Mobile IPv6 Activities at Lancaster University - 6NET · Mobile IPv6 Activities at Lancaster...

Mobile IPv6 Activities at Mobile IPv6 Activities at Lancaster UniversityLancaster University

Martin DunmoreMartin DunmoreLancaster University, UKLancaster University, UK

[email protected]@comp.lancs.ac.uk

AgendaAgenda

Overview of Mobile IPv6Overview of Mobile IPv6

(Mobile) IPv6 projects at Lancaster(Mobile) IPv6 projects at Lancaster

IPv6 and future IPv6 and future information networks…information networks…

Wireless Overlay Wireless Overlay NetworksNetworks

Large number of heterogeneous networks…Large number of heterogeneous networks…SatelliteSatelliteGSMGSMCDPD/GPRSCDPD/GPRSDECTDECTWireless LANWireless LANBluetoothBluetoothIRIRWired Networks

USRAGPRS

UTRA WLANPicocell

Microcell

Macrocell

Satellite

Wired Networks

In combination, these form Overlay Networks

System RequirementsSystem Requirements

In a word, In a word, connectivityconnectivity–– Roaming across heterogeneous networksRoaming across heterogeneous networks–– Rapid response to changes in network Rapid response to changes in network

environmentenvironment–– Effective bandwidth Effective bandwidth utilisationutilisation–– TransparencyTransparency–– Support for continuous mediaSupport for continuous media

InternetworkInternetwork RoamingRoaming

Need for an Need for an InternetworkInternetwork Protocol…Protocol…–– What Protocol?What Protocol?–– Deployment time of UMTS / uptake of Deployment time of UMTS / uptake of

overlay networksoverlay networks–– Support for Support for

ScalabilityScalabilityMultimediaMultimediaAutoconfigurationAutoconfigurationInteroperabilityInteroperability

What about Roaming?What about Roaming?

IPv6 gives you scalability and IPv6 gives you scalability and heterogeneity…heterogeneity…What about mobility?What about mobility?

Why IPv6 doesn’t work…Why IPv6 doesn’t work…

IPv6 routes packets based on network IPv6 routes packets based on network prefix information…prefix information…

IPv6 Data

IPv6Network

Why IPv6 doesn’t work…Why IPv6 doesn’t work…

IPv6 routes packets based on network IPv6 routes packets based on network prefix information…prefix information…

IPv6Network

IPv6 Data

Mobile IPv6 OverviewMobile IPv6 Overview

Routing protocol for mobile IPv6 hostsRouting protocol for mobile IPv6 hosts–– Nothing more, nothing lessNothing more, nothing less–– Transparent to upper layer protocols and Transparent to upper layer protocols and

applicationsapplicationsUncommon protocol architecture…Uncommon protocol architecture…–– Tries to avoid actively involving routers!Tries to avoid actively involving routers!–– Protocol state held in endProtocol state held in end--stationsstations

Mobile nodesMobile nodesCorrespondent nodesCorrespondent nodes

–– One exception… the One exception… the Home AgentHome Agent

Mobile IPv6 OperationMobile IPv6 Operation

Mobile Nodes ‘Acquire’Mobile Nodes ‘Acquire’–– Home addressHome address–– Home agentHome agent

When away from homeWhen away from home–– Acquire careAcquire care--of addressof address–– Register careRegister care--of address with home agent of address with home agent

and any relevant correspondent nodes…and any relevant correspondent nodes…–– Mobile IPv6 ensures correct routingMobile IPv6 ensures correct routing

Mobile IPv6 Operation Mobile IPv6 Operation ctdctd..

Mobile IPv6 bindings cacheMobile IPv6 bindings cache–– Maintains a mapping between mobile node’s Maintains a mapping between mobile node’s

home and its current carehome and its current care--of addressof address–– Held by home agents and correspondentsHeld by home agents and correspondents–– Provides info to allow correct routing of IPv6 Provides info to allow correct routing of IPv6

packets to mobile node via IPv6 routing packets to mobile node via IPv6 routing header…header…

–– Provides a deProvides a de--coupling between an IPv6 coupling between an IPv6 address and routing informationaddress and routing information

Mobile IPv6 ExampleMobile IPv6 Example

IPv6 Data

IPv6Network

Home Address2001:630:80:7000::1


IPv6Network

IPv6 Data

IPv6 DataBinding Update

Binding Update

Router AdvertisementRouter Solicitation

IPv6 Data

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

Home Agent

Home Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:8000::1


2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

Home Agent

IPv6Network

IPv6 Data



Okay, but what if we move again?Okay, but what if we move again?

Two casesTwo cases–– Move from on foreign network to anotherMove from on foreign network to another–– Return home…Return home…

Need to send more binding updates…Need to send more binding updates…


2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

Home Agent

IPv6Network

IPv6 Data



IPv6Network

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache2001:630:80:7000::12001:630:80:8000::1

Bindings Cache


Binding Update

2001:630:80:7000::12001:630:80:9000::1

Bindings Cache

Home Agent

IPv6 Data


How to update How to update correspondent?correspondent?

Bindings cache entry out of date…Bindings cache entry out of date…

SolutionSolution–– Maintain a list of active correspondent nodes Maintain a list of active correspondent nodes

in mobile node.in mobile node.–– Generated when a tunnelled packet received Generated when a tunnelled packet received

from home agentfrom home agent–– Known as the Known as the binding update listbinding update list


IPv6Network

IPv6 Data

IPv6 Data

Binding UpdateIPv6 Data

CN’s IPv6 AddressBinding Update List

2001:630:80:7000::12001:630:80:8000::1

Bindings CacheCN

Home Agent



2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

2001:630:80:7000::12001:630:80:8000::1

Bindings CacheCN

Home Agent

IPv6Network


IPv6 Data



IPv6Network

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache2001:630:80:7000::12001:630:80:8000::1

Bindings Cache


Binding Update

2001:630:80:7000::12001:630:80:9000::1

Bindings Cache


2001:630:80:7000::12001:630:80:9000::1

Bindings Cache

CNHome Agent

IPv6 Data

Binding UpdateHome Address: 2001:630:80:7000::1Care-of Address: 2001:630:80:9000::1


IPv6Network

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache2001:630:80:7000::12001:630:80:9000::1

Bindings Cache

2001:630:80:7000::12001:630:80:9000::1

Bindings Cache


CNHome Agent

IPv6 Data


What address do we use?What address do we use?

When away from home what address When away from home what address does a mobile node source from?does a mobile node source from?

Its Home Address?Its Home Address?

But what about ingress filtering?But what about ingress filtering?–– Ingress filtering is a security measure taken Ingress filtering is a security measure taken

by many border routers.by many border routers.–– Any packets received by a router on an Any packets received by a router on an

interface which interface which do not matchdo not match the source the source address of that packet are discarded.address of that packet are discarded.

–– Avoids many ‘spoofing’ attacks…Avoids many ‘spoofing’ attacks…

Can’t source from home address, as its Can’t source from home address, as its prefix doesn’t match current location…prefix doesn’t match current location…

Its CareIts Care--Of Address?Of Address?

But what about TCP?But what about TCP?–– TCP uses the IP(v6) source address as an TCP uses the IP(v6) source address as an

indexindex–– Without a device using a consistent IPv6 Without a device using a consistent IPv6

address, no the TCP connection would address, no the TCP connection would break…break…

Can’t source from careCan’t source from care--of address, for of address, for reasons of protocol stability…reasons of protocol stability…The solution?The solution?

Source from BOTH…Source from BOTH…

New IPv6 destination optionNew IPv6 destination optionThe The Home AddressHome Address OptionOption

Included in Included in EVERYEVERY outgoing packetoutgoing packetUnderstood by all correspondent nodesUnderstood by all correspondent nodesHome address replaces source address on Home address replaces source address on reception by destination (correspondent node)reception by destination (correspondent node)

IPv6 packetsIPv6 packetssourced from caresourced from care--of addressof addressContain home address as an optionContain home address as an option

What about network What about network errors?errors?

Mobile IPv6 bindings are Mobile IPv6 bindings are soft statesoft state–– Refreshed periodicallyRefreshed periodically–– Contain sequence numbersContain sequence numbers–– Can be Can be ack’dack’d-- binding binding

acknowledgementsacknowledgements

–– Binding Updates and Binding Updates and AcksAcks are are retransmitted (rate limited) until the retransmitted (rate limited) until the protocol convergesprotocol converges

What Format are the What Format are the Control Messages?Control Messages?

MIPv6 control messages are carried MIPv6 control messages are carried using IPv6 destination optionsusing IPv6 destination options–– Not reliant on higher level protocolsNot reliant on higher level protocols–– Multiple messages per IP packetMultiple messages per IP packet–– Messages can append existing packetsMessages can append existing packets–– E.g. TCP connection requests…E.g. TCP connection requests…

One problem remains…One problem remains…

AuthenticationAuthentication–– Massive security / denial of service attack Massive security / denial of service attack

in MIPv6 as described so far.in MIPv6 as described so far.

–– What’s to stop an attacker sending bogus What’s to stop an attacker sending bogus Binding Update messages?Binding Update messages?


IPv6Network

IPv6 Data

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

Care-of Address: dead:dead:dead::1

2001:630:80:7000::1dead:dead:dead::1

Bindings Cache

Binding Update

Home Agent


IPv6 and SecurityIPv6 and Security

IPv6 specifies the ESP and AH headers for security IPv6 specifies the ESP and AH headers for security + existing mechanisms (e.g. SSL and IPSEC)+ existing mechanisms (e.g. SSL and IPSEC)

Intended to employ Intended to employ IPSecIPSec to provide algorithms, to provide algorithms, policies and key exchange.policies and key exchange.

Mobile IPv6 was the first foray into the field, and Mobile IPv6 was the first foray into the field, and fell foul of fell foul of IPsec’sIPsec’s lack of progress in lack of progress in standardization and deployment… (IKE + AAA)standardization and deployment… (IKE + AAA)

Return Reachability…Return Reachability…

……or or Route EquivalenceRoute Equivalence..

Argument:Argument:

“All that really matters is that the optimized “All that really matters is that the optimized route is functionally equivalent to a nonroute is functionally equivalent to a non--optimized route”optimized route”

Return ReachabilityReturn Reachability

Home Agent implicitly trustedHome Agent implicitly trusted–– Assumed it is hosted on secure siteAssumed it is hosted on secure site–– Assumed that Assumed that IPsecIPsec is used between mobile host is used between mobile host

and its home agent.and its home agent.

Dynamic key distribution for use with Dynamic key distribution for use with correspondent nodes.correspondent nodes.

Uses cookies to build session keys…Uses cookies to build session keys…

Return ReachabilityReturn Reachability

IPv6Network

Home AgentIPv6 Data

IPv6 Data

Binding Update

HoTI Message


IPv6 Data

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

CoT Cookie

HoT Cookie

HoT Cookie

Binding Update+ Session Key

HoT Cookie+

CoT Cookie=

Session Key



2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

2001:630:80:7000::12001:630:80:8000::1

Bindings Cache

Home Agent

IPv6Network

IPv6 Data


Mobile IPv6 StatusMobile IPv6 StatusSome interesting facts…Some interesting facts…–– Ericsson: Ericsson:

Developing MIPv6 clients for Developing MIPv6 clients for SymbianSymbian……Demonstrated endDemonstrated end--toto--end IPv6 over GPRS, 14end IPv6 over GPRS, 14thth

November 2000.November 2000.

–– Nokia Nokia IPv6 over live GSM network, 10IPv6 over live GSM network, 10thth May 2000May 2000Work toward IP based GSM interconnectsWork toward IP based GSM interconnects

–– MicrosoftMicrosoftWindows XP shipping with IPv6 support (some MIPv6)Windows XP shipping with IPv6 support (some MIPv6)Windows XP serverWindows XP serverWindows CE 3.1 / 4.0Windows CE 3.1 / 4.0

–– CiscoCiscoIOS image supporting home agent on requestIOS image supporting home agent on request

Mobile IPv6 StatusMobile IPv6 Status

Mobile IPv6 currently at draft v18Mobile IPv6 currently at draft v18–– v19 likely to go to RFCv19 likely to go to RFC

Most implementations still around v15Most implementations still around v15–– No reverse reachability supportNo reverse reachability support–– … watch this space… watch this space

10/8/200310/8/2003 Joe Finney, Lancaster UniversityJoe Finney, Lancaster University

Mobile Mobile IPIPvv66Systems Research Systems Research LaboratoryLaboratory

A joint project between:A joint project between:Cisco, Lancaster University, Cisco, Lancaster University, Microsoft and OrangeMicrosoft and Orange

Main areas of interestMain areas of interestThe workplace

Wireless coverage of lecture theatres will allow experimentation using novel teaching methods and provide better support for conferences.

The use of mobile devices in offices is now fairly commonplace, however, such a diverse test-bed offers many new opportunities for experimentation.

Providing wireless connectivity around hotels means visitors can be permanently on-line -- to the home, the office, or connected just for fun.

Main areas of interestMain areas of interestThe home

Though mainly concerned with mobile systems, the project will also deploy services to homes and University residences. …we aren’t always mobile!

There are many situations where wireless access would make life easier, including home working, database access, or just for entertainment.

Another aspect of the project will be to extend our previous work on context aware systems to many environments, including the home.

Main areas of interestMain areas of interestOut and about

We already have a wireless network around the City providing tourist information. The system also allows families to keep in touch as they roam.

Checking lecture times while on the move or downloading an e-Book while relaxing in a Cafe. …wireless coverage of leisure areas is also high on our list.

Extending our City-wide wireless network would allow new services such as instant price comparisons and access to product information.

Real TournamentReal Tournament

An Augmented Reality Multiplayer An Augmented Reality Multiplayer Gaming EnvironmentGaming Environment


Take a local park…Take a local park…Enable it with IPv6 connectivityEnable it with IPv6 connectivity


A team of approx. four playersA team of approx. four playersEach player equipped with an IPv6 Each player equipped with an IPv6 enabled PDA…enabled PDA…


……and a GPS to track locationand a GPS to track locationWilliamson park idealWilliamson park ideal–– Open spaceOpen space–– Well mappedWell mapped

–– Also a compass for orientationAlso a compass for orientation


PDA displays location of players, teamPDA displays location of players, team--mates mates … and (of course) monsters… and (of course) monsters


Synchronisation performed via Synchronisation performed via whatever network is available.whatever network is available.–– 802.11 hotspots allow streamed media802.11 hotspots allow streamed media–– GPRS fallback GPRS fallback –– MIPv6 provides transparencyMIPv6 provides transparency

–– PDAsPDAs have Bluetoothhave Bluetooth–– I/F to GPRS phoneI/F to GPRS phone–– CF 802.11CF 802.11


Team gameTeam game–– Player need to synchronise their actions Player need to synchronise their actions

to achieve their goal (more points)to achieve their goal (more points)

RealReal--time communicationstime communications–– Group Voice over IPv6 app to Group Voice over IPv6 app to allow players to synchronizeallow players to synchronizeattacksattacks JustTalk Button


Add Streaming media for a little more Add Streaming media for a little more excitement…excitement…

Stream ID Textual Description Media Server Local IDEncodings

123

45

Babylon 5 TrailerGoodtimesHappy Days - Weezers

FirestarterTrapdoor

MPEG1MPEG1MPEG1H.263MPEG1MPEG1H.263

1.2 Mbps1.1 Mbps1.1 Mbps8 kbps1.3 Mbps1.1Mbps8kbps

10.0.0.210.0.0.2

10.0.0.3

10.0.0.2

10.0.0.3

123

12


Add some packaging…Add some packaging…

In Summary…In Summary…

Application which stresses the testbedApplication which stresses the testbed–– Novel and nonNovel and non--trivialtrivial–– Standard componentsStandard components–– IPv6 enabledIPv6 enabled–– RealReal--timetime–– Context sensitiveContext sensitive

Network environment, user’s location, orientationNetwork environment, user’s location, orientationMore to comeMore to come

… but also provides good PR as a … but also provides good PR as a demonstratordemonstrator

Watch this spaceWatch this space

Real TournamentReal Tournament–– To go live (alpha) in early October 2002To go live (alpha) in early October 2002

Once in prototypeOnce in prototype–– Trial against real users… Trial against real users… –– ReRe--evaluate against standard approachesevaluate against standard approaches

SIP ‘presence’ vs. contextSIP ‘presence’ vs. contextService discoveryService discoveryBroader deployment model for appsBroader deployment model for apps

–– Evaluate testbed InfrastructureEvaluate testbed Infrastructure

Mobile IPv6 Activities at Lancaster University - 6NET · Mobile IPv6 Activities at Lancaster...

Documents

Transcript of Mobile IPv6 Activities at Lancaster University - 6NET · Mobile IPv6 Activities at Lancaster...