Discrete Event Simulation And Discrete Event Simulation And - - PowerPoint PPT Presentation

discrete event simulation and discrete event simulation
SMART_READER_LITE
LIVE PREVIEW

Discrete Event Simulation And Discrete Event Simulation And - - PowerPoint PPT Presentation

Nov 21, 2022 40 likes •260 views

Discrete Event Simulation And Discrete Event Simulation And Evaluation Of A Firewall Aware Evaluation Of A Firewall Aware Architecture For Mobile IP Architecture For Mobile IP Artur Hecker Artur Hecker Supervisors: Supervisors: Prof. Dr.

slide-1
SLIDE 1

Discrete Event Simulation And Discrete Event Simulation And Evaluation Of A Firewall Aware Evaluation Of A Firewall Aware Architecture For Mobile IP Architecture For Mobile IP

Artur Hecker Artur Hecker

Supervisors: Supervisors:

  • Prof. Dr. Dr. h.c.
  • Prof. Dr. Dr. h.c. mult
  • mult. Gerhard

. Gerhard Kr Krü üger ger

  • Prof. Dr.
  • Prof. Dr. Samir Tohmé

Samir Tohmé, ENST Paris , ENST Paris Dr. Dr.-

  • Ing
  • Ing. Günter

. Günter Schäfer Schäfer, ENST Paris , ENST Paris Dipl

  • Dipl. inform. Frank

. inform. Frank Pählke Pählke, University of Karlsruhe , University of Karlsruhe

slide-2
SLIDE 2

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Overview Overview

Background: Background:

Disadvantages of Mobile IP Disadvantages of Mobile IP The FATIMA concept The FATIMA concept

Conceptual work Conceptual work

Some basic concepts Some basic concepts Simulated situations, used topology Simulated situations, used topology Mobility & handover simulation Mobility & handover simulation Data structures Data structures

Results Results

Found concept problems Found concept problems Some Some a achieved chieved quantitative results quantitative results

slide-3
SLIDE 3

Background Background

slide-4
SLIDE 4

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Mobile IP: Weaknesses Mobile IP: Weaknesses

Mobile IP is: Mobile IP is:

Internet Standard (RFC 2002, 1995) Internet Standard (RFC 2002, 1995) IPv4 IPv4-

  • extension enabling Layer3

extension enabling Layer3-

  • mobility for

mobility for Internet hosts Internet hosts

Accounting Accounting System configuration System configuration Inefficient data routing Inefficient data routing Local handovers Local handovers FA vulnerability ( FA vulnerability (DoS DoS, replay attacks) , replay attacks) Firewall support Firewall support

slide-5
SLIDE 5

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

FATIMA: Overview FATIMA: Overview

FATIMA is: FATIMA is:

F Firewall irewall A Aware ware T Transparent ransparent I Internet nternet M Mobility

  • bility

A Architecture rchitecture Improvement to Mobile IP Improvement to Mobile IP Backwards compatible to Mobile IP Backwards compatible to Mobile IP

FATIMA defines / claims to improve: FATIMA defines / claims to improve:

Structure for local mobility components Structure for local mobility components Firewall support with Mobile IP Firewall support with Mobile IP Fast local handovers Fast local handovers Routing in Mobile IP Routing in Mobile IP

slide-6
SLIDE 6

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

FATIMA: Basic Idea FATIMA: Basic Idea

Main Gateway Main Gateway

Home Agent Foreign Agent Firewall Home Agent Proxy Foreign Agent Proxy

Monitor: FATIMA features Monitor: FATIMA features

One central CoA One central CoA Centralized security Centralized security Central configuration Central configuration

slide-7
SLIDE 7

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Goals of this work Goals of this work

Build a FATIMA Build a FATIMA-

  • equipped network with

equipped network with some simulation concept some simulation concept Test the applicability of FATIMA Test the applicability of FATIMA (qualitative proof) (qualitative proof) Comparison of FATIMA and Mobile IP Comparison of FATIMA and Mobile IP networks (quantitative proof) networks (quantitative proof)

slide-8
SLIDE 8

Conceptual Work Conceptual Work

Examples of used concepts Examples of used concepts

slide-9
SLIDE 9

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: Approach Concept: Approach

Realization: based on OMNeT++ Realization: based on OMNeT++ Topology: two networks & one CN enable to simulate Topology: two networks & one CN enable to simulate all the necessary situations. Each network should all the necessary situations. Each network should have more than one FA / FAP. One HA / HAP should have more than one FA / FAP. One HA / HAP should be enough. be enough. OMNeT++: provides modules & messages with peer OMNeT++: provides modules & messages with peer-

  • to

to-

  • peer connectivity and time control, no broadcast,

peer connectivity and time control, no broadcast, no native IP support no native IP support

No Mobile IP No Mobile IP without basic without basic IP IP

slide-10
SLIDE 10

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: Independency Concept: Independency

OMNeT++ independent code

OMNeT++ API

Node NetMessage

Abstraction API

1 1

Wrapper NetDriver Driver Message cSimpleModule cMessage sim library

OMNeT++ simulator code

slide-11
SLIDE 11

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: IPv4 & Broadcast Concept: IPv4 & Broadcast

Node Node Node Node Local Network 137.194.*.*

Internet

137.194.160.1 137.194.160.2 Gateway 137.194.160.254 137.194.160.3 137.194.160.4

slide-12
SLIDE 12

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: Mobility Simulation Concept: Mobility Simulation

FA(P) HA(P) Mobile Generator Mobile Generator Network Gateway Topological View

Mobile Generator: Mobile Generator: Creates Creates mobile mobile nodes nodes Configures Configures mobile mobile nodes nodes Simulates handovers Simulates handovers Relies traffic between Relies traffic between MNs and MNs and agents agents Shares a list of all MNs Shares a list of all MNs Remains Remains transparent transparent for for the agents the agents and and the the mobiles mobiles

slide-13
SLIDE 13

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: Hand Concept: Hando

  • ver

HO_NOTE(MN) HO_NOTE(MN)

ver

Mobile Generator Mobile Generator

1 1 2 2

creates MN next HO MG & time reconfigures MN updates own tables

  • Resp. MG
  • Resp. MG

updates own tables reconfigures MN next HO MG & time

slide-14
SLIDE 14

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Concept: Databases Concept: Databases

The most frequent requirements here: The most frequent requirements here:

Find the data record for the given IP Find the data record for the given IP Is this IP in the database? Is this IP in the database?

Hash function for a table of size Hash function for a table of size size: :

hash table hashing IPv4 addresses hash table hashing IPv4 addresses

hash hash( (ip ip) = ) = ip ip ( ( ip ip * 2 * 223

23) (

) ( ip ip * 2 * 217

17) /

) /\ \ ( (size size – – 1) 1) mod mod ( (size size – – 1) 1)

slide-15
SLIDE 15

Results Results

Some of the achieved results Some of the achieved results

slide-16
SLIDE 16

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: FATIMA Results: FATIMA Deficiences Deficiences

Control traffic: Control traffic: < <proposed solution> proposed solution>

Slightly insufficient data base entries through new Slightly insufficient data base entries through new indirections in the FATIMA indirections in the FATIMA

Firewall support: Firewall support: < <no solution by now> no solution by now>

Found a conceptual problem with mobile nodes trying to Found a conceptual problem with mobile nodes trying to contact their partners in the home network contact their partners in the home network

HAP selection: HAP selection: < <no solution by now> no solution by now>

Undefined behavior in the main gateway Undefined behavior in the main gateway

MN Incompatibility: MN Incompatibility: < <no solution> no solution>

The concept required an incompatible configuration for MN The concept required an incompatible configuration for MN (Home Agent configuration) (Home Agent configuration)

slide-17
SLIDE 17

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: Fast local handoffs Results: Fast local handoffs – – Number of Packets Number of Packets

Control traffic / 20 MNs per network / 30 days Control traffic / 20 MNs per network / 30 days (first FATIMA net with: 3 (first FATIMA net with: 3 FAPs FAPs + HAP, else 2 + 1) + HAP, else 2 + 1)

# 36 377 # 36 377 Σ 3 628 720 # 84 320 # 84 320 Σ 6 178 030 # 96 010 # 96 010 Σ 6 741 710 2 * 2 * Fatima Fatima # 39 275 # 39 275 Σ 3 837 840 # 68 893 # 68 893 Σ 4 864 670 # 98 801 # 98 801 Σ 6 944 600 mixed mixed # 42 226 # 42 226 Σ 4 053 700

internet

# 71 865 # 71 865 Σ 5 080 910

  • 2. net

# 71 845 # 71 845 Σ 5 080 490 2 * 2 * stdmip stdmip

  • 1. net
slide-18
SLIDE 18

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: MN sending to a CN Results: MN sending to a CN in its home network in its home network – – RTD 1 RTD 1

Data traffic / 60 MNs in one network / 14 days Data traffic / 60 MNs in one network / 14 days

RTD: FATIMA RTD: FATIMA-

  • FATIMA, MN@FAT

FATIMA, MN@FAT

slide-19
SLIDE 19

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: MN sending to a CN Results: MN sending to a CN in its home network in its home network – – RTD 2 RTD 2

RTD: FATIMA RTD: FATIMA-

  • MOBILEIP

MOBILEIP, MN@FAT , MN@FAT

slide-20
SLIDE 20

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: MN sending to a CN Results: MN sending to a CN in its home network in its home network – – RTD 3 RTD 3

RTD: RTD: MOBILEIP MOBILEIP-

  • FATIMA, MN@

FATIMA, MN@MIP MIP

slide-21
SLIDE 21

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Results: MN sending to a CN Results: MN sending to a CN in its home network in its home network – – RTD 4 RTD 4

RTD: RTD: MOBILEIP MOBILEIP-

  • MOBILEIP,

MOBILEIP, MN@ MN@MIP MIP

slide-22
SLIDE 22

Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe

Outlook: Still To Outlook: Still To-

  • Do

Do

FATIMA FATIMA-

  • Concept:

Concept:

MN compatibility solution for the reality MN compatibility solution for the reality Firewall integration and rules Firewall integration and rules

Simulation: Simulation:

Data send profiles integration Data send profiles integration Firewall component for the main Firewall component for the main gateway gateway „Configuration module“ „Configuration module“