A policy-based per-flow mobility management system

design

M. Kantor, G. Ormazabal, R. State, T. Engel

IPTComm 2015, 6th October 2015, Chicago

• Motivation

• Network architecture

• OpenFlow-enabled Multi-Mode Terminal mobile device (OF-MMT) architecture

• Per-flow mobility management architecture

• Policy engine logic architecture

• End-to-end network connectivity

• Conclusions

Agenda

• Mobile devices

– support a variety of network interfaces (Wi-Fi, 3G, WiMAX, LTE, ...)

– connect to several networks at the same time

• Diverse and heterogeneous network connectivity

– increase reliability and performance, using the links

• sequentially

• in parallel

– schedule intelligently applications

• smart selection of network access

• best user experience while consuming network services

Motivation (1)

Seamless handover!

• Seamless handover requirements

– routing / rerouting

– reconfiguration

– location management

– address management

– session identification

– session migration

– smart selection of network access

Network Function Virtualization (NFV) + Software Defined Networking (SDN)

Motivation (2)

Network Architecture

OF-MMT Architecture

OF-MMT’s Open vSwitch Architecture

Per-flow Mobility Management Architecture

Policy Engine Logic Architecture

• SDN network attachment • SDN network connectivity management• Host-based mobility - tunnel establishment• Per-application flow table• Data transfer

End-to-end Network Connectivity

• Detection of a mobile device attachment

– Based on mobile device's physical interface MAC address

– OF-enabled switch SDN domain controller: Packet-in message

• SDN device access control

– Authentication request: SDN Flow Manager candidate network SDN domain controller

– Security Manager MAC layer credential data

• Network authentication and IP address assignment

– Local SDN controller DHCP request IP address for physical mobile device interface

– Before assigning IP address interception for network authentication procedure

– Security Manager IP layer credential data

• Binding cache entry created at candidate network SDN domain controller

– Mobile device’s physical interface routable IP address

– Mobile device's physical interface MAC address

– First-hop OF-enabled switch’ s identifier

– Binding entry lifetime

• Binding cache entry forwarded to the MCN

SDN Network Attachment

Host-based Mobility – Tunnel Establishment• Virtual IP address assigned to VMI virtual interface

– Identifies the mobile device's VMI at the CN

– Remains constant independently of any IP readdressing of the mobile device's physical interfaces

• Tunneling mechanisms used to encapsulate VMI's applications generated packets

– Mapping virtual IP address to physical IP address

– Virtual IP address used as a source IP address

– Mobile device's physical interface IP stack hidden to the VMI's applications

– Tunnel-flow association

Applied overlay tunneling approach full decoupling of the real mobile device physical interfaces and the VMIs virtual interfaces

• Flow handover decision: PE Flow Manager SDN Flow Manager

• SDN Flow Manager tasks

– Selection of the physical tunnel

– Binding creation between the flow identifier FID and the tunnel identifier TID

– Creation and management of per-application flow entry in flow table

Per-application Flow Table

Flows switched seamlessly

between different physical access transport networks

without affecting any active TCP sessions

sourced by VMI's applications!

• Routable IP address assigned to physical interface

– IP address from mobile device’s network of the initial attachment (home domain)

• Several collaborating SDN domains

– at least one SDN domain controller per SDN domain

– network path between mobile devices SDN domain controller(s)

– communication between SDN domain controllers through east/westbound interface

– SDN domain controller no location information outside of its own controlled domain

• Mobility Control Node (MCN)

– keeps the current location information of mobile devices

– randevouz point when both mobile devices are moving concurrently

– supports inter-domain path computation between OF-MMT and CN

• Inter-domain route distribution

– traditional routing protocols, BGP and OSPF, may be leveraged and extended

SDN Network Connectivity Management

• Forwarding of flow packets in mobile device

– realized by the Open vSwitch kernel module

– follows the installed flow entry

– packets encapsulated in the selected tunnel

– sent through mobile device's physical interface towards the corresponding VMI in CN

• Forwarding of flow packets in the network

– packets transmitted through the network path

Data Transfer

• Context-aware per-flow mobility-enabled architecture involving novel network tools afforded by SDN/NFV technology

• SDN architecture complemented with a control middleware abstracting networking complexity, and providing a policy-based decision making system

• Policies taking into account context information, providing granular network access control, on a per-application basis

• Provisioning of mobility capabilities by using physical to virtual address encapsulation (tunneling)

– Mobility execution by a simple flow table entry update

• Proposed approach providing user and mobile device independence, from network and access technologies

Conclusions

Thank you!

Flowchart

General Open vSwitch Architecture