1. Mobilité IP Introduction
Plan Différents types de mobilité
• Introduction
– Qu’est-ce que la mobilité IP ? Home Network
Mobile Cellular
• Architecture Mobile IP Network
• Mécanismes de mobilité IP
– Découverte d’agent POP
– Enregistrement POP Mobile host
– Tunnelage
Internet POP Visited LAN
• Fonctionnalités avancées POP
• Micro-mobilité
Mobile host
• Support de mobilité fourni par IPv6
PSTN
Mobile host
• Mobile IP & 3G
Mobile host
• Conclusion
mobilité IP 3 mobilité IP 4
Différents types de mobilité Mobilité IP ≠ LANs sans fil (WLAN)
• LANs sans fil aujourd’hui :
– IEEE 802.11, Bluetooth …
– AP IEEE 802.11 AP = pont entre
le réseau fixe et le réseau sans
• Nomadisme (DHCP) fil
• Ordinateurs mobiles (Mobile IP, IEEE 802.11) • handoffs de niveau 2
supportés mais PAS la
• Réseaux mobiles (réseaux Ad-hoc) mobilité IP (les handoffs
sont supportés au sein d’un
même sous-réseau IP)
• Besoin de protocoles fournissant un service de
localisation • Mobilité IP ≠ Interface sans fil
mobilité IP 5 mobilité IP 6
2. Différents types de mobilité Différents types de mobilité
mobilité IP 7 mobilité IP 8
Mobilité Introduction Mobile IP (1)
Address: Home Address
Mobile node • Sillage des réseaux GSM
– Mobilité = nécessité pour les utilisateurs d’un système de
Home Network
communication
Data
– Tous les réseaux existants se donnent pour mission de
Correspondent Internet Base station
proposer ce service
• Standard TCP/IP : réseau le + étendu au monde
– Principe Anywhere, Any Time, Network Access
– Réseau IP : l’une des principales sources d’information
mobilité IP 9 mobilité IP 10
Introduction Mobile IP (2) Cahier des charges pour l’architecture de mobilité IP
• Échelle planétaire : • Two major requirements arise when considering IP mobility:
– Quasi-totalité des réseaux fournissent une entrée au réseau – Application transparency : Dealing with a mobile
Internet configuration should not necessitate a mobile-aware
– Avec mobilité : garantie d’un accès universel, simple application. This is needed in order to avoid application
d’emploi et pratique replacement on all Internet hosts!
• Groupe de travail de l’IETF : proposition IP Mobile – Seamless roaming : When a user goes out of his corporate
– Proposer une localisation planétaire par l’adresse IP network and roams around in the Internet, the requirement is
(à l’instar du roaming du GSM) to assure a seamless Internet communication between this
user and his correspondents whatever the access network
used by the mobile roaming user
• IP préexiste au concept nomade
– GSM doté dès l’origine de telles fonctions
• Dealing with mobility at the IP layer provides a way to
– IP : « bricolage » de solutions pour ajouter la mobilité
answer the above requirements
mobilité IP 11 mobilité IP 12
3. Problématique de la mobilité dans IP Why isn’t IP mobility simple? (1)
• Difficultés pour intégrer à IP de nouvelles fonctions • The complexity comes from the current use of IP addresses.
devant offrir la mobilité
• An IP address is used to
– identify a particular end-system. In this respect, IP
addresses are equivalent to FQDNs (Fully Qualified Domain
Names) and the equivalence is maintained in a DNS, Domain
Name Server
– identify a particular TCP session in an IP host since a TCP
socket consists of a (destination IP address, destination port
number) couple
– determine a route to a destination IP host.
• The first two uses come into contradiction with the third use
when mobility is considered
mobilité IP 13 mobilité IP 14
IP mobility: routing
mobility: Why isn’t IP mobility simple? (2)
• The first use supposes that a host’s IP address should
never change since the DNS should always point to the
132.227.61.0
same IP address
Data for the mobile
is routed to its • The second use supposes that a host’s IP address should
home network 132.227.61.30 132.227.61.31 132.227.61.32 never change during a TCP session otherwise the
session would be lost
Internet
Roaming
• The third use supposes that when the host is roaming
outside its home network (the network which has the
135.139.18.0
prefix of the host’s IP address), it should change its
address (and take an address with a prefix given by the
visited network) in order to receive the datagrams
Correspondent 135.139.18.12 135.139.18.13
destined to it
mobilité IP 15 mobilité IP 16
Why isn’t IP mobility simple? (3) Mobile IP standardization process
• A possible answer to the third constraint would be to use a
DHCP (Dynamic Host Configuration Protocol) server in order • The standardization of Mobile IP is being mainly carried out at the
to obtain an address on the visited network IETF (Internet Engineering Task Force)
• The IP Routing for Wireless/Mobile Hosts (MobileIP) Working
• This however poses a problem with the first two constraints Group is in charge of defining and specifying the Mobile IP
architecture and protocols
– First, the IP address of a host having changed, the DNS in
• The major architecture components are already in the standards
the home network should be updated by the mobile host
track (Request For Comments, RFCs 2002-2006)
on the visited network. This may be very dangerous on a
security standpoint! • Some very interesting enhanced functionalities are still considered as
work in progress and specified in Internet Drafts
– Second, this solution can not provide a seamless continuous
• These documents and other related information may be found at the
mobility capability since when the mobile host’s IP address is
mobileip WG home page on the Web :
changed, all TCP sessions involving this host should be
http://www.ietf.org/html.charters/mobileip-charter.html
dropped and reinitialized with the new IP address
mobilité IP 17 mobilité IP 18
4. Plan
• Introduction
– Qu’est-ce que la mobilité IP ?
• Architecture Mobile IP
• Mécanismes de mobilité IP
– Découverte d’agent
Overview of the IP mobility architecture
– Enregistrement
– Tunnelage
• Fonctionnalités avancées
• Micro-mobilité
• Support de mobilité fourni par IPv6
• Mobile IP & 3G
• Conclusion
mobilité IP 19
Functional entities The Mobile IP basic concept
• The Mobile IP architecture resolves the above contradiction
• Mobile node : A host or a router that roams from one
by using 2 IP addresses for a mobile host :
network or subnetwork to another outside its home network
without changing its long term IP address (the home address)
– The Home address is a permanent address used to
identify uniquely the IP host on the Internet (answers the
• Home agent : This is typically a router on a mobile node’s two first IP addresses constraints)
home network which delivers datagrams to departed mobile
nodes, and maintains current location information for each
– The Care-of address is a temporary address used to
route the datagrams destined to the mobile host to the
• Foreign agent : This is typically a router on a mobile node’s current attachment point of this host (answers the last IP
visited network that collaborates with the Home agent to addresses constraint)
complete the delivery of datagrams to the mobile node while
it is away from home
mobilité IP 21 mobilité IP 22
Plan Main functions
• Introduction
– Qu’est-ce que la mobilité IP ?
• Agent Discovery :
• Architecture Mobile IP – Home Agents & Foreign Agents send advertisements on the
link. A mobile can ask for advertisements to be sent.
• Mécanismes de mobilité IP
– Découverte d’agent • Registration :
– Enregistrement
– Tunnelage – When a mobile is away, it registers its temporary address
with its home agent
• Fonctionnalités avancées
• Tunneling :
• Micro-mobilité
– The packets for the mobile are intercepted by the HA and
tunnelled to the mobile
• Support de mobilité fourni par IPv6
• Mobile IP & 3G
• Conclusion
mobilité IP 23 mobilité IP 24
5. Mobile IP Protocol overview
1. Home Agent & Foreign Agent broadcast or multicast
Home Network Home Address ®
Care-of Address agent advertisements on their respective links.
Home Agent
Home Address ®
IP T Care-of Address
2. Mobile nodes listen to Agent Advertisements. They
IPsrc = Home Agent unn
el examine the contents of these advertisements to
IPDst = Foreign Agent Foreign Network determine whether they are on the home or on a
Tunnel
Header Data Internet Agent
a dvertise visited network
Header ment
Re
gis
IPsrc = Host tra
t
Foreign Agent 3. A mobile node on a visited network acquires a
IPDst = Mobile ion
temporary address (care of address)
Header Data Mobile Node
The mobile is on
Correspondent its Home
Network
mobilité IP 25 mobilité IP 26
Protocol overview
4. The mobile registers its COA with its home agent
5. The Home Agent sends ARP on the Home Network IP mobility mechanisms
(IP@ <-> MAC@). The packets for the mobile are
intercepted and sent to the current position of the
Agent discovery
mobile
Registration
6. The packets arrive to the COA and are decapsulated in
order to extract the original packet
Tunneling
7. The packets from the mobile are sent directly to the
correspondents
mobilité IP 27
Agent Discovery Agent Discovery
• Process by which the mobile detects where it is attached
(home or visited network)
• Allows the mobile to determine a COA when the mobile is on a
visited network
• Based on 2 types of messages:
– Agent Advertisement : broadcast or multicast by the agents
– Agent Solicitation : sent by a mobile which does not want to
wait for an AA
• Message authentication
mobilité IP 29 mobilité IP 30
6. Agent Solicitation Message Mobile Agent Discovery
• An extension, called the Mobility Agent extension, is
appended to ICMP Router Advertisement to constitute the
Agent Advertisement message
Vers = 4 IHL Type of Service Total Length
Identification Flags Fragment Offset
TTL = 1 Protocol = ICMP Header Checksum
IP header
(RFC 791) • A Foreign Agent uses the Agent Advertisement message in order
Source Address = Mobile node ’s Home Address to indicate the Care-of Address to a Mobile Node
Destination Address = 255.255.255.255 or 224.0.0.2
ICMP Router
Type =10 Code = 0 Checksum
Solicitation
Reserved (RFC 1256) • A Home Agent uses the Agent Advertisement message so that a
Mobile Node knows when it has returned to its Home
Network
• A Mobile Node is allowed to send ICMP Router Solicitation
messages in order to elicit a Mobility Agent Advertisement
mobilité IP 31 mobilité IP 32
Mobile Agent Discovery Agent Advertisement Message
Getting a COA
Vers = 4 IHL Type of Service Total Length
• A Care-of Address may be obtained from the Foreign Agent by Identification Flags Fragment Offset
an Agent Advertisement. TTL = 1 Protocol = ICMP Header Checksum
IP header
(RFC 791)
– It may also be obtained from a RAS (Remote Access Server) Source Address = Home/Foreign Agent ’s Address on this link
implementing PPP or from a DHCP server on a foreign LAN. Destination Address = 255.255.255.255 or 224.0.0.1
Type =9 Code Checksum
– In this case the Care-of Address is said to be collocated Num Addrs Add Entry Size Lifetime (of this Advertissement)
since it is directly assigned to the Mobile Node interface and Router Address [1] ICMP Router
Advertisement
not to a Mobile Node through a Foreign Agent. Preference Leve [1] (RFC 1256)
Router Address [2]
Preference Leve [2]
• For a collocated Care-of Address, the tunnel terminates at the ...
Mobile Node interface Type = 16 Length Sequence Number
(Maximum) Registration Lifetime R B H F M G V Reserved Mobility Agent
Advertisement
Care-of Address [1] Extension
Care-of Address [2] (RFC 2002)
...
Type = 19 Length Prefix Length [1] Prefix Length [2] Prefix Length
Extension Optional
... (RFC 2002)
mobilité IP 33 mobilité IP 34
Mobile Agent Discovery
Mobile Agent Discovery Mobility Agent Advertisement Extension
• Flags:
• It is based upon an extension of the ICMP (Internet – R=Registration required at the Foreign Agent
Control Message Protocol) Router Discovery protocol – B=Busy
– H=Home Agent
– F=Foreign Agent
• A router periodically broadcasts ICMP Router
– M,G,V indicate the encapsulation type
Advertisement messages on the different directly
• Type identifies the Mobility Agent Advertisement extension
attached subnetworks
• Length is the total length of this extension which depends on the number
of Care-of Addresses
• This allows the hosts on these subnets to discover the • Lifetime specifies the duration of the Care-of Address support on the
router Foreign Agent
• For a Home Agent, Zero Care-of Address is advertised
• For a Foreign Agent, typically one Care-of Address is advertised
• Sequence Number is incremented at each Advertisement
mobilité IP 35 mobilité IP 36
7. Registration
• Functionnalities
– Ask for routing functionnalities of the FA
– Tell the HA the new location of the mobile
– Update a binding which is about to expire
– De-register the mobile when it is back on its home network
Registration • Triggered as soon as the mobile detects it changed its point of
attachement
• Use of the information obtained by agent discovery to determine the
type of registration to be done
• Two registration procedures
– With the « Foreign Agent »
– With the temporary address of the mobile
mobilité IP 38
Registration Registration
• Once the Mobile Node receives a Care-of Address, it should
register its (Home Address, Care-of Address) binding at
his Home Agent Mobile 2.
Registration Request.
1.
• This is done using 2 messages :
– Registration Request
Internet
– Registration Reply
Foreign Agent Home Agent
• They both use a UDP/IP service
4.
3.
Registration Reply.
mobilité IP 39 mobilité IP 40
Registration
Registration Request
Registration
1 byte 1 byte 1 byte 1 byte
Vers = 4 IHL Type of Service Total Length
Type SBDMGVrsvd Lifetime Identification Flags Fragment Offset
IP header
TTL Protocol = UDP Header Checksum (RFC 791)
Source Address
Home Address Destination Address
Source Port Destination Port = 434
Home Agent Length Checksum
UDP header (RFC 768)
Type =1 S B D M G V Rsv Lifetime
Care-of Addresses... Mobile Node’s Home Address
Registration
Home Agent Address Request
Care-of Address (RFC 2002)
Identification Identification
Extensions
mobilité IP 41 mobilité IP 42
8. Registration
Registration Request
Registration Request
• Flags : • Registering with the FA
– S=Simultaneous Registrations (multiple Care-of Adresses) – The FA receives the message and may reject it:
– B=Broadcast • Invalid authentication
– D=Care-of Address collocated with the Mobile Node • The lifetime value exceeds what may be accepted by the FA
– M,G,V indicate the encapsulation type • The mobile wishes to use a tunneling type not supported by the
FA
• Type identifies the Registration message • The FA has not enough resources
• Lifetime specifies the duration of the mobility addresses binding – Otherwise, it forwards the request to the HA
• Home Address is bound to the Care-of Address
• Home Agent identifies the Home Agent that should register the • Registering with the HA
binding – The HA also checks the registration should be accepted (same
• Identification is used to protect against replay attacks and allows to conditions)
correlate a Registration Request with a Registration Reply message – If it is accepted, the HA
• Updates its binding table
• The Mobile-Home authentication extension is used to authenticate
• Sends a proxy ARP message on the local link
the Mobile Node at the Home Agent
• Sends a registration reply
mobilité IP 43 mobilité IP 44
Registration
Registration Reply
Registration Reply
1 byte 1 byte 1 byte 1 byte
Vers = 4 IHL Type of Service Total Length
Type Code Lifetime Identification Flags Fragment Offset
IP header
TTL Protocol = UDP Header Checksum (RFC 791)
Source Address
Home Address Destination Address
Source Port Destination Port = 434 UDP header (RFC 768)
Home Agent Length Checksum
Type =3 Code Lifetime
Mobile Node’s Home Address
Registration
Home Agent Address
Identification Reply
(RFC 2002)
Identification
Extensions
mobilité IP 45 mobilité IP 46
Registration
Registration Reply
Registration Reply
• Type identifies the Registration message • The FA receives a registration reply
• Lifetime specifies the duration of the mobility addresses binding – If the RR is invalid, the agent sends a Registration Reply describing the reason
why the registration was rejected
• Home Address identifies the Mobile Node to which this message is – Otherwise, the agent
related • Updates its binding table
• Home Agent identifies the Home Agent having registered the • Forwards the message to the mobile
binding • Starts to handle the messages for the mobile
• Identification is used to protect against replay attacks and allows to
• Reception of the RR by the mobile
correlate a Registration Request with a Registration Reply message
– If the registration was rejected, the mobile tries to change its registration
• The Mobile-Home authentication extension is used to authenticate procedure
the Home Agent at the Mobile Node – Otherwise the mobile updates its routing table
• Code gives the result of the registration
– 0 : registration accepted
– 66, 69, 70... : registration denied by the Foreign Agent
– 130, 131, 133... : registration denied by the Home Agent
mobilité IP 47 mobilité IP 48
9. Registration Exemple
• Via le Foreign Agent :
• Adresse home du mobile node =129.34.78.5
FA
• HA du mobile node = 129.34.78.254
• FA address = 137.0.0.11
FA • FA care of address = 9.2.20.11
• Home node source port = 434
temps
FA HA
• Mobile node source port = 1094
• FA source port = 1105
FA HA
• Care-of-address registration lifetime = 60000 s
• HA granted lifetime = 35000 s
FA
mobilité IP 49 mobilité IP 50
Exemple Exemple
Agent advertisement
IP header fields ICMP header Router Adv. header Mobile service extensions Home -> Foreign
S=137.0.0.11 Type=9 Lifetime=60000 IP header fields UDP header Mobile-IP message fields Authentication Ext.
D=255.255.255.255 code=16 COA=9.2.20.11
F=1 S= 129.34.78.254 Type = 3
S=434 SPI=303
Mobile -> Foreign D= 9.2.20.11 D=1105 lifetime=35000
TTL=64 COA=9.2.20.11
IP header fields UDP header Mobile-IP message fields Authentication Ext. HA=129.34.78.254
MA=129.34.78.5
S=129.34.78.5 S=1094 Type = 1 SPI=302
D= 137.0.0.11 D=434 lifetime=60000 Foreign -> Mobile
TTL=1 COA=9.2.20.11
HA=129.34.78.254 IP header fields UDP header Mobile-IP message fields Authentication Ext.
Foreign ->home MA=129.34.78.5
S= 137.0.0.11 S=434 Type = 3 SPI=303
IP header fields UDP header Mobile-IP message fields Authentication Ext. D= 129.34.78.5 D=1094 lifetime=35000
TTL=1 HA=129.34.78.254
S=9.2.20.11 S=1094 Type = 1 SPI=302 MA=129.34.78.5
D= 129.34.78.254 D=434 lifetime=60000
TTL=64 COA=9.2.20.11
HA=129.34.78.254
mobilité IP MA=129.34.78.5 51 mobilité IP 52
Exemple Exemple
Annuler l’enregistrement (au retour au réseau home) :
Mobile ->home
IP header fields UDP header Mobile-IP message fields Authentication Ext.
S=129.34.78.5 S=1094 Type = 1 SPI=302
D= 129.34.78.254 D=434 lifetime=0
Agent advertisement TTL=1 COA=129.34.78.5
HA=129.34.78.254
IP header fields ICMP header Router Adv. header Mobile service extensions
MA=129.34.78.5
S=129.34.78.254 Type=9 Lifetime=35000 Home -> Mobile
D=255.255.255.255 code=16 no COA
H=1
IP header fields UDP header Mobile-IP message fields Authentication Ext.
S= 129.34.78.254 S=434 Type = 3 SPI=303
D= 129.34.78.5 D=1094 lifetime=0
TTL=1 COA=129.34.78.5
HA=129.34.78.254
MA=129.34.78.5
mobilité IP 53 mobilité IP 54
10. De-registration
De- Discovering the HA's address
De-registration Request. Mobile Node
• Manual configuration on the mobile
• Automatically
Internet – By broadcasting a registration request
Home Agent
De-registration Reply
mobilité IP 55 mobilité IP 56
Learning the HA address Learning the HA address
Mobile Node Mobile
Home Agent Home Agent
Home Agent Home Agent
Internet Internet
Foreign Agent Foreign Agent
Home Agent Home Agent
mobilité IP 57 mobilité IP 58
Learning the HA address Movement detection
Mobile
Home Agent • Using the lifetime field
– If the lifetime expires, the mobile supposes it has attached
Home Agent to a new link or the agent has failed. It waits for an Agent
Advertisement or sends an Agent Sollicitation
Internet
Foreign Agent
Home Agent • Detection using the network prefix
mobilité IP 59 mobilité IP 60
11. Routing Interception by the HA
• To the home network • 2 possibilities
– The packets for a mobile are always sent to its home – Accessibility advertisement :
network
– No specific routing –conventional routing only on HA routers with several interfaces
– If the mobile sends data, it behaves as any other node on
the Internet – Using the proxy ARP
Mobile's IP@ <-> HA's MAC@
• To a visited network Updated by the HA and by the mobile node when it returns on its
– A router on the local link broadcasts an ARP request to home network
inform the packets for the mobile should be sent to it.
– The packets are intercepted by the HA and tunnelled to
the mobile's COA(s)
– At the end of the tunnel, they are decapsulated and
delivered to the mobile
mobilité IP 61 mobilité IP 62
Packet interception by the HA Home Network configurations
Cible/Taille du prefixe Prochaine saut Interface
195.2.20.0/24 direct 1 Couche supérieures (TCP/UDP
défaut/24 202.1.4.254 2
191.2.2.2/32 192.2.2.253 v1
IP Gateway Physical Home Network
A Home
Interface v1 Internet Agent
Interface 1 Interface 2
(tunnel enc.)
Routage sur l’agent mère
195.2.20.253 202.1.4.253
Cible/Taille du prefixe Prochaine saut Interface B Physical Home Network
130.79.80.0 direct 1 Couche supérieures (TCP/UDP
Internet
192.2.2.0/24 192.2.2.254 2 Gateway/
191.2.2.2/32 direct 1
IP Home Agent
Interface v1
Interface 1 Interface 2 (tunnel déc.) Virtual Home Network
Routage sur le foreign agent
130.79.80.254 192.2.2.253
C Internet
Gateway/
Home Agent
mobilité IP 63 mobilité IP 64
Proxy and Gratuitous ARP Security
• In the cases A and B above, the Home Agent should intercept the
datagrams intended to Mobile Nodes using a Proxy ARP
mechanism
• In the case C, all datagrams intended to Mobile nodes will be
naturally intercepted by the Home Agent. Here, all the hosts are
outside their Home Network which become a Virtual Network
• Gratuitous ARP should be used by the Home Agent in order to
change the ARP cache entry for a roaming Mobile node’s Home
Address on the Home Network
• When the Mobile Node gets back to its Home Network, Gratuitous
ARP should again be used by the Mobile Node itself to restore the
ARP cache entry
mobilité IP 65 mobilité IP 66
12. Security aspects (1) Security aspects (2)
1 byte 1 byte 1 byte 1 byte
• The security issue is fundamental for registration messages otherwise
impersonation and session hijacking attacks would be trivial Type Length SPI
• Authentication should be applied to these messages
• The Mobile IP architecture specifies its own security mechanisms for use
SPI continued Authenticator
with IPv4 since IPsec, the new standardized security architecture, is not
mandatory with IPv4 Authenticator continued...
• An authentication extension is thus appended to each of the above
messages
• Type identifies the authentication extension (Mobile-Home, Home Agent-
• The default authentication algorithm is a keyed-MD5 in prefix + suffix Foreign Agent,...)
mode • SPI specifies the authentication context (algorithm, mode, key...)
• The result of the authentication is thus a 128 bit message digest • The Authenticator is calculated over the entire message + this authentication
transmitted in the authentication extension extension
mobilité IP 67 mobilité IP 68
Firewalls and packet filtering problems (1) Firewalls and packet filtering problems (2)
• Ingress filtering is often applied in the border gateway of a
corporate network playing the role of a firewall
This datagram
Correspondent
Home cannot be
Agent accepted on • This prevents Mobile Node generated datagrams to reach the
this interface! Internet coming from the Visited Network
This datagram
HA cannot be
CN
A accepted on • Solutions
Gateway/Firewall this interface! – Send datagrams with Source Address=Care-of Address Þ this
Visited Network is a loosing proposition because it runs counter to the
Home Network
Internet HA C architecture
NA
– Send datagrams encapsulated in an outer IP header with
Source Address=Care-of Address Þ this is a better
Foreign Agent/ proposition but the Correspondent Nodes are not required to
Gateway/Firewall be able to do the decapsulation Þ Encapsulated datagrams
may be sent to the Home Agent which sends them back to the
Correspondent Node Þ this is a suboptimal solution on the
routing standpoint
mobilité IP
Mobile host 69 mobilité IP 70
Firewalls and packet filtering problems (3)
• Correlated problem : the firewall on the Home Network
side should also filter all datagrams coming from the Internet
with a Source Address corresponding to an inner address
(with the same prefix as the Home Network)
Tunneling
• Solutions :
– If the Home Agent is collocated with the Gateway/Firewall,
the firewall will know when such datagrams should be
accepted
– Otherwise, a protocol between the Home Agent and the
Firewall may be necessary
– Finally, a solution may consist in tunneling all such datagrams
to the Home Agent which should play the role of a bastion
host and be attached to a DMZ for safety
mobilité IP 71
13. Datagram Tunneling Reminder : IPv4 header format
• A Correspondent Node sends datagrams to a Mobile Node with
the Destination Address field containing the Mobile Node’s Home
Address
1 byte 1 byte 1 byte 1 byte
• Based on the destination address, these datagrams reach the
Home Network Vers. IHL TOS Total Length
• There, the Home Agent intercepts the datagrams and
encapsulates them into an outer IP header that tunnels the Identification Flags FO
initial datagrams to the Foreign Agent or directly to the Mobile
Node (in the case of a collocated Care-of Address) TTL Protocol Header Checksum
• Multiple encapsulation schemes may be used including :
Source IPv4 address (4 bytes)
– IP-within-IP encapsulation
– Minimal encapsulation Destination IPv4 address (4 bytes)
• The datagrams sent by the Mobile Node reach directly the
Correspondent Node Options Padding
mobilité IP 73 mobilité IP 74
IP-within-IP encapsulation
IP- within- Minimal encapsulation
Minimal encapsulation header
New IP hdr Orig IP hdr TCP/UDP Data
New IP hdr TCP/UDP Data
• The original IP header remains unchanged when transmitted in
1 byte 1 byte 1 byte 1 byte
the tunnel (the TTL field is decremented)
– Source Address : Correspondent Node Address
Protocol S Reserved Header Checksum
– Destination Address : Mobile Node’s Home Address
Original Destination Address :
• The new IP header has :
Mobile Node’s Home Address
Original Source Address (if present) :
– Source Address : Home Agent Address
Correspondent Node’s Address
– Destination Address : Care-of Address
• S indicates the presence of the Original Source Address field
• When fragmentation is needed, it should be done at the inner IP • Minimal encapsulation limits the number of supplementary
datagram level otherwise the fragments won’t transport the Mobile bytes necessary for tunneling
Node’s Home Address used at the Foreign Agent to send the
decapsulated datagram on the right data link • It prevents however from performing fragmentation
mobilité IP 75 mobilité IP 76
Soft Tunnel State Plan
• It is interesting to maintain at the Home Agent level (the entry point • Introduction
of the tunnel) a number of parameters on the state of each – Qu’est-ce que la mobilité IP ?
established tunnel.
• Architecture Mobile IP
• These parameters constitute the Soft Tunnel State and include : • Mécanismes de mobilité IP
– The Path MTU on this tunnel for fragmentation purposes – Découverte d’agent
– Enregistrement
– The state of the tunnel (broken or not) – Tunnelage
– The Correspondent Node using the tunnel
• Fonctionnalités avancées
• The Home Agent may then relay ICMP error messages to the • Micro-mobilité
Correspondent Node source of the tunneled datagrams
• Support de mobilité fourni par IPv6
• Typically, ICMP host unreachable messages are sent back to the
Correspondent Node when the datagrams are not delivered through • Mobile IP & 3G
the tunnel
• Conclusion
mobilité IP 77 mobilité IP 78
14. Enhanced functionnalities Routing optimisation
• Optimisation du routage • Goal : Avoid triangle routing
• Smooth handoff • Idea:
– Tell the correspondents the current position of the mobile
node
• Problem:
– Change the correspondent's IP stack
mobilité IP 79 mobilité IP 80
Triangle Routing Route optimization (1)
• The basic Mobile IP mechanisms create a Triangle Routing
between the Correspondent Node, the Home Agent and the
Home Network Mobile Node.
• This Triangle Routing is far from being optimal especially in
the case of a Correspondent Node very close to the Mobile
Home Agent Node
Tun • Route optimization consists of eliminating this problem
ne l
Visited Network • This is done by updating the Correspondent Node giving it the
Internet
mobility binding (Home Address, Care-of Address) of the
Mobile Node
Foreign Agent • For security purposes, it is the responsibility of the Home
Mobile Node
Agent to send the mobility binding to the Correspondent
Nodes that need them
Correspondent Node
mobilité IP 81 mobilité IP 82
Route optimization (2) Route optimization (3)
• Binding updates are authenticated by a route optimization
authentication extension (same as for the Mobile-Home
Home Network
authentication extension)
• Route optimization offers an efficient routing technique but
Home Agent
supposes that the Correspondent Nodes are able to
Bin
Bin
implement the route optimization protocol
d in
din
Internet Visited Network
gu
g re
Foreign Agent
pda
que
HA CN A • This may be the main reason why this mechanism has not yet
te(H
st (
oA
CN
A been definitively adopted as an RFC
HA
A,
AC
CN
C
)
HA
oA
Mobile Node
,L
ifet
CN A
ime
HA
)
Correspondent Node
mobilité IP 83 mobilité IP 84
15. Foreign Agent - Smooth Handoff Smooth handoffs (1)
• When a mobile moves, it registers with a new FA
Home Network Registration Visited Network 2
• Goal: Tell the old FA the current position so that the Advert
iseme
packets in transit are redirected to the mobile (avoid nt
losses and retransmissions) Foreign Agent 2
Home Agent
Mobile Node
• Protocol:
Visited Network 1
Bindin
– The mobile registers with the new FA and tells the address of its Internet
old FA
gu
– The new FA sends a BU to the old FA so that it forwards the
pdate
packets to the new location of the mobile Foreign Agent 1
Mobile Node
Correspondent Node What about the transition?
mobilité IP 85 mobilité IP 86
Smooth handoffs (2) Smooth handoffs (3)
• During the handoff, it is important that the datagrams intended to the
Mobile Node and received by the previous Foreign Agent not be lost
Home Network Registration Visited Network 2
Advert
• A smooth handoff may be obtained if the previous Foreign Agent iseme
nt
receives a binding update with the new Care-of Address of the Mobile
Foreign Agent 2
Node allowing it to relay the datagrams to the new Foreign Agent
Binding update
Binding Ack
Home Agent
Mobile Node
• This is best achieved if it remains a local mechanism between the
Bindin
Mobile Node and both the current and previous Foreign Agents (the Internet
Home Agent is too far to perform this binding update)
gu
pdate
Foreign Agent 1
• This poses however a security problem since it is highly improbable,
in the current state of Internet security, that an authentication security Mobile Node
association be established between the Mobile Node and the Foreign
Agents Visited Network 1
Correspondent Node
mobilité IP 87 mobilité IP 88
Smooth handoffs (4) Plan
• Introduction
• If the previous Foreign Agent does not hold the new mobility binding – Qu’est-ce que la mobilité IP ?
for the Mobile Node, it may send back the decapsulated datagram
to the Home Agent. • Architecture Mobile IP
• This may create routing loops if the Foreign Agent has lost the trace • Mécanismes de mobilité IP
– Découverte d’agent
of the Mobile Node and the Mobile Node is not connected elsewhere – Enregistrement
– Tunnelage
• The Foreign Agent should re-encapsulate the decapsulated
datagram into a Special Tunnel getting it back to the Home Agent • Fonctionnalités avancées
with the Care-of Address as the source address of the outer header
• Micro-mobilité
• This allows the Home Agent to compare the current registration with • Support de mobilité fourni par IPv6
the returned Care-of Address and decide whether it should tunnel the
datagram or not thus avoiding routing loops • Mobile IP & 3G
• Conclusion
mobilité IP 89 mobilité IP 90