Support for Network-based User Mobility with LISP
Post on 21-Jun-2015
270 Views
Preview:
Transcript
Support forNetwork-basedUser Mobility with LISPANDREA GALVANI
SUPERVISORPROF. FULVIO RISSO
ACADEMIC TUTORSPROF. ALBERT CABELLOS-
APARICIOM.S. ALBERTO RODRIGUEZ-
NATAL
Wi-Fi Mobility
Users switching between Wi-Fi networks
(Handover)
Scenario
A user is doing a VoIP call,
or exchanging a file, ...
Scenario
The user decides to change Wi-Fi networkThe connection is dropped and has to be reinitialized
Scenario
The user decides to change Wi-Fi networkThe connection is dropped and has to be reinitialized
ProblemA TCP connection is represented by a 4-tuple:
<source IP, source Port, destination IP, destination port>
When the user moves, his IP changesThe TCP connection is released
“Network-based”Host-based: additional software needs to be installed on the user’s host
Network-based:No modifications to users’ devices required
The network components take care of the mobile hosts’ mobility
GoalsConnection continuity when roaming across Wi-Fi networks
Users’ devices use standard TCP/IP stack
Network components are in charge of managing users’ mobility
Minimize modifications to other components
Keep a high level of abstraction for future developments
State of the artIETF standards
•Mobile IP v4 / v6
•Proxy Mobile IP v6Adopted in 3G networks
...No standards for Wi-Fi networks
IP address constraint
The IP address represents two properties at the same time
• User’s identity• User’s location
User’s location changes → User’s IP changes
LISPLocator/ID Separation Protocol
Loc/ID split• One address space for user’s identity(EID – Endpoint IDentifier)
• One address space for user’s location(RLOC – Routing LOCator)
User’s location changes → User’s RLOC changes
LISP overview• xTR (Edge Router)
• Subnetwork with EID-prefix
• Users in the network are given an EID from the prefix
• A Map-Server is used for storing mappings
• A Map-Resolver for retrieving mappings
RLOC: 130.1.1.3
EID – RLOC10.1.1.0/24 – 130.1.1.3
EID-prefix:10.1.1.0 /24
EID: 10.1.1.7
Internet
LISP in a nutshellRLOC: 130.1.1.3
EID: 10.1.1.1
RLOC: 150.1.1.5
EID: 10.1.2.3
IP 10.1.1.1 → 10.1.2.3
ICMP ping Map-Requestfor 10.1.2.3Map-Reply
10.1.2.3 – 150.1.1.5
EID-prefix:10.1.1.0 /24
EID-prefix:10.1.2.0 /24
1
2
3
Internet
LISP in a nutshellRLOC: 130.1.1.3
EID: 10.1.1.1
RLOC: 150.1.1.5
EID: 10.1.2.3
IP 10.1.1.1 → 10.1.2.3
ICMP ping
IP 10.1.1.1 → 10.1.2.3
ICMP pingIP 130.1.1.3 → 150.1.1.5
UDP 4341 -> 4341
LISP (Data)
IP 10.1.1.1 → 10.1.2.3
ICMP ping
EID-prefix:10.1.1.0 /24
EID-prefix:10.1.2.0 /24
RLOC: global scope
EID: local scope
4
5
Idea
150.1.1.5
130.1.1.3
10.1.1.1
User’s mapping10.1.1.1 – 130.1.1.3
10.1.2.3
Idea
Update user’s RLOC when he moves
Establish TCP connections using EIDs
150.1.1.5
130.1.1.3
10.1.1.1
User’s mapping10.1.1.1 – 150.1.1.5
10.1.2.3
Solution Design – LISP-ROAM
A solution to be implemented by Internet Service ProvidersNew mobility serviceFull trust agreementPossibility to roam across every network
User is assigned a fixed EID
Five StepsEverytime a user connects to a network...
1. User authentication
2. User’s EID retrieval
3. User’s local configuration
4. User’s home Map-Server retrieval
5. User’s location update
1. User authentication
We need to keep track of the user while he moves
802.1x standard
xTR checks credentials with RADIUS
RADIUS Server stores users’ credentials
alice@domainA.com***
EAP
RADIUSRADIUSServer
domainA.com
Username Password
alice ***
bob ***
Username
Password
EID
alice *** 10.1.2.121
bob *** 10.1.2.137
2. User’s EID retrieval
The RADIUS Server can store multiple attributes
It’s possible to store user’s EID
The RADIUS Server returns the EID embedded in the Access-Accept
alice@domainA.com***
domainA.com
Access-Requestalice, ***
Access-AcceptEID = 10.1.2.121
1
23
3. User’s local configuration
• If the user is in his home networkHe’s part of the EID-prefix
10.1.1.169
EID-prefix:10.1.1.0 /24
3. User’s local configuration
• If the user is in his home networkHe’s part of the EID-prefix
• If the user is foreignA local virtual interface is created
The xTR is the default gateway for the user
10.1.2.121
10.1.2.122
EID-prefix:10.1.2.120 /30
EID-prefix:10.1.1.0 /24
User’s home Map-Server
One Map-Server per domainAll Map-Servers form a
Distributed Mapping System
Home Map-ServerHome domain’s Map-
Server
Every xTR knows the key related to its EID-prefix domainA.com
EID-prefix:10.1.1.0 /24
EID-prefix:10.3.3.0 /24
130.1.1.3
Map-Register10.3.3.0/24 – 130.1.1.3
Authenticated
130.1.1.1
Home Map-Serverof domain A
4. User’s home Map-Server
When a foreign user connects to a network
the xTR has to retrieve user’s home Map-Server’s...
1. Address Can be done using the LISP infrastructure...or through other systems (DNS)
2. Key ...use RADIUS attributes
4. User’s home Map-Server address
EID RLOC
10.1.2.0/24 80.8.8.1
130.1.1.3
EID-prefix:10.1.1.0 /24
80.8.8.1
EID-prefix:10.1.2.0 /24
domainA.com domainB.com
alice@domainA.com***
80.8.8.5
10.1.2.121
Map-Request10.1.2.121
IP 80.8.8.5 → 130.1.1.3
UDP 4342 → 4342
LISP 10.1.2.121 – 80.8.8.1
Map-Server’s IP =outer source IP
Map-Reply
1
23
Username
Password
EID Map-Server key
alice *** 10.1.2.121 «secret»
bob *** 10.1.2.137 «secret»
4. User’s home Map-Server key
Home Map-Server’s key returned with Access-Accept
domainA.com
Access-AcceptEID = 10.1.2.121
Key = «secret»
1
2
3
5. User’s location update
EID RLOC
10.1.2.0/24 80.8.8.1
130.1.1.3
EID-prefix:10.1.1.0 /24
Map-Register10.1.2.121 – 130.1.1.3
Authenticated
80.8.8.1
EID-prefix:10.1.2.0 /24
domainA.com domainB.com
alice@domainA.com***
EID RLOC
10.1.1.0/24 130.1.1.3
Username alice
EID 10.1.2.121
MS address
80.8.8.5
MS key «secret»
80.8.8.5
10.1.2.121/32 130.1.1.3
Update correspondent nodes
Map-Register for 10.1.2.121
Map-NotifyMap-Notify
Solicit-Map-
Request
for 10.1.2.121
Map-Request
/ Map-Replyfor 10.1.2.121
10.1.2.121 10.1.2.121
LISP Map-Server / Map-Resolver
Correspondent node
1
2
3
44
5 6 7
Test bed
EID-prefix:10.1.1.0 /24
«LISP-A»
10.1.2.121
EID-prefix:10.1.2.0 /24
«LISP-B»
alice@domainB.com
domainA.comFOREIGN
domainB.comHOME
10.1.2.121
10.1.3.165
Handover testLatency / Packet loss
1. User home / foreign• User connects to his home / a foreign
network
2. User known / unknown• User has connected before to the
network
Results – User unknown
Results – User known
...other proposalsNo full trust between ISPsISPs don’t share Map-Servers’ key
No fixed EID for userLISP-MACLISP-RADIUS
LISP-MAC•User assigned to a specific xTR of the domainHome xTR
•MAC Mapping SystemMAChost – IPHomexTR
•When a user connects to a foreign networkDialogue between foreign and home xTR
LISP-MACEID RLOC
10.1.2.0/24 80.8.8.1
130.1.1.3
EID-prefix:10.1.1.0 /24
80.8.8.1
EID-prefix:10.1.2.0 /24
domainA.com domainB.com
EID RLOC
10.1.1.0/24 130.1.1.310.1.2.121/32 130.1.1.3
DHCP RequestMAChost
Map-RequestMAChost
Map-ReplyMAChost - 80.8.8.1
MAC EID
MAChost 10.1.2.121
DHCP Request / ACK
Map-Register /Map-Notify
Map-Register10.1.2.121 – 130.1.1.3
Authenticated
DHCP ACK10.1.2.121
MAC IPhomexTR
MAChost 80.8.8.1
1
2
34
5 6
6
LISP-RADIUS• User assigned to a specific xTR of the domain
Home xTR
• When a user connects to a foreign networkDialogue between foreign and home xTR
•802.1x dialogue User authentication IPHomexTR
LISP-RADIUSEID RLOC
10.1.2.0/24 80.8.8.1
130.1.1.3
EID-prefix:10.1.1.0 /24
80.8.8.1
EID-prefix:10.1.2.0 /24
domainA.com domainB.com
EID RLOC
10.1.1.0/24 130.1.1.310.1.2.121/32 130.1.1.3
EAP dialoguealice@domainA.com
***
Access-Requestalice@domainA.com
***Access-Accept
IPhomexTR = 80.8.8.1
MAC EID
MAChost 10.1.2.121
DHCP Request / ACK
Map-Register /Map-Notify
Map-Register10.1.2.121 – 130.1.1.3
Authenticated
DHCP RequestMAChost
Username
Password
IPhomexTR
alice *** 80.8.8.1
bob *** 80.8.8.1
DHCP ACK10.1.2.121
1
23
5
64
7
7
ConclusionsLISP-ROAM actually achieves connection continuity in user mobility
It can be considered a suitable solution for realistic scenarios (buildings, campuses, ...)
The solution has been tested in a small scope but can be considered being implemented in wider scenarios (ISP level)
The assumptions made allow future extension / interoperability with 3G operators
Video demo
Mobile host switching between Wi-Fi networks, while communicating with Correspondent Node (ping / TCP)
Thanks for your attention
Andrea Galvani
and.galva@gmail.com
bit.ly/lisp-roam
top related