Support for Network-based User Mobility with LISP
Download as PPTX, PDF1 like691 views
LISP (Locator/ID Separation Protocol) allows separating a host's identifier (EID) from its locator (RLOC), enabling mobility as the user's RLOC can change without affecting the EID. The document proposes LISP-ROAM, a network-based solution using LISP to provide connection continuity for users roaming across Wi-Fi networks. It presents a 5-step process: 1) user authentication via RADIUS, 2) retrieving the user's EID, 3) local configuration, 4) retrieving the home Map-Server details, and 5) updating the user's location. This allows maintaining TCP connections using constant EIDs as the user's RLOC is dynamically updated. Performance
Support for Network-based User Mobility with LISP
- 1. Support for Network-based User Mobility with LISP ANDREA GALVANI S U P E R VISO R PR O F. F U LVI O R I S S O ACA D E MI C T U TO R S P R O F. A L B E R T CA B E L LO S -A PA R ICIO M.S. A L B E R TO R ODR IG UEZ -NATAL
- 2. Wi-Fi Mobility Users switching between Wi-Fi networks (Handover)
- 3. Scenario A user is doing a VoIP call, or exchanging a file, ...
- 4. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
- 5. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
- 6. Problem A TCP connection is represented by a 4-tuple: <source IP, source Port, destination IP, destination port> When the user moves, his IP changes The TCP connection is released
- 7. “Network-based” Host-based: additional software needs to be installed on the user’s host Network-based: No modifications to users’ devices required The network components take care of the mobile hosts’ mobility
- 8. Goals Connection continuity when roaming across Wi-Fi networks Users’ devices use standard TCP/IP stack Network components are in charge of managing users’ mobility Minimize modifications to other components Keep a high level of abstraction for future developments
- 9. State of the art IETF standards •Mobile IP v4 / v6 •Proxy Mobile IP v6 Adopted in 3G networks ...No standards for Wi-Fi networks
- 10. IP address constraint The IP address represents two properties at the same time • User’s identity • User’s location User’s location changes → User’s IP changes
- 11. LISP Locator/ID Separation Protocol Loc/ID split • One address space for user’s identity (EID – Endpoint IDentifier) • One address space for user’s location (RLOC – Routing LOCator) User’s location changes → User’s RLOC changes
- 12. LISP overview • xTR (Edge Router) RLOC: 130.1.1.3 • Subnetwork with EID-prefix • Users in the network are given an EID from the prefix • A Map-Server is used for storing mappings • A Map-Resolver for retrieving mappings EID – RLOC 10.1.1.0/24 – 130.1.1.3 EID: 10.1.1.7 EID-prefix: 10.1.1.0 /24
- 13. LISP in a nutshell RLOC: 130.1.1.3 IP ping RLOC: 150.1.1.5 2 10.1.1.1 → 10.1.2.3 ICMP Internet 1 3 Map-Reply 10.1.2.3 – 150.1.1.5 EID: 10.1.1.1 EID-prefix: 10.1.1.0 /24 EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
- 14. LISP in a nutshell RLOC: 130.1.1.3 Internet RLOC: 150.1.1.5 4 IP 10.1.1.1 → 10.1.2.3 ICMP ping IP UDP 4341 -> 4341 LISP ICMP EID-prefix: 10.1.1.0 /24 10.1.1.1 → 10.1.2.3 ICMP ping (Data) IP EID: 10.1.1.1 IP 130.1.1.3 → 150.1.1.5 5 10.1.1.1 → 10.1.2.3 ping RLOC: global scope EID: local scope EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
- 15. Idea 130.1.1.3 User’s mapping 10.1.1.1 – 130.1.1.3 10.1.1.1 150.1.1.5 10.1.2.3
- 16. Idea 130.1.1.3 10.1.1.1 150.1.1.5 User’s mapping 10.1.1.1 – 150.1.1.5 10.1.2.3 Update user’s RLOC when he moves Establish TCP connections using EIDs
- 17. Solution Design – LISP-ROAM A solution to be implemented by Internet Service Providers New mobility service Full trust agreement Possibility to roam across every network User is assigned a fixed EID
- 18. Five Steps Everytime a user connects to a network... 1. User authentication 2. User’s EID retrieval 3. User’s local configuration 4. User’s home Map-Server retrieval 5. User’s location update
- 19. 1. User authentication Username alice *** bob RADIUS Password *** RADIUS Server We need to keep track of the user while he moves alice@domainA.com *** EAP 802.1x standard xTR checks credentials with RADIUS domainA.com RADIUS Server stores users’ credentials
- 20. 2. User’s EID retrieval Access-Request alice, *** 2 3 Access-Accept EID = 10.1.2.121 alice@domainA.com *** 1 domainA.com Username Password EID alice *** 10.1.2.121 bob *** 10.1.2.137 The RADIUS Server can store multiple attributes It’s possible to store user’s EID The RADIUS Server returns the EID embedded in the Access-Accept
- 21. 3. User’s local configuration • If the user is in his home network He’s part of the EIDprefix 10.1.1.169 EID-prefix: 10.1.1.0 /24
- 22. 3. User’s local configuration • If the user is in his home network 10.1.2.122 He’s part of the EID-prefix • If the user is foreign A local virtual interface is created The xTR is the default gateway for the user 10.1.2.121 EID-prefix: 10.1.2.120 /30 EID-prefix: 10.1.1.0 /24
- 23. User’s home Map-Server One Map-Server per domain All Map-Servers form a Distributed Mapping System Home Map-Server of domain A Map-Register 10.3.3.0/24 – 130.1.1.3 Authenticated 130.1.1.1 130.1.1.3 Home Map-Server Home domain’s Map-Server Every xTR knows the key related to its EID-prefix EID-prefix: 10.1.1.0 /24 EID-prefix: 10.3.3.0 /24 domainA.com
- 24. 4. User’s home Map-Server When a foreign user connects to a network the xTR has to retrieve user’s home Map-Server’s... 1. Address Can be done using the LISP infrastructure ...or through other systems (DNS) 2. Key ...use RADIUS attributes
- 25. 4. User’s home Map-Server address EID RLOC 10.1.2.0/24 80.8.8.1 80.8.8.1 3 80.8.8.5 Map-Reply Map-Request 10.1.2.121 2 130.1.1.3 80.8.8.5 → 130.1.1.3 IP UDP 4342 → 4342 1 10.1.2.121 – 80.8.8.1 alice@domainA.com *** Map-Server’s IP = 10.1.2.121 EID-prefix: outer source IP 10.1.1.0 /24 LISP EID-prefix: 10.1.2.0 /24 domainA.com domainB.com
- 26. 4. User’s home Map-Server key Username Password EID Map-Server key alice *** 10.1.2.121 «secret» bob *** 10.1.2.137 «secret» 2 3 Access-Accept EID = 10.1.2.121 Key = «secret» 1 domainA.com Home Map-Server’s key returned with Access-Accept
- 27. 5. User’s location update EID RLOC 10.1.2.0/24 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 80.8.8.1 10.1.2.121/32 130.1.1.3 80.8.8.1 10.1.1.0/24 130.1.1.3 alice EID 10.1.2.121 MS address 80.8.8.5 MS key domainA.com RLOC 130.1.1.3 80.8.8.5 Username EID-prefix: 10.1.2.0 /24 EID «secret» alice@domainA.com *** EID-prefix: 10.1.1.0 /24 domainB.com
- 28. Update correspondent nodes 3 LISP Map-Server / Map-Resolver 4 4 Map-Request / Map-Reply for 10.1.2.121 1 5 6 10.1.2.121 7 10.1.2.121 2 Correspondent node
- 29. Test bed «LISP-B» «LISP-A» 10.1.2.121 alice@domainB.com EID-prefix: 10.1.1.0 /24 domainA.com FOREIGN 10.1.2.121 EID-prefix: 10.1.2.0 /24 10.1.3.165 domainB.com HOME
- 30. Handover test Latency / Packet loss 1. User home / foreign • User connects to his home / a foreign network 2. User known / unknown • User has connected before to the network
- 31. Results – User unknown
- 32. Results – User known
- 33. ...other proposals No full trust between ISPs ISPs don’t share Map-Servers’ key No fixed EID for user LISP-MAC LISP-RADIUS
- 34. LISP-MAC •User assigned to a specific xTR of the domain Home xTR •MAC Mapping System MAChost – IPHomexTR •When a user connects to a foreign network Dialogue between foreign and home xTR
- 35. EID RLOC 10.1.2.0/24 LISP-MAC 80.8.8.1 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 10.1.2.121/32 130.1.1.3 MAC IPhomexTR MAChost 80.8.8.1 80.8.8.1 6 DHCP Request / ACK 4 EID RLOC 10.1.1.0/24 130.1.1.3 2 Map-Request MAChost Map-Reply MAChost - 80.8.8.1 130.1.1.3 3 5 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify 6 1 DHCP Request MAChost DHCP ACK 10.1.2.121 EID-prefix: 10.1.1.0 /24 domainB.com
- 36. LISP-RADIUS • User assigned to a specific xTR of the domain Home xTR • When a user connects to a foreign network Dialogue between foreign and home xTR •802.1x dialogue User authentication IPHomexTR
- 37. EID RLOC 10.1.2.0/24 LISP-RADIUS 80.8.8.1 10.1.2.121/32 130.1.1.3 Username Password IPhomexTR alice *** 80.8.8.1 bob *** EID Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 7 80.8.8.1 80.8.8.1 DHCP Request / ACK RLOC 10.1.1.0/24 130.1.1.3 Access-Request 2 alice@domainA.com *** 3 Access-Accept IPhomexTR = 80.8.8.1 130.1.1.3 5 6 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify EAP dialogue 1 alice@domainA.com *** DHCP Request 4 MAChost EID-prefix: 10.1.1.0 /24 7 DHCP ACK 10.1.2.121 domainB.com
- 38. Conclusions LISP-ROAM actually achieves connection continuity in user mobility It can be considered a suitable solution for realistic scenarios (buildings, campuses, ...) The solution has been tested in a small scope but can be considered being implemented in wider scenarios (ISP level) The assumptions made allow future extension / interoperability with 3G operators
- 39. Video demo Mobile host switching between Wi-Fi networks, while communicating with Correspondent Node (ping / TCP)
- 40. Thanks for your attention bit.ly/lisp-roam Andrea Galvani and.galva@gmail.com