IP Mobility Technologies - …d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKRST-2370.pdfAn overview of Mobility use cases will be given and ... Global Mobile Data Traffic Forecast

IP Mobility Technologies BRK-2370

Gaétan Feige, Technical Leader

© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public

Session Details

3

Mobility is a very important current BUZZ topic in the industry. However, it is also a topic which means many different things depending on who speaks about it. This session will demystify what Mobility means and how network architectures and internet protocols deliver the “mobility” experience.

An overview of Mobility use cases will be given and demonstrated to generate the participants feedback in the marketing exercise which consists of determining if such and such use case is a valid one the industry should be concerned of. This initial discussion will abstract the network architectures and focus on the user experience. The discussion will then refocus on current network architectures which deliver Mobility as it is mostly understood by many, hence Mobile Cellular and Enterprise WLAN architectures, highlighting protocols such as GTP, MIP/PMIP, and CAPWAP.

The session will then dive more into protocol details and see how these compare in delivering a Mobility experience. The previous protocols such as GTP, MIP/PMIP and CAPWAP will be compared in detail but others such as LISP, SCTP, MPTCP, SIP & “pure application level Mobility” will also be inserted in the comparison. Through this wide set of protocol examples, we will highlight the common mechanisms that are required for Mobility. This will allow the participants to understand that throughout the differences in the proposed protocols, many fundamentals remain the same and are simply implemented at various levels of the OSI stack. The conclusion will focus on how these technologies can and will insert into current architectures and deployments.

Agenda


Agenda

Why Session Persistency

Session Persistency Facts

Some Protocols in Detail

Protocol Comparison

Client Impacts

Summary

5

Why Session Persistency


The Mobile Internet is Changing Everything

7

More Broadband

New Pricing

New Devices

New Applications

Video will be 66% of mobile traffic by 2014. 7


Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast Update Increasing Average Mobile User; Traffic per Month

8

Source: Cisco VNI Global Mobile Data Traffic Forecast, 2012–2017

2012 2017 GLOBAL

Global MB per Month

BY REGION

North America

United States

Canada

201

753

763

638

2,037

6,176

6,302

4,929

BY COUNTRY


Small Cell Market Drivers for Change

Attractive

Economics

of Offload

Growth in

Mobile Data Lack of

Spectrum

Anytime

Anywhere

Access to

Data

Increase in

Indoor

Consumption

High growth opportunities are attracting intense competition

9


Drivers For Change: Scaling Supply

10

Source: Agilent

2010 2011 2012 2013 2014 2015

3.8 EB per Mo

0.24 EB per Mo

6.3 EB

per Mo

2.2 EB

per Mo

1.2 EB

per Mo

0.6 EB

per Mo

92% CAGR 2010–2015

1000

100

10

1 1990 1995 2000 2005 2010 2015

Gro

wth

Spectrum

Average

Macrocell

Efficiency

Macrocell

Capacity

26x

Growth


“Offloading” Traffic To Small Cells 66% of Mobile Traffic to be Offloaded from Macro RAN by 2017

11

0.0

1.0

2.0

3.0

4.0

5.0

6.0

2012 2013 2014 2015 2016 2017

Ex

ab

yte

s p

er

Mo

nth

Offload Traffic from Mobile Devices

Cellular Traffic from Mobile Devices

66%

34%

Source: Cisco VNI Global Mobile Data Traffic Forecast, 2012–2017


Community Wifi Example NY MSOs & Paris (Free Wifi, SFR WIFI)

12

People activating the service at home can connect on other residential hotspots

Large Scale Requirements (Million of APs, Million of IP addresses)

Security requirements for private / public traffic segregation, fraud prevention and billing

Roaming requirement between APs

Session Persistency Facts


User experience is what defines Session Persistency

Mobile Networks have always been designed in such a way that roaming / mobility events do not impact user traffic and allow sessions to be persistent

However the quality of persistence is the key factor to consider: No perception of any change by user

Application stalls and resumes

Application stalls and can not recover

Some applications may be more sensitive than others in the sense that the use experience is more degraded.

Main question : what is a session ? An IP transport/session flow identified by some ID

An application flow identified by some application ID ( HTTP cookie, Video ID, Application state maintained on both sides )

Other …

14


Common User Applications

15

Standard Real Time

Conferencing

Business

&

Productivity

Video

Streaming

Collaboration Tools

Email applications

1. Loss of packets on bearer

channel (RTP/UDP) acceptable

2. Loss of packets on control

channel (SIP/TCP/RCTP)

unacceptable

3. Not tolerant to delay, latency,

errrors


An Introduction to the Mobility Challenges

16


Network Anchors exist in all the Cellular Architectures

17

GGSN

SGSN

Serving

RNC

Node B

La

ye

r 3

3GPP

HSPA 3GPP2

EVDO

SAE

GW

MME

eNode B

CSN

ASN

GW

Base

Station

3GPP

SAE/LTE WIMAX

MAG/

LMA

eBTS

3GPP2

UMB

IP

IP IP IP

Mobile Networks Evolution

PDSN

PDSN

PCF

BS

IP

HA PDN

GW HA


WLC Cluster Resources

Network Anchor exist also in the 802.11 Environment

Enterprise LWAPP/CAPWAP Infrastructure also bring an anchor point for the 802.11 networks

18


Mobility / Session Persistence Mechanisms

19

Layer 2 Layer 3 Layer 4 Application Layer

Ethernet Spanning Tree

LAM ( Local Area Mobility )

:

host routes

SCTP SSL Reconnect

PPP

MIPv4/v6

DSMIP

PMIP

MTCP

(Multipath TCP) SIP Re-Invite

GTP LISP ILNP Adaptive Video

EthoIP / EthoGRE VPNs WAAS …

MOBIKE …

HIP

LISP


Mobility & The OSI Layers

20

L2 is fast, but not scalable

L3 scales well, support multiple L2 links and is application independent

L4/5 session management provides end to end session identification, path optimization

Application layers provide application recovery when all else has failed. Can be very application specific

L2 L3

L4/5

L7

Some Protocols in Details

MIP / PMIP / DSMIP


Mobile IPv6 Protocol Summary

RFC 2460 : Internet Protocol, Version 6 (IPv6) Specification

RFC 3775 : Mobility Support in IPv6

RFC 4225 : Mobile IP Version 6 Route Optimization Security Design Background

Move Detection &

Location Discovery

Topology Data Propagation

Topology Establishment

Location Database &

Tunnel Creation

Control Signaling

Agent Discovery

Registration Process

23


HA

MIPv6 Overview

24

MN 2001:1:1:1::2 /64

CN 2001:2:2:2::1 /64

AR

HA – Home Agent AR – Access Router

CN – Correspondent Node MN – Mobile Node

Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

Mobile Node is at home


CN 2001:2:2:2::1 /64

HA

MIPv6 – MN Roaming

MN 2001:1:1:1::2 /64

AR



Internet

?

2001:3:3:3:: /64

2001:1:1:1:: /64

MN moves to foreign network

25


CN 2001:2:2:2::1 /64

HA

MIPv6 – MN Dynamic Addressing

AR



Internet

?

2001:3:3:3:: /64

Prefix

MN receives new prefix on foreign network

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

26


MN auto configures prefix as CoA

CN 2001:2:2:2::1 /64

HA

MIPv6 – MN CoA

AR



CoA – Care of Address

Internet

?

2001:3:3:3:: /64

CoA: 2001:3:3:3::2 /64

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

27


CN 2001:2:2:2::1 /64

HA

MIPv6 – MN Binding

AR



CoA – Care of Address BU – Binding Update

Internet

?

2001:3:3:3:: /64

BU

MN sends BU to HA with CoA

CoA: 2001:3:3:3::2 /64

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

28


CN 2001:2:2:2::1 /64

MIPv6 – HA Binding Acknowledgment

AR




BA – Binding Acknowledgement DAD – Duplicate Address Discovery

NS – Neighbor Solicitation

Internet

?

2001:3:3:3:: /64

BA

HA acknowledges BU back to MN

CoA: 2001:3:3:3::2 /64

DAD

HA

HA sends NS with the Home Address of the MN

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

29


CN 2001:2:2:2::1 /64

HA

MIPv6 – HA Binding Cache

AR





NS – Neighbor Solicitation BC – Binding Cache

Internet 2001:3:3:3:: /64

BINDING CACHE

HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes

HA creates BC for MN to tunnel packets

CoA: 2001:3:3:3::2 /64

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

30


CN 2001:2:2:2::1 /64

HA

MIPv6 – CN to MN Traffic

AR Internet 2001:3:3:3:: /64

2001:2:2:2::1 2001:1:1:1::2 DATA

BINDING CACHE

HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes






CN sends ping to MN (2001:1:1:1::2 /64)

CoA: 2001:3:3:3::2 /64

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

31


AR Internet 2001:3:3:3:: /64

CN 2001:2:2:2::1 /64

MIPv6 – HA to MN Tunneling

HA

BINDING CACHE

HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes






HA Encapsulates and forwards ping to CoA

CoA: 2001:3:3:3::2 /64

2001:1:1:1:: /64

MN 2001:1:1:1::2 /64

32

2001:2:2:2::1 2001:1:1:1::2 DATA 2001:1:1:1::1 2001:3:3:3::2

ENCAPSULATION


MIPv6 allows MN to detect and securely optimize route to CN

MIPv6 – Route Optimization

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

HA

CoA: 2001:3:3:3::2 /64






HoTi – Home Test Init CoTi – Care-of Test Init

CN 2001:2:2:2::1 /64

MN 2001:1:1:1::2 /64

Optimal Route

Sub-Optimal Route

33


MN initiates return routability test

MN sends HoTi packet through HA

and CoTi directly to CN

CN 2001:2:2:2::1 /64

MIPv6 – Return Routability Test – Step 1

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

HA

CoTi CoA: 2001:3:3:3::2 /64






HoTi – Home Test Init CoTi – Care-of Test Init

HoTi

MN 2001:1:1:1::2 /64

HoTi

34


CN replies to HoTi/CoTi by sending key split between HoT and CoT messages

MIPv6 – Return Routability Test – Step 2

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

CoA: 2001:3:3:3::2 /64





NS – Neighbor Solicitation BC – Binding Cache HoT – Home Test

CoT – Care-of Test

MN 2001:1:1:1::2 /64

HoT

CoT

HA

HoT

CN 2001:2:2:2::1 /64

35


MN sends BU to CN signed with key assembled from HoT/CoT messages

CN 2001:2:2:2::1 /64

MIPv6 – Return Routability - Completed

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

HA

BU CoA: 2001:3:3:3::2 /64





NS – Neighbor Solicitation BC – Binding Cache HoT – Home Test

CoT – Care-of Test

MN 2001:1:1:1::2 /64

36


MIPv6 – CN Binding Acknowledgement

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

HA

CN 2001:2:2:2::1 /64 BA

CN acknowledges BU with BA back to MN

CoA: 2001:3:3:3::2 /64






MN 2001:1:1:1::2 /64

37


CN 2001:2:2:2::1 /64

MIPv6 – Home Address Option

AR Internet

2001:1:1:1:: /64

2001:3:3:3:: /64

HA

MN sends packet to CN with HAddr option

CoA: 2001:3:3:3::2 /64 2001:2:2:2::1 2001:3:3:3::2 DATA 2001:1:1:1::2

HAddr

CN process packet by replacing SA with HAddr

before sending to upper layers






HAddr – Home Address

MN 2001:1:1:1::2 /64

38


Mobile IPv6 Registration

IPinIP

Bi-directional Tunnel

39

MN Access Router HA1 CN

Acquired IP address

on the visit network

(used as Care-of-Addr)

Use HA anycast

address

Use the 1st HA address

Create HA Cache

Data Traffic

Create Binding Cache

Data Traffic

RS

RA

DHAAD Request

DHAAD Reply (home agent list)

Binding Update (BU)

Binding Ack. (BA)


What is Proxy Mobile IPv6?

This network based mobility solution

Mobile node is not aware when it moves to a new access “link”/ access router (i.e. home network emulation)

Re-use of Mobile IPv6 protocol, though signaling and tunneling between access router and anchor router

Enhancements for signaling between access router and anchor router to support many mobile nodes

Enhancements for signaling for access routers to support mobile node moving between them (e.g. message sequencing)

40


PMIPv6: IPv6 Domain Join sequence

41

AAA CN MN

AAA Request (MN-Identifier,…) Access to a new IP Link

MAG1 LMA

AAA Response (MN authorization, MN-ID acquisition…)

MN attached

event

PBU (MN-ID1, MAG1…) Router Solicitation (IPv6 prefix)

LMA adds entry to BC

ID Prefix MAG

(Proxy-COA)

MN-ID1 Pref1::/64 MAG1

PBA (MN-ID1, MAG1, Pref1::/64…)

1

2

3 4

5

6

LMA Sets up a Bidir. Tunnel 7

Router Advertisement (Pref1::/64) 8

Hold by MAG1

IPv6 header (src=Proxy-COA, dst=LMA_ADDR) IPv6 header (src=MN_ADDR, dst=CN_ADDR)

IPv6 header (src=LMA_ADDR, dst=Proxy-COA) IPv6 header (src=CN_ADDR, dst=MN_ADDR)

Mobile Profile Retrieval


Simple handoff from one MAG to the other MAG, over the same MN interface. This handoff will update an existing mobility session.

MAG1 MAG2

LMA

Before: Wi-Fi

After: Wi-Fi

MAG1

MAG2 LMA

Before: Wi-Fi

After: 4G

Inter-technology handoff from one MN interface to a different MN interface. This handoff will update an existing mobility session

Handoffs should be fully transparent

A note on Handoffs

42

GTP


3GPP System Logical Architecture

44

Gf

Uu

Um

D

Gn

Iu

Gc

C E

Gp

Gs

Signalling and Data Transfer Interface

Signalling Interface

MSC/VLR

TE MT UTRA N TE PDN

Gr Iu

HLR

Other PLMN

SGSN

GGSN

Gd

SM-SC SMS-GMSC

SMS- IWMSC

GGSN

EIR SGSN

Gn CGF

Ga

Billing

System

Gb

TE MT BSS

R

A

R

CA MEL GSM

SCF

Ge

Ga

Gi

PLMN=Public Land Mobile Network


3GPP R7 System Packet Core

45

NodeB

SGSN RNC Iu-PS

UE

PCRF

MAP

HLR

3G GGSN

Gn

L2

RLC

PDCP

WCDMA

IP

Direct Tunnel allows

SGSN to remove itself

from data plane.

Mobility controlled by

SGSN

MAC-

HS

MAC

RLC

PDCP

WCDMA

MAC-

HS

MAC

UDP

GTP-U

L1

IP

L2

UDP

GTP-U

L1

IP

IP

USER PLANE

Gn Gx

SGSN

PCRF

MAP

HLR

3G GGSN

Gn Gx

SGSN

Gn

MAP

L2

UDP

GTP-C

L1

IP

L2

UDP

GTP-C

L1

IP

CONTROL PLANE


3GPP R8 System Packet Core

46

eNodeB

MME

S1-MME

UE

PCRF

S6a HSS

SGW

S1-U

USER PLANE

S5/S8

Gx

MME

PCRF

DIAMETER HSS

SGW

GTPv2

Gx

L2

UDP

GTP-C

L1

IP

L2

UDP

GTP-C

L1

IP

CONTROL PLANE

PGW

S11

IP

L1

L2

IP (user)

IP

UDP

GTP-U

L1

L2 MAC

RLC

PDCP

OFDMA

IP (user)

MAC

RLC

PDCP

OFDMA

IP

UDP

GTP-U

L1

L2

IP

UDP

GTP-U

L1

L2

PMIP S1-U

36.414 GRE GRE UDP

PMIP GTP-U S5/S8

29.274

(GTP)

-

29.275

(PMIPv6)

SGW

PGW GTPv2

L2

UDP

GTP-C

L1

IP


GTP Mobility

47

RNC

3G SGSN

GGSN

NodeB

1. 3GPP Direct Tunnel

2. 3GPP LTE/EPC

NodeB

RNC

MME

SGW

NodeB

NodeB

RNC

MME

SGW

PGW

Zero Packet Lost

Traffic Forwarding


3GPP Pre-R8 Mobility

48

Decision to Move

Old RNC New RNC Old SGSN GGSN NodeB UE New SGSN GTP-U Tunnel

Relocation Request

Relocation Request

Relocation Request

Radio Bearer Establishment

Tunnel Downlink

Relocation Procedure to move to NEW RNC and SGSN

Update PDP Context Request

GTP-U Tunnel

Update PDP Context Response Release of Resources OLD

1) User moves to a new

RNC

2) Forward downlink

traffic between Source

and Target RNC done

before GTP-U is

updated

3) Duplicated traffic

handled by Target RNC

4) Once GTP-U tunnel is

modified Resources in

source RNC are

removed


GTP Tunnel Management Messages

49

Update Session

Delete Session

Create Session

• Create PDP Context Request/Response

(GTPv1)

• Create Session Request/Response

(GTPv2)

• Create Bearer Request/Response

(GTPv2)

• Bearer Setup Request/Response

(GTPv2)

• Delete PDP Context Request/Response (GTPv1)

• Delete Session Request/Response (GTPv2)

• Delete Bearer Request/Response (GTPv2)

• Update PDP Context Request/Response

(GTPv1)

• Update Bearer Request/Response (GTPv2)


Important IEs in the Create PDP Context Request

IMSI, MSISDN, End User Address, Access Point Name (not needed for secondary PDPs)

Tunnel Endpoint Identifier Data I

Tunnel Endpoint Identifier Control Plane

NSAPI, linked NSAPIs (for secondary PDP contexts; linked to the primary NSAPI)

SGSN address (signaling, data traffic)

QoS Profile

Protocol Configuration Options (sent transparently from MS to GGSN e.g. user name, password etc.)

50

SCTP


Application

Socket API

Transport

Network

Link

SMTP, HTTP, etc.

TCP, UDP, SCTP, MPTCP

IPv4, IPv6, MIP, LISP

Ethernet, 3G, WiFi

Transport Layers

52


Transport Layer Developments

SCTP: Stream Control Transmission Protocol

– Cisco-initiated, first standardized in IETF in 2000, now rising interest

– Significant performance improvements over TCP for transport

– Two mobility mechanisms introduced multihoming and multipathing

MPTCP: Multipath TCP

– Since 2008

– Useful ideas and algorithms, particularly multipath congestion management

Minions

53


Connection Initiation of TCP and SCTP

TCP prone to SYN packet flood (denial of service attack).

SCTP protects against this type of attack by 4-way handshake and introduction of cookie.

Data is allowed to move in cookie-echo and cookie-ack packets

54

HTTP GET

HTTP GET HTTP GET


SCTP Call Flow

The association establishment in SCTP, uses the four-way handshake.

During association startup, a list of transport addresses (i.e. IP address-port -pairs) is provided between the communicating entities.

The ADDIP extension used in mSCTP supports dynamic address reconfiguration.

55


SCTP: Multi-Streaming

56

Lost

Packet

SCTP

Association

TCP Connection

Stream 0

Stream 1

Stream 2

Lost

Packet Data packets blocked by

packet loss ahead. HOL

occurs on the entire

connection

Data packets in stream 0

blocked by packet loss

ahead. HOL occurs only

on stream 0


What is LISP

58

Locator and ID Separation Protocol

© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public 59

LISP creates “Level of Indirection” with ID and Locator through Dynamic Mapping


Internet

Device IPv4 or IPv6

address represents

identity and location

1.1.1.1

What do we mean by “Location” and “ID”

60


Internet

Today’s Internet Behavior

Loc/ID “overloaded” semantic

1.1.1.1 Device IPv4 or IPv6

address represents



61


Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2

When the device moves, it gets

a new IPv4 or IPv6 address for

its new identity and location


62


LISP Behavior

Loc/ID “split” Internet

1.1.1.1

Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2





63


Device IPv4 or IPv6

address represents

identity only.

LISP Behavior


1.1.1.1

Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2





64


Device IPv4 or IPv6

address represents

identity only.

LISP Behavior


3.3.3.3 1.1.1.1

Its location is here!

Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2





65


Device IPv4 or IPv6

address represents

identity only.

LISP Behavior


3.3.3.3 4.4.4.4

1.1.1.1

1.1.1.1

Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2





66


Device IPv4 or IPv6

address represents

identity only.

When the device moves, keeps

its IPv4 or IPv6 address.

It has the same identity

LISP Behavior


3.3.3.3 4.4.4.4

Only the location changes

Internet

Device IPv4 or IPv6

address represents




1.1.1.1

2.2.2.2




1.1.1.1

1.1.1.1


67


Roaming Control Plane

68

Map-Resolver

LISP-ALT LISP-ALT

LISP-ALT LISP-ALT

Map-Server

Map-Resolver Map-Resolver

EID: 153.16.2.1 EID: 153.16.3.1

3.3.3.3 -> 65.1.1.1 LISP AH Map-Register

153.16.1.1 -> (3.3.3.3, 4.4.4.4)

153.16.1.0./24

EID: 153.16.1.1

Legend:

EIDs -> Green, RLOCs -> Red

3G network -> 3.0.0.0/8

4G network -> 4.0.0.0/8

BGP-over-GRE

Map-Register

BGP update

65.1.1.1

(1) No matter where MN3 roams, MN1 and MN2 can find it’s locator by using the database mapping system.

MN1 MN2

(2) Only the Map-Server will store 153.16.1.1/32 state with the latest set of RLOCs.

(3) Data always travels on shortest path to and from MN.

MN3


Roaming Data Plane

69

Map-Cache entry:

EID-prefix: 153.16.1.1/32

RLOC-set:

4.4.4.4, priority: 1, weight: 50


DNS entry: mn.abc.com A 153.16.1.1

Provider A 1.0.0.0/8

Provider B 2.0.0.0/8

S

ITR

ITR

4G Provider 4.0.0.0/8

S1

S2

LISP EID-prefix 10.0.0.0/8

Legend: EIDs -> Green, Locators -> Red

EID: 153.16.1.1

3.3.3.3

4.4.4.4

WiFi Provider 5.0.0.0/8

EID: 153.16.1.1

4.4.4.4

5.5.5.5

MN roams, stays multi-homed and TCP connection does not reset

Map-Cache entry:

EID-prefix: 153.16.1.1/32

RLOC-set:



10.0.0.1 -> 153.16.1.1

1.0.0.1 -> 4.4.4.4 10.0.0.1 -> 153.16.1.1

3G Provider 3.0.0.0/8

10.0.0.1 -> 153.16.1.1

1.0.0.1 -> 5.5.5.5

CAPWAPP


LWAPP

Centralized Wireless LAN Architecture LWAPP Protocol

LWAPP - Light Weight Access Point Protocol is used between APs and WLAN Controller

LWAPP carries control and data traffic between the two

– Control plane is AES-CCM encrypted, Authentication by X.509 Cert.

– Data plane is not encrypted

It facilitates centralized management and automated configuration

Open, standards-based protocol (Submitted to IETF CAPWAP WG)

71

Access Point Controller

WiFi Client

Business Application

Control Plane

Data Plane

Client

X.509

Certificate

Server

X.509

Certificate


Division of Labor—Split MAC

72

LWAPP Tunnel

Lightweight

Access Point

WLAN

Controller

Ingress/Egress point from/to

switched/routed wired

network (802.1Q trunk)

Switched/routed wired network

Control messages

Data encapsulation

Real-time 802.11/MAC functionality:

• Beacon Generation

• Probe Response

• Power management/Packet buffering

• 802.11e/WMM scheduling, queueing

• MAC layer data encryption/decryption

• 802.11 control messages

Data encapsulation/de-encapsulation

Fragmentation/De-fragmentation

Non real-time 802.11/MAC functionality:

• Assoc/Disassoc/Reassoc

• 802.11e/WMM resource reservation

• 802.1X/EAP

• Key management

802.11 Distribution services

Wired/Wireless Integration services


Division of Labor—Split MAC Illustrated

802.11 Beacon

Probe Request

Probe is Processed by

the AP and forwarded to

the controller

Probe

Response

802.11 Authentication/

Association

Add Mobile

(Cleartext, 802.1X Only)

802.1X Authentication & 802.11i

Key Exchange

Add Mobile (AES-CCMP, PTK)

802.11 Action Frames

802.11 Data

Encryption/Decryption of

RF Packets handled at

the AP

LWAPP Tunnel

73


Intra-Controller Roaming

Intra-Controller roam happens when an MN moves association between APs joined to the same controller

Client must be re-authenticated and new security session established

Controller updates client database entry with new AP and appropriate security context

No IP address refresh needed

74


Layer-2 Roaming—Inter-Controller

75


Client database entry moved to new controller


L2 Inter-Controller roam happens when a MN moves association between APs joined to the different controllers but client traffic bridged onto the same subnet


Layer-3 Roaming—Inter-Controller

76

L3 Inter-Controller roam happens when an MN moves association between APs joined to the different controllers but client traffic bridged onto different subnet


Client database entry copied to new controller

Original controller tagged as the “Anchor”

New controller tagged as the “Foreign”


Asymmetric traffic path established


Layer-3 Roaming—Symetric Roaming

77

Foreign controllers will send Layer 3 roaming client’s packet back to its anchor controller through EtherIP tunneling

Source IP address of the packet will be the foreign controller’s management IP address

Upstream routers that have Reverse Path Forwarding (RPF) will forward on packets

Configurable option in software release 4.1

MOBIKE


Maintaining a VPN session with Mobike

79

Internet

Node A

Local Area Network Network A

MOBIKE

Gateway

Local IP 10.1.1.1

VPN IP 192.168.1.50 192.168.1.1 10.1.1.100

Bearer Traffic

Outer Source IP Outer Destination IP Inner Source IP Inner Destination IP

10.1.1.1 10.1.1.100 192.168.1.50 192.168.1.5 Node A

Local IP 10.2.1.1

VPN IP 192.168.1.50 Bearer Traffic


10.2.1.1 10.1.1.100 192.168.1.50 192.168.1.5

Move


Mobike Call Flow

80

Internet

Node A MOBIKE

Gateway

Local IP 10.1.1.1

VPN IP 192.168.1.50 192.168.1.1 10.1.1.100

Bearer Traffic


10.1.1.1 10.1.1.100 192.168.1.50 192.168.1.5 Node A

Local IP 10.2.1.1

VPN IP 192.168.1.50

Bearer Traffic


10.2.1.1 10.1.1.100 192.168.1.50 192.168.1.5

INFORMATIONAL request

(UPDATE_SA_ADDRESS)

Source IP = 10.2.1.1 Destination IP=10.1.1.100 INFORMATIONAL response

Source IP = 10.1.1.100 Destination IP=10.2.1.1

Move

Application Layer Mobility


Webex SSL reconnect

82


Webex SSL reconnect

83


Video Adaptive Bit Rate Solutions

Apple HLS ( HTTP Live Streaming )

MS Silverlight

– MediaElement.BufferingTime defaults to 5 seconds

– smooth HD

Adobe Flash

– Zeri engine

MPEG DASH ( Dynamic Adaptive Streaming over HTTP )

84

The Service Provider Model


3GPP Based Small Cell MNO Integration Trusted Non-3GPP Access

86

Swm SP WiFi

Access:

Trusted

WLAN

Access GW

“TWAG”

STa

SP Wi-Fi Access

Network

Conventional MNO

HSS MME

GERAN

UTRAN

E-UTRAN IP

Services

Serving

Gateway PDN

Gateway

3GPP

AAA PCRF

S2a

S5 S1

S6a

Gx

Swx

Device

Integrated EPC

Subscriber Control

And Services

SP WiFi as Trusted

Non-3GPP Access

Integrated Mobility

IFOM behaviours ?

Single IP across

Different RATs

IP

Mobility Protocol Comparison


Protocol Comparison Criterias

88

Session initialization overhead / complexity

Session Persistency efficiency

Handover signalisation change

Optimized route

Security

•Initial Authentication

•Man in the middle attacks

•Privacy

Multipath / multilink support

Policy Control

The transition mechanisms from today to tomorrow

•Deployability

•Business models

Analysis Criteria


Handover Packet Loss

89

The two causes for packet loss are:

• A physical layer change disrupting layer 1 communication

• change of a radio frequency

• A logical mismatch between a MN and a CN

• time to acquire a new IP address, if no other available

•change of a tunnel endpoint IP address and duration to logically rebuild the tunnel

• propagation time for the update message to reach the other side

Single versus multiple bearers

• Packet loss is unavoidable when using a single bearer due to physics change

• Buffering and forwarding buffered packets is the only choice

• Using multiple bearers can allow zero packet loss if anticipating layer 2 disruptions

L2

Network Access Authentication Movement Detection

Data Packets Data Packets

New Address Configuration

& Follow up Movement

detection Mobility

Signaling


Handover signaling plane performance & security

Register a new location IP address : ~ All solutions equivalent GTP : Update PDP Context

MIPv4: RRQ

MIPv6: BU

PMIPv6 : PBU

SCTP: Add address

Multipath TCP: Add address

Secure the registration of a new IP address : Network solutions more secure GTP : secure since originated by a network device

MIPv4: weak authentication ( based on HMAC-MD5 hash )

MIPv6: based on IPv6 IPSEC between MN and HA ( requires 3 RT packet exchange )

SCTP: requires security, RFC negates shared key and negotiated key. Private/Public key best.

Multipath TCP: requires some security, mechanisms open

LISP MN : requires security, mechanism open

90


CN MN

Anchoring Point

Optimized Routing Not available in network based solutions

91

Infrastructure

Traffic flow without RO

Traffic flow with RO


Mobility Updates Security Options

Network based solutions :

– User Network Authentication is the key and then messages are exchanged between trusted entities:

Application level solutions:

– Shared keys : impossible on internet scale

– Negotiatiated keys at session initiation – Can be spoofed ( as specified in SCTP RFC )

– PKI – Requires both MN and CN to support the algorythms

– Only MN needs a private / public key pair

92


Mobility & Location Privacy

End2End mobility allows a CN to know of any IP address change from the MN.

IP addresses can be used to know your location:

“netstat –on” gives the peers you communicate with

http://whatismyipaddress.com/

93


Multipath

User definable policies to route traffic to a specific mobile path (direct or tunnel based on solution)

Application classification based on port number, DSCP, protocol type, IP addresses

Flow routing policies must match on both sides

94

High speed link

MAG or ITR

int3

C

D

C

Vi

Vo

D

Vo

Routing

Policy

Vi

Routing

Policy

Vi

C

D

Vo C

int1 Low latency link

Reliable link MAG or ITR

MAG or ITR

int2

Protect business important application

Better application performance

Control wireless cost


Parameters for Multipath

95

Interface / IP route availibility : based on layer 2 / 3

Available bandwith theoretical ( based on layer 2 )

Path management ( based on layer 4 ) :

Available

Congested

Broken

Application flow split ( signalling versus data or multiple data channels )

Application dynamic adjustment: codec adaptation


IP Policy Management

96

Connection Manager

Methods : 802. 1x / EAP / WISPR / propriatary

Port Managers

Network Persistency

Manager

WiFi

PM

Port

3G

PM

Port

CDMA

PM

Port

WiMAX

PM

Port

Satellite

PM

Port

Ethernet

PM

Port

Sate

llit

e

WiF

i IP

3G

IP

CD

MA

IP

WiM

AX

IP

Sate

llit

e

IP

Eth

ern

et

IP

Policy Client

(ANDSF)

+

Geoloc Services

(MSE)

NP & RO Interfaces

Eth

ern

et

CD

MA

WiM

AX

WiF

i

3G

L3 Mobility Protocol – Mobile IP

L3 Mobility Protocol – SSL

L3 Mobility Protocol - ???

Local Applications / Endpoint

NP Virtual Interface

Local Sensors Admin Tools

Ingress Interfaces

Mobile Apps

Satellite

Ethernet

CDMA

WiMAX

WiFi

3G Connection

Policies

Application

Routing

Policies

Connection P

rofile

s

WiF

i W

iFi IP

Eth

ern

et

IP

Eth

ern

et

MR Ingress Interfaces

Routing Manager

WiFi

PM

Port Port

Roaming Interfaces

Identities

User/pwd

SIM

Certs

Path Manager SCTP API

Path

Management

Policies

Summary


Protocol Comparison Criterias

98

Session initialization overhead / complexity ~ Equivalent

Session Persistency efficiency

Handover signalisation change

Performance is ~equivalent for all

Scale differs between Layer 3 solutions and Upper layer

Optimized route Strength of LISP and transport solutions

Security and scale concerns

Security

•Initial Authentication

•Man in the middle attacks

•Privacy

Possible solutions for all

Scale concerns with 1 to many security associations : PKI

Multipath / multilink support

Policy Control Strong dependency on device support

The transition mechanisms from today to tomorrow

•Deployability

•Business models

Layer 3 solutions possible as of today in SP with GTP / PMIP correlation

PMIP and LISP in ENT – still need enhancements.

ENT can use CAPWAPP today for most needs

Analysis Criteria Proposals


Maximize your Cisco Live experience with your

free Cisco Live 365 account. Download session

PDFs, view sessions on-demand and participate in

live activities throughout the year. Click the Enter

Cisco Live 365 button in your Cisco Live portal to

log in.

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Cisco Daily Challenge points for each session evaluation you complete.

Complete your session evaluation online now through either the mobile app or internet kiosk stations.

99

Documents

IP Mobility Technologies - …d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/BRKRST-2370.pdfAn overview of Mobility use cases will be given and ... Global Mobile Data Traffic Forecast