* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download LocationSeparation
Survey
Document related concepts
Distributed firewall wikipedia , lookup
Computer network wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Internet protocol suite wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
COM594: Mobile Technologies Location-Identifier Separation In the current Internet TCP/IP Protocol Stack, the IP address functions simultaneously as: • A Routing Locator (an identifier with a topological meaning) and • An Endpoint Identifier Application Layer Transport Layer IP-address,, port (Endpoint Identifier) Internet Layer IP-address (Routing Locator) Data Link Layer Physical Layer Location-Identifier Separation • When a host changes its point of attachment to the Internet, its IP address must change as well • Therefore all transport sessions will break • There have been various ‘workarounds’ to implement mobility on the Internet Location-Identifier Separation • More fundamental approaches aim to separate Routing Locators and Endpoint Identifiers to remove all identification related functionality from topology related information such as IP addresses. • Current implementations adopt IP as the communications endpoint. • New approaches have become known as Location-Identifier (L.I.) Separation. Location-Identifier Separation • These more fundamental approaches require the redesign of the Internet protocol stack: • Such proposals are, by definition radical, and will be difficult to implement. (Recall IPv4 vs Ipv6) • The ideas have emerged from the Routing Research Group (RRG) of the Internet Research Task Force (IRTF) L.I Separation • The lack of L.I. Separation causes problems beyond simply mobility: • A key issue is user location privacy • When – Identifiers are long lived, and – A publicly available mapping exists between identifiers and locators, • it is possible to determine the location of a host and thus, the user using it • Without the user’s permission, or knowledge Privacy • Invasion of privacy is increasingly becoming a criminal offence! • It is important that new mechanisms, by default, do not reveal the location of a particular host to unknown observers. Proposed Solutions • Four proposed solutions have exercised the RRG: • The Host Identity Protocol (HIP) • Network Address Translation for IPv6 to IPv6 (NAT66) • Identifier-Locator Network Protocol (ILNP) • Location-Identifier Separation ProtocolMobile Node (LISP-MN) Fundamental Approaches to LocationIdentifier Separation • Most approaches to LI Separation fall into two broad categories: – Those that introduce an extra layer to hold the original endpoint identifiers – Those that split the IPv6 address space into a part that has topological meaning, and a part that is used to identify the host. Case Study • All four approaches have their advocates and detractors. • None of them are ‘perfect’. • All are ‘work in progress’ • We will briefly review LISP-MN as this has gained significant industrial support in recent years. Location-Identifier Separation Protocol – Mobile Node (LISP-MN) • The LISP-NM Protocol enables a mobile node to roam across network whilst retaining its IP address. • During hand-off, sessions may ‘pause’, and some data loss is possible. • The key issue however is that sessions are not dropped. • So they do not have to be set up again LISP-MN • LISP-MN aims to make it possible for mobile devices to roam while keeping TCP sessions alive and to be simultaneously connected to two different networks. (Multihomed). • LISP-MN is based on a LISP infrastructure: LISP • LISP implements a Map-and-Encap scheme. • Packets are encapsulated at the border router of the sender domain: The Ingress Tunnel Router. (ITR) • Packets are decapsulated at the border router of the receiver domain: The Egress Tunnel Router (ETR) Encapsulation • By this mechanism, core routing (routing between domains) is independent of the encapsulated endpoint identifiers. • This also optimizes routing for the topological characteristics of the core network. • LISP adds an extra Internet layer below the existing one: LISP Stack Application Layer Identifier Transport Layer Identifier Internet Layer Identifier Internet Layer Locator Data Link Layer Physical Layer LISP Stack 15 LISP Transmission 1. The Host looks up the correspondent host in a DNS and gets an Endpoint Identifier; 2. Host makes a packet with it source Endpoint Identifier and the Destination Endpoint Identifier 3. Packet is sent to the ITR which encapsulates it with the Routing Locator of the ITR as the source, and the Routing Locator of an ETR as the target. (This requires a mapping mechanism) 4. The packet is transmitted over the Internet to the ETR 5. The ETR decapsulates the packet and sends it to the destination Endpoint Identifier Typical LISP Scenario RLOC ITR1: 10.0.0.0/8 RLOC ETR1: 12.0.0.0/8 EID: 1.0.0.0/8 EID: 2.0.0.0/8 Internet Core EID: 1.0.0.1 1.0.0.1 -> 2.0.0.2 Host EID 1.0.0.1 wants To send to Host EID 2.0.0.2 The packet Arrives at ITR2 RLOC ITR2: 11.0.0.0/8 ITR2 encapsulates The packet with source 1.0.0.1 and Destination 2.0.0.2 in a packet RLOC ETR2: With source 11.0.0.1 13.0.0.0/8 And destination 12.0.0.2 11.0.0.1 -> 12.0.0.2 11.0.0.1 -> 12.0.0.2 1.0.0.1 -> 2.0.0.2 1.0.0.1 -> 2.0.0.2 ITR2 does a DNS on 2.0.0.2 and gets13.0.0.2 and 12.0.0.2: The latter has priority EID: 2.0.0.2 1.0.0.1 -> 2.0.0.2 ETR! Forwards the packet To EID 2.0.0.2 ETR1 receives the packet And decapsulates it. 17 LISP-MN • LISP-MN leverages the mapping infrastructure of LISP to support mobile devices • This happens by turning the mobile device into a LISP ITR and ETR for itself • The mobile device sends map requests • All packets originating at the mobile device are LISP encapsulated Map Servers • The mobile device can answer directly to incoming Map requests, or it can designate its map server as a proxy • Map Servers have similar behaviour to Home Agents in Mobile IP • Unlike mobile IP, the actual data never flows through these servers. • They just answer to the mapping requests. • Also, home agents never provide mapping information because that is left to the mobile node Example: EID 1.0.0.1 wants to send a packet to EID 1.0.0.2 Mobile host 1.0.0.2 has lost its Wi Fi connection but still has GSM 1. Mobile node updates the Mapping Server to indicate that it is accessible via 13.0.0.2, but not 12.0.0.2 2. The packet arrives at ITR2 (Which has Routing Locator 11.0.0.1) 3. ITR2 Looks up Routing Locators corresponding with EID1.0.0.2 and finds 13.0.0.2 4. ITR2 encapsulates the packet and forwards as normal over the Internet core 5. The mobile host receives the packet and decapsulates it. WiFi: 12.0.0.0/8 Mapping Server RLOC ITR1: 10.0.0.0/8 Domain EID: 1.0.0.0/8 WiFi RLOC Host 12.0.0.2 -------- 13.0.0.2 1.0.0.2 Internet Core 3G Source EID: 1.0.0.1 1.0.0.1 -> 1.0.0.2 RLOC ITR2: 11.0.0.0/8 3G: 13.0.0.0/8 Dest EID: 1.0.0.2 11.0.0.1 -> 13.0.0.2 11.0.0.1 -> 13.0.0.2 11.0.0.1 -> 13.0.0.2 1.0.0.1 -> 1.0.0.2 1.0.0.1 -> 1.0.0.2 1.0.0.1 -> 1.0.0.2 20 Benefits and Challenges • LISP implements the separation of Routing Locators and Endpoint Identifiers without the need for changes at the host. • The address in the core network is independent from that at the edge, so for example, the core network could use IPv6, whereas the edge network would use IPv4 and vice-versa. Benefits and Challenges • By turning the mobile node into a LISTsite-in-a-box, the MN can change their point of attachment without breaking transport session. • Unfontunatelly, the latter does require changes at the host, undoing one of the advantages of LISP. Benefits and Challenges • The largest obstacle appears to be the requirement for an operational LISP infrastructure. Until LISP is widely deployed, the benefits of LISP-MN are small. Useful References • CISCO Demo LISP_MN – http://bit.ly/oYa2IE – http://www.cisco.com/c/en/us/products/ios-nxos-software/locator-id-separation-protocollisp/index.html – https://lispmob.org/ – http://lisp.cisco.com • LISP Mobile Project (this is just a link of interest) – http://www.lispmob.org/