PUBLIC ACCESS MOBILITY LAN: EXTENDING THE WIRELESS INTERNET INTO THE LAN ENVIRONMENT

1
PUBLIC ACCESS MOBILITY LANEXTENDING THE
WIRELESS INTERNET INTO THELAN ENVIRONMENT

• JUN LI
• STEPHEN B.WEINSTEIN
• JUNBIAO ZHANG
• NAN TU
• NEC USA INC.

2
Outline

• Introduction
• PamLAN
• Architecture Protocol Components
• Security Issues
• Mobility Management
• Conclusion

3
Introduction

• Aim is to meet
• Ubiquitous access
• High data rate
• Local services
• Need for Wireless LAN environments

4
Introduction (contd)

• Architectural guidelines for WLAN environments
• Large-scale
• IP-based
• Supporting mobile/portable appliances

5
Introduction (contd)

• IP-level service
• Independence from wireless medium access
  technology
• Multi-segment LAN
• Supporting handoffs
• Based on wired LAN environment
• Wireless access points are imbeded

6
Introduction (contd)

• Recent developments in
• Cellular systems
• Wireless LAN technologies
• Most WLANs are
• Either private (i.e. For companies)
• Or available through subscription

7
PamLAN

• IP-based Public Access Mobility LAN
• Supports Internet Access via WLANs
• Multiple air interfaces
• Multiple virtual operators
• Location dependent services
• Local IP mobility
• QoS (within wired network)

8
PamLAN

• Stakeholders
• Network operators
• Hotel, airport, ...
• Third-party service providers (like ISPs)
• Franchises obtained from PamLAN operator
• Also called virtual operators
• End users

9
PamLAN

• May have multiple LAN segments
• Airports, hotels, universities, ...
• Can be built on existing LANs
• By adding wireless access points

10
PamLAN vs. Cellular Systems

• Even 3G mobile communication systems would not be
  sufficient for evolving Internet applications
• 384 kb/s outdoors, 2 Mb/s indoors downstream
  burst rates
• Intrinsic problem providing continuous coverage
  in reserved spectrum
• Investment/Capacity scalability???

11
PamLAN vs. Cellular Systems

• WLANs have free spectrum
• Problem Potential interfarence
• i.e. IEEE 802.11b Bluetooth
• Property owners may be agreed or enforced on
  compatibility

12
Promises of PamLAN

• Addresses problems in current WLANs
• Lack of public access
• Being tied down to a single access point
• Single air interface
• Not a breakthrough in technological capacities
• Combination of available technologies

13
PamLAN Usage of WLAN

• WLANs
• Has cost/performance advantages when compared
  with cellular mobile systems
• Likely to be the prefered technology in future
  for Internet appliance communication sessions

14
Architecture

• PamLAN/VOLAN/VLAN hierarchy
• PamLAN multiple virtual operators
• VOLAN Virtual Operator LAN
• Extends VLAN capabilities across subnetworks
• VLAN Virtual LAN
• Implements user group feaures
• Simulates a physical LAN on a multisegment LAN
  environment

15
Architecture (contd)

• Switched Ethernet LAN
• Access Points
• Supporting IEEE, Bluetooth, Cellular, ...
• IP-based access router with proxies
• Gateway routers
• Internet access through IP-tunneling

16
Architecture (contd)
17
Architecture (contd)

• QoS is supported by Ethernet Switches
• CSMA/CD full duplex (no contention)
• Integration of Cellular IP Mobile IP for
  supporting mobility
• MPLS (Multi-Protocol Label Switching)
• Brings QoS across multiple LAN segments

18
Related Protocols Standards

• IEEE VLAN standard 802.1Q
• 12 bit VLAN ID imbedded within 4 byte section of
  Ethernet header determines membership
• IEEE 802.1p header for QoS
• 3 bit section in IEEE 802.1Q header that
  differentiate 8 frame priorities

19
Large Scale PamLAN

• For single VLAN QoS can be easily supported
• For large scale WLANs?
• Intermediate routers work at layer 3
• Layer 2 information is lost
• Source destination addresses must be used for
  VOLAN membership
• Intermediate routers must know all IP addresses
  for VLAN mapping

20
Large Scale PamLAN (contd)

• Solution MPLS
• Simple efficient
• Access points Internet gateways handle VOLAN
  provisioning
• Intermediate routers are shielded from details
• VLAN for grouping traffic per VOLAN
• MPLS for whole PamLAN

21
MPLS (Multi-Protocol Label Switching)

• Tunnels traffic between gateways access points
• Intermediate routers only examine MPLS labels,
  which imposes a path
• Forwarding Equivalence Class (FEC)
• Formed based on VOLAN membership QoS
• FEC is inserted in MPLS label
• Used for 802.1p priority within VLAN

22
MPLS (contd)
23
MPLS (contd)

• Traffic engineered paths can be set up among
  access points and Internet gateways according to
  service contracts between PamLan virtual
  operators

24
Protocol Stack
25
Security Issues

• Mutual Authentication
• Secure Channel Establishement
• Authorization
• Filtering at the access point

26
Mutual Authentication

• RADIUS (Remote Authentication Dial-In User
  Service)
• IP-based authentication (802.11 proposal)
• 5 Basic Steps
• Obtaining IP (DHCP)
• Login session
• access point relay agent to virtual operator
• Challenge-responce protocol for authentication
• PKC for securing channel

27
Mutual Authentication (contd)
28
Securing Channel

• After authentication
• Users profile is transfered to the access point
  including his/her public key
• Access point sends session key encrypted under
  the corresponding public key
• IPSEC together with ESP can be used for security
  at IP layer depending on user requests

29
Authorization Control

• Based on user credentials, packets can be
  filtered at the access point

30
Accounting

• 3 possible charging policies
• Flat-fee based
• Per-session
• Usage based
• Avoidance dispute by digital signature

31
Mobility Issues

• Mobility should be supported at layer 3
• Multiple subnetworks within PamLAN
• Micromobility
• Roaming within PamLAN

32
Mobility Issues (contd)

• Possible approaches
• Cellular IP refreshing router contents can be a
  burden for too many users
• MPLS based only end points have to update
  location
• Old, new access points and Internet gateway need
  to be informed

33
Mobility Issues (contd)

• Fast handoff
• No repetative authentication
• Move user profile from old access point to the
  new one
• Access point re-establishes connection with
  virtual operator
• Access point sends old session key and new
  session key encrypted under users public key

34
Conclusion

• Sequre
• Extensible
• Multiple services
• Multiple air interfaces
• ? Are all appliances capable of handling PKC
  opreations