Mobility management. Piotr Pacyna. AGH University of Science and Technology Department of Telecommunications Krakow 2017.

Mobility management Piotr Pacyna AGH University of Science and Technology Department of Telecommunications Krakow 2017. 1

Cel wykładu Prezentacja metod wsparcia mobilności przewidzianych do stosowania w systemach 3G oraz 4G w świetle standardów 3GPP. Potrzeby i wyzwania w zakresie obsługi mobilności. Protokoły wsparcia mobilności zapewniające swobodną komunikację urządzeń ruchomych w warunkach częstych przełączeń. Architektura systemu 3PP SAE/LTE. Model wsparcia mobilności. 2

Cellular systems and Internet. Convergence IPv4 2G 3G SAE/LTE IPv6-based network with mobility and security IPv6 2000 2010 2020 3

Potrzeba wsparcia mobilności IP Konwergencja systemów trwa. Cel: All IP system Protokół IPv6 nie wspiera częstych zmian punktu przyłączenia do sieci. Mobile IPv6 nie zapewnia należytej jakości obsługi ze względu na długi czas przełączenia (IP handoff latency) 4

Architectural challenges Packet switched system vs. packet switched. Conceptual separation of layers in IP. Lack of clear separation of data-plane and controlplane in IP. Connectionless, unreliable datagram service. Security never considered seriously (in the arch.) Host mobility never considered (in the arch.). IP-based mobility with fast handovers is difficult. Convergence of cellular systems and the Internet is well advanced. 5

Host-based mobility management - Mobile IPv6 Piotr Pacyna AGH University of Science and Technology Department of Telecommunications Krakow 2017. 6

Challenge #1 in IP-based mobility: Continuous reachability Home network How to reach MN??? CN MN Foreign network Use two IP addresses: address representing node identity and address representing node location (locator-identifier split) How to store address binding? How to update the binding? MN 7

Challenge #2 in IP-based mobility: Handover latency introduced by IP layer Link layer handover IP layer handover 8

Challenge #3: Technology heterogeneity Rozwiązanie winno być uniwersalne - niezależne od techniki transmisyjnej Internet IPv6 Operator Access router Access router Access router Access router Access router Access router Access router 802.11 TD-CDMA TD-CDMA TD-CDMA 802.11 802.11 Mobile Terminal TD-WCDMA intradomain TD-WCDMA interdomain TD-WCDMA to 802.11 intradomain 802.11 to 802.11 interdomain 802.11 to 802.11 intradomain 802.11 to Ethernet intradomain 9

Challenge #4: Operator requirements Rozwiązanie winno być uniwersalne - niezależne od techniki transmisyjnej Internet IPv6 Operator A (Domain A) Operator B (Domain B) Operator C (Domain C) Access router Access router Access router Access router Access router Access router Access router 802.11 TD-CDMA TD-CDMA TD-CDMA 802.11 802.11 Mobile Terminal TD-WCDMA intradomain TD-WCDMA interdomain TD-WCDMA to 802.11 intradomain 802.11 to 802.11 interdomain 802.11 to 802.11 intradomain 802.11 to Ethernet intradomain 10

Requirements for smart mobility management (handoff) scheme Compatibility: Mobility management solution must fit in the service model in cellular systems. Latency: the time required to complete the handoff should be appropriate for the rate of mobility of the mobile terminal, and the QoS requirements applications. Ubiquity: the handoff procedure should support handoffs within the same BS, between different base stations in the same and in different networks (hard-, soft- and softer handovers). Scalability: mobility control traffic (incl. handover management) and the processing overheads must not load the system. Performance: low call blocking probability; fast recovery Quality of service: should be sustained during and after handover. Efficiency: handoff should result in improved efficiency (of traffic load, reduced interference, energy consumption). 11

MIPv6 Terminology Mobile Node (MN) Home Address (HoA) IP address out of the mobile node home network Care of Address (CoA) - The physical IP address of a MN while visiting a foreign network Home Agent (HA) - A router on the home network which represents the MN while it s not attached with the home network, it stores address binding Binding - Association of the home address with the Care of address of a MN Correspondent Node (CN) - A peer node with which a MN is communicating. The CN may be either mobile or stationary. 12

Mobile IPv6 (1) Mobile Terminal leaves the Home Network and enters the Visited Network. Source: Moby Dick Project Deliverable D0101 13

Mobile IPv6 (2) By means of auto-configuration Mobile Terminal aquires IPv6 address in the visited network and uses it as a care-of address. Source: Moby Dick Project Deliverable D0101 14

Mobile IPv6 (3) Next, Mobile Terminal notifies Home Agent about its current care-of address and its current location (address of visited newtork). Source: Moby Dick Project Deliverable D0101 15

MIPv6 messages as IPv6 destination options All new messages used in MIPv6 are introduced as IPv6 Destination Options. Destination options carry additional information next to IP packet header, that needs to be examined only at the destination node. Four new Destination Options: Binding Update used by an MN to inform its HA or any other CN about its current care-of address Binding Acknowledgement used to acknowledge the receipt of a Binding Update Binding Request used by any node to request an MN to send a Binding Update with the current care-of address Home Address used in a packet sent by a mobile node to inform the receiver of this packet about the mobile node s home address 16

Mobile IPv6 (4) Home Agent registers care-of address of a Mobile Terminal and acknowledges sucessful registration. From now onwards, the Home Agent can forward traffic to Mobile Terminal while it is in foreign networks. Source : Moby Dick Project Deliverable D0101 17

Mobile IPv6 (5) Correspondent Node sends data packets to Mobile Terminal to the Home Network. Home Agent intercepts the packets. Source: Moby Dick Project Deliverable D010 18

Mobile IPv6 (6) Home Agent forwards data packets to care-of address of a Mobile with IPv6 in IPv6 encapsulation. Source : Moby Dick Project Deliverable D0101 19

Mobile IPv6 (7a) Mobile Terminal responds to the Correspondent Node with triangle routing. Source : Moby Dick Project Deliverable D0101 20

Mobile IPv6 (7b) At the same time the Mobile Node sends Binding Update to Home Agent and to Corespondent Node. Correspondent Node creates a local binding of home address and care-of address of a Mobile Terminal in its binding cache. Source : Moby Dick Project Deliverable D0101 21

MIPv6 Routing through HA Home network HA CN Foreign network MN Protocol is transparent to CN Suboptimal routing 22

MIPv6 Routing through HA MN connects to foreign network and obtains a CoA MN sends binding update to HA HA represents MN in the home network using proxy neighbour discovery All traffic destined to the MN is encapsulated in a IPv6-in- IPv6 tunnel and send to the CoA of the MN Traffic from the MN use the same tunnel in reverse direction 23

Routing improvement? Home network HA CN Foreign network Triangle routing - suboptimal routing Which address to use as a source address for packet? MN 24

MIPv6 Route optimization Home network HA CN BU Foreign network BU MN Achieves optimal routing CN has to implement MIPv6 protocol Binding update must be secured 25

MIPv6 Route optimization MN sends binding update to CN MN sends data packets directly to CN with CoA as source address, and HoA as an destination option CN replaces the source address with the HoA before passing the packet to upper layer protocols CN sends data packets directly to MN with CoA as destination address, and special Routing Header with HoA as second hop MN removes the routing header and pass the packet to upper layer protocols Upper layer protocols are only aware of HoA 26

MIPv6 Security Security goal is to achieve the same security level as in network without node mobility. To do so, binding update must be authorized. Preestablished trust relationship between MN and HA Binding update messages can be secured using IPsec with ESP in transport mode. No trust relationship between MN and CN Return Routability Procedure is used to prove the reachability of MN via CoA. 27

MIPv6 Return Routability Procedure Home network HoTI HoT HA CoTI CoT CN Foreign network BU signed with Kbm HoTI = {home init cookie} CoTI = {care-of init cookie} MN HoT = {home init cookie, home keygen token} CoT = {care-of init cookie, care-of keygen token} Kbm = SHA1 (home keygen token care-of keygen token) 28

Complete handoff process in Mobile IPv6 1. Movement detection, network attach. IPv6 2. IP address configuration Mobile IPv6 3. Binding update 29

Mobile IPv6 and Mobile IPv4 - similarities Main concepts from IPv4 are preserved: Reachability of a node via its home address Session establishment with the support of Home Agent Location updates to Home Agent Base terms are maintained: - Home network, - Foreign network, - Home agent, - Foreign agent, - Home address, - Care-off address. 30

Mobile IPv6 - registration in the Visited Network Source: Grzegorz Hełdak, Wybrane aspekty bezpieczeństwa połączeń w mobilnych sieciach IP, praca magisterska 31

Mobile IPv6 - handover between subnets Źródło: Grzegorz Hełdak, Wybrane aspekty bezpieczeństwa połączeń w mobilnych sieciach IP, praca magisterska 32

Main architecture differences when compared to Mobile IPv4 No Foreign Agent IP address auto-configuration is carried out by mobile host Multiple care-of addresses possible, but one adress is the primary CoA Numerous Home Agents (optional) 33

Functions for the Home Agent Represents a Mobile Terminal when outside of the home net. (Proxy Neighbour Discovery) Acknowledged binding updates (Binding acknowledgement) Requests for binding update (Binding Refresh Request) 34

Selected new functions of a Mobile Terminal Use of several CoAs Preserving an old link during handover to new network Hiding location of a mobile (refrain from sending Binding Update to CN) 35

New functions of a Mobile Terminal Correspondent binding procedures Binding Update to the Home Agent Binding Update to Correspondent Nodes Binding Update to Old Access Router! Detection of Home Agent (DHAAD, since Home Agent may change) Authentication of Binding Update messages (with the Return Routability Procedure) Managing Binding Update Table Managing binding information about known Correspondent Nodes (Binding Cache) 36

Support for security Return Routability Procedure Home Test mobility header options: Home Test Init, Home Test Care-of address Test mobility header options: Care-of Test, Care-of Test Init credibility check of a CN which respondes to Init 37

Return Routability Procedure (trasowanie powrotne) extra 38 Źródło: Grzegorz Hełdak, Wybrane aspekty bezpieczeństwa połączeń w mobilnych sieciach IP, praca magisterska

Movement detection extra While the mobile is on the move: Router Discovery : Router Advertisment, Router Solicitation Neighbour Unreachability Detection - used on: radio links, very asymetric links, fading links - purpose: to know that transmission is not possible Care-of Test Header options: Care-of Test, Care-of Test Init 39

Home Agent Discovery extra 40 Źródło: Grzegorz Hełdak, Wybrane aspekty bezpieczeństwa połączeń w mobilnych sieciach IP, praca magisterska

Other features in IPv6 extra Home Address Destination Option Helps to avoid reverse tunneling Network renumbering After network address change, MT invokes Neighbour Discovery After network address change, HA tunnels a new prefix to it s MTs 41

Comparison of MIPv4 and MIPv6 Mobile IPv4 Występowanie węzła mobilnego, agenta domowego, łącza do sieci domowej, łącza do sieci wizytowanej Wykorzystanie adresu domowego do komunikacji z MN Występuje agent obcy FA Stosowany jest powiązany adres tymczasowy (collocated care-of address) Adres tymczasowy pozyskiwany za pomocą Agent Discovery, DHCP lub ręcznej konfiguracji Agent Discovery Uwierzytelniana rejestracja u agenta domowego Trasowanie pakietów do MN przez tunel od agenta domowego Optymalizacja trasowania jest określona w oddzielnym dokumencie Tak samo Mobile IPv6 Dostępny adres domowy i adres tymczasowy Sieć wizytowana obsługiwana jest przez zwykły router, nie istnieje agent obcy Adres tymczasowy pozyskiwany za pomocą Stateless Address Autoconfiguration, DHCP lub ręcznej konfiguracji Router Discovery Uwierzytelnione informowanie agenta domowego i węzły korespondujące o nowym adresie tymczasowym Trasowanie pakietów do MN przez tunel od agenta domowego, lub wykorzystanie trasowania źródłowego (source routing) Optymalizacja trasowania jest określona w podstawowym dokumencie definiującym Mobile IPv6 42

Changes in IPv6 protocol resulting from support for mobility extra Data structures Binding Cache Binding Update List Home Agent List ICMPv6 messages 43

Changes in IPv6 protocol resulting from support for mobility extra Mobility Headers (destination options) Binding Update Option (BUO) Binding Acknowledgment Option (BAO) Binding Request Option (BRO) Binding Error Home Test Init (HoTI) Home Test (HoT) Care-of Test Init (CoTI) Care of Test (CoT) 44

MIPv6 Handover Procedure MN PAR NAR HA CN Router Advertisement (New Network Prefixes) Router Advertisement Data Packet [CoA:CN]Data Router Advertisement Packets will be lost until registration Data Packet [CoA:CN]Data MDL Report Neighbor Solicitation Neighbor Solicitation Neighbor Solicitation Neighbor Solicitation Binding Update (New CoA) Binding Ack Return Routeability Procedure Data Packet [New CoA:CN]Data

Mobile IPv6 - distinct features 1. Support of MIPv6 is part of IPv6 standard. 2. Deep integration of mobility with IPv6. 3. Strong security protection for the signalling messages. 4. Use of supplementary protocols such as: IPSec, message authentication, public keys, PKI. 5. Reliability of the user-data communications and signalling eg. lifetime parameter for Binding Update message. 46

Host-based mobility management - Fast Mobile IPv6 Piotr Pacyna AGH University of Science and Technology Department of Telecommunications Krakow 2017 47

Problems related to handover in Mobile IPv6 During handover a temporary disruption in communication capabilities can impair timesensitive applications handover latency

Handover process in Mobile IPv6 1. Movement detection IPv6 2. IP address autoconfiguration Mobile IPv6 3. Binding update

Latency components 1. Link-layer connectivity - Network detection - Network selection - Network attachment 2. IP connectivity - Movement detection at IP layer - CoA address configuration 3. Address tests - Dupplicate Address Detection Home Agent Correspondent Node New Access Router (NAR) 4. MIPv6 connectivity - BU home - BU CNs 5. MIPv6 tests - Return Routability procedure

Optimisations in FMIPv6 Is it possible to start using the new access link immediately after the link has been detected? Is it possible to receive packets from CN via the new link immediately after handoff? Objective: Reduce the time when a MT can not send or receive at all (IP addr config. issue) Reduce the time when it is unreachable (in the sense of Mobile IP). Approach: introduce extensions to MIPv6.

Handover process Home Agent Correspondent Node Previous Access Router (PAR) New Access Router (NAR) Mobile Node (MN)

Router information RtSolPr PrRtAdv

MN OAR NAR ------RtSolPr-------> <-----PrRtAdv-------- ------FBU-----------> --------HI---------> <------HAck--------- <--FBack--- --FBack---> disconnect forward packets===============> connect --------- FNA ---------------------------> <=================================== deliver packets

Tunnel setup - predictive mode FBU FBack Make-before-break

Tunnel setup - predictive mode MN OAR NAR ------RtSolPr-------> <-----PrRtAdv-------- ------FBU-----------> --------HI---------> <------HAck--------- <--FBack--- --FBack---> disconnect forward packets===============> connect --------- FNA ---------------------------> <=================================== deliver packets 56

Tunnel setup - predictive mode HI FBU HAck FBack Make-before-break

Tunnel setup - reactive mode FBU FBack FNA [FBU] Reactive mode

Tunnel setup - reactive mode MN PAR NAR ------RtSolPr-------> <-----PrRtAdv-------- disconnect connect ------FNA[FBU]------- -------------------> <-----FBU----------- ------FBack--------> forward packets===============> <=================================== deliver packets 59

Summary FMIP is a complete solution for handoff optimization MN-initiated, MN-controlled handoffs, can be network assisted,... but... It also allows for network-initiated, and networkassisted handoffs Some security threats exist

Network-based mobility management - Proxy Mobile IPv6 Piotr Pacyna AGH University of Science and Technology Department of Telecommunications Krakow 2017 61

Requirements for PMIPv6 A jeżeli urządzenie nie wspiera procedur obsługi mobilności? Mobilność może być obsługiwana przez sieć! 62

Objectives for PMIPv6 Provide network-based mobility management Support for hosts that do not use any mobility management protocol No participation of mobile node during mobility related signaling Support intra-domain handovers Reuse MIPv6 deployed infrastracture Avoid tunnelling overhead over the air Support the node within restricted and topologically localized fragment of the network (PMIPv6 domain) 63

Proxy Mobile IPv6 (PMIPv6) Router dostępowy Router dostępowy Router dostępowy 64

Proxy Mobile IPv6 (PMIPv6) MobileIPv6 Przyłączenie Uwierzytelnienie Autokonfiguracja adresu IPv6 Komunikacja bezprzewodowa Przyłączenie Uwierzytelnienie Autokonfiguracja adresu IPv6 Komunikacja bezprzewodowa Przyłączenie Uwierzytelnienie Autokonfiguracja adresu IPv6 Komunikacja bezprzewodowa 65

Proxy Mobile IPv6 (PMIPv6) Proxy Mobie IPv6 IPv6: 2001:0::1/64 Przyłączenie Uwierzytelnienie?? Autokonfiguracja adresu IP Obsługa mobilności IPv6: 20AA:111::/64 NO PROBLEM! 66

Proxy Mobile IPv6 (PMIPv6) IP: 2001:0::1/64 IP: 20AA:111::/64 Przyłączenie Uwierzytelnienie Autokonfiguracja adresu IP Obsługa mobilności Przyłączenie Uwierzytelnienie Autokonfiguracja adresu I Obsługa mobilności 67

Host-based mobility vs. network-based mobility 68

Proxy Mobile IP - mobility entities LMA functionality: LMA is the topological IP anchor point for the mobile node s home network prefix(es)(it advertises those prefixes) Responsible for maintaining the mobile node s reachability state (by tunnelling packets to MAG) MAG functionality: Resides on the access link where the MN is anchored Performs the mobility management on behalf of a MN MAG is responsible for detecting the MN s movements to and from the access link and for initiating binding registrations to the mobile node s LMA Emulates the MN s home link (by sending Router Advertisement messages containing the MN s home network prefix(es))

PMIPv6 address configuration options Used only, when required: Stateless configuration Support for stateless auto-configuration mode Mobile node will be able to auto-configure an address after it receives the RA from the MAG. Stateful configuration Support for DHCP-based address configuration mode MAG obtains MN s home network prefix from LMA Mobile node will be able to send a DHCP request MAG performs DHCP proxy functionality to ensure that MN gets an address from its own configured address block 70

Summary MIPv6: Host-based mobility protocol MN and CN participate in the protocol Supports inter and intra-domain handovers Significant handover latency PMIPv6: Network-based mobility protocol Transparent to MN and CN Supports only intra-domain handovers Low handover latency. 71