Mobile IP and VPN Tarik Cicic University of Oslo December 2001 - - PDF document

mobile ip and vpn
SMART_READER_LITE
LIVE PREVIEW

Mobile IP and VPN Tarik Cicic University of Oslo December 2001 - - PDF document

Nov 04, 2023 436 likes •552 views

Mobile IP and VPN Tarik Cicic University of Oslo December 2001 Overview Concept of tunneling Mobile IP concepts and deployment Virtual Private Network principles 2 Tunneling Technique for modifying data transport Used

slide-1
SLIDE 1

1

Mobile IP and VPN

Tarik Cicic University of Oslo December 2001

2

Overview

  • Concept of tunneling
  • Mobile IP concepts and deployment
  • Virtual Private Network principles

3

Tunneling

  • Technique for modifying data transport
  • Used to transport data

– with inconsistent addresses – belonging to incompatible protocols

  • Packets belonging to Layer n are transported on

Layer m, where n <= m

  • Examples:

– IP in IP (L3 in L3) – ATM in IP (L2 in L3)

slide-2
SLIDE 2

2

4

“Regular” Data Packets

  • Information packed in

the payload

  • Control information in

the header

  • Each layer adds its

header

HTTP HTTP

Header Payload

HTTP HTTP TCP HTTP HTTP TCP IP

5

Tunneling

HTTP HTTP HTTP HTTP TCP HTTP HTTP TCP IP IP IP IP HTTP HTTP HTTP HTTP TCP HTTP HTTP TCP IP1 HTTP HTTP TCP IP1 IP2

(Not drawn to scale ☺) ”n-in-n” ”n-in-m”

6

Proc and Cons

+ Tunneling is essential for a range of new IP services

  • It adds overhead and complexity to the

communications

  • We would prefer to not use it, whenever

possible

slide-3
SLIDE 3

3

Mobility

8

Mobility Concepts

  • Work in office and at home (DHCP, dialup)
  • Home-network access wherever we are

– VPN, IP-SEC, dialup

  • Switch networks without service interruption

– Mobile IP

  • Other

– WLAN roaming, protocol service discovery, cellular technologies

9

Mobile IP Terminology

  • Care-of-address: temporary address on a foreign

network

  • Home Agent (HA): computer on the home network

responsible for tracking the mobile node

  • Foreign agent (FA): computer on the remote

network responsible for assigning the care-of addresses and informing HA about it

slide-4
SLIDE 4

4

10

Basic Concept

Internet

Sender Receiver

129.240.64.135

Home agent Foreign agent

158.9.13.15

Tunnel Tunnel

192.4.69.3 129.240.64.97 158.9.13.15 129.240.64.135 Care-of Address Local Address

Mobile node introduces itself to the FA FA sends Care-

  • f Address to

the HA

11

Mobile IP Protocol Components

  • Agent discovery
  • Registration procedure
  • Handoff rules:

– from one network to another – triggered by, e.g., traffic drop, retransmissions

  • Address binding

12

Route Optimization

  • Avoiding the “triangle” communication

through binding updates

Internet

Sender Receiver Home agent Foreign agent

129.240.64.135 is at 158.9.13.15

slide-5
SLIDE 5

5

13

Mobile IPv6

  • Node autoconfiguration in foreign network
  • Secure binding updates
  • Source routing through the routing header

IPv6 Internet

Sender Receiver Home agent Foreign agent

  • No FA needed
  • No tunneling

14

Route Optimization in IPv6

  • Routing header normally used
  • If a packet arrives to the HA, it is assumed

that the source does not know the COA, and the packet is encapsulated to the mobile node:

  • Mobile node sends a routing update to the

source

Payload Src Dest HA COA

15

Mobile IP Summary

  • Mobile IP still not widely deployed:

– IPv4 networks need substantial software to run Mobile IP (client protocol stack, FA, HA …) – IPv6 still on wait

  • We believe Mobile IP will become widespread
  • More work on

– dynamic (smooth) handover – security – compatibility – merge between IP and telecom solutions

slide-6
SLIDE 6

6

Virtual Private Networks

17

Introduction

  • Technique to interconnect networks on

geographically spread locations

  • Public network infrastructure is used

instead of leased lines

  • The network looks private to the user, hence

term “virtual”

18

VPN Advantages

  • Cost-saving, as it gains from statistical

multiplexing

  • Flexibility (connecting new sites, contract

modifications, points of presence etc.)

  • Transfer of servicing tasks to the network

provider

slide-7
SLIDE 7

7

19

VPN Challenges

  • Security
  • Reliability and QoS
  • Lack of standards

20

Security

  • Authentication (how to know that the data is

really sent by the peer)

  • Policy enforcement (control lists, firewalls)
  • Transport of confidential data over public

networks (encryption)

  • Monitoring network intrusions

21

VPN QoS

  • No QoS support in IP networks
  • Heavy requirements on ingress points in
  • rder to maintain the traffic contracts
  • Lesser efficiency
slide-8
SLIDE 8

8

22

Where to Implement?

  • Layer 3 (IP SEC, GRE, L2TP, MPLS):

+ Flexibility, simplicity

  • IP only, poor standardization
  • Layer 2 (FR, ATM, PPP):

+ Multi-protocol, integration with access networks

  • Maintenance, complexity

23

Simple VNP Topology

P1 P2 N1a 10.0.128/24 R1 R2 R4 R3 N2a 10.0.128/24 N1b 10.0.0/17 N2b 10.0.0/17

VPN identifiers are needed:

  • to discriminate packets on

destination

  • to perform policing on their

way

24

Three VPN Categories

  • Access VPN:

– remote, dial-in access to a “Point of Presence” in local area

  • Intranet VPN

– site-to-site communication

  • Extranet VPN

– business-to-business – mutual access policies enforced

slide-9
SLIDE 9

9

25

Four VPN Implementation Methods

  • Virtual Leased Lines

– intranet/extranet, L2 forwarding (e.g. AAL5/IP)

  • Virtual Private Dial Networks

– access, L2 (e.g. PPP/L2TP/UDP/IP/PPP/L2)

  • Virtual Private Routed Networks

– intranet/extranet, L3

  • Virtual Private LAN Segments

– intranet, L2

26

Virtual Leased Lines

Corporate Intranet I VLL is designed for companies with developed L2 (ATM) intranets Corporate Intranet III Corporate Intranet III IP Backbone AAL5 IP Link

27

Virtual Dial Network

Corporate Intranet IP Backbone Telephone Network USA Telephone Network Norway

POP/ GW POP/ GW

P P P P P P

L2TP IP Link IP PPP UDP Remote access with full functionality + cost reduction

L2TP Server and Security Server

slide-10
SLIDE 10

10

28

Virtual Private Routed Networks

Corporate Intranet I Emulation of wide-area routed network IP Corporate Intranet III Corporate Intranet III IP Backbone IP IP Link IP IP

  • Most advanced
  • Complex
  • Virtual inter-domain routing

(intra-VPRN reachability info)

  • Overlay/Piggybacked model

29

Virtual Private LAN Segments

Corporate Intranet I Full virtual LAN implementation – complete protocol transparency Corporate Intranet III Corporate Intranet III IP Backbone L2 IP Link Backbone interconnect performs as a L2 bridge

30

VPN Summary

  • “Suboptimal in theory, perfect in practice”
  • Cost-saving technology
  • Security issues
  • VPN QoS issues
  • Full IP standardization needed