11

INTEGRATION OFINTEGRATION OFWIRELESS LAN AND 3G WIRELESSWIRELESS LAN AND 3G WIRELESS

Design and Implementation of Design and Implementation of aa

WLAN/CDMA2000WLAN/CDMA2000Interworking ArchitectureInterworking Architecture

Team 3Team 3692415154 692415154 郭大毅 郭大毅 692415159 692415159 林育德 林育德 692415157 692415157 楊智淵楊智淵

22

OUTLINEOUTLINE

ABSTRACT INTRODUCTION CDMA2000 AND WLAN BACKGROUND ARCHITECTURAL CHOICES AUTHENTICATION AND PRIVACY TWO INTEGRATED SERVICES THE IOTA IMPLEMENTATION CONCLUSIONS

33

ABSTRACTABSTRACT

Discuss:Discuss: interworking architectures for providing integrateinterworking architectures for providing integrate

d service capability across widely deployed 3G CDMA2000-d service capability across widely deployed 3G CDMA2000-based and 802.11-based networksbased and 802.11-based networks

Two design choices for integrationTwo design choices for integration:: tightly coupledtightly coupled and and loosely coupledloosely coupled Loosely coupled:Loosely coupled:

provides two kinds of roaming services, provides two kinds of roaming services, Simple-IPSimple-IP servic service and e and Mobile-IPMobile-IP service service

44

INTRODUCTIONINTRODUCTIONWLAN: WLAN: based on the IEEE 802.11 standards and

support data rates of 1~54 Mb/s3G: 3G: based on the CDMA2000 and support peak rates

144 Kb/s ~ 2.4 Mb/sGiven the complementary of :Given the complementary of : WLAN: faster short-distance access CDMA2000: slower long-range access Figure 1Figure 1 illustrates a conceptual view of the

integrated public wireless network

55

66

INTRODUCTION (cont.)INTRODUCTION (cont.)

Home AAA service:Home AAA service:

authentication; authorization; accounting.authentication; authorization; accounting. The integrated public wireless networks will The integrated public wireless networks will

offer two roaming services: simple IP service offer two roaming services: simple IP service and mobile IP service.and mobile IP service.

77

OVERVIEW OF CDMA2000 NETWORKOVERVIEW OF CDMA2000 NETWORK

The radio access network (RAN) in CDMA2000 networks consists of The radio access network (RAN) in CDMA2000 networks consists of multiple base stations (BSs) each connected to a radio network conmultiple base stations (BSs) each connected to a radio network controller (RNC) by T1/T3 links. troller (RNC) by T1/T3 links.

The RNC manages several Radio Link Protocol (RLP) layer 2 sessionThe RNC manages several Radio Link Protocol (RLP) layer 2 sessions with mobile nodes (MNs) and performs per-link bandwidth manas with mobile nodes (MNs) and performs per-link bandwidth management functions. gement functions.

When an MN moves from one RNC to the other, the on-going RLP seWhen an MN moves from one RNC to the other, the on-going RLP session is torn down and a new session is established with the visited ssion is torn down and a new session is established with the visited RNC.RNC.

The packet data serving node (PDSN) in the architecture aggregateThe packet data serving node (PDSN) in the architecture aggregates data traffic from multiple RNCs and interfaces the RAN to a packets data traffic from multiple RNCs and interfaces the RAN to a packetswitched network.switched network.

88

99

OVERVIEW OF CDMA2000 NETWORKOVERVIEW OF CDMA2000 NETWORK

The PDSN terminates a Point-to-Point Protocol (PPP) The PDSN terminates a Point-to-Point Protocol (PPP) connection and maintains session state for each MN in connection and maintains session state for each MN in its serving area. its serving area.

The hierarchical architecture and the radio access The hierarchical architecture and the radio access protocols of CDMA2000 enables mobility within the protocols of CDMA2000 enables mobility within the serving area of the PDSN, by keeping PPP connections serving area of the PDSN, by keeping PPP connections alive. alive.

The PDSN is required to support two modes of IP The PDSN is required to support two modes of IP operation: operation:

Simple-IP and Mobile-IP Simple-IP and Mobile-IP

1010

OVERVIEW OF CDMA2000 NETWORKOVERVIEW OF CDMA2000 NETWORK

Simple-IP mode: If the MN moves from one PDSN to Simple-IP mode: If the MN moves from one PDSN to another, the PPP connection must be reestablished, and another, the PPP connection must be reestablished, and a new IP address is acquired.a new IP address is acquired.

This requires the user to reestablish all their data This requires the user to reestablish all their data sessions.sessions.

Mobile-IP mode: The PDSN implements the foreign agent Mobile-IP mode: The PDSN implements the foreign agent (FA) functionality defined in Mobile-IP, allowing cross-(FA) functionality defined in Mobile-IP, allowing cross-PDSN mobility.PDSN mobility.

From a data networking point of view in PPP between the From a data networking point of view in PPP between the MN and the PDSN, and provides mobility within the MN and the PDSN, and provides mobility within the serving area of the PDSN.serving area of the PDSN.

1111

OVERVIEW OF WLAN 802.11OVERVIEW OF WLAN 802.11

Support two modes of operation:Support two modes of operation: infrastructure modeinfrastructure mode and and ad hoc modead hoc mode

AP performs three functions:AP performs three functions: It implements one or more of the 802.11 radio interface It implements one or more of the 802.11 radio interface

protocols, FHSS, DSSS or orthogonal frequency-division protocols, FHSS, DSSS or orthogonal frequency-division multiplex (OFDM).multiplex (OFDM).

It implements CSMA/CA MAC protocol. It implements CSMA/CA MAC protocol. It interfaces the cell to a packet-switched network such It interfaces the cell to a packet-switched network such

as Ethernet.as Ethernet.

1212

1313

OVERVIEW OF WLAN 802.11OVERVIEW OF WLAN 802.11

The MN first authenticates to the AP and obtain an iThe MN first authenticates to the AP and obtain an identifier.dentifier.

The packet transmissions between the AP and the MThe packet transmissions between the AP and the MN can be optionally protected using a symmetric keN can be optionally protected using a symmetric keybased RC4-based encryption called Wired Equivaleybased RC4-based encryption called Wired Equivalency Privacy (WEP).ncy Privacy (WEP).

1414

ARCHITECTURAL CHOICES

TIGHTLY-COUPLED INTERWORKING

LOOSELY COUPLED INTERWORKING

1515

TIGHTLY-COUPLED INTERWORKING

The rationale behind the tightly coupled approach is to make the WLAN network appear to the 3G core network as another 3G access network

The WLAN gateway hides the details of the WLAN network to the 3G core, and implements all the 3G protocols required in a 3G radio access network.

1616

1717

Disadvantages :

independently operated WLAN islands could not be integrated with 3G networks without explicit physical connectivity to the 3G core network.

By injecting the WLAN traffic directly into the 3G core,the setup of the entire network, as well as the configuration and design of network elements such as PDSNs, have to be modified to sustain the increased load.

1818

The configuration of the client devices also presents several issues with this approach :

the WLAN cards would need to implement the 3G protocol stack

forcing WLAN providers to interconnect to the 3G carriers’ SS7 network to perform authentication procedures

force operators that chose the LOOSELY coupled approach

1919

LOOSELY COUPLED INTERWORKING

We call this approach loosely coupled interworking because it completely separates the data paths in WLAN and 3G networks

The high-speed WLAN data traffic is never injected into the 3G core network, but the end user still experiences seamless access

In this approach, different mechanisms and protocols can handle authentication, billing, and mobility management

2020

There are several advantages to the loosely coupled integration approach :

1. it allows independent deployment and traffic engineering of WLAN and 3G networks

2. 3G carriers can benefit from other providers’ WLAN deployments without extensive capital investments

3. they can continue to deploy 3G networks using well established engineering techniques and tools

4. They no longer need to establish separate accounts with providers in different regions, or covering different access technologies

2121

AUTHENTICATION AND PRIVACY

A WLAN gateway should provide Internet access to only legitimate users, and therefore must support user authentication at one or more protocol layers

2222

In the WLAN link layer, three authentication and/or access control methods are possible:

‧ Static filtering based on MAC address: Typically filtering rules are specified using the layer 2 address of the network device

‧ WEP of the 802.11b standard : WLAN APs verify that the end host knows a shared secret in the form of a 40- or 104-bit WEP key

‧ The 802.11i standard : 802.11i is a newer standard for access control that allows dynamic per-user per-session authentication and encryption keys and stronger packet encryption.

2323

there are well-known attacks on the flawed WEP encryption algorithm

802.11i employs the IEEE 802.1x port access control standard that specifies the use of Extensible Authentication Protocol (EAP over LAN (EAPOL) between the MN and AP to perform per-session user authentication

2424

The 802.11i standard also specifies TKIP that defines a key derivation procedure to derive encryption, authentication, and integrity protection keys and a WEP-compatible encryption enhancement to fix known flaws in WEP

The 802.11i standard also describes an optional Wireless Robust Authentication Protocol (WRAP) that uses strong 128-bit AES encryption

2525

The authentication path and the corresponding dynamic packet filters used depend on the service mode :

1. mobile IP mode : the authentication is done as part of the Mobile IP registra- tion, in which the MN registers through the FA to the home agent (HA)

2. simple IP mode : the MN’s authentication procedure is triggered by the first Web access of the user

In our model, a non-802.11i MN can connect through the AP without any layer 2 authentication

2626

2727

Two Integrated ServicesTwo Integrated Services

1:Simple IP Service1:Simple IP Service is most appropriate for is most appropriate for

environments with limited mobility where layer2 mobility environments with limited mobility where layer2 mobility mechanisms satisfy mobility needs.One key advantage of mechanisms satisfy mobility needs.One key advantage of this service is that it does not need specialized client this service is that it does not need specialized client software for service access.software for service access.

2:Mobile IP Service2:Mobile IP Service is to preserve user sessions when is to preserve user sessions when

a user roams among heterogeneous networks of different a user roams among heterogeneous networks of different providers with different access technologies.providers with different access technologies.

2828

We employ two basic ideas to achieve this mobile IP servicWe employ two basic ideas to achieve this mobile IP servicee

11.Use of Mobile IP in the WLAN gateway .Use of Mobile IP in the WLAN gateway

22.Intelligent interface selection at the client in the presence of .Intelligent interface selection at the client in the presence of ovoverlapped coverageerlapped coverage between CDMA2000 and WLAN networks. between CDMA2000 and WLAN networks.

HoA: allows an Internet host to keep a fixed address called a HoA: allows an Internet host to keep a fixed address called a hohome address.me address.

CoA: in the foreign network ,an MN discovers a local FA and regCoA: in the foreign network ,an MN discovers a local FA and registers the address of isters the address of FA as a care-of-addressFA as a care-of-address with its HA. with its HA.

2929

3030

The MN performs session handoffs in two The MN performs session handoffs in two cases.cases.

1.When it loses signal on the wireless link currently in use .1.When it loses signal on the wireless link currently in use .

2.It finds a better wireless link that can provide better 2.It finds a better wireless link that can provide better performance.performance.

3131

Overlapped CoverageOverlapped Coverage.To avoid service disruption and packet loss during service handoff , .To avoid service disruption and packet loss during service handoff ,

the MN can exploit any overlapped 3G and WLAN coveragethe MN can exploit any overlapped 3G and WLAN coverage. .

3232

3333

Two thresholds ,H and L are used to avoid unnecessary haTwo thresholds ,H and L are used to avoid unnecessary handoffs that can result in poor connection.ndoffs that can result in poor connection.

Switching to a different airlink involves several steps:Switching to a different airlink involves several steps:

11.Discovery of a local FA..Discovery of a local FA.

22.Mobile IP registration with the FA over the new airlink..Mobile IP registration with the FA over the new airlink.

33.Creation of new tunnels at the HA..Creation of new tunnels at the HA.

44.Setting up a packet filter in the gateway..Setting up a packet filter in the gateway.

NodeNode: As a result ,packet loss due to handoff is minimized.: As a result ,packet loss due to handoff is minimized.( )( )

3434

OF course, in the absence of overlapped coverage, there OF course, in the absence of overlapped coverage, there

will be service interruption and packet loss.will be service interruption and packet loss.

3535

The use of Mobile IP can worsen the performance of Web The use of Mobile IP can worsen the performance of Web sessions in the presence of a Web cache outside the sessions in the presence of a Web cache outside the WLAN gateway. WLAN gateway.

11.The case where requests from the client are .The case where requests from the client are transparently directed to a Web cache.transparently directed to a Web cache.

22.For a cache miss ,the cache forwards the requests to the .For a cache miss ,the cache forwards the requests to the Web server and obtains a response.Web server and obtains a response.

33.For a cache hit , the cache would already have the .For a cache hit , the cache would already have the response in its own local disk.response in its own local disk.

4 4.The cache would forward the response back to their .The cache would forward the response back to their home networks, where the HA would tunnel the response home networks, where the HA would tunnel the response back to the gateway.back to the gateway.

3636

3737

ModifyModify

Web cache is an integral part of the WLAN gateway.It Web cache is an integral part of the WLAN gateway.It instructs the cache to forward the Web response directly to instructs the cache to forward the Web response directly to the client.the client.

The IOTA ImplementationThe IOTA Implementation

IOTA with two primary components:IOTA with two primary components:

11.The integration gateway..The integration gateway.

22.The multi-interface mobility client..The multi-interface mobility client.

3838

The IOTA gateway uses the in-kernel Linux iptables servicThe IOTA gateway uses the in-kernel Linux iptables service to perform dynamic packet filtering, packet mangling, and e to perform dynamic packet filtering, packet mangling, and NAT functions.NAT functions.

.Dynamic packet filtering.Dynamic packet filtering is primarily used to achieve contr is primarily used to achieve controlled access to the Internet for wireless clients, but it also iolled access to the Internet for wireless clients, but it also implements certain firewall functions to prevent attacks fromplements certain firewall functions to prevent attacks from malicious. m malicious.

.Dynamic packet mangling.Dynamic packet mangling redirects unauthenticated simpl redirects unauthenticated simple IP users Web request to the local Web authenticator ,but e IP users Web request to the local Web authenticator ,but it also redirects some other traffic such as DNS lookup traffit also redirects some other traffic such as DNS lookup traffic.ic.

.NAT function.NAT function allows assignment of private IP addresses fo allows assignment of private IP addresses for wireless clients within the WLAN .r wireless clients within the WLAN .(network address translation)(network address translation)

3939

Multi-Interface Mobility ClientMulti-Interface Mobility Client

We implement the multi-interface client software for Linux and We implement the multi-interface client software for Linux and Windows 2000/xp. There are three components for software:Windows 2000/xp. There are three components for software:

11.A graphical user interface..A graphical user interface.

22. A mobility client in the user space.. A mobility client in the user space.

33.A client driver in the kernel space. .A client driver in the kernel space.

4040

4141

ConclusionsConclusions

11.Using Mobile IP and AAA protocols, a service provider .Using Mobile IP and AAA protocols, a service provider can support the two access technologies with a single can support the two access technologies with a single home infrastructure for authentication and mobility home infrastructure for authentication and mobility management , and allow inter-operator roaming.management , and allow inter-operator roaming.

22.A typical implementation for loosely coupled architecture .A typical implementation for loosely coupled architecture requires a WLAN integration gateway and mobility client requires a WLAN integration gateway and mobility client software.software.

33.In the mobile IP of operation , the mobility client achieves .In the mobile IP of operation , the mobility client achieves seamless inter-technology handoffs without requiring user seamless inter-technology handoffs without requiring user intervention. intervention.