MobileNAT - Bell Labs€¦ · MobileNAT Network Architecture NAT Internet 10.0.1.5 10.0.1.x...

MobileNAT:A New Technique for Mobility

across Heterogeneous Address Spaces

Milind M. [email protected]

(Lucent Bell Labs)

Joint work with Adiseshu Hari, Kundan Singh, Scott Miller

AgendaMotivationArchitectureImplementationComparison with current approachesSummary

23-Sep-03 Milind Buddhikot 2

Current Trends

Heterogeneity• Access: 802.11, 3G• Large number of

providers• Address space

IPv4 vs IPv6Public vs Private

Explosive growth in connected devicesSeamless high performance roaming • Customer relationship

with one provider• One bill

Multi-radiocapable client

802.11Hotspot

airport.com

802.11Hotspotabc.net

WLANGateway

WLANGateway

AWSUMTS

GGSNPDSN

CINGULARGSM/GPRS

GGSN

VerizonCDMA2000

Internet


MobileNAT: A part of Project IOTA

http://www.bell-labs.com/~mbuddhikot/IOTAProject/IOTA.htm

MobileNAT : Basic Ideas


Basic Model

Three kinds of user sessions:• S1: Internet sessions• S2: Intra-domain sessions• S3: Inter-domain sessions

End nodes may offer services

Common case: PDAs, laptops, phones do not offer long lived internet services but access services on the net• Exception: VOIP

NATed domain can be a • Layer-3 routed domain or• Layer-2 switched domain

Private Addr a

Services(messaging, VoIP call)

Private Address SpaceNATed Domain

MN Mobility

PubAddr D

ANS1

Wired

MN

ANAddr A

MNWireless

ANAddr B Addr C

Wired

MN

Public Address SpaceRouted DomainCNN.com Internet

Public Addr A

MN2

S2MN3

S3


NATPublic Addr A

Goal

Private AddressSpace

Internet

NAT

802.11802.11 Ethernet

PDSN

NAT

RoutedIP Network

www.cnn.com

(1) (2)

(3)

(4)

(5)

Preserve sessions for1. inter access-point2. inter sub-net3. inter-NAT4. to 3G network5. to public networkMovement of end

devices

Access-point

Router

Router with NAT


Problem with IP address

IP address overloaded• Host identification• Routing information

TCP connection characterized by a 5-tuple <SA, DA, SP, DP, TCP>Change in IP address breaks TCP/socket connection

DA = d

TCP association

moves

NAT

SA=s DA=d

SP=a DP=b

SA=x DA=d

SP=a DP=b

SA=d DA=sSP=b DP=a

MN MN

CN


Using Two Addresses

Two IP addresses• Virtual IP (fixed host-id)• Actual IP (routable; changes)

Two types of IP addresses• Private: 192.168.*, 10.*,

172.16.*• Public

Four cases:• <Private Ap , Private Av> • <Private Ap , Public Av>• <Public Ap , Private Av>• <Public Ap , Public Av>

MN

CN

AN

Actual IP

Virtual IP

ApplicationSocket

TCP/UDPIP

Addr “Ap”

Shim Layer

Addr “Av”

Net IF

Ap = x

Av = a DASP DP


Intra-domain Mobility for Internet Sessions

MN maintains Av Ap1 ruleAN maintains Av , Ap1 AAN rule. May change SPWhen MN moves to a new subnet, rules need to be changed• MN: Av Ap2• AN: Av , Ap2 AAN

Ap, SP

AAN

New subnetDomain moved to

Mobile

Ap1, SP

Ap2, SP

CNN

AN Internet

SHIM Layer

App

Socket

TCPIP

Av , SP

NetIF

OLD Flow

<AAN ,CNN, SP, 80>

<CNN, Av , 80, SP>NEW Flow


Mapping Rules for Four Cases

Policy P1: Expose MN’s Av if possiblePolicy P2: Never expose Av

Case I: <Private Ap , Private Av> • P1: Ap AAN

• P2: Ap AAN

Case II: <Private Ap , Public Av> • P1: Ap Av

• P2: Ap AAN

Case III: <Public Ap , Private Av> • P1: Ap AAN

• P2: Ap AAN

Case IV: <Public Ap , Public Av> • P1: Ap Av

• P2: Ap AAN


Packet forwarding mechanisms:tunneling or translation

CNN

<Av , Ap2 >

moves

AvCNNAp2AN

ANCNN

<Av , Ap1 >

MN MN

CN

AN

moves

ANCNN

CNN

AvCNN

<Av , Ap1 >

MN MN

CN

AN

<Av , Ap2 >

AvCNNAp1AN

TranslationTunneling

Tunneling involves less processing overhead but higher header overhead• Ex: 8Kbps codec with 20ms packetization 20B payload, 12B RTP, 8B UDP, 20B

IP 60B in translate mode vs. 80B in tunnel mode

Translate mode better for bandwidth constrained linksTunnel mode simpler to implement as most OS support IP-in-IP tunnels


Intra-domain mobility for Intra-domain Sessions

All virtual addresses configured to be routed to ANCN has Av,CN configured in DNSAN applies DNAT rule: Av,CN Ap,CN and SNAT: Ap,MN Av,MN

Av1 = 10.128.0.2Ap1= 10.0.1.5

MN

Ap =10.0.4.9Av =10.128.0.5

1

CN

2

Moves

Av1 = 10.128.0.2Ap2 = 10.0.2.7

MN

4

3 AN


Inter-domain mobility

Mobility manager of visited NAT fetches the existing connection mapping from mobility manager of the home NATIf MN moves to public address space, Shim layer acts as visited NATDynamic home agent: use visited NAT as home NAT for new sessionTunneling between visited and home NAT

Home NATCN

Internet

Visited NAT

MN

MN

moves


MobileNAT Network Architecture

NAT

Internet

10.0.1.5

10.0.1.x 10.0.2.x

New network element Mobility Manager (MM)DHCP server and relays• Change of address signifies

need to change NAT rules• Change conveyed to MM

MM employs MIDCOM to control NAT rules

relay relay

relay

DHCP server

Mobility manager

Change of leaseNAT rules

MobileNAT Implementation


Implementation: Client (Win XP/2000)

Shim-layer driver to capture DHCP packets and translate IP addressesMobileNAT client application acting as DHCP client and serverHandles ARP for nodes in other sub-nets

Application

Socket

TCP/UDP

IP

Addr “A”

Shim Layer

Addr “V”

Net IF

MobileNATClient

Server Client

10.128.0.2 /255.0.0.0

10.0.1.5 /255.255.255.0

MobileNATClient

MobileIP Client

Network and interface selector

DHCP server -client

Unified mobility client (on-going work)


Mobility Client Architecture

Software runs on Windows 2000/XP operating systemApproximately 45,000 lines of code, 13,000 of which are Windows NDIS kernel networking code

New code developed,Specifically for3G-802.11 integration

VPN/IPSec integration(e.g. Lucent IPSecClient)

Interaction withExisting WindowsOS modules

TCP/IP Protocol Stack

Virtual MobileIPAdaptor

VPN/IPSecControl

OS

PPP Support

Graphical User Interface & Monitoring

Ethernet

MIP State Machine

Interface Abstraction Layer/API

Network Detection

Network Selection

MobileNATClient

802.11 PPPCDMA2000

Sierra 3G1xRTT

VPN/IPSec Client Driver

Multi-interface Mobility Client Driver

EthernetInterface

802.11Interface

PPP Interface

IS-835 Shim

Serial Driver

AT Com

mand Set

User Level

OS K

ernel Level


Implementation: DHCP server and NAT (Linux)

DHCP server

PRE-ROUTINGDestination NAT

POST-ROUTINGSource NAT

NAT connectiontrackingVirtual IP range

Actual IP range

DHCP server to allocate virtual and actual IPActual IP is based on subnet of DHCP relay agentMM is integrated into DHCP serverNAT using netfilter, iptables, ip_conntrack and ip_nat modules

Comparison to Existing Mobility Scheme


Similarities/Differences with current proposals

Translation mode vs. tunneling• Packet size vs processing overhead• Two addresses per MN; can afford since private addresses• No external FA needed

Co-located mode MIP uses two public IP addresses! Wasteful

Signaling• Using DHCP (new options) and a per-domain Mobility Manager (MM)

Even more lightweight signaling possible

Routing path• No change in routers or CN; but change in MN, NAT and DHCP server• Dynamic home agent (I.e., the NAT)


Comparison to existing schemes

Schemes considered in following chartMobile IP• Extensions: Location Register (MIP-LR), Route Optimization (MIP-RO)

Micro-mobility schemes Cellular IPHawaiiIntra-Domain Mobility Protocol (IDMP)Hierarchical Mobile IP (HMIP)

IPv6• Fast handoff

Application level mobility mechanism• SIP

Virtual NAT• Similar address translation in the client stack• Targeted for connection/process migration where both end-points

implements vNAT


Comparison chart

N

IN

IN

N

Y

Y

Y

virtual

N

N

N

N

Virtual NAT

N

-

IN

-

Y

Y

Y

-

-

-

Y

-

MIP RO

N/YNNNYYYYYTriangular route

YY--YYYNYNon-mobile IP nodes

YINYINYYYYY1NAT support

NO--FAFAYYFARouter modify?

YY-YYYYYYMN modify?

OO--YYNN-Intra-tunnel

N

DHCP/MM

CoA

UD

O

N

Mobile NAT

N

Y

HA

Y

O

Y

IPv6

-

Y

SIPN

N

N

SIP

Y

Y

-

-

N

-

MIP LR

NNNNNCN modify?

YYYDataYsignaling

LCoACoACoAHAHAHost ID

YYYYOPaging

YYYYYInter-tunnel

YYYNYMIP messaging

IDMP TeleMIP

HMIP (RR)

HawaiiCIPMIP

Y: yes N: no - :N/A O: optional IN:independent UD: Under Development1: We assume Mobile IP with UDP tunneling for NAT


Mobile NAT Advantages

Problems in existing approaches• Huge infrastructure change (CIP, IPv6, routers, even deploying FA)• Not much discussion on optimizing intra-domain sessions• Require tunneling overhead, inter, intra or both• Triangular routing even in common case• Modification in CN

MobileNAT approach• Addresses rapid growth in end-devices, which most likely will have private

addresses due to slow deployment of IPv6• Assume the presence of NA(P)T in a domain

Roaming and services across heterogeneous address spacesReduce problem space to only private address space

• Choice between tunneling and address translationAddresses bandwidth limitations of wireless links

• Use existing protocols (DHCP, ICMP) for signaling• Discourage changing routing infrastructure• Can co-exist with MobileIP


Summary

New technique called MobileNAT for Intra- and Inter-domain mobility • Virtual IP for host identification; actual IP for routing• Address translation in client as well as in NAT• Existing protocols like DHCP for signaling• Mobility manager to handle nodes in a domain• NAT acts as a dynamic home agent • Inter-NAT packet flow for inter-domain mobility

No change in routers or no need for FA• Change In MN, NAT and DHCP server

Demonstrated a inter-subnet mobility through a complete implementation


On-going work

Scalability:• Subdivide domains into smaller NAT-ed domains• Multiple NATs per domain

Security• DHCP authentication and Access-point authentication/encryption• Works with IP-sec (AH mode and UDP tunnel) and SSL

Paging: • Re-use of existing IP-multicast based paging

Possible deployment issues• Changing every MN driver (similar to Mobile IP)• Mobility to 3G network• Location information distribution• Allow incremental deployment

Other issues• Does not solve NAT problems where application layer message uses IP address

(FTP, SIP, RTSP)• Fast hand-off for micro-mobility• Intra-domain sessions on inter-domain mobility• Combined MobileIP and MobileNAT client

Backup

Packet Flow Example


Example

Address assignmentPacket flow when MN is private and CN is publicMN moves to a new subnetPacket flow after mobility to a new subnetPacket flow when MN and CN are in the same NAT domainPacket flow when MN is private and CN is public and MN moves to new NAT domain


Address assignment

NAT

Internet

DHCP server

DHCP request(my virtual IP = 0.0.0.0)(my Mac address)

DHCP response(your virtual IP = 10.128.0.2)(your actual IP = 10.0.1.5)

DHCP server

Mobility manager

NAT


Packet flow

NAT picks up an external IP and port

NAT

(1)

(2) (3)

135.180.32.4:708810.0.1.5:1756

CN

Internet

Application

Socket

TCP/UDP

IP

Addr “A”

SHIM LayerAddr “V”

Net IF

10.0.1.5:1756

10.128.0.2:1756

10.128.0.2128.59.16.1491756 80

10.0.1.5128.59.16.1491756 80

135.180.32.4128.59.16.1497088 80

128.59.16.14910.128.0.280 1756

128.59.16.14910.0.1.580 1756

128.59.16.149135.180.32.480 7088

Shim

Shim NAT

NAT


Inter-subnet mobility

NAT

CN

Internet

DHCP server

DHCP request(my virtual IP = 10.128.0.2)(my Mac address)

DHCP response(your virtual IP = 10.128.0.2)(your actual IP = 10.0.2.7)

DHCP server

Mobility manager

10.0.1.x

10.0.2.x

S:10.0.1.5:1756 D:128.59.16.149:80S:135.180.32.4:7088 D:same

change

10.0.2.7

NAT rules


Packet flow after the node moves

MN application or CN do not know about change in actual IP

NAT

(1)

(2)

(3)

135.180.32.4:708810.0.2.7:1756

CN

Internet

10.128.0.2128.59.16.1491756 80

Application

Socket

TCP/UDP

IP

Addr “A”

SHIM LayerAddr “V”

Net IF

10.0.2.7128.59.16.1491756 80

135.180.32.4128.59.16.1497088 80

128.59.16.14910.128.0.280 1756

128.59.16.14910.0.2.780 1756

128.59.16.149135.180.32.480 7088

Shim

Shim NAT

NAT


Using Two addresses

Two IP addresses• Virtual IP (fixed host-id)• Actual IP (routable; changes)

Actual IP

Virtual IP

ApplicationSocket

TCP/UDPIP

Addr “Ap”

Shim Layer

Addr “Av”

Net IF

128.59.16.149

movesMN MN

CN

Ap = x

Av = a DASP DP

Av = a DASP DP

Ap = y

Av = a DASP DP

AN


Details of the NAT Domain

NATed domain can be a • layer-3 routed domain or• Layer-2 switched domain

Kinds of mobilityIntra-domain

• Layer-2 within same subnet• Layer-3 across subnets

Inter-domain• Layer-3 mobility across adjacent

domains

MN

NAT

Router

NATed Domain

Router

AP AP AP

Router

AP AP AP

Router

AP AP AP

Stub Domain

Public Addr A


Address allocation using DHCP

Virtual and actual IP allocated using DHCPNew DHCP options• MN sends current virtual IP

address (or 0.0.0.0 if none) in the request

• Server sends the allocated actual and virtual IP addresses in the response

• Actual IP is allocated based on relay agent IP

10.0.1.5

10.0.1.x

DHCP server

DHCP relay agent

10.0.2.9

10.0.2.x

10.0.2.2


Overview of NA(P)T

NATPublic Addr135.180.32.1-7

Private Address Space(10.0.0.0-10.255.255.255)

Internet

128.59.16.149

CN

10.0.1.5

10.0.1.x 10.0.2.x

10.0.7.x

Packet processing rules need to be changed in the event of mobility

10.0.1.5128.59.16.1491756 80

135.180.32.4128.59.16.1497088 80

out

In-1

Packet processing rule


Intra-domain sessions

Optimization: new signaling message between two MobileNAT clients to route the packets directly

NAT

V=10.128.0.2A=10.0.1.5

A=10.0.4.9

MN

CN

V=10.128.0.2A=10.0.2.7

MNMoves


Multi-interface Mobility Client Software

Unique client software not available today on the marketSeamless intra- and inter- technology handoffs using MobileIP, MobileNATManagement of multiple physical interfaces (802.11, 3G/PPP, Ethernet, GPRS)Automated network selection algorithm based on priority, signal strength, and preferred network listMobile VPN capability: IPSec over MobileIP, MobileNAT

MobileNAT - Bell Labs€¦ · MobileNAT Network Architecture NAT Internet 10.0.1.5 10.0.1.x...

Documents

Transcript of MobileNAT - Bell Labs€¦ · MobileNAT Network Architecture NAT Internet 10.0.1.5 10.0.1.x...