Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt -

1
Mobile Networks Support in IPv6- Draft Update
draft-ernst-mobileip-v6-01.txt -

• Thierry Ernst - MOTOROLA Labs
• Ludovic Bellier - INRIA (Planete project)
• Claude Castelluccia - INRIA (Planete project)
• Hong-Yon Lach - MOTOROLA Labs

2
Definition and Terminology

• Mobile Node a node that changes its point of
  attachment
• by means of Mobile IPv6
• Mobile Network an entire network that changes
  its point of attachment
• A IP subnet or a collection of IP subnets
• Mobile Router (MR) its attached Nodes and
  Routers.
• SNs all stationary nodes located in mobile
  network ( SNs are not Mobile Nodes !)
• Future needs require to consider (potentially
  large) mobile networks

• CNs all nodes communicating with SNs
• Aim of this work is to
• Provide continuous Internet connectivity to SNs
• Offer optimal routing between CNs and SNs
• Mobile IPv6 specification
• Mobile IPv6 nodes may either be Mobile Hosts or
  Mobile Routers.
• But no explicit mention of mobile networks.

3
Experimentation Test Bed

• Francis Dupont INRIA IPv6 Implementation under
  FreeBSD 3.3
• MR has two interfaces
• One on the home / foreign link in the home /
  foreign network
• One on the internal link in the mobile network
• Mobile Network attaches to foreign link
• MR obtains a care-of address on the foreign link
• MR registers care-of address with HA.
• HA opens an IPv6-in-IPv6 tunnel to MRs careof
  address
• HA adds a host-specific route for MRs home
  address to MRs careof address

4
Experimentation Ping between CN and MR

• Packet is routed to BR
• BR sends NDP messages to discover MRs MAC
  address
• BR HA replies with HAs address on behalf of MR
• HA intercepts packets addressed to MR
• HA routes the packet to the IPv6-in-IPv6 tunnel
• HA tunnels the packet to MRs care-of address

gt Redirection works fine whether Mobile Node is
a Host or a Router
No problem, MR receives the packet
5
Experimentation Ping between CN and SN

• Packet is routed to BR
• In BRs routing table, MR' home address is the
  next hop towards SN
• BR sends NDP messages to discover MRs MAC
  address
• HA replies with HAs address on behalf of MR
• HA intercepts but does not have an entry for SNs
  address
• HA sends the packet to its default route, i.e.
  the BR
• The packet enters in a routing loop

gt Redirection to SNs impossible
Problem, SN never receives the packet
6
Our Solution Network Scope Binding Updates

• Assumption all nodes in the mobile network share
  a common IP prefix Mobile Network Prefix
• if only one subnet -gt internal link s prefix
• If several subnets -gt a common prefix identifying
  (sub-SLA) all subnets in the mobile network
• Our solution all packets with a destination
  address corresponding to the Mobile Network
  Prefix are routed to the MR s careof address.
• Means
• A Binding between the Mobile Network Prefix and
  the MRs careof address.
• a new Sub-Option to carry the Mobile Network
  Prefix a P flag
• Prefix and flag are recorded in the binding cache
  
• Binding Cache is searched for a Prefix for those
  records showing the P flag.
• BUs containing the Mobile Network Prefix are
  sent
• To the HA to allow redirection
• To all CNs to allow optimal routing
• BUs are sent by the MR, not by individual SNs
• mobility of network is transparent to SNs
• mobility management is aggregated (a given CN
  only gets 1 BU whatever SNs)

7
Our Solution Security Issues

• Existing Mobile IPv6 for Mobile Nodes
• Authentication of BUs sender
• MN authenticated thanks to IPSec
• Authorization of MN allowing MN to send BUs
• no explicit authorization
• If sender is authenticated, the Mobile IPv6
  policy is to accept, record, and use whatever
  received careof address
• Mobile IPv6 extensions to support Mobile
  Networks
• Authentication of BUs sender
• MR is authenticated thanks to IPSec - (same as
  for a single MN)
• Authorization of MR allowing the MR to manage
  mobility of an entire network
• If the Mobile IPv6 policy says that a
  careof-address can be registered for a prefix,
  then MR has the right to register a binding
  between the Mobile Network Prefix and its
  address.
• Authorization may be provided by a certificate
• exchanged during SA negociation
• to guarantee that MR actually serves the mobile
  network with the specified Prefix.
• Our solution is a matter of Authorization, not a
  matter of Authentication

8
Mobile IP Working Group Item ?

• Does the Mobile IP WG agree that
• HA is unable to redirect packets sent to nodes in
  the mobile network ?
• (if the final destination is not the Mobile
  Router itself)
• CN is unable to directly route packets to nodes
  in the mobile network)
• (if the final destination is not the Mobile
  Router itself)
• gt no redirection no optimal routing SNs are
  unreachable
• This should be addressed by the Mobile IP WG
• gt Add  Support of Mobile Networks  as a work
  item of the Mobile IP WG and include it in the
  charter.

9
For More Information

• draft-ernst-mobileip-v6-network-01.txt
• Thierry Ernst
• thierry.ernst_at_inrialpes.fr
• http// www.inrialpes.fr/planete
• This is a joint work between
• and