Mobile IP and Public Access Networks

Chapter 6, "Metro Mobility: Client-Based Mobile IP," looked at many of the features necessary to deploy metropolitan mobility solutions. This chapter examines some common public-access technologies and their use or interactions with Mobile IP.

Current wireless data networks that are commonly deployed include Wireless Fidelity (WiFi), cdmaOne/cdma2000, and General Packet Radio Service (GPRS)/Universal Mobile Telephone Service (UMTS). Newcomers that are promising include Fast Low-latency Access with Seamless HandoffOrthogonal Frequency Division Multiplexing (FLASH-OFDM) and Worldwide Interoperability for Microwave Access (WiMAX). WiMAX is considered a wireless metropolitan-area network (MAN) technology.

The wireless wide-area network (WAN) and MAN technologies provide broad coverage up to about 5 miles, with mobility speed up to 200 mph, and data throughput from 14.4 Kbps to 2 Mbps (WAN) or 70 Mbps (MAN). The throughput numbers specified for comparison in this chapter are not theoretical limits of the technology but rather the practical rates. WiFi, although designed strictly as a wireless LAN technology, has seen deployment in metropolitan settings, but its limited coverage area limits its usefulness. A typical wireless LAN covers up to a distance of 300 feet, with data throughput capable of reaching 20+ Mbps. WLAN usage is significantly more cost effective than wireless WAN. Both wireless WAN and WLAN technologies continue to evolve, with performance increasing and cost decreasing. Not long ago, throughput for wireless WAN was considered good at 24 Kbps, and WLAN topped out at 1 Mbps. Today, commercial wireless WAN services that are available in certain cities have a bandwidth in excess of 300 Kbps, and 20-Mbps and higher throughput rates on WLAN are getting popular. For those of us who are accustomed to high-speed broadband access from the home, there's a thirst for ubiquitous wireless WAN coverage at comparable performance. Future expectation is that wireless WAN will reach tens of Mbps and WLAN will be blazing at many Gbps.

It is easy to get mesmerized by the throughput numbers of the wireless technologies, but factors such as air-link efficiency, radio access network latency, and capital and operational cost vary among them. Each technology has its strengths and weaknesses in terms of coverage area, cost, bandwidth, latency, and supported speed of movement. Maximizing the wireless data experience requires situational usage. Therefore, it is wise to have a mobility infrastructure that keeps up with the wireless evolution and takes advantage of the benefits of existing wireless technologies. Because Mobile IP provides mobility independent of the link layer, it is an ideal solution in a world of myriad types of access networks.

Public Wireless LAN

WiFi, also known as IEEE 802.11, is the most popular wireless LAN technology deployed for public access. Public wireless LAN deployments, typically referred to as hot spots, are appearing in many hotels, conference centers, coffee shops, airports, and locations where mobile workers gather or events take place. WiFi provides fast and relatively cheap (sometimes free) wireless Internet access. One major challenge to deploying Mobile IP with public wireless LAN is the integration with access control. For example, one issue is the time needed to get authorized and given access to the network. In addition, based on the method used, it would be useful to have some form of Layer 2 trigger to inform Mobile IP that access is available for expedited switchover to WiFi.

Multiple user-authentication methods exist in hot spots, and most service providers have different authentication mechanisms. The most common access method for public WLAN hot spots is Hypertext Transfer Protocol (HTTP) redirect. In this case, after a client obtains an IP address through Dynamic Host Configuration Protocol (DHCP), all traffic is blocked, with the exception of HTTP traffic, which is redirected to the service provider's portal page. When users attempt to reach a website, their browsers are directed to a sign-on web page, where users can enter their credit card or subscription information. This process poses a couple of problems. First, it requires manual user intervention, which makes the experience of switching over to WiFi not seamless. The other problem is that Mobile IP attempts to discover a Foreign Agent (FA) after WLAN association and registers to its Home Agent after obtaining an IP address from DHCP. These packets are dropped by the WLAN access point (AP) until authentication completes. But when access is granted and the client's traffic is permitted to pass through the AP, Mobile IP is not notified because the WLAN interface had already come up when DHCP completed. If previous network access (such as cellular) is unavailable during the authentication period, communication sessions that are sensitive to packet loss can suffer noticeable hangs or completely disconnect.

Many service providers are adding machine-controllable authentication service to interoperate with connection managers and allow simpler roaming services. These automated services are either based on specific well-defined URLs or based on IEEE 802.1x. IEEE 802.1x is a widely accepted standard for Layer 2 authentication that uses the Extensible Authentication Protocol, or EAP, to allow user login. Many Global System for Mobile Communications (GSM) cellular providers are using or evaluating Extensive Authentication Protocol-subscriber identity module (EAP-SIM) to authenticate subscribers. EAP-SIM leverages the GSM subscriber identity module, or SIM, to provide secure authentication using the existing GSM infrastructure. This provides a hardware token authentication system that requires no user interaction. In addition, because this is a Layer 2 method, DHCP happens after access is granted. The client's interface comes up when an IP address is obtained. This event can trigger the Mobile Node to register to its Home Agent immediately. Thus, EAP-based authentication services work well with Mobile IP to obtain access to the WiFi network and use the high-speed transport to maintain the client's sessions.

Even with automatic authentication capabilities, detecting hot spots and determining the service provider and any roaming agreements still represent challenges. This functionality is typically addressed with software referred to as a connection manager. As the public hot-spot market matures, standards will be adopted and roaming agreements will provide more capabilities. In the meantime, Mobile IP users are limited in their ability to take advantage of the hot spots they encounter.

For GSM cellular providers who want to allow their subscribers the seamless service from WiFi hotspots, one nuisance is a lack of integration of Mobile IP authentication with existing security infrastructure. Currently, accessing the network requires one type of authentication using SIM, and enabling the Mobile IP service mandates a security method that has no relationship. It would be logical to leverage the existing GSM infrastructure to generate the Mobile IP keys needed to protect the registrations. Published drafts in the Internet Engineering Task Force (IETF) have attempted to link the authentication mechanisms of both. This type of solution can simplify deployment of Mobile IPbased roaming.

Cdma2000 Technology

Code division multiple access (CDMA) is a cellular transmission method that allows multiple users to share the same radio frequency spectrum by assigning a unique code to each user. The message sent to the user appears as noise to others without the code. An analogy is the conversations in a busy restaurant. People are tuned in to the voice of the person to whom they are listening. Other loud chatter is filtered by the ear as unwelcome noise in the background.

CDMA is the access technology used in cdmaOne, a second-generation wireless communications system that was named as the first version of commercially deployed CDMA technology. This happened at the advent of the third-generation technology called cdma2000, which is an evolutionary outgrowth of cdmaOne, offering operators who have deployed a second-generation cdmaOne system a seamless migration path. The Third Generation Partnership Project 2 (3GPP2) is a standards organization that comprises North American and Asian interests on the development of cdma2000 specifications. Why is the name cdma2000 used as the successor to cdmaOne, instead of cdmaTwo or cdma3G? One reason is that the 3GPP2 forum was established in the year 2000. CDMA operators, such as Sprint and Verizon Wireless in the United States, deploy such service under the marketing brand of Sprint PCS Vision and Express Network, respectively. The throughput for a currently deployed cdma2000 network is typically about 80 Kbps, though a new rollout of services at about 300 Kbps is happening in 2005 and 2006. Few people outside of the CDMA crowd know that the Mobile IP protocol provides mobility inside the operator's cdma2000 network. Some of these operators seek to use Mobile IP for roaming to/from WiFi and other networks as well.

In cdma2000, the client, typically a phone or access card, connects to a base station (BS) on the air link. It initiates a Point-to-Point Protocol (PPP) session with the Packet Data Serving Node (PDSN). The PDSN is a network access server, providing simple IP access, meaning IP over PPP, or Mobile IP service as a FA. After the PPP session is established, the client initiates a Mobile IP session with its Home Agent through the PDSN. The Mobile Node functionality is typically embedded in the firmware of the phone and transparent to an attached portable IP device. When a client moves between BSs within the same PDSN, the same PPP session is maintained by the network. However, when a client moves between PDSNs, a new PPP session is set up at the new PDSN, and then Mobile IP reregistration maintains the IP session at the Home Agent. Figure 9-1 illustrates the handover between BSs and PDSNs in the cdma2000 network.

Figure 9-1. Mobile IP in cdma2000 Network

The signaling between Mobile Node, FA, and Home Agent is based on IETF specifications, with the exception of the dynamic Home Agent assignment feature, home Domain Name System (DNS) server configuration extension, and multiple registrations using the same Network Access Identifier (NAI). In cdma2000, the Home Agent can be dynamically assigned by the AAA server. This mechanism is valuable for anchoring the Mobile Node with geographical proximity, selecting Home Agent based on an administrative reason, and/or load balancing among available Home Agents. The Mobile Node needs to know its DNS server's IP address in the Home Network. Unfortunately, no standard method exists to learn about this address dynamically. A 3GPP2-specific extension was added to the Mobile IP registration message to pass this information to the Mobile Node. The need for supporting multiple flows (each having a unique IP address) using the same NAI has been debated. Nevertheless, 3GPP2 mandated this requirement and specified how to accomplish multiple registrations. Don't confuse this with Mobile IP simultaneous bindings, which establish multiple paths to the same Home Address and replicate each packet over the tunnels.

Besides enhancements to Mobile IP, some of the 3GPP2-specific attributes that were added to Remote Authentication Dial-In User Service (RADIUS) include the Mobile Node-Home Agent (Mobile NodeHome Agent) registration key used for the Home Agent to download from the AAA server; Internet Key Exchange (IKE), which are keys for establishing the IP Security (IPSec) tunnel between PDSN and the Home Agent; quality of service (QoS); and reverse tunneling parameters. (Source: http://www.3gpp2.com/Public_html/specs/P.S0001-B_v2.0_041004.pdf.)

Two options are available to support roaming between a cdma2000 network and other access networks. One method is to overlay a Mobile IP session using a Mobile Node on the portable IP device. The phone or access card operates in network mode and continues to use Mobile IP for mobility service within the cdma2000 network. The Mobile Node on the IP device works in Colocated Care-of Address (CCoA) mode using the PPP session with the CDMA access device. The Home Address on the IP device is used for communications with Correspondent Nodes (CNs), while the Home Address on the access device ensures that the PPP session's IP address remains constant when attached to the cdma2000 network. The protocol stack for the data plane of the Mobile IP overlay in network mode is shown in Figure 9-2.

Figure 9-2. Cdma2000 Network Mode

If you observed that the Mobile IP client in the IP device is unaware of mobility inside the cdma2000 network, you are right. The Mobile IP tunnel between the client and its Home Agent is clearly not the most efficient use of air-link resources. As service providers look at deploying a managed roaming service between 802.11 and cdma2000, they have the option of disabling the Mobile IP client embedded in the CDMA access device and using only the Mobile Node on the end device. In this case, the CDMA access device operates in relay mode and allows the PPP session to pass through between the client and the cdma2000 Home Agent. The responsibility for notifying the Home Agent is solely on the IP device's Mobile Node. Figure 9-3 shows the protocol stack for the data plane of Mobile IP's role in relay mode. How does the Mobile Node get the configuration such as the Home Agent's IP address and registration keys? This can no longer be provisioned over the air link as in the network mode case, so it must be either manually entered or automatically performed by some program.

Figure 9-3. cdma2000 Relay Mode

GSM Technology

GSM is a digital cellular radio standard, the most popular in the world, that uses time division multiplex access (TDMA). TDMA divides a radio frequency into time slots that are assigned to support multiple simultaneous users. For an analogy of GSM, we can bring back the overcrowded restaurant. This time, each person gets to say only one word at a time, with everyone taking a turn. Those who don't have anything to say remain silent. After the last person speaks, the next word can be conveyed, and this cycle repeats. The listener knows the sequence and therefore knows when to pay attention to gather the entire sentence and the message of the speaker.

GPRS allows GSM traffic channels to be shared by users in packet mode to support data service. Packet mode uses the air link more efficiently than circuit mode. For example, if the conversations in the restaurant are in circuit mode, each person has an allocated time to speak. The time slot is wasted when there is silence. In packet mode, the turns are taken by people who have something to say. This scheme allows the message to be conveyed more quickly and minimizes undesirable quiet periods because "talk" generates revenue for the wireless operators. GPRS represents the first packet-based technology for evolution from second-generation (2G) GSM networks to second-generation plus (2G+) networks. Cingular Wireless and T-Mobile provide this service in the United States. The throughput rate for GPRS is typically 4060 Kbps.

The evolutionary step for GPRS to third generation (3G) is UMTS, as specified in 3GPP standards body, which should not be confused with 3GPP2, because they are different organizations working on competitive technologies. The mobility management functions for GPRS and UMTS were created within its own standards organization. A user moving in the GPRS network maintains the same IP address. This is possible because the gateway GPRS support node (GGSN) anchors the IP address and tunnels traffic to the serving GPRS support node (SGSN), which relays the packet to the client. One or more Packet Data Protocol (PDP) contexts can be activated between the client and the GGSN, which is the gateway between the GPRS network and routed IP network, as its name implies. The GPRS Tunneling Protocol, or GTP, transports packets over an IP network between the GGSN and SGSN. Conceptually, the GGSN and SGSN perform similar functions as the Home Agent and FA, respectively. Therefore, Mobile IP is not needed in the GPRS network because equivalent function already exists.

However, specifications for interworking with other access technologies have not yet been ratified in 3GPP. One possibility for multiaccess connectivity is to overlay a Mobile IP session using a Mobile Node on the host. The Mobile IP client operates in Care-of Address (CoA) mode using the IP address provided by the GGSN for network access. The Home Address on the IP device is used for communications with CNs, while the UMTS address remains constant when attached to the UMTS network. The protocol stack for the data plane of Mobile IP overlay in the UMTS network is shown in Figure 9-4. Don't get lost with the new acronyms in the diagram; the concept is that GTP anchors the UMTS Home Address and Mobile IP anchors the host's Home Address. As in the cdma2000 network mode, the Mobile IP tunnel decreases throughput over the air link. But because GPRS and UMTS don't have a FA in the network, this overhead is unavoidable. A potential remedy is adding the FA function in the GGSN to eliminate the extra tunnel encapsulation. Then handovers between GPRS, UMTS, WiFi, and others can be achieved with Mobile IP, with only the original packet over the air link.

Figure 9-4. Mobile IP over UMTS Network

NOTE

One challenge common to integrating Mobile IP with wireless technologies is that a radio device does not inform the Mobile Node of its signal strength and quality, or even worse, when it has lost the signal. For effective mobility, the Mobile IP clients have to come up with smart ways of gleaning Layer 2 information, when that's possible, or integrating features to query the status of the radio to determine this type of information. Knowledge of link-layer status provides the Mobile Node with an intelligent way to select the best access in a timely manner. The IEEE 802.21 Multi-media Independent Handover Group and IETF Detecting Network Attachment (DNA) Working Group are working on standardizing media-independent handover services that allow hosts to detect their IP layer configuration and connectivity status quickly.

FLASH-OFDM Technology

New mobile wireless technology such as FLASH-OFDM, conceived by Flarion Technologies, is emerging as an alternative to data technologies that evolved from voice networks such as cdma2000 and UMTS. The disadvantage of the overlay approach for wireless data service is the high cost and complexity of the radio access network (RAN). Because this type of network was not designed for packet data service, the "over the air" delay, such as time needed to establish the bearer channel, is significant. For GPRS, the time it takes for the packet from the client to reach the IP gateway ranges from hundreds of milliseconds to over a second. (Source: http://www.sourceo2.com/O2_Developers/O2_technologies/GPRS/Technical_overview/gprs_latency_factors_diagram.htm.) In contrast, WiFi networks move the packet from the IEEE 802.11 air link to the gateway without much delay, usually in just a few milliseconds.

The touted benefits of FLASH-OFDM include packet-based designs, high spectral efficiency, minimal air-link latency (less than 50 msec), end-to-end quality of service, transparent multinetwork access, toll-quality packet voice service, and native multicast. It was built from the ground up with IP technologies in mind. Although this technology is not widely deployed, service providers worldwide are conducting public trials that have demonstrated some positive results. The typical throughput is about 500 Kbps with little latency. Voice over IP (VoIP) on the network had comparable call quality to wired counterparts from a user's perspective.

FLASH-OFDM was designed with a standards-based Mobile IP protocol for mobility management in an all-IP network. An all-IP network is common terminology with many different interpretations.

A purist's perspective on the definition is that such a network consists of an IP core network architecture, an IP RAN architecture, and an air interface that is optimized for packet data delivery. IP mobility in FLASH-OFDM has three key components involved in signaling, and two of them support tunneling of traffic. Sound similar? The Mobile Node is a function in the FLASH-OFDM access card attached to the portable IP device. Flarion's RadioRouter is a combination of a base station and an IP access router, located at the edge of the IP network, where the link layer terminates. The FA function is embedded in the RadioRouter. The Cisco Home Agent has been used for many years to maintain communication sessions by directing traffic from/to a host while in transit between base stations. The agent discovery, registration, and tunneling processes are the same as IETF's Mobile IP specifications. Unlike the cdma2000 network, which uses Mobile IP when users move between large geographical boundaries delimited by PDSNs that aggregate many base stations, the radio router's wireless coverage is in the range of only one base station. This means a motorized vehicle moving at 50 mph can be handing off every 6 minutes in the situation where base station coverage is 5 miles. The frequency of Mobile IP handovers is much greater in FLASH-OFDM compared to cdma2000. Any weakness because of high volume of signaling or unacceptable signaling latency would be exposed quickly in such a network. As mentioned previously, real-world trials have demonstrated scalable signaling capacity and low-latency handovers using Mobile IP.

How do users maintain their session switching over from FLASH-OFDM to WiFi networks at home or hot spots? The options are similar to a cdma2000 network because both use the FA and Home Agent for IP mobility. Figure 9-5 shows the protocol stack for the data plane of Mobile IP overlay in a FLASH-OFDM network. Notice that the protocol stack between the client and FLASH-OFDM Home Agent is simple and clean.