Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Mobile IP seminar report
Post: #1

[attachment=1099]
ABSTRACT
The Mobile IP protocol was designed to support seamless and continuous Internet connectivity for mobile computing devices such as notebook PCs, cell phones, PDAs, etc. Utilizing Mobile IP, the mobile computing device is able to stay connected as it moves about and changes its point of attachment to the Internet. Both home and local resources, such as location based services, instant messaging, and email, are continuously accessible.
This paper discusses the basic architecture and working of mobile ip, various issues related to its security and operation. Also networking with mobile ip is discussed in a brief manner.

1. Introduction
While Internet technologies largely succeed in overcoming the barriers of time and distance, existing Internet technologies have yet to fully accommodate the increasing mobile computer usage. A promising technology used to eliminate this current barrier is Mobile IP. The emerging 3G mobile networks are set to make a huge difference to the international business community. 3G networks will provide sufficient bandwidth to run most of the business computer applications while still providing a reasonable user experience. However, 3G networks are not based on only one standard, but a set of radio technology standards such as cdma2000, EDGE and WCDMA. It is easy to foresee that the mobile user from time to time also would like to connect to fixed broadband networks, wireless LANs and, mixtures of new technologies such as Bluetooth associated to e.g. cable TV and DSL access points.
In this light, a common macro mobility management framework is required in order to allow mobile users to roam between different access networks with little or no manual intervention. (Micro mobility issues such as radio specific mobility enhancements are supposed to be handled within the specific radio technology.) IETF has created the Mobile IP standard for this purpose.
Mobile IP is different compared to other efforts for doing mobility management in the sense that it is not tied to one specific access technology. In earlier mobile cellular standards, such as GSM, the radio resource and mobility management was integrated vertically into one system. The same is also true for mobile packet data standards such as CDPD, Cellular Digital Packet Data and the internal packet data mobility protocol (GTP/MAP) of GPRS/UMTS networks. This vertical mobility management property is also inherent for the increasingly popular 802.11 Wireless LAN standard.
Mobile IP can be seen as the least common mobility denominator - providing seamless macro mobility solutions among the diversity of accesses. Mobile IP is defining a Home Agent as an anchor point with which the mobile client always has a relationship, and a Foreign Agent, which acts as the local tunnel-endpoint at the access network where the mobile client is visiting. Depending on which network the mobile client is currently visiting; its point of attachment Foreign Agent) may change. At each point of attachment, Mobile IP either requires the availability of a standalone Foreign Agent or the usage of a Co-located care-of address in the mobile client itself.

2. Flavours of Mobility
The concept of Mobility or packet data mobility, means different things depending on what context the word is used within. In a wireless or fixed environment, there are many different ways of implementing partial or full mobility and roaming services. The most common ways of implementing mobility (discrete mobility or IP roaming service) support in todayâ„¢s IP networking environments includes simple PPP dial-up as well as company internal mobility solutions implemented by means of renewal of IP address at each new point of attachment. The most commonly deployed way of supporting remote access users in todayâ„¢s Internet is to utilize the public telephone network (fixed or mobile) and to use the PPP dial-up functionality.
Another mobility scenario that is quite often used within company local area networks or even in company worldwide environments is implemented by deploying the DHCP get and release functions. Basically the terminal device is given a topologically correct IP address in every new point of attachment. This DHCP discrete mobility support is most often bundled with e.g.
Microsoft NT back-office login procedures.
While working very well within the constraints where the discrete dial-up and DHCP mobility solutions are defined, both of them have severe limitations when it comes to supporting road-warriors i.e. roaming users wanting access to their home-network resources at any specific time and place, independently of access network technology.
Another feature that cannot easily be supported with the discrete mobility approaches is the concept of session continuity among access technologies. Session continuity means that users should be able to be connected to e.g. home network resources with limited interruption while changing access network and even access technology. Users should not be forced to restart applications “ or in worst case reboot their mobile devices when changing access technologies. Roaming (in an IP environment conceptually being away from the home network, but keeping the service agreement with the home network) and the change of access network (multi-access) should be as seamless as possible for the user. In the next generation IP network it should be possible to be connected all the time - possibly forever “ while keeping the state of on-going user application sessions.
When deploying Mobile IP, terminal mobility is tied to the Mobile IP protocol itself. Terminal mobility means that the terminal may change point of attachment with minimal impact on ongoing services “ sessions continue in a seamless manner. Terminal mobility is implemented within Mobile IP and, it is among other things, the cornerstone for providing handover services (in a fast and loss-less manner) among access points. Since the handover is implemented on the network layer “ applications will survive and session continuity is inherently provided for.

3. Private and Public Networks
We use the concept public network in the sense of meaning that a public network is an IP network with public IP addresses. All public networks are interconnected via routers and thereby form the Internet. A private network, on the other hand, is an IP network that is isolated from the Internet in some way. A private network may use private or public IP addresses “ it may be connected to the Internet via a network address translator or a firewall. However, it is not a part of the Internet since its internal resources are protected from the Internet. Private Networks may use the Internet to interconnect a multi-site private network, a multi-site VPN solution.
The concept of network partitioning is used to denote that there is not a single IP network. Instead there are many IP networks with different characteristics. Each IP network constitutes its own realm, and may also reuse the same IP addresses as used in another domain. Communication
between the different IP networks is established on a higher protocol level.
Originally IPv4 was designed around the concept of a transparent network layer, where each and every host had a logical address that was unique and never changed. This was the basis for a global connectivity layer where all hosts on the Internet where supposed to be reached via direct addressing on the IP layer. Intermediate equipment was never supposed having to change or look into the upper layers of the transmitted IP packets. Due to mainly two factors the Internet does not look like that anymore. The first factor is the shortage of IPv4 network addresses whilst the second is that network partitioning (e.g. Intranet solutions, VPNs) in many cases is regarded as a feature rather than a disadvantage. There is no distinct separation between the two drivers of network partitioning. Example mechanisms for implementing separation because of the shortage of network addresses are Dynamic IP address assignment via mechanisms such as PPP and DHCP. Another mechanism is Network Address Translators, NATs in different flavors. On the other hand when it comes to a feature driven network separation, there are mechanisms such as Firewalls, Proxy and Cache servers. The effect on the Internet is the same independently of the reasons; namely that the Internet network layer transparency has partially disappeared. It is fair to say that even though Internet technology is used today in an extremely successful way, the Internet philosophy has been gradually abandoned. The lack of end-to-end network layer transparency is sometimes referred to as the fog on the Internet. Sometimes we need specific techniques within Mobile IP in order to be able to establish and maintain IP communication, even though parts of the Mobile IP infrastructure resides in private networks or behind firewalls “ to clear the fog.
4. Mobile IP: the basics

4.1 The Basics
In general, on the Internet, IP packets are transported from their source to their destination by allowing routers to forward data packets from incoming network interfaces to outbound network interfaces according to information obtained via routing protocols. The routing information is stored in routing tables. Typically the routing tables maintain the next-hop (outbound interface) information for each destination IP network. The IP address of a packet normally specifies the IP clientâ„¢s point of attachment to the network. Correct delivery of IP packets to a clientâ„¢s point of network attachment depends on the network identifier portion contained in the clientâ„¢s IP address. Unfortunately, the IP address has to change at a new point of attachment.

Altering the routing of the IP packets intended for a mobile client to a new point of attachment requires a new client IP address associated with that new point of network attachment. On the other hand, to maintain existing transport protocol layer connections as the mobile client moves, the mobile clientâ„¢s IP address must remain the same.
In order to solve this problem, Mobile IP introduces two new functional entities within IP networks. Those are the Foreign Agent, FA and the Home Agent, HA. These two new entities together with enhancements in the mobile node (the client) are the basic building blocks for a Mobile IP enabled network. The last entity for providing a full reference for a basic Mobile IP enabled network is the Correspondent Node, CN. The Correspondent Node is another IP entity e.g. an Internet Server with which the mobile node communicates. In the basic Mobile IP scenarios the Corresponding Node does not need to have any Mobile IP knowledge at all. This is an important distinction. To require that new devices that are introduced on the Internet to have new functionality is one thing “ to require that all Internet servers and fixed clients should be upgraded is completely different. A Mobile IP enabled network requires the mobile nodes to be upgraded, it also requires new functions in the visiting and home networks; however it does not require upgrading of core Internet services.
The basic entities constituting a MIP aware network are:
¢ The Mobile Node comprising the Terminal Equipment and the Mobile Termination
¢ The Foreign Agent
¢ The Home Agent
¢ The Corresponding Node
4.2 Mobile IP Operation
SENDING AND RECEIVING PACKETS
4.2.1 Sending and Receiving Packets
How a mobile node receives packets
When the mobile node is not attached to its home network, the home agent receives all packets destined for the mobile node's home address. The home agent then delivers these packets to the mobile node via the mobile node's care-of address. The home agent directs packets from the home address to the care-of address by constructing a new IP packet that contains the mobile node's care-of address as the destination IP address. This new IP packet encapsulates the original IP packet, and the new IP packet is routed to the destination care-of address. When the packet arrives at the care-of address, the original IP packet is extracted and delivered to the mobile node. This encapsulation is also called tunneling
How a mobile node sends packets
Tunneling is generally not required when the mobile node sends a packet.The mobile node transmits an IP packet with its home agent address as the source IP address.The packet is routed directly to its destination without unnecessarily traversing the home network.This technique fails,however,in networks that do source IP address checking,so reverse tunneling can be used if necessary.
4.2.2 Discovering the care of address ARE-
OF ADDRESS
A mobile node, when attaching to a foreign network, must acquire a care-of address on that network. There are two ways of achieving this:
Foreign agent care-of address (agent solicitations / agent advertisements)
Home agents and foreign agents regularly,on the order of every few seconds,broadcast on their subnet messages known as agent advertisements The agent advertisement was designed as an extension of the already existing ICMP router advertisement message.The agent advertisement conveys,among other things,the following information: Whether the agent is a home agent,a foreign agent,or both. A list of available care-of addresses.
Home agents send agent advertisements to make themselves known, even if they do not offer any care-of addresses. The mobile node may also broadcast or multicast an agent solicitation message. Any home or foreign agent that receives the agent solicitation message will respond with an agent advertisement.
Co-located care-of address
A co-located care-of address is a care-of address acquired by the mobile node as a local IP address through some external means, such as DHCP which the mobile node then associates with one of its own network interfaces. When using a co-located care-of address, the mobile node serves as the endpoint of the tunnel and itself performs decapsulation of the datagrams tunneled to it.
REGISTE
4.2.3 Registering the care-of address
After a mobile node discovers its care-of address,it needs to inform its home agent of this care-of address.This allows the home agent to redirect the mobile node's traffic. A mobile node initiates the registration process by sending a Mobile IP Registration Request to the home agent. If a foreign agent is employed, this registration request is sent through the foreign agent. The Mobile IP Registration Request is a UDP message, and typically contains the following information:
¢ The mobile node ™s home address,
¢ The mobile node's care-of address,
¢ The home agent ™s address,
¢ The desired registration lifetime,
¢ The type of encapsulation desired for the home agent .care-of address tunnel,
¢ Other speciali z ed control information,
¢ An unforgeable, replay-protected digital signature.
¢
4.2.4 Tunneling to the care-of address TUNNE
LING TO THE CARE-OF ADDRESS
When the home agent receives an IP packet destined for the mobile node, the home agent tunnels this packet to the mobile node's care-of address. The home agent manufactures a new IP packet,with the destination IP address of the new IP packet set to the care-of address,the source IP of the new IP packet set to the home agent's IP address,and the payload of the new IP packet being the original IP packet.This is called IP-within-IP encapsulation When the packet arrives at the care-of address, the original IP packet is extracted and delivered to the mobile node.In the case of a foreign agent care-of address,the foreign agent de-encapsulates the inner datagram and delivers it to the mobile node.When using a co-located care-of address,the mobile node serves as the endpoint of the tunnel and performs its own de-encapsulation. IP-within-IP is the default encapsulation mechanism.

4.2.5 Deregistering The Care-of-address
THE CARE-OF ADDRESS
A mobile node, upon returning to its home network or upon session termination, sends the home agent a Mobile IP Registration Request message with the care-of address equal to its home address and with a lifetime of zero. The home agent will remove its mobility binding for the mobile node. There is no need to deregister with the foreign agent. Deregistration occurs automatically when the registration lifetime expires.

5. ROLES
The Foreign Agent
The Foreign Agents regularly broadcast agent advertisements that include information about one or more care-of addresses. When a mobile node receives an agent advertisement, it can obtain the IP address of the Foreign Agent. Once a mobile node receives the address of the Foreign Agent, the care-of address, a registration process is initiated to inform the Home Agent of its care-of address.
Since the Mobile Node is assigned a non-public routable IP address, reverse tunneling is required. The Foreign Agent must, in other words, support reverse tunneling. The Foreign Agent has to build a routing entry used to route packets from the mobile into the reverse tunnel “ and from the forward tunnel toward the mobile node. When supporting private home networks, one important design criteria of the Foreign Agent is that routing entry must not solely depend on the Mobile Node™s IP address for the routing decision, neither for incoming (from the Internet) nor for outgoing traffic (from the mobile.) The reason for this is that the Foreign Agent cannot assume that the Mobile Node™s IP address is unique. Suppose for example that the Foreign Agent hosts mobiles from two different private home networks, then it can not be guarantied that the mobiles have unique IP addresses. Two roaming mobiles may very well be assigned the same IP address.
To solve this problem, the Foreign Agent™s routing entry must consist of an association of link layer specific information in the access network (visited network) “ together with a combination of tunnel identification and the mobile node IP address at the tunneling interface.
The Home Agent
Home agents also broadcast agent advertisements that include information about one or more care-of addresses. When a mobile node receives an agent advertisement, it can determine if the IP address received is its Home Agent. If the Mobile Node physically attaches direct ly to the Home Network “ no further Mobile IP specific operations are normally gone through. However, if the Mobile Node is away from the Home Network (roaming) then the Home Agent receives a registration request from the Mobile Node (via the Foreign Agent,) and the Home Agent is instructed to set up a reverse tunnel to the Foreign Agent in question.
One specific problem with the private Home Networks that are attached to public visited networks is that the Home Agent needs to have one interface (or leg) in each network. It needs to have one leg in the public network and one leg in the private (home) network. More specifically the Home. Agent needs to have the Ha IP address allocated and routable in the public network and it needs to have the Hb IP address as a routable address in the private home network.
The Mobile Node
Independently of if the Mobile Node attaches to the Home Network or a Visited Network, the Mobile Node needs to be aware of its alleged Home Agent. The Mobile Node needs to include the correct IP address for its Home Agent in its registration request. Going back to the figure Private Home Network we can se that while out and roaming outside the Home Network, the correct Home Agent address would be the Ha IP address. On the other hand while in the Home Network (roaming in the Home Network), the correct Home Agent IP address would be the Hb IP address.
There exist a number of ways of triggering the mobile to indicate the correct Home Agent IP address. The simplest way of all is always to require the Mobile to use the Hb address as the Home Agent address. This implies, however, that the Hb IP address is routable within the private home network. This might be the case “ but it is not generally applicable. Another way is to resolve the Home Agent IP address with an AAA protocol.
A special case worth mentioning is a roaming Mobile Node that is never attached directly to its Home Network. This may be the case for a cellular Mobile Node that always is roaming in cellular radio networks. Every network it will attach to will be a Foreign Network and its home network may be in an ISP network.
Communication with the Correspondent Node
Independently if the Mobile Node is roaming in a visited network, or a visited network in the Home Network “ or even connected to the Home Network in the Home Network, the Mobile Node will always be allocated the same private IP address. Therefore the Mobile Node is assigned a private IP address and the Correspondent node, since assumed to be located on the Global Internet, is assigned a public IP address.
Since IP packets from the public network are not for sure routable in the private network and, IP packets from the private network are not per definition allowed to be routed in the public network, some kind of translation has to take place. Normal functions to be used here are Proxy Servers and Network Address Translators. The proxy and NAT solutions are in this scenario transparent for Mobile IP.
6. ROUTING AND ROUTE OPTIMISATION
6.1 Triangular Routing

Basic Mobile IP operation utilizes a technique called triangular routing. Triangular routing means that packets are routed in different paths depending on if the packets are directed to or from the mobile node. Packets from a corresponding node to a mobile client in a visited network are routed from the Corresponding Node to the Home Agent. The Home Agent encapsulates the packets in a Mobile IP tunnel. The tunnel is terminated in the Foreign Agent and the Foreign Agent then forwards the packet within a layer two technology to the mobile client. In the other direction, from the mobile node to the corresponding node, there is not necessarily a need for tunneling. In the basic operation packets to the Corresponding Node are sent from the mobile node (in a layer two technology) to the Foreign Agent. Since the Corresponding Node (in a basic scenario) is supposed to have a public routable address, it is possible for the Foreign Agent to directly forward the packet to the corresponding node. In this way the Home Agent is completely bypassed for corresponding node directed traffic. This technique has some inherit problems though. It cannot support private addressing in a good way since the solution requires unique IP addresses on every interface.
6.2 Reverse Tunneling
Another problem is that many Internet Routers strictly filter out packets that are not originating from a topologically correct sub-net. The solution to these problems is a technique called reverse tunneling. Essentially reverse tunneling means that in addition to the forward tunnel (from the Home Agent to the Foreign Agent), the Foreign Agent also tunnels packets, from the mobile node, back to the Home Agent instead of directly sending them to the Corresponding Node.
The concept of reverse tunneling introduced above is a powerful technique solving many of the shortcomings with the triangular routing approach. Such shortcomings are for example the problem with ingress filtering routers on the public Internet “ but also the inability of supporting multicast as well as not supporting disparate IP address spaces. The figure describes the basic concept of reverse tunneling, where the Correspondent Node is located on the Internet.


The routing of IP packets is shown in the figure. First assuming that all of the networks in the figure belong to the same public IP Network, packets are routed from the Correspondent Node to the Mobile Node via the forward tunnel in ordinary Mobile IP manner. Packets from the Mobile Node, on the other hand, are routed via the Foreign Agent into the reverse tunnel back to the Home Agent. The Home Agent further routes the packets to the Global Internet (or the Home Network, in case the Correspondent Node resides in the Home Network.)
7. SECURITY CONSIDERATIONS
Protection of the registration process
A Mobile IP device registers its current care-of-address,so that subsequent IP packets can reach the mobile node upon movement.A counterfeiter could hijack the mobile node's session by successfully attacking the registration process,e.g transmitting forged location update messages or replaying old messages sent by the legitimate mobile node.S ecure location registration requires authentication among all the entities involved,integrity control of the registration messages,and anti- replay protection.
Home agents want to ensure that they only process registration requests that originated from a legitimate mobile node.F oreign agents want to ensure the true identity of the mobile nodes they are serving,both to bill for services and to avoid illegitimate handoff attempts.The mobile node wants to guard against disclosure of its security association (s )with its home network. Mobile IP requires the mobile node and its home agent to share a security association (a secret ).This security association is used to compute Unforgeable digital signatures,which are applied to the Mobile IP registration messages.The security association between the mobile node and the home agent may be a long- standing manually distributed one or may be short-term and dynamically distributed. In the latter case,the mobile node shares a security association with its home AAA server,which uses that security association to create derivative security associations (also called registration keys between the mobile node and its home agent.This is sometimes done between the mobile node and the foreign or between the foreign and home agents.
8. ISSUES WITH MOBILE IP
8.1 Inefficient Routing
It is possible that both, mobile node and correspondent node are on the same sub-network. But as per Mobile IP design all the packets to mobile host are routed through Home Agent. These packets travel a longer path to the destination. Routing in Mobile IP is asymmetric and is termed as triangular routing, since packets from Mobile Node to any Internet host can be routed directly but all the packets to Mobile Node go through Home agent.
A proposed solution to this problem is to update the correspondent host every time the mobility binding changes. If correspondent node need to refresh its binding to Mobile Node, it will send binding request to Home Agent. Home Agent sends the binding update message to all corresponding hosts that need them, containing Mobile Hosts current Care-of-Address. After that IP packets are routed from Correspondent host to Mobile Node directly without going through Home Agent.
8.2 ARP Resolution
IP is logical address, for actual communication link level address (called MAC address) is required. IP addresses are resolved into physical address using ARP (Address Resolution Protocol). But when the Mobile Node is away from home network it hinders the normal working of ARP because Mobile Node is not present in the home network to resolve the ARP request. To handle this problem Mobile IP describes two special use of ARP”Proxy ARP and Gratuitious ARP.
Proxy ARP: Proxy Replies to ARP requests on behalf of other host, giving its own MAC address.
Gratuitous ARP: Host broadcasts a not requested ARP
8.3 Ingress Filtering
As we have already discussed, Mobile IP results in triangular routing i.e. forward and reverse IP routing paths may be different. Many Firewalls deploy ingress filtering, which means if the router sees the reply packet coming from different interface direction then that of request packet was send, then it will drop the packet. To solve this problem Reverse Tunneling approach is used. In Reverse Tunneling method the reply packets from Mobile Node are tunneled back to Home Agent after Foreign Agent receives them.
9. NETWORKING WITH MOBILE IP
While being good enough for many deployment scenarios, mobile-IP needs specific enhancements and bundling with other technologies for supporting, among other things, personal mobility in a generic way. Other features needed are the abilities for Mobile IP to support private network interworking with e.g. home networks in private network realms. Corporate networks are most often located beyond the confines of firewalls. An Home Agent beyond a firewall in a corporate network must be able to communicate with FAs in other networks i.e. the Mobile IP protocol must in certain cases be able to traverse firewalls. Another issue is charging, accounting and load-sharing.
Depending of the charging policy for the access network (Visited Network) in question, the provider of the access may want to charge the mobile node. In this section we look into some specific but important additions to Mobile IP that can solve such problems.
9.1 AAA and Mobile IP interworking
AAA (Authentication, Authorization and Accounting) protocols used in IP environments include the well-known RADIUS [11] protocol as well as the upcoming Diameter protocol [3,4]. Diameter is the successor of the well-known RADIUS protocol and features e.g. more advanced security functions as well as increased means for peer availability. Diameter is still undergoing standardization within the IETF AAA working group. As the RADIUS protocol, the Diameter protocol will also be used for both the fixed PSTN and cellular PPP dial-up users as well as roaming Mobile IP users.
Tye AAA protocols provide a Mobile IP based system with functionality such as:
¢ Simplified mobile client/user management
¢ NAI based user authentication
¢ Dynamic IP address allocation for mobiles
¢ Dynamic Home Agent allocation
¢ Flexible mechanisms for collecting accounting information
¢ Flexible mechanisms for creating business relations between owners of foreign networks and home networks.
¢ Possibilities to base the IP access reply decision on authorization information in the Home AAA server “ such as e.g. time of day, weekday etc.

Using a AAA protocol in alliance with mobile IP means that the reference model for the mobility architecture must be updated to also reflect the AAA infrastructure. The figure indicates a Foreign Agent, closely related to a foreign AAA server. In the same manner there exists a Home Agent closely related to one or many AAA servers. There may also exist a brokering AAA infrastructure. The AAA brokering infrastructure is to be seen as a trusted third party. It can be used and trusted to implement business agreements and act in a way that minimizes the overall number of security associations in the network.
For example, the foreign AAA and the home AAA might not have a priori knowledge, or they might not be allowed to directly talk to each other. The brokering AAA infrastructure can be deployed in a way that the
foreign AAA server can find and set up necessary associations with the home AAA server. Related to the figure, the important steps when it comes to the registration are as follows:
¢ The FA asks the AAAF (Foreign AAA) for help during the Mobile IP registration
¢ TH AAAF looks at the realm part of the Mobile Node NAI and deduce information on how to contact the AAAH (the Home AAA)
¢ The AAAH authenticates and authorizes the Mobile Node “ based on the NAI in the Mobile IP registration message. Accounting starts.
¢ The AAAH optionally allocates a Home Agent
¢ The AAAH contacts and initializes the Home Agent
A further extended (but still simplified) scenario for Mobile IP interworking with Diameter, considering Mobile IP and Diameter registration signaling, is depicted in the figure below. Signaling procedures and acronyms are described below the figure. The figure is based on Diameter/Mobile IP interworking with a 3G cdma2000 packet data network.
Note that the Diameter standard is not completed at the time of writing this document. However, the drafts are complete enough for this overview example with Mobile IP/Diameter Interworking.
The PDSN (Packet Data Service Node) is the packet co re entity that among other things implements Mobile IPv4 Foreign Agent and AAA client functionality (the AAA client of the PDSN that is able to communicate with an AAA server.)
The following figure and the subsequent description explains this scenario. The number preceding the description can be mapped to the number in the figure (message sequence chart) below.

1. The mobile station roams into the access network, and registers using access network specific procedures. In a cellular environment this typically includes authentication towards a HLR functionality.
2. The Mobile Node initiates packet data session. In a cellular environment the radio network sends an indication to the PDSN/FA to set-up a packet data session.
3. The PDSN/FA sends Agent Advertisements to the Mobile Node. (The Mobile Node may send an agent solicitation message to the PDSN/FA.)
4. The Mobile Node generates a Mobile IP registration request containing amongst others the NAI.
5. The Foreign Agent creates the AA-Mobile-Node-Request (AMR) message and forwards this message to the AAAF. 6. The AAAF uses the NAI in the received AMR to forward the message to the proper AAAH, possibly via brokers (AAAB). The message may be delivered deploying AAA security between foreign (visited) and home networks.
7. The AAAH receives the AMR. If the AAAH is instructed to allocate a Home Agent and if the Home Agent address is known, the AAAH sends a Home-Agent-MIP-Requ est (HAR), which contains the Mobile IP Registration Request message to the assigned or requested Home Agent. Additionally the AAAH may allocate a Home IP Address for the Mobile Node. In this case the Home IP address will be included it in the HAR. If the AAAH has not allocated a home IP address for the mobile node, this allocation responsibility is left for the Home Agent. The home Agent processes the included MIP registration request and constructs and included a MIP registration reply in the Home Agent Answer (HAA.) Finally the Home Agent Answer (HAA) is sent to the AAAH.
8. The AAAH forwards the AA-Mobile-Node-Answer (AMA) the AAAF that may be delivered deploying AAA security between foreign (visited) and home networks.
9. The AAAF forwards the forwards the AA-Mobile-Node-Answer (AMA) to the PDSN/FA
10. The PDSN/FA may optionally create an IP security association towards the Home Agent using IKE. This may involve either an IKE pre-shared key delivered by the AAA Authorisation response or via certificate exchange within IKE.
11. Mobile IP specific operation may begin.
Note that this example is not inclusive. It is, for example, possible to dynamically allocate a Home Agent in the visited network. In such a case the registration signaling is somewhat different. The Home Agent allocation would for example be performed by the AAAF.
The 3GPP community (dealing with the evolution of GSM into 3G) is also looking into a similar architecture. The appropriate location for the Foreign Agent functionality within the 3GPP architecture is the GGSN.
10. Conclusions
In this paper we have touched multiple areas related to mobility in IP design - such as Multi Access Network Mobility applicable for both wire-line and wireless networks. We emphasize on application independent mobility with inherent support for all IP-based applications. Mobile IP together with AAA combines personal and terminal mobility with roaming services. Personal mobility, which enables the mobile user to reach services, and be reachable for incoming service requests by holding a stable identity. Terminal mobility on the other hand enables the mobile user (and the terminal) to move while maintaining the connections to services always connected, always reachable, utilizing an IETF standard based solution.
IpUnplugged is combining the standard Mobile IP/AAA approach with state of the art security protocols such as IPSec. This solution is called a Mobile VPN. The Mobile VPN solution adds value by:
¢ Adding a seamless mobility experience into existing IP networks
¢ Adding security into existing IP networks
¢ Leveraging existing network investment
¢ Supporting current business trends (mobility, VPN, e-business, outsourcing)
Having full access to the corporate Intranet at home, in the office, in a hotel, or from within a partnerâ„¢s network is having access to a Mobile VPN. Utilizing the mobile VPN products from ipUnplugged means that corporate resources always are available - securely and seamlessly.
11. Abbreviations and Concepts
3GPP
3rd Generation Partnership project: Organization consisting of standard bodies responsible for the evolution of GSM based systems into the 3 rd generation (UMTS.)
3GPP2
3rd Generation Partnership project #2: Organization consisting of standard bodies responsible for the evolution of cdmaOne based systems into the 3 rd generation (cdma2000.)
AAA
Authentication, Authorization and Accounting: AAA is a common name for both RADIUS and Diameter, i.e. solutions providing customer care and billing in a large IP network
BGP
Border Gateway Protocol: BGP is an inter-domain protocol defined by IETF for sharing routes between ISPs. A route is a collection of knowledge of a path to a destination (host).
cdma2000
Code Division Multiplexing Access 2000 is the US brand name for the 3rd generation cellular technology (IMT-2000). Cdma200 is based on a radio technology for access speeds up to 2 Mbit/s per Mobile Node.
Diameter
A later version of RADIUS with increased security and scalability features. It is standardized by IETF.
DHCP
Dynamic Host Configuration Protocol: DHCP is an Internet Engineering Task Force (IETF) standard for allocating Internet Protocol addresses to User Systems. User Systems can either be Fixed Hosts or Mobile Systems. The allocation is done when the User System is restarted. A DHCP server makes the allocation to a DHCP client. An Internet Service Provider or an IT-department controls the DHCP server. The DHCP client is a SW embedded in the User
System.
DMZ
De-Militarized Zone is a zone between the Internet Service Provider router and corporate firewall where access is allowed from both the Internet and the Intranet. Normally a subset of the services available on the Intranet is mirrored on the DMZ.
FA
Foreign Agent: A tunnel agent establishing a tunnel on behalf of a mobile node in Mobile IP.
FW
Firewall: The system (or collection of systems) that enforces access control between a private network and the Internet. It may deploy mechanisms such as application gateways, packet filtering and cryptographic techniques.
12. REFERENCES
[1] 3GPP2 PR0001 v1.0.0/Wireless IP Network Architecture based on IETF protocols,
http://3gpp2Public_html/specs/P.R0001-0_v1.0.pdf.
[2] 3GPP2 PS0001-B, v1.0.0/Wireless IP Network Standard,
http://3gpp2Public_html/specs/P.S0001-B_v1.0.pdf.
[3] Diameter Base Protocol, Calhoun, Pat et al; http://ietfinternet-drafts/draft-ietf-aaa-diameter-17.txt
[4] Diameter Mobile IP v4 Application, Calhoun, Pat et al; http://ietfinternet-drafts/draft-ietf-aaa-diameter-mobileip-13.txt

CONTENTS
1 Introduction
2 Flavours of Mobility
3 Private and Public Networks
4 Mobile IP: the basics
4.1 The Basics
4.2 Mobile IP Operation
4.2.1 Sending and Receiving Packets
4.2.2 Discovering the care-of address
4.2.3 Registering the care-of address
4.2.4 Tunneling to the care-of address
4.2.5 Deregistering the care-of address
5 Roles
6 Routing and Route Optimization
6.1 Triangular Routing
6.2 Reverse Tunneling
7 Security considerations
8 Issues with Mobile IP
8.1 Inefficient Routing
8.2 ARP Resolution
8.3 Ingress Filtering
9 Networking With Mobile IP
9.1 AAA and Mobile IP interworking
10 Conclusions
11 Abbreviations and Concepts
12 References

ACKNOWLEDGEMENT

I express my sincere thanks to Prof. M.N Agnisarman Namboothiri (Head of the Department, Computer Science and Engineering, MESCE), Mr. Zainul Abid (Staff incharge) for their kind co-operation for presenting the seminars.
I also extend my sincere thanks to all other members of the faculty of Computer Science and Engineering Department and my friends for their co-operation and encouragement.
Unni.K.S
Post: #2
please see http://khwandraStudymaterial/mobile%20IP%202.ppt and http://khwandraStudymaterial/mobile%20IP%201.ppt for getting presentation of Mobile IP seminars
Post: #3
IP Address Classes
How large is the network part in an IP address?
Today we use network masks to tell
Originally, IP had address classes with fixed numbers of bits in the network part
Class A: 8 bits (24 bits in local part)
Class B: 16 bits (16 bits in local part)
Class C: 24 bits (8 bits in local part)

Class A IP Address
IP address begins with 0
7 remaining bits in network part
Only 128 possible Class A networks
24 bits in local part
Over 16 million hosts per Class A network!
All Class A network parts are assigned or reserved

Class B IP Address
IP address begins with 10 (1st zero in 2nd position)
14 remaining bits in network part
Over 16,000 possible Class B networks
16 bits in local part
Over 65,000 possible hosts
A good trade-off between number of networks and hosts per network
Most have been assigned


For more information about this article,please follow the link:
http://googleurl?sa=t&source=web&cd=1&ve...lasses.ppt&ei=Rn-2TM_zG4emcOWYja0D&usg=AFQjCNEZn0Yh7wKmgOHCAITLqh6o2TWfmw
Post: #4
Mobile IP

ABSTRACT


Mobile IP is a proposed standard protocol that builds on the Internet Protocol by making mobility transparent to applications and higher level protocols like TCP. Mobile IP (RFC 2002) is a standard proposed by a working group within the Internet Engineering Task Force; it allows the mobile node to use two IP addresses: a fixed home address and a care-of address that changes at each new point of attachment. The study describes how Mobile IP will change with IP version 6, the product of a major effort within the IETF to engineer an eventual replacement for the current version of IP. Although IPv6 will support mobility to a greater degree than IPv4, it will still need Mobile IP to make mobility transparent to applications and higher level protocols such as TCP. There is a great deal of interest in mobile computing and apparently in Mobile IP as a way to provide for it. Mobile IP forms the basis either directly or indirectly of many current research efforts and products. The Cellular Digital Packet Data (CDPD), for example, has created a widely deployed communications infrastructure based on a previous draft specification of the protocol. In addition, most major router vendors have developed implementations formobileIP
Post: #5
[attachment=7160]
Mobile IP

Objectives

Upon completion you will be able to:


•Understand the addressing scheme for mobile hosts.•To define home, care-of, and co-located care-of addresses•Understand the interactions between a home and a foreign agent•Know the three phases involved in mobile communication•Understand why mobile IP communication can be inefficientmain problem that must be solved in providing mobile The communication using the IP protocol is addressing
Post: #6
PRESENTED BY:
Pat R. Calhoun

[attachment=9387]
Security for Mobile IP in the 3G Networks
[b]Introduction

This presentation will detail some of the current cellular architectures, and their security requirements and designs.
I will also provide some insight on the current security model being considered in 3GPP2/TIA architectures.
Introduction – SDO’s
The information that I will present come from three different cellular standards (or standards setting) groups:
Telecommunications Industry Association (TIA). tiaonline.org
3rd Generation Partnership Project Number 2 (3GPP 2). 3gpp2.org
Mobile Wireless Internet Forum (WMIF). mwif.org
Introduction – SDO’s
The TIA and 3GPP2 architecture and requirements stated in this presentation apply to CDMA networks only.
MWIF is a group that is attempting to define a consistent architecture for both 3GPP2 (CDMA) and 3GPP (GSM) networks. MWIF is not an SDO.
Disclaimer
The ramblings found in this presentation are my own interpretation of the work in progress. I am not representing the SDOs.
Note that in some cases, the presenter does not necessarily agree with the design decisions (please, don’t shoot the messenger).
3GPP2 – TSG-P
The 3rd Generation Partnership Project 2 (3GPP2) TSG-P Working Group is responsible for creating the data architecture components of the 3rd generation CDMA network.
The WG made a conscious decision to base as much as it could of its architecture on IETF protocols.
Legacy Mobile IP Trust Model
Mobile IP, as defined in RFC 2002, requires that a Mobile Node share a static security association (SA) with its Home Agent.
The protocol also allows the Mobile Node to share an SA with Foreign Agents, which in turn can share SAs with Home Agents
Mobile IP Trust Model
Mobile IP Trust Model
When all three entities use authentication, a N x N number of security associations is required.
This problem becomes much more important in inter-domain mobility scenarios.
In 3G networks, the optional Mobile IP authentication extensions (MN-FA, FA-HA) are used.
Interim Security Solution
Due to the fact that AAA standards aren’t available today, TSG-P’s interim solution involves RADIUS.
When a Mobile Node is authentication, the RADIUS server includes a long-lived key to be used with the Foreign Agent to authentication messages with the Home Agent.
Interim Security Solution1
The Foreign Agent uses the long lived key to secure messages with the Home Agent.
This means that any Foreign Agent on the ‘net that has a valid (authenticated) Mobile Node will get access to the long lived key!!
There is no authentication between the Mobile Node and the Foreign Agent.
Interim Security Solution
The interim solution requires that the RADIUS server be contacted for every hand-off, and re-registration, increasing the hand-off latency.
Legacy Hand-off Performance
When all Mobility entities share static security associations, the latency imposed by a hand-off process can be very small.
Hand-off performance is very important for the cellular carriers, as they expect to provide a service that is at least equivalent to today’s service.
Hand-off in TSG-P network
Triangular Route
Mobile IP introduces a triangular route for traffic destined for the Mobile Node.
The farther (topologically) the Mobile Node moves away from its Home Agent, the longer the latency in packet delivery.
TSG-P Hand-off Solution
Route Optimization is still considered as a “research topic” by the cellular carriers, so they require a Mobile Node to be assigned a dynamic Home Agent.
When the Mobile Node initially registers, a Home Agent that is topologically near the MN is assigned.
The farther the MN moves away, the larger the triangular route.
TSG-P Hand-off Solution
The TSG-P architecture document also allows the Mobile Node to have a Home Agent assigned in a visited domain, which is a big departure from RFC2002.
TSG-P Architecture
AAA/Mobile IP Trust Model
TSG-P has adopted an architecture where all Mobile Nodes share a security association with their respective Home AAA Servers (AAAH).
Furthermore, all Mobility Agents share a security association with their own AAA Server(s).
Proposed Mobile IP/AAA Trust Model
AAA/Mobile IP Trust Model
As previously noted, TSG-P’s architecture requires the three way SA for Mobile IP message authentication.
When successfully authenticated, the AAAH creates three encrypted keysets1:
K1: MN-FA keyset
K2: FA-HA keyset
K3: MN-HA keyset
AAA/Mobile IP Trust Model
AAA/Mobile IP Trust Model
The keysets have a lifetime, and can be used to authenticate all Mobile IP messages until they expire.
The Mobile IP registration normally expires well before the keysets expire, allowing the keys to be re-used.
The AAA infrastructure only need to be contacted when the keys expire, or when the Mobile Node enters a new domain.
Advantages
The dynamic Security Association proposal assumes that all mobility entities inherently trust their AAA servers.
The registration and key distribution occurs in a single round trip (it is assumed that the AAA servers communicate frequently enough that they already have each other’s validated certificates).
The PKI is still used in the network, but mostly where trust is weak, such as in Inter-Domain communication.
IKE and Mobile IP
The question that comes to mind is why aren’t we using IKE to secure Mobile IP messages?
if Mobile Node has a static IP address, IKE could be run between the Mobile Node and the Foreign Agent, and between the Foreign Agent and the Home Agent.
IKE and Mobile IP
One problem is that Mobile IP isn’t IKE-compatible (for MN-HA Mobile IP message authentication), since the Mobile IP messages are processed at the application layer by the Foreign Agent.
IKE Issues
The cellular carriers haven’t seriously considered IKE to protect the Mobile IP messages due to the large overhead required in order to setup the IKE Security Association (large number of round trips).
Route Optimization
The real solution is route optimization, but this requires a whole security infrastructure.
This could be achieved for cellular devices, but land-line devices would also need to be part of the security infrastructure.
Without it, real-time applications in cellular networks is difficult to do.
Data Privacy
Since the Mobile Node is connected to the network, end-to-end security may be used via IP Security or some other security mechanism.
Note that the data is protected over the air (just how secure this really is, is subject to a longer discussion).
Data Privacy
One of TSG-P’s main goal is to provide enterprise network access.
Ideally, the mobile’s traffic would be secured end-to-end.
TSG-P decided to provide a feature that allows the data to be encrypted by the PDSN towards the Home Agent.
Data Privacy
The data is in the clear between the RAN and the PDSN, but it is encrypted over the air1.
This minimizes the per-packet overhead over the air.
End-to-End Security
If one is willing to live with the IP Security per-packet overhead, or use end-to-end TLS, Mobile IP offers some advantages.
Since the Mobile’s IP address doesn’t change during a hand-off, the existing IKE Sas (or TLS sessions) can be re-used.
Header compression and Security
Since end-to-end security is desired, doing so eliminates many of the advantages of header compression over the air.
3GPP2 All-IP Ad-Hoc
3GPP2 recently formed an ad-hoc committee that is responsible for defining the architecture for an All-IP cellular network.
What All-IP is, and where IP resides in the network, is still in question, but many people believe that IP should be moved down to the base station.
All-IP Architecture
The All-IP group is not only concerned with IP-enabled mobiles, but also the legacy voice-only devices.
Mobility Management is a big component of the cellular network, and it seems as if Mobile IP may be the right protocol for the job.
Mobile IP would be moved as close as possible to the Base Station Controller as possible
Hand-off in All-IP network
In the All-IP network, hand-off that involve Mobile IP are much more frequent, so the additional latency involved in securing the messages become even more of an issue.
The carriers want to provide a service that is at least equivalent to the service customers get today. This is especially noticeable for voice services.
Hand-off in All-IP network
The registration process during a hand-off still needs to be authenticated.
Again, an optimized key distribution approach is desired by the cellular carriers.
The future of the HLR
TSG-P’s architecture introduces a duplicate AAA path. AAA for IP-based terminals, and IS-41 for legacy (voice) devices.
There is some interest in the All-IP networks to move away from the HLR, and make use of AAA for all devices.
A gateway function would be needed to communicate with legacy (SS7) networks.
Cellular Standards Issues
Although the cellular standards bodies are willing to adopt IETF-standardized protocol, they have many concerns about our ability to deliver.
Today’s Working Groups have charters that include milestones, but these milestones rarely observed, and seldom is any effort done to meet them.
Conclusions
The Mobile IP WG must complete its work to bind Mobile IP and AAA.
If we want to remove Triangular routing introduced by Mobile IP, we need to work on the security infrastructure that is required.
Conclusions
The AAA Working Group must complete its requirements, and begin the protocol design phase.
Future AAA work may be necessary to support the legacy devices. This MAY be better handled by the cellular SDOs.

[/b]
Pat R. Calhoun
Network and Security Center
Sun Microsystems, Inc.
Introduction
This presentation will detail some of the current cellular architectures, and their security requirements and designs.
I will also provide some insight on the current security model being considered in 3GPP2/TIA architectures.
Introduction – SDO’s
The information that I will present come from three different cellular standards (or standards setting) groups:
Telecommunications Industry Association (TIA). tiaonline.org
3rd Generation Partnership Project Number 2 (3GPP 2). 3gpp2.org
Mobile Wireless Internet Forum (WMIF). mwif.org
Introduction – SDO’s
The TIA and 3GPP2 architecture and requirements stated in this presentation apply to CDMA networks only.
MWIF is a group that is attempting to define a consistent architecture for both 3GPP2 (CDMA) and 3GPP (GSM) networks. MWIF is not an SDO.
Disclaimer
The ramblings found in this presentation are my own interpretation of the work in progress. I am not representing the SDOs.
Note that in some cases, the presenter does not necessarily agree with the design decisions (please, don’t shoot the messenger).
3GPP2 – TSG-P
The 3rd Generation Partnership Project 2 (3GPP2) TSG-P Working Group is responsible for creating the data architecture components of the 3rd generation CDMA network.
The WG made a conscious decision to base as much as it could of its architecture on IETF protocols.
Legacy Mobile IP Trust Model
Mobile IP, as defined in RFC 2002, requires that a Mobile Node share a static security association (SA) with its Home Agent.
The protocol also allows the Mobile Node to share an SA with Foreign Agents, which in turn can share SAs with Home Agents
Mobile IP Trust Model
Mobile IP Trust Model
When all three entities use authentication, a N x N number of security associations is required.
This problem becomes much more important in inter-domain mobility scenarios.
In 3G networks, the optional Mobile IP authentication extensions (MN-FA, FA-HA) are used.
Interim Security Solution
Due to the fact that AAA standards aren’t available today, TSG-P’s interim solution involves RADIUS.
When a Mobile Node is authentication, the RADIUS server includes a long-lived key to be used with the Foreign Agent to authentication messages with the Home Agent.
Interim Security Solution1
The Foreign Agent uses the long lived key to secure messages with the Home Agent.
This means that any Foreign Agent on the ‘net that has a valid (authenticated) Mobile Node will get access to the long lived key!!
There is no authentication between the Mobile Node and the Foreign Agent.
Interim Security Solution
The interim solution requires that the RADIUS server be contacted for every hand-off, and re-registration, increasing the hand-off latency.
Legacy Hand-off Performance
When all Mobility entities share static security associations, the latency imposed by a hand-off process can be very small.
Hand-off performance is very important for the cellular carriers, as they expect to provide a service that is at least equivalent to today’s service.
Hand-off in TSG-P network
Triangular Route
Mobile IP introduces a triangular route for traffic destined for the Mobile Node.
The farther (topologically) the Mobile Node moves away from its Home Agent, the longer the latency in packet delivery.
TSG-P Hand-off Solution
Route Optimization is still considered as a “research topic” by the cellular carriers, so they require a Mobile Node to be assigned a dynamic Home Agent.
When the Mobile Node initially registers, a Home Agent that is topologically near the MN is assigned.
The farther the MN moves away, the larger the triangular route.
TSG-P Hand-off Solution
The TSG-P architecture document also allows the Mobile Node to have a Home Agent assigned in a visited domain, which is a big departure from RFC2002.
TSG-P Architecture
AAA/Mobile IP Trust Model
TSG-P has adopted an architecture where all Mobile Nodes share a security association with their respective Home AAA Servers (AAAH).
Furthermore, all Mobility Agents share a security association with their own AAA Server(s).
Proposed Mobile IP/AAA Trust Model
AAA/Mobile IP Trust Model
As previously noted, TSG-P’s architecture requires the three way SA for Mobile IP message authentication.
When successfully authenticated, the AAAH creates three encrypted keysets1:
K1: MN-FA keyset
K2: FA-HA keyset
K3: MN-HA keyset
AAA/Mobile IP Trust Model
AAA/Mobile IP Trust Model
The keysets have a lifetime, and can be used to authenticate all Mobile IP messages until they expire.
The Mobile IP registration normally expires well before the keysets expire, allowing the keys to be re-used.
The AAA infrastructure only need to be contacted when the keys expire, or when the Mobile Node enters a new domain.
Advantages
The dynamic Security Association proposal assumes that all mobility entities inherently trust their AAA servers.
The registration and key distribution occurs in a single round trip (it is assumed that the AAA servers communicate frequently enough that they already have each other’s validated certificates).
The PKI is still used in the network, but mostly where trust is weak, such as in Inter-Domain communication.
IKE and Mobile IP
The question that comes to mind is why aren’t we using IKE to secure Mobile IP messages?
if Mobile Node has a static IP address, IKE could be run between the Mobile Node and the Foreign Agent, and between the Foreign Agent and the Home Agent.
IKE and Mobile IP
One problem is that Mobile IP isn’t IKE-compatible (for MN-HA Mobile IP message authentication), since the Mobile IP messages are processed at the application layer by the Foreign Agent.
IKE Issues
The cellular carriers haven’t seriously considered IKE to protect the Mobile IP messages due to the large overhead required in order to setup the IKE Security Association (large number of round trips).
Route Optimization
The real solution is route optimization, but this requires a whole security infrastructure.
This could be achieved for cellular devices, but land-line devices would also need to be part of the security infrastructure.
Without it, real-time applications in cellular networks is difficult to do.
Data Privacy
Since the Mobile Node is connected to the network, end-to-end security may be used via IP Security or some other security mechanism.
Note that the data is protected over the air (just how secure this really is, is subject to a longer discussion).
Data Privacy
One of TSG-P’s main goal is to provide enterprise network access.
Ideally, the mobile’s traffic would be secured end-to-end.
TSG-P decided to provide a feature that allows the data to be encrypted by the PDSN towards the Home Agent.
Data Privacy
The data is in the clear between the RAN and the PDSN, but it is encrypted over the air1.
This minimizes the per-packet overhead over the air.
End-to-End Security
If one is willing to live with the IP Security per-packet overhead, or use end-to-end TLS, Mobile IP offers some advantages.
Since the Mobile’s IP address doesn’t change during a hand-off, the existing IKE Sas (or TLS sessions) can be re-used.
Header compression and Security
Since end-to-end security is desired, doing so eliminates many of the advantages of header compression over the air.
3GPP2 All-IP Ad-Hoc
3GPP2 recently formed an ad-hoc committee that is responsible for defining the architecture for an All-IP cellular network.
What All-IP is, and where IP resides in the network, is still in question, but many people believe that IP should be moved down to the base station.
All-IP Architecture
The All-IP group is not only concerned with IP-enabled mobiles, but also the legacy voice-only devices.
Mobility Management is a big component of the cellular network, and it seems as if Mobile IP may be the right protocol for the job.
Mobile IP would be moved as close as possible to the Base Station Controller as possible
Hand-off in All-IP network
In the All-IP network, hand-off that involve Mobile IP are much more frequent, so the additional latency involved in securing the messages become even more of an issue.
The carriers want to provide a service that is at least equivalent to the service customers get today. This is especially noticeable for voice services.
Hand-off in All-IP network
The registration process during a hand-off still needs to be authenticated.
Again, an optimized key distribution approach is desired by the cellular carriers.
The future of the HLR
TSG-P’s architecture introduces a duplicate AAA path. AAA for IP-based terminals, and IS-41 for legacy (voice) devices.
There is some interest in the All-IP networks to move away from the HLR, and make use of AAA for all devices.
A gateway function would be needed to communicate with legacy (SS7) networks.
Cellular Standards Issues
Although the cellular standards bodies are willing to adopt IETF-standardized protocol, they have many concerns about our ability to deliver.
Today’s Working Groups have charters that include milestones, but these milestones rarely observed, and seldom is any effort done to meet them.
Conclusions
The Mobile IP WG must complete its work to bind Mobile IP and AAA.
If we want to remove Triangular routing introduced by Mobile IP, we need to work on the security infrastructure that is required.
Conclusions
The AAA Working Group must complete its requirements, and begin the protocol design phase.
Future AAA work may be necessary to support the legacy devices. This MAY be better handled by the cellular SDOs.
Post: #7
[attachment=10676]
Mobile IP
• We’re not quite done with IP
• You’re probably sick and tired of hearing about all things IP
– Forwarding, routing, multicast, etc…
• One last topic we must cover because it’s going to be important in the future – mobile networking
– Examples of mobile networking today?
– Examples of mobile networking tomorrow?
• Mobile networking should not be confused with portable networking
– Portable networking requires connection to same ISP
• Portable Networking Technology
• Cellular systems
– Cellular Digital Packet Data (CDPD)
– 3G
• Bluetooth
– Low cost, short range radio links between mobile devices
• Wireless Ethernet (802.11)
– Widely used wireless MAC layer technology
• Mobility and Standard IP Routing
• IP assumes end hosts are in fixed physical locations
– What happens if we move a host between networks?
• IP addresses enable IP routing algorithms to get packets to the correct network
– Each IP address has network part and host part
• This keeps host specific information out of routers
– DHCP is used to get packets to end hosts in networks
• This still assumes a fixed end host
What if a user wants to roam between networks?
– Mobile users don’t want to know that they are moving between networks
– Why can’t mobile users change IP when running an application?
Mobile IP
• Mobile IP was developed as a means for transparently dealing with problems of mobile users
– Enables hosts to stay connected to the Internet regardless of their location
– Enables hosts to be tracked without needing to change their IP address
– Requires no changes to software of non-mobile hosts/routers
– Requires addition of some infrastructure
– Has no geographical limitations
– Requires no modifications to IP addresses or IP address format
– Supports security
• Could be even more important than physically connected routing
• IETF standardization process is still underway
Mobile IP Entities
• Mobile Node (MN)
– The entity that may change its point of attachment from network to network in the Internet
• Detects it has moved and registers with “best” FA
– Assigned a permanent IP called its home address to which other hosts send packets regardless of MN’s location
• Since this IP doesn’t change it can be used by long-lived applications as MN’s location changes
• Home Agent (HA)
– This is router with additional functionality
– Located on home network of MN
– Does mobility binding of MN’s IP with its COA
– Forwards packets to appropriate network when MN is away
• Does this through encapsulation
• Foreign Agent (FA)
– Another router with enhanced functionality
– If MN is away from HA the it uses an FA to send/receive data to/from HA
– Advertises itself periodically
– Forward’s MN’s registration request
– Decapsulates messages for delivery to MN
• Care-of-address (COA)
– Address which identifies MN’s current location
– Sent by FA to HA when MN attaches
– Usually the IP address of the FA
• Correspondent Node (CN)
– End host to which MN is corresponding (eg. a web server)
– Mobile IP Support Services
• Agent Discovery
– HA’s and FA’s broadcast their presence on each network to which they are attached
• Beacon messages via ICMP Router Discovery Protocol (IRDP)
– MN’s listen for advertisement and then initiate registration
• Registration
– When MN is away, it registers its COA with its HA
• Typically through the FA with strongest signal
– Registration control messages are sent via UDP to well known port
• Encapsulation – just like standard IP only with COA
• Decapsulation – again, just like standard IP
Mobile IP Operation
• A MN listens for agent advertisement and then initiates registration
– If responding agent is the HA, then mobile IP is not necessary
• After receiving the registration request from a MN, the HA acknowledges and registration is complete
– Registration happens as often as MN changes networks
• HA intercepts all packets destined for MN
– This is simple unless sending application is on or near the same network as the MN
– HA masquerades as MN
– There is a specific lifetime for service before a MN must re-register
– There is also a de-registration process with HA if an MN returns home
• Registration Process
• Tables maintained on routers
• Mobility Binding Table
– Maintained on HA of MN
– Maps MN’s home address with its current COA
– Visitor List
– Maintained on FA serving an MN
– Maps MN’s home address to its MAC address and HA address
• HA then encapsulates all packets addressed to MN and forwards them to FA
– IP tunneling
• FA decapsulates all packets addressed to MN and forwards them via hardware address (learned as part of registration process)
• NOTE that the MN can perform FA functions if it acquires an IP address eg. via DHCP
• Bidirectional communications require tunneling in each direction
Mobile IP Tunneling
Security in Mobile IP
• Authentication can be performed by all parties
– Only authentication between MN and HA is required
– Keyed MD5 is the default
• Replay protection
– Timestamps are mandatory
– Random numbers on request reply packets are optional
• HA and FA do not have to share any security information.
Problems with Mobile IP
• Suboptimal “triangle” routing
– What if MN is in same subnetwork as the node to which it is communicating and HA is on the other side of the world?
• It would be nice if we could directly route packets
– Solution: Let the CN know the COA of MN
• Then the CN can create its own tunnel to MN
• CN must be equipped with software to enable it to learn the COA
• Initiated by HA who notifies CN via “binding update”
• Binding table can become stale
Other Mobile IP Problems
• Single HA model is fragile
– Possible solution – have multiple HA
• Frequent reports to HA if MN is moving
– Possible solution – support of FA clustering
• Security
– Connection hijacking, snooping…
• Many open research questions
Mobility in IPv6
• Route Optimization is a fundamental part of Mobile IPv6
– Mobile IPv4 it is an optional set of extensions that may not be supported by all nodes
• Foreign Agents are not needed in Mobile IPv6
– MNs can function in any location without the services of any special router in that location
• Security
– Nodes are expected to employ strong authentication and encryption
• Other details…
 

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Optical Computer Full Seminar Report Download computer science crazy 43 34,480 29-04-2016 09:16 AM
Last Post: dhanyavp
  broadband mobile full report project topics 7 2,186 27-02-2016 12:32 PM
Last Post: Prupleannuani
  Digital Signature Full Seminar Report Download computer science crazy 20 14,214 16-09-2015 02:51 PM
Last Post: seminar report asees
  HOLOGRAPHIC VERSATILE DISC A SEMINAR REPORT Computer Science Clay 20 28,639 16-09-2015 02:18 PM
Last Post: seminar report asees
  Steganography In Images (Download Seminar Report) Computer Science Clay 16 15,273 08-06-2015 03:26 PM
Last Post: seminar report asees
  Mobile Train Radio Communication ( Download Full Seminar Report ) computer science crazy 10 12,348 01-05-2015 03:36 PM
Last Post: seminar report asees
  Mobile Train Radio Communication Electrical Fan 5 6,492 11-03-2015 07:27 PM
Last Post: Guest
  A SEMINAR REPORT on GRID COMPUTING Computer Science Clay 5 7,930 09-03-2015 04:48 PM
Last Post: iyjwtfxgj
  VIRTUAL KEYBOARD A SEMINAR REPORT Computer Science Clay 17 22,503 25-01-2015 09:57 AM
Last Post: Beslanlox
  SQL INJECTION A SEMINAR REPORT Computer Science Clay 9 9,964 18-10-2014 09:50 PM
Last Post: jaseela123