Discrete Event Simulation And Discrete Event Simulation And Evaluation Of A Firewall Aware Evaluation Of A Firewall Aware Architecture For Mobile IP Architecture For Mobile IP Artur Hecker Artur Hecker Supervisors: Supervisors: Prof. Dr. Dr. h.c. mult mult. Gerhard . Gerhard Kr Krü üger ger Prof. Dr. Dr. h.c. Prof. Dr. Samir Tohmé Samir Tohmé, ENST Paris , ENST Paris Prof. Dr. Dr.- -Ing Ing. Günter . Günter Schäfer Schäfer, ENST Paris , ENST Paris Dr. Dipl. inform. Frank . inform. Frank Pählke Pählke, University of Karlsruhe , University of Karlsruhe Dipl
Overview Overview Background: Background: Disadvantages of Mobile IP Disadvantages of Mobile IP The FATIMA concept The FATIMA concept Conceptual work Conceptual work Some basic concepts Some basic concepts Simulated situations, used topology Simulated situations, used topology Mobility & handover simulation Mobility & handover simulation Data structures Data structures Results Results Found concept problems Found concept problems Some a achieved chieved quantitative results quantitative results Some Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Background Background
Mobile IP: Weaknesses Mobile IP: Weaknesses Mobile IP is: Mobile IP is: Internet Standard (RFC 2002, 1995) Internet Standard (RFC 2002, 1995) IPv4- -extension enabling Layer3 extension enabling Layer3- -mobility for mobility for IPv4 Internet hosts Internet hosts Accounting Accounting System configuration System configuration Inefficient data routing Inefficient data routing Local handovers Local handovers FA vulnerability (DoS DoS, replay attacks) , replay attacks) FA vulnerability ( Firewall support Firewall support Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
FATIMA: Overview FATIMA: Overview FATIMA is: FATIMA is: F irewall irewall A A ware ware T T ransparent ransparent I I nternet nternet M M obility obility F A rchitecture rchitecture A Improvement to Mobile IP Improvement to Mobile IP Backwards compatible to Mobile IP Backwards compatible to Mobile IP FATIMA defines / claims to improve: FATIMA defines / claims to improve: Structure for local mobility components Structure for local mobility components Firewall support with Mobile IP Firewall support with Mobile IP Fast local handovers Fast local handovers Routing in Mobile IP Routing in Mobile IP Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
FATIMA: Basic Idea FATIMA: Basic Idea Monitor: FATIMA features Monitor: FATIMA features Firewall One central CoA One central CoA Centralized security Centralized security Main Gateway Main Gateway Central configuration Central configuration Home Agent Foreign Agent Home Agent Foreign Proxy Agent Proxy Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Goals of this work Goals of this work Build a FATIMA- -equipped network with equipped network with Build a FATIMA some simulation concept some simulation concept Test the applicability of FATIMA Test the applicability of FATIMA (qualitative proof) (qualitative proof) Comparison of FATIMA and Mobile IP Comparison of FATIMA and Mobile IP networks (quantitative proof) networks (quantitative proof) Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Conceptual Work Conceptual Work Examples of used concepts Examples of used concepts
Concept: Approach Concept: Approach Realization: based on OMNeT++ Realization: based on OMNeT++ Topology: two networks & one CN enable to simulate Topology: two networks & one CN enable to simulate all the necessary situations. Each network should all the necessary situations. Each network should have more than one FA / FAP. One HA / HAP should have more than one FA / FAP. One HA / HAP should be enough. be enough. OMNeT++: provides modules & messages with peer- - OMNeT++: provides modules & messages with peer to- -peer connectivity and time control, no broadcast, peer connectivity and time control, no broadcast, to no native IP support no native IP support No Mobile IP without basic without basic IP IP No Mobile IP Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Concept: Independency Concept: Independency OMNeT++ independent code Abstraction API Node NetMessage Wrapper 1 1 NetDriver Driver Message OMNeT++ API cSimpleModule cMessage sim library OMNeT++ simulator code Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Concept: IPv4 & Broadcast Concept: IPv4 & Broadcast 137.194.160.1 137.194.160.2 Internet Node Node Local Network Gateway 137.194.160.254 137.194.*.* Node Node 137.194.160.3 137.194.160.4 Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Concept: Mobility Simulation Concept: Mobility Simulation Mobile Generator: Mobile Generator: Topological View Gateway Creates mobile mobile nodes nodes Creates Configures mobile mobile nodes nodes Configures Network Simulates handovers Simulates handovers Relies traffic between Relies traffic between FA(P) HA(P) MNs and agents agents MNs and Shares a list of all MNs Shares a list of all MNs Mobile Mobile Remains transparent transparent for for Remains Generator Generator the agents and and the the the agents mobiles mobiles Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Concept: Hando over ver Concept: Hand 1 2 1 2 Mobile Mobile Generator Generator HO_NOTE(MN) updates own tables creates MN Resp. MG reconfigures MN Resp. MG HO_NOTE(MN) next HO MG & time updates own tables reconfigures MN next HO MG & time Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Concept: Databases Concept: Databases The most frequent requirements here: The most frequent requirements here: Find the data record for the given IP Find the data record for the given IP Is this IP in the database? Is this IP in the database? hash table hashing IPv4 addresses hash table hashing IPv4 addresses Hash function for a table of size size : : Hash function for a table of size 23 ) ( 17 ) / * 2 23 * 2 17 hash( (ip ip) = ) = ip ip ( ( ip ip * 2 ) ( ip ip * 2 ) /\ \ ( (size size – – 1) 1) mod mod ( (size size – – 1) 1) hash Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Results Results Some of the achieved results Some of the achieved results
Results: FATIMA Deficiences Deficiences Results: FATIMA Control traffic: < proposed solution> proposed solution> Control traffic: < Slightly insufficient data base entries through new Slightly insufficient data base entries through new indirections in the FATIMA indirections in the FATIMA Firewall support: < no solution by now> no solution by now> Firewall support: < Found a conceptual problem with mobile nodes trying to Found a conceptual problem with mobile nodes trying to contact their partners in the home network contact their partners in the home network HAP selection: < no solution by now> no solution by now> HAP selection: < Undefined behavior in the main gateway Undefined behavior in the main gateway MN Incompatibility: < no solution> no solution> MN Incompatibility: < The concept required an incompatible configuration for MN The concept required an incompatible configuration for MN (Home Agent configuration) (Home Agent configuration) Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Results: Fast local handoffs – – Results: Fast local handoffs Number of Packets Number of Packets Control traffic / 20 MNs per network / 30 days Control traffic / 20 MNs per network / 30 days (first FATIMA net with: 3 FAPs FAPs + HAP, else 2 + 1) + HAP, else 2 + 1) (first FATIMA net with: 3 1. net 2. net internet 2 * # 71 845 # 71 865 # 42 226 2 * # 71 845 # 71 865 # 42 226 stdmip stdmip Σ 5 080 490 Σ 5 080 910 Σ 4 053 700 # 98 801 # 68 893 # 39 275 # 98 801 # 68 893 # 39 275 mixed mixed Σ 6 944 600 Σ 4 864 670 Σ 3 837 840 2 * # 96 010 # 84 320 # 36 377 2 * # 96 010 # 84 320 # 36 377 Fatima Fatima Σ 6 741 710 Σ 6 178 030 Σ 3 628 720 Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Results: MN sending to a CN Results: MN sending to a CN in its home network – – RTD 1 RTD 1 in its home network Data traffic / 60 MNs in one network / 14 days Data traffic / 60 MNs in one network / 14 days RTD: FATIMA- -FATIMA, MN@FAT FATIMA, MN@FAT RTD: FATIMA Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Results: MN sending to a CN Results: MN sending to a CN in its home network – – RTD 2 RTD 2 in its home network RTD: FATIMA- -MOBILEIP MOBILEIP, MN@FAT , MN@FAT RTD: FATIMA Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Results: MN sending to a CN Results: MN sending to a CN in its home network – – RTD 3 RTD 3 in its home network RTD: MOBILEIP MOBILEIP- -FATIMA, MN@ FATIMA, MN@MIP MIP RTD: Artur Hecker · Evaluation of the FATIMA concept · ENST Paris / Universität Karlsruhe
Recommend
More recommend