mobile networking n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Mobile Networking PowerPoint Presentation
Download Presentation
Mobile Networking

Loading in 2 Seconds...

play fullscreen
1 / 96

Mobile Networking - PowerPoint PPT Presentation


  • 281 Views
  • Uploaded on

Mobile Networking. As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will Ivancic – wivancic@grc.nasa.gov. Outline. Mobile Networking Solutions Aeronautical Telecommunication Network (ATN) Mobile-IPv4 Operation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Mobile Networking


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Mobile Networking As Applied to Any Mobile Network Including Aeronautical Internets Airborne Internet Collaboration Group meeting April 17, 2003 Will Ivancic – wivancic@grc.nasa.gov

    2. Outline • Mobile Networking Solutions • Aeronautical Telecommunication Network (ATN) • Mobile-IPv4 Operation • Secure Mobile Network Demonstration • Mobile-IPv6 Operation • Networks In Motion (NEMO) • NASA Glenn Research Center Research

    3. Mobile Networking Solutions • Routing Protocols •  Route Optimization •  Convergence Time •  Sharing Infrastructure – who owns the network? • Mobile-IP •  Route Optimization •  Convergence Time •  Sharing Infrastructure •  Security – Relatively Easy to Secure • Domain Name Servers •  Route Optimization •  Convergence Time •  Reliability

    4. Aeronautical Communication Requirements for ATN • Interoperability with existing subnetworks • High availability • Mobile Communication • Message prioritization • Policy based routing • Security • Just now being considered • Bit Efficiency • Support for multiple mobile subnetworks • Mobile platform forms its own Routing domain

    5. Aeronautical Communication Requirements – Questions? • How much is politics, how much is technical requirements. • Policy based routing • Is this a political or technical requirement? • Security – Previously undefined • Can Links handle Authentication, Authorization, Accounting and Encryption? • Bit Efficiency • Is this due to limited links. • Load Sharing of RF links • Is this specified, implied or not necessary • Current (and perhaps future) implementations of Mobile Networking do not support this.

    6. ATN Non-Requirements • Sharing Infrastructure • Multicasting • Interoperate with non-ATN applications • Unidirectional Link Routing • Use of Commodity products and protocols • Cost Effective • Flexible • Adaptable • Evolvable

    7. ATN Solutions for Mobility • Uses Inter-Domain Routing Protocol (IDRP) for routing • Implements distributed IDRP directory using Boundary Intermediate Systems (BISs) • Two level directory • ATN Island concept consisting of backbone BISs • Home BISs concept • Scalability obtained by the two level structure • Resilience is provided by the distributed approach

    8. ATN • ATN Routing uses the IDRP Routing Protocol • IDRP supports policy IDRP supports policy-based based routing which allows administrations to autonomously control use of their network • IDRP supports mobility by permitting aggregate routes to be selectively propagated through the network

    9. Mobile RD Mobile RD Non-ATN RD Fixed ATN ERD Fixed ATN ERD ATN Island Routing Domain Confederation Structure To another ATN Island ATN Backbone RDC ATN TRD ATN TRD ATN TRD ERD – End RD RDC – RD Confederation ATN Island RDC TRD – Transit RD

    10. Mobile RD Internet Internet Fixed ATN ERD Pick Your Satellite Service Suppliers Pick Your Radio (i.e.802.11) ATN Backbone RDC ATN TRD ATN TRD ATN Island RDC

    11. Moblile-IP Operation IPv4

    12. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames Bi-directional Tunnel if Reverse Tunneling Is specified. 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    13. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    14. Internet or Intranet “ ” Mobile-IP (IPv4) using Foreign Agents (Reverse Tunneling) Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Foreign Agent Foreign Agent 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    15. DHCP or Connection Established Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames Bi-directional Tunnel if Reverse Tunneling Is specified. 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    16. Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    17. Internet or Intranet “ ” Mobile-IP (IPv4) using Collocated Care-Of-Address (Reverse Tunneling) Mobile Node Home IP 128.183.13.103 Care-Off-Address 139.88.111.50 Access Router Access Router 143.232.48.1 139.88.111.1 139.88.112.1 NASA Glenn 143.232.48.1 NASA Ames 128.183.13.1 NASA Goddard Corresponding Node Home Agent

    18. Tunnel-0 Tunnel-1 Internet Mobile-Router (IPv4) Mobile Router 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface Bi-directional Tunnel if Reverse Tunneling Is specified. 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 139.88.100.1 FA WAN Foreign Agent 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

    19. Internet Mobile-Router (IPv4) Mobile Router (Reverse Tunneling) 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 FA WAN Tunnel-1 Foreign Agent 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

    20. Tunnel-1 Foreign Agent No Foreign Agent No Second Tunnel Internet Mobile-Router (IPv4) Collocated Care-Of-Address 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 FA WAN 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

    21. Internet Mobile-Router (IPv4) Collocated Care-Of-Address 10.2.3.101 10.2.3.1 Virtual LAN Interface Mobile Router (Mobile Node) 10.2.2.1 Roaming Interface 10.2.4.10 MR Loopback Virtual Interface COA 139.88.100.1 Tunnel-0 139.88.100.1 Access Router 139.88.112.1 Internet WAN 128.183.13.1 Internet WAN Home Agent 128.184.25.1 HA Loopback Virtual Interface Corresponding Node

    22. Mobile Networking Additional Features Geographically Distributed Home Agents Asymmetrical Pathing

    23. X Secondary Home Agent Secondary Home Agent(reparenting the HA) Primary Home Agent Reparenting Home Agent Helps resolve triangular routing Problem over long distances

    24. If primary control site becomes physically inaccessible but can be electronically connected, a secondary site can be established. If primary control site is physically incapacitated, there is no backup capability. Emergency Backup(Hub / Spoke Network)

    25. If primary control site is physically incapacitated, a second or third or forth site take over automatically. Secondary Home Agent(Fully Meshed Network) 3 5 1 4 2

    26. Internet Home Agent Foreign Agent Foreign Agent Asymmetrical Pathing DVB Satellite MilStar, Globalstar, Others Mobile Router

    27. Securing Mobile and Wireless Networks Some ways may be “better” than others!

    28. Constraints / Tools • Policy • Architecture • Protocols

    29. IPv4 Utopian Operation CN US Coast Guard Operational Network (Private Address Space) Public Internet US Coast Guard Mobile Network HA Triangular Routing FA MR

    30. IPv4 Mobile-IP Addressing • Source Address is obtained from • Foreign Agent • Static Collocated Care-of-Address (CCoA) • DHCP via Access Router (Dynamic CCoA) • Private Address space is not routable via the Open Internet • Topologically Incorrect Addresses should be blocked via Ingress or Egress filtering

    31. Proxy had not originated the request; therefore, the response is squelched. Peer-to-peer networking becomes problematic at best. Glenn Research Center Policy: No UDP, No IPSec, etc… Mobile-IP stopped in its tracks. What’s your policy? USCG Requires 3DES encryption. WEP is not acceptable due to known deficiencies. Ingress or Egress Filtering stops Transmission due to topologically Incorrect source address. IPv6 Corrects this problem. IPv4 “Real World” Operation CN US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA FA MR

    32. Current Solution – Reverse Tunneling CN Adds Overhead and kills route optimization. US Coast Guard Operational Network (Private Address Space) Public Internet P R O X y US Coast Guard Mobile Network HA FA Anticipate similar problems for IPv6. MR

    33. MR MR ACME Shipping Canadian Coast Guard FA FA ACME SHIPPING HA Public Internet MR HA US Coast Guard HA Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue. MR HA US Navy Shared Network Infrastructure

    34. ENCRYPTION ON THE RF LINK ENCRYPTION AT THE NETWORK LAYER VIRTUAL PRIVATE NETWORK HEADER HEADER HEADER HEADER PAYLOAD ORIGINAL PACKET Security • Security  Bandwidth Utilization  • Security  Performance  • Tunnels Tunnels Tunnels and more Tunnels • Performance  Security   User turns OFF Security to make system usable! • Thus, we need more bandwidth to ensure security.

    35. Additional and FutureSecurity Solutions • AAA • Routers (available today) • Wireless bridges and access points (available 2002) • IPSec on router interface • Encrypted radio links • IPSec, type1 or type2, and future improved WEP

    36. Conclusions • Security Breaks Everything  • At least it sometimes feels like that. • Need to change policy where appropriate. • Need to develop good architectures that consider how the wireless systems and protocols operate. • Possible solutions that should be investigated: • Dynamic, Protocol aware firewalls and proxies. • Possibly incorporated with Authentication and Authorization.

    37. USCGC Neah Bay Project Mobile Networking in an Operational Network

    38. Mobile Network Design Goals • Secure • Scalable • Manageable • Ability to sharing network infrastructure • Robust

    39. Neah Bay / Mobile Router Project Detroit Foreign-Agent Neah Bay Outside of wireless LAN range, connected to FA via Inmarsat. Neah Bay Connected to FA via wireless LAN at Cleveland harbor Foreign-Agent Somewhere, USA Cleveland Foreign-Agent Internet Home-Agent Anywhere, USA

    40. Why NASA/USCG/Industry • Real world deployment issues can only be addressed in an operational network. • USCG has immediate needs, therefore willingness to work the problem. • USCG has military network requirements. • USCG is large enough network to force full us to investigate full scale deployment issues • USCG is small enough to work with. • NASA has same network issues regarding mobility, security, network management and scalability.

    41. Mobile-Router Advantages • Share wireless and network resources with other organizations • $$$ savings • Set and forget • No onsite expertise required • However, you still have to engineer the network • Continuous Connectivity • (May or may not be important to your organization) • Robust • Secondary Home Agent (Reparenting of HA)

    42. MR MR ACME Shipping Canadian Coast Guard FA FA ACME SHIPPING HA Public Internet MR HA US Coast Guard HA Encrypting wireless links makes it very difficult to share infrastructure. This is a policy issue. MR HA US Navy Shared Network Infrastructure

    43. We Are Running with Reverse Tunneling • Pros • Ensures topologically correct addresses on foreign networks • Required as requests from MR LAN hosts must pass through Proxy inside main firewall • Greatly simplifies setup and management of security associations in encryptors • Greatly simplifies multicast – HA makes for an excellent rendezvous point. • Cons • Uses additional bandwidth • Destroys route optimization

    44. MR Tunnel Endpoint (Public Space) PROXY USCG INTRANET 10.x.x.x HA Tunnel Endpoint (Public Space) Encryption Mobile LAN 10.x.x.x INTERNET FIREWALL FA - Detroit Encryption HA FA – Cleveland 802.11b link Public Address

    45. PROXY USCG INTRANET 10.x.x.x Open Network Data Transfers Dock Encryption Mobile LAN 10.x.x.x EAST WEST INTERNET FIREWALL FA - Detroit Dock Encryption EAST WEST HA FA Cleveland 802.11b link Public Address USCG Officer’s Club

    46. PROXY USCG INTRANET 10.x.x.x Encrypted Network Data Transfers Dock Encryption Mobile LAN 10.x.x.x EAST WEST INTERNET FIREWALL FA - Detroit Encryption EAST WEST HA Dock FA Cleveland 802.11b link Public Address USCG Officer’s Club

    47. RF Bandwidth 7 Kbps to 56 Kbps in 7 Kbps chunks (1 to 2.5 seconds delay) 11.0 Mbps (auto-negotiated and shared with Officer’s Club) Dock Encryption Mobile LAN 10.x.x.x EAST 1.0 Mbps (manually set) 1.0 Mbps (manually set) WEST

    48. Globalstar/Sea Tel MCM-8 • Initial market addresses maritime and pleasure boaters. • Client / Server architecture • Current implementation requires call to be initiated by client (ship). • Multiplexes eight channels to obtain 56 kbps total data throughput. • Full bandwidth-on-demand. • Requires use of Collocated Care-of-Address

    49. RF Technologies • Globalstar (L-Band) • Globalstar MCM-8 (Client/Server) • Seatel MCM-3 (Client/Server) • Qualcomm MDSS-16 • Boeing Connex (Ku-Band) • INMARSAT Swift 64 • General Packet Radio Service (GPRS) • 802.11 • VHF