Download presentation
Presentation is loading. Please wait.
1
Mobile IPv6
2
Outline Introduction to MIPv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
3
Outline Introduction to MIPv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
4
MIPv6 Vs MIPv4 ˙它取消了原來在IPv4中Foreign Agent實體,而由路由器取代.
˙自動定址 (Auto-configure),自動化設定位址及預設閘道路由器,使用者方便取得IP . ˙封包傳送時利用IPv6 Destination Option同時傳送 Mobile IPv6的 訊息,簡化了Mobile IPv6的控制訊息 ˙採用路由最佳化(Route Optimization)機制,解決三角繞路的問 題 ˙採用Anycast Address方式來搜尋Home Agent ˙將Mobile IPv6的設計與IPv6緊密結合,它取消了原來 在IPv4中Foreign Agent實體,而由路由器取代. ˙IPv6定位址數量遠遠多於IPv4的定址數量 ˙自動定址 (Auto-configure),自動化設定位址及預設閘道路由器,使用者方便取得IP . ˙封包傳送時利用IPv6 Destination Option同時傳送 Mobile IPv6的 訊息,簡化了Mobile IPv6的控制訊息 ˙採用路由最佳化(Route Optimization)機制,解決三角繞路的問 題 ˙採用Anycast Address方式來搜尋Home Agent
5
Introduction to MIPv6 Mobile IPv6 Mobile IPv4 Foreign Agent No YES
Care-of Address CCoA only Foreign Agent or CCoA Obtaining Care-of Address IPv6 stateless and stateful mechanism By Foreign Agent or DHCPv4 Route Optimization Mandatory Option Packet tunnel during route optimization Forward packets with no tunneling Require packet tunneling between Mobile Node and Correspondent Node Home Agent involves route optimization Mobile IP message format IP Headers and ICMP Packets ICMP and UDP packets Mobile IP message Reduced and allow piggybacked in header Reg. Req, Bing Update, … Smooth Handover Reverse tunneling No ingress filtering problem Solve ingress filtering
6
Mobile IPv6網路系統架構 取消FA: 取消Foreign Agent CoA:
MIPv6取消了原先FA存在的必要性,將其功能融入IPv6路由器之中。 取消Foreign Agent CoA: MIPv6取消了Foreign Agent CoA的設計,改為使用IPv6裡定義,類似DHCP運作的stateful Auto-configuration,以及藉由Neighbor Discovery做IP重複位置確認 (Duplicate Address Detection, DAD)的stateless Auto-configuration產生CoA。
7
Mobile IPv6網路系統架構 路由最佳化:
MIPv6將路由最佳化列為必要項目,當MN位於Foreign Network時將會同時傳送位址更新訊息(BU)給HA以及CN,路由最佳化則是可以解決所有封包皆須經由HA轉送的三角路由問題。
8
Mobile IPv6 Benefits No Foreign Agent needed in MIPv6 Infrastructures do not need an upgrade to accept Mobile IPv6 nodes auto-configuration simplifies mobile node Care of Address (CoA) assignment option headers, neighbor discovery Optimized routing – avoids triangular routing Scales easier, but creates network management challenges Mobile nodes work transparently even with other nodes that do not support mobility Albeit without route optimisation
9
Mobile IPv6 Terms home address home subnet prefix home link
mobile node Movement L2 handover L3 handover correspondent node foreign subnet prefix foreign link care-of address home agent binding
10
Outline Introduction to ipv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
11
Basic Operation A mobile node is always expected to be addressable at its home address, whether it is currently attached to its home link or is away from home.
12
Mobility Header之前 在擁有Mobility Header之前(Draft第15版前),許多功能都是定義在Destination Options的Options裡: 在第15版裡 Binding Update Option: Option type=128 Binding Acknowledgment Option: Option type=7
13
Mobility Header選項 IPv6封包增加了Mobility Header選項 。 封包格式
14
Mobility Header選項 Payload Proto:8-bit selector,和Next Heaer相同,用以指明下一個Header。 Header Len:8-bit unsigned integer,除了前8個byte外的Mobility Header長度。 MH Type:8-bit selector,用來識別各種特殊的Mobility訊息,用來決定Message Data的型態。 Reserved:8bit,留做將來用。 Checksum:16bit unsigned integer,用“pseudo-header”的方式。 Message Data:它的內容由MH Type來決定。
15
Binding Update Message
MH Type=5 Message Data: A:Acknowledge H:Home Registration L:Link-Local Address Compatibility K:Key Management Mobility Capability
16
Binding Acknowledgement Message
MH Type=6 Message Data: K:Key Management Mobility Capability
17
Mobility Options Option Type:8bit,Option的類型,同時也決定了Option Data的格式。
Option Length:8-bit unsigned integer,除了Option Type和Option Length外的Mobility Options長度。 Option Data:它的格式會隨著Option Type來定。
18
Binding Updates to Correspondent Nodes
Registration Routing optimization
19
Authorizing Binding Management Messages
20
Outline Introduction to ipv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
21
IPv6 Host Address Auto-Configuration
Router位置的取得(在沒有Router的情況下也要能夠自動發現無Router存在)
22
IPv6 Host Address Auto-Configuration
IPv6已內建提供stateless auto-configuration之能力(RFC-2461),這主要是利用Neighbor Discovery(以下簡稱ND)來達成的。 ND的主要目標: 辨認在同一link之其他主機的link-layer位置 尋找位於同一link上之router 追蹤同一link上所有主機的狀態(是否仍在線上) 收集用來進行auto-configuration之資訊。 ND的基本運作環境是一個Broadcast網路,所以若是在非broadcast網路內,需要有些微的改變或是加強才能正常運作, 在wireless網路內,一般的broadcast只局限在單一cell內,若IP網域是以cell為subnet,應該可以不用修改架構就能使用ND,但若一subnet跨越多個cell時,就要有另外的輔助來促成ND的進行。
23
Outline Introduction to ipv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
24
DAD (Duplicate Address Detection)
跟目前在IPv4上利用ARP來檢查重覆IP的方式類似 只是DAD發出的是Neighbor solicitation而不是ARP request。
25
DAD (Duplicate Address Detection)
當MN檢測出已發生移動,使用IPv6機制產生新的轉交位址. 取得路由器Pre-fix加上MAC產生Global Address. 為防止位址衝突執行DAD檢測驗證合法性。考慮有多個移動點同時移動點進入相同網域同時進行DAD檢測,每個移動點應該隨機延遲一段時間(0~1000ms)[2]再傳送檢測要求等待聆聽1000ms有無節點回應.因此DAD檢測在換手過程佔最長時間.
26
Outline Introduction to ipv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
27
MIPv6 Operation -Handover
Network initiated Handover The network determines the Handover Mobile initiated Handover The MN determines the Handover Network initiated Handover The network determines the Handover (the oldAR decides the new point of attachment to which the MN will move). The oldAR initiates signalling to the MN and newAR to start the layer 3 Handover. Mobile initiated Handover The MN determines the Handover (the mobile must detect and start Handover). MN chooses to force its movement to a new point of attachment. The MN initiates signalling to the oldAR to start the handover.
28
Mobile IPv6運作流程 當MN從Router A移動到Router B之下,會收到新網域中Router B所發出來的RA,因為此RA中所帶的Network Prefix與原來不相同,所以MN會察覺到已經到了新網域,而自動設定其COA。 COA可以說是MN目前所在的資訊,在取得COA後,MN會送出Binding Update封包給HA,在Binding Update中會帶有CoA Option。 當HA收到BU時會更新其Binding Cache Entry並且會回覆給MN一個Binding Ack。 而此時當CN要傳送封包給MN時,會透過HA,利用Tunnel轉送封包給MN。 當MN收到由HA轉送來的封包後,MN知道尚有CN尚未更新其Binding Cache Entry,此時MN將對CN發送出Binding Update。 而CN將更新其Binding Cache Entry,並回覆Binding ACK給MN。 在此之後,CN和MN將不需再透過HA,可以直接溝通。
29
Mobile IPv6 : Concepts [3]
IP Header PayLoad CN S:MN’s Home Address D:CN’s IP Home Network Internet HA Foreign Network IP Header PayLoad S:CN’s IP D:MN’s Home Address Mobile Node
30
Mobile IPv6 : Concepts CN HA Mobile Node Home Network Internet
S: MN’s CoA D: Home Agent’s address CN Home Network PayLoad IP Header Mobilty Header Internet Binding Update HA MH=5 Binding Ack Foreign Network PayLoad IP Header Mobilty Header S: Home Agent’s address D:MN’s CoA MH=6 Mobile Node
31
Mobile IPv6 : Concepts CN HA Mobile Node Home Network Internet
IP Header PayLoad CN S:CN’s IP D:MN’s Home Address Home Network Internet HA Tunneled packets Foreign Network New IP Header Old IP Header PayLoad S::Home Agent’s address D:MN’s COA S::CN’s IP D:MN’s Home Address Mobile Node
32
Mobile IPv6 : Concepts CN HA Mobile Node Home Network Internet
S: MN’s CoA D: CN’s IP CN Home Network Internet PayLoad IP Header Mobilty Header HA MH=5 Binding Ack PayLoad IP Header Mobilty Header Binding Update S: CN’s IP D: MN’s CoA MH=6 Mobile Node
33
Mobile IPv6 : Concepts CN HA Mobile Node Home Network Internet PayLoad
IP Header Routing Header (includes MN’s Home Address) Internet HA S:CN’s IP D:MN’s COA PayLoad IP Header HA DestOpt (includes MN’s Home Address) S:MN’s COA D:CN’s IP Mobile Node
34
Mobile IPv6 Latency □ MIPv6換手延遲時間 ˙ Layer 2延遲
MH移動到新網域必須依照802.11協定跟AP作連結,這段時間依照各家廠牌有不同延遲時間.以D-Link為例在50~70ms. ˙ 移動偵測延遲 MH進入到Overlay Area收到新路由器廣播而且發現離開原有網路稱為移動偵測.這段時間決定在路由器廣播時間間隔,MH沒收到原路由器連續兩次廣播得知已離開原網域.RFC 規定路由器廣播間隔3s,支援Mobile IP建議300ms
35
Mobile IPv6 Latency DAD位址偵測延遲 註冊延遲
IPV6環境使用DAD(Duplicate Address Detection)來偵測網域其它節點是否有使用相同位址.MN使用Neighbor Discovery 送出欲偵測IP 等待聆聽1000ms如果沒有節點回應此訊息表示IP沒有重覆,MN便會將該IP指定給網卡介面.DAD偵測平均花費1787ms[1]. 註冊延遲 MN對Home Agent和CH註冊更新.MH送出Binding Update更新Home agent和CH Binding cache.此時MN在新網域才能接收到CN封包
36
Mobile IPv6 Latency □ MIPv6 Handoff Time
D= Dl2 + D movement detection + Ddad +Dreg
37
Outline Introduction to ipv6 Overview of Mobile IPv6
IPv6 Host Address Auto-Configuration DAD (Duplicate Address Detection) MIPv6 Operation –Handover Return Routability Conclusions References
38
路由返回程序 (Return Routability)
RR是在MN發BU之前作的 為了防止有人假冒行動節點發送連結更新給對應節點,所以在這邊做簡單但是有效的的確認程序
39
Return Routability:Step1 [3]
MN requests tokens by sending: Home Test Init(HoTI) Message Care-of Test Init(CoTI) Message CN Home Test Init Care-of Test Init Home Network PayLoad IP Header Mobilty Header Internet HA MH=1 Parameters: +home init cookie PayLoad IP Header Mobilty Header MH=2 Parameters: +Care-of Init Cookie Mobile Node
40
Return Routability:Step1
MN會發送本地測試初始(Home Test Init,HoTI)訊息和轉交測試初始(Coa-of Test Init,CoTI)訊息到對應節點 兩個封包都有夾帶著cookie 資料。 讓兩個封包走不同的路徑 是為了不讓有惡意的攻擊者同時攔截到兩個封包。
41
Return Routability:Step2
CN sends tokens to MN by sending: Home Test (HoT) Message Care-of Test (CoT) Message CN Home Test Care-of Test PayLoad IP Header Mobilty Header Home Network Internet MH=4 Parameters: +Care-of Init Cookie +Care-of Keygen Token +Care-of Nonce Index HA PayLoad IP Header Mobilty Header MH=3 Parameters: +Home Init Cookie +Home Keygen Token +Home Nonce Index Mobile Node
42
Return Routability:Step3
當成功產生連結管理金鑰(Kbm)後,返回路由能力流程即完成。 而其後行動節點所發送的連結更新訊息都要夾帶一個連結驗證資料給對應節點驗證,驗證資料的計算方式如下: 如此對應節點就可藉由驗證此資料是否正確,用來避免收到偽造的行動節點發送出假的連結更新訊息。
43
Return Routability:Step3
MN and CN generate the shared key from the tokens MN signs a BU message with the key, CN verifies the BU message with the key CN Home Network PayLoad IP Header Mobilty Header Internet HA MH=5 Shared Key(Kbm) = SHA1(home keygen token | care-of keygen token) Binding Update protected by the shared key Mobile Node
44
Return Routability--Home Test Init(HoTI)
MH Type=1 Message Data:
45
Return Routability-Care-of Test Init(CoTI)
MH Type=2 Message Data:
46
Return Routability-Home Test(HoT)
MH Type=3 Message Data: home keygen token := First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0)))
47
Return Routability-Care-of Test(CoT)
MH Type=4 Message Data: care-of keygen token := First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))
48
Return Routability Procedure
CN Im ; Init messgae HoT Tm ; Test message HoTI Tbu ; Binding Update HA CoTI Binding Update CoT Test return routability for home address(HoTI,HoT) Test return routability for care-of address(CoTI,CoT) HoT and CoT carry nonces to be combined to make Kbu Very few nodes see nonces in both HoT and CoT BSA in current specification is short-lived Correspondent node Keeps no per-mobile state during HoT/CoT Diffie-Hellman could be another option but it’s either expensive or patented MN
49
Return Routability Procedure (cont’d)
Correspondent node Mobile node Home agent Home Test Init(HoTI) Care-of Test Init(CoTI) Home Test(HoT) Care-of Test(CoT)
50
Home Test Init&Care-of Test Init
*Source Address = home address * Destination Address = correspondent * Parameters: + home init cookie Care-of Test Init *Source Address = care-of address * Destination Address = correspondent * Parameters: + care-of init cookie
51
Home Test & Care-of Test
* Source Address = correspondent * Destination Address = home address * Parameters: + home init cookie + home keygen token + home nonce index Care-of Test * Source Address = correspondent * Destination Address = care-of address * Parameters: + care-of init cookie + care-of keygen token + care-of nonce index home keygen token := First (64, HMAC_SHA1 (Kcn, (home address | nonce | 0))) care-of keygen token := First (64, HMAC_SHA1 (Kcn, (care-of address | nonce | 1)))
52
Conclusion 我們可以發現在MIPv6下的特色 也可針對MIPv6的作其他研究 架構的改變 路由最佳化 快速換手的機制
移動偵測的演算法 換手策略最佳化
53
Questions 以下何者不是MIPv6的特色 1. routing optimization
2. option headers, neighbor discovery 3. new message type 4. cancel the home agent 5. cancel the foreign agent
54
Questions Which message is not the New Internet Control Message
New IPv6 ICMP Messages Home Agent Address Discovery Request Home Agent Address Discovery Reply Mobile Prefix Solicitation All of the above
55
Reference Introduction to MIPv6 C. Perkins, “Mobility for IPv6,” Internet Draft, June 2002. K. El-Malki, P. Calhoun, T. Hiller, J. Kempf, P.J. McCann, A. Singh, H. Soliman, S. Thalanany, "Low latency Handoffs in Mobile IPv4", Internet Engineering Task Force draft-ietf-mobileip-lowlatency-Handoffs-v4-01.txt, May 2001. G. Tsirtsis, A. Yegin, C. Perkins, G. Dommety, K. El-Malki, M. Khalil, "Fast Handovers for Mobile IPv6", Internet Engineering Task Force draft-ietf-mobileip-fast-mipv6-00.txt, February 2001.
56
Reference [1] 高志名,預先註冊之快速換手階層化行動式IPV6研究, 國立中央大學,民國九十四年七月
[2] S.Thomson,T.Narten,and T.Jinmei,”IPV6 Stateless Auto address configuration”, RFC 2462,December 1998 [3]趙涵捷,“IPv6 Tutorial: Mobility “
Similar presentations