OBAN Open Broadband Access Networks H. Almus, TU Berlin, EANTC Research The OBAN project is funded...

OBAN Open Broadband Access

Networks

H. Almus, TU Berlin, EANTC Research

The OBAN project is funded by the European Community’s Sixth Framework Programme, project partners and the Swiss Bundesamt für Bildung und Wissenschaft

The information in this document is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof usesthe information at its sole risk and liability

© 2006 H. Almus TERENA Networking Conference 2006 2

An Open Network


OBAN Concept• To open private WLANs for public use

– Allowing people who are passing by (visiting users) to get broadband access via privately owned WLAN access points

• Business idea beyond– Visiting users pay according to there usage– Contracts between all involved parties will assure appropriate earnings

Private use

Public use

Access to broadband network

WLAN

ISP

• OBAN mobility support– Seamless handover and roaming

• Limited to velocities ≤ 15 km/h

• OBAN integrated extended services

– Voice (VoWLAN, VoIP), Video– Location specific services

• Local content based on knowledge of coordinates of used broadband access


Broadband access today and tomorrow

• xDSL technologies– Example ADSL, typical configured bandwidth 1 to 2 Mbps, mostly

8 Mbps possible– Example ADSL 2+, VDSL, VDSL2 provides from 24 Mbps to 40-50

Mbps• Cable modems in TV distribution networks• Fiber cable to the home• Wireless technologies

– Extended use expected• According to BT Group: WiMAX for home installation available at the

end of 2006 • Private flats and houses do have broadband access !!!

– 23% of the European households are using broadband connections

– Broadband connections in Germany (end of 2005)• around 10,4 million connections (27 % of German households)


Use of capacities• Most private users are using the rented

bandwidth only for minor downloads– Usage heavily depends on the daytime

• Mostly used in the evening and on weekends• Minor usage during common working hours

• Rented bandwidth usually below technical available bandwidth– Caused by price policy of ISPs– Most often, the rented bandwidth is 1 or 2 Mbit/s (downlink)– On average, the installed broadband access

technology allows around 8 Mbit/s (downlink)– Estimated average use of a broadband access: ≤ 10

GByte per month• Only around 3-4 % of the rented bandwidth is actually

used • Regarding the technical available bandwidth at the access

points, only around 0,5 % is used


Network evolution

• Today's mobile networks are evolving to broadband– Number of base stations and feeder lines will increase

dramatically– Next step from today's UMTS may require optical cables in the

feeder network– Granularity will become comparable to that of the fixed network

• The fixed network is continuously updated with advanced DSL technologies and optical cables– Most of the connected households and businesses will use

WLAN technologies for in-house networking

Extended use of WLANs as well as growing bandwidth demands will lead to a convergence of booth

networks


Networks & Cell sizestoday

and tomorrowWLAN

Mobile network


Parties involved

ISP-VU

Internet

HU = Home UserVU = Visiting UserANP = Access Network ProviderISP = Internet Service ProviderRG = Residential Gateway (OBAN extended Access-Router)AP = WLAN Accesspoint

APAP

RGHU

VU

ISP-HU

ANP


OBAN bandwidth management

• Simple bandwidth management– Home user retains the rented bandwidth and performance, independent from any

access and usage by visiting users• Conventional sharing concepts are based on a common use of the bandwidth rented

by the home user (Boingo, Linkspot etc.)– Use of additional available bandwidth for visiting users– Solution by adapted bandwidth management

• 2 data paths with fixed, well defined access rates

• Extended bandwidth management– Bandwidth actually not used by the home user will be available for visiting users

in addition to the extended bandwidth statically reserved for visiting users– Realization requires strict prioritization of the private users traffic in the limits of

the rented bandwidth

• The OBAN approach is a provider oriented solution – it requires the involvement of the access network provider!

– Solutions as offered by Boingo are just roaming agreements


QoS in OBAN• Bandwidth management, prioritization

– based on 802.11e / WMM– OBAN QoS Broker

• Knows the capacity of the access network– Traffic policing, priority queuing

• manages QoS-Profiles for each OBAN user– Integrated in the backend, could be integrated in AAA server

– Residential Gateway• Capacity Distribution Algorithm (CDA) defines, which capacity an

end system (terminal) gets assigned at a given time• Traffic policing / shaping, priority queuing to ensure proper use• Capacity tracking and adoption according to changing conditions

– Terminal• Supports traffic shaping, capacity tracking• WLAN:

– QoS enabled MAC (802.11e/WMM); priorities are mapped to WLAN access categories


Mobility in OBAN

• Basic objectives of the OBAN project:– „Smart change“ of the IP network as well as seamless

roaming between service providers– Single Sign On

• The user has to authenticate only once

– Seamless IP Connectivity• Change of network access, IP subnet as well as roaming

shall not disturb or (noticeable) interrupt currently used IP services

– No loss of TCP connections, SIP session etc.

» Supported by use of Mobile IPv4 (MIP)


Security in OBAN

• Security and privacy protection– Questions and requirements

• Who must have access to which data?• Who isn't allowed to have access to which data?• How can a OBAN network be realized in line with local and

European laws?– 25 country specific laws and regulations regarding service

provisioning, protection of private data, encryption etc.

• Acceptance of OBAN by private and visiting users?– What kind of data security as well as privacy protection has to

be offered?


SecurityExtended requirements

• Extended protection against manipulation required because– OBAN WLAN APs and RG are located in private homes

• HU could try to fake an OBAN WLAN AP and to forward modified visiting user data to the RG (Man-in-the-Middle-Attack)

• HU could also manipulate the RG itself to modify information (e.g. billing relevant date)

– OBAN WLAN APs are interconnected to the private network of the HU• VUs could attack and try to manipulate OBAN WLAN AP to get access to

private data of the HU• OBAN networks have to securely separate the data of HUs and VUs

– Separated VPNs for HU and VU are required– The identity of the HU has to be hidden to the VUs as well as vice versa

• OBAN hardware and software components must be protected against manipulation and misuse


MobilityMIP / Handover

• OBAN has to support a secured data exchange in combination with a change of the used network without service interruption– OBAN project objectives include the support of interactive multimedia

services like videoconferencing and VoIP– OBAN tries to achieve handover times less than 120 ms (Layer 3)

• Typical handover times of 350 ms ore even higher (like 8-10 s in MIP environments) are not acceptable.

• Consequences: – The handover process including re-authentication has to take place

automatically - without any user interaction– The used Mobile IP solution has to be compatible with common

encryption techniques (VPN, IPSec and SSL)• Encryption must be setup as overlay on top of MIP, end points of encrypted

tunnels are terminated in MIP• OBAN terminals (notebooks, PDAs) have to support Mobile IP as

well as some OBAN specific extensions• OBAN users will have to install some OBAN specific software


Handover performance

• How to minimize the WLAN handover delay?• Code optimization alone will not be a solution to the OBAN goal (< 120 ms

on Layer 3)• WLAN technology doesn’t support “make before break” as used in

GSM/UMTS networks• Extended mobility management is required

– Residential Gateway (RG) acts as access router• Extended functions to avoid painful delays (DHCP etc.)

– Sophisticated authentication mechanisms • To support fast and automated re-authentication

– Extended services and functions to be implemented• proxy servers• mobility broker

– Knows about neighbored APs, network configuration– Supports fast re-authentication

• QoS broker– Knows about currently available QoS on neighbored APs


Authentication• Full authentication (via AAA server) when changing AP / roaming is by far to

slow • Alternate solutions discussed within OBAN

1. Delayed Authentication1. Data traffic without previous authentication allowed for a limited time period2. Full authentication done immediately in parallel to initial use

2. Use of Kerberos Tickets1. Split of authentication process

1. Traditional full authentication via AAA server for the 1st access2. Specific authentication on shared secrets, partly shared in advance

3. Time-shifted computing1. Based on mutual authentication between terminal and Residential Gateway in conjunction

with a secured information and trusted points

• Solution 1– Delayed authentication may be forbidden by law

• at least in some European countries the ISP has explicitly inform the user about the approach and the risks regarding the initial data exchange

• Solution 2 and 3– Use of topographic knowledge required (neighborhood relations)

• Knowledge about reachable APs, additional information for re-authentication, Protocol extensions (801.X, EAP-xxx)


OBAN proof of concept• Field trial (Telenor)

– continuously used to test solutions as soon as available, • Testbed at TU Berlin

– Used for additional functional testing • Field Trial in Paris (France Telecom)

– scheduled for the final phase of the project to test the integrated OBAN environment

• Portable Demonstrator– Used for specific tests as well as for demonstration purposes at exhibitions

SSID: hansen

SSID: larsen

Internet

ISPRG

Monitor1

ISPIPC

HA,ISPIPC Gateway

ISPRG Gateway

RGW1

AP1

RGW2

AP2

Terminal

Host

Monitor2

SSID: hansen

SSID: larsen

Internet

ISPRG

Monitor1

ISPIPC

HA,ISPIPC Gateway

ISPRG Gateway

RGW1

AP1

RGW1

RGW1

AP1AP1

RGW2

AP2

RGW2

RGW2

AP2AP2

Terminal

Terminal

Host

Monitor2

Portable demonstrator:Configuration example for "inter-provider handover” testing


Extended ServicesIP Zones, SIP-UA, …

• Different portals for Visiting Users (VU) und Home Users (HU)– VU: location specific offers

Exact location of Residential Gateway is known!• Local events, special offers, …• Taxi stand next door, timetable of nearby located bus stops & undergrounds• Navigation: distance to events, friends, ….

– HU: may offer specific services to VUs• Garage sale today• Print Service (if HU is at home)

• SIP-UA: OBAN aware application– SIP based videoconferencing with automated adaptations

• Adopt codec used and image size in accordance with available QoS– Information provided by OBAN QoS broker


OBAN project partners

• The OBAN concepts, ideas and solutions presented are the results of the common efforts of all OBAN partners


Thank you! Questions?

More information is available on the OBAN public web pages:

www.ist-oban.org

Date post:	16-Jan-2016
Category:	Documents
Upload:	derrick-oliver
View:	220 times
Download:	1 times

OBAN Open Broadband Access Networks H. Almus, TU Berlin, EANTC Research The OBAN project is funded...

Documents