Mobile Internet Protocol v6 MIPv6



Similar documents
Introduction to Mobile IPv6

Mobility on IPv6 Networks

Mobile IP Part I: IPv4

Tomás P. de Miguel DIT-UPM. dit UPM

Boosting mobility performance with Multi-Path TCP

Load Balancing in Mobile IPv6 s Correspondent Networks with Mobility Agents

MOBILE VIDEO WITH MOBILE IPv6

Load Balancing in Mobile IPv6 s Correspondent Networks with Mobility Agents

IPv6 mobility and ad hoc network mobility overview report

Mobile Routing. When a host moves, its point of attachment in the network changes. This is called a handoff.

REDUCING PACKET OVERHEAD IN MOBILE IPV6

Linux Based Implementation and Performance Measurements of Dual Stack Mobile IPv6

An Active Network Based Hierarchical Mobile Internet Protocol Version 6 Framework

6 Mobility Management

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

Introducing Reliability and Load Balancing in Mobile IPv6 based Networks

IP Security. Ola Flygt Växjö University, Sweden

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

SURVEY ON MOBILITY MANAGEMENT PROTOCOLS FOR IPv6

What is HIP? A brief introduction to the Host Identity Protocol. 5. Aug Holger.Zuleger@hnet.de

IPv6 First Hop Security Protecting Your IPv6 Access Network

Mobility Management 嚴 力 行 高 雄 大 學 資 工 系

Dedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.

IPv6 Security. Scott Hogg, CCIE No Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN USA

21.4 Network Address Translation (NAT) NAT concept

Abstract. 2 Overview of mobility in WLAN. 1 Introduction

A Mobile Ad-hoc Satellite and Wireless Mesh Networking Approach for Public Safety Communications

Wireless Networks: Network Protocols/Mobile IP

SHISA: The IPv6 Mobility Framework for BSD Operating Systems

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

IPv6 associated protocols. Piers O Hanlon

Charter Text Network Design and Configuration

ETSI TS V8.9.0 ( )

IP Flow Mobility: Smart Traffic Offload for Future Wireless Networks

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

MPLS VPN in Cellular Mobile IPv6 Architectures(04##017)

Telecommunication Services Engineering (TSE) Lab. Chapter III 4G Long Term Evolution (LTE) and Evolved Packet Core (EPC)

About the Technical Reviewers

Infrastructure-less networks

Analysis of Mobile IP in Wireless LANs

ProCurve Networking IPv6 The Next Generation of Networking

Ubiquigeneous Networking

Chapter 9. IP Secure

Cost Analysis of NEMO Protocol Entities

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Mobility Management in Next Generation Networks: Analysis of Handover in Micro and Macro Mobility Protocols

Network Mobility Support Scheme on PMIPv6 Networks

BUY ONLINE AT:

F5 Silverline DDoS Protection Onboarding: Technical Note

Cisco Which VPN Solution is Right for You?

Early Binding Updates and Credit-Based Authorization A Status Update

IPv6-Only. Now? Sites. Deutscher IPv6 Kongress June 6/7, 2013 Fr ankfur t /Ger many. Holger.Zuleger@hznet.de

Securing IP Networks with Implementation of IPv6

: Interconnecting Cisco Networking Devices Part 2 v1.1

Interconnecting Cisco Networking Devices Part 2

Protocol Security Where?

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

ITL BULLETIN FOR JANUARY 2011

Threats and Security Analysis for Enhanced Secure Neighbor Discovery Protocol (SEND) of IPv6 NDP Security

Proxy Mobile IPv6-Based Handovers for VoIP Services in Wireless Heterogeneous Networks

The BANDIT Products in Virtual Private Networks

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

A Major Functionality in Next Generation Networks Using -- Mobility Management

IMPROVEMENT IN THE MOBILITY OF MOBILE IPV6 BASED MOBILE NETWORKS USING REVERSE ROUTING HEADER PROTOCOL AND FAST HANDOFF

A Novel Pathway for Portability of Networks and Handing-on between Networks

SBSCET, Firozpur (Punjab), India

IP Mobility: Mobile Networks Configuration Guide, Cisco IOS Release 15M&T

Case Study for Layer 3 Authentication and Encryption

DYNAMIC MULTIPOINT VPN HUB AND SPOKE INTRODUCTION

OPTIMUM EFFICIENT MOBILITY MANAGEMENT SCHEME FOR IPv6

TCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

IPv6 Fundamentals, Design, and Deployment

Using IPsec VPN to provide communication between offices

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

IETF IPv6 Request for Comments (RFCs) Updated

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

We Are HERE! Subne\ng

Single Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications

Mobility Management in DECT/IPv6 Networks

Advanced IPSec with GET VPN. Nadhem J. AlFardan Consulting System Engineer Cisco Systems

Internet, Part 2. 1) Session Initiating Protocol (SIP) 2) Quality of Service (QoS) support. 3) Mobility aspects (terminal vs. personal mobility)

Efficient End-to-End Mobility Support in IPv6

VPN. VPN For BIPAC 741/743GE

Transcription:

Mobile Internet Protocol v6 MIPv6 A brief introduction Holger.Zuleger@hznet.de 13-dec-2005 Holger Zuleger 1/15 > c

Defined by MIPv6 RFC3775: Mobility Support in IPv6 (June 2004) RFC3776: Using IPsec to Protect Mobile IPv6 Signaling between Mobile Nodes and Home Agents Goals of IPv6 mobility Always onipconnectivity Roaming between different L2 technologies WLAN, WiMAX, UMTS, fixed Roaming between different (sub)networ ks Huge WLAN deployments mostly use different L3 subnets Application continuity (Session persistence) Static IP Adresses for mobile nodes Mobile devices may act as servers 13-dec-2005 Holger Zuleger 2/15

Terminology Home Address (HoA) A(static) IP address out of the mobile nodes home networ k Mobile Node (MN) Could change its point of attachment while still being reachable via HoA Care of Address (CoA) The physical IP address of a MN while visiting a foreign networ k Home Agent (HA) A router on the home networ k which represents the MN while it s not attached with the home networ k Binding Association of the home address with the Care-of address of a MN Correspondent Node (CN) A peer node with which a MN is communicating. The CN may be either mobile or stationary 13-dec-2005 Holger Zuleger 3/15

Bidirectional Tunnel Mode (1) Home Networ k Home Agent CN Foreign Networ k Binding update MN MN connects to foreign networ k and gets a CoA MN sends binding update to HA Should be secured by IPsec ESP in transpor t mode HA uses proxy neighbor discovery (IPv6 equivalent of proxy ARP) to represent the MN in the home networ k Ever y traffic destined to the MN will be encapsulated in a IPv6-in-IPv6 Tunnel and send to the CoA of the MN 13-dec-2005 Holger Zuleger 4/15

Bidirectional Tunnel Mode (2) Home Networ k Home Agent CN Foreign Networ k MN Tr affic from the MN uses the same tunnel in reverse mode Results in suboptimal routing, especially if both peers are far away from the home networ k Only HA and MN have to do some special packet handling MIPv6 is completely transparent for CN 13-dec-2005 Holger Zuleger 5/15

Tr iangle Routing? Home Networ k Home Agent CN Foreign Networ k Tr affic from MN is directly send to CN MIPv4 Solution Problem: Outgoing traffic can t use the HoA as source address Anti spoofing ACLs at the foreign networ k usually prevent this Suboptimal routing anyway MIPv6 Solution: Route Optimization MN 13-dec-2005 Holger Zuleger 6/15

Route optimization (1) Home Networ k Home Agent CN Foreign Networ k Binding update MN MN sends binding update to correspondent node MN sends traffic to CN with CoA as source address This is to bypass the anti spoofing ACLs at the foreign networ k Packet contains an HoA destination option CN replaces the source address with the home address before passing the packet to upper layer protocols 13-dec-2005 Holger Zuleger 7/15

Route optimization (2) Home Networ k Home Agent CN Foreign Networ k CN sends traffic to MN with CoA as destination address Packet contains a special Routing Header with HoA as second hop MN removes the routing header and forwards the packet tothe next hop specified by the routing header MN Upper layer protocol is only aware of HoA But: Binding update must be secured 13-dec-2005 Holger Zuleger 8/15

Secure Binding Home Networ k Home Agent IPsec encrypted binding CN Foreign Networ k?? signed?? MN Tr ust relationship between MN and HA IPsec with ESP in transpor t mode must be used for binding update message No trust relation between MN and CN Retur n Routeability mechanism used to proof the reachability of MN 13-dec-2005 Holger Zuleger 9/15

Retur n Routeability Procedure (1) Home Networ k Home Agent HTi CN CTi Foreign Networ k MN MN sends two messages with a cookie to CN Home Test init (HTi) is send via HA (traffic to HA must be encrypted) Care-of Test init (CTi) is send directly to CN CN uses pre-generated key and nonce to build two keygen tokens (Key: random number of 20 octets; Nonce: random octet string of any length) home keygentok := FIRST (64, HMAC_SHA1 (key, (HoA nonce "0"))) care-of keygentok := FIRST (64, HMAC_SHA1 (key, (CoA nonce "1"))) 13-dec-2005 Holger Zuleger 10/15

Retur n Routeability Procedure (2) Home Networ k Home Agent HT CT CN bmkey signed binding Foreign Networ k MN CN sends keygen tokens and cookies back to MN Home Test (HT) and Care-of Test (CT) messages MN builds binding message key bmkey := SHA (home keygen token care-of keygen token) MN sends binding update message signed with bmkey CN can proof that the MN is reachable via both paths 13-dec-2005 Holger Zuleger 11/15

What s next? Bootstrapping MIPv6 No static configuration of HA address and HoA on mobile nodes Networ k mobility (NEMO) (Instead of node mobility) IETF wor king group with focus on mobile networ ks (e.g. prefix delegation) Mobile adhoc networ ks (MANET) Interwor king of Mobile Ad-hoc networ ks and Mobile IPv6 Networ ks Mobile node roaming in between MIPv6 and MANET MANET roaming as a MIPv6 client Signaling and Handoff Optimization (mipshop) Fast Handovers for Mobile IPv6 (FMIPv6, RFC4068) See also www.fimpv6.org and www.rz.fhtw-ber lin.de/projekte/mipv6 Hierachical MIPv6 mobility management (HMIPv6, RFC4140) Cr yptographically generated (IPv6) addresses (RFC 3972) MN can prove that it owns its HoA by including its public key in the binding update and by signing the resulting message (No PKI needed) 13-dec-2005 Holger Zuleger 12/15

Summar y No foreign agent required Scalable solution if CN supports MIPv6 Microsoft Windows 2003 and XP, {Free Open Net}BSD, Linux (with MIPL patch) Home networ k router can also function as an Home Agent Cisco IOS 12.3(14)T, 12.4(2)T, but RFC3776 is not supported :-( Redundant HA with dynamic discovery (IPv6 anycast address) MIPv6 support the use of End-to-End IPsec (transpor t or tunnel mode) Some open security issues (CGA prevents this) Attacker which is able to capture all RR packets could send bindings on behalf of the MN Handover time must be improved MIPv6: Handover latency = 2 seconds; packet loss = rate x latency FMIPv6: Handover latency = Wlan handover latency; packet loss = 0 MIPv6 requires (naturally) a IPv6 networ k :-( But think about 6to4 as a care of address... ;-) 13-dec-2005 Holger Zuleger 13/15

References Tutor ial: IPv6 mobility and security Wolfgang Fritsche, IABG, German IPv6 Summit, Bad Godesberg 2004 Mobile IPv6 White Paper Wolfgang Fritsche, Flor ian Heissenhuber IABG, August 2000 Mobility Support in IPv6 RFC3775, June 2004 Using IPsec to Protect MIPv6 Signaling between Mobile Nodes and Home Agents RFC3776, June 2004 Analysis of the handover in a WLAN MIPv6 scenario Alber t Cabellos Aparicio, Global IPv6 Summit, Barcelona 2005 Deliverable4.1.4: Final Mobile IPv6 Support Guide 6net Large-Scale International IPv6 Pilot Networ k, Febr uar 2005 Technical Report: Mobility over IPv6 Networ ks Euro6IX, March 2003 RFC3972, RFC4048, RFC4140,... 13-dec-2005 Holger Zuleger 14/15

Questions? http://www.hznet.de/ipv6/mipv6-intro.pdf 13-dec-2005 Holger Zuleger 15/15

Questions? http://www.hznet.de/ipv6/mipv6-intro.pdf Thank you ver y much for your attention! 13-dec-2005 Holger Zuleger 15/15

CONTENTS... 1 MIPv6... 2 Terminology... 3 Bidirectional Tunnel Mode (1)... 4 Bidirectional Tunnel Mode (2)... 5 Tr iangle Routing?... 6 Route optimization (1)... 7 Route optimization (2)... 8 Secure Binding... 9 Retur n Routeability Procedure (1)... 10 Retur n Routeability Procedure (2)... 11 What s next?... 12 Summar y... 13 References... 14... 15 <

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information