CS 80240333,CUI Yong,1,Mobile IP -MIPv6, PMIPv6, NEMO,CS 80240333 Instructor: CUI Yong,Outline,Mobile IPv6(MIPv6) MIPv6 Overview MIPv6 Security Summary Proxy Mobile IPv6(PMIPv6) Background PMIPv6 Overview PMIPv6 Extensions Network Mobility(NEMO) NEMO Overview Applications Basic Support,CS 80240333,CUI Yong,2,Outline,Mobile IPv6(MIPv6) MIPv6 Overview MIPv6 Security Summary Proxy Mobile IPv6(PMIPv6) Background PMIPv6 Overview PMIPv6 Extensions Network Mobility(NEMO) NEMO Overview Applications Basic Support,CS 80240333,CUI Yong,3,Why Mobile IPv6?,the Lessons learnt from Mobile IPv4 Triangle Routing Problem Ingress Filtering Security Issues Insider Attacks Denial of Service Attack (DOS) Replay Attacks benefits from opportunities provided by IPv6 Enough IP address,CS 80240333,CUI Yong,4,Conceptual data structures,CN: Binding Cache When sending a packet, the Binding Cache is searched before the Neighbor Discovery conceptual Destination Cache HA: Binding Cache and Home Agents List The Home Agents List is used by the dynamic home agent address discovery mechanism MN: Binding Update List It records information for each BU sent by this MN, in which the lifetime of the binding has not yet expired The Binding Update List includes all bindings sent by the MN either to its HA or CNs,CS 80240333,CUI Yong,5,Mobile IPv6 basic operation,Movement Detection: Detect L3 handovers Neighbor Unreachability Detection (NUD) Default router is no longer bi-directionally reachable Router Discovery: select a new default router Prefix Discovery: form new care-of address Home registration Correspondent registration (Route Optimization),CS 80240333,CUI Yong,6,Packet delivery in home network,CS 80240333,CUI Yong,7,HA,Home Network,Foreign Network,Internet,CN,Mobile Node,S：CNs IP D：MNs Home Address,IP Header,PayLoad,S：MNs Home Address D：CNs IP,Home registration,CS 80240333,CUI Yong,8,HA,Foreign Network,Internet,CN,Home Network,Binding Update,Binding Ack,Mobile Node,MH=5,MH=6,S： Home Agents address D：MNs CoA,S： MNs CoA D： Home Agents address,Home registration(Contd),Set H-bit & A-bit in the Binding Updates sent to the HA MNs home address in Home Address destination option Source address = Care-of address Set L-bit if the MNs link-local address (for the new care-of-address) has the same interface ID as the home address Set K-bit if the IPsec SAs between the MN and the HA have been established dynamically, and the mobile node has the capability to update its endpoint in the used key management protocol to the new care-of address every time it moves,CS 80240333,CUI Yong,9,Home registration(Contd),Sequence # Used by the receiving node to sequence BUs and by the sending node to match a returned BACK with this BU Lifetime The number of time units remaining before the binding must be considered expired One time unit is 4 seconds,CS 80240333,CUI Yong,10,Packet delivery in foreign network,CS 80240333,CUI Yong,11,HA,Foreign Network,Internet,CN,Home Network,Mobile Node,S：CNs IP D：MNs Home Address,S：:Home Agents address D：MNs COA,S：:CNs IP D：MNs Home Address,CN registration,CS 80240333,CUI Yong,12,HA,Internet,CN,Home Network,Mobile Node,Binding Update,Binding Ack,MH=5,MH=6,S： CNs IP D： MNs CoA,S： MNs CoA D： CNs IP,Correspondent registration(Contd),Allowing the CN to cache the MNs current care-of address Return Routability procedure + registration After home registration, the MN should initiate a correspondent registration for each node that already appears in the MNs Binding Update List The initiated procedures can be used to either update or delete binding information in the CN In addition, MN initiate the registration in response to receiving a packet tunneled using IPv6 encapsulation,CS 80240333,CUI Yong,13,Correspondent registration(Contd),A Binding Update is created as follows Source address of the IPv6 header = the current care-of address Destination address = the address of the CN Mobility header with MH type = 5, including the Binding Authorization Data and the Nonce Indices mobility options Home Address destination option = MNs home address,CS 80240333,CUI Yong,14,Packet delivery in foreign network,CS 80240333,CUI Yong,15,HA,Internet,CN,Home Network,Mobile Node,S：MNs COA D：CNs IP,S：CNs IP D：MNs COA,Dynamic home agent discovery,When attached to a Foreign Network, a Mobile Node might not know the address of its Home Agent With DHAAD, Mobile Node only needs a home network prefix configured and it can dynamically find the address of a Home Agent on its home network,CS 80240333,CUI Yong,16,Home agent discovery mechanism,CS 80240333,CUI Yong,17,Internet,Home Agent 3,Correspondent Node,Mobile Node,Router,Router,Router,Home Link Link A,Link B,Link C,Binding Update to Home-Agents anycast address Binding Acknowledgement including the Home Agents List; rejects the registration request,Home Agent