Date post: | 30-Dec-2015 |
Category: |
Documents |
Upload: | clyde-parker |
View: | 214 times |
Download: | 1 times |
1
Wide-Area IP Network MobilityWide-Area IP Network Mobility
Xin Hu1, Li (Erran) Li2, Z. Morley Mao1 and Yang Richard Yang3
1Bell Labs, Alcatel-Lucent, Murray Hill, NJ2University of Michigan, Ann Arbor, MI
3Yale University, New Haven, CT
INFOCOM 2008
2
Outline Outline
• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work
3
Introduction Introduction
• Since using mobile networks provided by the transportation systems presents minimal safety hazard and can significantly increase productivity, their popularity can only increase.
• People expect that their Internet data sessions continue seamlessly while they are in transit – just as that a cellular phone conversation continues uninterrupted.
4
Introduction Introduction (cont.)(cont.)
• to support network mobility– directly use or extend the mobile IP protocol
• mobile IP depends on public home agents, – but many users may NOT have static home addresses or home agent
s deployed at home.
• triangular routing
– Connexion [2] by Boeing• a commercial service to use BGP
– removes inefficient routing
– leads to positive user experiences
• a large number of BGP updates• handles only when moves across ASes (autonomous systems)
[2] A. Dul, Global IP Network Mobility using Border Gateway Protocol, Mar. 2006. [Online]
5
Introduction Introduction (cont.)(cont.)
• WINMO– an efficient protocol to support wide-area Internet network
mobility• Both across ASes and within an AS
– extensive evaluations are conducted to demonstrate the effectiveness
6
Related WorkRelated Work
• The previous work on mobility spans all layers but focus on host mobility– Most of them depend on link layer handoffs to trigger
mobility support, • but such handoffs may not be seen by all nodes
– It is possible to apply some of them to each host• leads to significant inefficiency• requires individual infrastructure support for each host.
7
Related WorkRelated Work (cont.) (cont.)
• IETF NEMO– a first step to ensure uninterrupted connectivity to the mobile network
nodes– does not address important issues such as route optimization and han
doff.
• For route optimization– [16]: performance evaluation of NEMO– Connexion [2] by Boeing– SIP-NEMO [17]– MIRON [18], ROTIO[19]
• based on the NEMO basic protocol and do not handle inter-domain mobility
• For handoff – outage prediction [20], enhanced HMIPv6 [21]
8
Overview - Design decisionsOverview - Design decisions
• Global Network Architecture– roams most of the time within a single AS. – may switch to connect to another AS
• Infrastructure Support– Require BSs and routers in an mobile ISP (MISP)– The service providers of the MISP may also contribute limited support
• Addressing Scheme for Mobile Networks– a fixed network prefix– mobile host obtains a IP address (home address) from the prefix, for t
he duration in the mobile network.
9
• End-host Support– Be transparent to mobile hosts (MH)– [option] OS support on correspondent host (CH)
• Security Association– no security association between an MH and its CH
• such associations would simplify network design (?), but establishing them– faces substantial security challenges or – requires fundamental change to the Internet architecture
– Each MISP has at least one AAA server, • which has a security association with mobile network, BS and router• distributes a group key to the routers.
10
Overview - Performance RequirementsOverview - Performance Requirements
• For network infrastructure– minimal routing overhead as a mobile network moves– The impact of DoS from outside the mobile network should be reduce
d
• For end host– Minimal path inflation– Location privacy (from CH)
• Tradeoff:– Avoiding path inflation
vs. crippling the control plane vs. route optimizationvs. scalability
11
Each mobile network has a fixed network prefix allocated from the address space of its home mobility service provider
12
Outline Outline
• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work
13
Basic Scheme: Inter-domain MobilityBasic Scheme: Inter-domain Mobility
• To correctly deliver traffic to its new location, BGP requires that – the new provider announce the newly arrived IP prefix– the previous provider withdraw the prefix.
• Standard BGP– increase BGP routing table size– possibly resulting in global routing instability
• a large number of updates when mobile networks move around
– some routers could temporarily lose their routes to the prefix
14
• For both global stability and application performance, we need to limit the propagation of BGP updates – without causing incorrect forwarding decisions at routers that do not
receive those updates.
• Techniques proposed– Mobile prefix– Aggregation routers– Mobility community– Scoped BGP updates– Tunnel mapping
15
Mobile PrefixMobile Prefix
• Each tier-1 (large) ISP designates a set of prefixes as its mobile prefixes: root mobile prefix– There should be a small number of root mobile prefixes– sub-prefixes are allocated from root mobile prefix to its cus
tomers• may be further divided
• Can be simply configured to routers similar to the bogon list.
16
Aggregation Routers Aggregation Routers and Mobility Communityand Mobility Community
• a tier-1 ISP configures that a subset of its routers (aggregation router, AR) advertise its root mobile prefix and know how to reach each sub-prefix.– To reduce the number of routers keeping explicit routing state for mob
ile networks,– ARs can partition the address space
• approximate geographic distribution of the home location of mobile networks to minimize suboptimal routing.
– send (standard) BGP UPDATE message to non-ARs• for mobile prefix with the next hop set to its own address
– ARs of a tier-1 ISP form a connected topology
• To reduce excessive path inflation, we require that each POP (point of presence) of a tier-1 ISP have an aggregation router
17
• mobility community– a new BGP community attribute– To limit the propagation of BGP update messages only am
ong ARs• controls the propagation of BGP UPDATE and WITHDRAWAL me
ssages, • and the creation of tunnel mapping.
18
Scoped Inter-domain BGP Updates Scoped Inter-domain BGP Updates and Tunnel Mappingand Tunnel Mapping
• BGP UPDATE– When a mobile network with prefix p switches to a new AS,
the new BS will inject a BGP announcement on p with a mobility community attribute.
– may propagate up along the AS hierarchy and reach a tier-1 ISP
– When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP
– may arrive at an provider AS with a previous route to p. • the AS is a common provider to both the previous and current AS
which the mobile network attaches to. • the AS suppresses it
– a change of BS does not trigger updates among any tier-1 ISPs.
19
• BGP WITHDRAWAL– When a mobile network leaves an AS, the designated bor
der router (?) will announce a BGP WITHDRAWAL message for p with the mobility community attribute
– may propagate up along the AS hierarchy and reach a tier-1 ISP
– When arrive an AR, this trigger an update for p that may propagate across all ARs in all tier-1 ISP
– stop at the common provider which has a new route
20
• Tunnel Mapping– When a tier-1 ISP’s border router (Provider Edge, PE) receives a BGP UP
DATE message for a p from its customer border router (Customer Edge, CE)
• the PE propagates the BGP UPDATE to other ARs in ISPs with the CE’s IP address
• Each AR create a tunnel using CE’s IP address as the tunnel endpoint– non-ARs have only a default route to its closest AR
• all other non-tier-1 ISPs need not maintain detailed routes to the mobile prefixes– set up default routes (for the mobile prefixes) to its provider
22
Outline Outline
• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work
23
Infrastructure SupportInfrastructure Support
• To prevent iBGP (internal BGP) routing changes due to roaming within an AS, only a designated BGP speaking router (DBR) act as the origin p and announces p
• a mobile network always update this router of its care-of-address.
– how? by the MR or the BS?
• Three additional flags for routing table entry in every routers– insideAS() whether a prefix is originating within an AS – origin() whether a given router originated a prefix (knows where to tunn
el the packet)
– mobilePrefix() whether a destination prefix is a mobile network
24
Packet Mobility State (MOS)Packet Mobility State (MOS)
• Three purposes:– Removal of triangular routing, – guarantee of location privacy, and also– prevention of DoS
• The CH always uses the home address (assigned in the mobile network) of the
MH for data packets.
25
Packet Mobility State (MOS)Packet Mobility State (MOS) (cont.) (cont.)
• when a mobile network switches to a new BS, it (the MR) needs to authenticate itself – before a care-of-address can be allocated to it.
• the mobile network needs to be sure that it is not attaching to a bogus BS– after a successful authentication, the AAA server returns to the BS an encrypt
ed token t = Kmrg(HoP, COA)• the mobile network’s home network prefix (HoP) and
care-of-address (COA)• The mobility router group includes all BGP (iBGP and eBGP included) speaking rou
ters and some additional internal routers for performance improvement (and AAA server).
– On the data path, t will be stamped by the BS into the IP packets originated from the mobile network.
• stamped by BS Vs. by the MH => 1:2
– A CH (with updated OS) bounce the opaque token back to the MH. • authenticate the BS? 因為” bogus BS”不會收到 AAA server來的 t ?
26
Packet Mobility State (MOS)Packet Mobility State (MOS) (cont.) (cont.)
//is a router in mobility router group
//BS de-tunnel
// the CH initiate connection or legacy OS on the CH
// to the DBR
// for DDoS// to the DBR
27
WINMO PropertiesWINMO Properties
• Global Reachability
• Routing Optimality– Non-AR tunnels packet to AR– Routers not understanding MOS forward the packet to DB
R
28
• Security and Privacy– Assume that the border gateway routers and AAA servers are s
ecure. • the BSs are more likely to be compromised
– Defense against connection hijacking• an ongoing connection• A forged t will not pass verification and will be dropped• Replaying t by a attacker will induce traffic from the CH to the MH.
– not reach the attacker. (Replay t with old COAthe Kmrg is refreshed pereodically)
• in contrast to the mobile IP solution, the attacker can hijack the connection
– if an attacker is on the path between CH and the HA of the MH. (the compromised BS?)
29
– Resilience to DDoS attack• For a packet destined to mobile
networks, if it does not carry MOS, it will be demoted to a low priority queue.
• Only attackers on the path between a legitimate CH and the mobile network can spoof the packet state.
– Preservation of location privacy
30
Outline Outline
• Introduction• Related Work• Overview• Basic Scheme: Inter-domain Mobility• Intra-domain Mobility• WINMO Properties• Implementation Issues• Evaluations• Conclusions and Future Work
31
Evaluations Evaluations - Effectiveness of Inter-domain Support - Effectiveness of Inter-domain Support
• Simulate the mobility and routing changes using real Internet topology data.
• treat each AS as one node, with a single prefix– each AS selects and exports routes using the standard policy based o
n AS business relationships • E.g. customer routes have the highest priority while provider routes have t
he lowest.
• Each round randomly pick one AS as the attachment point. • For each mobility solution, compute the average path length
between the attachment AS and all other ASes– the optimal path is calculated based on algorithm in [29]
[29] X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, K. Claffy, and G. Riley, “AS Relationships: Inference and Validation,” ACM Computer Communication Review, vol. 37, no. 1, 2007.
32
inflation
• The route selection of BGP takes into account various policies and preference (e.g., customer route is preferred over provider route). – sometimes results in suboptimal paths
that traverse through an AS’s customers.
• In WINMO, the provider route is selected with a shorter AS hop count– Default route for mobile prefix to
provider
normalized
33
• The disruption time is defined as the time duration when a router doesn’t have a route to reach the mobile prefix.
34
Evaluations Evaluations - Effectiveness of Intra-domain Support- Effectiveness of Intra-domain Support
• evaluate the intra-domain approach using the POP-level topologies of five large ISPs.– the intra-domain protocol is OSPF and – The shortest path is used to route packets
36
Conclusion and Future WorkConclusion and Future Work
• WINMO, a simple, systematic, novel solution for wide-area IP network mobility.– achieve low stretch global Internet routing for mobile networks roaming across
wide areas with minimal inter-domain routing overhead.• scoped BGP updates, route aggregation, tunneling, mobility packet state
• evaluation shows that, – the average path length of WINMO is only 11% more when compared with Co
nnexion; – the BGP update overhead of WINMO is orders of magnitude smaller than Con
nexion.
• Specific deployments may need to make different tradeoffs according to user and network requirements.
• We believe that our design is flexible and adaptable to many settings, and we will evaluate our design in more settings.