Download Basic Scheme: Inter-domain Mobility

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Document related concepts

Computer network wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Network tap wikipedia , lookup

Peering wikipedia , lookup

Net bias wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
INFOCOM 2008
Wide-Area IP Network Mobility
Xin Hu1, Li (Erran) Li2,
Z. Morley Mao1 and Yang Richard Yang3
1Bell
Labs, Alcatel-Lucent, Murray Hill, NJ
2University of Michigan, Ann Arbor, MI
3Yale University, New Haven, CT
1
Outline
•
•
•
•
•
•
•
•
•
Introduction
Related Work
Overview
Basic Scheme: Inter-domain Mobility
Intra-domain Mobility
WINMO Properties
Implementation Issues
Evaluations
Conclusions and Future Work
2
Introduction
• Since using mobile networks provided by the transportation systems
presents minimal safety hazard and can significantly increase
productivity, their popularity can only increase.
• People expect that their Internet data sessions continue
seamlessly while they are in transit
– just as that a cellular phone conversation continues uninterrupted.
3
Introduction (cont.)
• to support network mobility
– directly use or extend the mobile IP protocol
• mobile IP depends on public home agents,
– but many users may NOT have static home addresses or home
agents deployed at home.
• triangular routing
– Connexion [2] by Boeing
• a commercial service to use BGP
– removes inefficient routing
– leads to positive user experiences
• a large number of BGP updates
• handles only when moves across ASes (autonomous systems)
[2] A. Dul, Global IP Network Mobility using Border Gateway Protocol, Mar. 2006. [Online]
4
Introduction (cont.)
• WINMO
– an efficient protocol to support wide-area Internet network
mobility
• Both across ASes and within an AS
– extensive evaluations are conducted to demonstrate the
effectiveness
5
Related Work
• The previous work on mobility spans all layers but
focus on host mobility
– Most of them depend on link layer handoffs to trigger
mobility support,
• but such handoffs may not be seen by all nodes
– It is possible to apply some of them to each host
• leads to significant inefficiency
• requires individual infrastructure support for each host.
6
Related Work (cont.)
• IETF NEMO
– a first step to ensure uninterrupted connectivity to the mobile network
nodes
– does not address important issues such as route optimization and
handoff.
• For route optimization
–
–
–
–
[16]: performance evaluation of NEMO
Connexion [2] by Boeing
SIP-NEMO [17]
MIRON [18], ROTIO[19]
• based on the NEMO basic protocol and do not handle inter-domain
mobility
• For handoff
– outage prediction [20], enhanced HMIPv6 [21]
7
Overview - Design decisions
• Global Network Architecture
– roams most of the time within a single AS.
– may switch to connect to another AS
• Infrastructure Support
– Require BSs and routers in an mobile ISP (MISP)
– The service providers of the MISP may also contribute limited support
• Addressing Scheme for Mobile Networks
– a fixed network prefix
– mobile host obtains a IP address (home address) from the prefix, for
the duration in the mobile network.
8
• End-host Support
– Be transparent to mobile hosts (MH)
– [option] OS support on correspondent host (CH)
• Security Association
– no security association between an MH and its CH
• such associations would simplify network design (?), but establishing them
– faces substantial security challenges or
– requires fundamental change to the Internet architecture
– Each MISP has at least one AAA server,
• which has a security association with mobile network, BS and router
• distributes a group key to the routers.
9
Overview - Performance Requirements
• For network infrastructure
– minimal routing overhead as a mobile network moves
– The impact of DoS from outside the mobile network should be
reduced
• For end host
– Minimal path inflation
– Location privacy (from CH)
• Tradeoff:
– Avoiding path inflation
vs. crippling the control plane
vs. route optimization
vs. scalability
10
Each mobile network has a fixed network prefix
allocated from the address space of its home mobility service provider
11
Outline
•
•
•
•
•
•
•
•
•
Introduction
Related Work
Overview
Basic Scheme: Inter-domain Mobility
Intra-domain Mobility
WINMO Properties
Implementation Issues
Evaluations
Conclusions and Future Work
12
Basic Scheme: Inter-domain Mobility
• To correctly deliver traffic to its new location, BGP requires
that
– the new provider announce the newly arrived IP prefix
– the previous provider withdraw the prefix.
• Standard BGP
– increase BGP routing table size
– possibly resulting in global routing instability
• a large number of updates when mobile networks move around
– some routers could temporarily lose their routes to the prefix
13
• For both global stability and application performance, we
need to limit the propagation of BGP updates
– without causing incorrect forwarding decisions at routers that do not
receive those updates.
• Techniques proposed
–
–
–
–
–
Mobile prefix
Aggregation routers
Mobility community
Scoped BGP updates
Tunnel mapping
14
Mobile Prefix
• Each tier-1 (large) ISP designates a set of prefixes
as its mobile prefixes: root mobile prefix
– There should be a small number of root mobile prefixes
– sub-prefixes are allocated from root mobile prefix to its
customers
• may be further divided
• Can be simply configured to routers similar to the
bogon list.
15
Aggregation Routers
and Mobility Community
• a tier-1 ISP configures that a subset of its routers
(aggregation router, AR) advertise its root mobile prefix and
know how to reach each sub-prefix.
– To reduce the number of routers keeping explicit routing state for
mobile networks,
– ARs can partition the address space
• approximate geographic distribution of the home location of mobile
networks to minimize suboptimal routing.
– send (standard) BGP UPDATE message to non-ARs
• for mobile prefix with the next hop set to its own address
– ARs of a tier-1 ISP form a connected topology
• To reduce excessive path inflation, we require that each POP
(point of presence) of a tier-1 ISP have an aggregation router
16
• mobility community
– a new BGP community attribute
– To limit the propagation of BGP update messages only
among ARs
• controls the propagation of BGP UPDATE and WITHDRAWAL
messages,
• and the creation of tunnel mapping.
17
Scoped Inter-domain BGP Updates
and Tunnel Mapping
• BGP UPDATE
– When a mobile network with prefix p switches to a new AS,
the new BS will inject a BGP announcement on p with a
mobility community attribute.
– may propagate up along the AS hierarchy and reach a
tier-1 ISP
– When arrive an AR, this trigger an update for p that may
propagate across all ARs in all tier-1 ISP
– may arrive at an provider AS with a previous route to p.
• the AS is a common provider to both the previous and current AS
which the mobile network attaches to.
• the AS suppresses it
– a change of BS does not trigger updates among any tier-1 ISPs.
18
• BGP WITHDRAWAL
– When a mobile network leaves an AS, the designated
border router (?) will announce a BGP WITHDRAWAL
message for p with the mobility community attribute
– may propagate up along the AS hierarchy and reach a
tier-1 ISP
– When arrive an AR, this trigger an update for p that may
propagate across all ARs in all tier-1 ISP
– stop at the common provider which has a new route
19
• Tunnel Mapping
– When a tier-1 ISP’s border router (Provider Edge, PE) receives a BGP
UPDATE message for a p from its customer border router (Customer
Edge, CE)
• the PE propagates the BGP UPDATE to other ARs in ISPs with the CE’s IP
address
• Each AR create a tunnel using CE’s IP address as the tunnel endpoint
– non-ARs have only a default route to its closest AR
• all other non-tier-1 ISPs need not maintain detailed routes to
the mobile prefixes
– set up default routes (for the mobile prefixes) to its provider
20
ARtunnelCE ?
21
Outline
•
•
•
•
•
•
•
•
•
Introduction
Related Work
Overview
Basic Scheme: Inter-domain Mobility
Intra-domain Mobility
WINMO Properties
Implementation Issues
Evaluations
Conclusions and Future Work
22
Infrastructure Support
• To prevent iBGP (internal BGP) routing changes due to
roaming within an AS, only a designated BGP speaking
router (DBR) act as the origin p and announces p
• a mobile network always update this router of its care-ofaddress.
– how? by the MR or the BS?
• Three additional flags for routing table entry in every routers
– insideAS() whether a prefix is originating within an AS
– origin()  whether a given router originated a prefix (knows where to
tunnel the packet)
– mobilePrefix()  whether a destination prefix is a mobile network
23
Packet Mobility State (MOS)
• Three purposes:
– Removal of triangular routing,
– guarantee of location privacy, and also
– prevention of DoS
• The CH always uses the home address (assigned in the mobile network) of the
MH for data packets.
24
Packet Mobility State (MOS) (cont.)
• when a mobile network switches to a new BS, it (the MR) needs to
authenticate itself
– before a care-of-address can be allocated to it.
• the mobile network needs to be sure that it is not attaching to a bogus BS
– after a successful authentication, the AAA server returns to the BS an
encrypted token t = Kmrg(HoP, COA)
• the mobile network’s home network prefix (HoP) and
care-of-address (COA)
• The mobility router group includes all BGP (iBGP and eBGP included) speaking
routers and some additional internal routers for performance improvement (and AAA server).
– On the data path, t will be stamped by the BS into the IP packets originated
from the mobile network.
•
stamped by BS Vs. by the MH => 1:2
– A CH (with updated OS) bounce the opaque token back to the MH.
•
authenticate the BS? 因為”bogus BS”不會收到AAA server來的t ?
25
Packet Mobility State (MOS) (cont.)
//is a router in mobility router group
//BS de-tunnel
// to the DBR
// the CH initiate connection or legacy OS on the CH
// to the DBR
// for DDoS
26
WINMO Properties
• Global Reachability
• Routing Optimality
– Non-AR tunnels packet to AR
– Routers not understanding MOS forward the packet to
DBR
27
• Security and Privacy
– Assume that the border gateway routers and AAA servers
are secure.
• the BSs are more likely to be compromised
– Defense against connection hijacking
• an ongoing connection
• A forged t will not pass verification and will be dropped
• Replaying t by a attacker will induce traffic from the CH to the MH.
– not reach the attacker. (Replay t with old COAthe Kmrg is refreshed pereodically)
• in contrast to the mobile IP solution, the attacker can hijack the
connection
– if an attacker is on the path between CH and the HA of the MH.
(the compromised BS?)
28
– Resilience to DDoS attack
• For a packet destined to mobile
networks, if it does not carry MOS,
it will be demoted to a low priority queue.
• Only attackers on the path between a legitimate CH and the
mobile network can spoof the packet state.
– Preservation of location privacy
29
Outline
•
•
•
•
•
•
•
•
•
Introduction
Related Work
Overview
Basic Scheme: Inter-domain Mobility
Intra-domain Mobility
WINMO Properties
Implementation Issues
Evaluations
Conclusions and Future Work
30
Evaluations
- Effectiveness of Inter-domain Support
• Simulate the mobility and routing changes using real Internet
topology data.
• treat each AS as one node, with a single prefix
– each AS selects and exports routes using the standard policy based
on AS business relationships
• E.g. customer routes have the highest priority while provider routes have
the lowest.
• Each round randomly pick one AS as the attachment point.
• For each mobility solution, compute the average path length
between the attachment AS and all other ASes
– the optimal path is calculated based on algorithm in [29]
[29] X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, K. Claffy, and G. Riley, “AS Relationships: Inference
and Validation,” ACM Computer Communication Review, vol. 37, no. 1, 2007.
31
normalized
inflation
• The route selection of BGP takes into
account various policies and preference
(e.g., customer route is preferred over provider route).
– sometimes results in suboptimal paths
that traverse through an AS’s customers.
• In WINMO, the provider route is
selected with a shorter AS hop count
– Default route for mobile prefix to
provider
32
• The disruption time is defined as the time duration when a router doesn’t
have a route to reach the mobile prefix.
33
Evaluations
- Effectiveness of Intra-domain Support
• evaluate the intra-domain approach using the POPlevel topologies of five large ISPs.
– the intra-domain protocol is OSPF and
– The shortest path is used to route packets
34
35
Conclusion and Future Work
• WINMO, a simple, systematic, novel solution for wide-area IP network
mobility.
– achieve low stretch global Internet routing for mobile networks roaming across
wide areas with minimal inter-domain routing overhead.
• scoped BGP updates, route aggregation, tunneling, mobility packet state
• evaluation shows that,
– the average path length of WINMO is only 11% more when compared with
Connexion;
– the BGP update overhead of WINMO is orders of magnitude smaller than
Connexion.
• Specific deployments may need to make different tradeoffs according to
user and network requirements.
• We believe that our design is flexible and adaptable to many settings, and
we will evaluate our design in more settings.
36
Related documents
Poster.MANTICORE2_v1.1 - Confluence
Poster.MANTICORE2_v1.1 - Confluence
Document
Document
name_______________________ period_________ date
name_______________________ period_________ date
Monitoring and Measurement
Monitoring and Measurement
Transportation: A Key to Healthy Communities
Transportation: A Key to Healthy Communities
The American Class System
The American Class System
Slides - Duke Computer Science
Slides - Duke Computer Science
class18 - eecis.udel.edu
class18 - eecis.udel.edu
Trade Capacity Building in Sub-Saharan Africa: Impact and
Trade Capacity Building in Sub-Saharan Africa: Impact and
Week 6
Week 6