Post on 26-Mar-2015
1© 2001, Cisco Systems, Inc. Updated_03-09-01
Mobile IPMobile IPLessons LearnedLessons Learned
The early yearsThe early years
2© 2001, Cisco Systems, Inc. Updated_03-09-01
Who needsWho needsMobile IP anyway?Mobile IP anyway?
2Updated_01-02-01 © 2001, Cisco Systems, Inc.
3Updated_03-09-01 © 2001, Cisco Systems, Inc.
A Word from the Nay SayersA Word from the Nay Sayers
• “Nomads” don’t have any problems today
• Dynamic addressing works just fine
• We don’t have enough v4 addresses as it is
4Updated_03-09-01 © 2001, Cisco Systems, Inc.
Cellular MobilityCellular Mobility
• User can handover mid flow
• Simplifies layer 2 macro mobility
• Easier to manage than dynamic address pools
• Important part of 3G standards
• Cleaner user experience
5Updated_03-09-01 © 2001, Cisco Systems, Inc.
Multiple Media NetworksMultiple Media Networks
• Cost based network selection
• Go between 802.11, cellular, satellite, etc
• Supported in Cisco’s IOS Mobile Network
6Updated_03-09-01 © 2001, Cisco Systems, Inc.
ClientsClients
Host deviceHost device ProsPros ConsCons
Terminal Terminal BasedBased
Laptops, Laptops, PDAs, etcPDAs, etc More featuresMore features Hard to deploy Hard to deploy
and manageand manage
Embedded Embedded ProxyProxy
Handset, Handset, Network Network Access pt.Access pt.
Transparent to Transparent to attached clients, attached clients, Easier to manageEasier to manage
Tied to media, Tied to media, fewer features, fewer features, less securityless security
Mobile Mobile RouterRouter
RouterRouterClients not Clients not mobile, Central mobile, Central ManagementManagement
Harder to Harder to provision and provision and deploydeploy
7© 2001, Cisco Systems, Inc. Updated_03-09-01
InfrastructureInfrastructure
What you really need toWhat you really need toknow to keep your job.know to keep your job.
7Updated_01-02-01 © 2001, Cisco Systems, Inc.
8Updated_03-09-01 © 2001, Cisco Systems, Inc.
SAM, An Engineer’s Best FriendSAM, An Engineer’s Best Friend
• Scalability – Bigger is better
• Availability – Uptime is king
• Manageability –Knowledge is power
9Updated_03-09-01 © 2001, Cisco Systems, Inc.
ScalabilityScalability
• Maximum number of users per box
• Number of users per rack
• Max Users Throughput, registration rate & memory
10Updated_03-09-01 © 2001, Cisco Systems, Inc.
Did you know…Did you know…
• …there is a significantly higher proportion of signaling traffic to user traffic required for mobility management than traditional dynamic IP routing
• That’s why we use Mobile IP. Traditional routing protocols would not scale with the quantity and frequency of mobility updates
11Updated_03-09-01 © 2001, Cisco Systems, Inc.
Registration RatesRegistration Rates
• Even with large foreign agent provinces each user may reregister every 1-2 hours
• 1 million users reregistering every 2 hours is ~140 registrations per second.
• With 200k users per HA that’s 28 registrations per second
Province – The Province – The geographic geographic area covered area covered by a single by a single foreign agent foreign agent interfaceinterface
12Updated_03-09-01 © 2001, Cisco Systems, Inc.
AAA requirementsAAA requirements
• Every registration requires a Security Association lookup
• SAs can be stored locally or in a AAA server
• How do you handle 140 queries per second per million users?
13Updated_03-09-01 © 2001, Cisco Systems, Inc.
AAA Deployment strategiesAAA Deployment strategies
ProsPros ConsCons
CentralizedCentralized Easy to manage and Easy to manage and provisionprovision
Hard to scale, Hard to scale, Latency can be a Latency can be a problemproblem
DistributedDistributed No WAN concerns No WAN concerns or latency problemsor latency problems
Hard to plan, Hard to plan, manage, deploy and manage, deploy and provisionprovision
Central + Central + CacheCache
Best of both worldsBest of both worlds Cache Management Cache Management ProblemsProblems
14Updated_03-09-01 © 2001, Cisco Systems, Inc.
Tunnel requirementsTunnel requirements
• 1 tunnel per Foreign Agent
• 1 tunnel per co-located care of address
• Tunnels can limitscalability
15Updated_03-09-01 © 2001, Cisco Systems, Inc.
AvailabilityAvailability
• Uptime is king
• 100% SYSTEM uptime is the goal
• Remember, system uptime is not box uptime
16Updated_03-09-01 © 2001, Cisco Systems, Inc.
HA AvailabilityHA Availability
• MN does not learn about HA failure until re-registration
• Bindings are stateful
• HA usually hosts a large number of subscribers
17Updated_03-09-01 © 2001, Cisco Systems, Inc.
Cisco’s HA RedundancyCisco’s HA Redundancy
• Built on HSRP
• Replicates bindings in near real time
• Transparent to Mobile Node
• Bindings AND cached Security Associationsare replicated
18Updated_03-09-01 © 2001, Cisco Systems, Inc.
ManageabilityManageability
• Fast response tooutages
• Capacity Planning
• Performance management
19Updated_03-09-01 © 2001, Cisco Systems, Inc.
RFC 2006 MIBRFC 2006 MIB
• Good fault management support
Total and per user counters for registrations and errors
• Poor capacity/performance management support
Must iterate through the binding table to count bindings
• Cisco MIB supports enhanced features
20Updated_03-09-01 © 2001, Cisco Systems, Inc.
Extracting Performance dataExtracting Performance data
• HA Registration throughput and performancehaRegistrationAccepted & haRegRepliesSent vs time
faRegRepliesRelayed & haRegRepliesSent vs time
• FA Registration throughput and performancefaRegRequestsReceived & faRegRequestsRelayed vs time
faRegRepliesRelayed & faRegRepliesRelayed vs time
21Updated_03-09-01 © 2001, Cisco Systems, Inc.
Internet DeploymentInternet Deployment
Updated_01-02-01 © 2001, Cisco Systems, Inc.
22Updated_03-09-01 © 2001, Cisco Systems, Inc.
Realities of MIP DeploymentRealities of MIP Deployment
• The Internet was designed to support Broadband and Dial-up
• Security concerns force tight network implementation
• Mobility doesn’t fit naturally
23Updated_03-09-01 © 2001, Cisco Systems, Inc.
Ingress filteringIngress filtering
• A “classic” problem in MIP
• Network designers block incoming traffic with an internal source address
• Unicast RPF is probably a more dangerous problem
• Reverse Tunnels offer a solution
HA
Internet
10.1.2.0
10.1.2.45
24Updated_03-09-01 © 2001, Cisco Systems, Inc.
Ingress filteringIngress filtering
• A “classic” problem in MIP
• Network designers block incoming traffic with an internal source address
• Unicast RPF is probably a more dangerous problem
• Reverse Tunnels offer a solution
HA
Internet
10.1.2.0
10.1.2.45
25Updated_03-09-01 © 2001, Cisco Systems, Inc.
Path MTU DiscoveryPath MTU Discovery
• Many network designers block all inbound ICMP
• Triangle routing causes problems not normally seen
• TCP Session opens, but “hangs”
• Windows support “black hole detection”
26Updated_03-09-01 © 2001, Cisco Systems, Inc.
WAP MTU length problemsWAP MTU length problems
• WAP relies on IP fragmentation
• Fragmentation occurs at WAP gateway servers MTU
• Fragments can’t be fragmented
• Gateway MTU must be <= path MTU including tunnel
27Updated_03-09-01 © 2001, Cisco Systems, Inc.
Private AddressingPrivate Addressing
• Good for “Walled Gardens”
• Large Scale NATcan be difficult
• No support for overlapping addresses in the FA
28© 2001, Cisco Systems, Inc. Updated_03-09-01
It is worth it!It is worth it!
Updated_01-02-01 © 2001, Cisco Systems, Inc.
29Updated_03-09-01 © 2001, Cisco Systems, Inc.
Don’t WorryDon’t Worry
A Mobile IP network is just as easy to build as any IP network. There are just a few new rules.
30Updated_03-09-01 © 2001, Cisco Systems, Inc.
Sweet RewardsSweet Rewards
• Seamless IP connectivity
• Transparent user experience
• Limitless Possibilities
31Updated_03-09-01 © 2001, Cisco Systems, Inc.
Are you Ready?Are you Ready?
• There are plenty of challenging problems ahead, but the reward is great.
32Updated_03-09-01 © 2001, Cisco Systems, Inc.
Fire Away?Fire Away?
• Questions?