Chapter 8 MOBILE IP AND TCP

Distributed Computing Group

Mobile Computing Summer 2002

Overview
Network Protocols / Mobile IP
Motivation Data transfer Encapsulation Problems DHCP

Mobile Transport Layer / TCP

Motivation Various TCP mechanisms

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/2

Motivation for Mobile IP

Routing
based on IP destination address, network prefix (e.g. 129.132.13) determines physical subnet change of physical subnet implies change of IP address to have a topological correct address (standard IP) or needs special entries in the routing tables

Changing the IP-address?

adjust the host IP address depending on the current location almost impossible to find a mobile system, DNS updates are too slow TCP connections break security problems

Change/Add routing table entries for mobile hosts?

worldwide! does not scale with the number of mobile hosts and frequent changes in their location
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/3

Requirements to Mobile IP (RFC 2002)

Compatibility
support of the same layer 2 protocols as IP no changes to current end-systems and routers required mobile end-systems can communicate with fixed systems

Transparency
mobile end-systems keep their IP address continuation of communication after interruption of link possible point of connection to the fixed network can be changed

Efficiency and scalability

only little additional messages to the mobile system required (connection typically via a low bandwidth radio link) world-wide support of a large number of mobile systems

Security
authentication of all registration messages
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/4

Example network
HA MN
router home network (physical home network for the MN) router (current physical network for the MN) Internet mobile end-system

FA foreign
network

CN
end-system
Distributed Computing Group

router
MOBILE COMPUTING R. Wattenhofer 8/5

Data transfer to the mobile system

HA

MN

home network Internet

3
FA

receiver foreign network

CN
sender

1. Sender sends to the IP address of MN, HA intercepts packet (proxy ARP) 2. HA tunnels packet to COA, here FA, by encapsulation 3. FA forwards the packet to the MN
MOBILE COMPUTING R. Wattenhofer 8/6

Distributed Computing Group

Data transfer from the mobile system

HA

MN

home network Internet

sender

FA

foreign network

CN
receiver
Distributed Computing Group

1. Sender sends to the IP address of the receiver as usual, FA works as default router

MOBILE COMPUTING

R. Wattenhofer

8/7

Terminology
Mobile Node (MN)
system (node) that can change the point of connection to the network without changing its IP address

Home Agent (HA)

system in the home network of the MN, typically a router registers the location of the MN, tunnels IP datagrams to the COA

Foreign Agent (FA)

system in the current foreign network of the MN, typically a router typically the default router for the MN

Care-of Address (COA)

address of the current tunnel end-point for the MN (at FA or MN) actual location of the MN from an IP point of view can be chosen, e.g., via DHCP

Correspondent Node (CN)

Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/8

Overview
COA home network router HA Internet router FA MN foreign network

CN

router

home network

router HA

2.

router FA

3. MN 4. foreign network

Internet

1. CN router

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/9

Network integration
Agent Advertisement
HA and FA periodically send advertisement messages into their physical subnets MN listens to these messages and detects, if it is in the home or a foreign network (standard case for home network) MN reads a COA from the FA advertisement messages

Registration (always limited lifetime!)

MN signals COA to the HA via the FA, HA acknowledges via FA to MN these actions have to be secured by authentication

Advertisement
HA advertises the IP address of the MN (as for fixed systems), i.e. standard routing information routers adjust their entries, these are stable for a longer time (HA responsible for a MN over a longer period of time) packets to the MN are sent to the HA, independent of changes in COA/FA
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/10

Agent advertisement

7 8

15 16

type #addresses

code addr. size router address 1 preference level 1 router address 2 preference level 2 ...

23 24 checksum lifetime

31

type length registration lifetime

sequence number R B H F M G V reserved COA 1 COA 2 ...

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/11

Registration
COA @ FA:
MN re FA gist requ ration es
t regi s requ tration est tion stra regi y repl

HA

COA @ MN:
MN re HA gist requ ration es
t tion stra regi y repl

tion stra regi y repl

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/12

Mobile IP registration request

0 type

7 8

15 16 S B DMG V rsv home address home agent COA identification extensions . . .

23 24 lifetime

31

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/13

Tunneling and Encapsulation

original IP header

original data

new IP header outer header

new data inner header original data

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/14

IP-in-IP Encapsulation
Mandatory in RFC 2003 tunnel between HA and COA

ver.

IHL TOS length IP identification flags fragment offset TTL IP-in-IP IP checksum IP address of HA Care-of address COA ver. IHL TOS length IP identification flags fragment offset TTL lay. 4 prot. IP checksum IP address of CN IP address of MN TCP/UDP/ ... payload

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/15

Minimal Encapsulation
optional avoids repetition of identical fields such as TTL, IHL, version, TOS only applicable for unfragmented packets, no space left for fragment identification
IHL TOS length IP identification flags fragment offset TTL min. encap. IP checksum IP address of HA care-of address COA lay. 4 protoc. S reserved IP checksum IP address of MN IP address of CN (only if S=1) TCP/UDP/ ... payload ver.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/16

Generic Routing Encapsulation

original header outer header GRE header original header new data original data

original data

new header IHL TOS length IP identification flags fragment offset TTL GRE IP checksum IP address of HA Care-of address COA CR K S s rec. rsv. ver. protocol checksum (optional) offset (optional) key (optional) sequence number (optional) routing (optional) ver. IHL TOS length IP identification flags fragment offset TTL lay. 4 prot. IP checksum IP address of CN IP address of MN TCP/UDP/ ... payload ver.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/17

Optimization of packet forwarding

Triangular Routing
sender sends all packets via HA to MN higher latency and network load

Solutions
sender learns the current location of MN direct tunneling to this location HA informs a sender about the location of MN big security problems

Change of FA
packets on-the-fly during the change can be lost new FA informs old FA to avoid packet loss, old FA now forwards remaining packets to new FA this information also enables the old FA to release resources for the MN

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/18

Change of foreign agent

CN request update ACK data data registration update ACK data warning update ACK data data t MN changes location HA FAold FAnew MN

registration

data

data

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/19

Data transfer from the mobile system

HA

MN

home network Internet

sender

FA

foreign network

CN
receiver
Distributed Computing Group

Problems: Firewall at CN TTL Multicast

MOBILE COMPUTING R. Wattenhofer 8/20

Reverse tunneling (RFC 2344)

HA

MN

home network Internet

sender

FA foreign
network

CN
receiver

1. MN sends to FA 2. FA tunnels packets to HA by encapsulation 3. HA forwards the packet to the receiver (standard case)

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/21

Mobile IP with reverse tunneling

Router accept often only topologically correct addresses (firewall!)
a packet from the MN encapsulated by the FA is now topologically correct furthermore multicast and TTL problems solved (TTL in the home network correct, but MN is too far away from the receiver)

Reverse tunneling does not solve

problems with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking) optimization of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular routing)

Reverse tunneling is backwards compatible

the extensions can be implemented easily and cooperate with current implementations without these extensions

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/22

Mobile IP and IPv6

Mobile IP was developed for IPv4, but IPv6 simplifies the protocols
security is integrated and not an add-on, authentication of registration is included COA can be assigned via auto-configuration (DHCPv6 is one candidate), every node has address auto-configuration no need for a separate FA, all routers perform router advertisement which can be used instead of the special agent advertisement MN can signal a sender directly the COA, sending via HA not needed in this case (automatic path optimization) soft hand-over, i.e. without packet loss, between two subnets is supported
MN sends the new COA to its old router the old router encapsulates all incoming packets for the MN and forwards them to the new COA authentication is always granted

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/23

DHCP: Dynamic Host Configuration Protocol

Application
simplification of installation and maintenance of networked computers supplies systems with all necessary information, such as IP address, DNS server address, domain name, subnet mask, default router etc. enables automatic integration of systems into an Intranet or the Internet, can be used to acquire a COA for Mobile IP

Client/Server-Model
the client sends via a MAC broadcast a request to the DHCP server (might be via a DHCP relay)
DHCPDISCOVER DHCPDISCOVER server client relay client

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/24

DHCP - protocol mechanisms

server (not selected) determine the configuration client initialization DHCPDISCOVER DHCPDISCOVER server (selected) determine the configuration

DHCPOFFER DHCPOFFER collection of replies

time

selection of configuration DHCPREQUEST (reject) DHCPREQUEST (options) DHCPACK initialization completed release DHCPRELEASE confirmation of configuration

delete context

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/25

DHCP characteristics
Server
several servers can be configured for DHCP, coordination not yet standardized (i.e., manual configuration)

Renewal of configurations
IP addresses have to be requested periodically, simplified protocol

Options
available for routers, subnet mask, NTP (network time protocol) timeserver, SLP (service location protocol) directory, DNS (domain name system)

Security problems
no authentication of DHCP information specified

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/26

TCP Overview
Transport control protocols typically designed for
Fixed end-systems in wired networks

Research activities
Performance Congestion control Efficient retransmissions

TCP congestion control

packet loss in fixed networks typically due to (temporary) overload situations router have to discard packets as soon as the buffers are full TCP recognizes congestion only indirectly via missing acknowledgements, retransmissions unwise, they would only contribute to the congestion and make it even worse

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/27

TCP slow-start
sender calculates a congestion window for a receiver start with a congestion window size equal to one segment exponential increase* of the congestion window up to the congestion threshold, then linear increase missing acknowledgement causes the reduction of the congestion threshold to one half of the current congestion window congestion window starts again with one segment

*slow-start vs. exponential increase: window is increased by one for each acknowledgement, that is, 1 2 4 8 In other words, the slow-start mechanism is rather a quick-start.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/28

TCP fast retransmit/fast recovery

TCP sends an acknowledgement only after receiving a packet If a sender receives several acknowledgements for the same packet, this is due to a gap in received packets at the receiver Sender can retransmit missing packets (fast retransmit) Also, the receiver got all packets up to the gap and is actually receiving packets Therefore, packet loss is not due to congestion, continue with current congestion window (fast recovery) In the following simplied analysis, we do consider neither fast retransmit nor fast recovery.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/29

TCP on lossy (wireless) link

Without fast retransmit/fast recovery
[Lakshman/Madhow]

Very high loss probability

High loss probability

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/30

Simple analysis model for lossy TCP

Segment loss probability q = 1p We are interested in the throughput T If there are no losses (and all ACKs are received in time):
Number of segments S first doubles up to threshold W (slow start phase) Number of segments S is incremented after S successful ACKs At some point we reach the bandwidth of the channel B

If there is a loss
We go back to S = 1

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/31

Simple analysis of lossy TCP

For not too high error probability q we are usually in the congestion mode (that is: not the slow start mode). The expected number of successful transmission E before we get an error is

In the equilibrium, we are in the states 1, 2, 3, , S-1, S, and then back to 1 because we have a missing ACK, that is, we have 1+2++S S2/2 successful transmissions.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/32

Lossy TCP: Graphical Interpretation

Plot of T(p), with B = 50 Note that 1% faulty transmissions is enough to degrade the throughput to about 14% of the bandwidth. 10% error rate gives about 4% of possible bandwidth. The higher the bandwidth, the worse the relative loss.

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/33

Mobility and TCP

TCP assumes congestion if packets are dropped
typically wrong in wireless networks, here we often have packet loss due to transmission errors furthermore, mobility itself can cause packet loss, if e.g. a mobile node roams from one access point (e.g. foreign agent in Mobile IP) to another while there are still packets in transit to the wrong access point and forwarding is not possible

The performance of an unchanged TCP degrades severely

however, TCP cannot be changed fundamentally due to the large base of installation in the fixed network, TCP for mobility has to remain compatible the basic TCP mechanisms keep the whole Internet together

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/34

Indirect TCP (I-TCP)

segments the connection
no changes to the TCP protocol for hosts connected to the wired Internet, millions of computers use (variants of) this protocol optimized TCP protocol for mobile hosts splitting of the TCP connection at, e.g., the foreign agent into two TCP connections, no real end-to-end connection any longer hosts in the fixed part of the net do not notice the characteristics of the wireless part
mobile host access point (foreign agent) wired Internet

wireless TCP

standard TCP

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/35

I-TCP socket and state migration

access point1

socket migration and state transfer

Internet

access point2 mobile host

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/36

Indirect TCP Advantages and Disadvantages

+ no changes in the fixed network necessary, no changes for the hosts (TCP protocol) necessary, all current optimizations to TCP still work + transmission errors on the wireless link do not propagate into the fixed network + simple to control, mobile TCP is used only for one hop, between a foreign agent and a mobile host + therefore, a very fast retransmission of packets is possible, the short delay on the mobile hop is known loss of end-to-end semantics, an acknowledgement to a sender does now not any longer mean that a receiver really got a packet, foreign agents might crash higher latency possible due to buffering of data with the foreign agent and forwarding to a new foreign agent high trust at foreign agent; end-to-end encryption impossible
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/37

Snooping TCP
Transparent extension of TCP within the foreign agent
buffering of packets sent to the mobile host lost packets on the wireless link (both directions!) will be retransmitted immediately by the mobile host or foreign agent, respectively (so called local retransmission) the foreign agent therefore snoops the packet flow and recognizes acknowledgements in both directions, it also filters ACKs changes of TCP only within the foreign agent
local retransmission

foreign agent wired Internet

mobile host

snooping of ACKs

buffering of data

end-to-end TCP connection

correspondent host

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/38

Snooping TCP
Data transfer to the mobile host
FA buffers data until it receives ACK of the MH, FA detects packet loss via duplicated ACKs or time-out fast retransmission possible, transparent for the fixed network

Data transfer from the mobile host

FA detects packet loss on the wireless link via sequence numbers, FA answers directly with a NACK to the MH MH can now retransmit data with only a very short delay

Integration of the MAC layer

MAC layer often has similar mechanisms to those of TCP thus, the MAC layer can already detect duplicated packets due to retransmissions and discard them

Problems
snooping TCP does not isolate the wireless link as good as I-TCP snooping might be useless depending on encryption schemes

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/39

Mobile TCP
Special handling of lengthy and/or frequent disconnections M-TCP splits as I-TCP does
unmodified TCP fixed network to supervisory host (SH) optimized TCP SH to MH

Supervisory host
no caching, no retransmission monitors all packets, if disconnection detected
set sender window size to 0 sender automatically goes into persistent mode

old or new SH re-open the window

+ maintains end-to-end semantics, supports disconnection, no buffer forwarding does not solve problem of bad wireless link, only disconnections adapted TCP on wireless link; new software needed
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/40

Fast retransmit/fast recovery

Problem: Change of foreign agent often results in packet loss
TCP reacts with slow-start although there is no congestion

Solution: Forced fast retransmit

as soon as the mobile host has registered with a new foreign agent, the MH sends (three) duplicated acknowledgements on purpose this forces the fast retransmit mode at the communication partners additionally, the TCP on the MH is forced to continue sending with the actual window size and not to go into slow-start after registration

+ simple changes result in significant higher performance what a hack

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/41

Transmission/time-out freezing
Mobile hosts can be disconnected for a longer time
no packet exchange possible, e.g., in a tunnel, disconnection due to overloaded cells or multiplex with higher priority traffic TCP disconnects after time-out completely

TCP freezing
MAC layer is often able to detect interruption in advance MAC can inform TCP layer of upcoming loss of connection TCP stops sending, but does now not assume a congested link MAC layer signals again if reconnected

+ scheme is independent of data TCP on mobile host has to be changed, mechanism depends on MAC layer
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/42

Selective retransmission
TCP acknowledgements are often cumulative
ACK n acknowledges correct and in-sequence receipt of packets up to n if single packets are missing quite often a whole packet sequence beginning at the gap has to be retransmitted (go-back-n), thus wasting bandwidth, especially if the bandwidth-delay product is high.

Selective retransmission as one solution

RFC2018 allows for acknowledgements of single packets, not only acknowledgements of in-sequence packet streams without gaps sender can now retransmit only the missing packets

+ much higher efficiency more complex software in a receiver, more buffer needed at the receiver

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/43

Transaction oriented TCP

TCP phases
connection setup, data transmission, connection release using 3-way-handshake needs 3 packets for setup and release, respectively thus, even short messages need a minimum of 7 packets!

Transaction oriented TCP

RFC1644, T-TCP, describes a TCP version to avoid this overhead connection setup, data transfer and connection release can be combined thus, only 2 or 3 packets are needed

+ Efficiency Requires changed TCP

Distributed Computing Group

MOBILE COMPUTING

R. Wattenhofer

8/44

Comparison of different approaches for a mobile TCP

Approach
Indirect TCP

Mechanism
splits TCP connection into two connections

Advantages
isolation of wireless link, simple

Disadvantages

loss of TCP semantics, higher latency at handover Snooping TCP snoops data and transparent for end-to- problematic with acknowledgements, local end connection, MAC encryption, bad isolation retransmission integration possible of wireless link M-TCP splits TCP connection, Maintains end-to-end Bad isolation of wireless chokes sender via semantics, handles link, processing window size long term and frequent overhead due to disconnections bandwidth management Fast retransmit/ avoids slow-start after simple and efficient mixed layers, not fast recovery roaming transparent Transmission/ freezes TCP state at independent of content changes in TCP time-out freezing disconnect, resumes or encryption, works for required, MAC after reconnection longer interrupts dependant Selective retransmit only lost data very efficient slightly more complex retransmission receiver software, more buffer needed Transaction combine connection Efficient for certain changes in TCP oriented TCP setup/release and data applications required, not transparent transmission

[Schiller]
Distributed Computing Group MOBILE COMPUTING R. Wattenhofer 8/45