GPRS Interworking with IPv6 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

GPRS Interworking with IPv6

Description:

Preeti Vinayakray-Jani NOKIA RESEARCH CENTER HELSINKI, FINLAND Outline GPRS Architecture - Basic Services IPv6 over GPRS - A Protocol Stack Interworking Mechanisms ... – PowerPoint PPT presentation

Number of Views:22
Avg rating:3.0/5.0
Slides: 19
Provided by: Pre9157
Category:
Tags: gprs | gprs | interworking | ipv6

less

Transcript and Presenter's Notes

Title: GPRS Interworking with IPv6


1
GPRS Interworking with IPv6
  • Preeti Vinayakray-Jani
  • NOKIA RESEARCH CENTER
  • HELSINKI, FINLAND

2
Outline
  • GPRS Architecture - Basic Services
  • IPv6 over GPRS - A Protocol Stack
  • Interworking Mechanisms and their Examples
  • GPRS Interworking with Internet
  • Security Threats in GPRS systems with Examples
  • Summary

3
GPRS Architecture
h
Cellular world
Operator B
Operator A
SGSN
SGSN
VLR/HLR
VLR/HLR
GPRS core
GPRS core
GTP'
BG (46)
GGSN
GGSN
Existing IPv4 Internet
4
Basic Services
  • Address acquisition
  • stateless
  • stateful
  • assign single address
  • assign subnet
  • GGSN intercepts and replies to neighbor discovery
    messages
  • possible design
  • GTP tunnel based on link-layer address only
  • MN address assignment as a result of 'GPRS
    Activate Context' request (which is triggered
    during PPP setup)
  • GGSN sends router advertisements once GTP tunnel
    is formed
  • Name resolution
  • New DNS record types AAAA and A6
  • AAAA support already exists
  • DNS server should be dual stack
  • Data transfer

5
IPv6 Over GPRS Protocol stack
6
Visited Network Support
  • Network with IPv6 support (v6)
  • In such a network there is an IPv6 router
    reachable by the mobile host - the router
    responds to IPv6 router solicitation requests
    sent by the mobile host. The IPv6 router has
    connectivity to the rest of IPv6 world.
  • Network with basic IPv4 support (v4)
  • no support for IPv6
  • no enforcing for the use of a Mobile IPv4 FA (may
    not support MIPv4 at all)
  • Network with IPv4 supports in which use of
    external FA (Foreign Agent) is mandatory (v4FA)
  • An IPv4 network not supporting IPv6 and requiring
    the visiting mobile host to use an external FA in
    the network.
  • In the first phase of evolution from IPv4 to
    IPv6, v4 type of network will be the most common
    visited network type (v4FA networks most probably
    are rare because of the low deployment of MIPv4).

7
Interworking Mechanisms
  • Encapsulation
  • Supports end-to-end IPv6 connectivity over IPv4
    networks
  • Configured tunnels (does not scale)
  • Automatic encapsulation (requires 1 public IPv4
    address per recipient)
  • 6to4 encapsulation (requires 1 public IPv4
    address per site)
  • Protocol translation
  • Necessary for communication between IPv4 and IPv6
    end points
  • Network layer translators
  • SIIT, NAT-PT (require little or no host changes)
  • Upper layer translators
  • SOCKS, ALGs
  • Temporary address allocation
  • Supports end-to-end IPv4 connectivity between a
    dual stack mobile node and IPv4-only
    correspondent
  • AIIH (assigning IPv4 addresses to IPv6 hosts)
  • RSIP (realm specific IP)
  • Conti.

8
Conti...Temporary Address Allocation
  • AIIH may still be relevant
  • Implementations reportedly under way
  • Allows connections initiated from the outside
  • - AIIH server is a combined DNS and DHCP server
  • - Uses DHCPv6 extensions (Reconfigure)
  • RSIP is promising but not a panacea
  • Requires host modifications
  • Intermediate node maintains state
  • Potential problems with TCP states refused
    connections, security exposures
  • Some application may assume all ltIP-address,
    portgt pairs with the same 'IP-address' end in the
    same node

9
Encapsulation Example 6to4
  • Requires only 1 IPv4 address per site
  • Implemented on various OS
  • Appears to be popular and effective

10
Protocol Translation Example SIIT
  • NAT-PT and BITS use translations specified by
    SIIT

11
Protocol Translation Example SOCKS
  • host change required, but no changes to DNS,
    routing etc.
  • implementation is available
  • public acceptance unclear but appears to be
    quite useful

12
Temporary address allocation example RSIP
RSIP server
Correspondent
RSIP client
Address space B
Address space A
REGISTER_REQUEST
  • preserves end-to-end functionality
  • seen as 'next best thing' to IPv6
  • no practical experience yet

ASSIGN_REQUEST (address in B, or
address/port-range)
data traffic
data traffic via tunnel
ASSIGN_REQUEST_EXT (address in B, or
address/port-range)
data traffic
data traffic via tunnel
DEALLOCATE
DE-REGISTER REQUEST
Note Responses from RSIP server are not shown
13
Security Threats in GPRS systems
  • Denial of Service (DOS)
  • A particular victim Mobile host gets terminated
  • Malicious party gets to see all traffic directed
    to particular Mobile host
  • Session Stealing/Spoofing
  • Eavesdropping and floods the Mobile host with
    bogus traffic
  • Intercepting packets destined to Mobile host
  • Incompetent Translator
  • Attacker gains physical access via unattended
    network socket by exercising some ARP requests to
    DHCP and gets access to IP host and floods the
    network
  • Simple attack through Intranet to GGSN's Gi
    interface
  • Attack through GPRS Tunneling Protocol (GTP)

14
Security Threats IP Attacks (1/3)
15
Security Threat Attacks through GTP (2/3)
16
Security Threat Through Translator (3/3)
17
GPRS Interworking with Internet
  • (1) Mobile node type and address
  • (2) GGSN AP type (IPv4, IPv6, 6to4, ..) and
    address
  • (3) Possibly needed TrGW - needed functionality
    and address type
  • (4) Edge router (assumption dual stack)
    functionality and address type
  • (5) Router 1 between IPv4 Internet and IPv6
    network
  • (6) The host that the MN is connected to
  • Points to think about
  • If tunneling is needed, what tunneling mechanism
    is used and what are the endpoints of the tunnel?
  • Is a translator such as NAT-PT needed in the
    case?
  • Is there a sufficient number of public IPv4
    addresses (most probably not)
  • ...

"ADDR"
(6)
Host
Operator own network
  • TrGW
  • NAT-PT
  • RSIP
  • Encapsulaton / decapsulation
  • ALGs
  • etc.

"ADDR"
(1)
(5)
(3)
SGSN
(2)
(4)
Edge Router
Operator NW
GPRS core
FW
18
Summary
  • Suitable transition techniques for IPv4
    interoperability exist
  • use dual stack nodes, encapsulation, and
    temporary IPv4 address allocation as primary
    interoperability mechanisms
  • if protocol translation is necessary, use upper
    layer translators where possible
  • use IP-layer protocol translators only when there
    is no other option
  • Applicability of Transition Mechanisms
  • 6to4 encapsulating mechanism is more competitive
    than others
  • Upgrade the existing IPv4 servers with dual stack
    support
  • In case of limited public IPv4 addresses,
    currently the use of RSIP is more preferred
    choice
  • Security Consideration -
  • - To preserve end-to-end integrity of data and
    when protocol translation is necessary one
    should use SOCKS or ALGs than SIIT and NAT-PT
  • - Trust Management with other operators is an
    important issue
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "GPRS Interworking with IPv6" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!