Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Network Protocols/Mobile IP
Motivation
Data transfer
Encapsulation
Security
IPv6
Problems
DHCP
Ad-hoc networks
Routing protocols
9.0.1
9.1.1
Compatibility
support of the same layer 2 protocols as IP
no changes to current end-systems and routers required
mobile end-systems can communicate with fixed systems
Security
9.2.1
Terminology
Mobile Node (MN)
communication partner
9.3.1
Example network
HA
MN
router
home network
mobile end-system
Internet
FA
foreign
network
router
(current physical network
for the MN)
CN
end-system
router
9.4.1
MN
home network
Internet
receiver
3
FA
CN
sender
foreign
network
home network
MN
sender
Internet
FA
foreign
network
CN
receiver
9.6.1
Overview
COA
home
network
router
FA
router
HA
MN
foreign
network
Internet
CN
router
home
network
router
HA
router
FA
2.
Internet
3.
MN
4.
foreign
network
1.
CN
router
9.7.1
Network integration
Agent Advertisement
Advertisement
9.8.1
Agent advertisement
7 8
type
#addresses
15 16
23 24
checksum
lifetime
31
code
addr. size
router address 1
preference level 1
router address 2
preference level 2
...
type
length
registration lifetime
sequence number
R B H F M G V reserved
COA 1
COA 2
...
9.9.1
Registration
MN re
FA
gist
requ ration
es
HA
MN r
HA
egis
requ tration
e
st
regi
s
requ tration
es t
n
ratio
t
s
i
reg
y
repl
n
ratio
t
s
i
reg
y
repl
stra
regi
y
repl
tion
9.10.1
7 8
type
15 16
S B DMG V rsv
home address
home agent
COA
23 24
lifetime
31
identification
extensions . . .
9.11.1
Encapsulation
original IP header
new IP header
outer header
original data
new data
inner header
original data
9.12.1
Encapsulation I
Encapsulation of one packet into another as payload
ver.
IHL
TOS
length
IP identification
flags
fragment offset
TTL
IP-in-IP
IP checksum
IP address of HA
Care-of address COA
ver. IHL
TOS
length
IP identification
flags
fragment offset
TTL
lay. 4 prot.
IP checksum
IP address of CN
IP address of MN
TCP/UDP/ ... payload
9.13.1
Encapsulation II
Minimal encapsulation (optional)
avoids repetition of identical fields
e.g. TTL, IHL, version, TOS
only applicable for unfragmented packets, no space left for
fragment identification
ver.
IHL
TOS
length
IP identification
flags
fragment offset
TTL
min. encap.
IP checksum
IP address of HA
care-of address COA
lay. 4 protoc. S reserved
IP checksum
IP address of MN
original sender IP address (if S=1)
TCP/UDP/ ... payload
9.14.1
outer header
new header
GRE
header
original
header
original data
original
header
original data
new data
ver.
IHL
TOS
length
IP identification
flags
fragment offset
TTL
GRE
IP checksum
IP address of HA
Care-of address COA
C R K S s rec.
rsv.
ver.
protocol
checksum (optional)
offset (optional)
key (optional)
sequence number (optional)
routing (optional)
ver.
IHL
TOS
length
IP identification
flags
fragment offset
TTL
lay. 4 prot.
IP checksum
IP address of CN
IP address of MN
TCP/UDP/ ... payload
9.15.1
Solutions
sender learns the current location of MN
direct tunneling to this location
HA informs a sender about the location of MN
big security problems!
Change of FA
packets on-the-fly during the change can be lost
new FA informs old FA to avoid packet loss, old FA now forwards
remaining packets to new FA
this information also enables the old FA to release resources for the
MN
9.16.1
HA
FAold
FAnew
MN
request
update
ACK
data
data
registration
registration
update
ACK
data
data
MN changes
location
warning
data
update
ACK
data
data
t
9.17.1
MN
home network
Internet
sender
1
FA
CN
receiver
foreign
network
1. MN sends to FA
2. FA tunnels packets to HA
by encapsulation
3. HA forwards the packet to the
receiver (standard case)
9.18.1
9.19.1
9.20.1
Firewalls
QoS
many new reservations in case of RSVP
tunneling makes it hard to give a flow of packets a special treatment
needed for the QoS
9.21.1
Security in Mobile IP
Security requirements (Security Architecture for the Internet
Protocol, RFC 1825)
Integrity
any changes to data between sender and receiver can be detected
by the receiver
Authentication
sender address is really the address of the sender and all data
received is really data sent by this sender
Confidentiality
only sender and receiver can read the data
Non-Repudiation
sender cannot deny sending of data
Traffic Analysis
creation of traffic and user profiles should not be possible
Replay Protection
receivers can detect replay of messages
9.22.1
IP security architecture I
Authentication-Header
guarantees integrity and authenticity of IP packets
if asymmetric encryption schemes are used, non-repudiation can also
be guaranteed
IP-Header
IP header
Authentification-Header
authentication header
UDP/TCP-Paket
UDP/TCP data
IP header
encrypted
ESP header
encrypted data
9.23.1
IP security architecture II
parameters for the mobile host (MH), home agent (HA), and foreign
agent (FA)
MH
registration reply
registration request
FA
registration reply
HA
9.24.1
Key distribution
Home agent distributes session keys
FA
HA
MH
response:
EHA-FA {session key}
EHA-MH {session key}
9.25.1
Client/Server-Model
the client sends via a MAC broadcast a request to the DHCP server
DHCPDISCOVER
(might be via a DHCP relay)
DHCPDISCOVER
server
client
client
relay
9.26.1
server
(not selected)
determine the
configuration
DHCPDISCOVER
DHCPDISCOVER
DHCPOFFER
DHCPOFFER
server
(selected)
determine the
configuration
collection of replies
time
selection of configuration
DHCPREQUEST
(reject)
DHCPREQUEST
(options)
confirmation of
configuration
DHCPACK
initialization completed
release
DHCPRELEASE
delete context
9.27.1
DHCP characteristics
Server
Renewal of configurations
Options
9.28.1
Ad hoc networks
Standard Mobile IP needs an infrastructure
C
9.29.1
N1
N1
N2
N3
N4
time = t1
N3
N2
N4
N5
good link
weak link
N5
time = t2
9.30.1
Link State
periodic notification of all routers about the current state of all
physical links
router get a complete picture of the network
Example
ARPA packet radio network (1973), DV-Routing
every 7.5s exchange of routing tables including link quality
updating of tables also by reception of packets
routing problems solved with limited flooding
9.31.1
Problem
9.32.1
9.33.1
Maintaining a path
only while the path is in use one has to make sure that it can be
used continuously
9.34.1
if the station is the receiver (i.e., has the correct destination address)
then return the packet to the sender (path was collected in the packet)
if the packet has already been received earlier (identified via ID) then
discard the packet
otherwise, append own address and broadcast packet
Optimizations
limit broadcasting if maximum diameter of the network is known
caching of address lists (i.e. paths) with help of passing packets
stations can use the cached information for path discovery (own paths
or paths for other hosts)
9.35.1
9.36.1
Internet
cluster
super cluster
9.37.1
Interference-based routing
Routing based on assumptions about interference between signals
N1
N2
R1
S1
N3
N4
S2
neighbors
(i.e. within radio range)
N5
N7
N6
N8
R2
N9
9.38.1
9.39.1