1

Wide-Area IP Network MobilityWide-Area IP Network Mobility

Xin Hu1, Li (Erran) Li2, Z. Morley Mao1 and Yang Richard Yang3

1Bell Labs, Alcatel-Lucent, Murray Hill, NJ2University of Michigan, Ann Arbor, MI

3Yale University, New Haven, CT

INFOCOM 2008

2

Outline Outline

• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work

3

Introduction Introduction

• Since using mobile networks provided by the transportation systems presents minimal safety hazard and can significantly increase productivity, their popularity can only increase.

• People expect that their Internet data sessions continue seamlessly while they are in transit – just as that a cellular phone conversation continues uninterrupted.

4

Introduction Introduction (cont.)(cont.)

• to support network mobility– directly use or extend the mobile IP protocol

• mobile IP depends on public home agents, – but many users may NOT have static home addresses or home agent

s deployed at home.

• triangular routing

– Connexion [2] by Boeing• a commercial service to use BGP

– removes inefficient routing

– leads to positive user experiences

• a large number of BGP updates• handles only when moves across ASes (autonomous systems)

[2] A. Dul, Global IP Network Mobility using Border Gateway Protocol, Mar. 2006. [Online]

5

Introduction Introduction (cont.)(cont.)

• WINMO– an efficient protocol to support wide-area Internet network

mobility• Both across ASes and within an AS

– extensive evaluations are conducted to demonstrate the effectiveness

6

Related WorkRelated Work

• The previous work on mobility spans all layers but focus on host mobility– Most of them depend on link layer handoffs to trigger

mobility support, • but such handoffs may not be seen by all nodes

– It is possible to apply some of them to each host• leads to significant inefficiency• requires individual infrastructure support for each host.

7

Related WorkRelated Work (cont.) (cont.)

• IETF NEMO– a first step to ensure uninterrupted connectivity to the mobile network

nodes– does not address important issues such as route optimization and han

doff.

• For route optimization– [16]: performance evaluation of NEMO– Connexion [2] by Boeing– SIP-NEMO [17]– MIRON [18], ROTIO[19]

• based on the NEMO basic protocol and do not handle inter-domain mobility

• For handoff – outage prediction [20], enhanced HMIPv6 [21]

8

Overview - Design decisionsOverview - Design decisions

• Global Network Architecture– roams most of the time within a single AS. – may switch to connect to another AS

• Infrastructure Support– Require BSs and routers in an mobile ISP (MISP)– The service providers of the MISP may also contribute limited support

• Addressing Scheme for Mobile Networks– a fixed network prefix– mobile host obtains a IP address (home address) from the prefix, for t

he duration in the mobile network.

9

• End-host Support– Be transparent to mobile hosts (MH)– [option] OS support on correspondent host (CH)

• Security Association– no security association between an MH and its CH

• such associations would simplify network design (?), but establishing them– faces substantial security challenges or – requires fundamental change to the Internet architecture

– Each MISP has at least one AAA server, • which has a security association with mobile network, BS and router• distributes a group key to the routers.

10

Overview - Performance RequirementsOverview - Performance Requirements

• For network infrastructure– minimal routing overhead as a mobile network moves– The impact of DoS from outside the mobile network should be reduce

d

• For end host– Minimal path inflation– Location privacy (from CH)

• Tradeoff:– Avoiding path inflation

vs. crippling the control plane vs. route optimizationvs. scalability

11

Each mobile network has a fixed network prefix allocated from the address space of its home mobility service provider

12

Outline Outline

• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work

13

Basic Scheme: Inter-domain MobilityBasic Scheme: Inter-domain Mobility

• To correctly deliver traffic to its new location, BGP requires that – the new provider announce the newly arrived IP prefix– the previous provider withdraw the prefix.

• Standard BGP– increase BGP routing table size– possibly resulting in global routing instability

• a large number of updates when mobile networks move around

– some routers could temporarily lose their routes to the prefix

14

• For both global stability and application performance, we need to limit the propagation of BGP updates – without causing incorrect forwarding decisions at routers that do not

receive those updates.

• Techniques proposed– Mobile prefix– Aggregation routers– Mobility community– Scoped BGP updates– Tunnel mapping

15

Mobile PrefixMobile Prefix

• Each tier-1 (large) ISP designates a set of prefixes as its mobile prefixes: root mobile prefix– There should be a small number of root mobile prefixes– sub-prefixes are allocated from root mobile prefix to its cus

tomers• may be further divided

• Can be simply configured to routers similar to the bogon list.

16

Aggregation Routers Aggregation Routers and Mobility Communityand Mobility Community

• a tier-1 ISP configures that a subset of its routers (aggregation router, AR) advertise its root mobile prefix and know how to reach each sub-prefix.– To reduce the number of routers keeping explicit routing state for mob

ile networks,– ARs can partition the address space

• approximate geographic distribution of the home location of mobile networks to minimize suboptimal routing.

– send (standard) BGP UPDATE message to non-ARs• for mobile prefix with the next hop set to its own address

– ARs of a tier-1 ISP form a connected topology

• To reduce excessive path inflation, we require that each POP (point of presence) of a tier-1 ISP have an aggregation router

17

• mobility community– a new BGP community attribute– To limit the propagation of BGP update messages only am

ong ARs• controls the propagation of BGP UPDATE and WITHDRAWAL me

ssages, • and the creation of tunnel mapping.

18

Scoped Inter-domain BGP Updates Scoped Inter-domain BGP Updates and Tunnel Mappingand Tunnel Mapping

• BGP UPDATE– When a mobile network with prefix p switches to a new AS,

the new BS will inject a BGP announcement on p with a mobility community attribute.

– may propagate up along the AS hierarchy and reach a tier-1 ISP

– When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP

– may arrive at an provider AS with a previous route to p. • the AS is a common provider to both the previous and current AS

which the mobile network attaches to. • the AS suppresses it

– a change of BS does not trigger updates among any tier-1 ISPs.

19

• BGP WITHDRAWAL– When a mobile network leaves an AS, the designated bor

der router (?) will announce a BGP WITHDRAWAL message for p with the mobility community attribute

– may propagate up along the AS hierarchy and reach a tier-1 ISP

– When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP

– stop at the common provider which has a new route

20

• Tunnel Mapping– When a tier-1 ISP’s border router (Provider Edge, PE) receives a BGP UP

DATE message for a p from its customer border router (Customer Edge, CE)

• the PE propagates the BGP UPDATE to other ARs in ISPs with the CE’s IP address

• Each AR create a tunnel using CE’s IP address as the tunnel endpoint– non-ARs have only a default route to its closest AR

• all other non-tier-1 ISPs need not maintain detailed routes to the mobile prefixes– set up default routes (for the mobile prefixes) to its provider

21

ARtunnelCE ?

22

Outline Outline

• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work

23

Infrastructure SupportInfrastructure Support

• To prevent iBGP (internal BGP) routing changes due to roaming within an AS, only a designated BGP speaking router (DBR) act as the origin p and announces p

• a mobile network always update this router of its care-of-address.

– how? by the MR or the BS?

• Three additional flags for routing table entry in every routers– insideAS() whether a prefix is originating within an AS – origin() whether a given router originated a prefix (knows where to tunn

el the packet)

– mobilePrefix() whether a destination prefix is a mobile network

24

Packet Mobility State (MOS)Packet Mobility State (MOS)

• Three purposes:– Removal of triangular routing, – guarantee of location privacy, and also– prevention of DoS

• The CH always uses the home address (assigned in the mobile network) of the

MH for data packets.

25

Packet Mobility State (MOS)Packet Mobility State (MOS) (cont.) (cont.)

• when a mobile network switches to a new BS, it (the MR) needs to authenticate itself – before a care-of-address can be allocated to it.

• the mobile network needs to be sure that it is not attaching to a bogus BS– after a successful authentication, the AAA server returns to the BS an encrypt

ed token t = Kmrg(HoP, COA)• the mobile network’s home network prefix (HoP) and

care-of-address (COA)• The mobility router group includes all BGP (iBGP and eBGP included) speaking rou

ters and some additional internal routers for performance improvement (and AAA server).

– On the data path, t will be stamped by the BS into the IP packets originated from the mobile network.

• stamped by BS Vs. by the MH => 1:2

– A CH (with updated OS) bounce the opaque token back to the MH. • authenticate the BS? 因為” bogus BS”不會收到 AAA server來的 t ?

26

Packet Mobility State (MOS)Packet Mobility State (MOS) (cont.) (cont.)

//is a router in mobility router group

//BS de-tunnel

// the CH initiate connection or legacy OS on the CH

// to the DBR

// for DDoS// to the DBR

27

WINMO PropertiesWINMO Properties

• Global Reachability

• Routing Optimality– Non-AR tunnels packet to AR– Routers not understanding MOS forward the packet to DB

R

28

• Security and Privacy– Assume that the border gateway routers and AAA servers are s

ecure. • the BSs are more likely to be compromised

– Defense against connection hijacking• an ongoing connection• A forged t will not pass verification and will be dropped• Replaying t by a attacker will induce traffic from the CH to the MH.

– not reach the attacker. (Replay t with old COAthe Kmrg is refreshed pereodically)

• in contrast to the mobile IP solution, the attacker can hijack the connection

– if an attacker is on the path between CH and the HA of the MH. (the compromised BS?)

29

– Resilience to DDoS attack• For a packet destined to mobile

networks, if it does not carry MOS, it will be demoted to a low priority queue.

• Only attackers on the path between a legitimate CH and the mobile network can spoof the packet state.

– Preservation of location privacy

30

Outline Outline

• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work

31

Evaluations Evaluations - Effectiveness of Inter-domain Support - Effectiveness of Inter-domain Support

• Simulate the mobility and routing changes using real Internet topology data.

• treat each AS as one node, with a single prefix– each AS selects and exports routes using the standard policy based o

n AS business relationships • E.g. customer routes have the highest priority while provider routes have t

he lowest.

• Each round randomly pick one AS as the attachment point. • For each mobility solution, compute the average path length

between the attachment AS and all other ASes– the optimal path is calculated based on algorithm in [29]

[29] X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, K. Claffy, and G. Riley, “AS Relationships: Inference and Validation,” ACM Computer Communication Review, vol. 37, no. 1, 2007.

32

inflation

• The route selection of BGP takes into account various policies and preference (e.g., customer route is preferred over provider route). – sometimes results in suboptimal paths

that traverse through an AS’s customers.

• In WINMO, the provider route is selected with a shorter AS hop count– Default route for mobile prefix to

provider

normalized

33

• The disruption time is defined as the time duration when a router doesn’t have a route to reach the mobile prefix.

34

Evaluations Evaluations - Effectiveness of Intra-domain Support- Effectiveness of Intra-domain Support

• evaluate the intra-domain approach using the POP-level topologies of five large ISPs.– the intra-domain protocol is OSPF and – The shortest path is used to route packets

35

36

Conclusion and Future WorkConclusion and Future Work

• WINMO, a simple, systematic, novel solution for wide-area IP network mobility.– achieve low stretch global Internet routing for mobile networks roaming across

wide areas with minimal inter-domain routing overhead.• scoped BGP updates, route aggregation, tunneling, mobility packet state

• evaluation shows that, – the average path length of WINMO is only 11% more when compared with Co

nnexion; – the BGP update overhead of WINMO is orders of magnitude smaller than Con

nexion.

• Specific deployments may need to make different tradeoffs according to user and network requirements.

• We believe that our design is flexible and adaptable to many settings, and we will evaluate our design in more settings.