Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment
description
Transcript of Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment
![Page 1: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/1.jpg)
1
Public Access Mobility LAN:Extending The Wireless Internet into The LAN EnvironmentJUN LI, STEPHEN B.WEINSTEIN, JUNBIAO ZHANG,NAN TU . NEC USA Inc.
IEEE Wireless Communications June 2002報告者 : 通訊所 鍾國麟
![Page 2: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/2.jpg)
2
Introduction
Aim is to meet Ubiquitous access High data rate Local services
Need for Wireless LAN environments
![Page 3: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/3.jpg)
3
Introduction (cont’d)
Architectural guidelines for WLAN environments Large-scale IP-based Supporting mobile/portable
appliances
![Page 4: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/4.jpg)
4
Introduction (cont’d)
公眾 WLAN 目前的問題 End User 網路環境提供業者 (Hotel, 機場 , 餐廳 ..etc) ISPs
![Page 5: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/5.jpg)
5
交 200 元無線上網
User
![Page 6: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/6.jpg)
6
買 xxx 上網易付卡
漫遊 ? QoS ?
![Page 7: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/7.jpg)
7
User 的需要 :1. 帳號 , 密碼 , 帳單能統一2. Mobility3. Qos
![Page 8: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/8.jpg)
8
提供無線場地的業者1. 愈多人來上網愈好2. 設備維護3. 管理方便4. 拆帳5. 商業形像 ..etc
ISPs…
ISP 業者1. 無線環境範圍愈大愈好2. 設備維護方便3. 提供 USER 不同 QoS4. 提供 Mobility
![Page 9: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/9.jpg)
9
PamLAN
IP-based Public Access Mobility LANSupports Internet Access via WLANs Multiple air interfaces Multiple virtual operators(isp, 電信業者 ) Location dependent services Local IP mobility QoS (within wired network)
![Page 10: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/10.jpg)
10
PamLAN business model
Network operators Hotel, airport, ...
Third-party service providers (like ISPs) Franchises obtained from PamLAN
operator Also called: virtual operators
End users
![Page 11: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/11.jpg)
11
PamLAN
May have multiple LAN segments Airports, hotels, universities, ...
Can be built on existing LANs By adding wireless access points
![Page 12: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/12.jpg)
12
PamLAN vs. Cellular Systems
Even 3G mobile communication systems would not be sufficient for evolving Internet applications 384 kb/s outdoors, 2 Mb/s indoors
downstream burst rates Intrinsic problem: providing continuous
coverage in reserved spectrum Investment/Capacity scalability???
![Page 13: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/13.jpg)
13
PamLAN vs. Cellular Systems
WLANs have free spectrumProblem: Potential interfarence i.e. IEEE 802.11b & Bluetooth
Property owners may be agreed or enforced on compatibility
![Page 14: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/14.jpg)
14
Promises of PamLAN
Addresses problems in current WLANs Lack of public access Being tied down to a single access point Single air interface
Not a breakthrough in technological capacitiesCombination of available technologies
![Page 15: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/15.jpg)
15
Architecture
PamLAN/VOLAN/VLAN hierarchy PamLAN: multiple virtual operators VOLAN: Virtual Operator LAN
Extends VLAN capabilities across subnetworks
VLAN: Virtual LAN Implements user group feaures Simulates a physical LAN on a
multisegment LAN environment
![Page 16: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/16.jpg)
16
PamLAN
ISPs
VOLAN1
vlan1 vlan2vlan3 vlan4
VOLAN2
![Page 17: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/17.jpg)
17
Architecture (cont’d)
![Page 18: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/18.jpg)
18
Architecture (cont’d)
Switched Ethernet LANAccess Points Supporting IEEE, Bluetooth,
Cellular, ... IP-based access router with proxies
Gateway routers
![Page 19: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/19.jpg)
19
Architecture (cont’d)
QoS is supported by Ethernet Switches CSMA/CD + full duplex (no contention)
Integration of Cellular IP & Mobile IP for supporting mobilityMPLS (Multi-Protocol Label Switching) Brings QoS across multiple LAN segments
![Page 20: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/20.jpg)
20
Large Scale PamLAN
For single VLAN QoS can be easily supportedFor large scale WLANs? Intermediate routers work at layer 3
Layer 2 information is lost Source & destination addresses must
be used for VOLAN membership Intermediate routers must know all IP
addresses for VLAN mapping
![Page 21: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/21.jpg)
21
Large Scale PamLAN (cont’d)
Solution: MPLS Simple & efficient Access points & Internet gateways
handle VOLAN provisioning Intermediate routers are shielded
from details
VLAN for grouping traffic per VOLANMPLS for whole PamLAN
![Page 22: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/22.jpg)
22
MPLS (Multi-Protocol Label Switching)
Tunnels traffic between gateways & access points Intermediate routers only examine MPLS
labels, which imposes a path
Forwarding Equivalence Class (FEC) Formed based on VOLAN membership &
QoS
FEC is inserted in MPLS label Used for 802.1p priority within VLAN
![Page 23: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/23.jpg)
23
MPLS (cont’d)
![Page 24: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/24.jpg)
24
MPLS (cont’d)
Traffic engineered paths can be set up among access points and Internet gateways according to service contracts between PamLan & virtual operators
![Page 25: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/25.jpg)
25
Protocol Stack
![Page 26: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/26.jpg)
26
Security Issues
Mutual authentication user 和 AP 都需經過 Virtual operators‘s
RADIUS 認證Secure Channel Establishement Public-key-based secure channel
establishment
Authorization Filtering at the access point
![Page 27: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/27.jpg)
27
Mutual Authentication
IP-based authentication 5 Basic Steps: MN 經由 AP 取得 IP (DHCP) MN Login session
access point: relay agent to virtual operator(ISP’s RADIUS)
Challenge-responce protocol for authentication
Public key for securing channel
![Page 28: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/28.jpg)
28
Mutual Authentication (cont’d)
![Page 29: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/29.jpg)
29
MN AP/Radius client Radius(RS)UID
A(UID,Krc)Krc 是 ap 和 Radius serve 互相知道的 key
A(M,k) MD5 系統
UserID
A(UID,s1,E(E(s1,kmu),krc)),krc)Kmu 是 MN 和 RS 之間的 keyUID,s1( 亂數 )
UID,s1,E(s1,kmu),s2A((UID,E(s1,kmu),s2,krc)
A((UID,s1,E(E(s1,kmu),krc),Pkmu),krc)
Pkmu 是 mn 的 public key
UID,EP((E(s2,kmu),SK,Pkmu)
![Page 30: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/30.jpg)
30
Securing Channel
After authentication AP 有 user 的 profile (public key, qos 等
級 , 會員資料等 ..) AP sends session key encrypted
under the corresponding public key IPSEC together with ESP can be used
for security at IP layer depending on user requests
![Page 31: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/31.jpg)
31
Authorization Control
Based on user credentials, packets can be filtered at the access point 使用者可以經由 PamLAN 上 Internet 使用者可以使用當地的 printer 或是其他服
務
![Page 32: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/32.jpg)
32
Accounting
3 possible charging policies Flat-fee based
PamLAN 管理員和 ISP 收取一定費用,則該 isp user 可以無限制使用
Per-session ISP 依 USER 使用時間收錢 .(IDLE….? )
Usage based( 計量 ) Avoidance dispute by digital signature
![Page 33: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/33.jpg)
33
Mobility Issues
Micromobility Roaming within PamLAN
Possible approaches Cellular IP: refreshing router contents
can be a burden for too many users MPLS based: only end points have to
update location Old, new access points and Internet
gateway need to be informed
![Page 34: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/34.jpg)
34
Mobility Issues
Fast handoff 一個 MN 移動到了新的 AP 還要在做一次認
證是很浪費時間的
Move user profile from old AP to the new AP
![Page 35: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/35.jpg)
35
Fast handoff flow
新 AP 向舊 AP 拿取 user 的 profile(Public-key, Session-key,IP, policies….)舊 AP 向 Radius 發出訊息終止現在的 session 計費 .新的 AP 產生新的 Session key, 在將新的 S-KEY和舊的 S-key 用 user 的 Public-key 封裝給 user.User 比對 Session key 資料 , 用新的 S-key 和新AP 傳輸資料新 AP 上的 IP filter 資料由舊 AP 取得 , 同時發訊息給 Radius 開始計費 .
![Page 36: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/36.jpg)
36
Experimental Implementation
一台 12port switch 三台 PC,OS:Linux 二台 PC 裝了 802.11b 卡當成是 AP
測試方法 1. 確認 Vlan 和 diffserv 可以在 switch 上使
用 2. 結合 cellular ip protocol 在這個網路上 3. 實作基本的 AAA 功能
![Page 37: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/37.jpg)
37
Experimental Implementation
Mobility Cellular IP
Linux Kernel(AP) IP Filter IPSEC
OpenSource Radius client(AP)
![Page 38: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/38.jpg)
38
Further work
MPLS-based MobilityQoS admission control
![Page 39: Public Access Mobility LAN: Extending The Wireless Internet into The LAN Environment](https://reader035.fdocuments.net/reader035/viewer/2022062323/56815865550346895dc5c4ca/html5/thumbnails/39.jpg)
39
Conclusion
ExtensibleMultiple servicesMultiple air interfacesAre all appliances capable of handling PKC opreations?