1. Hierarchical Mobile IPv6 Mobility Management Review Challenge and Perspective

7/31/2019 1. Hierarchical Mobile IPv6 Mobility Management Review Challenge and Perspective

1/26

HMI Pv6Hierarchical Mobile I Pv6 Mobili t y Management

Byung-Jin Han

I nt ernet Management Technology Lab.

Sc oo o I n or mat on & Com mun cat on Eng neer ng,

Sungkyunkwan Univ.

300 Cheoncheon-dong, Jangan-gu, Suw on-si, Gyeonggi -do, Korea.

Tel : + 82-31-290-7222, Fax : + 82-31-299-6673

[email protected]


2/26

Contents

Introduction Terminology

Mobile IPv6 Extension

Neighbor Discovery Extension

Protocol Operation

MAP Discovery

Updating Previous MAPs Detection and Recovery from MAP Failures

References

2


3/26

Introduction

Hierarchical Mobile IPv6 Utilizing a new node called the Mobili t y Anchor Point (MAP)

MIPv6 allows nodes to move within the Internet topology while

maintaining reachability and on-going connections between MN ands.

To do this a MN sends BUs to its HA and all CNs, every time it moves

MAP help to reduce additional delay Eliminating additional delay from the time critical handover period

Significantly improve the performance

In wireless links, reduces the number of message

3


4/26

Introduction

Location ofMAP MAP can be located at any level in a hierarchical network of routers

Solution with MAP

The MN sends BU to the local MAP rather than the HA and CNs

The MN sends only one BU to MAP rather than the number ofCNstimes

Aim of Hierarchical Mobilit Mana ement Model

AMAP is essentially a local HA Enhancing the performance of MIPv6

Support FMI Pv6 for achieving seamless mobility

Allows MNs to hide their location from CNs and HAs while using route

4


5/26

Terminology

Access Router The AR is the MNs default router

The AR a re ates the outbound traffic of MNs

Mobility Anchor Point (MAP)

A router located in a network visited by the mobile node

One or more MAPs can exist within a visited network

Regional Care-of Address (RCoA)

Auto-configured by the MN when receiving the MAP option

HMIPv6-aware Mobile Node

An MN that can receive and process the MAP option and send local bindingupdate (BU with the M flag)

On-link Care-of Address (LCoA) Simply referred as the CoA but used to distinguish it from RCoA

Local Binding Update

The MN sends a Local Binding Update to the MAP

Establish a binding between the RCoA and LCoA

5


6/26

Overview of HMI Pv6

HMIPv6 scheme introduces a new function The MAP and minor extensions to the MN operation

An MN entering a MAP domain will receive RA containing information on

one ore more local MAPs T e MN can in its LCoA wit RCoA

MAP acting as a local HA

If the MN changes its current address with in a local MAP domain (LCoA) t on y nee s to reg ster t e new a ress w t

Only RCoA need to be registered with CN and HA

MAP domains boundaries are defined by the ARs advertising the MAP

HMIPv6 is simply an extension of MIPv6

MAPv -aware

6


7/26

HMI Pv6 Operat ion

HMIPv6 Operation

CN CN

Internet Internet

MN HoA MN (HoA)

Handoff Handoff

MAP

AR1 AR2 AR1 AR2

Handoff Handoff

MN (CoA1)MN (CoA2)

MN (LCoA1,RCoA)MN (LCoA2,RCoA)

7

< MIPv6 >< HMIPv6 >


8/26

HMI Pv6 Operat ion

New RA option MN will discover the global address of the MAP

Also inform distance of the MAP from MN

MAP discovery Every time the MN detects movement

It will also detect whether it is still in the same MAP domain

RA used to detect movement via MAP option

When change MAP address

MN change MAP by sending BU to its HA and CNs


RCoA used as local HoA

Src = LCoA, Dst = MAP, Addr in HoA Dst Option = RCoA

Use for forward packet to MN from HA for CNs

MAP does not modify the contents of the original packet

ou e op m za on s a a a e

8


9/26

Mobile I Pv6 Ext ensions


Sequence #Added

A H L K M Reserved Lifetime

Mobility Options

M bit If set to 1 it indicates a MAP registration

When MN registers with the MAP M and A flags MUST be set to distinguish BU to HA or CNs

9


10/26

Neighbour Discovery Ext ension

MAP option message format (RA message)

Type Length Dist Pref R Reserved

Valid Lifetime

Global IP Address for MAP

Type IPv6 Neighbor Discovery option : 23

Dist 4-bit unsigned integer identifying the distance between MAP and the receiver

Default 1, it does not mean hops

R When set to 1, it indicates that the MN MUST from an RCoA based on the prefix in the

MAP option

Global Address One of the MAPs global addresses

The 64-bit prefix extracted from this address MUST be configured in the MAP to be used

10


11/26

Protocol Operat ion

Mobile Node Operation When a MN moves into a new MAP domain

An RCoA on the MAPs link and an on-link CoA (LCoA)

The RCoA is formed in a stateless manner

Local BU to the MAP with the A and M flags set

After forming RCoA, MN send local BU

Local BU include RCoA in Home Address Option

No alternate-CoA option is need

S = LCoA D = MAP HoA Opt AH Hdr Payload

RCoABinding Update Option

(Mobility Header)

This BU will bind RCoA and LCoA

MAP perform DAD and return a BAck to MN

BAck MUST with Type 2 Routing Header

Following successful registration with the MAP A bi-directional tunnel between the MN and the MAP is established

11

S = LCoA D = MAP ESP H r S = RCoA D = CN Pay oa ESP Tai Aut


12/26

Protocol Operat ion

Mobile Node Operation RCoA

MUST NOT use one RCoA (from MAP1) as a CoA in its BU to another MAP (MAP2)

This would force packets to be encapsulated several times

Bindin U date RCoA with HA and CNs After registering with MAP, the MN MUST register its new RCoA with its HA and CNs

S = LCoA D = MAP ESP Hdr S = RCoA D = HA Payload ESP Tail Auth

S = RCoA D = HA HoA Opt ESP Hdr Payload ESP Tail Auth

Handover between MAPs

HoAn ng p a e p on(Mobility Header)

,

In order to speed up and reduce packet loss

Handover within MAP domain

RCoA does not change

12


13/26

Protocol Operat ion

Mobile Node Operation Sending Packet to CNs

S = LCoA D = MAP ESP Hdr S = RCoA D = CN HoA Opt Payload ESP Tail Auth

HoA

13


14/26

Protocol Operat ion

MAP Operation The MAP act like a HA

tunnels them to LCoA, which is stored in Binding Cache

A MAP has no knowledge of the MNs HoA

The MN will send a local BU to the MAP with M and A flags set

This BU inform the MAP that MN has formed an RCoA

If Successful the MAP Must return a BAck to the MN

Identical to HA MAP MUST be able to accept packets tunneled from the MN

Using proxy Neighbour Advertisement

then encapsulated and routed to the MNs LCoA

The list of valid on-link prefixes that MN can use to derive LCoAs

This is useful for network operators to stop MN from continuing to use the MAPafter moving to a different administrative domain

Error code 129 (BAck)

14


15/26

Protocol Operat ion

Local Mobility Management Optimization with in a MAP Domain For short-term communication in MIPv6

MN MAY choose to directly use one of its CoA as the source of packet

Does not requiring HoA destination option

For short-term communication in HMIPv6 MN can use its RCoA as the source of packet

It provide local mobility movement, but global

Is would be useful for several application

(e.g. web browsing)

This mechanism can provide

A way of obtaining route optimization without BU to the CNs

ocat on r vacy

In HMIPv6

An MN hides its LCoA from its CNs and its HA by using RCoA Tracking of a MN is difficult

15


16/26

MAP Discovery

MAP Discovery Describes

How ARs in a domain discover MAPs

Dynamic MAP Discovery Based on ro a atin the MAP o tion in Ras from the MAP to MN via certain routers Requirement

Manual configuration of MAP

Allowing the routers receiving the MAP option to propagate the option

RAs are used for Dynamic MAP Discovery by introducing new option AR is required to send the MAP option in its Ras

MAP option includes distance vector, preference, MAPs global IP

16


17/26

MAP Discovery

Dynamic MAP Discovery The AR within a MAP domain

ARs may obtain this information by listening for RAs with MAP options

Each MAP in the network Preference value Default 10

Needs to be configured with

Distance is set to a default 1

Router receiving a RA with the MAP option Increment the Distance field by one and re-send it

If receiving router also MAP, send MAP options together

If a router receive more than one MAP option for the same MAP from two differentinterfaces, it MUST choose smallest one

MAP nodes are able toange e r pre erences ynam ca y Node overload or load sharing

17


18/26

MAP Discovery

Mobile Node Operation An HMIPv6 aware MN

An MN SHOULD register the highest preference value

MAY choose MAP depend on Distance field

Valid lifetime of zero mean MAP failure

An MN MUST store the received options In order to choose at least one MAP to register with

Storing the option will be compared to other option received later

For the purpose of the movement detection algorithm

If the R flag is set (in RA) The MN MUST use its RCoA as the HoA when performing the MAP registration (local BU)

An MN MAY Choose to register with more than one MAP simultaneously

Use both RCoA and LCoA as CoA simultaneously with different CNs

18


19/26

Updat ing Previous MAPs

BU to Previous MAPs When an MN moves into a new MAP domain

Request to forward packets addressed to the MNs new CoA

An Administrator MAY restrict the MAP from forwardin ackets to LCoAs outside the MAPs domain

RECOMMENDED However, it is RECOMMENDED that MAPs be allowed to forward packets

To LCoAs associated with some of the Ars in nei hbourin MAP domain in sameadministrative domain

19


20/26

Note on MAP Select ion by t he MN

MAP Selection by the MN SHOULD be Eager to perform new bindings

MAP Selection in a Distributed-MAP Environment

One or more MAPs Does not means hierarchical structure of MAPs

Does means provide redundancy

MAP selection algorithm1. Receive and parse all MAP options

2. Arrange MAPs in a descending order by furthest distance

3. Select first MAP in list

. ,

5. RepeatMAP1

MAP2 is better

MAP2

than MAP1

20MAPs


21/26

Det ect ion and Recovery f rom MAP Failure

MAP Failure MAP can be seen as a local HA

If a MAP fails Its binding cache content will be lost

Resultin in loss of connection between MN and CNs

May be avoid by Using more than one MAP on same link

Some form of context transfer rotocol between them

MN can detect MAP Failure When it receives a RA containing a MAP option with lifetime of zero

If presence of a protocol that transfer binding cache entries and provide same prefix

Would save MN from updating CNs and HA

By sending ICMP Echo request message to the MAP regulary If no response is received an AR may try to aggresively send echo request

no rep y s rece ve a op on may e sen w a va e me va ue o zero

21


22/26

Secur it y Considerat ion

The security relationship between the MN and MAP Must be strong

Mutual authentication

Integrity protection

Protection a ainst re la attack

Confidentiality

May be needed for payload traffic

Is not required for binding updates to the MAP

22


23/26


MN-MAP security Initial authorization MAY be needed

Specifically for the Service, not for the RCoA

Authorizing a MN to use the MAP service

Can be done based on the identity of the MN exchanged during SA negotiation

The authorization may be granted based on the MNs identity or identity of CA(Certificate Authority)

If MN has certificate signed by trusted entity, it would be sufficient for the

Initial authorization does not needed For using RCoA

Because the RCoA is tem orar and is not bound to a articular node

MN does not have to initially prove that is owns its RCoA when it establish SA withMAP

A MAP only need to ensure that or a part cu ar o was ssue y t e same t at esta s e t e or

that SA

23


24/26


MN-MAP security (contd) The MAP does not need to have prior knowledge

As a result the SA between the MN and the MAP can be established using any keyestablishment protocols such as IKE

The MAP needs to set the SA for the RCoA This can be IKE

Identical step for HoA in IKE

If a binding cache entry already exists for a particular RCoA No new SA should be established for such RCoA

This prevents the mobile node from being able to re-establish a SA for the sameRCoA

24


25/26


MN CN security HMIPv6 not impact to RR procedure

In HOTI and COTI message

Source address is HoA

S = D = ESP S = D = ESP S = D = Pa - ESP ESPLCoA MAP Hdr RCoA HA Hdr HoA CN load Tail Tail

HOTI

S =LCoA D =MAP ESPHdr S =RCoA D =CN Pay-load ESPTail Auth

COTI

25


26/26

References

H. Soliman et al., Hierarchical Mobile IPv6 Mobility Management(HMIPv6)", RFC 4140, August 2005.

26

Documents

1. Hierarchical Mobile IPv6 Mobility Management Review Challenge and Perspective