Mobile IP Details 1 Mobile IP Terminology CN

Mobile IP: Details 1

Mobile IP Terminology CN, Correspondent Node CN HA Destination IP host in session with a Mobile Node Internet COA FA HA, Home Agent Maintains an association between the MN’s “home” IP address and its care of address (loaned address) on the foreign network MN FA, Foreign Agent Provides an addressable point of attachment to the MN called Care Of Address (COA) Maintains an awareness for all visiting MNs Acts as a ‘relay’ between the MN and its Home Agent Redirects and tunnels packets to the care of address on the foreign network MN Receives all packets for the MN from the MN’s Home Agent MN, Mobile Node An IP host that maintains network connectivity using its “home” IP address, regardless of which subnet (or network) it is connected to

Overview of Mobile IP Functionality CN 5. 4. FA 1. and 2. MN • • • HA 3. 1. MN discovers Agent 2. MN obtains COA (Care Of Address) 3. MN registers with HA 4. HA tunnels packets from CN to FA 5. FA forwards packets from MN to CN

Three keys of Mobile IP • How does the Mobile Node find out where it is? –Agent Discovery — ICMP Router Discovery • How does the Mobile Node Inform its current location? –Registration—Authentication, location update and service negotiation • How are packets delivered? –Tunneling— IP in IP or GRE

Agent Discovery

Agent discovery • determines whether connected to home link or foreign link • detects whether it has moved from one link to another • obtains a care-of address

Agent discovery message formats • agent solicitations: – Time to live set to 1 – Type = 10 in ICMP router solicitation • agent advertisements: – IP header fields: – ICMP router advertisement fields – Mobility agent advertisement extension fields – Prefix-length extension fields

messages for agent discovery • agent solicitations: – force any agents on the link to immediately transmit advertisements – #Fig. 5 -1

Messages for agent discovery • Agent advertisements: – periodically broadcast or multicast to each link on which the agent is configured to perform as agents (broadcast on a link: IP level and linklayer level) – mobile nodes connected to this link listens to these advertisements

Mobile IP Agent Discovery MN IRDP: Agent Advertisement: Lifetime, Services Registration ICMP (Internet Control Message Protocol) IRDP (ICMP Router Discovery Protocol) MN IRDP: Agent Solicitation: Lifetime, Services • • MN FA ICMP/IRDP messages Agents send advertisements messages Mobile nodes send solicitation messages Used to detect movement and register HA

IP header fields • used by a mobile node to determine if it is “at home” or “away” • (if the netid of the IP source addr. = the netid of mobile node’s home address) – connected to home link • (other) – connected to foreign link – invoke “move detection”

ICMP router advertisement fields • type = 9 in ICMP message: advertisement • Code=16: 0 for (normal) routers, use 16 for home agents and foreign agents • Lifetime: if the mobile node fails to hear another advertisement within the lifetime, it think it has moved to other link • Num Addrs: number of address pairs • Addr Entry Size: 8 bytes * If IP total length is longer than expected, then the additional portion is interpreted as extensions

Mobility Agent Advertisement Extension Fields • Type: 16 • Sequence Number: – reset to 0 on rebooting, incremented on each advertisement – mobile node can detect the reboot of agents from this number • Registration Lifetime and R, M, G and V: related to registration and routing • F, H: Foreign agent, Home agent (11 for both) • B: too busy to accept another registration of mobile nodes • Care-of address: a mobile node may choose any • Prefix-length Extension Fields: used for “move detection”

Mobile IP Agent Advertisement • • • ICMP RDP Services (RBHFMGV) COA (Care Of Address) Registration lifetime Prefix-length ext. Periodic or solicited

Registration

What is registration? • requests routing services from a foreign agent on a foreign link • informs its home agent of its current care-of address • renews a registration about to expire • deregisters when returning to its home link • allows a mobile node to have multiple care-of address and home agent to tunnel copies to them • deregister specific care-of address • dynamically ascertain the address of a potential home agent

Mobile IP Registration MN IRDP: Agent Advertisement: Lifetime, Services MN HA FA IRDP: Agent Solicitation: Lifetime, Services Registration MN • Register with the home agent ICMP (Internet Control Message Protocol) IRDP (ICMP Router Discovery Protocol) –Authentication –Setup binding and visiting tables/tunnels • Agree on services –Tunnel type, Lifetime, etc.

Mobile IP Registration Router 1. MN (COA) HA 2. FA (COA) 1 1. MN’s Co-located COA –MN sends registration directly to HA –Tunnel From HA to MN 2 2. FA’s COA –One address used –FA relays registration from MN to HA

messages for registration • within UDP • #Fig. 5 -3 in Solomon

Registration scenarios

Registration protocol • If a mobile node does not receive a Registration Reply within a reasonable time, retransmits Request (with increasing time interval), up to some maximum

Registration protocol • • Mobile node sends registration request Foreign agent(if any) relays it Home agent sends registration reply if no reply received, the mobile node resends request with increasing time interval • requests and replies in UDP datagram

binding • A table entry in home agents that maps a mobile node’s home address to mobile node’s current care-of addresses • valid only for specific lifetime, needs reregister

Registration request • Link-layer: – source address = mobile node’s link layer address – destination address = 1) FA 2) router’s 3) home agent’s

Registration request • UDP header: – source port = any – dest. port = 434 (reserved for mobile IP) • Mobile IP fields: – – Type = 1 for request, 3 for reply S = 1 if this request should not affect existing bindings B = 1 for a copy of local broadcasts at home link D = 1 decapsulation is performed at collocated care-of address – M = 1 for minimal encapsulation – G = 1 for Generic Record encapsulation – V = 1 for Van Jacobson header compression

Registration request

Registration request

Registration request • IP layer: – source address = 1) mobile node’s home address (away via FA) 2) care-of address (collocated) 3) home address (at home) – destination address = 1) FA 2) HA 3) HA

Registration request – lifetime = number of seconds before registration expires – home address – home agent – care-of address – identification: 64 bits matches request and reply, security – extension

Mobile IP Registration Request • • Service (SBDMGV) Lifetime requested Home IP address HA (Home Agent) Address COA (Care Of Address) Identification Authentication Ext

Mobile IP Registration Reply • • • Lifetime granted Home IP address HA (Home Agent) Identification Authentication Ext

Processing Registration Request

How does a foreign agent process a registration request? • perform validity check and sends a registration reply if it fails – failed mobile-FA authentication – mobile nodes requested a lifetime exceeding the maximum value permitted by the FA – request type of tunneling not supported by FA – FA has insufficient resource to support additional mobile nodes

How does a foreign agent process a registration request? • Relay: – change IP header and UDP header: – IP source: interface from which sending the message – IP destination: home agent – UDP source: variable – UDP dest. : 434

How does a home agent process a registration request? • validity checks – – – 135: over the limit for the simultaneous registration 129: unauthorized service area 136: help the mobile node find a usable home agent 130: insufficient resource 133: help the mobile node resynchronize its replay protection • updates mobile node’s binding entry

How does a home agent process a registration request?

How does a home agent process a registration request? • registration reply: – code if no simultaneous binding is supported – lifetime updated if exceeding maximum

How does a foreign agent process a registration request? • update a visitor list – – – – link layer source address of the mobile node IP source address (mobile node’s home address) IP destination address UDP source port home agent address identification field requested registration lifetime remaining lifetime of pending or current registration

Obtain HA’s address

How can a mobile node learn the address of a home agent? • manual configuration • using registration request and reject message 1) home link directed IP broadcast – ex) 125. 128. 72. 255/24 – may put the broadcast address in the home agent address field of registration request

How can a mobile node learn the address of a home agent? 2) foreign agent involved for home-link directed IP broadcast – registration request to FA with home agent address field set to home agents • reject message with code 136: unknown home agent address – the home agent field within the “reject” reply contains the unicast address of the home agent replying • retry registration with one of the obtained home agent address

Authentication

Another Devil: Security Issues • We'll look at only one of the "godzillions" of security issues: • Bogus registration (denial of service) attacks – Malicious host sends fake registration messages to home agent "on behalf" of the mobile host – Packets could be forwarded to malicious host or to the bit bucket

Bogus Registration Attack ? ? Send packets to me!! Hehehehe!! registration request Madame Evil home agent

Authentication • To fix this problem, authenticate registration attempts • Use private key encryption to generate a message digest • Home agent applies private key to message to see if message digest is identical

Authentication, Cont. … care-of address… private key digest ? ? ? home agent

Ooops. Replay Attacks! diges t home agent "…mooohahahaha!!!!!"

Avoiding Replay Attacks • Avoid replay attacks by making registration requests un-replayable • Add estimate of local time or a pseudo-random number to registration request/reply • If time estimate or random number is not the expected number, provide info in "NO!" reply for resynchronization • Insufficient information to help malicious host

Mobile IP Authentication Ext. • Mobile-Home (MH) authentication • Mobile-Foreign (MF) authentication • Foreign-Home (FH) authentication

Mobile IP Authentication Ext. MN • MH(m), MF(o), FH(o) Auth Ext IP Header UDP Header Mobile IP Registration MH Auth. Ext. MF Auth. Ext. FA (m) = mandatory (o) = optional IP Header UDP Header Mobile IP Registration MH Auth. Ext. HA FH Auth. Ext.

Mobile IP Authentication Ext. • • Security association Manual key distribution MD 5— 16 byte keys Prefix-suffix mode

HA Registration Operation • • • Authenticate MN Add MN to mobility binding table Tunnel setup Send out gratuitous ARP Add host route to MN via tunnel Send registration reply

Move Detect

How does a mobile node determine that it has moved? • Using lifetime(slow detection) – agents send periodic advertisement 3 times faster than the lifetime – if a mobile node do not receive advertisements within the lifetime, it is regarded as “moved” • Using “network-prefixes” – Compute the network-prefix of the address of another foreign agent’s advertisement to see if it is from a different link using Prefix-length extension

What if no advertisements? • try ICMP echo request: guess it is on home link and home agent is temporarily dead • try DHCP: guess connected on some foreign link, use the address as a collocated address • manual configuration • Movement detection without advertisements(upper layer solution): – TCP progress monitoring – promiscuous link examination: comparing the networkprefixes of all the flying packets with that of current care-of address

Mobile IP Transparent Roaming MN FA 10. 31. 2. 1 FA MN 10. 31. 1. 1 MN FA/MN Register with the HA Mobility Binding Table: MN Co. A 1. 1. 1. 3 10. 31. 1. 7 10. 31. 1. 8 10. 31. 2. 1 1. 1. 1. 5 10. 31. 3. 1 FA MN 10. 31. 3. 1 HA

Mobile IP Transparent Roaming MN Realizes It Has Moved to a Network With a New FA Mobility Binding Table: MN Co. A 1. 1. 1. 3 10. 31. 1. 7 10. 31. 1. 8 10. 31. 2. 1 1. 1. 1. 5 10. 31. 3. 1 MN Registers With this New FA MN FA 10. 31. 2. 1 FA MN 10. 31. 3. 1 HA FA MN 10. 31. 1. 1 MN When the MN Moves It Re-Registers via Its New FA

Mobile IP Re Registration When the New Registration Is Received, a New Care-of Address Is Installed in the HA MN FA FA MN 10. 31. 2. 1 10. 31. 3. 1 HA New Data Path FA MN Mobility Binding Table: MN Co. A 1. 1. 1. 3 10. 31. 1. 7 10. 31. 2. 1 1. 1. 1. 8 10. 31. 2. 1 1. 1. 1. 5 10. 31. 3. 1 10. 31. 1. 1 Old Data Path No Change Is Propagated to Correspondents The Movement Is Transparent to all other Devices

Mobile IP: De-Registration • Register with a lifetime value of 0 – When MN Returns to Home Network – When MN decides to Power-down • On De-Registration or on Timer Expiry, resources are reclaimed at the HA/FA

Van Jacobson header compression • From Mobile node and foreign agent (usually wireless with limited bandwidth) • Both endpoints save the initial headers (TCP+IP) • The initial headers are updated during TCP session by sending only the changes to the header values • 40 bytes reduced to 3~5 bytes • link layer should be able to distinguish header compression • ex) PPP

Header compression • use connection id to represent a 4 -tuple connection • A byte to code changes in the fields + 2 byte checksum • Changes follow the byte

Soft state • Problem: For an encapsulating datagram, an ICMP error message from inside a tunnel can not return the original (encapsulated source/dest. IP addresses) : ICMP error message = IP header + 8 bytes • Solution: put a soft state at the tunnel entry point – path MTU of the tunnel – length of tunnel – if the end-point is reachable • The router at the entry point issues ICMP error message to the original sender

Minimal encapsulation • less overhead than the default IP-in-IP • not used with fragmented datagram (no room for fragmentation in minimal header) • protocol field in IP header: 55 • dest. address of the IP header replaced by the tunnel exit point • source addr. field is replaced by the encapsulator’s address (if it differs from the original source, in which case source address is added in minimal encapsulate header --> S = 1)

Minimal encapsulation

Minimal encapsulation

Generic Record Encapsulation • can encapsulate numerous other protocols besides IP

How to know who really sent a registration message? • include user name and password • identification (64 bits) field in registration request and timer sync

How to prevent ping-ponging wireless cells? • wire cells tend to overlap causing continuous registration • link-layer solution: use bridges to form a link, smooth handoff • simultaneous binding: having multiple care-of addresses • trend: form a single link using handoff • there exist some impossible cases for simultaneous binding: using different frequency • #Fig. 5 -7 & 5 -8 in solomon

Wireless Coverage

Simultaneous binding example •

R bit in agent advetisement • registration required • tells a mobile node that it must register via that foreign agent even when it is using collocated care-of address, otherwise refuse routing • helps ISP to charge • #Fig. 5 -9 in solomon

R bit used for service providers

Routing datagrams

Mobile IP Packet Forwarding Home Agent Correspondent Host Foreign Agent Mobile Node • Traffic is sent as usual to the home subnet • The home agent intercepts (Proxy ARP) the traffic while the mobile node is registered as away • Traffic is tunneled to its current location • Traffic from the mobile node can go directly to the correspondent host

HA Routing • • Acts as router Look up MN host route Send out on tunnel interface Tunnel fast switching

FA Routing • Decapsulate packet from tunnel • Look up visitor table • Use ARP entry to reach MN

How are packets routed to and from mobile nodes? • at home link: use conventional IP, better store a copy of the routing table before leaving • at foreign link:

Tunneling

How does a home agent intercept packets? • advertise reachability to the home address of the mobile node • proxy ARP reply • gratuitous ARP on registration from a mobile node • gratuitous ARP on returning to home link

Routing table integration via virtual interfaces • integrate tunneling into routing tables at tunnel entry point: use host-specific route to send the packet to a virtual interface where encapsulation is performed and the encapsulated packet is again presented to IP layer forwarding

Routing table at HA

Encapsulation via Virtual Interface(HA)

At FA • IP in IP packet is presented to upper layer after decapsulation • the upper layer is IP layer again with dest. addr equal to home address • use host-specific routing to deliver the packet to the mobile node

Routing table at FA

Encapsulation via Virtual Interface(HA)

How do mobile nodes send packets? • within a foreign agent: – obtain routers link-layer address from agent advertisement or router advertisement – ARP is allowed with collocated care-of but not with foreign agent (can not communicate after it moves to a different link) • without a foreign agent: – router advertisement – obtain router’s address

Reverse tunneling

Packets Dropped due to "Ingress" Filtering Correspondent, home agent on same network. Packet from mobile host is deemed "topologically incorrect" correspondent host home agent

Network ingress filtering and mobile IP • routing is based solely on destination addresses • network ingress filtering: discard packets from “wrong” places • mobile node at a foreign link: network-prefix of the IP does not match the network-prefix of the foreign link --> “wrong” packets • this may cause blocking • solution: reverse tunneling, FA tunnels the packets to the mobile node’s home agent and resend there.

Why not source routing instead of tunneling? • loose source and record route option in IP • input care-of address as an intermediate option • rarely supported by routers • needs additional processing by routers on the path

Why the triangle route? • optimized tunneling • hard to authenticate • no much saving

Triangle routing vs Optimized Routing

Route Optimizations • Possible Solution: – Home agent sends current care-of address to correspondent host – Correspondent host caches care-of address – Future packets tunneled directly to care-of address • But! – An instance of the cache consistency problem arises. . . – Cached care-of address becomes stale when the mobile host moves – Potential security issues with providing care-of address to correspondent (ask me about this when we talk about security!)

Possible Route Optimization

Routing Broadcast or multicast

Can mobile nodes send/receive broadcasts/multicasts? • prefix-specific broadcast vs link-specific broadcast • receiving broadcast with collocated care-of address • B bit in registration request • D bit in registration request

Can mobile nodes send/receive broadcasts/multicasts? • receiving broadcast with foreign agent care-of address: – nested encapsulation: encapsulate the broadcast packet with home address and then encapsulates it with care-of address – D=0 • • sending broadcast: link-specific to foreign link-specific to home link prefix-specific

Multicast • for multicast tree, the IP source address must be topologically true • tunnel to the home agent and start there • join the multicast group