Mobile IP: Understanding Mobility and Transparent Internet Connectivity, Study notes of Computer Science

Download Mobile IP: Understanding Mobility and Transparent Internet Connectivity and more Study notes Computer Science in PDF only on Docsity! 178 Mobile IP 179 Mobility vs. Standard IP Routing IP assumes end hosts are in fixed physical locations IP addresses enable IP routing algorithms to get packets to the correct network Network id + host id; Longest prefix matching for classless inter-domain routing (CIDR) This keeps host specific information out of routers DHCP is used to get packets to end hosts in networks This still assumes a fixed end host Mobility dilemma Mobility without a change in IP address results in un-route-able packets Change of IP addresses may disrupt ongoing connections Mobile users don’t want to know that they are moving between networks 182 They say, all computer science problems can be solved by one extra level of indirection! 183 Mobile IP Entities IPv4 Network Home Network HA Visited Network Mobile Node Correspondent Node That is communicating with the mobile node FA 184 Mobile IP Entities Mobile Node (MN) The entity that may change its point of attachment from network to network in the Internet Detects it has moved and registers with “best” FA Assigned a permanent IP called its home address to which other hosts send packets regardless of MN’s location Since this IP doesn’t change it can be used by long-lived applications as MN’s location changes Home Agent (HA) This is router with additional functionality Located on home network of MN Does mobility binding of MN’s IP with its “foreign address” Forwards packets to appropriate network when MN is away Does this through encapsulation 187 How does Mobile IP Work? IPv4 Network Home Network HA Visited Network Mobile Node Correspondent Node That is communicating with the mobile node FA 1. Registration Request 2. Forward Registration Request 3. Update MN’s address 3. Acknowledge regstration 4. Registration completed 188 How does Mobile IP Work? (Cont’d) IPv4 Network Home Network HA Visited Network Mobile Node Correspondent Node That is communicating with the mobile node FA Encapsulate packets Send message using MN’s permanent address Forward message; decapsulation IP routing 189 Mobile IP Operation A MN listens for agent advertisement and then initiates registration If responding agent is the HA, then mobile IP is not necessary After receiving the registration request from a MN, the HA acknowledges and registration is complete Registration happens as often as MN changes networks HA intercepts all packets destined for MN This is simple unless sending application is on or near the same network as the MN HA masquerades as MN There is a specific lifetime for service before a MN must re- register There is also a de-registration process with HA if an MN returns home 192 Mobile IP Tunneling Across Internet IP headerIP header data IP header data 193 Problems with Mobile IP Suboptimal “triangle” routing What if MN is in same subnetwork as the CN to which it is communicating and HA is on the other side of the world? It would be nice if we could directly route packets home agentcorrespondent node 194 Route Optimization Binding Update FA HA FA HA Binding Update FA1 HA FA2 a) First Packet to a MN b) Subsequent Packets to a MN c) First Packet to a MN after hand-off 197 Security Issues Bogus registration (denial of service) attacks Malicious host sends fake registration messages to home agent "on behalf" of the mobile host Packets could be forwarded to malicious host or to the bit bucket 198 Bogus Registration Attack home agent Hehehehe!! Send packets to me!! ???? registration request Dr. Evil 199 Authentication To fix this problem, authenticate registration attempts Use private key encryption to generate a message digest Home agent applies private key to message to see if message digest is identical 202 Avoiding Replay Attacks Avoid replay attacks by making registration requests un- replayable Add estimate of local time or a pseudo-random number to registration request/reply If time estimate or random number is not the expected number, provide info in "NO!" reply for resynchronization Insufficient information to help malicious host 203 Mobility in IPv6 Route Optimization is a fundamental part of Mobile IPv6 Mobile IPv4 it is an optional set of extensions that may not be supported by all nodes Foreign Agents are not needed in Mobile IPv6 MNs can function in any location without the services of any special router in that location Security Nodes are expected to employ strong authentication and encryption