Support for
Network-based
User Mobility with LISP
ANDREA GALVANI
S U P E R VISO R
PR O F. F U LVI O R I S S O
ACA D E MI C...
Wi-Fi Mobility

Users switching between Wi-Fi networks
(Handover)
Scenario

A user is doing a VoIP call,
or exchanging a file, ...
Scenario

The user decides to change Wi-Fi network
The connection is dropped and has to be reinitialized
Scenario

The user decides to change Wi-Fi network
The connection is dropped and has to be reinitialized
Problem
A TCP connection is represented by a
4-tuple:
<source IP, source Port, destination IP, destination port>

When th...
“Network-based”
Host-based: additional software needs to be
installed on the user’s host

Network-based:
No modifications...
Goals
Connection continuity when roaming across
Wi-Fi networks
Users’ devices use standard TCP/IP stack
Network compone...
State of the art
IETF standards

•Mobile IP v4 / v6
•Proxy Mobile IP v6
Adopted in 3G networks
...No standards for Wi-Fi n...
IP address constraint
The IP address represents two properties at the
same time
• User’s identity
• User’s location

User’...
LISP
Locator/ID Separation Protocol

Loc/ID split
• One address space for user’s identity
(EID – Endpoint IDentifier)

• ...
LISP overview
• xTR (Edge Router)

RLOC: 130.1.1.3

• Subnetwork with EID-prefix
• Users in the network are
given an EID f...
LISP in a nutshell
RLOC: 130.1.1.3

IP

ping

RLOC: 150.1.1.5

2

10.1.1.1 → 10.1.2.3

ICMP

Internet

1
3
Map-Reply
10.1....
LISP in a nutshell
RLOC: 130.1.1.3

Internet

RLOC: 150.1.1.5

4
IP

10.1.1.1 → 10.1.2.3

ICMP

ping

IP
UDP

4341 -> 4341...
Idea
130.1.1.3
User’s mapping
10.1.1.1 – 130.1.1.3
10.1.1.1

150.1.1.5
10.1.2.3
Idea
130.1.1.3

10.1.1.1

150.1.1.5
User’s mapping
10.1.1.1 – 150.1.1.5

10.1.2.3

Update user’s RLOC when he moves
 Esta...
Solution Design – LISP-ROAM
A solution to be implemented by Internet
Service Providers
New mobility service
Full trust a...
Five Steps
Everytime a user connects to a network...
1.

User authentication

2.

User’s EID retrieval

3.

User’s local c...
1. User authentication
Username
alice

***

bob

RADIUS

Password
***

RADIUS
Server

We need to keep track of the user w...
2. User’s EID retrieval
Access-Request
alice, ***
2
3

Access-Accept
EID = 10.1.2.121

alice@domainA.com
***

1

domainA.c...
3. User’s local configuration
• If the user is in his
home network
He’s part of the EIDprefix
10.1.1.169

EID-prefix:
10....
3. User’s local configuration
• If the user is in his home
network

10.1.2.122

He’s part of the EID-prefix

• If the use...
User’s home Map-Server
One Map-Server per
domain
All Map-Servers form a
Distributed Mapping
System

Home Map-Server
of d...
4. User’s home Map-Server
When a foreign user connects to a network
the xTR has to retrieve user’s home Map-Server’s...

1...
4. User’s home Map-Server address
EID

RLOC

10.1.2.0/24

80.8.8.1
80.8.8.1

3

80.8.8.5

Map-Reply

Map-Request
10.1.2.12...
4. User’s home Map-Server key
Username

Password

EID

Map-Server key

alice

***

10.1.2.121

«secret»

bob

***

10.1.2....
5. User’s location update
EID

RLOC

10.1.2.0/24

Map-Register
10.1.2.121 – 130.1.1.3
Authenticated

80.8.8.1

10.1.2.121/...
Update correspondent nodes
3

LISP Map-Server / Map-Resolver
4

4
Map-Request
/ Map-Reply
for 10.1.2.121

1
5

6

10.1.2.1...
Test bed
«LISP-B»

«LISP-A»

10.1.2.121

alice@domainB.com

EID-prefix:
10.1.1.0 /24

domainA.com
FOREIGN

10.1.2.121

EID...
Handover test
Latency / Packet loss
1. User home / foreign
•

User connects to his home / a foreign network

2. User known...
Results – User unknown
Results – User known
...other proposals
No full trust between ISPs
ISPs don’t share Map-Servers’ key

No fixed EID for user

LISP-MAC
LISP...
LISP-MAC
•User assigned to a specific xTR of the domain
Home xTR

•MAC Mapping System
MAChost – IPHomexTR

•When a user ...
EID

RLOC

10.1.2.0/24

LISP-MAC

80.8.8.1

Map-Register
10.1.2.121 – 130.1.1.3
Authenticated

10.1.2.121/32 130.1.1.3
MAC...
LISP-RADIUS
• User assigned to a specific xTR of the domain
Home xTR

• When a user connects to a foreign network
Dialog...
EID

RLOC

10.1.2.0/24

LISP-RADIUS

80.8.8.1

10.1.2.121/32 130.1.1.3
Username

Password

IPhomexTR

alice

***

80.8.8.1...
Conclusions
LISP-ROAM actually achieves connection continuity
in user mobility
It can be considered a suitable solution ...
Video demo
Mobile host switching between Wi-Fi networks,
while communicating with Correspondent Node
(ping / TCP)
Thanks for your attention
bit.ly/lisp-roam
Andrea Galvani
and.galva@gmail.com
Upcoming SlideShare
Loading in …5
×

Support for Network-based User Mobility with LISP

607 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
607
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Support for Network-based User Mobility with LISP

  1. 1. Support for Network-based User Mobility with LISP ANDREA GALVANI S U P E R VISO R PR O F. F U LVI O R I S S O ACA D E MI C T U TO R S P R O F. A L B E R T CA B E L LO S -A PA R ICIO M.S. A L B E R TO R ODR IG UEZ -NATAL
  2. 2. Wi-Fi Mobility Users switching between Wi-Fi networks (Handover)
  3. 3. Scenario A user is doing a VoIP call, or exchanging a file, ...
  4. 4. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
  5. 5. Scenario The user decides to change Wi-Fi network The connection is dropped and has to be reinitialized
  6. 6. Problem A TCP connection is represented by a 4-tuple: <source IP, source Port, destination IP, destination port> When the user moves, his IP changes The TCP connection is released
  7. 7. “Network-based” Host-based: additional software needs to be installed on the user’s host Network-based: No modifications to users’ devices required The network components take care of the mobile hosts’ mobility
  8. 8. Goals Connection continuity when roaming across Wi-Fi networks Users’ devices use standard TCP/IP stack Network components are in charge of managing users’ mobility Minimize modifications to other components Keep a high level of abstraction for future developments
  9. 9. State of the art IETF standards •Mobile IP v4 / v6 •Proxy Mobile IP v6 Adopted in 3G networks ...No standards for Wi-Fi networks
  10. 10. IP address constraint The IP address represents two properties at the same time • User’s identity • User’s location User’s location changes → User’s IP changes
  11. 11. LISP Locator/ID Separation Protocol Loc/ID split • One address space for user’s identity (EID – Endpoint IDentifier) • One address space for user’s location (RLOC – Routing LOCator) User’s location changes → User’s RLOC changes
  12. 12. LISP overview • xTR (Edge Router) RLOC: 130.1.1.3 • Subnetwork with EID-prefix • Users in the network are given an EID from the prefix • A Map-Server is used for storing mappings • A Map-Resolver for retrieving mappings EID – RLOC 10.1.1.0/24 – 130.1.1.3 EID: 10.1.1.7 EID-prefix: 10.1.1.0 /24
  13. 13. LISP in a nutshell RLOC: 130.1.1.3 IP ping RLOC: 150.1.1.5 2 10.1.1.1 → 10.1.2.3 ICMP Internet 1 3 Map-Reply 10.1.2.3 – 150.1.1.5 EID: 10.1.1.1 EID-prefix: 10.1.1.0 /24 EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
  14. 14. LISP in a nutshell RLOC: 130.1.1.3 Internet RLOC: 150.1.1.5 4 IP 10.1.1.1 → 10.1.2.3 ICMP ping IP UDP 4341 -> 4341 LISP ICMP EID-prefix: 10.1.1.0 /24 10.1.1.1 → 10.1.2.3 ICMP ping (Data) IP EID: 10.1.1.1 IP 130.1.1.3 → 150.1.1.5 5 10.1.1.1 → 10.1.2.3 ping  RLOC: global scope  EID: local scope EID: 10.1.2.3 EID-prefix: 10.1.2.0 /24
  15. 15. Idea 130.1.1.3 User’s mapping 10.1.1.1 – 130.1.1.3 10.1.1.1 150.1.1.5 10.1.2.3
  16. 16. Idea 130.1.1.3 10.1.1.1 150.1.1.5 User’s mapping 10.1.1.1 – 150.1.1.5 10.1.2.3 Update user’s RLOC when he moves  Establish TCP connections using EIDs
  17. 17. Solution Design – LISP-ROAM A solution to be implemented by Internet Service Providers New mobility service Full trust agreement Possibility to roam across every network User is assigned a fixed EID
  18. 18. Five Steps Everytime a user connects to a network... 1. User authentication 2. User’s EID retrieval 3. User’s local configuration 4. User’s home Map-Server retrieval 5. User’s location update
  19. 19. 1. User authentication Username alice *** bob RADIUS Password *** RADIUS Server We need to keep track of the user while he moves alice@domainA.com *** EAP 802.1x standard xTR checks credentials with RADIUS domainA.com RADIUS Server stores users’ credentials
  20. 20. 2. User’s EID retrieval Access-Request alice, *** 2 3 Access-Accept EID = 10.1.2.121 alice@domainA.com *** 1 domainA.com Username Password EID alice *** 10.1.2.121 bob *** 10.1.2.137 The RADIUS Server can store multiple attributes It’s possible to store user’s EID The RADIUS Server returns the EID embedded in the Access-Accept
  21. 21. 3. User’s local configuration • If the user is in his home network He’s part of the EIDprefix 10.1.1.169 EID-prefix: 10.1.1.0 /24
  22. 22. 3. User’s local configuration • If the user is in his home network 10.1.2.122 He’s part of the EID-prefix • If the user is foreign A local virtual interface is created The xTR is the default gateway for the user 10.1.2.121 EID-prefix: 10.1.2.120 /30 EID-prefix: 10.1.1.0 /24
  23. 23. User’s home Map-Server One Map-Server per domain All Map-Servers form a Distributed Mapping System Home Map-Server of domain A Map-Register 10.3.3.0/24 – 130.1.1.3 Authenticated 130.1.1.1 130.1.1.3 Home Map-Server Home domain’s Map-Server  Every xTR knows the key related to its EID-prefix EID-prefix: 10.1.1.0 /24 EID-prefix: 10.3.3.0 /24 domainA.com
  24. 24. 4. User’s home Map-Server When a foreign user connects to a network the xTR has to retrieve user’s home Map-Server’s... 1. Address  Can be done using the LISP infrastructure ...or through other systems (DNS) 2. Key  ...use RADIUS attributes
  25. 25. 4. User’s home Map-Server address EID RLOC 10.1.2.0/24 80.8.8.1 80.8.8.1 3 80.8.8.5 Map-Reply Map-Request 10.1.2.121 2 130.1.1.3 80.8.8.5 → 130.1.1.3 IP UDP 4342 → 4342 1 10.1.2.121 – 80.8.8.1 alice@domainA.com *** Map-Server’s IP = 10.1.2.121 EID-prefix: outer source IP 10.1.1.0 /24 LISP EID-prefix: 10.1.2.0 /24 domainA.com domainB.com
  26. 26. 4. User’s home Map-Server key Username Password EID Map-Server key alice *** 10.1.2.121 «secret» bob *** 10.1.2.137 «secret» 2 3 Access-Accept EID = 10.1.2.121 Key = «secret» 1 domainA.com Home Map-Server’s key returned with Access-Accept
  27. 27. 5. User’s location update EID RLOC 10.1.2.0/24 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 80.8.8.1 10.1.2.121/32 130.1.1.3 80.8.8.1 10.1.1.0/24 130.1.1.3 alice EID 10.1.2.121 MS address 80.8.8.5 MS key domainA.com RLOC 130.1.1.3 80.8.8.5 Username EID-prefix: 10.1.2.0 /24 EID «secret» alice@domainA.com *** EID-prefix: 10.1.1.0 /24 domainB.com
  28. 28. Update correspondent nodes 3 LISP Map-Server / Map-Resolver 4 4 Map-Request / Map-Reply for 10.1.2.121 1 5 6 10.1.2.121 7 10.1.2.121 2 Correspondent node
  29. 29. Test bed «LISP-B» «LISP-A» 10.1.2.121 alice@domainB.com EID-prefix: 10.1.1.0 /24 domainA.com FOREIGN 10.1.2.121 EID-prefix: 10.1.2.0 /24 10.1.3.165 domainB.com HOME
  30. 30. Handover test Latency / Packet loss 1. User home / foreign • User connects to his home / a foreign network 2. User known / unknown • User has connected before to the network
  31. 31. Results – User unknown
  32. 32. Results – User known
  33. 33. ...other proposals No full trust between ISPs ISPs don’t share Map-Servers’ key No fixed EID for user LISP-MAC LISP-RADIUS
  34. 34. LISP-MAC •User assigned to a specific xTR of the domain Home xTR •MAC Mapping System MAChost – IPHomexTR •When a user connects to a foreign network Dialogue between foreign and home xTR
  35. 35. EID RLOC 10.1.2.0/24 LISP-MAC 80.8.8.1 Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 10.1.2.121/32 130.1.1.3 MAC IPhomexTR MAChost 80.8.8.1 80.8.8.1 6 DHCP Request / ACK 4 EID RLOC 10.1.1.0/24 130.1.1.3 2 Map-Request MAChost Map-Reply MAChost - 80.8.8.1 130.1.1.3 3 5 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify 6 1 DHCP Request MAChost DHCP ACK 10.1.2.121 EID-prefix: 10.1.1.0 /24 domainB.com
  36. 36. LISP-RADIUS • User assigned to a specific xTR of the domain Home xTR • When a user connects to a foreign network Dialogue between foreign and home xTR •802.1x dialogue  User authentication  IPHomexTR
  37. 37. EID RLOC 10.1.2.0/24 LISP-RADIUS 80.8.8.1 10.1.2.121/32 130.1.1.3 Username Password IPhomexTR alice *** 80.8.8.1 bob *** EID Map-Register 10.1.2.121 – 130.1.1.3 Authenticated 7 80.8.8.1 80.8.8.1 DHCP Request / ACK RLOC 10.1.1.0/24 130.1.1.3 Access-Request 2 alice@domainA.com *** 3 Access-Accept IPhomexTR = 80.8.8.1 130.1.1.3 5 6 MAC EID MAChost 10.1.2.121 EID-prefix: 10.1.2.0 /24 domainA.com Map-Register / Map-Notify EAP dialogue 1 alice@domainA.com *** DHCP Request 4 MAChost EID-prefix: 10.1.1.0 /24 7 DHCP ACK 10.1.2.121 domainB.com
  38. 38. Conclusions LISP-ROAM actually achieves connection continuity in user mobility It can be considered a suitable solution for realistic scenarios (buildings, campuses, ...) The solution has been tested in a small scope but can be considered being implemented in wider scenarios (ISP level) The assumptions made allow future extension / interoperability with 3G operators
  39. 39. Video demo Mobile host switching between Wi-Fi networks, while communicating with Correspondent Node (ping / TCP)
  40. 40. Thanks for your attention bit.ly/lisp-roam Andrea Galvani and.galva@gmail.com

×