Mobility Support in IPv6 Advanced Internet, 2004 Fall 8 November 2004 Sangheon Pack
Jan 26, 2016
Mobility Support in IPv6
Advanced Internet, 2004 Fall
8 November 2004
Sangheon Pack
Content
• IP Mobility
• Mobile IPv6• Basic Operation• Mobile IPv6 Security
• Optimization of Mobile IPv6• Hierarchical Mobile IPv6 (HMIPv6)• Fast Handover of Mobile IPv6 (FMIPv6)
• Conclusion
IP Mobility (1/2)
• Routing• Nodes communicate using IP: All IP Network• IP packets are routed by their address• When a mobile node moves, it needs to change IP
address to match its current network
• Identification• Connections/sessions between nodes are mostly
identified by endpoint IP’s• When the node moves, and is assigned a new IP, all
existing connections/sessions must be terminated and reestablished!
• Need of IP Mobility Protocol!
IP Mobility (2/2)
Correspondent Node
<IP-B>
Mobile Node
<IP-A>
Mobile Node
<IP-C>
<IP-A> <-> <IP-B>
<IP-B> <-> <IP-C>
Mobile IPv6 (1/3)
• Overview• Home network, HA, CoA as the same as Mobile IPv4• Address auto-configuration
• MN can obtain a CoA in foreign network without any help of foreign agent (FA)
• Packet interception at the HA• By Neighbor Discovery (cf. Proxy ARP in Mobile IPv4)
• Binding update option• Between MN and HA/MN and CN• Route optimization between MN and CN
• New extension headers• Type-2 Routing header: for route optimization• Destination Options header: for MN originated packets
Mobile IPv6 (2/3)
• Bi-directional tunneling mode• Does not require for the CN to support Mobile IPv6 • Use of Reverse tunneling
• Route Optimization (RO) mode• Requires to register the MN’s current binding at the CN• Uses a new type of IPv6 routing header
• Destination Address = current CoA• Type-2 routing header = home address
• Shortest communications path• Eliminates congestion at the MN’s HA and home link• Impact of any possible failure of the HA or networks on
the path to or from it is reduced
Mobile IPv6 (3/3)
• Dynamic Home Agent Address Discovery• Allows a MN to dynamically discover the IP address of a
home agent on its home link• ICMP Home Agent Address Discovery Request Message
• Destination address: Home Agent anycast address for its own home subnet prefix
• Reply message• HA address list in home link• HA maintains the home agent lists
Mobile IPv6 Terminology
• Terminology• Home Address (HoA)
• the permanent IP for identifying the Mobile Node. The Mobile Node should always be reachable at this IP.
• Care-of Address (CoA)• the temporary, network-spesific IP for routing
messages to the Mobile Nodes current location• Home Agent (HA)
• the entity acting on behalf of the Mobile Node in it’s home network
• Correspondent Node (CN)• any other host connected to Mobile Node (not
necessarily mobile itself)
Mobile IPv4 Mobile IPv6
Mobile node, home agent, home link, foreign link
(same)
Mobile node’s home address Globally routable home address and link-local home address
Foreign agent A “plain” IPv6 router on the foreign link (foreign agent no longer exists)Collocated care-of address
Care-of address obtained via Agent Discovery, DHCP, or manually
Care-of address obtained via Stateless Address Autoconfiguration, DHCP, or manually
Agent Discovery Router Discovery
Authenticated registration with home agent
Authenticated notification of home agent and other correspondent nodes
Routing to mobile nodes via tunneling Routing to mobile nodes via tunneling and source routing
Route optimization via separate protocol specification
Integrated support for route optimization
Mobile IPv4 vs. Mobile IPv6
Binding Update
• Binding Update • An MN informs the HA and CNs of its CoA when the MN is
located in a foreign network• The HA/CN send “Binding Acknowledgement” option to
the MN
• Requirements• Source address in IP header = MN’s CoA
• To avoid ingress filtering• IPv6 authentication header (AH)
• For secure binding update
Packet Delivery
• Packet delivery from CN to MN• The CN check whether there is the MN’s binding
information at its binding cache. • If there is a matched entry
• The CN sends packets to the cached MN’s CoA using IPv6 routing header option
• No IPv6 encapsulation• Otherwise
• Normal packet routing to the MN’s home address• The HA intercepts and tunnels packets.• The MN receiving packets from tunneled by the HA
sends a binding update message to the CN
Requirements
• Correspondent Nodes• Processing of binding update message• Update its binding cache whenever it receives a new
binding update message with a new CoA
• Mobile Nodes• When a new CoA is needed• Sending of binding update message• Maintain a Binding Update List• Packet encapsulation/decapsulation: No FA
• Home Agents• Packet encapsulation/decapsulation• Proxy neighbor advertisements
Binding Messages
• Binding Update• Used by a mobile node to notify other nodes of a new
care-adress.• Can also be used to delete old bindings.
• Binding Acknowledgement• Used to acknowledge receipt of a Binding Update
• Binding Refresh Request• Used by the correspondent node to inform the mobile
node that the binding is (or is going) stale
• Binding Error• Used by the corresponedent node to signal an error.
Mobile IPv6 Basic Operation
Correspondent Node
<Correspondent Address>
Mobile Node
<Care-Of Address>
Home Agent
Bidirectionaltunnelling
Routeoptimization
<correspondent address> <-> <home address>
Mobile Node
<Home Address>
IP tu
nnelRouting option
Binding Updates to HA
Mobile Node
Home Agent
Home Agent map:<home address>:<care-of address>
Binding Update<home address>
<care-of address>
Binding Update ACK(BACK)
• MN needs to update the HA on it’s current location (CoA): Binding Update message
• The HA keeps this binding for future use
Mobile Node
Binding Update<home address>
<new care-of address>
Home Agent map:<home address>:<new care-of address>
BACK
Binding Updates to CN
Mobile Node
Home Agent
Home Agent map:<home address>:<care-of address>
Correspondent Node
BU<home address>
<care-of address>
BACK
Correspondent Node map:<home address>:<care-of address>
IPv6 src=<care-of address>dst=<correspondent address>Destination Option:Home Address = <home address>
IPv6 src=<correspondent address>dst=<care-of address>Routing Option (type 2)Home Address = <home address>
IPv6 src=<correspondent address>dst=<home address>
IPv6 tunnel:src=<home agent>dst=<care-of address><original packet encapsulated>
Mobile IPv6 Security
BU to HA: Security Issues (1/2)
• Man-in-the-middle attack
Mobile Node
Binding
Malicious Node
False BUBACK
By means of false BU’s, the traffic can be redirected through a malicious node
Home Agent
BU to HA: Security Issues (2/2)
• Hijacking• By means of false BU’s• By replaying old BU’s
• Confidentiality breach• By eavesdropping: the MN is often connected to a WLAN
• Denial-of-Service (DoS)• By means of false BU’s
• An attacker might claim that the MN is at another location.
• By replaying old BU’s• Packets for the MN would be sent to its old location.
• False BU’s can be used for DoS attacks against victim nodes!• All packets destined to the MN’s home adress would be
redirected to the victim node
Mobile IPv6 Security
• Protection of BU both to HA and CN• By the use of IPSec extension headers
• Home address in BU message: Security association based on the MN’s home address
• Security key distribution– Manual or automatic key management with IKE
• By the use of the Binding Authorization Data Option• Protection of BU message to CN
– No security association– No authentication infrastructure between MN and
CN• Return Routability
– Binding management key and kbm: assure the right MN is sending message
– keyed-hash algorithm using kbm
IPsec SA
• IPsec Security Assocation (SA)• An SA is a cryptographically protected connection• There MUST be a SA between the MN and HA• Provides integrity and autentication of BU and BACK• An SA is defined by: <SPI, destination adress, flag> • One SA per home-address
• ESP: Encapsulating Security Payload
• AH: Authentication Header
ESP and AH
• Encapsulating Security Payload (ESP)• Integrity & autenticity• Correct packet ordering
• By means of sequence numbers in BU messages• Anti-replay protection
• Only if dynamic keying is used • Confidentiality
• ”Replay” and ”reordering packets”• Attacks possible if static keys are used
• Authentication Header (AH) is an alternative to ESP
Mobile Node
Home AgentBinding Update
Binding ACK
IPv6 headersource = care-of adress
destination = home agentESP header
Dest. op. headerHome adress option
home adress
Mobility headerBinding update
Alt. care-of adress option
• The ”mobility header” is used in Mobile IPv6 when managing binding• The ”source adress” avoids ingress filtering• The ”home adress option” is used to identify the SA• The ”alt. care-of adress option” is used to protect the care-of adress
Packet Format (1/2)
Mobile Node
Home AgentBinding Update
Binding ACK
IPv6 headersource = home agent
destination = care-of adressESP header
Routing Header (2)
Home adress
Mobility header
Binding ACK
•The ”home adress” in the ”type 2 routing header” helps the mobile node to identify the SA.•Note that the ”Binding ACK” is encrypted
Packet Format (2/2)
BU to Home Agents: Summary
• IPsec SA: Mobile Node <-> Home Agent• Integrity & authentication• Protection against replay and reordering attacks
(dynamic keying) • Confidentiality (optional)
• Problems• Static SA between Mobile Node and Home Agent• If the 16 bit Mobile IPv6 seq.number is cycled through or
the HA reboots and looses state, replay and reordering attacks are possible.
• IPsec doesn’t fully prevent an MN to do a DoS attack• However, he will be identified by means of his SA with
the Home Agent.
• Binding Updating the Correspondent Node• Same issues as with updating the Home Agent
• Spoofing• Man-in-the-middle• Confidentiality• Replay
• In addition• Need to verify successful routing before switching to
route optimization mode• Problem
• Not feasible to have security association including all potential mobile and correspondent nodes
• No security association between MN and CNs
Security Issues: BU to CN
Return Routability (1/4)
• Return Routability• Authorizes binding procedure by the use of a cryptographic
token exchange
• Terminologies• Cookie
• random number used by a mobile nodes• To prevent spoofing by a bogus CN in the RR procedure
• Care-of init cookie• a cookie sent to the CN in the Care-of Test Init
message, to be returned in the Care-of Test message• Home init cookie
• a cookie sent to the CN in the Home Test Init message, to be returned in the Home Test message
Return Routability (2/4)
• Terminologies• Keygen Token
• number supplied by a CN in the RR procedure to enable the MN to compute the necessary binding management key for authorizing a BU
• Care-of keygen token: Care-of Test message• Home keygen token: Home Test message
• Nonce• random numbers used internally by the CN in the
creation of keygen tokens related to the RR procedure• Binding management key (kbm)
• Key used for authorizing a binding cache management message (e.g., BU and BACK messages)
• RR provides a way to create a binding management key
Return Routability (3/4)
• Home Test Init (HoTI)• MN sends a Home Test Init message to the CN to acquire
the home keygen token• Source Address = home address• Destination Address = CN• Parameters
• Home init cookie• This message is reverse tunneled through the HA
• Care-of Test Init (CoTI)• MN sends a Care-of Test Init message to the CN to
acquire the care-of keygen token• Source Address = CoA• This message is sent directly to the CN
Return Routability (4/4)
• Home Test (HoT)• Sent in response to a Home Test Init message• Source Address = CN• Destination Address = home address• Parameters
• Home init cookie• Home keygen token
– First(64, HMAC_SHA1 (Kcn, (home address|nonce|0) ) )
• Home nonce index
• Care-of Test (CoT)
• kbm = SHA1(home keygen token|care-of keygen token)• BU: HMAC_SHA1(kbm, (care-of address|CN address |BU) )
Return Routability Test (1/3)
Correspondent Node
<Correspondent Address>
Mobile Node
<Care-Of Address>
Home Agent
Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1>2 - <nonce2>...
Care-of Test Init:src=<care-of address>dst=<correspondent address><care-of init cookie>
<care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64]<care-of init cookie>
Care-of Test:src=<correspondent address>dst=<care-of address><care-of init cookie><care-of keygen token> care-of nonce index: 1
Cookies:<care-of init cookie><care-of keygen token> care-of nonce index: 1
Return Routability Test (2/3)
Correspondent Node
<Correspondent Address>
Mobile Node
<Care-Of Address>
Home Agent
Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1>2 - <nonce2>...
Home Test Init:src=<home address>dst=<correspondent address><home init cookie>
<home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64] <home init cookie>
Home Test:src=<correspondent address>dst=<home address><home init cookie><home keygen token> home nonce index: 1
Cookies:<care-of init cookie><care-of keygen token> care-of nonce index: 1<home init cookie><home keygen token> home nonce index: 1
Return Routability Test (3/3)
Correspondent Node
<Correspondent Address>
Mobile Node
<Care-Of Address>
Home Agent
Secret Key: <Kcn> Temporary Nonces: 1 - <nonce1>2 - <nonce2>...
Cookies:<care-of init cookie><care-of keygen token> care-of nonce index: 1<home init cookie><home keygen token> home nonce index: 1
Kbm = SHA1 (<home-keygen-token> | <care-of keygen token>)MAC = HMAC_SHA1Kbm(<care-of-address>|<correspondent address>|BU) [1:96]
Binding Updatesrc=<care-of address>dst=<correspondent address>option: Home Address = <home address><sequence number><home nonce index = 1><care-of nonce index = 1><MAC>
<home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64] <care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64]
Mobile IPv6 Optimization
Drawbacks of Mobile IPv6
• Mobile IPv6• Reacts after L2 movement• Introduces a period of service disruption after L2
movement until signaling is completed• Performance depends on Mobile IP registration time and
MH-HA distance
• Optimization Schemes• Fast Handover for Mobile IPv6
• Anticipates Mobile IP messaging (before L2 movement)• Hierarchical Mobile IPv6
• Reduces MN to HA round trip delay• Reduces the number of messages (ratio transmission
efficiency)
Standardization (1/2)
• Recent trend in IETF…• New working groups
• MIP4: Mobility for IPv4• MIP6: Mobility for IPv6• MIPSHOP: MIPv6 Signaling and Handoff Optimization
• IP Mobility Optimizations (Mob Opts) in IRTF• Analysis of Mobile IP Route Optimization considering such
parameters as traffic pattern, link conditions, topology etc• Alternative mechanisms for discovering a Mobility Anchor
Point (MAP) in Hierarchical Mobile IP (HMIP)• Evaluation of existing and new mechanisms for
discovering, and selecting a target base station and/or router for handover
Standardization (2/2)
• IETF Mobile IP WG• Mobile IPv4
• Low latency handoff– draft-ietf-mobileip-lowlatency-handoffs-v4-09.txt,
June 2004.• Regional registration
– draft-ietf-mobileip-reg-tunnel-06.txt, March 2002.
• Mobile IPv6• Fast Handover
– draft-ietf-mipshop-fast-mipv6-03.txt , October 2003.
• Hierarchical Mobile IPv6– draft-ietf-mipshop-hmipv6-02.txt , June 2004.
Hierarchical Mobile IPv6
HMIPv6
• Motivation• Reduce the number of Bus when MNs move within a MAP
domain• Transparency of the MN’s mobility to CNs• Location Privacy
• HMIPv6• Mobility anchor point (MAP): Local HA• MN acquires two addresses
• On-link CoA: LCoA• Regional CoA: RCoA
• Reduce Mobile IPv6 signaling load• Improve Handoff delay
HMIPv6 Operation
MAP
HACN
Internet
MAP
oldAR
newAR
MAP domain
MN
Local BU
(Home address, RCoA)
(RCoA, LCoA)
Home BU
HMIPv6 Operation
MAP
HACN
Internet
MAP
oldAR
newAR
MAP domain
MN
Local BU
(Home address, RCoA)
(RCoA, LCoA’)
HMIPv6 Operation
MAP
HACN
Internet
MAP
oldAR
newAR
MAP domain
Local BU
(Home address, RCoA’)
(RCoA’, LCoA’)
MN
Home BU
Fast Handover for Mobile IPv6
FMIPv6
• Fast Handover for Mobile IPv6• Minimize packet loss and latency due to handoffs
• Critical for real-time services• MN acquires a new CoA and registers with previous AR before
get link to new AR• As soon as MN leaves the current link, old AR starts
forwarding traffic to new AR
• Operation• Detect movement in anticipation (L2 Trigger)
• Update old AR (before L2 movement)• Traffic is then forwarded from Old AR to New AR (non-optimal)• The MN must then also update HA and CNs (for optimal
routing)• Bicasting can improve performance
New Message Format
• Neighbor Discovery Message• Router Solicitation for Proxy Advertisement (RtSolPr)• Proxy Router Advertisement (PrRtAdv)
• Inter-Access Router Message• Handover Initiate (HI)• Handover Acknowledge (HACK)
• New Mobility Header Message• Fast Binding Update (FBU)• Fast Binding Acknowledgement (FACK)• Fast Neighbor Advertisement (FNA)
Message Flow - Predictive
MN PAR NAR
RtSolPr
PrRtAdv
FBU HI
HACK
FBACK FBACK
forward packets
FNA
deliver packets
L2 trigger
Disconnect
Connect
Message Flow - Reactive
MN PAR NAR
RtSolPr
PrRtAdv
FNA[FBU]
FBU
FBACK
forward packets
deliver packets
L2 trigger
Disconnect
Connect
Timing Diagram (1/2)
Time
Handoverstart epoch
Neighbor Discovery is completedMN transmission capable; sends
Binding Update
Packets begin arriving at the new IP address
New link informationBinding Update received
by mobility agent/CN
Link switching delay (tL)
IP connectivitylatency (tI)
Packet receptionlatency (tP)
tBU tNew
[MIPv6]
Timing Diagram (2/2)
Time
L2 trigger(RtSolPr/PrRtAdv,
HI/HACK)
Neighbor Discovery is completedMN transmission capable; sends
Binding UpdatePackets begin arriving
directly at the new IP address
New link information
Binding Update received by mobility agent/CN
Link switching delay (tL)
Handoverstart epoch
: Forwarding from PAR to NAR
(F-BU/F-BACK)
IP connectivityand packet reception latency (tI =tP)
tNew
tBU
tL2
[FMIPv6: Predictive]
Research Issue
• HMIPv6• MAP Selection• Scalability and Fault-tolerant Service
• FMIPv6• Implementation over IEEE 802.11/16/20• Buffer management
• HMIPv6 + FMIPv6• Integration of HMIPv6 with FMIPv6