Mobile IP

from Wikipedia, the free encyclopedia

Mobile IP is a network protocol standard of the Internet Engineering Task Force (IETF) that was designed to enable users of mobile devices such as notebooks to switch from one computer network to another while retaining a fixed IP address .

Mobile IP provides an efficient and scalable mechanism for the mobility of computers on the Internet. With Mobile IP it is possible for mobile computers to change their access point to the Internet and still retain their (static) IP address. This ensures that connections of the transport layer remain in place while a network change takes place.

initial situation

IP came about at a time when mobile computers that would access the Internet at any time and anywhere were hardly conceivable. However, a mobile computer can no longer receive data without changing the original protocols as soon as it leaves the network for which it was originally configured. In a network based on TCP / IP , it has, like all other nodes, a unique IP address that shows that it belongs to a specific subnet . If he leaves the previous network, he must receive a new topologically correct IP address, the network part of which belongs to the address range of the new subnet. A manual change of the configuration is not reasonable for many users, the protocol stack should react automatically to the change.

DHCP (Dynamic Host Configuration Protocol) supports mobility by enabling the automatic configuration of newly connected computers. However, the change of location also results in a change in the IP address. If a mobile computer offers services itself, it may no longer be found in the network by its communication partners. Although DNS (Domain Name System) enables a logical name to be mapped to an IP address, it takes a while for changes to spread across the network. Frequent, rapid changes to the mapping would be too time-consuming due to the large number of update messages required.

In addition, higher-layer protocols rely on IP addresses, such as TCP, whose connections are identified by pairs of IP addresses and ports ( sockets ). A change of the IP address during an open TCP connection causes it to collapse. However, if a node retains its address despite a change of location, the route through the network changes. The routing fails.

With these issues in mind, IP should be expanded to support mobility.

Motivation and requirements

Mobile IP aims to ensure that a mobile computer can always be reached via a permanent IP address, even if it moves from network to network. This enables connections to be maintained at higher layers, for example TCP. The following requirements must be met:

compatibility
Changes to the existing infrastructure (nodes, applications, protocols) should not be necessary. It should be possible to use the same address formats and routing procedures.
transparency
The mobility should be invisible to layers above the network layer so that they can work unchanged. For TCP this means, for example, that the computer to which there is a connection keeps its IP address.
Scalability
The number of mobile devices can change without the process having to be modified.
Efficiency
The amount of data transferred should be as small as possible.
safety
All packets that are used to insert the mobile computer into the network must be authenticated. This includes the integrity of the data as well as proof of its origin.

Overview and basic terms

The functionality of Mobile IP can be compared to a forwarding order from Swiss Post. A recipient changes their whereabouts and is given a new address. He instructs the post office at his old place of residence with a forwarding order. The recipient address of the letters sent to him is pasted over there with the new destination address so that the mail items can be forwarded to the new address. Post at the new location can then forward the consignment to the recipient without the sender knowing that the recipient has moved.

Similarly, Mobile IP enables mobile computers to be addressed at a fixed (the "original") address even when the network changes, without the communication partner becoming aware of their mobility. In this way, ongoing communication can be maintained.

The subnet for which the mobile computer was originally configured is called the home network . The sub-network in which the mobile computer is currently located is referred to as the foreign network.

The home agent (Home Agent) is a node in the home network, a mobile computer registers on the, if it is in a foreign network. It should intercept packets addressed to the mobile computer and forward them to it. Changes the mobile computer into a foreign network, he must be there with a foreign agent signing (Foreign Agent). This stores information about the mobile computer, e.g. B. its topologically correct IP address ( care-of address ). The foreign agent can also serve as a standard router for the mobile computer if it wants to send data from the foreign network itself.

The IP address of the mobile computer in the home network is known as the home address . It is also retained when switching to another network. The Care-of-Address (CoA, Care-of-Address) is the topologically correct IP address under which a mobile computer can be reached in an external network. It usually corresponds to an IP address of the foreign agent with which the mobile computer has previously registered.

The protocol extensions developed compared to IP essentially comprise three mechanisms:

  • Agent Discovery: Allows the mobile computer to find potential agents.
  • Registration: Allows the mobile computer to inform its home agent of its care-of address.
  • Tunneling : Agreements on forwarding rules for packets.

Preparatory actions

Before the data transfer between a communication partner and the mobile computer that has left its home network can begin, some preparations are necessary.

Agent Discovery

The mobile computer must be able to determine its current location and potential agents at any time. This information process is known as Agent Discovery and consists of two types of messages, Agent Advertisement and Agent Solicitation . Both use an extension of ICMP (Internet Control Message Protocol), a protocol for exchanging error messages and messages for controlling data transfer between network devices.

Agent advertisement is understood to be messages sent at regular intervals as broadcast messages from home or foreign agents who offer their service to possible mobile computers in their subnet. By listening to these messages, the mobile computer can determine whether it is in its home network or a foreign sub-network and which is its current foreign agent. He can also find out whether his whereabouts have changed since the last advertisement. Agent advertisements can contain the following information:

  • Whether the agent is available as a home or foreign agent,
  • Whether the mobile computer has to register with the foreign agent, even when using a co-located care-of address,
  • Encapsulation methods supported,
  • The announcement of an available care-of address (in the case of a foreign agent),
  • The length of time a registration is valid.

Alternatively, the mobile computer can send out an agent solicitation, an explicit request to possible agents to send an agent advertisement. In this way he can force potential agents to identify themselves immediately and thus shorten the waiting time.

Allocation of a care-of address

In order to be addressable in the foreign network, the mobile computer needs a care-of address that belongs to the address range of the current subnet. It defines where the packets sent to the mobile computer are ultimately sent. If the mobile computer has registered with a foreign agent in the foreign network, it can now be assigned a foreign agent care-of address. This is usually an IP address of the foreign agent. Several mobile computers can use the same foreign agent care-of address.

Ultimately, a mobile computer has two IP addresses, the permanent home address and a temporary care-of address. The mobile computer is only known to possible communication partners at its home address.

Registration of the mobile computer in the home network

After the mobile computer has received a care-of address, the active foreign agent can forward a registration request to the home agent in order to inform them of the new location of the mobile computer. This is necessary so that packets can be correctly forwarded to him. The registration request contains, among other things, the home address of the mobile computer, the IP address of the home agent and the care-of address as the end point of the tunnel. In addition, the tunneling procedure is specified, via which the data transport between the home and foreign agent should run, as well as parameters for the authentication.

The home agent saves this information in a registration table (binding table) and can thus reach every mobile computer that has registered with him. The home agent then sends a response back to the foreign agent, which forwards it to the mobile computer. If a mobile computer later returns to its home network, it logs itself off directly from the home agent after an agent discovery and receives the packets intended for it again itself. Support from Mobile IP is no longer necessary.

Data transfer

After completing the preparatory measures, the data transfer via Mobile IP can begin.

Transmission from the transmitter to the home network

The transmitter can either be inside or outside the home network of the mobile computer. Of course, he only knows the home address of the mobile computer, not its current care-of address. If he wants to send data to the mobile computer, he enters its home address as the destination address and his own address as the source address. The packet arrives at the router that is responsible for the home network using the usual IP routing method, and therefore always first in the home network. This is possible because the home address logically belongs to the network to which the home agent is connected.

Transmission from home agent to mobile computer

The home agent intercepts IP packets sent to the mobile computer on a representative basis. To do this, it pretends to be the mobile computer through Proxy ARP . In the ARP message, it specifies the IP address of the mobile computer, but its own MAC address. Instead of forwarding the intercepted packet to a node that is physically located in the home network, the packet is "redirected" in the direction of the foreign agent ( tunneling ). Encapsulation is necessary for forwarding . This is generally understood to mean that a received packet becomes the useful data part of a new packet, which is preceded by a new, outer header. The reverse is known as decapsulation. Both mechanisms are normally used when data packets are transferred to the layers below or above the layer model. In Mobile IP, however, this is done within the same protocol layer.

An outer header is placed in front of the received IP packet. The header and user data of the received packet become the payload of the new packet. The routers only look at the IP addresses in the outer header. The home agent looks for an entry in its registration table for the destination address (home address) specified in the packet and reads out the corresponding care-of address. This is now entered in the outer header as the destination address, the address of the home agent as the source address. The only change to the inner header is the reduction in the lifetime of the packet (TTL, Time to Live ) by 1. From the perspective of the original packet, the entire tunnel is 1 in length, regardless of the number of routers actually crossed. The mobile computer can behave as if it were directly connected to the home network, which also corresponds to the requirement for transparency. A tunnel is a virtual point-to-point connection between two network nodes, between which any number of subnets can be located. The encapsulation is necessary so that the packets to be sent can be understood at the start and end of the tunnel. The packet is finally conveyed through the tunnel from the home agent (start point) to the foreign agent (end point). The foreign agent, as the end point of the tunnel and owner of the care-of address, receives the packet, removes the outer header (decapsulation) and finally forwards it via the connection layer to the hardware address of the mobile computer. The foreign agent does not necessarily have to be the entry router of the foreign network; it can also be located at another point within the foreign network. The mobile computer is not aware of its mobility insofar as it receives the package with the same address details as would have been the case in the home network.

The mobile computer as a transmitter

If the mobile computer wants to send data itself, it does not send it to the home agent, but directly to its communication partner. He enters his home address as the source address of an IP packet and the address of the recipient as the destination address. The packet is now transmitted to the recipient via the external agent - if it acts as the standard router for the mobile computer - using conventional IP routing.

Standard Procedure Problems

If the reception and transmission processes are represented graphically in accordance with this description, a triangle structure results, which is why the method is also referred to as triangle routing . The efficient and at first glance very simple mechanism is not always applicable.

Routers or firewalls can filter packets with suspicious IP addresses for security reasons. This can refer to both source and destination addresses. The home address specified by the mobile computer as the source address when sending is of course not topologically correct in the foreign network, so it could well be interpreted as a forgery. Furthermore, an ingress filter can be switched on to protect networks from undesired incoming data traffic. As invalid e.g. B. packets are perceived whose source address is in the own network, but which come from outside. This is to prevent other computers from pretending to be internal computers. The home address given as the source address in the packets of the mobile computer can therefore be interpreted as an attempt at deception. This can mean that the mobile computer cannot send packets to its own home network and thus impair the functionality of Mobile IP. To remedy this, the filter would have to be configured in such a way that it allows packets to pass whose source address belongs to its own network, but the sender is also registered as a mobile computer in the home network.

That being said, package life can also be an issue. If the mobile computer is in the home network, the packets need a certain lifespan in order to reach their respective recipients. If the mobile computer now switches to a foreign network, more hops than before could be required in the home network to reach the recipient. The lifespan specified in the package might have to be increased, but this contradicts the requirement for transparency.

Reverse tunneling

To solve the problems explained, reverse tunneling was developed as an additional method and described in RFCs 3024 and 3344. Here, packets from the mobile computer are tunneled back to the home agent on the way back. The foreign agent encapsulates the packets from the mobile computer and enters the care-of address as the source address and the address of the home agent as the destination address in the outer header. At the end of the tunnel, the home agent receives the packet, decapsulates it and sends the original packet, which contains the address of the communication partner as the destination address and the home address as the source address, in the direction of the destination address via conventional routing methods to the communication partner. Obviously, this method is less efficient than triangle routing, but it can be necessary for the reasons mentioned above.

functionality

To ensure that the fixed IP address is retained, Mobile IP equips each end device with two addresses: the primary address is the so-called home address, the secondary is the care-of-address (COA).

When the mobile computer (mobile host) leaves its home network and registers in a foreign network, it is assigned a COA which it informs its home agent (a special computer in its home network). With data traffic, this home agent forwards incoming data packets to the COA and thus to the mobile host ( IP-to-IP encapsulation ).

If, on the other hand, the mobile computer wants to send packets, it can normally send them without going through the home agent, since the normal IP routing mechanisms ensure that the packet reaches its destination.

When the mobile computer returns to its home network, it logs itself off from the foreign agent so that packets addressed to it can be delivered again without a detour via the home agent.

ARP in the home network

As the home address is taken along by the mobile computer, the problem arises for computers that are in the home network of the mobile computer that they can no longer reach it after it has left the home network. By using gratuitous ARP and an ARP proxy , the mobile nodes remote from the home network can still be reached. In addition, the home agent pretends to be the missing mobile computer for ARP requests through ARP proxying.

There are two variants for managing data traffic.

Mobileip.PNG

Co Located Care-Of-Address

Here the mobile host takes over the forward management . It uses the home address (for the higher protocol layers) and the COA (for the lower protocol layers) at the same time. The COA is assigned to the mobile host from a local IP address pool (e.g. via DHCP ), as would also be the case with a stationary host. Therefore the local routers cannot distinguish whether the host is a mobile or a stationary one.

The advantage here is that the local infrastructure can be used and no foreign agent is required.

Foreign Agent Care-Of-Address

Here, the COA is assigned to the mobile host by a special computer ( foreign agent ) in the foreign network. To do this, the mobile host must first register with the foreign agent (it does NOT get an address from the foreign network). With this variant, the foreign agent takes over the forwarding of the data from the HA to the mobile host (and with reverse tunneling also vice versa from the mobile host to the HA).

In order to log on to the foreign agent , the mobile host first needs its address.

Finding the Foreign Agent

  1. After arriving in the foreign network, the mobile host first sends an ICMP router solicitation message.
  2. The foreign agent replies with a normal ICMP router advertisement message, which is extended by a mobility agent advertisement extension . This contains all the information that the mobile host needs.
  3. The mobile host can now be registered using the Mobile IP registration procedure.

future

There are extended variants for IPv6 such as Mobile IPv6, Hierarchical Mobile IPv6 and Fast Mobile IPv6. Thanks to the advanced routing capabilities of IPv6, this may be a problem here. a. The possibility has been added to send packages directly to the mobile computer without going through the home agent. Above all, packet losses when changing networks are reduced or avoided, so that time-critical applications can also be used without interruption. With Proxy Mobile IPv6 ( RFC 5213 ), mobility management is implemented entirely on the network side , and improved mobility can be made available to all users without changes to the end devices.

Web links