Embed Size (px)
Citation preview
IPv6 MobilityIPv6 Mobility
David BushDavid Bush
Correspondent Node OperationCorrespondent Node Operation
DEF: Correspondent node is any node DEF: Correspondent node is any node that is trying to communicate with a mobile that is trying to communicate with a mobile node.node.
This node can be either station or mobile This node can be either station or mobile itself.itself.
Receiving PacketsReceiving Packets
When receiving a packet from a mobile When receiving a packet from a mobile node, the Home Address option will be node, the Home Address option will be used.used.
The correspondent node must then copy The correspondent node must then copy the Home Address into the IPv6 header.the Home Address into the IPv6 header.
This processing must be done only after This processing must be done only after any other options are processed.any other options are processed.
Validating any Binding Update Validating any Binding Update RequestRequest
Before dealing with any Binding Update, the Before dealing with any Binding Update, the request must be validated.request must be validated.In order to be considered valid, the packet must In order to be considered valid, the packet must fulfill the following:fulfill the following: The packet has to have valid AH or ESP header that The packet has to have valid AH or ESP header that
will provide user authentication.will provide user authentication. The Home Address option must be valid.The Home Address option must be valid. The Sequence number must be greater that any The Sequence number must be greater that any
previous requests.previous requests.
Any request not satisfying these requirements is Any request not satisfying these requirements is silently dropped.silently dropped.
Request to Cache a BindingRequest to Cache a Binding
When a correspondent node receives this When a correspondent node receives this request, it is to enter the update into it’s request, it is to enter the update into it’s Binding Cache (or update if the entry is Binding Cache (or update if the entry is already there)already there)
In addition, a Lifetime period is specified In addition, a Lifetime period is specified and the Binding Update must be deleted and the Binding Update must be deleted after this time period.after this time period.
Request to Delete a BindingRequest to Delete a Binding
When a request for deletion is received, When a request for deletion is received, the correspondent node must delete the the correspondent node must delete the Binding Update associated with the mobile Binding Update associated with the mobile node from it’s Binding Cache.node from it’s Binding Cache.
Sending Binding Sending Binding AcknowledgementsAcknowledgements
A packet with any Binding Update request A packet with any Binding Update request may include a request for an may include a request for an acknowledgement.acknowledgement.If this is the case, the correspondent node If this is the case, the correspondent node should send an acknowledgement to the should send an acknowledgement to the mobile node.mobile node.A value in the status field of less than 128 A value in the status field of less than 128 means acceptance, and more than 128 means acceptance, and more than 128 means rejection.means rejection.
Sending Binding RequestSending Binding Request
Since there is a Lifetime period, the Since there is a Lifetime period, the Binding Update must be deleted after this Binding Update must be deleted after this time period.time period.However, if the correspondent node knows However, if the correspondent node knows the Binding Cache entry is still active, it the Binding Cache entry is still active, it can send a request to the mobile node to can send a request to the mobile node to update the Binding entry.update the Binding entry.This can even be done is any packet that This can even be done is any packet that is part of normal communication.is part of normal communication.
Cache Replacement PolicyCache Replacement Policy
When the Binding Cache of a When the Binding Cache of a correspondent node becomes full, the correspondent node becomes full, the node may choose to delete any entry node may choose to delete any entry except for a “home registration” entry.except for a “home registration” entry.
If a new request cannot be fulfilled If a new request cannot be fulfilled because of lack of storage, the node will because of lack of storage, the node will return a Binding Acknowledgement with return a Binding Acknowledgement with status field set to value 131.status field set to value 131.
Sending Packet to a Mobile NodeSending Packet to a Mobile Node
Before any packets are sent, the Binding Before any packets are sent, the Binding Cache is searched for a matching entry.Cache is searched for a matching entry.
If there is an entry, the node will use a If there is an entry, the node will use a Routing header to send the packet to the Routing header to send the packet to the mobile node’s care-of-address that is in mobile node’s care-of-address that is in the entry.the entry.
If there is no entry, the packet will be send If there is no entry, the packet will be send as usual.as usual.
Home Agent OperationHome Agent Operation
DEF: A Home Agent is a router that is on DEF: A Home Agent is a router that is on the mobile node’s home link which the the mobile node’s home link which the mobile node has registered with.mobile node has registered with.
Receiving Router Advertisement Receiving Router Advertisement MessagesMessages
Home agents periodically send out Home agents periodically send out multicast advertisements with the Home multicast advertisements with the Home Agent bit set.Agent bit set.This allows Home Agents to maintain a list This allows Home Agents to maintain a list of other Home Agents that it is connected of other Home Agents that it is connected to.to.If the Home Agent is not already in the list, If the Home Agent is not already in the list, it is added and the lifetime set. If it is in it is added and the lifetime set. If it is in the list, the lifetime is reset.the list, the lifetime is reset.
Primary Care-of-Address Primary Care-of-Address RegistrationRegistration
If a node receives a request to become a If a node receives a request to become a mobile node’s home agent and the node mobile node’s home agent and the node does not implement home agent does not implement home agent functionality or is not servicing the mobile functionality or is not servicing the mobile node’s subnet, it must reject the request.node’s subnet, it must reject the request.
Otherwise, the home agent accepts the Otherwise, the home agent accepts the care-of-address registration and becomes care-of-address registration and becomes the node’s Home Agent.the node’s Home Agent.
Primary Care-of-Address Primary Care-of-Address Registration Cont.Registration Cont.
The Home Agent then enters the care-of-The Home Agent then enters the care-of-address into it’s Binding Cache and marks address into it’s Binding Cache and marks it as a “home registration.” The Prefix it as a “home registration.” The Prefix Length is also saved.Length is also saved.
If the Acknowledge bit is set, an If the Acknowledge bit is set, an acknowledgement is sent to the node.acknowledgement is sent to the node.
Lastly, the Home Agent starts to intercept Lastly, the Home Agent starts to intercept packets for the mobile node.packets for the mobile node.
Primary Care-of-Address Primary Care-of-Address DeregistrationDeregistration
If the node doesn’t have an entry in it’s If the node doesn’t have an entry in it’s Binding Cache for the mobile node that is Binding Cache for the mobile node that is a “home registration” the request is a “home registration” the request is rejected.rejected.
Otherwise, the entry is deleted, an Otherwise, the entry is deleted, an acknowledgement sent and the node acknowledgement sent and the node stops intercepting packets for that mobile stops intercepting packets for that mobile node.node.
Intercepting Packets for a Mobile Intercepting Packets for a Mobile NodeNode
When a Home Agent receives a packet When a Home Agent receives a packet destined for a mobile node that has destined for a mobile node that has registered with it, the node must tunnel the registered with it, the node must tunnel the packet to the mobile node using IPv6 packet to the mobile node using IPv6 encapsulation.encapsulation.
Tunneling Intercepted Packets to a Tunneling Intercepted Packets to a Mobile NodeMobile Node
An intercepted packet cannot be just An intercepted packet cannot be just forwarded to the mobile node using a forwarded to the mobile node using a Routing header.Routing header.
Instead the packet is tunneled to the Instead the packet is tunneled to the mobile node using the Home Agents IP mobile node using the Home Agents IP address as the source address and the address as the source address and the care-of-address as the destination care-of-address as the destination address.address.
Tunneling Intercepted Packets to a Tunneling Intercepted Packets to a Mobile Node Cont.Mobile Node Cont.
The mobile node receives the packet and The mobile node receives the packet and processes it resulting in its decapsulation processes it resulting in its decapsulation and processing of the original packet.and processing of the original packet.
Any packets addressed to the mobile Any packets addressed to the mobile node’s link-local address are not tunneled node’s link-local address are not tunneled to the mobile node.to the mobile node.
Instead, an ICMP Destination Unreachable Instead, an ICMP Destination Unreachable message is returned to the sender.message is returned to the sender.
Mobile Node OperationMobile Node Operation
DEF: A Mobile Node is any device DEF: A Mobile Node is any device implementing IP that can change it’s implementing IP that can change it’s location while still communicating.location while still communicating.
Sending Packets While Away Sending Packets While Away from Homefrom Home
While away from home, the mobile node While away from home, the mobile node will be using it’s home address plus any will be using it’s home address plus any number of care-of-addresses.number of care-of-addresses.
If the care-of-address is used, no special If the care-of-address is used, no special processing is needed.processing is needed.
If the home address is used and the If the home address is used and the mobile node is not at home, special mobile node is not at home, special processing must be used.processing must be used.
Sending Packets While Away Sending Packets While Away from Home Cont.from Home Cont.
Mobile IP is invisible to higher layers so Mobile IP is invisible to higher layers so the original packet is formed with the the original packet is formed with the home address as the source address.home address as the source address.
First the Home Address option is set and First the Home Address option is set and the Home Address is copied into the the Home Address is copied into the Home Address field.Home Address field.
Then the Source Address is changed to on Then the Source Address is changed to on of the node’s care-of-address.of the node’s care-of-address.
Forming New Care-of-AddressesForming New Care-of-Addresses
A Mobile Node obtains a new care-of-A Mobile Node obtains a new care-of-address when it moves to a new link.address when it moves to a new link.
It may also get one whenever it wants, but It may also get one whenever it wants, but it may not do so more than once per it may not do so more than once per second.second.
Sending Binding Updates to the Sending Binding Updates to the Home AgentHome Agent
If a Mobile Node changes it’s primary If a Mobile Node changes it’s primary care-of-address, it must register the new care-of-address, it must register the new address with it’s Home Agent.address with it’s Home Agent.
To do so, it sends a Binding Update to the To do so, it sends a Binding Update to the Home Agent with the Home Registration Home Agent with the Home Registration bit set, the Acknowledgement bit set and bit set, the Acknowledgement bit set and the care-of-address as the source the care-of-address as the source address.address.
Sending Binding Updates to Sending Binding Updates to Correspondent NodesCorrespondent Nodes
A Mobile Node may choose to send a A Mobile Node may choose to send a Binding Update to a Correspondent Node Binding Update to a Correspondent Node so that it’s current care-of-address will be so that it’s current care-of-address will be cached.cached.
The Mobile Node then must put the IP The Mobile Node then must put the IP address of the node, it’s Home Address address of the node, it’s Home Address and the remaining lifetime in it’s Binding and the remaining lifetime in it’s Binding Update List.Update List.
Retransmitting Binding UpdatesRetransmitting Binding Updates
If a Mobile node sends a Binding Update If a Mobile node sends a Binding Update with the Acknowledge bit set and does not with the Acknowledge bit set and does not receive an acknowledgement within one receive an acknowledgement within one second, it should retransmit the update second, it should retransmit the update with the same sequence number.with the same sequence number.
An exponential back-off process is used An exponential back-off process is used for all sequential failures. The max time for all sequential failures. The max time however is 256 seconds.however is 256 seconds.
Rate Limiting for Sending Rate Limiting for Sending Binding UpdatesBinding Updates
A Mobile Node may send Binding Updates A Mobile Node may send Binding Updates once per second at most.once per second at most.
If 5 consecutive Binding Updates are sent If 5 consecutive Binding Updates are sent and fail, the node must reduce its rate to and fail, the node must reduce its rate to sending only once every 10 seconds.sending only once every 10 seconds.
It may continue at this rate indefinitely.It may continue at this rate indefinitely.
Receiving Binding Receiving Binding AcknowledgementsAcknowledgements
If a Binding Acknowledgement that If a Binding Acknowledgement that indicates success is received, the Mobile indicates success is received, the Mobile Node updates the appropriate entry in it’s Node updates the appropriate entry in it’s Binding Update List and stops sending Binding Update List and stops sending update requests.update requests.
If the Acknowledgement indicates failure, If the Acknowledgement indicates failure, the appropriate entry is removed from the the appropriate entry is removed from the list and the node stops sending updates.list and the node stops sending updates.
Receiving Binding RequestsReceiving Binding Requests
A Mobile Node may receive a request for a A Mobile Node may receive a request for a Binding Update from a correspondent Binding Update from a correspondent node.node.
The Mobile Node can then send a Binding The Mobile Node can then send a Binding Update with a new lifetime to the node.Update with a new lifetime to the node.
Or the Mobile Node can send the Update Or the Mobile Node can send the Update with a lifetime of zero to deny the request.with a lifetime of zero to deny the request.
Using Multiple Care-of-AddressesUsing Multiple Care-of-Addresses
When a Mobile Node has several care-of-When a Mobile Node has several care-of-addresses, it will select one to be it’s addresses, it will select one to be it’s primary care-of-address.primary care-of-address.To do so, the node sends a Binding To do so, the node sends a Binding Update to it’s Home Agent with the Home Update to it’s Home Agent with the Home Registration and Acknowledge bits set.Registration and Acknowledge bits set.After changing the primary care-of-After changing the primary care-of-address, the node must still accept packet address, the node must still accept packet from that address.from that address.
Returning HomeReturning Home
Once a Mobile Node returns to it’s home Once a Mobile Node returns to it’s home link, it will notify it’s Home Agent by link, it will notify it’s Home Agent by sending it a Binding Update.sending it a Binding Update.
The Update will have it’s home address as The Update will have it’s home address as the care-of-address and the Home the care-of-address and the Home Registration and Acknowledge bits set.Registration and Acknowledge bits set.
Also, the node must multicast onto the Also, the node must multicast onto the home link to advertise that is has returned.home link to advertise that is has returned.
Security ConcernSecurity Concern
Even with the validation of Binding Even with the validation of Binding Updates, Home Registration, etc. there is Updates, Home Registration, etc. there is still concern.still concern.Mobile Nodes are more suseptible to theft Mobile Nodes are more suseptible to theft than non-mobile nodes and so additional than non-mobile nodes and so additional security methods need to be used security methods need to be used especially where encryption keys or especially where encryption keys or authentication information are stored on authentication information are stored on the node itself.the node itself.
