Mobile IPv6

1
Mobile IPv6
2
Why study Mobility in IPv6?
3
What is so different about Mobile IPv6 ?
4
Broadly we can say,

• Mobile IPv6 benefits from opportunities provided
  by IPv6
• From the Lessons learnt from IPv4

5
Problems with Mobile IPv4
6
Triangle Routing Problem

• Triangle routing problem delays the delivery of
  the datagrams and places an unnecessary burden on
  networks and routers

7
Firewalls

• Enterprise firewalls are typically configured to
  block packets from entering via the Internet that
  appear to emanate from internal computers

8
Ingress Filtering

• Many border routers discard packets coming from
  within the enterprise if the packets do not
  contain a source IP address configured for one of
  the enterprise's internal networks

9
Other Security Issues

• Insider Attacks
• Denial of Service Attack (DOS)
• Replay Attacks
• Theft of Information Passive
  Eavesdropping
• Theft of Information Session-Stealing

10
Is Mobile IPv6 the Solution?
11
Two Modes of Operation

• Basic Operation or Bi- directional tunneling
• Route Optimization

12
Basic Operation
Data Path Mobile Node to Correspondent Node in
Basic Operation
Data Path Correspondent Node to Mobile Node in
Basic Operation
13
Route Optimization
Data Path Mobile Node to Correspondent Node in
Route Optimization
Data Path Correspondent Node to Mobile Node in
Route Optimization
14
Advantages of Route Optimization

• Allows the shortest communications path to be
  used.
• eliminates congestion at the mobile node's home
  agent and home link.
• the impact of any possible failure of the home
  agent or networks on the path to or from it is
  reduced.

15
Establishing Route Optimization
16
Messages supported by Mobility Header

• Home Test Init
• Home Test
• Care-of Test Init
• Care-of Test
• Binding Update
• Binding Acknowledgement
• Binding Refresh Request
• Binding Error

Return Routability Procedure
Registration
17
Return Routability Procedure

• Purpose Enables the correspondent node to obtain
  some reasonable assurance that the mobile node is
  in fact addressable at its claimed care-of
  address as well as at its home address.
• Only with this assurance is the correspondent
  node able to accept Binding Updates from the
  mobile node.

18
Return Routability Flow diagram

• Mobile Node Home
  Agent Correspondent Node
• 
  
• Home test Init
• -------------------------------?----------
  -----------------------------?
• Care of test init
• -------------------------------------------
  ------------------------------gt
• home test
• lt----------------------------------lt------
  ------------------------------
• Care of Test
• ?------------------------------------------
  -------------------------------
  

19
Home Test init

• Source Address home address
• Destination Address correspondent
• Parameters home init cookie

20
Care-of Test Init

• Source Address care-of address
• Destination Address correspondent
• Parameters care-of init cookie

21
Home Test

• Source Address correspondent
• Destination Address home address
• Parameters home init cookie
• home keygen token
• home nonce index

22
Care-of Test

• Source Address correspondent
• Destination Address care-of address
• Parameters care-of init cookie
• care-of keygen token
• care-of nonce index

23
Binding Message Flow Diagram

• Mobile Node Correspondent Node
• Binding Update
• ------------------------------------------
  -----------------?
• (Seq no. , nonce indices , care of
  address)
• Binding ACK
• ?-----------------------------------------
  ------------------
• (Seq no. , status)

24
Binding Update

• Source Address care-of address
• Destination Address correspondent
• Parameters home address
• sequence number
• home nonce index
• care-of nonce index
• First (96, HMAC_SHA1 (Kbm, (care-of
  address correspondent BU)))

25
Binding Acknowledgement

• Source Address correspondent
• Destination Address care-of address
• Parameters sequence number
• First (96, HMAC_SHA1 (Kbm,
  (care-of address correspondent BA)))

26
Other Features and Functionality
27
Home Agent Option

• Used by Mobile Node while away from home, to
  inform the recipient of the mobile node's home
  address.

28
Prefix Discovery

• allows a Mobile Node to get network prefix
  information about its Home Network
• Sends a Mobile Prefix Solicitation message to the
  Home Agent.

29
Dynamic Home Agent Discovery

• When attached to a Foreign Network, a Mobile Node
  might not know the address of its Home Agent
• With DHAAD, Mobile Node only needs a home network
  prefix configured and it can dynamically find the
  address of a Home Agent on its home network

30
Returning Home and De-registering

• Mobile Node determines whether it is attached to
  its home network based on the network prefix
  information
• Deregisters by sending a special Binding Update
  to its Home Agent

31
Neighbor/Router Discovery

• Provides IPv6 nodes with a means to discover the
  presence and link layer addresses of other nodes
  
• Provides methods for discovering routers
• Detecting when a local node becomes unreachable
• Resolving duplicate addresses

32
Stateless Autoconfiguration

• Purpose Enables nodes to decide how to
  autoconfigure its interfaces in IPv6
• Steps
• Generate a link-local address for the interface.
• Obtain a Router Advertisement which specify the
  sort of autoconfiguration the host should do.

33
Performance Evaluation

• Security Threats reduced
• Uses Source Routing which provides Highly
  efficient performance and avoids Triangle routing
• Avoids problems due to Ingress Filtering
• Has Inbuilt Infrastructure for Mobility
• Router Discovery and Address auto-configuration
  makes mobility a much easier task

34
Major Differences from Mobile IPv4

• No Foreign Agents
• Route Optimization is a fundamental part unlike
  Mobile IPv4
• Bi-directional tunneling is part of the core
  protocol unlike Mobile IPv4
• Uses Neighbor Discovery to find Link layer
  Addresses of neighbors unlike Mobile IPv4 which
  uses ARP . Hence more robust
  
• 
  Contd

35

• Dynamic Home Agent Address Discovery uses anycast
  addressing and returns a single reply to the
  mobile node unlike Mobile IPv4 which uses a
  directed broadcast approach and returns separate
  replies from each Home Agent
• Mobile Nodes can obtain Care-of Addresses via
  Stateless Address Auto-configuration unlike
  Mobile Ipv4 which uses Agent discovery

36
Vulnerabilities in Mobile IPv6
37
Security Still a Headache

• Biggest vulnerability is authorization of Binding
  Updates
• Firewalls and Mobile IPv6 do not work well
  together
• Number of Problems for securing Neighbor
  discovery
• Problem arises when roaming with a dual-stack
  architecture and interoperating between Mobile
  IPv4 and Mobile IPv6.

38
Final Words Mobile Ipv6
39
Communications should be much faster," Deering
says. "We also thought it was going to be more
secure. But now it doesn't look like it's going
to be more secure."
40
Backers of IPv6 have suffered another setback,
as security experts punched holes in their
planned strategy for supporting mobile IPv6
communications.
41

• Prime Minister Yoshiro Mori of Japan vouched for
  IPv6 in front of the Japanese parliament,
  declaring that by 2006 Japan would have 100
  percent deployment in government, education and
  industry. And in February, the Korean government
  followed suit by promising to spend 80 billion
  by 2006 to develop and deploy IPv6.

42

• "The good part is, that the IETF has identified
  that this is work that needs to be done as soon
  as possible, and they are nearing their goal

43
Thank You!