Mobile IP | Lan Tutorial With Glossary of Terms: A Complete Introduction to Local Area Networks (Lan Networking Library)

Though the Internet can seem anarchic, IP routing depends on a well-ordered hierarchy. At the Internet core , routers aren't concerned with individual users. They look only at the first few bits of an IP address (the prefix) and forward the packet to the correct network. Routers further out look at the next few bits, sending the packet to a subnet. At the edge, access routers look at the final parts of an address and send the packet to a specific machine.

The hierarchy depends on devices that remain fixed to one subnet and on subnets that don't move between larger networks. If a computer is unplugged from one subnet and connected to another, its IP address must be altered . Likewise, an enterprise that changes its ISP might have to renumber its entire network. The result is that many client machines don't have a permanent IP address, but acquire a new one each time they log on to a network. Most laptops, for example, have an IP address on the employer's network while docked at the office, but one from the employee's ISP while at home.

This isn't a problem if users don't often switch between networks and are willing to log off and on again whenever they do. However, it's a problem if users need to stay connected while moving between networks. Higher-level protocols, such as TCP, use the IP address to identify users, so a user can't maintain a TCP connection if the IP address changes. The solution to this is mobile IP, an IETF standard enabling users to keep the same permanent IP address no matter how they're connected.

Mobile IP is still used rarely, partly because there's little need for it and partly because present implementations waste bandwidth and require at least two precious IP addresses per user. However, mobile IP is expected to become more important as wireless networks and IPv6 become ubiquitous. Cellular vendors are pushing it hard, as a way to allow seamless roaming between third-generation (3G) networks and higher-bandwidth hot spots based on Bluetooth or Wi-Fi (802.11b).

Mobile IP will allow an employee to unplug a handheld computer from its Ethernet cable, then continue to download a file or conduct a Voice over IP (VoIP) conversation while the connectivity is transferred, first to the office's Wireless LAN (WLAN), then to an outside cellular network, and finally to a home DSL line.

Tunnel Vision

Every type of mobile IP depends on giving the mobile node two IP addresses: a permanent address on its home network, and a care-of address on another network. The permanent address is the one that higher-level protocols use, while the care-of address signifies the node's actual location within a network and its subnets.

Whenever the node moves to a new network, it must acquire a new care-of address on the network it's visiting. In IPv4, this means requesting one from a special mobility agent essentially a DHCP server, with some Authentication, Authorization, and Accounting (AAA) functionality addedon the foreign network. IPv6 has so many addresses available that the mobile node can make up its own by combining the visited network's prefix with an identifier unique to the device, such as its MAC adress. This eliminates the need for a mobility agent, speeds up the process, and ensures that a care-of address is always available.

Back at the home network, another mobility agent, usually an edge router with some AAA functions, keeps track of all the mobile nodes with permanent addresses on that network, associating each with its care-of address. The mobile node keeps the home agent informed of its whereabouts by sending a binding update via the Internet Control Message Protocol (ICMP), whenever its care-of address changes. These updates can incorporate a digital certificate, to ensure that they're actually sent by the mobile agent, rather than an attacker seeking to impersonate him or her.

When another machine on the Internet needs to correspond with the mobile node, this machine sends packets via the home network. The home agent must intercept these packets and forward them to the visited network, a process known as tunneling. This allows correspondent nodes to use the permanent address and remain unaware of the mobile node's movements.

The next step depends on which type of mobile IP you're using. In IPv4, all packets intended for the mobile node are tunneled via the home network, where the home agent intercepts and forwards them to the care-of address. This is the simplest way to enable mobility, but it adds extra routing hops which use more bandwidth and increase latency. The latter is particularly important for wireless networks, whose main application is still latency-sensitive voice, and where latency is already high and unpredictable.

In the original version of mobile IPv4, standardized in 1996, mobile nodes were supposed to send replies directly to correspondents (see Figure 1). For compatibility with higher-level protocols, the "source" address field in these packets had to be the permanent address on the home network, even though routers on the Internet would see that the packets were actually coming from the care-of address on the visited network. This wasn't a problem in 1996, but it is now.

Thanks to Denial of Service (DoS) attacks, where malicious packets often claim to be from fake IP addresses, routers on the Internet began to incorporate ingress and outgress filtering. Routers would only allow a packet through if its source address field was consistent with its origin. To get around these filters, mobile IPv4 was updated in 2002 to include reverse tunneling. Instead of taking a triangular path , all packets travel via the home network in both directions (see Figure 2). Unfortunately, this step wastes even more bandwidth and adds further latency, making it unsuitable for wireless networks running VoIP.

Addressing The Issue

Mobile IPv6 tries to solve the bandwidth and latency problems by avoiding tunneling as much as possible. Though the first few packets of every session are still tunneled via the home agent, the mobile node also sends binding updates to every correspondent. Future packets can be sent directly, just as if the mobile node belonged on the network it was visiting. You can apply the same principle to entire mobile subnets, such as a WLAN inside a moving vehicle.

You can accomplish this with extensible headers, a feature allowing IPv6 packets to contain extra protocol information to deal with issues such as QoS and prioritization. In mobile IP, you use extensible headers to make each packet contain both the permanent and the care-of address, satisfying both higher-level protocols and Internet routers. (See Figure 3.)

The extra bandwidth taken up by this information can be significant, especially for small packets such as those used in VoIP, so headers are compressed using a standard called Robust Header Compression (ROHC). By taking advantage of the fact that consecutive packets often have identical headers, ROHC can reduce header size by around 95 percent.

Because a mobile node can move rapidly , it might have several care-of addresses at any one time. These addresses include the primary one, representing the network the node is attached to, and several older ones on networks the node previously passed through. Packets sent to these older care-of addresses must be tunneled by agents on the previously visited network, just as if they were sent through the home network. To prevent a node from accumulating too many old care-of addresses, binding updates in mobile IPv6 always include an expiry time for a care-of address.

All of this would seem to require extra functionality within every device connected to the network. Edge routers must be able to tunnel packets not just to their own mobile nodes, but also to other nodes that have previously used a care-of address on their network. TCP/IP stacks on individual devices must be able to understand the difference between a permanent and a care-of address.

However, this functionality is standard in the IPv6 specification, whereas the ability to act as a home or foreign agent has to be retrofitted to IPv4 devices. This fact, rather than the larger address space, is why the wireless industry is so keen to promote IPv6 adoption.

Resources

The mobility schemes for IPv4 are well-defined in several RFCs, available at www.ietf.org. In particular, the protocol is covered in RFC 3220, authentication in RFC 2977, header compression in 3095, and reverse-tunneling in RFC 3024.

Cellular vendor Nokia has some informative whitepapers explaining how IP mobility works in 3G wireless networks at its IPv6 site, www.nokia.com/ipv6/.

The European Commission's Information Society Technologies Programme oversees many research projects into the wireless Internet, at www.cordis.lu/ist/. Three of these projects deal specifically with the future direction of mobile IP.

Wireless IP Network as a Generic platform for Location Aware Service Support (WINEGLASS), at http://domobili.cselt.it/wineglass/, looks at IP roaming between cellular networks and Wireless LANs (WLANs).

Broadband Radio Access for IP Networks (BRAIN), at www.ist-brain.org, attempts to optimize the protocol for wireless networks.

Mobile IP Network Developments (MIND), at www.ist-mind.org, tries to integrate mobility with QoS and other features necessary if all traffic is to be carried over IPv6.

This tutorial, number 166, by Andy Dornan, was originally published in the May 2002 issue of Network Magazine.