4) using Foreign Agents(Reverse Tunneling)


Mobile Node

Access Router Access Router

Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node



143.232.48.1



Mobile-IP (IPv4) using Collocated Care-Of-Address

DHCP orConnection Established



Is specified.


Mobile Node


Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node



143.232.48.1



Mobile-IP (IPv4) using Collocated Care-Of-Address


Mobile Node


Home Agent

“ ”

139.88.111.1

143.232.48.1NASA Ames

Corresponding Node



143.232.48.1



Mobile-IP (IPv4) using Collocated Care-Of-Address(Reverse Tunneling)




Is specified.

Tunnel-0

Tunnel-1

Mobile Router(Mobile Node)

Foreign Agent

Home Agent

Corresponding Node

139.88.112.1Internet WAN

128.184.24.2


Internet

10.2.2.1RoamingInterface

128.184.24.1Virtual LANInterface

128.184.25.1HA LoopbackVirtual Interface

139.88.100.1FA WAN

128.184.26.1MR Loopback

Virtual InterfaceCOA 139.88.100.1

Mobile-Router (IPv4)Mobile Router



Foreign Agent

Home Agent

Corresponding Node


Tunnel-0


Internet


Tunnel-1


139.88.100.1FA WAN

Mobile-Router (IPv4)Mobile Router

(Reverse Tunneling)128.184.24.2128.184.24.1

Virtual LANInterface





Home Agent

Corresponding Node


Tunnel-0



Foreign Agent

Tunnel-1


139.88.100.1FA WAN

Mobile-Router (IPv4)Collocated Care-Of-Address

Internet No Foreign AgentNo Second Tunnel

128.184.24.2128.184.24.1Virtual LANInterface





Home Agent

Corresponding Node


Tunnel-0


Internet



139.88.100.1

Mobile-Router (IPv4)Collocated Care-Of-Address

Access Router

128.184.24.2128.184.24.1Virtual LANInterface




19

SYZYGY Engineering

Mobile Networking Additional Features

•Geographically Distributed Home Agents

•Asymmetrical Pathing


20

SYZYGY Engineering

Secondary Home Agent(reparenting the HA)

PrimaryHome Agent

SecondaryHome Agent

Reparenting Home AgentHelps resolve triangular routingProblem over long distances

X


21

SYZYGY Engineering

Emergency Backup(Hub / Spoke Network)

If primary control site becomesphysically inaccessible but can be electronically connected, asecondary site can be established.

If primary control site is physically incapacitated, there is no backup capability.


22

SYZYGY Engineering

Secondary Home Agent(Fully Meshed Network)

1

If primary control site is physically incapacitated, a second or third or forth site take over automatically.


2

3

4

5

23

SYZYGY Engineering

Asymmetrical Pathing

Mobile Router

MilStar,Globalstar,

Others

DVBSatellite

Internet

Home Agent

Foreign AgentForeign Agent


24

SYZYGY Engineering

Securing Mobile and Wireless Networks

Some ways may be “better” than others!


25

SYZYGY Engineering

Constraints / Tools

• Policy

• Architecture

• Protocols


26

SYZYGY Engineering

PublicInternet

FA

MR

US Coast GuardMobile Network

HA

US Coast GuardOperational Network

(Private Address Space)

CN

IPv4 Utopian Operation

Triangular Routing


27

SYZYGY Engineering

IPv4 Mobile-IP Addressing

• Source Address is obtained from– Foreign Agent– Static Collocated Care-of-Address (CCoA)– DHCP via Access Router (Dynamic CCoA)

• Private Address space is not routable via the Open Internet

• Topologically Incorrect Addresses should be blocked via Ingress or Egress filtering


28

SYZYGY Engineering

PublicInternet

FA

MR


HA



CN

IPv4 “Real World” Operation

PROXy

Proxy had not originated the request; therefore, the response is squelched.Peer-to-peer networking becomes problematic at best.

Glenn Research Center Policy:No UDP, No IPSec, etc…Mobile-IP stopped in its tracks.What’s your policy?

Ingress or Egress Filtering stopsTransmission due to topologicallyIncorrect source address. IPv6 Corrects this problem.

USCG Requires 3DES encryption.WEP is not acceptable due to known deficiencies.


29

SYZYGY Engineering

PublicInternet

FA

MR


HA



CN

Current Solution – Reverse Tunneling

PROXy

Anticipate similar problems for IPv6.

Adds Overhead and kills route optimization.


30

SYZYGY Engineering

PublicInternet

FA

FA

MR

MR

MR

US Coast Guard

Canadian Coast Guard ACME Shipping

HA

HA

HA

HA

ACMESHIPPING

MR

US Navy

Shared Network Infrastructure

Encrypting wireless links makes it very difficult to share infrastructure.This is a policy issue.Source – Will Ivancic

31

SYZYGY Engineering

IPv6 Mobile-IP


32

SYZYGY Engineering

Mobile-IPv6

• No "foreign agent“ routers• Route optimization is a fundamental part of the

protocol• Mobile IPv6 route optimization can operate securely

even without pre-arranged security associations• Route optimization coexists efficiently with routers

that perform "ingress filtering" • The movement detection mechanism in Mobile IPv6

provides bidirectional confirmation of a mobile node's ability to communicate with its default router in its current location

• Most packets sent to a mobile node while away from home in Mobile IPv6 are sent using an IPv6 routing header rather than IP encapsulation


33

SYZYGY Engineering

Mobile-IPv6

• Modes for communications between the mobile node and a correspondent node– Bidirectional tunneling

• Does not require Mobile IPv6 support from the correspondent node

– “Route Optimization“• Requires the mobile node to register its current binding at

the correspondent node. • Packets from the correspondent node can be routed

directly to the care-of address of the mobile node


34

SYZYGY Engineering

IPv6 Extension Headers


35

SYZYGY Engineering

Source-Routed Packet

Source Address = mobile node’s care-of-address

Destination Address = correspondent node’s address

Topologically Correct Address

If we loose contact, Home knows where

I am.


36

SYZYGY Engineering

Routing in Mobile IPv6

Mobile Node “visiting” a foreign link

Home Agent

Correspondent which does not know the care-of address

Correspondent which knows the care-of address

Source Routing

Tunneling

Mobile Node


Home Agent

“ ”

Corresponding Node


Mobile-IPv6 using Reverse Tunneling


Mobile Node


Home Agent

“ ”

Corresponding Node


Mobile-IPv6 using Route Optimization


Mobile Node


Home Agent

“ ”

Corresponding Node


Mobile-IPv6 Binding Updates

xBindingUpdates

Link UPThe number of

Binding Updates isA Scalability Problem

forMobile Networks


40

SYZYGY Engineering

Mobile IPv6 Security

• Binding Updates use IPsec extension headers, or by the use of the Binding Authorization Data option

• Prefix discovery is protected through the use of IPsec extension headers

• Mechanisms related to transporting payload packets - such as the Home Address destination option and type 2 routing header have been specified in a manner which restricts their use in attacks


41

SYZYGY Engineering

NEMO

NEtworks in Motionhttp://www.ietf.org/html.charters/nemo-

charter.html

http://www.nal.motlabs.com/nemo/


42

SYZYGY Engineering

Networks In Motion (NEMO)

• Working Group established in IETF in December 2002

• Concerned with managing the mobility of an entire network, which changes, as a unit, its point of attachment tothe Internet and thus its reachability in the topology.


43

SYZYGY Engineering

Goals

• Standardizing some basicsupport mechanisms based on the bidirectional tunneling approach– Competed January 2005

• Study the possible approaches and issues with providing more optimal routing – Ongoing as of January 2006


44

SYZYGY Engineering

Network Mobility (NEMO) Basic Support Protocol

(RFC 3963)

• The basic solution MUST use bi-directional tunnels • MNNs MUST be reachable at a permanent IP address and name. • MUST maintain continuous sessions (both unicast and multicast)

between MNNs and arbitrary CNs after IP handover of (one of) the MRs.

• The solution MUST not require modifications to any node other than MRs and HAs.

• The solution MUST support fixed nodes, mobile hosts and mobile routers in the mobile network.

• The solution MUST not prevent the proper operation of Mobile IPv6 (i.e. the solution MUST support MIPv6-enabled MNNs and MUST also allow MNNs to receive and process Binding Updates from arbitrary Mobile Nodes.)

• The solution MUST treat all the potential configurations the same way (whatever the number of subnets, MNNs, nested levels of MRs, egress interfaces, ...)

• The solution MUST support mobile networks attaching to other mobile networks (nested mobile networks).


http://www.ietf.org/rfc/rfc3963.txt

45

SYZYGY Engineering

Work In Progress

• Route Optimization

• Load Sharing (monami)

• Policy Based Routing (monami)

• Multiple Home Agents from different Service Providers– Security Issues– Desirable for some applications (i.e. air traffic

control, airline maintenance, entertainment)


Mobile Network


Home Agent

Corresponding Node


Basic Mobile Network Support for IPv6

xLink UP

Mobile Network

NodesBindingUpdate


47

SYZYGY Engineering

Mobile Nodes and Multiple Interfaces in IPv6 (monami6)

48

SYZYGY Engineering

monami6

• Produce standard track specifications to thestraight-forward problems associated with the simultaneous use of multiple addresses for either mobile hosts using Mobile IPv6 or mobile routers using NEMO Basic Support and their variants (FMIPv6, HMIPv6, etc)

• Provide standardized support forsimultaneous differentiated use of multiple access technologies

– 802.11*, 802.16, 802.20, UMTS, Bluetooth and others • WG Deliverables:

– Documentation of motivations for a node using multipleinterfaces and the scenarios where it may end up with multipleglobal addresses on its interfaces [Informational]

– Analysis document explaining what are the limitations formobile hosts using multiple simultaneous Care-of Addresses and HomeAgent addresses using Mobile IPv6, whether issues are specific toMobile IPv6 or not [Informational].

– A protocol extension to Mobile IPv6 (RFC 3775) and NEMO BasicSupport (RFC 3963) to support the registration of multiple Care-ofAddresses at a given Home Agent address [Standard Track].

– A "Flow/binding policies exchange" solution for an exchange ofpolicies from the mobile host/router to the Home Agent and from theHome Agent to the mobile host/router influencing the choice of theCare-of Address and Home Agent address [Standard Track].

49

SYZYGY Engineering

High speed link

int2

int3

Routing Policy

Routing Policy

int1Low latency link

Reliable linkATC

ATCATC

ATC

AOC

AOCAOC

AOC

P-DATA

P-DATA

P-DATA

P-DATA

P-DATAP-DATAHomeAgent

Policy-Base RoutingAirline Example

P-DATA: Passenger Data (Non-Critical Information)AOC: Airline Operations Control (2nd Highest Priority)ATC: Air Traffic Management (Highest Priority - Safety of Flight)

50

SYZYGY Engineering

High speed link

int2

int3

Routing Policy

Routing Policy

int1Low latency link

Reliable linkATC

ATCATC

ATCAOC

AOC

P-DATA

P-DATA

P-DATAHomeAgent

Policy-Base Routing Airline Example


51

SYZYGY Engineering

High speed link

int2

int3

Routing Policy

Routing Policy

HomeAgentint1

Low latency link

Reliable link

ATC

ATC

ATC

AOC

AOCAOC

P-DATA

P-DATA

P-DATA

P-DATA

P-DATAP-DATA

Policy-Base Routing Airline Example


52

SYZYGY Engineering

Mobile Ad Hoc Networks(MANET)


53

SYZYGY Engineering

MANET Characteristics

• What is Mobile Ad-Hoc Networking (MANET)– Self-configuring and self-organizing network of mobile nodes usually connected

via wireless links– Consists of mobile platforms / nodes (e.g., a router with multiple hosts) which are

free to move about arbitrarily.– Initial research and development based on mutual trust and cooperation– MANET routing is a layer-3, network layer technology.

• Dynamic, changing,random, multi-hop topologies may require traversing multiple links to reach a destination

• May have frequent network partitions and merging• Routing may change because of mobility (or wireless link

dynamics – fading)• Routing functionality need to support robust and efficient

operation• May require energy-constrained operation

Source: Albert Young - Boeing

54

SYZYGY Engineering

MANET Characteristics

• Bandwidth constrained,variable capacity wireless links• Effective throughput is much less than a radio maximum

transmission rate after accounting for the effects of multiple access, fading, noise, propagation path loss and interference

• Limited physical security– Increased possibility of eavesdropping, spoofing, and denial-of-service attacks

• Ad-hoc network clusters can operate autonomously or be attached at some point(s) to the fixed Internet –Stub network

• The decentralized nature of network control in MANETs provides additional robustness against the single points of failure of more centralized approaches.

• Equipped with wireless transceivers using antennas which may be omni-directional (broadcast),directional (point-to-point), possibly electronically steerable or a combination.

Source: Albert Young - Boeing

55

SYZYGY Engineering

Applications

• Sensor Webs– Forest Fires Monitoring– Pollution Monitoring– Environmental Monitoring

• Inexpensive alternatives or enhancements to cell-based mobile network infrastructures.

• Military networking for robust, IP-compliant data services within mobile wireless communication networks consist of highly-dynamic autonomous topology segments.

• Homeland Security– Scenarios requiring rapidly-deployable communications with survivable,

efficient dynamic networking


56

SYZYGY Engineering

Status of MANET

• Defense Programs are extremely interested in MANETs– Self-Organizing, robust, self-healing– Major research funding source.

• IETF MANET working – Promoting a few “experimental” deployments (a reactive and a proactive

routing technique) – Using mature components from previous work on experimental reactive

and proactive protocols, the WG will develop two Standards track routingprotocol specifications:

• Reactive MANET Protocol (RMP) • Proactive MANET Protocol (PMP)

– Develop a scoped forwarding protocol that can efficiently flood data packets to all participating MANET nodes. The primary purpose of this mechanism is a simplified best effort multicast forwarding function.


57

SYZYGY Engineering

Deployments(Sampling – Many others are available)

• Dynamic MANET On-demand (DYMO) routing protocol – http://moment.cs.ucsb.edu/dymo/index.php

• Ad hoc On Demand Distance Vector (AODV) – http://www.nmsl.cs.ucsb.edu/~krishna/aodv-linksys/– http://w3.antd.nist.gov/wctg/aodv_kernel/– http://crl.se/?go=aodv6

• Optimized Link State Routing Protocol (OLSR) – Navy Research Lab, INRIA (fr), NIIGATA (jp), GRC, LRI (fr), Communication

Research Centre in Canada, UniK University• URL for all sources: http://hipercom.inria.fr/olsr/#code• http://www.olsr.org/

• Dynamic Source Routing (DSR)– http://www.monarch.cs.rice.edu/dsr-impl.html– http://pdos.csail.mit.edu/grid/software.html#install– http://core.it.uu.se/AdHoc/DsrUUImpltp://core.it.uu.se/AdHoc/DsrUUImpl

58

SYZYGY Engineering

Routing Standards and Research

• One Size Does Not Fit All! No single routing protocol works well in all environments – Which approach to choose depends on the traffic and mobility patterns,

and QoS requirements– Proactive routing protocols Optimized Link State Routing (OLSR), Open

Shortest Path First (OSPF) extension• Applicable for relatively stable networks• Suitable for large and dense networks

– Reactive routing protocol Ad Hoc On-Demand Distance Vector (AODV), Dynamic Source Routing protocol (DSR), Dynamic MANET On-demand (DYMO)

• Enables reactive, multihop routing between participating nodes that wish to communicate.

• Applicable to highly dynamic networks– Motivation is for interoperability with the wired– Modification (e.g. neighbor establishment) and scalability enhancements

to OSPFv3 that is designed for IPv6 – Specifically in reducing the size of Hello packets, and optimizing flooding

of routing updates.


59

SYZYGY Engineering

Benefits of IPv6 in MANETs

• IPv6 couple together with MANET offers ease and speed of deployment, and decreased dependence on infrastructure

• Provide End-to-End Global Addressing• Autoconfiguration of link-local addresses• Possible End-to-End Security with integrated IPSec• Support for source routing• Full support of mobility• No broadcast traffic to hamper wireless network

efficiency• Potential support of real-time delivery of data with QoS• Potential to utilize Anycast addressing


60

SYZYGY Engineering

Challenges

• Denial of Service– DAD DoS, Uncooperative Router, etc…– Neighbor Discovery trust and threats

• Network Discovery– Reachback, DNS, Key Manager

• Security– IPSec / HAIPES tunnel end-points– Security Policies in a dynamic environment– Is layer-2 encryption sufficient security? – Insecure routing

• Attackers may inject erroneous routing information to divert network traffic, or make routing inefficient

• Key Management– Lack of key distribution mechanism – Hard to guarantee access to any particular node (e.g. obtain a secret key)


61

SYZYGY Engineering

Challenges

• Duplicate Address Discovery– Not suitable for multi-hop ad hoc networks that have dynamic

network topology– Need to address situation where two MANET partitions merge

• Radio Technology– Layer-2 media access often incompatible with layer-3 MANET

routing protocol

• Battery exhaustion threat– A malicious node may interact with a mobile node very often trying

to drain the mobile node’s battery

• Testing of Applications• Integrating MANET into the Internet


62

SYZYGY Engineering

Integrating MANET into the Internet

• Unicast Address Autoconfiguration

• Multicast Address Autoconfiguration

• Multicast Name Resolution

• Service Discovery

• Global Connectivity between MANET and Internet

Source: http://www.adhoc.6ants.net/

syzygy engineering 1 mobile networking mobile-ip mobile networking ad hoc network acp/wg n meeting...

Documents

home ip

nasa goddard mobileip

syzygy engineering

ivancic slide

address source

nasa glenn

address layer

home network address