ch26-Limitation-of-Basic-Mobile-IP-移动IP技术-教学课件.ppt

1、Limitation of Basic Mobile IPLimitation of Basic Mobile IP Mobile IP supports mobility across both homogeneous and heterogeneous systems.It is well suited for macro mobility management,but less suited for micro mobility management.Limitation of Basic Mobile IP Non-optimal routing all packets are rou

2、ted to Home Agent Handoffs no provisions for forwarding in-flight datagrams are lost Security and QoSLimitation 1IETF Route Optimization Triangular routing problem Packets sent from a CN to an MN are first intercepted by the HA and then tunneled to the MN.However,packets from the MN are sent directl

3、y to the CN.This triangular routing problem results in communication routes significantly longer than the optimal routes and introduces extra delay for packet delivery.Optimal Routing allows corresponding nodes to keep care-of address bindings CN-MN routing can then be optimal problem:how to update

4、CNs Cannot register with all CNsLimitation 2Handoff Management in MIP When an MN moves from one subnet to another,the handoff procedure is carried out by the following steps:The MN obtains a new CoA when it enters a new subnet.The MN registers the new CoA with its HA.The HA sets up a new tunnel up t

5、o the end point of the new CoA and removes the tunnel to the old CoA.Once the new tunnel is set up,the HA tunnels packets destined to the MN using the MNs new CoA.Handoff datagrams are lost When an MN moves from one subnet to another,the new FA cannot inform the old FA about the movement of the MN.H

6、ence,packets already tunneled to the old CoA and in flight are lost.Registration follows direct or indirect procedures Forwarding allows FAs to forward datagrams to MNs that have moved In-flight datagrams old FA has no forwarding information datagrams are lostMobile IP is not a satisfactory solution

7、 for highly mobile users Mobile IP requires an MN to send a location update to its HA whenever it moves from one subnet to another.This location registration is required even though the MN does not communicate with others while moving.The signaling cost associated with location updates may become ve

8、ry significant as the number of MNs increases.Moreover,if the distance between the visited network and the home network is large,the signaling delay is long.Limitation 3Security and QoSn Security authentication with FA problematic,for the FA typically belongs to another organization no protocol for

9、key management and key distribution has been standardized in the Internet patent and export restrictionsn Firewalls typically mobile IP cannot be used together with firewalls,special setups are needed(such as reverse tunneling)Security and QoSn QoS many new reservations in case of RSVP tunneling mak

10、es it hard to give a flow of packets a special treatment needed for the QoSn Security,firewalls,QoS etc.are topics of current research and discussions!MIP扩展1 Low Latency Handoffs in Mobile IPv4 RFC 48812 Mobile IPv4 Fast Handovers RFC 4988 3 Mobile IP Paging rfc3132 rfc3154 4 Mobile IPv4 Regional Re

11、gistration RFC 48575 Mobile IPv4 Dynamic Home Agent(HA)Assignment rfc4433 6 WiMAX Forum/3GPP2 Proxy Mobile IPv4 rfc5563 draft-leung-mip4-proxy-mode-107 Mobile IPv4 Traversal Across NAT and VPN Gateways RFC3519 and RFC52658 Overview of the GPRS logical architectureOther ExtensionsSrisuresh,P.and M.Ho

12、ldrege,IP Network Address Translator(NAT)Terminology and Considerations,RFC 2663,August 1999.Srisuresh,P.and K.Egevang,Traditional IP Network Address Translator(Traditional NAT),RFC 3022,January 2001.rfc3519 Mobile IP Traversal of Network Address Translation(NAT)Devices 2003Ferguson,P.and D.Senie,Ne

13、twork Ingress Filtering:Defeating Denial of Service Attacks which employ IP Source Address Spoofing,BCP 38,RFC 2827,May 2000.(Obsoletes:2267)Montenegro,G.,Reverse Tunneling for Mobile IP,revised,RFC 3024,January 2001.(Obsoletes:2344)rfc2356 Sun SKIP Firewall Traversal for Mobile IP 1998rfc4093 Probl

14、em Statement Mobile IPv4 Traversal of Virtual Private Network(VPN)Gatewaysdraft-ietf-mobileip-vpn-problem-solution-04 Mobile IPv4 Traversal Across IPsec-based VPN Gateways 2007.111.Low Latency Handoffs in Mobile IPv4 RFC 4881Figure 1.Event sequencing during link switch and IP handover.A link layer p

15、rehandover notification eventA link layer link down eventA link layer link up eventAn IP layer movement detected eventAn IP layer routing changed eventLEPNA link layer prehandover notification event notifying one of the participants in the handover that a handover is pending.LELDA link layer link do

16、wn event notifying one of the participants in the handover that the Mobile Nodes link to the old Access Point has been severed.LELUA link layer link up event notifying one of the participants in the handover that the Mobile Nodes link to the new Access Point is sufficiently established for IP(networ

17、k)layer traffic.NEMDAn IP layer movement detected event notifying one of the participants in the handover that the Mobile Node has changed IP subnets and therefore must register with the new Foreign Agent and re-register a new care of address with the Home Agent.NERCAn IP layer routing changed event

18、 notifying one of the participants in the handover that registration with the new Foreign Agent and Home Agent is complete,and that therefore the Mobile Nodes routing has been changed tothe new subnet.4.4.3 Low Latency Handoffs in Mobile IPv4 rfc4881 receives an Agent Advertisement periodically from

19、 a Foreign Agent of the new subnet.mobile device can only initiates the network-layer handover.MIPv4 has been designed without assuming any interaction between link and network layers.Two objectives of Low Latency Handoffs1 Interaction between link and network layers is achieved via link-layer trigg

20、ers via event notifications from the link layer to the network layer.Link-layer triggers serve to initiate the network-layer handover before the link-layer handover2 Establishing a bi-directional tunnel between previous and new FA outage period is reduced4.4.3.1 Pre-Registration Handover Method upda

21、te of the data path at the Home Agent before the actual link-layer handover may be mobile-initiated or network-initiated.mobile-initiatedLink-layer trigger at mobile devicenetwork-initiatedlink-layer trigger occurs at the current FAnetwork-initiatedlink-layer trigger occurs at the new FAregisters wi

22、th its HAL2 trigger contain an identifier of the new point of attachment,the new subnet or the new FA.current FA requests Agent Advertisement of the new FA by sending a PrRtSol to the new FA.Router Solicitation for Proxy Advertisement(RtSolPr)Proxy Router Advertisement(PrRtAdv)4.4.3.2 Post-Registrat

23、ion Handover MethodBidirectional Edge Tunnel(BET)nThe name post-registration handover method is puzzling because this method is triggered before connectivity to the current FA is lost.nWhen the current FA receives a link-down trigger,it starts tunnelling packets to the previously established BETPost

24、-registration process:two-and three-partyL2-MT-An L2 trigger that occurs at the MN,informing of movement to a certain nFA(Mobile Trigger).L2-ST or source trigger-An L2 trigger that occurs at oFA,informing the oFA that L2 handoff is about to occur.L2-TT or target trigger-An L2 trigger that occurs at

25、nFA,informing the nFA that an MN is about to be handed off to nFA.L2-LU-An L2 trigger that occurs at the MN or nFA,informing that the L2 link between MN and nFA is established.L2-LD-An L2 trigger that occurs at the oFA,informing the oFA that the L2 link between MN and oFA is lost.HRqst Handoff Reque

26、st HRply Handoff Reply HTT Handoff to Third 2 Mobile IPv4 Fast HandoversRFC 4988Overview adapts the fast handover specification rfc4068 to IPv4 networks.Koodli,R.,Ed.,Fast Handovers for Mobile IPv6,RFC 4068,July 2005.The protocol avoids the delay due to movement detection and IP configuration and di

27、sengages Mobile IP registration delay from the time-critical path.使脱离,使松开 TerminologyMobile Node(MN):A Mobile IPv4 host.Access Point(AP):A Layer 2 device connected to an IP subnet that offers wireless connectivity to an MN.An Access Point Identifier(AP-ID)refers to the APs L2 address.Sometimes,AP-ID

28、 is also referred to as a Base Station Subsystem ID(BSSID).Access Router(AR):The MNs default router.Previous Access Router(PAR):The MNs default router prior to its handover.New Access Router(NAR):The MNs default router subsequent to its handover.Previous CoA(PCoA):The IP address of the MN valid on P

29、ARs subnet.New CoA(NCoA):The MNs Care-of Address valid on NARs subnet.Handover:A process of terminating existing connectivity and obtaining new IP connectivity.(AP-ID,AR-Info)tuple:Contains an access routers L2 and IP addresses,and the prefix valid on the interface to which the Access Point(identifi

30、ed by AP-ID)is attached.The triplet Routers L2 address,Routers IP address,Prefix is called AR-Info.Figure 1:Predictive Fast Handover MN PAR NAR|-RtSolPr-|-HI-|-HAck-|disconnect forward|packets=|connect|-FBU-|forward|packets=|Reg.Request|-|Reg.Request|-|Reg.Request|-|Reg.Request|-|-|Reg.Reply|Reg.Rep

31、ly|Reg.Reply|-|Reg.Reply|-|Registration Reply|-|Registration Reply|-|-|Regional Registration Req.|-|Regional Registration Req.|-|-|Regional Registration Reply|Regional Registration Reply|Regional Reg.Reply|-|Regional Reg.Reply|-|-|Regional Registration Req.|-|Regional Registration Req.|-|-|Regional

32、Registration Reply|Regional Registration Reply|Regional Reg.Reply|-|Regional Reg.Reply|-|-|-|Figure 3:Regional Registration Figure 3:Regional Registration1.MN1.MN移动到移动到FAFA的覆盖范围时的注册过程的覆盖范围时的注册过程代理广播注册请求注册回复2.注册完成后隧道的建立注册完成后隧道的建立 注册完成后建立两条隧道：HAHFA、HFAFA，两条隧道通过HA、HFA和FA上四个虚拟接口连接完成 3.MN与与HA通信时数据包走过的路径通

33、信时数据包走过的路径MNHAMN发送的数据包eth1（FA）TUNL0（FA）TUNL0（HFA）TUNL1（HFA）TUNL0（HA）eth0（HA）HAMNHA发送的数据包TUNL0（HA）TUNL1（HFA）TUNL0（HFA）TUNL0（FA）eth1（FA）MNDynamic GFA Assignment The visited network(i.e.,the FA)indicates support for dynamic GFA assignment The MN requests a dynamically assigned GFA Upon receiving this R

34、egistration Request,the FA relays it to the appropriate GFA,and the GFA assigns its address to the MN by means of a GFA IP Address extension added to the Registration Request5 Dynamic Home Agent Discovery in Mobile IPv4 RFC4433Mobile IPv4 1 specifies the mechanism for discovering the mobile nodes ho

35、me agent using subnet-directed broadcast IP address in the home agent field of the Registration Request.This mechanism was designed for mobile nodes with a static home address and subnet prefix,anchored on fixed home network.However,using subnet-directed broadcast as the destination IP address of th

36、e Registration Request,it is unlikely that the Registration Request will reach the home subnet because routers will drop these packets by default.See CERT Advisory CA-1998-01 Smurf IP Denial-of-Service Attacks 3.1 Perkins,C.,IP Mobility Support for IPv4,RFC 3344,August 2002.3 Senie,D.,Changing the D

37、efault for Directed Broadcasts in Routers,BCP 34,RFC 2644,August 1999.Mobile IPv4 Dynamic Home Agent(HA)AssignmentThe Mobile IPv4 NAI Extension for IPv4 2 introduced the concept of identifying an MN by the NAI and enabling dynamic home address assignment.2 Calhoun,P.and C.Perkins,Mobile IP Network A

38、ccess Identifier Extension for IPv4,RFC 2794,March 2000.When the home address is dynamically assigned,it is desirable to discover the home agent dynamically or inform the MN about an optimal HA to use for a multitude of reasons,such as:If the distance between the visited network and the home network

39、 of the mobile node is large,the signaling delay for these registrations may be long.In such a case,the MN will be anchored to its distant home agent,resulting in tunneled traffic traveling a long distance between home agent and the mobile node.When a Mobile IP session initiates,if the mobile node c

40、an be assigned a home agent that is close to the mobile node it can drastically reduce the latency between the home agent and mobile node.In a large-scale Mobile IP deployment,it is cumbersome to provision MNs with multiple HA addresses.It is desirable to achieve some form of load balancing between

41、multiple HAs in the network.Dynamic HA assignment and/or HA redirection lets the network select the optimal HA from among a set of HAs and thus achieve load balancing among a group of HAs.Local administrative policies.The mechanism by which the network selects an HA The selection may be made by any

42、network node that receives the Registration Request(or information about the Registration Request),such as a Foreign Agent,AAA server,or home agent.The node that selects the HA may select one based on a number of criteria,including but not limited to HA load-balancing,geographical proximity,administ

43、rative policy,etc.6 WiMAX Forum/3GPP2 Proxy Mobile IPv4 draft-leung-mip4-proxy-mode-04rfc5563WiMAX Forum/3GPP2 Proxy Mobile IPv4 there are many IPv4 devices without Mobile IPv4 capability due to various reasons.Operation systems lack support Mobility still needed for these devices These are some exa

44、mples of Proxy Mobile IPv4:1.A WLAN access point or cellular base station performs registration with the Home Agent when a mobile device is associated on the air-link.2.An access router or Foreign Agent performs registration with the Home Agent when a mobile device is detected on the network.Proxy M

45、obile IPv4 Mobile station IPv4 host without Mobile IP function Proxy Mobile IPv4 Client(PMIP Client)This network function is responsible for initiating and maintaining the proxy Mobile IPv4 registration on behalf of the mobile device.Proxy Mobility Agent(PMA)PMA is the logical entity in the network

46、that encompasses both the PMIP Client and the FA functions.The PMIP Client and the FA collocation in the Access Router constitute an integrated PMA.When the PMIP Client and the FA functions are not collocated in the Access Router,it is referred as a split PMA.Benefits Support for Unmodified Hosts Re

47、-use of Existing Home Agent Reduction of Air-link Resource Consumption Support for Heterogeneous Wireless Link Technologies Support for IPv4 and IPv6 HostProxy Registration during Initial Network Attachment +-+-+-+-+-+-+-+-+|AR/|AR/|MN|PMA|AAA|HA|MN|PMA|AAA|HA|+-+-+-+-+-+-+-+-+|1a|1b|1a|1b|Authentic

48、ation|Authentication|2|2|+-|-|+-|-|3|3|-|-+Address|PMIP|Address|PMIP|Acquisition|4|Acquisition|4|-|-+|-|-|6|6|Data Forwarding|Data Forwarding|PPP/IPCP NAS PPP/IPCP NAS AAA client AAA AAA client AAA DHCP client DHCP relay DHCP server DHCP client DHCP relay DHCP server PMIP client PMIP PMIP client PMI

49、P Figure 1:Network Connection Setup Figure 1:Network Connection Setup1a.MN run CHAP(1994)or PAP(1334)if PPP(1331)is used EAP over over foo PANA(4058)AR as the NAS1b.AR as AAA client-present its identity in the form of NAI to the network.the AAA server may download some information about the mobile d

50、evice(e.g.users profile,handset type,assigned home agent address,and other capabilities of the mobile device).2.For PPP,the PPP client sends IPCP(1332)Configure-Request to the NAS For DHCP(2131),the DHCP client sends the DHCP Discover message to the DHCP relay agent/server3.PMA sends an Proxy Regist