Deployment of MIPv6 in operational networks Presentation at the University of Passau, 02.05.2006 Wolfgang Fritsche, IABG
Deployment of MIPv6 in operational networksPresentation at the University of Passau, 02.05.2006
Wolfgang Fritsche, IABG
3Deployment of MIPv6 in operational networks2/13/2007
Mobility in today’s Internet
IPv4Enterprise
PATR
ISPs
MobileOperators
VirtualOperators
Carriers
WLANHotsport
WMAN(IEEE 802.16e)
R R R
Cellular(2.5-3G) IPv4-only
access
NAT
IPv4-onlyaccess
IPv4-onlyaccess
GW
Trains, cars, etc.
Firewall
Services
IPv6Enterprise
R
Services
R
IPv6House
R
On-boardnetwork
AAAMobility
QoS
VPN
MobileNode
R
IPv4House
VPNIPv6
Backbone
SessionControl
4Deployment of MIPv6 in operational networks2/13/2007
Rationale for Mobile IPv6 (MIPv6)
• Evolvement of the mobile InternetGrowing number of mobile Internet usersGrowing diversity of mobile Internet devices (PDA, cellphone, smartphone, …)Increasing heterogenity of access networks (GSM, 3G, WLAN, WiMax, …)Efficient support of mobility in the Internet required
• Importance of transparencyMobility support should be transparent to users and applications
• MIPv6 approachMIPv6 offers this transparent mobility support by influencing therouting of IP packets
5Deployment of MIPv6 in operational networks2/13/2007
Mobile IPv6 example
Internet or otherIP backbone
VisitedNetwork B
VisitedNetwork C
R
R
RHomeNetwork A
CorrespondentNode
MobileNode
Home Agent
MobileNode
6Deployment of MIPv6 in operational networks2/13/2007
Mobile Node registers at Home Agent
Internet or otherIP backbone
Mobile Node sends Binding Update
Home Agent replies with Binding Acknowledgement
VisitedNetwork B
VisitedNetwork C
R
R
RHomeNetwork A
CorrespondentNode
MobileNode
Home Agent
7Deployment of MIPv6 in operational networks2/13/2007
Tunneling of traffic to Mobile Node
Internet or otherIP backbone
VisitedNetwork B
VisitedNetwork C
R
R
RHomeNetwork A
CorrespondentNode
MobileNode
Home Agent
Corresp. Node initiates communication with Mobile Node and sends packets to MN‘s home address
Home Agent intercepts packets and forward them to the Mobile Node (proxy functionality)
8Deployment of MIPv6 in operational networks2/13/2007
Reverse tunneling
Internet or otherIP backbone
VisitedNetwork B
VisitedNetwork C
HomeNetwork A
CorrespondentNode
MobileNode
Home Agent
Mobile Node uses reverse (IPsec) tunnel to Home Agent for replying to Correspondent Node
Home Agent decapsulates packet from Mobile Node and forwards it to Correspondent Node
R
R
R
9Deployment of MIPv6 in operational networks2/13/2007
Route optimization
Internet or otherIP backbone
VisitedNetwork B
VisitedNetwork C
HomeNetwork A
CorrespondentNode
MobileNode
Home Agent
R
Mobile Node sends Binding Update to Corresp. Node C
Corresp. Node C sends following packets directly to c/o address of Mobile Node
R
R
10Deployment of MIPv6 in operational networks2/13/2007
Roaming
Internet or otherIP backbone
VisitedNetwork B
VisitedNetwork C
HomeNetwork A
CorrespondentNode
Home Agent
R
R
R
R
VisitedNetwork C
Mobile Node sends Binding Updates to Home Agent and all Corresp. Nodes, which already received a previous Binding Update from this Mobile Node
12Deployment of MIPv6 in operational networks2/13/2007
Requirements for operational deployment of MIPv6
• Improvement of Mobile IPv6 scalabilityDynamic provisioning of configuration data on terminals and HAsLoad-sharing across HAs
• Improvement of reliabilitySolutions for HA failover (no single point of failure)
• Control of mobility serviceService authorization based on a AAA infrastructure
• Enable offering of “premium” network featuresOn-demand and secure activation of fast handovers, QoS, etc.
• Integration of Mobile IPv6 in real-life environmentsCoexistence with middle-boxes (firewalls, VPN concentrators, etc.)Deployment of Mobile IPv6 in IPv4-only accesses
13Deployment of MIPv6 in operational networks2/13/2007
Overview of ENABLE project• ENABLE at a glance
Research project funded by the European Commission8 European and one Chinese partnerDuration: 2006 – 2007
• Goal of ENALBEEnable deployment of efficient and operational mobility as a service in large scale IPv6 network environmentsTaking into account also the transition from current IPv4 networksResearch and contribution to standardization fora (IETF, 3GPP, etc.)Validation through laboratory experiments (prototypes, testing, etc.)
• More informationENABLE project web site http://www.ist-enable.org
14Deployment of MIPv6 in operational networks2/13/2007
Long Term Vision
R R R
IPv4/v6backbone
R R R
Mobile IPv6
Mobile IPv6all-IP network
RR R
RR
R R R
?Mobile IPv6,HIP, others?
RAN RANRAN RAN
Dedicated RANsoptimized for specific services
Today
cellular (2.5-3G)Wireless LANWMAN (WiMAX)
Integration of heterogeneous RANsto offer efficient and cost-effective ubiquitous mobility
MIPv6 is the key
Step 1
Smooth migration to an all-IP network architecture
Step 2
all services over IPMIPv6 with fast handover support
Fully mobile Internet
Step 3
tremendous growth in the number of terminalsMIPv6 might suffer its age
ENABLEtargets
15Deployment of MIPv6 in operational networks2/13/2007
Bootstrapping• Goal
Addressing the operational requirement for dynamic provisioning of configuration data on terminals and HAs and MIPv6 service authorization
• Configuration dataHA address
Required on MNUsed for registering Binding Updates with HA
MN‘s Home AddressRequired on MNUsed for communication with other nodesCould change if home network will be renumbered
Keying MaterialRequired on MN and HAUsed to set up a security association (IPsec) between MN and HA
16Deployment of MIPv6 in operational networks2/13/2007
Access Service Authorizer (ASA)
Service entities involved in bootstrapping
CorrespondentNodes (CNs)
Internet or otherIP backbone
R
MobileNodes (MNs)
RR
AR AR
AccessPoints (APs)
R
R
AAAServers
R
R
HomeAgents
Mobility Service Authorizer (MSA)
Mobility Service Provider (MSP)
AAAServers
R
Access Service Provider (ASP)
17Deployment of MIPv6 in operational networks2/13/2007
Bootstrapping architectures investigated by IETF
• Split scenarioMobility Service Authorizer (MSA) is different from Access Service Authorizer (ASA)Assignment of Home Agent done using DNS
• Integrated scenarioMobility Service Authorizer (MSA) is the same as Access Service Authorizer (ASA)Assignment of Home Agent done using DHCPv6
18Deployment of MIPv6 in operational networks2/13/2007
Steps of the split scenario• Getting network access
Using DHCPv6 or IPv6 stateless address autoconfiguration• Home Agent assignment done by DNS request from MN
Requesting for a FQDN of a HA (e.g. ha.service-provider.com)Requesting for a MIPv6 service (e.g. mip6.ipv6.service-provider.com)
• Setting up an IPsec security association between HA and MNUse of Internet Key Exchange version2 (IKEv2) for this purposeFor this purpose the HA may contact a PKI or AAA for MN authentication and service authorization
• Assignment of a Home Address to MNDone within the IKEv2 exchangeMN could propose a Home Address
• Update of the MNs DNS entry with the new Home AddressTriggering of DNS update within Binding Update from MN to HAHA updates DNS directly or further delegates this to AAA
19Deployment of MIPv6 in operational networks2/13/2007
Example message flow for split scenarioMN
AR AAA DNSHAHA
DNS request (HA FQDN or MIPv6 service)
DNS response (single of multiple HA address(es))
IKEv2 exchange (authentication, MIPv6service authoritzation, HoA assignment) RADIUS or Diameter
Address Configuration(IPv6 stateless, DHCPv6)
Binding Update (DNS update option)
Binding Ack (DNS update option)
AAA request (FQDN, HoA)
AAA answer(FQDN, HoA)
DNA update(FQDN, HoA)
20Deployment of MIPv6 in operational networks2/13/2007
Steps of the integrated scenario
• Getting network accessUsing DHCPv6 or IPv6 stateless address autoconfiguration
• Home Agent assignment done by DHCPv6 request from MNHA is provided by the Mobility Service Provider
AAA of Mobility Service Provider provides HA to DHCPv6DHCPv6 finally assigns HA to MN
HA is provided by Access Service ProviderDirect assignment of HA to MN by DHCPv6
• Remaining steps identical to split scenarionSetting up an IPsec security association between HA and MNAssignment of a Home Address to MNUpdate of the MNs DNS entry with the new Home Address
21Deployment of MIPv6 in operational networks2/13/2007
Example message flow of integrated scenario
MN AR / NAS DHCP Relay AAA
DHCPServer
Network access authentication
DHCPv6 information request (HA)
Network access authentication and HA provision
DHCPv6 information request (HA)
DHCPv6 information reply (HA)
DHCPv6 information reply (HA)
22Deployment of MIPv6 in operational networks2/13/2007
Contact
This work has been partially supported by the European Commission FP6 IST ENABLE project.
Wolfgang FritscheManager Advanced IP Services
Phone: +49 89 6088-2897Email: [email protected]
Web: www.iabg.de
Wolfgang FritscheManager Advanced IP Services
Phone: +49 89 6088-2897Email: [email protected]
Web: www.iabg.de