Title: GPRS Interworking with IPv6
1GPRS Interworking with IPv6
- Preeti Vinayakray-Jani
- NOKIA RESEARCH CENTER
- HELSINKI, FINLAND
2Outline
- GPRS Architecture - Basic Services
- IPv6 over GPRS - A Protocol Stack
- Interworking Mechanisms and their Examples
- GPRS Interworking with Internet
- Security Threats in GPRS systems with Examples
- Summary
3GPRS Architecture
h
Cellular world
Operator B
Operator A
SGSN
SGSN
VLR/HLR
VLR/HLR
GPRS core
GPRS core
GTP'
BG (46)
GGSN
GGSN
Existing IPv4 Internet
4Basic Services
- Address acquisition
- stateless
- stateful
- assign single address
- assign subnet
- GGSN intercepts and replies to neighbor discovery
messages - possible design
- GTP tunnel based on link-layer address only
- MN address assignment as a result of 'GPRS
Activate Context' request (which is triggered
during PPP setup) - GGSN sends router advertisements once GTP tunnel
is formed - Name resolution
- New DNS record types AAAA and A6
- AAAA support already exists
- DNS server should be dual stack
- Data transfer
5IPv6 Over GPRS Protocol stack
6Visited Network Support
- Network with IPv6 support (v6)
- In such a network there is an IPv6 router
reachable by the mobile host - the router
responds to IPv6 router solicitation requests
sent by the mobile host. The IPv6 router has
connectivity to the rest of IPv6 world. - Network with basic IPv4 support (v4)
- no support for IPv6
- no enforcing for the use of a Mobile IPv4 FA (may
not support MIPv4 at all) - Network with IPv4 supports in which use of
external FA (Foreign Agent) is mandatory (v4FA) - An IPv4 network not supporting IPv6 and requiring
the visiting mobile host to use an external FA in
the network. - In the first phase of evolution from IPv4 to
IPv6, v4 type of network will be the most common
visited network type (v4FA networks most probably
are rare because of the low deployment of MIPv4).
7Interworking Mechanisms
- Encapsulation
- Supports end-to-end IPv6 connectivity over IPv4
networks - Configured tunnels (does not scale)
- Automatic encapsulation (requires 1 public IPv4
address per recipient) - 6to4 encapsulation (requires 1 public IPv4
address per site) - Protocol translation
- Necessary for communication between IPv4 and IPv6
end points - Network layer translators
- SIIT, NAT-PT (require little or no host changes)
- Upper layer translators
- SOCKS, ALGs
- Temporary address allocation
- Supports end-to-end IPv4 connectivity between a
dual stack mobile node and IPv4-only
correspondent - AIIH (assigning IPv4 addresses to IPv6 hosts)
- RSIP (realm specific IP)
- Conti.
8Conti...Temporary Address Allocation
- AIIH may still be relevant
- Implementations reportedly under way
- Allows connections initiated from the outside
- - AIIH server is a combined DNS and DHCP server
- - Uses DHCPv6 extensions (Reconfigure)
- RSIP is promising but not a panacea
- Requires host modifications
- Intermediate node maintains state
- Potential problems with TCP states refused
connections, security exposures - Some application may assume all ltIP-address,
portgt pairs with the same 'IP-address' end in the
same node
9Encapsulation Example 6to4
- Requires only 1 IPv4 address per site
- Implemented on various OS
- Appears to be popular and effective
10Protocol Translation Example SIIT
- NAT-PT and BITS use translations specified by
SIIT
11Protocol Translation Example SOCKS
- host change required, but no changes to DNS,
routing etc. - implementation is available
- public acceptance unclear but appears to be
quite useful
12Temporary address allocation example RSIP
RSIP server
Correspondent
RSIP client
Address space B
Address space A
REGISTER_REQUEST
- preserves end-to-end functionality
- seen as 'next best thing' to IPv6
- no practical experience yet
ASSIGN_REQUEST (address in B, or
address/port-range)
data traffic
data traffic via tunnel
ASSIGN_REQUEST_EXT (address in B, or
address/port-range)
data traffic
data traffic via tunnel
DEALLOCATE
DE-REGISTER REQUEST
Note Responses from RSIP server are not shown
13Security Threats in GPRS systems
- Denial of Service (DOS)
- A particular victim Mobile host gets terminated
- Malicious party gets to see all traffic directed
to particular Mobile host - Session Stealing/Spoofing
- Eavesdropping and floods the Mobile host with
bogus traffic - Intercepting packets destined to Mobile host
- Incompetent Translator
- Attacker gains physical access via unattended
network socket by exercising some ARP requests to
DHCP and gets access to IP host and floods the
network - Simple attack through Intranet to GGSN's Gi
interface - Attack through GPRS Tunneling Protocol (GTP)
14Security Threats IP Attacks (1/3)
15Security Threat Attacks through GTP (2/3)
16Security Threat Through Translator (3/3)
17GPRS Interworking with Internet
- (1) Mobile node type and address
- (2) GGSN AP type (IPv4, IPv6, 6to4, ..) and
address - (3) Possibly needed TrGW - needed functionality
and address type - (4) Edge router (assumption dual stack)
functionality and address type - (5) Router 1 between IPv4 Internet and IPv6
network - (6) The host that the MN is connected to
- Points to think about
- If tunneling is needed, what tunneling mechanism
is used and what are the endpoints of the tunnel? - Is a translator such as NAT-PT needed in the
case? - Is there a sufficient number of public IPv4
addresses (most probably not) - ...
"ADDR"
(6)
Host
Operator own network
- TrGW
- NAT-PT
- RSIP
- Encapsulaton / decapsulation
- ALGs
- etc.
"ADDR"
(1)
(5)
(3)
SGSN
(2)
(4)
Edge Router
Operator NW
GPRS core
FW
18Summary
- Suitable transition techniques for IPv4
interoperability exist - use dual stack nodes, encapsulation, and
temporary IPv4 address allocation as primary
interoperability mechanisms - if protocol translation is necessary, use upper
layer translators where possible - use IP-layer protocol translators only when there
is no other option - Applicability of Transition Mechanisms
- 6to4 encapsulating mechanism is more competitive
than others - Upgrade the existing IPv4 servers with dual stack
support - In case of limited public IPv4 addresses,
currently the use of RSIP is more preferred
choice - Security Consideration -
- - To preserve end-to-end integrity of data and
when protocol translation is necessary one
should use SOCKS or ALGs than SIIT and NAT-PT - - Trust Management with other operators is an
important issue