Mobility Support in IPv6

(MIPv6)
Chun-Chuan Yang
Dept. Computer Science & Info.
Eng.
National Chi Nan University
1

Outline

MIPv6 Features

MIPv6 Basic Operations

MIPv6 Security

MIPv6 vs. MIPv4

Mobile IPv6 Features (1)

IPv6 Mobility is based on core features of

IPv6

The base IPv6 was designed to support Mobility

Mobility is not an Add-on features

All IPv6 Networks are IPv6-Mobile Ready

All IPv6 nodes are IPv6-Mobile Ready

All IPv6 LANs/Subnets are IPv6 Mobile Ready

IPv6 Neighbor Discovery and Address

Autoconfiguration allow hosts to operate in
any location without any special support
3

Mobile IPv6 Features (2)

No Foreign Agent

In Mobile IPv4, an MN registers to a foreign node

and borrows its address to build an IP tunnel so
that the HA can deliver the packets to the MN. But
in Mobile IPv6, the MN can get a new IPv6 address,
which can be only used by the MN and thus the FA
no longer exists
IPv6 Address auto-configuration: MN can obtain a
CoA in foreign network without any help of foreign
agent

More Scalable : Better Performance

Less traffic through Home Link

Less redirection/re-routing (Traffic Optimization)

Mobile IPv6 Features (3)

Bi-directional tunneling mode

Does not require for the CN to support Mobile IPv6

Use of Reverse tunneling (for ingress filtering)

Route Optimization (RO) mode

Requires to register the MNs current binding at the

CN
Uses a new type of IPv6 routing header

Type-2 routing header = home address (Dest Addr = MNs

CoA)

Shortest communications path

Eliminates congestion at the MNs HA and home link
Impact of any possible failure of the HA or networks
on the path to or from it is reduced

Mobile IPv6 Features (4)

Dynamic Home Agent Address Discovery

Allows a MN to dynamically discover the IP

address of a home agent on its home link
ICMP Home Agent Address Discovery
Request Message

Destination address: Home Agent anycast

address for its own home subnet prefix

Reply message

HA list (with preferences) in the home link

Each HA maintains the home agent lists

New IPv6 Protocol (1)

Mobility Header

Home Test Init, Home Test, Care-of Test

Init, Care-of Test

Perform the return routability procedure from

MN to CN for ensuring authorization of
subsequent Binding Updates

Binding
Binding
Binding
Binding

Update
Acknowledgement
Refresh Request
Error
7

New IPv6 Protocol (2)

New IPv6 Destination Option

Home Address destination option

Type-2 Routing header: route

optimization

New ICMPv6 Messages

Home Agent Address Discovery Request

Home Agent Address Discovery Reply

Mobile Prefix Solicitation

Mobile Prefix Advertisement

8

Mobility Header

Payload Proto: Same as IPv6 Next Header

MH Type: Identifies the particular mobility
message
Message Data: the data specific to the indicated
MH type

Binding Update Message

MH Type=5
Message Data:

A: Acknowledge

H: Home Registration

L: Link-Local Address Compatibility

K: Key Management Mobility Capability
10

Binding Acknowledgement
Message
MH Type=6

Message Data:

K:Key Management Mobility Capability

11

MIPv6 Basic Operation (1)

IP Header

PayLoad

CN

S: MNs Home Address

D: CNs IP Address

Home Network

Internet

HA

Foreign Network
IP Header

PayLoad

S: CNs IP Address
D: MNs Home Address

Mobile Node

12

MIPv6 Basic Operation (2)

CN
Home
Network

IP Header Mobility Header

Internet

PayLoad

MH=5

Foreign Network

HA

IP Header Mobility Header

MH=6

PayLoad

Binding Update

Binding Ack

Mobile Node

13

MIPv6 Basic Operation (3)

IP Header
S: CNs IP Address
D: MNs Home Address

PayLoad

CN

Internet

Home
Network

HA

Tunneled packets
New IP Header Old IP Header

PayLoad

S: HAs Address
D: MNs COA

Mobile Node

14

MIPv6 Basic Operation (4)

CN
Home
Network
Internet

HA
IP Header Mobility Header

PayLoad

MH=5

Binding Ack
IP Header Mobility Header

Binding Update

PayLoad

MH=6

Mobile Node

15

MIPv6 Basic Operation (5)

CN
Home Network

Internet

HA

S: CNs Address
D: MNs COA
IP Header Routing Header
S: MNs COA
D: CNs Address
IP Header HA Dest Opt

Payload

(Type 2, MNs
Home Address)

Payload

(includes MNs
Home
Address)

Mobile Node

16

Movement

Movement Detection: Detect L3 handovers

Neighbor Unreachability Detection (NUD)

Default router is no longer bi-directionally

reachable

Router Discovery: select a new default

router

Prefix Discovery: form new care-of address

Home registration

Correspondent registration
17

Home Registration (1)

Set H-bit & A-bit in the Binding Updates sent to the

HA

MNs home address in Home Address destination option

Source address = Care-of address

Set L-bit if the MNs link-local address (for the new

care-of-address) has the same interface ID as the home
address

Set K-bit if the IPsec SAs between the MN and the HA

have been established dynamically, and the mobile
node has the capability to update its endpoint in the
used key management protocol to the new care-of
address every time it moves

18

Home Registration (2)

Sequence #

Used by the receiving node to sequence BUs

and by the sending node to match a returned
BACK with this BU

Lifetime

The number of time units remaining before the

binding must be considered expired

One time unit is 4 seconds

19

Correspondent Registration
(1) the CN to cache the MNs current careAllowing
of address

Return Routability procedure + registration

After home registration, the MN should initiate a

correspondent registration for each node that
already appears in the MNs Binding Update List

The initiated procedures can be used to either

update or delete binding information in the CN

In addition, MN initiate the registration in

response to receiving a packet tunneled using
IPv6 encapsulation
20

Correspondent Registration
A(2)
Binding Update is created as follows

1. Source address of the IPv6 header = the

current care-of address

2. Destination address = the address of the CN

3. Mobility header with MH type = 5, including

the Binding Authorization Data and the Nonce
Indices mobility options

4. Home Address destination option = MNs

home address
21

Conceptual Data Structures

CN: Binding Cache

HA: Binding Cache and Home Agents List

When sending a packet, the Binding Cache is

searched before the Neighbor Discovery conceptual
Destination Cache
The Home Agents List is used by the dynamic
home agent address discovery mechanism

MN: Binding Update List

It records information for each BU sent by this MN,

in which the lifetime of the binding has not yet
expired
The Binding Update List includes all bindings sent
by the MN either to its HA or CNs

22

MIPv6 Security

Binding Updates to HA

IPsec and ESP between MN and HA

Key Distribution (IKE, Internet Key Exchange)

Binding Updates to CN

Return Routability Procedure to assure

that the right MN is sending the message

Binding management key (Kbm) for integrity

and authenticity of the BU messages

23

IPsec Security Association

An SA is a cryptographically protected connection

There MUST be a SA between the MN and HA
Provides integrity and autentication of BU and BACK
An SA is defined by: <SPI, destination adress, flag>
One SA per home-address

IPsec
Authentication
Header
(authentication
only service)

24

Encapsulating Security
Payload
ESP: authentication + encryption

25

IPsec: AH vs. ESP

26

Binding Updates to CN

Return Routability Procedure

It enables CN to obtain some reasonable

assurance that MN is in fact addressable at its
claimed care-of address as well as at its home
address

Done by testing whether packets addressed to

the two claimed addresses are routed to MN

MN can pass the test only if it is able to supply

proof that it received certain data (the keygen
tokens) which CN sends to those addresses.
These data are combined by MN into Kbm

27

Return Routability
Procedure

28

RR Procedure Terminology
(1) Key: a secret key (20 octets), Kcn, at CN
Node

Nonce: CN also generates nonces at regular

intervals

Cookie: Random number used by MN

Home init cookie

To prevent spoofing by a bogus CN in the RR procedure

A cookie sent to the CN in the Home Test Init message, to

be returned in the Home Test message

Care-of init cookie

A cookie sent to the CN in the Care-of Test Init message, to

be returned in the Care-of Test message

29

RR Procedure Terminology
(2) Token
Keygen

Number supplied by CN to enable MN to compute the

necessary binding management key for authorizing a
BU

Care-of keygen token: Care-of Test message

Home keygen token: Home Test message

Cryptographic Functions

SHA: Secure Hash Standard

HMAC_SHA1: Keyed-Hashing for Message Authentication

MAC: Message Authentication Codes

30

Return Routability Test: step

1

Secret Key: <Kcn> Temporary Nonces:

1 - <nonce1>
Correspondent Node
2 - <nonce2>
...

<home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64]

<home init cookie>
<Correspondent Address>

Home Agent

Home Test:
src=<correspondent address>
dst=<home address>
<home init cookie>
<home keygen token>
home nonce index: 1

Home Test Init:

src=<home address>
dst=<correspondent address>
<home init cookie>
<Care-Of Address>
Cookies <home init cookie>
:
<home keygen token>
home nonce index: 1
Mobile Node

31

Return Routability Test: step

2

Secret Key: <Kcn> Temporary Nonces:

1 - <nonce1>
Correspondent Node
2 - <nonce2>
...
<care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64]
<care-of init cookie>
<Correspondent Address>
Home Agent
Care-of Test Init:
src=<care-of address>
dst=<correspondent address>
<care-of init cookie>

Care-of Test:
src=<correspondent address>
dst=<care-of address>
<care-of init cookie>
<care-of keygen token>
care-of nonce index: 1

<Care-Of Address> Cookies: <care-of init cookie>

<care-of keygen token>
care-of nonce index: 1
Mobile Node

32

Secure Binding Update to

CN

Secret Key: <Kcn> Temporary Nonces:

1 - <nonce1>
Correspondent Node
2 - <nonce2>
...
<home keygen token> = HMAC_SHA1Kcn (<home-address> | <nonce1> | 0) [1:64]
<care-of keygen token> = HMAC_SHA1Kcn (<care-of-address> | <nonce1> | 1) [1:64]
<Correspondent Address>

Once the correspondent node has verified the MAC, it

can create a Binding Cache entry for the mobile.
Kbm = SHA1 (<home-keygen-token> | <care-of keygen token>)
MAC = HMAC_SHA1Kbm(<care-of-address>|<correspondent address>|BU) [1:96]
Binding Update
src=<care-of address>
dst=<correspondent address>
option: Home Address = <home address>
<sequence number>
<home nonce index = 1>
<care-of nonce index = 1>
<MAC>

Cookies:
<Care-Of Address> <care-of init cookie>
<care-of keygen token>
care-of nonce index: 1
<home init cookie>
<home keygen token>
home nonce index: 1
Mobile Node

33

Mobile IPv4 vs. Mobile IPv6

Mobile IPv4

Mobile IPv6

Mobile node, home agent, home

link, foreign link

(same)

Mobile nodes home address

Globally routable home address and linklocal home address

Foreign agent
Collocated care-of address

A plain IPv6 router on the foreign link

(foreign agent no longer exists)

Care-of address obtained via

Agent Discovery, DHCP, or
manually

Care-of address obtained via Stateless

Address Autoconfiguration, DHCP, or
manually

Agent Discovery

Router Discovery

Authenticated registration with

home agent

Authenticated notification of home agent

and other correspondent nodes

Routing to mobile nodes via

tunneling

Routing to mobile nodes via tunneling

and source routing

Route optimization via separate

protocol specification

Integrated support for route optimization

34

MIPv6 References

RFC 3775: Mobility Support in IPv6

RFC 4443: ICMPv6

RFC 3776: Using IPsec for MIPv6

RFC 2408: The Internet Key

Exchange

35