1 network composition between ambient networks cornelia kappler, siemens ag itg fachgruppentreffen...
TRANSCRIPT
1
Network Composition between Ambient Networks
Cornelia Kappler, Siemens AG
ITG Fachgruppentreffen in Aachen, 4./5. Mai 2006
2
Outline
Motivation for CompositionComposition ExamplesComposition ProcessGANS ProtocolIdentifiers in Composition Detailed Use CaseStandardizationSummary
3
Motivation: Why Composition? Number and heterogeneity of networks increases Common interface for data communication (IP)
exists
But what about control signalling? Networks have different capabilities/resources
How to extend the capabilities/resources of networks?
Networks are moving
How to attach/detach moving networks? Radio resources are not the bottleneck
But how to exploit them?
4
Motivation: What is Composition
A central concept of Ambient Networks is Composition
Composition is… a uniform, dynamic procedure for network interworking on the control plane
Control Plane Interworking regarding routing, addressing, mobility, QoS, security, charging,..
Uniform procedure independent of network type and technology
Dynamic procedure minimize human intervention
5
Composition Examples
Creation of PAN 1BlueTooth
WLAN
WLAN Access Network in a Café
Cellular Operator Network A
Cellular Operator Network B
Automatic establishment or dynamic update of Roaming Agreements
Att
achi
ng th
e A
cces
s N
etw
ork
to th
e C
ellu
lar
Net
wor
kPA
N 2
WLAN
UM
TS
6
Composition Examples Types of Composition
Network Integration• Involved networks merge into one common network
• E.g. creation of a PAN
Control Delegation• One AN delegates certain control functions to the other AN
• 3GPP-WLAN interworking:WLAN delegates authentication, authorization and charging to 3GPP network
• Mobility delegation a la nemo
Network Interworking• Cooperation but no control delegation
• E.g. dynamic roaming agreements
Incr
easi
ng c
ontr
ol p
lane
inte
rwor
king
7
Network A+B
Composition Procedure
AmbientConnectivity
FE 4FE 3
CompositionFE
FE1
FE4
AmbientAmbientNetworkNetworkInterfaceInterface
AmbientAmbientNetworkNetworkInterfaceInterface
AmbientAmbientServiceServiceInterfaceInterface
AmbientAmbientResourceResourceInterfaceInterface
Ambient Control SpaceAmbient Control Space
MobilityFE
QoS-FE
FE: Functional Entity
AmbientConnectivity
FE 4FE 3
FE5
CompositionFE
FE1
FE6FE2
Ambient Control SpaceAmbient Control Space
AmbientConnectivity
FE 4FE 3
FE5
CompositionFE
FE1
FE6FE2
Ambient Control SpaceAmbient Control Space
8
Security and InternetworkingEstablishment
Composition Procedure
Communication of Functional Entities (FEs) across ANI
ANI
FE A1
AN 2AN 1
GANS
Media sense
Discovery /
Composition
Media Sense
Discovery / Advertisement
Composition Agreement Negotiation
Composition Agreement Realization
FE B1
FE C1
FE A2
AN 2
FE B2
FE C2
9
GANS Signaling
Protocol for communication of FEs across ANI (and intra-AN) To facilitate composition
• E.g. QoS FEs negotiate SLA Is backwards compatible with NSIS protocols
standardized by NSIS (Next Steps In Signaling) WG of IETF NSIS is a general protocol suite control signaling
• Modular and extensible• Signaling flow-related • Signaling to entities on the flow path
GANS generalization Signaling composition related rather than flow-related control signaling between FEs rather than along data path Symbolic addressing of FEs
ANI
FE yFE x
AN 2AN 1
GANS
10GANSNSIS
GANS Signaling Two layer approach:Lower layer for transporting signaling messages and common functionsUpper layer for signaling applications
• Upper layer GSLPs (Application Layer)Actual signaling application, e.g. SLA negotiation
• Lower layer GTLP (Transport Layer) provides common message transport services
– Resolves abstract name (“FEy.AN1”) into host ID/locator (e.g. IP address)
– Locates signaling peer, i.e. FE in other ANEstablishes security association between pairs of signaling FEsEstablishes signaling relation between pairs of signaling FEs
• maintained if a peer FE is relocated/reconfigured
Lower NSIS / GANS Layer
QoS NSIS Application
SLS Negotiation GANS Application
NAT/FW NSIS Application
Other GANS Applications
Abstract Addressing Resolution
11
Identifiers in Composition
ProblemHow identify entities as belonging to a particular
AN• E.g. nodes, FEs,…
How dynamically change this identification upon composition?
Identification includes• Authentication• Establishing a security association• …
12
Solution Each security domain (e.g. ANs α and φ) is identified by a public key
• E.g. α, φ• These identifier / public keys are exchanged in the Discovery/Advertisment phase
The associated private key is located with the security manager of the AN• E.g. Nodes B, F
Each entity owns a self-generated private/public key pair• E.g. A, A*
Each entity belonging to the same AN owns a certificate by the security manager, signed with the private key
• This way entities belonging to this AN can authenticate themselves
Identifiers in Composition
13
– Rearrangement of identifiers upon composition– Example: network integration, φ absorbs α
• Security manager of AN α sends list of all entities belonging to α to security manager φ • E.g. entities A, B, C
• Security manager of AN φ issues membership certificates to A, B, C• Security manager of AN φ installs the membership certificates in each A, B, C
• with an assertion from manager of AN α• Security manager of AN α removes its own membership certificates
from A, B and C
Identifiers in Composition
14
Composition Use Case: Extension of an Access Networks
Café sets up WLAN network to offer Internet Access to its customers has corresponding agreement with Operator Network
Case 1: Customer is authenticated and charged by Operator Network Case 2: Customer is authenticated and charged by Café Network
Café and Operator have SLA guaranteeing access and bandwidth
Internet
OperatorNetwork
WLAN
RADIUS
DHCP
Cafe AN
RADIUS
As 3GPP-WLAN interworkingin 23.234, but plug&play and more flexible
15
Discovery WLAN Access Router has preconfigured access information
• IP address of Operator gateway ->Ambient Network ID
WLAN sends discovery message to Operator gateway
Security and Internetworking Establishment Authentication and Authorisation Establishment of IPSec tunnel for control signaling On basis of pre-established shared secret
Composition Agreement preconfigured. May detail control delegation: Who is responsible for allocating addresses? Who is responsible for authentication and authorization? Who is responsible for charging? QoS (may still adjust this via SLA negotiation)
Composition Realization
Composition Use Case: Extension of an Access Networks
Mapping onto Composition Process
16
Discovery WLAN-internal logic decides to send discovery messages upon
detecting Internet connectivity Protocol for such messages Operator gateway-internal logic allows acting upon reception of
discovery messages
Dynamic automated agreement establishment between Café Network and Operator Network Preconfigured Agreements Protocol for agreement establishment
Dynamic agreement realization WLAN may have to activate DHCP Server, accounting…
Composition Use Case: Extension of an Access Networks
New Functionality needed
17
Composition - Standardization
The Ambient Networks Project established aStudy Item “Network Composition” in 3GPP SA1
TR 22.980 „Network composition feasibility study; (Release 7)”
Content Purpose and benefits of composition Use cases Requirement Composition Process New functionality in 3GPP networks Relation to other functionality in evolving 3GPP architecture
• AIPN,…
18
Summary Composition is a uniform, dynamic procedure for network
interworking in the control plane Feasibility study in 3GPP
Composition process Discovery/ Advertisment Security and Internetworking establishment Composition Agreement negotiation Composition Agreement realization
GANS is the protocol for negotiating and realizing Composition Agreements Based on NSIS work
ANs and their members are identified by a cryptographic key Certificates based on this key identify members Certificates are updated upon composition
Composition is a Study Item in 3GPP SA1
19
Any Questions?FE5
FE4
QoS-FEAmbientConnectivity
FE 4FE 3
FE5
CompositionFE
FE1
FE6FE2
Ambient Control SpaceAmbient Control SpaceFE1
FE2Mobility
FE
AmbientConnectivity
FE 4FE 3
FE5
CompositionFE
FE1
FE6FE2
Ambient Control SpaceAmbient Control Space
Decomposing
Thank you!
20
Backup
21
GANS Signaling – GTLP and DEEP
DEEP (Destination Endpoint Exploring Protocol) Supporting distributed name resolution of abstract name into host ID/locator (e.g. IP
address) Flexible regarding name resolution infrastructure (DNS, more dynamic mechanisms,
…) Not tied to any particular name resolution mechanism/concept
FE x
AN 1DEEP
GANS
GSLP
GTLP
name resolution
FE y
AN 2
GANS
GSLP
GTLP
name resolution
name resolution
name resolution
GANS
22
Composition Agreement - Overview
The agreement made between two ANs during the composition is called the Composition Agreement Can pre-establish and re-use Composition Agreements
• E.g. for reoccurring compositions
A Composition Agreement covers Commercial and Technical issues Details of composing AN‘s relationship
23
Composition Agreement - Information Model
IdentificationIdentification
Composition Agreement
Legal IssuesLegal Issues
Service descriptionService
descriptionFinancial IssuesFinancial Issues
Monitoring &performance
reporting
Monitoring &performance
reporting
QoS related partQoS related part
Other issuesOther issues
Problem reporting&
Troubleshooting
Problem reporting&
Troubleshooting
24
Different Composition Agreements
Depending on compensation involved different forms of Composition Agreements may be required medium or large amount of compensation, e.g. 3GPP networks composition
• preestablished paper Composition Agreements giving legal framework, possible range of cooperation
• During composition procedure determine specific parameters
low or no amount of compensation, e.g. small AN networks, or PANs composing• electronic Composition Agreements
Electronic Composition Agreements may revolutionize network cooperation, in a way credit cards have revolutionized the way we pay!