SlideShare ist ein Scribd-Unternehmen logo

Support for Network-based User Mobility with LISP

Als PPTX, PDF herunterladen
Andrea Galvani
Andrea Galvani
Technologie
1 von 40
Support for Network-based User Mobility with LISP ANDREA GALVANI S U P E R VISO R PR O F. F U LVI O R I S S O ACA D E MI C T U TO R S P R O F. A L B E R T CA B E L LO S -A PA R ICIO M.S. A L B E R TO R ODR IG UEZ -NATAL
Wi-Fi Mobility Users switching between Wi-Fi networks (Handover)
Scenario A user is doing a VoIP call, or exchanging a file, ...
Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
Problem A TCP connection is represented by a 4-tuple: <source IP, source Port, destination IP, destination port> When the user moves, his IP changes The TCP connection is released
“Network-based” Host-based: additional software needs to be installed on the user’s host Network-based: No modifications to users’ devices required The network components take care of the mobile hosts’ mobility
Goals Connection continuity when roaming across Wi-Fi networks Users’ devices use standard TCP/IP stack Network components are in charge of managing users’ mobility Minimize modifications to other components Keep a high level of abstraction for future developments
State of the art IETF standards •Mobile IP v4 / v6 •Proxy Mobile IP v6 Adopted in 3G networks ...No standards for Wi-Fi networks
IP address constraint The IP address represents two properties at the same time • User’s identity • User’s location User’s location changes → User’s IP changes
LISP Locator/ID Separation Protocol Loc/ID split • One address space for user’s identity (EID – Endpoint IDentifier) • One address space for user’s location (RLOC – Routing LOCator) User’s location changes → User’s RLOC changes
LISP overview • xTR (Edge Router) RLOC: 130.1.1.3 • Subnetwork with EID-prefix • Users in the network are given an EID from the prefix • A Map-Server is used for storing mappings • A Map-Resolver for retrieving mappings EID – RLOC 10.1.1.0/24 – 130.1.1.3 EID: 10.1.1.7 EID-prefix: 10.1.1.0 /24
LISP in a nutshell RLOC: 130.1.1.3 IP ping RLOC: 150.1.1.5 2 10.1.1.1 → 10.1.2.3 ICMP Internet 1 3 Map-Reply 10.1.2.3 – 150.1.1.5 EID: 10.1.1.1 EID-prefix: 10.1.1.0 /24 EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
LISP in a nutshell RLOC: 130.1.1.3 Internet RLOC: 150.1.1.5 4 IP 10.1.1.1 → 10.1.2.3 ICMP ping IP UDP 4341 -> 4341 LISP ICMP EID-prefix: 10.1.1.0 /24 10.1.1.1 → 10.1.2.3 ICMP ping (Data) IP EID: 10.1.1.1 IP 130.1.1.3 → 150.1.1.5 5 10.1.1.1 → 10.1.2.3 ping  RLOC: global scope  EID: local scope EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
Idea 130.1.1.3 User’s mapping 10.1.1.1 – 130.1.1.3 10.1.1.1 150.1.1.5 10.1.2.3
Idea 130.1.1.3 10.1.1.1 150.1.1.5 User’s mapping 10.1.1.1 – 150.1.1.5 10.1.2.3 Update user’s RLOC when he moves  Establish TCP connections using EIDs
Solution Design – LISP-ROAM A solution to be implemented by Internet Service Providers New mobility service Full trust agreement Possibility to roam across every network User is assigned a fixed EID
Five Steps Everytime a user connects to a network... 1. User authentication 2. User’s EID retrieval 3. User’s local configuration 4. User’s home Map-Server retrieval 5. User’s location update
1. User authentication Username alice *** bob RADIUS Password *** RADIUS Server We need to keep track of the user while he moves alice@domainA.com *** EAP 802.1x standard xTR checks credentials with RADIUS domainA.com RADIUS Server stores users’ credentials
2. User’s EID retrieval Access-Request alice, *** 2 3 Access-Accept EID = 10.1.2.121 alice@domainA.com *** 1 domainA.com Username Password EID alice *** 10.1.2.121 bob *** 10.1.2.137 The RADIUS Server can store multiple attributes It’s possible to store user’s EID The RADIUS Server returns the EID embedded in the Access-Accept
3. User’s local configuration • If the user is in his home network He’s part of the EIDprefix 10.1.1.169 EID-prefix: 10.1.1.0 /24
3. User’s local configuration • If the user is in his home network 10.1.2.122 He’s part of the EID-prefix • If the user is foreign A local virtual interface is created The xTR is the default gateway for the user 10.1.2.121 EID-prefix: 10.1.2.120 /30 EID-prefix: 10.1.1.0 /24
User’s home Map-Server One Map-Server per domain All Map-Servers form a Distributed Mapping System Home Map-Server of domain A Map-Register 10.3.3.0/24 – 130.1.1.3 Authenticated 130.1.1.1 130.1.1.3 Home Map-Server Home domain’s Map-Server  Every xTR knows the key related to its EID-prefix EID-prefix: 10.1.1.0 /24 EID-prefix: 10.3.3.0 /24 domainA.com
4. User’s home Map-Server When a foreign user connects to a network the xTR has to retrieve user’s home Map-Server’s... 1. Address  Can be done using the LISP infrastructure ...or through other systems (DNS) 2. Key  ...use RADIUS attributes
4. User’s home Map-Server address EID RLOC 10.1.2.0/24 80.8.8.1 80.8.8.1 3 80.8.8.5 Map-Reply Map-Request 10.1.2.121 2 130.1.1.3 80.8.8.5 → 130.1.1.3 IP UDP 4342 → 4342 1 10.1.2.121 – 80.8.8.1 alice@domainA.com *** Map-Server’s IP = 10.1.2.121 EID-prefix: outer source IP 10.1.1.0 /24 LISP EID-prefix: 10.1.2.0 /24 domainA.com domainB.com
4. User’s home Map-Server key Username Password EID Map-Server key alice *** 10.1.2.121 «secret» bob *** 10.1.2.137 «secret» 2 3 Access-Accept EID = 10.1.2.121 Key = «secret» 1 domainA.com Home Map-Server’s key returned with Access-Accept
5. User’s location update EID RLOC 10.1.2.0/24 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 80.8.8.1 10.1.2.121/32 130.1.1.3 80.8.8.1 10.1.1.0/24 130.1.1.3 alice EID 10.1.2.121 MS address 80.8.8.5 MS key domainA.com RLOC 130.1.1.3 80.8.8.5 Username EID-prefix: 10.1.2.0 /24 EID «secret» alice@domainA.com *** EID-prefix: 10.1.1.0 /24 domainB.com
Update correspondent nodes 3 LISP Map-Server / Map-Resolver 4 4 Map-Request / Map-Reply for 10.1.2.121 1 5 6 10.1.2.121 7 10.1.2.121 2 Correspondent node
Test bed «LISP-B» «LISP-A» 10.1.2.121 alice@domainB.com EID-prefix: 10.1.1.0 /24 domainA.com FOREIGN 10.1.2.121 EID-prefix: 10.1.2.0 /24 10.1.3.165 domainB.com HOME
Handover test Latency / Packet loss 1. User home / foreign • User connects to his home / a foreign network 2. User known / unknown • User has connected before to the network
Results – User unknown
Results – User known
...other proposals No full trust between ISPs ISPs don’t share Map-Servers’ key No fixed EID for user LISP-MAC LISP-RADIUS
LISP-MAC •User assigned to a specific xTR of the domain Home xTR •MAC Mapping System MAChost – IPHomexTR •When a user connects to a foreign network Dialogue between foreign and home xTR
EID RLOC 10.1.2.0/24 LISP-MAC 80.8.8.1 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 10.1.2.121/32 130.1.1.3 MAC IPhomexTR MAChost 80.8.8.1 80.8.8.1 6 DHCP Request / ACK 4 EID RLOC 10.1.1.0/24 130.1.1.3 2 Map-Request MAChost Map-Reply MAChost - 80.8.8.1 130.1.1.3 3 5 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify 6 1 DHCP Request MAChost DHCP ACK 10.1.2.121 EID-prefix: 10.1.1.0 /24 domainB.com
LISP-RADIUS • User assigned to a specific xTR of the domain Home xTR • When a user connects to a foreign network Dialogue between foreign and home xTR •802.1x dialogue  User authentication  IPHomexTR
EID RLOC 10.1.2.0/24 LISP-RADIUS 80.8.8.1 10.1.2.121/32 130.1.1.3 Username Password IPhomexTR alice *** 80.8.8.1 bob *** EID Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 7 80.8.8.1 80.8.8.1 DHCP Request / ACK RLOC 10.1.1.0/24 130.1.1.3 Access-Request 2 alice@domainA.com *** 3 Access-Accept IPhomexTR = 80.8.8.1 130.1.1.3 5 6 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify EAP dialogue 1 alice@domainA.com *** DHCP Request 4 MAChost EID-prefix: 10.1.1.0 /24 7 DHCP ACK 10.1.2.121 domainB.com
Conclusions LISP-ROAM actually achieves connection continuity in user mobility It can be considered a suitable solution for realistic scenarios (buildings, campuses, ...) The solution has been tested in a small scope but can be considered being implemented in wider scenarios (ISP level) The assumptions made allow future extension / interoperability with 3G operators
Video demo Mobile host switching between Wi-Fi networks, while communicating with Correspondent Node (ping / TCP)
Thanks for your attention bit.ly/lisp-roam Andrea Galvani and.galva@gmail.com

Empfohlen

Nat 03
Nat 03Nat 03
Nat 03Davinder Chauhan
 
Jetking questions and answers 8.5x11
Jetking questions and answers 8.5x11Jetking questions and answers 8.5x11
Jetking questions and answers 8.5x11sunil kumar
 
Ccna interview questions
Ccna interview questionsCcna interview questions
Ccna interview questionsfazalurmsc
 
CCNA Dynamic Routing
CCNA Dynamic RoutingCCNA Dynamic Routing
CCNA Dynamic RoutingNetworkel
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCAS
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PATMuuluu
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-ahomeworkping10
 

Empfohlen

Nat 03
Nat 03Nat 03
Nat 03Davinder Chauhan
 
Jetking questions and answers 8.5x11
Jetking questions and answers 8.5x11Jetking questions and answers 8.5x11
Jetking questions and answers 8.5x11sunil kumar
 
Ccna interview questions
Ccna interview questionsCcna interview questions
Ccna interview questionsfazalurmsc
 
CCNA Dynamic Routing
CCNA Dynamic RoutingCCNA Dynamic Routing
CCNA Dynamic RoutingNetworkel
 
CCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCCNA 200-301 IPv6 addressing and subnetting MCQs Collection
CCNA 200-301 IPv6 addressing and subnetting MCQs CollectionCAS
 
NAT and PAT
NAT and PATNAT and PAT
NAT and PATMuuluu
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config GuideWoo Hyung Choi
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-ahomeworkping10
 
1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Ik
IkIk
Ikindirakumar86
 
IPv6 EIGRP
IPv6 EIGRPIPv6 EIGRP
IPv6 EIGRPIrsandi Hasan
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
ospf initial configuration
ospf initial configurationospf initial configuration
ospf initial configurationRandyDookheran1
 
Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat CYBERINTELLIGENTS
 
OSPF v3
OSPF v3OSPF v3
OSPF v3Irsandi Hasan
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성Woo Hyung Choi
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerHamed Moghaddam
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Hamza Malik
 
200 ccna questions
200 ccna questions200 ccna questions
200 ccna questionsDavi's Thomas
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edgeHarold Wong
 
Nat pat
Nat patNat pat
Nat patCYBERINTELLIGENTS
 
CCNA Access Control Lists
CCNA Access Control ListsCCNA Access Control Lists
CCNA Access Control ListsNetworkel
 
Nat
NatNat
NatElshan86
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4Nil Menon
 
Ccna 1 4
Ccna 1 4Ccna 1 4
Ccna 1 4Vahdet Shehu
 
Dhcp with cisco
Dhcp with ciscoDhcp with cisco
Dhcp with ciscoAnand Dhouni
 
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptxBRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptxSeptian122569
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 

Weitere ähnliche Inhalte

Was ist angesagt?

1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
ospf initial configuration
ospf initial configurationospf initial configuration
ospf initial configurationRandyDookheran1
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개Woo Hyung Choi
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Hamza Malik
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edgeHarold Wong
 
CCNA Access Control Lists
CCNA Access Control ListsCCNA Access Control Lists
CCNA Access Control ListsNetworkel
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4Nil Menon
 

Was ist angesagt? (19)

1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And Answers
 
Ik
IkIk
Ik
 
IPv6 EIGRP
IPv6 EIGRPIPv6 EIGRP
IPv6 EIGRP
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
ospf initial configuration
ospf initial configurationospf initial configuration
ospf initial configuration
 
Day 17.1 nat pat
Day 17.1 nat pat Day 17.1 nat pat
Day 17.1 nat pat
 
OSPF v3
OSPF v3OSPF v3
OSPF v3
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
 
ACI MultiFabric 소개
ACI MultiFabric 소개ACI MultiFabric 소개
ACI MultiFabric 소개
 
Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6Ccna v5-S1-Chapter 6
Ccna v5-S1-Chapter 6
 
200 ccna questions
200 ccna questions200 ccna questions
200 ccna questions
 
Lync 2010 deep dive edge
Lync 2010 deep dive edgeLync 2010 deep dive edge
Lync 2010 deep dive edge
 
Nat pat
Nat patNat pat
Nat pat
 
CCNA Access Control Lists
CCNA Access Control ListsCCNA Access Control Lists
CCNA Access Control Lists
 
Nat
NatNat
Nat
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4
 
Ccna 1 4
Ccna 1 4Ccna 1 4
Ccna 1 4
 
Dhcp with cisco
Dhcp with ciscoDhcp with cisco
Dhcp with cisco
 

Ähnlich wie Support for Network-based User Mobility with LISP

BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptxBRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptxSeptian122569
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSKathirvel Ayyaswamy
 
Capacitacion 2018
Capacitacion 2018Capacitacion 2018
Capacitacion 2018jou333
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginEC-Council
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Fedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friendsFedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friendsTim Martin
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)Jeff Green
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network TroubleshootingOpen Source Consulting
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6Nil Menon
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Agnieszka Kuba
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewAmeen Wayok
 

Ähnlich wie Support for Network-based User Mobility with LISP (20)

BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptxBRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
BRKDCT-2131-Mobility & Virt in the DC with LISP & OTV [Milan-2014].pptx
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
MULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKSMULTIMEDIA COMMUNICATION & NETWORKS
MULTIMEDIA COMMUNICATION & NETWORKS
 
Capacitacion 2018
Capacitacion 2018Capacitacion 2018
Capacitacion 2018
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
SIP security in IP telephony
SIP security in IP telephonySIP security in IP telephony
SIP security in IP telephony
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
NAT Traversal
NAT TraversalNAT Traversal
NAT Traversal
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
Icnd210 s07l02
Icnd210 s07l02Icnd210 s07l02
Icnd210 s07l02
 
06 tk 1073 network layer
06 tk 1073 network layer06 tk 1073 network layer
06 tk 1073 network layer
 
Itn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layerItn instructor ppt_chapter6_network_layer
Itn instructor ppt_chapter6_network_layer
 
Fedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friendsFedv6tf-IPv6-new-friends
Fedv6tf-IPv6-new-friends
 
6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)6.) switch quick config (fixed summits)
6.) switch quick config (fixed summits)
 
[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting[오픈소스컨설팅] Linux Network Troubleshooting
[오픈소스컨설팅] Linux Network Troubleshooting
 
CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6CCNA 1 Routing and Switching v5.0 Chapter 6
CCNA 1 Routing and Switching v5.0 Chapter 6
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe Zdalna komunikacja sieciowa - zagadnienia sieciowe
Zdalna komunikacja sieciowa - zagadnienia sieciowe
 
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment OverviewCISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
CISCO Virtual Private LAN Service (VPLS) Technical Deployment Overview
 

Kürzlich hochgeladen

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Support for Network-based User Mobility with LISP

  • 1. Support for Network-based User Mobility with LISP ANDREA GALVANI S U P E R VISO R PR O F. F U LVI O R I S S O ACA D E MI C T U TO R S P R O F. A L B E R T CA B E L LO S -A PA R ICIO M.S. A L B E R TO R ODR IG UEZ -NATAL
  • 2. Wi-Fi Mobility Users switching between Wi-Fi networks (Handover)
  • 3. Scenario A user is doing a VoIP call, or exchanging a file, ...
  • 4. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
  • 5. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
  • 6. Problem A TCP connection is represented by a 4-tuple: <source IP, source Port, destination IP, destination port> When the user moves, his IP changes The TCP connection is released
  • 7. “Network-based” Host-based: additional software needs to be installed on the user’s host Network-based: No modifications to users’ devices required The network components take care of the mobile hosts’ mobility
  • 8. Goals Connection continuity when roaming across Wi-Fi networks Users’ devices use standard TCP/IP stack Network components are in charge of managing users’ mobility Minimize modifications to other components Keep a high level of abstraction for future developments
  • 9. State of the art IETF standards •Mobile IP v4 / v6 •Proxy Mobile IP v6 Adopted in 3G networks ...No standards for Wi-Fi networks
  • 10. IP address constraint The IP address represents two properties at the same time • User’s identity • User’s location User’s location changes → User’s IP changes
  • 11. LISP Locator/ID Separation Protocol Loc/ID split • One address space for user’s identity (EID – Endpoint IDentifier) • One address space for user’s location (RLOC – Routing LOCator) User’s location changes → User’s RLOC changes
  • 12. LISP overview • xTR (Edge Router) RLOC: 130.1.1.3 • Subnetwork with EID-prefix • Users in the network are given an EID from the prefix • A Map-Server is used for storing mappings • A Map-Resolver for retrieving mappings EID – RLOC 10.1.1.0/24 – 130.1.1.3 EID: 10.1.1.7 EID-prefix: 10.1.1.0 /24
  • 13. LISP in a nutshell RLOC: 130.1.1.3 IP ping RLOC: 150.1.1.5 2 10.1.1.1 → 10.1.2.3 ICMP Internet 1 3 Map-Reply 10.1.2.3 – 150.1.1.5 EID: 10.1.1.1 EID-prefix: 10.1.1.0 /24 EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
  • 14. LISP in a nutshell RLOC: 130.1.1.3 Internet RLOC: 150.1.1.5 4 IP 10.1.1.1 → 10.1.2.3 ICMP ping IP UDP 4341 -> 4341 LISP ICMP EID-prefix: 10.1.1.0 /24 10.1.1.1 → 10.1.2.3 ICMP ping (Data) IP EID: 10.1.1.1 IP 130.1.1.3 → 150.1.1.5 5 10.1.1.1 → 10.1.2.3 ping  RLOC: global scope  EID: local scope EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
  • 15. Idea 130.1.1.3 User’s mapping 10.1.1.1 – 130.1.1.3 10.1.1.1 150.1.1.5 10.1.2.3
  • 16. Idea 130.1.1.3 10.1.1.1 150.1.1.5 User’s mapping 10.1.1.1 – 150.1.1.5 10.1.2.3 Update user’s RLOC when he moves  Establish TCP connections using EIDs
  • 17. Solution Design – LISP-ROAM A solution to be implemented by Internet Service Providers New mobility service Full trust agreement Possibility to roam across every network User is assigned a fixed EID
  • 18. Five Steps Everytime a user connects to a network... 1. User authentication 2. User’s EID retrieval 3. User’s local configuration 4. User’s home Map-Server retrieval 5. User’s location update
  • 19. 1. User authentication Username alice *** bob RADIUS Password *** RADIUS Server We need to keep track of the user while he moves alice@domainA.com *** EAP 802.1x standard xTR checks credentials with RADIUS domainA.com RADIUS Server stores users’ credentials
  • 20. 2. User’s EID retrieval Access-Request alice, *** 2 3 Access-Accept EID = 10.1.2.121 alice@domainA.com *** 1 domainA.com Username Password EID alice *** 10.1.2.121 bob *** 10.1.2.137 The RADIUS Server can store multiple attributes It’s possible to store user’s EID The RADIUS Server returns the EID embedded in the Access-Accept
  • 21. 3. User’s local configuration • If the user is in his home network He’s part of the EIDprefix 10.1.1.169 EID-prefix: 10.1.1.0 /24
  • 22. 3. User’s local configuration • If the user is in his home network 10.1.2.122 He’s part of the EID-prefix • If the user is foreign A local virtual interface is created The xTR is the default gateway for the user 10.1.2.121 EID-prefix: 10.1.2.120 /30 EID-prefix: 10.1.1.0 /24
  • 23. User’s home Map-Server One Map-Server per domain All Map-Servers form a Distributed Mapping System Home Map-Server of domain A Map-Register 10.3.3.0/24 – 130.1.1.3 Authenticated 130.1.1.1 130.1.1.3 Home Map-Server Home domain’s Map-Server  Every xTR knows the key related to its EID-prefix EID-prefix: 10.1.1.0 /24 EID-prefix: 10.3.3.0 /24 domainA.com
  • 24. 4. User’s home Map-Server When a foreign user connects to a network the xTR has to retrieve user’s home Map-Server’s... 1. Address  Can be done using the LISP infrastructure ...or through other systems (DNS) 2. Key  ...use RADIUS attributes
  • 25. 4. User’s home Map-Server address EID RLOC 10.1.2.0/24 80.8.8.1 80.8.8.1 3 80.8.8.5 Map-Reply Map-Request 10.1.2.121 2 130.1.1.3 80.8.8.5 → 130.1.1.3 IP UDP 4342 → 4342 1 10.1.2.121 – 80.8.8.1 alice@domainA.com *** Map-Server’s IP = 10.1.2.121 EID-prefix: outer source IP 10.1.1.0 /24 LISP EID-prefix: 10.1.2.0 /24 domainA.com domainB.com
  • 26. 4. User’s home Map-Server key Username Password EID Map-Server key alice *** 10.1.2.121 «secret» bob *** 10.1.2.137 «secret» 2 3 Access-Accept EID = 10.1.2.121 Key = «secret» 1 domainA.com Home Map-Server’s key returned with Access-Accept
  • 27. 5. User’s location update EID RLOC 10.1.2.0/24 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 80.8.8.1 10.1.2.121/32 130.1.1.3 80.8.8.1 10.1.1.0/24 130.1.1.3 alice EID 10.1.2.121 MS address 80.8.8.5 MS key domainA.com RLOC 130.1.1.3 80.8.8.5 Username EID-prefix: 10.1.2.0 /24 EID «secret» alice@domainA.com *** EID-prefix: 10.1.1.0 /24 domainB.com
  • 28. Update correspondent nodes 3 LISP Map-Server / Map-Resolver 4 4 Map-Request / Map-Reply for 10.1.2.121 1 5 6 10.1.2.121 7 10.1.2.121 2 Correspondent node
  • 30. Handover test Latency / Packet loss 1. User home / foreign • User connects to his home / a foreign network 2. User known / unknown • User has connected before to the network
  • 31. Results – User unknown
  • 33. ...other proposals No full trust between ISPs ISPs don’t share Map-Servers’ key No fixed EID for user LISP-MAC LISP-RADIUS
  • 34. LISP-MAC •User assigned to a specific xTR of the domain Home xTR •MAC Mapping System MAChost – IPHomexTR •When a user connects to a foreign network Dialogue between foreign and home xTR
  • 35. EID RLOC 10.1.2.0/24 LISP-MAC 80.8.8.1 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 10.1.2.121/32 130.1.1.3 MAC IPhomexTR MAChost 80.8.8.1 80.8.8.1 6 DHCP Request / ACK 4 EID RLOC 10.1.1.0/24 130.1.1.3 2 Map-Request MAChost Map-Reply MAChost - 80.8.8.1 130.1.1.3 3 5 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify 6 1 DHCP Request MAChost DHCP ACK 10.1.2.121 EID-prefix: 10.1.1.0 /24 domainB.com
  • 36. LISP-RADIUS • User assigned to a specific xTR of the domain Home xTR • When a user connects to a foreign network Dialogue between foreign and home xTR •802.1x dialogue  User authentication  IPHomexTR
  • 37. EID RLOC 10.1.2.0/24 LISP-RADIUS 80.8.8.1 10.1.2.121/32 130.1.1.3 Username Password IPhomexTR alice *** 80.8.8.1 bob *** EID Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 7 80.8.8.1 80.8.8.1 DHCP Request / ACK RLOC 10.1.1.0/24 130.1.1.3 Access-Request 2 alice@domainA.com *** 3 Access-Accept IPhomexTR = 80.8.8.1 130.1.1.3 5 6 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify EAP dialogue 1 alice@domainA.com *** DHCP Request 4 MAChost EID-prefix: 10.1.1.0 /24 7 DHCP ACK 10.1.2.121 domainB.com
  • 38. Conclusions LISP-ROAM actually achieves connection continuity in user mobility It can be considered a suitable solution for realistic scenarios (buildings, campuses, ...) The solution has been tested in a small scope but can be considered being implemented in wider scenarios (ISP level) The assumptions made allow future extension / interoperability with 3G operators
  • 39. Video demo Mobile host switching between Wi-Fi networks, while communicating with Correspondent Node (ping / TCP)
  • 40. Thanks for your attention bit.ly/lisp-roam Andrea Galvani and.galva@gmail.com