Академический Документы
Профессиональный Документы
Культура Документы
Key features
per-application independent management of connectivity (even per-flow) works on existing networks supports private IP networks / NAT works with ALL existing applications no changes in the correspondent hosts
OS related aspects
Decision policies
Business scenarios
Operator centric User centric Corporate net. centric Aggregator centric Over-the-top prov. centric
Page 4
Other solutions
None of the existing solutions fully satisfies ABC requirements
Mobile IPv4 Mobile IPv6 Proxy Mobile IP v4|v6 SIP based mobility Host Identity Protocol
Page 5
IP in UDP tunnels from the Mobile Host to the Anchor Node, one tunnel for interface The Anchor Node provides a second level NAT, the Correspondent Hosts are unaware of UPMT Each application can be independently sent over one of the tunnels The applications see a Virtual Interface, they are shielded from any mobility/handover issue and from loss of connectivity on the physical interfaces SIP protocol is used for mobility management signaling between Mobile Host and Anchor Node
Page 6
Public Internet
Virtual Interface
NAT 2
IP/UDP Tunnel 2
Access Networks
Page 7
UPMT scalability
The basic scenario foresees a centralized Anchor Node
Anchor Node (AN) Corresp. Host Anchor NAT
Local NAT
Public Internet
AN1
UPMT scalability
Multiple Anchor Nodes can be supported
Anchor Node (AN) 2 Anchor Node (AN) Corresp. Host Corresp. Host Anchor NAT
Local NAT
Public Internet
AN1
UPMT scalability
A fixed host with UPMT modules can play the role of the Anchor Node !
Anchor Node (AN) Anchor NAT
Local NAT
Public Internet
AN1
UPMT scalability
Direct Mobile Host to Mobile Host communication
Anchor Node (AN)
Local NAT
Public Internet
AN1
UPMT scalability
All together
Anchor Node (AN) 2 Anchor Node (AN) Corresp. Host Anchor NAT
Local NAT
AN1
IP in UDP tunneling
IP
UDP
IP
UDP or TCP
application
Protocol independent native NAT traversal Overhead and tunnel multiplexing (with respect to GRE, IPinIP)) Simple user-space implementation is possible
Page 13
upmt0
Virtual interface
Physical IP addresses
IP x
IP y
IP z
eth0
wifi0
pp0
Physical interfaces
Virtual interfaces hide IP reconfiguration and connectivity loss of underlying NIC Legacy application see a standard interface, the encapsulation and mobility management is completely hidden
Page 14
Virtual IP addresses
Local Virtual IP address local-VIPA Virtual IP address assigned by the AN
upmt0
pau-VIPA (Per Association Unique)
Virtual interface
Physical IP addresses
IP x
IP y
IP z
eth0
wifi0
pp0
Physical interfaces
The packet will undergo one internal NAT from the local-VIPA to the pau-VIPA assigned by the Anchor Node
Page 15
Page 16
Security: S-UPMT
Signaling protection MANDATORY PKI, TLS Data protection OPTIONAL IPSEC
Optional IPSEC, otherwise like HIP what about IPSEC NAT traversal?
What happens after an unpredictable handover (break-before-make)? Need for TLS channel complete re-establishment?
Cant do otherwise: the IP has changed, the socket has been closed..
IPSEC is applied independently from UDP encapsulation IPSEC SAs are bound to VIpAs that never change NO need for SA re-establishment (like HIP, but we dont require new stack)
Page 19
Page 20
Policies
Decision engine
Interfaces/networks manager
QoS/QoE measurements
Page 21
Classification of flows/applications
A flow is identified by the 5-tuple: (protocol, IP src, IP dst, Layer 4 source port, Layer 4 destination port) The complete 5-tuple is generally known after that a flow is started, but we need to intercept the flow from the very first packet We enhanced Linux kernel so that process IDs are (internally) carried together with the packets
Page 22
Implementation architecture
Tunneling and Connection Tracker in Kernel space
virtual network device per-application forwarding Hash Table NETFILTER integration (input packet hook, conn-track target) Policy Routing integration (pre-filter hook for routing exception)
Kernel module configuration tool UPMTCONF based on NETLINK socket UPMT Control Entity (java) UPMT Signaling Network Monitor (integration with network-manager and DBUS) Application Monitor Our kernel space implementation does not imply new IP stack, nor new APIs toward the application easy user-space implementation
Page 23
UCE -UCE
UPMT Control UPMT Control Entity Entity JNI
DBUS
NETLINK socket
packet from application NOT under UPMT control packet from application under UPMT control Internal signaling and function calls
Page 25
11/04/2011
Page 25
Page 26
11/04/2011
Page 26
Page 29
Business scenarios
UPMT can be used in different business scenarios:
Operator centric User centric Corporate Net. centric Aggregator centric Over-the-top Prov. centric
Page 30
Page 31
Page 32
MH - Mobile Host
AN Anchor Node
Packets/s
Packets/s
Page 33
Tunneling and flow classification are implemented in kernel space for performance/scalability
A UPMT Live distribution for Linux is available, it can be configured to be a Mobile Host or an Anchor Node Porting on Android (2.2 Platform), Nexus one terminal
Kernel modules ported, patch for multiple interfaces
Page 34
Work in progress
End-to-end mobility management (from mobile host to mobile host with no relay on the Anchor Node if possible) Control GUI on Android APIs for UPMT aware applications Header compression mechanisms
Page 35
References
M. Bonola, S. Salsano, A. Polidoro, UPMT: Universal PerApplication Mobility Management using Tunnels, IEEE GLOBECOM 2009 M. Bonola, S. Salsano, Achieving Scalability in the UPMT Mobility Management Solution, Future Network & Mobile Summit 2010, 16 18 June 2010, Florence, Italy. M. Bonola, S. Salsano, Per-application Mobility Management: Performance Evaluation of the UPMT Solution, IWCMC 2011, Istanbul, Turkey, July 2011 S. Salsano, M. Bonola, The UPMT solution, technical report, http://netgroup.uniroma2.it/TR/UPMT.pdf
Page 37
Work in progress
S. Salsano, M. Bonola, A. Gambitta, A. Bianchi UPMT: PerApplication Mobility Management in Mobile Broadband Networks, submitted to Communication Magazine special issue on Traffic Management for Mobile Broadband Networks M. Bonola, S. Salsano, S-UPMT: a secure Vertical Handover solution based on IP in UDP tunneling and IPsec, to be submitted to Wiley WCMC journal.
Page 38
Marco Bonola (marco.bonola@uniroma2.it) Stefano Salsano (stefano.salsano@uniroma2.it) Alessio Bianchi, Andrea Gambitta, Fabio Patriarca, Fabio Ludovici, Enrico Gagliano, Andrea Capitani, Belen Ibanez, Daniele Dedda, Alessandro Tramontozzi, Pier Luigi Ventre, Aurelio Franconeri
Page 39