Mobile IPv6. Why study Mobility in IPv6? What is so different about Mobile IPv6 ?

Mobile IPv6

Why study Mobility in IPv6?

What is so different about Mobile IPv6 ?

Broadly we can say,

Mobile IPv6 benefits from opportunities provided by IPv6

From the Lessons learnt from IPv4

Problems with Mobile IPv4

Triangle Routing Problem

Triangle routing problem delays the delivery of the datagrams and places an unnecessary burden on networks and routers

Firewalls

Enterprise firewalls are typically configured to block packets from entering via the Internet that appear to emanate from internal computers

Ingress Filtering

Many border routers discard packets coming from within the enterprise if the packets do not contain a source IP address configured for one of the enterprise's internal networks

Other Security Issues

Insider Attacks Denial of Service Attack (DOS) Replay Attacks Theft of Information: Passive

Eavesdropping Theft of Information: Session-Stealing

Is Mobile IPv6 the Solution?

Two Modes of Operation

Basic Operation or Bi- directional tunneling

Route Optimization

Basic Operation

Data Path: Mobile Node to Correspondent Node in Basic Operation

Data Path: Correspondent Node to Mobile Node in Basic Operation

Route Optimization

Data Path: Mobile Node to Correspondent Node in Route Optimization

Data Path: Correspondent Node to Mobile Node in Route Optimization

Advantages of Route Optimization

Allows the shortest communications path to be used.

eliminates congestion at the mobile node's home agent and home link.

the impact of any possible failure of the home agent or networks on the path to or from it is reduced.

Establishing Route Optimization

Messages supported by Mobility Header

Home Test Init Home Test Care-of Test Init

Care-of Test Binding Update Binding

Acknowledgement Binding Refresh

Request Binding Error

Return Routability Procedure

Registration

Return Routability Procedure Purpose :Enables the correspondent node to obtain some

reasonable assurance that the mobile node is in fact addressable at its claimed care-of address as well as at its home address.

Only with this assurance is the correspondent node able to accept Binding Updates from the mobile node.

Return Routability Flow diagram

Mobile Node Home Agent Correspondent Node | | | Home test Init | |-------------------------------|---------------------------------------| | Care of test init | |-------------------------------------------------------------------------> | | home test | |<----------------------------------|<------------------------------------ | | Care of Test | |-------------------------------------------------------------------------|

Home Test init

Source Address = home address Destination Address = correspondent Parameters: home init cookie

Care-of Test Init

Source Address = care-of address Destination Address = correspondent Parameters: care-of init cookie

Home Test

Source Address = correspondent Destination Address = home address Parameters: home init cookie home keygen token

home nonce index

Care-of Test

Source Address = correspondent Destination Address = care-of address Parameters: care-of init cookie care-of keygen token

care-of nonce index

Binding Message Flow Diagram

Mobile Node Correspondent Node | Binding Update | |-----------------------------------------------------------| | (Seq no. , nonce indices , care of address) | | | | | | Binding ACK | |----------------------------------------------------------- | (Seq no. , status)

Binding Update

Source Address = care-of address Destination Address = correspondent Parameters: home address sequence number home nonce index care-of nonce index First (96, HMAC_SHA1 (Kbm, (care-of address | correspondent | BU)))

Binding Acknowledgement

Source Address = correspondent Destination Address = care-of address Parameters: sequence number First (96, HMAC_SHA1 (Kbm, (care-of address |

correspondent | BA)))

Other Features and Functionality

Home Agent Option

Used by Mobile Node while away from home, to inform the recipient of the mobile node's home address.

Prefix Discovery

allows a Mobile Node to get network prefix information about its Home Network

Sends a Mobile Prefix Solicitation message to the Home Agent.

Dynamic Home Agent Discovery

When attached to a Foreign Network, a Mobile Node might not know the address of its Home Agent

With DHAAD, Mobile Node only needs a home network prefix configured and it can dynamically find the address of a Home Agent on its home network

Returning Home and De-registering

Mobile Node determines whether it is attached to its home network based on the network prefix information

Deregisters by sending a special Binding Update to its Home Agent

Neighbor/Router Discovery

Provides IPv6 nodes with a means to discover the presence and link –layer addresses of other nodes

Provides methods for discovering routers

Detecting when a local node becomes unreachable

Resolving duplicate addresses

Stateless Autoconfiguration

Purpose: Enables nodes to decide how to autoconfigure its interfaces in IPv6

Steps:1. Generate a link-local address for the interface. 2. Obtain a Router Advertisement which specify

the sort of autoconfiguration the host should do.

Performance Evaluation Security Threats reduced Uses Source Routing which provides Highly

efficient performance and avoids Triangle routing

Avoids problems due to Ingress Filtering Has Inbuilt Infrastructure for Mobility Router Discovery and Address auto-

configuration makes mobility a much easier task

Major Differences from Mobile IPv4

No Foreign Agents Route Optimization is a fundamental part unlike

Mobile IPv4 Bi-directional tunneling is part of the core

protocol unlike Mobile IPv4 Uses Neighbor Discovery to find Link layer

Addresses of neighbors unlike Mobile IPv4 which uses ARP . Hence more robust

Contd…

Dynamic Home Agent Address Discovery uses anycast addressing and returns a single reply to the mobile node unlike Mobile IPv4 which uses a directed broadcast approach and returns separate replies from each Home Agent

Mobile Nodes can obtain Care-of Addresses via

Stateless Address Auto-configuration unlike Mobile Ipv4 which uses Agent discovery

Vulnerabilities in Mobile IPv6

Security – Still a Headache Biggest vulnerability is authorization of

Binding Updates Firewalls and Mobile IPv6 do not work well

together Number of Problems for securing Neighbor

discovery Problem arises when roaming with a dual-

stack architecture and interoperating between Mobile IPv4 and Mobile IPv6.

Final Words – Mobile Ipv6

“Communications should be much faster," Deering says. "We also thought it was going to be more secure. But now it doesn't look like it's going to be more secure."

“Backers of IPv6 have suffered another setback, as security experts punched holes in their planned strategy for supporting mobile IPv6 communications.”

“Prime Minister Yoshiro Mori of Japan vouched for IPv6 in front of the Japanese parliament, declaring that by 2006 Japan would have 100 percent deployment in government, education and industry. And in February, the Korean government followed suit by promising to spend $80 billion by 2006 to develop and deploy IPv6.”

"The good part is, that the IETF has identified that this is work that needs to be done as soon as possible, and they are nearing their goal”

Thank You!