Mobility Management in IP-Based Wireless Networks

Basic issues in mobility management Mobility management in IP networks Mobility management in 3GPP packet networks

1. Basic Issues in Mobility Management 1.1 Impact of naming and addressing on mobility management 1.2 Location management 1.3 Packet delivery to mobile destinations1.4 Handoffs1.5 Roaming

Types of MobilityTerminal mobilitythe ability for a user terminal to continue to access the network when the terminal moves User mobilitythe ability for a user to continue to access network services, may be from different terminals, under the same user identity when the user movesService mobilitythe ability for a user to access the same services regardless of where the user is

Basic Mobility Management RequirementsSupport all forms of mobilitySupport mobility for all types of applicationsreal-time and non-real-time data, voice, and multimedia applicationsSupport mobility across heterogeneous radio systems in the same or different administrative domainsSupport session (service) continuitycontinue without significant interruptions as the user moves aboutGlobal roamingthe ability for a user to move into and use different operators networks

Basic Functional Components Location managementa process that enables the network to determine a mobiles current locationi.e., the mobiles current network attachment point where the mobile can receive traffic from the networkPacket delivery to mobilesa process whereby a network node, mobile terminal, or end-user application uses location information to deliver packets to a mobile terminal

Handoff and roaminghandoff (or handover)a process in which a mobile terminal changes its network attachment pointexample: a mobile may be handed off from one wireless base station (or access point) to another, or from one router or switch to anotherroamingthe ability for a user to move into and use different operators networks

Network access controla process used by a network provider to determine whether a user is permitted to use a network and/or a specific service provided by the networkmain stepsauthentication: verify the identity of userauthorization: determine whether a user should be permitted to use a network or a network serviceaccounting: collect information on the resources used by a user

1.1 Impact of Naming and Addressing on Mobility ManagementA name identifies a network entity, such as a user, a user terminal, a network node, or a service An address is a special identifier used by the network to determine where traffic should be routedA terminals address typically identifies a network attachment point a telephone number in a PSTN networkidentifies a port on a PSTN switch rather than the telephone set itself an IP terminals IP addressidentifies an attachment point to an IP network

Todays networks, the name of a terminal is often tied with the terminals address, example, an IP terminal has traditionally been named by the Internet Domain Name associated with the terminals IP addressmobile terminals that use multiple network addresses are becoming increasingly popular, example, a mobile terminal may have multiple radio interfaceseach radio interface may use a different type of radio technologyeach radio interface may need to have its own IP address

which domain name should be used as the terminals name in this case?solutionsmake the IP terminal names independent of the terminals addressese.g., IETF has defined Network Access Identifier (NAI) that allows a terminal to be identified by a single globally unique NAI regardless of how many IP addresses this terminal may have

Traditional circuit-switched networks, such as the PSTN, typically do not support user namesthey assume a static mapping between a terminal and the user responsible to pay for the services used by the terminalStatic mapping of users to terminals could lead to a range of problems in a mobile networkmobile users often have to, or like to, use different types of terminals in different locations depending on what types of terminals are available or best fit their needsthis suggests that a mobile users name should not be statically tied to a mobile terminal

Terminal-independent user names have become increasingly common in mobile networks, example,GSMeach subscriber is identified by a globally unique International Mobile Subscriber Identity (IMSI) that is independent of the terminal used by the usera Subscriber Identity Module (SIM) carries a mobiles IMSI and can be ported from one mobile terminal to another to allow a user to use different terminals and still be recognized by the network as the same user

Todays IP Networks, applications provide their own naming schemes for users, examplee-mail users are identified by their e-mail addressesSIP users are identified by their SIP URIsthe NAI may serve as a users globally unique and terminal-independent user name

1.2 Location Management1.2.1 Location update strategies1.2.2 Location discovery (paging)1.2.3 Interactions between location update and paging

1.2.1 Location Update StrategiesWhen a mobile should perform location updates and what location-related information the mobile should send to the network?update the mobiles precise location every time the mobile changes its network attachment points, example, Mobile IPknowing a mobiles precise location allows the network to deliver traffic to the mobile via unicast

when mobiles change their network attachment points frequently, maintaining precise locations of all mobiles could lead to heavy location update traffic, which wastes limited radio bandwidthto save scarce resources on the mobile and in the wireless network, a network can group network attachment points into location areasonly keeps track of which location area each mobile is likely in when the user and the network have no traffic to send to each otherthe network tries to determine a mobiles precise location only when it needs to deliver user traffic to the mobile

Location UpdateTime-based updateupdate periodically at a constant interval (called update interval)Movement-based updateupdate whenever it traverses a predefined number of location areas, called movement thresholdmost existing wireless networks (e.g., GSM, GPRS, 3GPP, 3GPP2) use movement-based location update strategy in which the movement threshold is one

Distance-based updateupdate whenever it has traveled a predefined distance threshold from the location area in which it performed its last location updatedistance may be measured in many different ways, such as physical distance, or cell distance (i.e., distance measured in number of radio cells or location areas)the physical distance-based strategy is used, for example, as an option in 3GPP2

Parameter-based updateupdate whenever the value of any preselected parameter changesthese strategies are sometimes referred to as profile-based strategiesthis strategy is used, for example, as an option in 3GPP2

Implicit updatea mobile does not send any message explicitly for the purpose of location updateinstead, the network derives the mobiles location when the network receives other signaling or user data from the mobile

Probabilistic updateupdate based on a probability distribution functiona probabilistic version of time-based, movement-based, or distance-based location update strategies may be createdexample: a time-based location updatethe new update time interval after each update may be dynamically adjusted based on the probability distribution of call arrival times

Movement-Based vs. Distance-BasedLocation Update Strategies

Assumptionsthe mobile last performed a location update in the center location areathe number on each arrowed line indicates the number of times the mobile has crossed a cell boundarythe movement threshold used by a movement-based update strategy is three cell boundary crossingsthe distance threshold used by the distance-based update strategy is three cells

Movement-based update strategyupdate at the third, sixth, and the ninth times it crosses a cell boundaryDistance-based update strategyonly update once, i.e., at the ninth time it crosses a cell boundary

1.2.2 Location Discovery(Paging)Network performs pagingsend one or multiple paging messages to a paging area where the mobile is likely to be locatedUpon receiving a paging messagea mobile needs to update its precise current location with the network

Issues with PagingPaging should be done within a reasonable time constraintif paging takes too long, the call setup latency could become intolerable to end users and call attempts may be droppedHow to construct paging areas?paging areas do not have to be identical to location areasHow to search a paging area to locate a mobile?

Paging StrategiesBlanket pagingSequential pagingGeographic pagingGroup paging

Blanket PagingBlanket paging is deployed in most of todays wireless networksA paging message is broadcast simultaneously to all radio cells inside the paging area where the mobile is locatedAdvantagessimplicitylow paging latencyDrawbackbroadcasting paging messages to a large number of radio cells could consume a significant amount of scarce resources, including radio bandwidth and power on all the mobiles in the paging area

Blanket Paging

Sequential PagingA large paging area is divided into small paging sub-areas (e.g., radio cells)Procedurepaging messages are first sent to a subset of the paging areas where the network believes the mobile is most likely to be locatedif the mobile is not in this sub-area, subsequent paging messages will be sent to another paging sub-areathe process continues until either the mobile is found or the entire paging area is searched

Sequential Paging

Issueshow to divide a large paging area into smaller paging sub-areaswhich sub-areas should be searched first

Blanket Paging vs. Sequential Pagingsequential group paging may be used if there is a constraint on paging cost

BlanketSequentialpaging costlargesmallpaging delaysmalllarge

Geographic & Group Paging StrategiesGeographic pagingnetwork uses geographical position of a mobile to determine where a paging message should be sentGroup pagingto locate a mobile, the network pages a group of mobiles together instead of paging only the mobile to be located

1.2.3 Interactions between Location Update and PagingDesign of location update and paging strategies should consider a proper balance among the followingoverheadnetwork resources consumed by location updates and pagingperformance, e.g., paging latencycomplexitycomplexities of location update and paging as well as protocols needed to support these strategieshigh complexity results in high network costs and high level of difficulty in operating the network

1.3 Packet Delivery Strategiesto Mobile DestinationsDirect delivery strategya packet originator first obtains the destination mobiles current location (from location servers)then addresses and sends packets directly to that location

Relayed delivery strategya packet is sent first to a mobility anchor pointthe packet is then relayed toward its final destinationthe packet originator does not need to knowthe destination mobiles current locationwhether a destination is a mobile or a fixed node

Limitations of relayed delivery strategymay cause packets to take longer paths than direct delivery strategiesthe mobility anchor points could become traffic and performance bottlenecks

Integrated relayed delivery and direct delivery strategiespackets destined to the destination will be routed first toward a mobility anchor pointmobility anchor point relays these packets to mobiles current locationthe mobility anchor point or the destination then inform the packet originator of the destinations current locationthe packet originator then address the packets directly to the mobiles current location

1.4 HandoffsHandoffs in an IP-based wireless network may occur at different protocol layersHandoffs at each protocol layer may occur in different scopesHandoffs can be hard or soft

Layers of HandoffPhysical layera mobile changes its network attachment point at the physical layerexample: the mobile may change from one radio channel to another, from one wireless base station to anotherLogical link layera mobile changes its logical link layer over which the mobile exchanges user IP packets with the networkIP layerthe mobile changes its IP address or moves to a different IP access router

Scopes of HandoffHandoffs at each protocol layer may occur in different scopesHandoffs at the IP layerintra-subnet handoffa mobile remains on the same IP subnet after it changes its IP address or moves from one base station to another

inter-subnet handoffa mobile moves into a new IP subnet and changes its IP addressinter-router handoffa mobile moves to a new IP access router

Types of Handoff ProcessesHard handoffa mobile can receive user data from only one base station at any timehandoff implementationsmake-before-breakmobile sets up new network attachment before it tears down old network attachmentbreak-before-makemobile tears down old network attachment point and then sets up new network attachment

Soft handoffa mobile receives copies of the same user data from two or more base stations simultaneouslythe mobile uses signal processing techniques to determine the most likely correct value of the data from its multiple copiessoft handoff has been proven to be an effective way for increasing the capacity, reliability, and coverage rangerequires the following capabilitiesdata distribution and selectiondata content synchronization

Data Distribution and SelectionBS Mobileseparate copies of the same data sent via multiple base stations to the same mobilethe mobile should construct a single copy and only pass the copy to upper layer protocols or applicationsMobile BSmultiple copies of the same user data originated from a mobile sent to network via different base stationsthe edge devices connecting the radio access networks to the core network should select one copy of the data to send to the destination

Data Content SynchronizationMobiles radio system should combine copies of the same data arriving from multiple base stations

Selection and Distribution Unit (SDU)Responsible for data distribution from network to mobileMay be located on a base station or a MSCCreate and distribute multiple streams of the same data over layer-2 circuits to multiple base stations that relay the data to the mobile

1.5 RoamingHome domainthe domain where the mobile maintains a service subscription accountuses users accounts and service profiles to determine how to provide services to a mobilehow to charge the services used by the mobile

users account subscribers identitybilling addressservice profilesecurity information (for authentication)users service profile the network services subscribed by the userthe networks the user is allowed to use

Visited domainwhen a user moves into a domain with which it does not have an account

Extra Capabilities Needed to Support RoamingNetwork access control for visiting mobilesRoaming agreement between mobiles home domain and visited domainsSession continuity while a user crosses domain boundaries

Network Access Control for Visiting MobilesDecision on allowing a user to use a visited domain is based onwho this user iswhether the user or its home domain agrees to pay for its use of the visited domainwhere to send the bill of this user

Roaming Agreement between Mobiles Home Domain and Visited DomainsA roaming agreement should decide how a visiting mobile should be authenticated, authorized, and billedThe visited domain may ask the users home domain to authenticate the userconfirm how to charge for the users use of the visited domain

The home domain may send information regarding the users service profile to the visited domain to help the visited domain to determine how to provide services to the user, for example, the users QoS requirements

Roaming BrokerProblemusers may roam outside the countries into different network providers in other countriesit is difficult for a network provider to establish a roaming agreement with every other network providerOne alternative solution is to use a Roaming Broker

Roaming brokereach network provider only needs to establish a roaming agreement with the roaming brokerwhen a user roams into a new visited networkthis visited network will ask the roaming broker to authenticate and authorize the userthe roaming broker relay the authentication and authorization requests from the mobiles home network providerrelay the responses to the mobiles current visited network

2. Mobility Management in IP Networks2.1 Naming and addressing of IP terminals2.2 Mobile IPv42.3 MIPv4 regional registration2.4 Paging extensions to Mobile IPv42.5 Mobile IPv62.6 SIP-based mobility management2.7 Cellular IP2.8 HAWAII

Mobile IPv4 (or MIPv4)standard protocol defined by IETF for mobility management in IPv4 networksenables an IP terminal to maintain a permanent IP address and receive packets addressed to this permanent address regardless of the mobiles current attachment point to the InternetMobile IPv6 (MIPv6)the IETF is leveraging MIPv4 to define an IP-layer mobility management protocol for IPv6 networks

Micromobility management protocolsIP-layer mobility protocols that provide enhanced mobility support (e.g., reduced handoff delay) within a limited geographical regionE.g., a building, campus, or a metropolitan area networkExamples of micromobility management protocolsMIPv4 Regional RegistrationCellular IPHAWAII

SIP-based mobility managementthe most widely accepted application-layer mobility protocol as the session management protocol for wireline and wireless IP networks

2.1 Naming and Addressing ofIP TerminalsIssueswith regular IP routing protocols, when a terminal moves to a new IP network or IP subnet (visited or foreign network)the terminal have to use an new IP address of the new IP network in order to receive packets from the visited networkif the mobile terminal uses its IP address as its identifier, the identifier will change as the mobile moves from one IP network to another

a mobile may have multiple radio interfaces, each with a different IP addressa mobiles radio interfaces may not all be reachable by the network at any given timedepending on which radio systems are available at the mobiles current location or which radio system the mobile user wishes to use if multiple radio systems are availablethis makes it difficult to determine which IP address configured on the mobile should be used as the mobiles identifier

ResolutionNetwork Access Identifier (NAI)IETF defined NAI that can identify a mobile terminal (or user) regardless of either the terminals current location or how many IP addresses the terminal may have

NAI formusername@realmusernameidentifies the terminalrealmidentifies the Internet domain name of a Network Access Server (NAS)

Note: Network Access Server (NAS)A single point of access to a remote resourceAct as a gateway to guard access to a protected resourcethis can be anything from a telephone network, to printers, to the InternetOperationsthe client connects to the NASthe NAS then connects to another resource asking whether the client's supplied credentials are validbased on that answer the NAS then allows or disallows access to the protected resource

NAS contains no information about what clients can connect or what credentials are validall the NAS does is send the credentials the client supplied to a resource which does know how to process the credentialsAssociated protocolsalthough not required, NAS are almost exclusively used with AAA serversRADIUS tends to be the most widely usedDIAMETER base protocol extends RADIUS services by providing error handling and inter-domain communicationsthis protocol is used in networks like IP Multimedia Subsystem (IMS)

2.2 Mobile IPv4Mobility issues in IP Networksonce a mobile terminal moves to a new subnet, a correspondent node needs to use the mobiles new IP addressit is difficult to force every possible correspondent node to keep track when a mobile terminal may change its IP address and what the mobiles new address will bechanging IP address will cause on-going TCP sessions to break

Mobility management shouldensure on-going TCP connection does not breakrestore quickly if TCP connection breaks

Home NetworkHome addressa globally unique and routable IP addresspreconfigured or dynamically assignedHome networkthe network whose network address prefix matches that of the mobile terminals home addressHome agent (HA)maintain up-to-date location information for the mobileintercept packets addressed to the mobiles home addresstunnel packets to the mobiles current location

Note: Network PrefixClass A Network (/8 Prefixes)Class B Networks (/16 Prefixes)Class C Networks (/24 Prefixes)

*IP addresses are divided into three different classeseach of the following figure defines different-sized network and host partsthere are also class D addresses specify a multicast group, and class E addresses that are currently unused in all cases, the address is 32 bits long

*IP addresses: (a) class A; (b) class B; (c) class C

*the class of an IP address is identified in the most significant few bitsif the first bit is 0, it is a class A addressif the first bit is 1 and the second is 0, it is a class Bif the first two bits are 1 and the third is 0, it is a class C addressof the approximately 4 billion (= 232) possible IP addressesone-half are class Aone-quarter are class Bone-eighth are class C

*Class A addresses7 bits for the network part and 24 bits for the host part126 (= 27-2) class A networks (0 and 127 are reserved)each network can accommodate up to 224-2 (about 16 million) hosts (again, two are reserved values)Class B addresses14 bits for the network part and 16 bits for the host part65,534 (= 216-2) hosts

*Class C addresses21 bits for the network part and 8 bits for the host part2,097,152 (= 22l) class C networks254 hosts (host identifier 255 is reserved for broadcast, and 0 is not a valid host number)

*IP addresses are written as four decimal integers separated by dotseach integer represents the decimal value contained in 1 byte (= 0~255) of the address, starting at the most significantExample, 171.69.210.245 Internet domain names (DNS)also hierarchicaldomain names tend to be ASCII strings separated by dots, e.g., cs.nccu.edu.tw

Foreign NetworkCare-of Address (CoA)assigned to the mobile by the foreign networka mobile uses its CoA to receive IP packets in the foreign network

Foreign agent (FA)provides CoAs and other necessary configuration information (e.g., address of default IP router) to visiting mobilesde-tunnels packets from the tunnel sent from a visiting mobiles HA and then delivers the packets to the visiting mobileacts as the IP default router for packets sent by visiting mobile terminalshelps visiting mobiles to determine whether they have moved into a different network

Two Types of CoAs in MIPv4Foreign Agent CoAan IP address of a FAeach FA is responsible for providing FA CoAs to visiting mobileswhen FA CoA is used, the mobiles HA tunnels the packets to the mobiles current FA that addressed to the mobiles home addressthe FA will then de-tunnel the packets and deliver them to the mobile

Co-located CoAa CoA acquired by a mobile terminal through any method external to Mobile IPexample, a mobile may use the Dynamic Host Configuration Protocol (DHCP) to obtain a temporary address dynamicallythe mobile terminals HA tunnels the packets addressed to the mobiles home address directly to the mobile itself; these packets do not have to go through any FA

Main Phases of MIPv4 OperationAgent discoveryMovement detectionLeaving the home networkEntering and staying in a visited networkReturning to the home network

2.2.1 Agent discovery2.2.2 Movement detection2.2.3 Leaving the home network2.2.4 Entering and staying in a visited network2.2.5 Returning to the home network2.2.6 Mobile-home authentication extension2.2.7 Vendor/organization specific extensions to Mobile IP messages2.2.8 Reverse tunneling2.2.9 Limitations of MIPv42.2.10 MIPv4 route optimization

2.2.1 Agent DiscoveryGoalfor a mobile terminal to discover mobility agents (home agent and foreign agent)Approachmobility agents advertise services and system information to mobiles via Agent Advertisement messagesa mobile may solicit an Agent Advertisement message from any mobility agents by sending an Agent Solicitation message to the Mobile-Agents Multicast Group address 224.0.0.11all mobility agents should respond to any received Agent Solicitation message

Agent discovery using Internet Control Message Protocol (ICMP) Router Discovery MessagesICMP Router Advertisement Messagesent by router to terminals to inform its IP addressICMP Router Solicitation Messagesent by a terminal to ask router to send ICMP Router Advertisement Messages

Agent Advertisement MessageICMP Router Advertisement message with extensions to carry MIPv4 specific informationMobility Agent Advertisement Extension indicate this is a MIPv4 Agent Advertisement messagecarry information specific to MIPv4 mobility agentPrefix-Lengths Extension (optional) indicate the network prefix length (in bits) of each advertised Router Addressmobile may use this prefix lengths to determine whether it has moved into a new IP network

Structure of Mobile IP AgentAdvertisement Message

MIPv4 Mobility Agent AdvertisementExtension to ICMP Router Advertisement Message

Fields and FlagsType16, indicates a Mobility Agent Advertisement ExtensionLengthlength in octets of the extension from the beginning of Sequence Number field to the endSequence Numbernumber of Agent Advertisement messages sent since the agent was initiatedRegistration Lifetimelongest lifetime in seconds the agent is willing to accept any Registration Request

R (Registration required)set, if Mobile IP registration through this FA is requiredB (Busy)set, if this FA will not accept registrations from additional mobile terminalsH (Home agent)set, if this agent offers service as a HAF (Foreign agent)set, if this agent offers service as a FA

M (Minimal encapsulation - RFC 2004)set, if this agent can accept tunneled messages that use Minimal EncapsulationG (GRE encapsulation - RFC 3095)set, if this agent accepts tunneled packets that use Generic Routing Encapsulation (GRE)r (Reserved)this field is not usedmust be set to zero and ignored on reception

T (Reverse tunneling)set, if this FA supports reverse tunnelingReservednot currently used and shall be ignored by the mobilesForeign Agent Care-of Addressesaddresses, if any, provided by this FA

MIPv4 Prefix-Length Extensionto ICMP Router Advertisement message

FieldsType19, indicates a Prefix-Length ExtensionLengththe value of the Num Addrs field in the ICMP Router Advertisement portion of the Agent Advertisementindicating the number of Router Addresses advertised in this messagePrefix Lengthsthe number of leading bits that define the network prefix of the corresponding Router Addressencoded as a separate byte, in the order that the Router Addresses are listed in the ICMP Router Advertisement portion

Agent Solicitation MessageThe format is identical to ICMP Router Solicitation message, exceptits IP Time-to-Live (TTL) must be set to 1, means that Agent Solicitation message will not propagate beyond local IP subnet

2.2.2 Movement DetectionFor a mobile to detect whether it enters a new IP subnet (changes its care-of address)Approach 1use the Lifetime field in Agent Advertisement messagesLifetime indicates the length of time that this Advertisement is valid

Algorithmif the mobile does not receive any new Agent Advertisement from the same mobility agent within the remaining Lifetimeit will assume that it has lost contact with that mobility agentif, by this time, the mobile has already received Agent Advertisement from other mobility agentsit may use one of these mobility agentsotherwise, the mobile should start searching for a new mobility agent by issuing Agent Solicitation messages

Approach 2a mobile may compare the network prefix of old network with that of new IP subnetif the two network prefixes differ then it means the mobile has just entered a new IP subnet

2.2.3 Leaving the Home NetworkAs a mobile leaves its home networkthe HA captures the packets addressed to the mobiles home addressARP (Address Resolution Protocol)used to determine the hardware address associated with a target IP addresshardware address identify a node at the link layerused by link layer protocol to forward link-layer frames or packetsexMedium Access Control (MAC) address

ARP protocolwhen a node wants to send an IP packet to a target node and does not know its hardware addressit broadcasts an ARP REQUEST message (include sender IP address, target IP address, sender hardware address) to ask all the nodes on the local IP network for the target nodes hardware address that matches target IP address

the node that matches the target IP address will reply with ARP REPLY message including its IP address and hardware addressonce a node learns the mapping from an IP address to a hardware address, the node caches the mapping in its ARP cache for later use

Issues & ResolutionsIssue-1after a mobile leaves its home network, other nodes on the home network may still have cached the mapping of the mobiles IP address to its hardware addressthose nodes will continue to send packets to the mobiles hardware address rather than to the HA, and thus these packets will be lost

Resolution-1 (Gratuitous ARP)a Gratuitous ARP packet, can be an ARP REQUEST packet, is sent by a node to trigger other nodes to update their ARP cachesbefore a mobile leaves its home networkit broadcasts a Gratuitous ARP packet to all other nodes (including mobility agents) on the local IP subnet

those nodes that receives such a Gratuitous ARP packet will update its ARP cache to map the sending mobiles home address to the HAs hardware addressthese nodes will forward future packets addressed to the mobiles home address to the mobiles HA

Issue-2if a node on a mobiles home network does not have the mobiles hardware address in its ARP cachewhen it wants to send a packet to the mobile, this node will use ARP to find the mobiles hardware addresshowever, when the mobile is away from the home network, the mobile will not be able to reply to the ARP REQUESTs sent by nodes on the home network

Resolution-2 (Proxy ARP)a Proxy ARP packet is an ARP REPLY message sent by one node on behalf of another node in response to an ARP REQUESTwhen the HA receives an ARP REQUEST asking for hardware address of the mobile that is away from the home network, the HA will reply to this ARP REQUEST on behalf of the mobile

the HA will set the Sender Protocol Address (IP address) and the Sender Hardware Address of this ARP REPLY message to the HAs own IP and hardware addresses, respectivelythose nodes that receive the ARP REPLY message will forward packets addressed to the mobiles home address to the HA

2.2.4 Entering and Staying in a Visited NetworkUpon entering a visited networka mobile must acquire a temporary CoA from the visited network to receive packets from the visited networkthe mobile will then register its new CoA with its HAthis registration serves as a location update and will cause the HA to tunnel packets addressed to the mobiles home address to this new CoA

Two messages for registrationRegistration RequestRegistration ReplyRegistration Request and Registration Reply messages are transported over UDP to a port number 434

Registration request & replya mobile sends a Registration Request message to its HA to register its current CoAupon receiving a Registration Request message, the HA authenticates the mobileif the authentication is positive, the HA will use this CoA to update the mobiles CoAthe HA will then return a Registration Reply message to the mobile

A mobile may register its current CoAwith its HA directlysend Registration Request messages directly to the HA without having to go through a FAthrough a FAsend Registration Request messages first to a FA and then forward them to the mobiles HA

Mutual authenticationHA authenticates all Registration Requests it receivesmobile authenticates all Registration Reply messages it receives

protections against a range of security attacksredirection attackprotect against malicious users from sending Registration Requests to a HA to cause packets to another redirected mobile userdenial of service (DOS)protect a malicious user from pretending to be a HA to conduct denial of service attacks by rejecting its Registration Requests

MIPv4 Registration Request Message Format

Fields and FlagsType1, indicate whether this is a MIPv4 Registration RequestS (Simultaneous bindings)set, if a mobile requests its HA to maintain multiple care-of addresses for the mobile at the same timewhen the HA intercepts a packet addressed to the mobiles home address, it will tunnel a copy of the packet to each currently registered care-of address

B (Broadcast datagrams)set, if the mobile requests that the HA tunnel to it any broadcast datagrams that it receives on the home networkD (Decapsulation by mobile terminal)set, if the mobile will itself decapsulate datagrams that are sent to the co-located care-of address

M (Minimal encapsulation)set, if the mobile requests that its HA use Minimal Encapsulation for datagrams tunneled to the mobileG (GRE encapsulation)set, if the mobile requests that its HA use GRE encapsulation for datagrams tunneled to the mobile noderset to zero and ignored on receptionnot used for any other purpose

Treverse tunneling requestedxset to zero and ignored on receptionnot used for any other purposeLifetimenumber of seconds remained before registration is expireda zero lifetime indicates a request for deregistration

Home Addressif a mobile has a preconfigured home addressit may put its home address in the Home Address field

if the mobile does not have a preconfigured home addressthe mobile sets the Home Address field to 0.0.0.0the mobile should specify its NAI (Network Access Identifier) in the Registration Request message

Home Agentif the mobile knows the address of its HAthe Home Agent field contains the IP address of the mobiles HAif the mobile does not know the address of its HAuse Dynamic Home Agent Address Resolution to discover the HAs address

Care-of Addressthe mobiles CoAIdentificationa 64-bit numberused for protecting against replay attacks of registration messages by matching Registration Requests (mobile) with Registration Replies (HA)

Extensionone or more extension fieldsused to support future enhancementMobile-Home Authentication Extensiona mandatory extension in every Registration Request messageused by HA to authenticate Registration Request

MIPv4 Registration Reply Message Format

FieldsType3, indicate whether this is a MIPv4 Registration Reply messageCodeindicate the result of the corresponding Registration Request

Lifetimefor successful registrationcontain the number of seconds remained before registration is expiredfor failed registrationshould be ignored0indicate that the mobile has been deregistered

Home Addressthe mobiles home addressHome Agentthe IP address of the mobiles HAIdentificationa 64-bit numberused for protecting against replay attacks of registration messages by matching Registration Requests (mobile) with Registration Replies (HA)

ExtensionMobile-Home Authentication Extensiona mandatory extensions field to be carried in every Registration Reply messageused by a mobile to authenticate the Registration Reply message

2.2.5 Returning to the Home NetworkWhen a mobile returns to its home networkpackets addressed to its home address will now be forwarded to itself directly, rather than to its HATwo steps to takethose nodes on the home network, which cache IP-to-hardware address binding, will start to send packets directly to the mobile rather than to the HAthe mobile should inform its HA to remove the obsolete states for the mobile

2.2.6 Mobile-Home Authentication ExtensionUsed to authenticate Registration Request and Registration Reply messages

Mobile-Home AuthenticationExtensions to Mobile IP Messages

FieldsType32, indicate a Mobile-Home Authentication ExtensionLengthlength in octets of the extension from the beginning of the SPI field to the endSecurity Parameter Index (SPI)a four-octet identifier used to identify a security context between a mobile and its HASPI identifies the authentication algorithm and the secret used by the mobile and its HA to compute the Authenticator

Authenticatora number calculated by applying an authentication algorithm on the message that needs to be protectedprotect the following fields of a Registration Request or a Registration Reply messagethe data of the Registration Request or the Registration Replyall other Extensions to the Registration Request or the Registration Reply message prior to the Mobile-Home Authentication Extensionthe Type, Length, and SPI fields of this Mobile-Home Authentication Extension

Fields Protected by MIPMobile-Home Authentication Extension

2.2.7 Vendor/Organization Specific Extensions to Mobile IP MessagesAllow network equipment vendors and other organizations (e.g., network operators) to add their specific information to the Mobile IP signaling messages (i.e., Registration Request, Registration Reply, Agent Advertisement messages)implement creative mobility control capabilities in addition to the basic mobility control capabilities

Two Vendor/Organization Specific Extensions have been defined in IETF RFC 3115Critical Vendor/Organization Specific Extensions (CVSE) Normal Vendor/Organization Specific Extensions (NVSE)

Critical Vendor/Organization Specific Extensions (CVSE)

CVSE FieldsType37, the CVSE-TYPE-NUMBERReservedreserved for future useset to 0 by the sender and must be ignored on receptionLengthlength in bytes of this extension, not including the Type and Length bytes

Vendor/Org-IDthe identifier of the vendor or organization that is using this extensionVendor-CVSE-Typethe particular type of this CVSEa vendor may assign and use different types of CVSEs

Vendor-CVSE-Valuevendor/organization-specific datait may contain zero or more octets

Normal Vendor/Organization Specific Extensions (NVSE)

NVSE FieldsType133, the NVSE-TYPE-NUMBERLengthlength in bytes of this extension, not including the Type and Length bytesReservedreserved for future useset to 0 by the sender and must be ignored on reception

Vendor/Org-IDthe identifier of the vendor or organization that is using this extensionVendor-NVSE-Typethe particular type of this NVSEa vendor may assign and use different types of NVSEs

Vendor-NVSE-Valuevendor/organization-specific datait may contain zero or more octets

2.2.8 Reverse TunnelingReverse tunnelingtunnel a mobiles outgoing packets from the mobiles CoA back to the mobiles HAthe HA will then decapsulate the packets and route the original packets to their final destinations

IETF RFC 3024specifies how reverse tunneling works when a mobile uses Foreign Agent CoAa mobile arrives at a visited networklisten for Agent Advertisement messagesselect a FA that supports reverse tunnels

a FA informs visiting mobiles that it supports reverse tunneling by setting the T flag in the Agent Advertisement messages it sends to the mobilesthe mobile requests the reverse tunneling service when it registers through the selected FAby setting the T flag in the MIPv4 Registration Request

Two ways for a visiting mobile to deliver packets to FAdirect delivery stylethe mobile designate the FA as its default routersend packets directly to the FA without encapsulation

the FAintercept these packetstunnel them over the reverse tunnel to the mobiles HA

encapsulate delivery stylethe mobileencapsulate all its outgoing packetssend the encapsulated packets to the FAthe FAdecapsulate these packetstunnel them over the reverse tunnel to the mobiles HA

Mobile IPv4 Reverse Tunneling

2.2.9 Limitations of MIPv4[Limitation-1] Triangular routingpackets addressed to a mobiles home address routed to the mobiles HA first forwarded to the mobiles current care-of addresscould introduce long end-to-end packet delays and lead to inefficient use of network resourcesolutionroute optimization

[Limitation-2] HA may become a traffic and performance bottleneckall user traffic destined to a mobile outside its home network have to go through the mobiles HAthis makes a HA a potential traffic and performance bottleneck as the number of mobiles and/or the traffic volume grow

[Limitation-3] Potential long handoff delaywhen a mobile changes its CoA (e.g., handoffs to another IP subnet), it has to register its new CoA with its HAif the foreign network is far away from the mobiles home networkcould introduce a long delay registration process may be unacceptable to on-going real-time sessions of voice or multimedia applicationssolutionmicromobility management protocols

[Limitation-4] Potential insufficient deregistration capabilityafter a mobile is registered through a FA, the mobile may move into a new networkin basic MIPv4, the mobile does not explicitly deregister with the FA in the old networkthis registration expires only when its lifetime expiresits difficult for a visited network to determine when a mobile left the network

[Limitation-5] Insufficient capabilities to support other mobility management requirementsexample, current MIPv4 does not support dormant mobilesa dormant mobile exchanges limited information infrequently with network in order to save scarce resources (e.g., power)network may not know the precise location of this dormant mobile

network needs to perform paging to determine the mobiles precise location when it has packets to sendsolutionto support dormant mobile terminals, IP paging protocols are required

2.2.10 MIPv4 Route OptimizationA correspondent node knows a mobiles current CoA tunnel packets to the destination mobiles CoA directlyA correspondent host may maintain a Binding Cache that maps the mobiles home addresses to their CoAsWhen a packet is to be sent, the correspondent host will first search its Binding Cache for the mobiles CoAif the search is found, the correspondent host will tunnel the packets to the mobiles CoA directlyotherwise, it will send the packet to the mobiles home address as in the basic MIPv4

MIPv4 Route Optimization

2.3 MIPv4 Regional RegistrationProblema mobile has to register with its HA every time it changes its CoAthis could introduce long handoff delay when the visited network is far away from the mobiles home network

MIPv4 Regional Registration extend the basic MIPv4 protocol to allow a mobile to register its new CoA locally with its visited network domainnetwork domaina collection of networks sharing a common network administration

MIPv4 Regional Registration

Each network domain consists of a two-level hierarchy of FAstop levelGateway Foreign Agents (GFAs)each domain will have at least one GFAGFAs are the FAs that directly interact with visiting mobiles HAs outside the domaina GFA must have a publicly routable IP addresslower levelany number of FAs

A mobile inside a visited domain will have two CoAsGFA address: the mobile will register the address of a GFA in the visited domain as its CoA with its HAlocal CoA: a local CoA is an address used by the mobile to receive packets over a network inside the visited domainMIPv4 Agent Advertisement message is extended to include a flag I to indicate whether the domain supports MIPv4 Regional Registration

The mobile can learn the GFA address in one of the following waysfrom Agent Advertisement messagesthese messages are extended to carry GFA addressdynamically assigned by visited networkthe mobile sets the CoA field in its Registration Request to zero to require the visited network to dynamically assign it with a GFA address

FA will add the following extensions to the received Registration Request message and then relay this message with the added extensions to the GFAa GFA IP Address Extensioncontain the address of the assigned GFAa Hierarchical Foreign Agent Extensioncontain the address of the FA

MIPv4 Regional Registration introduces two new messagesRegional Registration Requestmobile FA GFA initiate regional registrationRegional Registration ReplyGFA mobilerespond to a Regional Registration Request

2.4 Paging Extensions to Mobile IPv4Mobile IP can be extended to support pagingP-MIP (Paging in Mobile IP) is one set of paging extensions to Mobile IPv4

P-MIPmobilea mobile can be in active or idle stateactive statemobile operates in the same manner as in standard Mobile IP without P-MIPidle statemobile may not perform MIP registration

a mobile uses an Active Timer to determine whether it should be in active or idle stateit stays in active state for an Active Timer period and changes into idle state when its Active Timer expireseach time a mobile sends or receives a packet, it restarts its Active Timeran idle mobile transitions into active state whenever it receives or sends any packet

Registered FAthe FA through which a mobile performed its last Mobile IP registrationuse an Active Timer to determine whether the mobile is active or idleeach time this FA sends a packet to or receives a packet from the mobile, it restarts the Active Timer for the mobile

P-MIP requirementan FA is required on each IP subnet mobiles can only use FA CoAs and have to perform Mobile IP registration through FAsPaging AreasFAs are grouped into Paging Areaseach Paging Areas is identified by a unique Paging Area Identifier (PAI)

Requirement of MIP registrationNoif an idle mobile moves from one IP subnet to another inside the same paging areaYesif an idle mobile moves into a new paging area

Paging Extensions to Mobile IPv4

P-MIP procedure (deliver packets to idle mobiles)sendingpackets mobiles HA mobiles CoA (the mobiles Registered FA) Registered FA checks if the mobile is active or idle mobiles home address

if the mobile is activemobile's Registered FA will forward the packets over its own local network directly to the mobileif the mobile is idlemobile's Registered FA willbroadcast a Paging Request over its own local network, andunicast a Paging Request to every FA in the same Paging Area

notethere is no requirement of MIP registration if an idle mobile moves from one IP subnet to another inside the same paging areawhen an idle mobile receives a Paging Request, it will transit into active mode

Limitations on Active Timerssetting of Active Timervalue of Active Timer depends on the application traffic example, value of Active Timer of sending and receiving a stream of packets should be longer than that of inter-packet arrival, so that no extra paging will be needed before the last packet of the packet stream is received by the mobile

different applications generate different types of traffic with widely varying inter-packet arrival timesmobiles should dynamically adjust the value of Active Timer by sending signaling messages to inform its Registered FA of the new Active Timer value

consistency of Active Timersthe value of the Active Timer maintained on the mobile should be about the same as that used by the mobiles Registered FAthis requires an FA to know the value of the Active Timer for each mobilepreconfigure such Active Timer values on all FAs for every mobile does not seem to be a scalable approach

2.5 Mobile IPv6Mobile IPv6use the same concepts of home networks and home addresses as in MIPv4ensure that a mobile can receive packets addressed to its home address regardless of where it ismake a mobiles movement transparent to upper layer protocols and applications

Basic conceptmobilehas a home network and a home addressmobiles home addressdoes not need to change regardless of where the mobile iscorrespondent nodecan always address packets to a mobiles home address

when a mobile moves into a foreign networkit acquires a IPv6 CoA to receive packets from foreign network by registering its current CoA with its HAbindingassociation between a mobiles home address and its CoA

MIPv6 Address Binding with Home Agent

Address bindingas a mobile changes its CoAmobile sends a Binding Update (BU) message to its HA to register its current CoAHA returns a Binding Acknowledgment (BA) message to inform the mobile of the status of the Binding Update

AuthenticationHA authenticates every BU message it receivesmobile authenticates every BA it receivesauthentication of BU and BA messages is achieved using IPsec

IP Security (IPsec)IETF develops IP Security (IPsec) to secure IP packet transmissionsIPsec provides data origin authentication, replay protection, data integrity, data confidentiality, and access controlIPsec is a suite of protocols for protecting IP datagrams and higher-layer protocols

it consists of security protocols, authentication and encryption algorithms, security associations, and key managementIPsec is optional for IPv4 but mandatory in IPv6

Security protocolsAuthentication Header (AH)support data integrity and authentication of packetsEncapsulating Security Payload (ESP)mainly provide confidentiality services, including confidentiality of message content and limited traffic flow confidentiality

Family of IPsec Protocols

Note: SecurityDifferent facets of network securityauthenticationan ability for communicating parties, including network operators and users, to validate each others authentic identityauthorizationthe ability for a party (e.g., a network provider) to determine whether a user should be allowed to access particular networks, network services, or informationalso referred to as access controlintegrityprotection of information from unauthorized change

confidentiality or privacykeep the information private such that only authorized users can understand itconfidentiality is also referred to as privacyconfidentiality is often achieved by encryptionavailabilitythe network operators should prevent outside malicious users from blocking legitimate access to a network or a network servicedenial-of-service, for example, will deter legitimate users from accessing the network information and resources

nonrepudiationthe ability for a network to supply undeniable evidence to prove the message transmission and network access performed by a user

Security attacks (active attack)denial-of-service (DoS)prevent a service from being provided to one or more users or to cause significant disruptions to the servicesexample, an attacker may initiate a large number of connections to a target destination continuously to overload the target to make it impossible or difficult for the target to provide any servicelegitimate users, therefore, are deterred from network access

masqueradean attacker first acquires the identity of a legitimate userit then pretends to be an authorized user to access the network information and resourcesman-in-the-middlean attacker positions forces between communicating parties to intercept and manipulate the messages transmitted between the communicating partiesexample, the attacker may delay, modify, or counterfeit the messages

the attacker may also divert the messages to other locations before relaying them between the legitimate communicating partiesbefore such attacks are detected, the legitimate communicating parties believe that they are still sending messages to each other directlyreplayan attacker intercepts and records the legitimate transmissionthe attacker then replays (i.e., resends) the messages later on

using replay attacks, an attacker could pretend to be an authorized user to access a network or information even when the captured transmission was encrypted and even when the attacker does not know the security key needed to decrypt the captured transmissionexample, an attacker could replay a banking transaction to duplicate the previous transaction

MIPv6 does not use FAsin IPv6 network, mobiles use only co-located CoAs, and no need of FA CoAsmobiles can use IPv6 Neighbor Discovery to detect movementMIPv6 supports two modes of operationbi-directional tunneling moderoute optimization mode

MIPv6 Bi-directional Tunneling ModeSimilar to how MIPv4 works when using a co-located CoAIt treats a mobile destination in exactly the same way it treats a fixed destinationCorrespondent host sends packets to mobileit always uses the mobiles home address as the destination address

packets will be routed via regular IPv6 routing to mobiles home networkif the mobile is inside its home networkpackets will be delivered to mobile via regular IPv6 routing protocols without MIPv6if the mobile is outside its home networkHA intercepts the packets tunnel packets to mobile

Mobile sends packets to correspondent host while a mobile is away from its home networkpackets are tunneled to mobiles HA firstHA then uses regular IPv6 routing to route these packets toward their final destinations

MIPv6 Route Optimization ModeOperationa mobile will register its binding not only with its HA but also with its correspondent hostspackets from a correspondent host can be routed directly to the CoA of the destination mobile

Before a correspondent host has the binding for a mobileit will address packets to mobiles home addressinitial packets are tunneled by HA to the mobilemobile can then send binding to correspondent host for it to sent future packets directly to mobile

To support route optimizationMIPv6 requires each IPv6 host and MIPv6 HA to use a binding cache to maintain binding information when an IPv6 terminal wishes to send packets to another IPv6 terminal, it first checks its binding cache to see if it has a binding for the destinationif it does, packets are addressed to the destinations CoA directlyif it does not, packets are addressed to the destinations home address

2.5.1 Movement DetectionThe basic approach used by an IPv6 mobile for movement detection is IPv6 Neighbor DiscoveryIPv6 Neighbor Discoveryenables an IPv6 terminal to discover new IPv6 routers and determine if a router is reachable (i.e., terminal and router can receive packets from each other)an IPv6 router broadcasts Router Advertisement messages to mobiles on that local network

these advertisement messagescarry the IPv6 addresses of the router and network prefixes that can be used by mobiles to configure their CoAhelp a mobile to discover new IPv6 routersalso help a mobile to detect whether an IPv6 router is still reachable, i.e. whether it has moved out of a network or moved into a new network

A mobile can probe the network to see if there are reachable routers by broadcasting Neighbor Solicitation messagesupon receiving such message, a router will send Router Advertisement messages to the mobile

A mobile may use other means to help movement detectionexample, a handoff at the lower layer (e.g., change of radio channels, radio cells, or radio interfaces on the mobile) can be used as an indication that the mobile may have moved into a new IP network

A mobile can acquire an IPv6 CoA by usingauto-configurationcombine a network prefix received in the Router Advertisement messages with the mobiles own hardware addressDHCPv6

2.5.2 Sending Packets Directly to Mobiles Care-of AddressWhen a correspondent host has a binding for a mobilethe host can address packets directly to the mobiles CoAIn IPv6, a routing header is used by a source node to list one or more nodes that should process the packet (or the nodes to be visited by the packet), in addition to the node identified by the destination address in the packet header

A routing header is inserted between the IPv6 header and the header of upper layer protocol (e.g., UDP or TCP)

IPv6 Packet

Next Header (8 bits)

(10)0Hop By Hop Option Header6TCP17UDP41Capsule IPv6 Header43Routing Header44Fragment Header46Resource Reservation Protocol50Security Payload Capsule Header (RFC2406)51Authentication Header (RFC2402)58ICMPv659No Next Header60Destination Option Header

IPv6

When a correspondent host sends a packet directly to a mobileit uses the mobiles CoA as the destination address in the IPv6 header of the packetthe mobiles home address will be carried in a routing header defined by MIPv6When the packet arrives at the destination mobiles CoAit will process the routing header and know where is the mobiles home addressCoAHome addressIPv6 headerRouting header

it replaces the IPv6 destination address in the IPv6 header with the mobiles home addressdecrements the Segments Left field in the routing header by one0, indicating that the mobiles home address is the final destinationIPv6 headerHome address

MIPv6 Routing Header Format

FieldsNext Header8-bit codeidentifies the type of header immediately following the routing headerHeader Extension Length8-bit unsigned integerindicates the length of the routing header in eight-octect units, not including the first eight octetsRouting Typetype of the routing header

Segments left8-bit unsigned integerindicates the number of nodes listed in this routing header that are still to be visited1, this MIPv6 routing header will carry only a single home address

Reserved32-bit fieldreserved for future useHome Addresshome address of the destination mobile

2.5.3 Sending Packets while Away from HomeWhen a mobile is away from its home network and wants to send a packet to a correspondent host or the mobiles HAthe mobile may use its current CoA as the source address in the packet header and pass to the access routers in a visited network without using reverse tunneling

MIPv6 uses IPv6 Destination Options Header

Header carries optional information to be examined only by destination nodeHeader is placed between IPv6 header and the header of upper layer protocols (e.g., UPD)

MIPv6 defines a Home Address Option that will be carried inside an IPv6 Destination Option Headerwhen a mobile is away from its home network and wants to send a packet, it uses the Home Address Option to inform the packets recipient of the mobiles home address

Format of IPv6 Destination Options Header Carrying a Mobile IPv6 Home Address Option

FieldsNext Header8-bit codeidentifies the type of header immediately following the destination options headerHeader Extension Length8-bit unsigned integerindicates the length of the destination options header in eight-octect units, not including the first eight octets

Option Typeidentifies the type of the Option carried in IPv6 Destination Options Header201, defined by MIPv6Option Length8-bit unsigned integerindicates the length of the Home Address Option in octets, excluding the Option Type field and the Option Length field

Home Addressthe home address of the mobile sending the packet

When a correspondent host (or a HA) receives a packet that carries a MIPv6 Home Address Optionif it does not have a binding entry for the home address carried in Home Address Optionit drops the packetif it has a binding entry for the home addressit replaces the source address in the packet header with the home address carried in the Home Address Option

2.5.4 Formats of Binding Update and Binding Acknowledgment MessagesMIPv6 Binding Update (BU) and Binding Acknowledgment (BA) messagestransported inside a special IPv6 extension header, the Mobility Header defined by MIPv6Mobility Headerplaced between IPv6 header and upper layer protocol (e.g., UDP or TCP) header of a user IPv6 packet

Mobile IPv6 Mobility Header

FieldsPayload Protocol8-bit valueidentifies the type of the header immediately following the Mobility HeaderHeader Length8-bit unsigned integerrepresents the length of the Mobility Header in units of octets, excluding the first eight octetsmust be a multiple of eight octets

Mobility Header Type8-bit valueidentifies the type of mobility message in the Message Data fieldReserved8-bit fieldreserved for future use

Checksum16-bit unsigned integerchecksum of the Mobility HeaderMessage Dataa variable-length fieldcontains a specific mobility message, such as a BU message or a BA messageNotea checksum is a form of redundancy check, a very simple measure for protecting the integrity of data by detecting errors in data

Format of MobileIPv6 Binding Update message

FieldsSequence Number16-bit unsigned integerused by receiving node to sequence BU messagesused by sending node to match a returned BA message with a BU messageA (acknowledge)1-bit flagset by sending node to request a BA message be returned by receiving node upon receipt of BU message

H (Home Registration)1-bit flagset by sending node to request that the receiving node act as the sending nodes HAL (Link-Local Address Compatibility)1-bit flagset when the home address reported by mobile node has the same interface identifier as the mobile nodes link-local address

interface identifiera number used to identify a nodes interface on a linkthe remaining low-order bits in the nodes IP address after the subnet prefixlink-local addressan address that is only valid within the scope of a link, such as one Ethernet segment

K (Key Management Mobility Capability)1-bit flagonly valid in a BU message sent to a HAset by the sending node to indicate whether the protocol used for establishing the IPsec security association between a mobile and its HA can survive movement

Reservedreserved for future useLifetime16-bit unsigned integerindicates the number of time units remaining before the binding expires

Mobility Optionsa variable-length field that contains one or more Mobility Options in a Type-Length-Value formatused to carry information needed for MIPv6 mobility management such as a mobiles CoAsecurity-related information needed for a receiving node to authenticate a received message

examples of Mobility OptionsAlternative CoA optionused to carry a mobiles CoABinding Authorization Data optionused to carry security-related information needed by the receiving node to authenticate and authorize BU message

Nonce Indices optiona nonce is a random number used by a correspondent node to help authenticate a BU from a mobilethis option is only used when BU message is sent to a correspondent nodethe correspondent node uses the information carried in this option with the information carried in the Binding Authorization Data option to authenticate a BU message from a mobile

Formats of Mobile IPv6 Alternative CoAOption and Binding Authorization Data Option

Alternative CoA Option FormatType3, identifies an Alternative CoA optionLengthlength in octets of the portion of this option starting immediately after the Length field16, means exactly one CoA will be carried in the option

Binding Authorization Data Option FormatType5, indicates a Binding Authorization Data optionOption Lengthlength in octets of the Authenticator fieldAuthenticatora cryptographic value used to determine that the message comes from a right user

Protects the following mobility data fieldsCare-of Addressfinal destination address of the packetMobility Header Datathe content of the Mobility Header excluding the Authenticator field

Format of Mobile IPv6Binding Acknowledgement Message

FieldsStatusan 8-bit unsigned integerindicating the status of how the corresponding BU message is processedKindicate whether the protocol used by a HA for establishing the IPsec security association between the mobile and the HA can survive movement

Reservedreserved for future useSequence Numbercopied from the Sequence Number field of the corresponding BU messageLifetimethe time, in units of 4 seconds, for which the sender of this BA message will retain the binding of the receiving node of this BA message

Mobility Optionsa variable-length field thatone or more Mobility Options in a Type-Length-Value format

A BA message may carry the following Mobility OptionsBinding Authorization Data optionused to carry the security-related information for the receiving node to authenticate the BA message

Binding Refresh Advice optionused by a HA to inform a mobile how often the mobile should send a new BU message to the HAthis option is only used in a BA sent by a HA to a mobile in response to a received BU message

2.5.5 Hierarchical Mobile IPv6 RegistrationWhen a mobile is far away from its HAthe process of binding update with HA may experience a long delayOne approach to reduce binding update delayimplement local HAs dynamically using the forwarding from the previous CoA

Mobile IPv6 Forwarding from PreviousCare-of Address" Mechanisms

Assumptions on a mobileoriginal home network is Subnet Aoriginal home agent, HA A, is in Subnet Amobile movementSubnet A Subnet B Subnet CScenariowhile a mobile in Subnet Bacquires a CoABperforms a binding update with original home agent HA A register CoAB as its primary CoA

When the mobile moves into Subnet Cacquires a new CoACthe mobile does not have to perform address binding with home agent HA Ait may send a Binding Update to home agent HA B to request HA B to serve as the HA for CoAB and use CoAC as the current care-of address for CoAB

packets addressed to the mobiles home address continue to be routed to mobiles home network, where they will be captured by mobiles HAHA continues to use CoAB as the primary care-of address for the mobile and tunnel intercepted packets to CoAB, i.e., to HA BHA B will extract the original packets from the tunnel and then tunnel them to the mobiles current CoAC, i.e., to the mobile itself

The forwarding from the previous CoA may be used to support hierarchical registrationconsider that the mobile subsequently moved from Subnet C to a new subnet D

One Approach to Support HierarchicalMobile IPv6 Registration

Upon entering subnet Dmobile will acquire a new CoADmobile can choose to make HA B its local HA and register its new CoAD with this local HA onlymobile uses forwarding from the previous CoA it sends a Binding Update message to HA B to use its CoA to update the CoA for its CoABwhen HA B receives packets that are addressed to CoAB it will tunnel them to the mobiles CoAD

2.6 SIP-Based Mobility ManagementMIPv4 and MIPv6IP-layer protocolsSession Initiation Protocol (SIP)application-layer protocolused to support mobility over IP networksused for signaling and control of real-time voice and multimedia applications overIP networks3GPP3GPP2

SIPAn application-layer protocol that can establish, modify, and terminate multimedia sessions (conferences) over the Interneta multimedia session is a set of senders and receivers and the data streams flowing from the senders to the receiversexample, a session may be a telephony call between two parties or a conference call among more than two partiesSIP can also be used to invite a participant to an on-going session such as a conference

SIP messages could contain session descriptions such that participants can negotiate with media types and other parameters of the sessionSIP provides its own mechanisms for reliable transmission and can run over several different transport protocols such as TCPUDPSCTP (Stream Control Transmission Protocol)SIP is compatible with both IPv4 and IPv6

SIP provides the following key capabilities for managing multimedia communicationsdetermine destination users current locationdetermine whether a user is willing to participate in a sessiondetermine the capabilities of a users terminalset up a session

manage a sessionmodify the parameters of a sessioninvoke service functions to provide services to a sessionterminate a session

SIP is a client-server protocol that uses a request and response transaction modelFour major components in SIP architectureSIP user agenta user agent (UA) is an Internet endpoint, such as IP phone, PC, or conference bridge, that is used to establish, modify, and terminate sessionsa UA could act as both a user agent client (UAC) and user agent server (UAS)

a UAC is a logical entity that initiates a requesta UAS, on the other hand, generates a response to a SIP requestSIP redirect servera redirect server is a UAS that generates a response to redirect a request to other location

SIP proxy servera proxy server assumes the roles of both UAC and UASit acts as an intermediary entity between other user agents to route SIP messages to the destination user

SIP registrara registrar is a UAS that processes SIP REGISTER requestsit maintains mappings from SIP user names to addresses and is the front end of the location serviceit is consulted by a SIP server to route messages

SIP in Redirect Mode

SIP in Proxy Mode

2.6.1 Movement DetectionSIP application to handle mobilityshould detect when the mobile terminal changes its IP address (e.g., moves into a new IP network) and what the new IP address will beDHCP can help to detect network change and acquire new IP addressesmobile may ask a DHCP server for a new IP address each time the mobile detects a handoff from one radio cell to anothermobile will supply its current IP address as the preferred address in its request sent to DHCP server

if the address assigned by the DHCP server is the same as the mobiles current IP address, the mobile is still in the same IP subnetotherwise, the mobile assumes that it has moved into a new IP networkonce the mobiles IP address changed, the software on the mobile should inform the SIP application of the changethe SIP applications should ensure that correspondent hosts can establish SIP sessions with the mobile at its new location

2.6.2 Pre-session Terminal MobilityPre-session terminal mobilitythe ability for correspondent hosts to establish a SIP session with a mobile regardless of where the mobile is located currentlyA SIP Redirect Server in a mobiles home network tracks the mobiles current locationprovides the location information to a caller so that the caller can contact the mobile at its new location directly to set up a SIP session

SIP-Based Pre-session Terminal Mobility Management

Scenarioa correspondent user sends a SIP INVITE message to SIP redirect server in the destination users home network to establish a SIP sessionthe SIP Redirect Server returns the destination terminals current location to the correspondent user

the correspondent user sends a new SIP INVITE message directly to the destination users current location to establish SIP sessiononce the session is successfully established, user data will flow between the users directly without having to traverse the SIP redirect server

Key difference between SIP Redirect Server and Mobile IP HA in tracking current locations of mobilesSIP Redirect Serversimply tells a caller where a destination is currently and will not be involved in relaying user traffic to the destinationmobility uses Direct Delivery strategy for delivering a call to a mobile destination

Mobile IPv4 HAwill also be responsible for relaying user packets to destination mobileMobile IPv4 uses the Relayed Delivery strategy for delivering traffic to a mobile

Location Update for SupportingSIP-based Terminal Mobility

SIP Redirect Server learns the users current location from users SIP REGISTRATION messageswhenever a user starts to use a new IP address (e.g., mobile terminal changes IP address or user uses a different terminal), it will register its new IP address with SIP Redirect Serveruser registration process may be performed directly with home register or via a SIP Proxy Server in visited network

Current location registrationmobile sends a SIP REGISTRATION message carrying its current location to its home SIP Redirect ServerHome SIP Redirect Server interacts with AAA servers in the home network to authenticate the userif authentication is positiveHome SIP Redirect Server returns a positive acknowledgment to the mobilelocation update process is thus completed

2.6.3 Mid-Session Terminal Mobility SupportMid-session (mid-call) terminal mobilitythe ability to maintain an on-going SIP session, whereas the mobile terminal moves from one IP subnet to anotherWhen the mobile changes its IP address in the middle of an on-going SIP sessionmobile will send a new SIP INVITE message to invite correspondent host to re-establish SIP session to mobiles new location

Upon receiving such update information and acknowledging the mobiles SIP INVITE requestthe correspondent host will start to use the mobiles new IP address to address the packets destined to the mobileThe mobile will update its location with its home SIP Redirect Server using location update procedure

SIP-Based Mid-SessionTerminal Mobility Management

2.6.4 Limitations of IP Mobility Using SIPLimitationLimitation-1a mobile using SIP mobility has to register its new IP address with a SIP server (e.g., a SIP Redirect Server) in the mobiles home network every time the mobile changes its IP addressthis could introduce long handoff delays when the mobile is far away from its home networkthis could also create a high load on home server

Resolutionhierarchical registration is used to reduce the registration latency

Limitation-2it is difficult for SIP-based mobility management to keep a TCP session alive while a mobile changes its IP addresschanging the IP address on either end of a TCP session will cause the TCP session to breakwith SIP-based terminal mobility, when a mobile changes its IP address, a correspondent host will have to address its outgoing packets to the mobiles new IP address

Resolutiona mobile terminal and a correspondent host uses a software agent called a SIPEYE agent to hide the IP address change from the on-going TCP sessions

A SIPEYE agent on a terminal operates as followsit maintains a list of the on-going TCP connections on the terminalit detects the birth and death of TCP connections by examining the headers of TCP packets

for each on-going TCP session, the SIPEYE agent records the following informationoriginal IP address of the terminalserved as a terminals source IP address when the TCP session was initiatedcurrent IP address of the terminalused to receive IP packets from the visited network

original IP address of the correspondent host for this TCP sessionserved as correspondent hosts source IP address when the TCP session was initiated

when the mobile terminal changes its IP addressit will send a SIP INFO message to the correspondent host of each on-going TCP session to inform them of the mobiles new IP addressthe TCP application on the mobiledoes not need to know that the mobile has changed its IP addresscontinues to use its original IP address as the source IP address in all outgoing TCP packets

The SIPEYE agent on a correspondent host operates as followsbeing notified that the mobile has changed its IP address encapsulate each outgoing TCP packet with a new IP header that carries the mobiles new IP address as the destination addressthese packets will be routed via regular IP routing to the mobile terminals new location

the TCP application on the correspondent host does not need to be aware that the mobile has changed its IP addresscontinues to address its outgoing packets to the mobiles original IP address

The SIPEYE agent on the mobile terminal operates as followsreceive such an encapsulating packet strip off the encapsulating header added by the correspondent hostdeliver the payload TCP packet to the TCP process

TCP applicationcontinue to use the original source and destination IP addresses throughout the on-going TCP session without any modification to the TCP protocolallows TCP session to remain alive when the mobile changes its IP address

SIPEYE approach has a potentially significant limitationit requires a SIPEYE agent to be implemented on every mobile and every correspondent hostits difficult over a large network such as Internet

2.7 Cellular IPWith Mobile IPwhen a mobile is far away from its HA and wants to register new IP address with its HAthis could lead to long handoff delay Cellular IPdesigned to support fast handoff in a wireless network of limited size (e.g. a network within the same administrative domain)mobile doesnt need to change its IP address while moving inside a Cellular IP network, and thus reducing handoff latency

Main reason for a mobile to change its IP address when moving into a new IP subnetregular IP routing uses prefix-based routingwhich divides network into subnets and requires different subnets to use disjoint IP address spacesCellular IPa mobile doesnt need to change its IP address inside a cellular networkdoes not use prefix-based routing

uses host-specific routingnetwork nodes perform routing and packet forwarding based on the full IP address of each mobilenetwork maintains a host-specific downlink route to forward packets to each mobile, rather than maintaining a route for each IP address prefix

Cellular IP

Two types of network nodes in Cellular IP networkBase Stations (BS)internal to a Cellular IP network and do not interface directly with external networkscan be a wireless access point that provides air interface to mobiles or a router that does not have any air interfaceGateway Routerinterconnects a Cellular IP network with external IP networks

Nodes use Cellular IP routing protocol to determineroutes from one node to anotherhost-specific downlink route to each mobile

2.7.1 Cellular IP RoutingUplink packetspackets originated from mobiles inside Cellular IP networkfirst routed hop-by-hop to gateway routergateway router determines where to route the packet and then forward the packet toward destinationperiodically broadcasts a beacon packet throughout Cellular IP network

BSrecords the interface on which the beacon packet is receiveduses reverse path to forward uplink packets to router

Downlink packetspackets sent over a host-specific downlink route from gateway router to a mobile inside Cellular IP networkhost-specific downlink routes are established and maintained by Cellular IP routingeach network node maintains a routing cachean entry in a routing cache is called a routing entry

a routing entry points to the next-hop network node along host-specific routethe host-specific downlink route to a mobile is established when any packet is forwarded from mobile toward gateway routeras a packet from a mobile is forwarded toward gateway router, each network node along the path packet will create a routing entry that points to BS from which the packet is received

Network nodes maintain routes in soft statesroutes will be removed if no route-update packet is received during a predetermined time periodwhen a mobile does not have any user packet to transmit, it may send small special route-update packets toward gateway to refresh route entries

Cellular IP integrates location management with routingeach time a mobile sends a route-update packet or any other packetthe downlink host-specific route for the mobile will also be updatedmobiles location is implicitly maintained by up-to-date host-specific downlink route to the mobile

The way Cellular IP BSs learn the routes to the gateway router and to each mobile suggests that the physical configuration of a Cellular IP network has to be loop free, i.e., a tree or a stringotherwise, routing loops may occur

exampleif there is a physical connection between BSs 3 and 4; i.e., BSs 1, 3, and 4 form a loopwhen gateway router broadcasts beacon packets, BSs 3 and 4 will receive beacon from each otherBS 3 will take BS 4 as the next hop to forward uplink packet, and BS 4 will take BS 3 as the next hop to forward uplink packet forms a routing loop

2.7.2 Handoffs Inside a Cellular IP NetworkCellular IP supports two types of handoffshard handoffsemi-soft handoff

Hard HandoffImplemented using Break-before-Make strategy When a mobile moves from old BS to new BS, it tunes its radio to new BSThe packets on the way to old BS may be lostMobile then sends a route-update packet toward gateway router

Route-update packet triggers the nodes along its path to setup a host-specific downlink route for mobilethe route-update packet will eventually reach a cross-over nodecross-over node is a node shared bymobile's old downlink host-specific route that goes to old BSmobile's new downlink host-specific route set up by current route-update packet

examplesif mobile moves from BS 3 to BS 4, the cross-over node will be BS 1if mobile moves from BS 5 to BS 6, the cross-over node will be BS 2

When route-update packet reaches a cross-over nodethis node will update mobile's downlink host-specific route and start to forward future packets to mobile's new BSpackets that have already been on their way to old BS may be lost

Semi-Soft HandoffAllows a mobile to receive packets from old BS before network sets up its route to new BSMobiletunes its radio to new BSsends a semi-soft handoff packet via new BS toward gatewaytunes its radio back to old BS immediately to continue receiving packets from old BS while network is setting up mobile's downlink host-specific route to new BS

Semi-soft handoff packettriggers nodes on its path to set up a downlink host-specific route to new BS for the mobilewhen this packet reaches the first cross-over node, this node will start forwarding packets to both old and new BSsAfter a predetermined amount of delay (expected downlink host-specific route setup time)mobile disconnects from old BS and tunes its radio to new BS to receive packets from new BS only

2.7.3 Handoff between Cellular IP Networks or between Cellular IP and Regular IP Networks Handled by a macromobility management protocol (e.g., Mobile IP) Mobile inside a Cellular IP networkuses the IP address of gateway router as its Mobile IP CoAuses its Mobile IP home address to send and receive packets over Cellular IP network

Upon entering a new Cellular IP networkmobile sends a route-update packet toward gateway router to trigger new Cellular IP network to set up a downlink host-specific route for the mobileGateway router acts as a Mobile IP FAsends Mobile IP Agent Advertisement messages to mobile after it receives the first packet from mobile

mobilelearns the IP address of gateway router from Advertisementuses this address as its new CoAregisters this address with its HA

After a successful Mobile IP registrationpackets addressed to mobile's home address will be tunneled by mobile's HA to mobile's current CoA (the IP address of gateway router)Gateway router will de-tunnel packets and forward the payload packets along the downlink host-specific route to mobile directly without encapsulation or tunneling

2.7.4 Paging Dormant (idle) mobilea mobile that has not transmitted packets for a predefined time period (active-state-timeout)For a mobile that has not sent packets over active-state-timeoutits host-specific route will be removed by networkWhen a gateway router has packets to send to a mobileif the router does not have a valid routing entry for mobile (i.e., mobile is dormant), it will initiate paging to locate mobile first

To support pagingCellular IP organizes BSs into paging areaswhen a dormant mobile crosses a paging area boundary, it updates its location with the network by sending a paging-update packet to gateway routerthis packet is addressed to gateway router and forwarded by BSs hop-by-hop to the router

A network node may optionally use a paging cache to maintain paging routes for dormant mobilespaging entry in the cachepoints to the next-hop network node along the paging route to a specific dormant mobilepaging update packettrigger the network nodes, which have paging caches, to create a new paging entry or update its existing paging entry

Paging in Cellular IP Networks

When a node receives a downlink packet to send to a mobile but does not have a valid routing entrythe node will check if it has a valid paging entry for the mobileif it does, it will forward a paging message along the paging route toward mobileotherwise, it will broadcast a paging message over all its interfaces except the one that receives packets

When a paging message reaches the first BS in the dormant mobile's current paging areathis message will be broadcast over the paging area to all BSs and, hence, to all mobiles inside the paging area

Upon receiving a paging message or any other packet, a dormant mobile will transit into active modestart to send route-update packets toward gateway routertrigger network to set up and maintain a host-specific downlink route for the mobile

The paging entries are maintained as soft statesa dormant mobile may refresh its paging route by periodically sending paging-update packets to gateway router

Paging-update packets cannot be used to update routing cachesas a result, a network node may maintain only a paging entry for a dormant mobile, but it does not need to maintain any routing entry for the mobilethis reduces the sizes of the routing caches because a large percentage of the mobiles may be dormant at any given time in a real wireless network

When a BS wants to send a packet to an active mobileit only needs to search the routing cache, which reduces the delay incurred by table lookups at the BSs

2.8 HAWAIIHandoff-Aware Wireless Access Internet InfrastructureHAWAII and Cellular IP are similar in many ways both designed to support fast handoff and paging inside a wireless network under a single administrative domainuse similar techniquesuse host-specific routes to deliver packets to mobilereduce handoff