Title: Mobile Networks Support in IPv6 - Draft Update draft-ernst-mobileip-v6-01.txt -
1Mobile Networks Support in IPv6- Draft Update
draft-ernst-mobileip-v6-01.txt -
- Thierry Ernst - MOTOROLA Labs
- Ludovic Bellier - INRIA (Planete project)
- Claude Castelluccia - INRIA (Planete project)
- Hong-Yon Lach - MOTOROLA Labs
2Definition and Terminology
- Mobile Node a node that changes its point of
attachment - by means of Mobile IPv6
- Mobile Network an entire network that changes
its point of attachment - A IP subnet or a collection of IP subnets
- Mobile Router (MR) its attached Nodes and
Routers. - SNs all stationary nodes located in mobile
network ( SNs are not Mobile Nodes !) - Future needs require to consider (potentially
large) mobile networks
- CNs all nodes communicating with SNs
- Aim of this work is to
- Provide continuous Internet connectivity to SNs
- Offer optimal routing between CNs and SNs
- Mobile IPv6 specification
- Mobile IPv6 nodes may either be Mobile Hosts or
Mobile Routers. - But no explicit mention of mobile networks.
3Experimentation Test Bed
- Francis Dupont INRIA IPv6 Implementation under
FreeBSD 3.3 - MR has two interfaces
- One on the home / foreign link in the home /
foreign network - One on the internal link in the mobile network
- Mobile Network attaches to foreign link
- MR obtains a care-of address on the foreign link
- MR registers care-of address with HA.
- HA opens an IPv6-in-IPv6 tunnel to MRs careof
address - HA adds a host-specific route for MRs home
address to MRs careof address
4Experimentation Ping between CN and MR
- Packet is routed to BR
- BR sends NDP messages to discover MRs MAC
address - BR HA replies with HAs address on behalf of MR
- HA intercepts packets addressed to MR
- HA routes the packet to the IPv6-in-IPv6 tunnel
- HA tunnels the packet to MRs care-of address
gt Redirection works fine whether Mobile Node is
a Host or a Router
No problem, MR receives the packet
5Experimentation Ping between CN and SN
- Packet is routed to BR
- In BRs routing table, MR' home address is the
next hop towards SN - BR sends NDP messages to discover MRs MAC
address - HA replies with HAs address on behalf of MR
- HA intercepts but does not have an entry for SNs
address - HA sends the packet to its default route, i.e.
the BR - The packet enters in a routing loop
gt Redirection to SNs impossible
Problem, SN never receives the packet
6Our Solution Network Scope Binding Updates
- Assumption all nodes in the mobile network share
a common IP prefix Mobile Network Prefix - if only one subnet -gt internal link s prefix
- If several subnets -gt a common prefix identifying
(sub-SLA) all subnets in the mobile network - Our solution all packets with a destination
address corresponding to the Mobile Network
Prefix are routed to the MR s careof address. - Means
- A Binding between the Mobile Network Prefix and
the MRs careof address. - a new Sub-Option to carry the Mobile Network
Prefix a P flag - Prefix and flag are recorded in the binding cache
- Binding Cache is searched for a Prefix for those
records showing the P flag. - BUs containing the Mobile Network Prefix are
sent - To the HA to allow redirection
- To all CNs to allow optimal routing
- BUs are sent by the MR, not by individual SNs
- mobility of network is transparent to SNs
- mobility management is aggregated (a given CN
only gets 1 BU whatever SNs)
7Our Solution Security Issues
- Existing Mobile IPv6 for Mobile Nodes
- Authentication of BUs sender
- MN authenticated thanks to IPSec
- Authorization of MN allowing MN to send BUs
- no explicit authorization
- If sender is authenticated, the Mobile IPv6
policy is to accept, record, and use whatever
received careof address - Mobile IPv6 extensions to support Mobile
Networks - Authentication of BUs sender
- MR is authenticated thanks to IPSec - (same as
for a single MN) - Authorization of MR allowing the MR to manage
mobility of an entire network - If the Mobile IPv6 policy says that a
careof-address can be registered for a prefix,
then MR has the right to register a binding
between the Mobile Network Prefix and its
address. - Authorization may be provided by a certificate
- exchanged during SA negociation
- to guarantee that MR actually serves the mobile
network with the specified Prefix. - Our solution is a matter of Authorization, not a
matter of Authentication
8Mobile IP Working Group Item ?
- Does the Mobile IP WG agree that
- HA is unable to redirect packets sent to nodes in
the mobile network ? - (if the final destination is not the Mobile
Router itself) - CN is unable to directly route packets to nodes
in the mobile network) - (if the final destination is not the Mobile
Router itself) - gt no redirection no optimal routing SNs are
unreachable - This should be addressed by the Mobile IP WG
- gt Add Support of Mobile Networks as a work
item of the Mobile IP WG and include it in the
charter.
9For More Information
- draft-ernst-mobileip-v6-network-01.txt
- Thierry Ernst
- thierry.ernst_at_inrialpes.fr
- http// www.inrialpes.fr/planete
- This is a joint work between
- and