Mobile IP

By
Team: MIRAGE

Amit Singh
Waymon Short
Sumanth Ghanta
Arshad Mushrif
 Outline
• Technology
• Issues
• Commercial presence
 Introduction
• Mobile IP is a standard approved by the Internet
Engineering Steering Group (IESG) in June 1996
and published as a proposed standard by the
Internet Engineering Tasks force (IETF) in
November 1996 in order to support mobility.

• Developed in order to cope with the increasing

popularity of PDA’s and Laptop’s.

• As the demand grew, connectivity became a

significant issue for users with such mobile
devices.
 Need for Mobile IP
• Datagram moved from one network to the other
by routers, which use IP addresses.

• IP address is divided into two parts:

1. network id
2. host id

• Most applications over the Internet are

supported by TCP connections.
 Need for Mobile IP
• TCP uses IP address and port number for
routing and delivery.

• As a mobile user moves from one network to the

other, his IP address changes dynamically.

• As a result, any application that uses network

connectivity needs to restart any ongoing
communications each time it moves
 Need for Mobile IP
• Mobile IP was developed to deal with the
problem of dynamically varying IP addresses.
 Entities
• Mobile Node: A host or router that may change
its point of attachment from one network to the
other across the Internet is called a mobile node.

• Correspondent Node: A node that sends a

packet addressed to a mobile node is called a
correspondent node.

• Home Agent: A home agent is a node on the

home network that maintains a list of registered
mobile nodes in a visitor list.
 Entities
• Foreign Agent: A foreign agent is a router on a
foreign network that assists a locally reachable
mobile node in delivering datagrams between
the mobile node and the home agent.
Mobile Devices

slide by Konidala M. Divyan [3]

 Example
Network B
R

Home
network A
R Internet

Home Agent Network C

R

Corresp.
R Router
Node C

slide by Konidala M. Divyan [3]

 Triangle Routing (Mobile IPv4)
Network B
R

Network A 
R Internet
Mobile Node

Home Agent  Network C

R


 Corresp. Node C initiates communication with Mobile

Node and sends packets to MN‘s home address Corresp.
Node C
 Home Agent intercepts packets and forward them to
the Mobile Node (proxy functionality)
 Mobile Node replies directly to Corresp. Node C
slide by Konidala M. Divyan [3]
 Mobile Node registers at its Home Agent

Network B
R

Network A 
R Internet Mobile Node

Home Agent
Network C
R

Mobile Node sends Binding Update

Home Agent replies with Binding Acknowledgement Corresp.
Node C
slide by Konidala M. Divyan [3]
 Mobile IPv6 Roaming

Network B
R

Network A Network D
R
R Internet 

Home Agent Network C

R

 Mobile Node sends Binding Updates to Home Agent and Corresp.

all Corresp. Nodes, which already received a previous Node C
Binding Update from this Mobile Node

slide by Konidala M. Divyan [3]

 Protocol
• In order to support mobility, Mobile IP includes
three capabilities:

1. Discovery

2. Registration

3. Tunneling
 Discovery
• Mobile Agents send ICMP router advertisements
with mobility agent advertisement extension
periodically informing mobile nodes of its
presence.

• Mobile node is responsible for the discovery

process.

• In order to receive an advertisement, the mobile

node may optionally request one from an agent
or simply wait for the next advertisement.
 Registration
• Mobile node recognizes that it is on a foreign
network, acquires a Care-of-Address and
requests its home agent to forward its data
packets to the foreign agent.

• The process of registration requires 4 steps:

1. Mobile node request forwarding service by

sending registration request to the foreign

agent.
 Registration
2. Foreign agent relays this request to the
home agent.

3. Home agent accepts or denies the

request and sends registration reply to the
foreign agent.

4. Foreign agent relays this reply to Mobile

node.
 Tunneling
• After registration, an IP tunnel is set up between
the home agent and care-of-address of the
mobile node.

• Home agent broadcasts gratuitous ARP request

which causes all nodes in the subnet to update
their ARP caches to map the mobile nodes IP
address to the home agents link level address.

• Thus home agent receives packets destined to

the mobile node, and forwards the packets to the
foreign agent through the IP tunnel.
 Tunneling
• In the foreign network, decapsulation is done by
the foreign agent or by the mobile node itself.

• A correspondent node assumes that the reply

from the mobile node is coming from its home
network and continues to send the packet to the
home agent.
 Issues in Mobile IP
1. Handoff:
• When mobile node changes its point of
attachment, a handoff sequence is initiated.
• During or immediately after the handoff , packet
losses may occur due to delayed propagation of
new location information which degrades the
quality of service.
• Solved by introducing access point probing
functionality in the mobile node to identify the
current access point it is attached with.
 Issues in Mobile IP
2. Replay attacks:

• A Bad Guy could obtain a copy of a valid

Registration Request, store it, and then “replay”
it at a later time, thereby registering a bogus
care-of address for the mobile node

• To prevent that the Identification field is

generated is a such a way as to allow the home
agent to determine what the next value should
be

Mobile IP: Security Issues [4]

 Issues in Mobile IP
• In this way, the Bad Guy is thwarted because
the Identification field in his stored Registration
Request will be recognized as being out of date
by the home agent (timestamps or nonces are
used for Identification field)

Mobile IP: Security Issues [4]

 Business
Perspective
Show me the $$$!!!!!!!
 Outline
• The Edge

• Impact on Employees and Business Processes

• Mobile IP as a Battleground

• Famous Quotes

• References
 The Edge
• Consistent Services

• Meet the needs of corporate users

• Least-cost traffic routing

• Protect Proprietary Services

• Roaming across technologies

 Impact on Employees and
Business Processes
• Increase in work output by 13% [15]

• 50 % of organization (with over $200million

revenue) have wireless LAN capabilities [15]

• Use of wireless WANs and LANs is expected to

double by 2006 [15]

• WWAN and WLAN will lead to 10% cost savings

and 8% saving of network staff time [15]
 Impact on Employees and
Business Processes
• Mobility enables more freedom and flexibility [15]

• Notebook users experience 27% to 30%

improvement in time savings, efficiency, and
effectiveness [15]

• Impact on independence of work, flexibility for

group activities, face-face meetings, remote
meetings and e-mail communication [15]
 Mobile IP as a Battleground
• Its not what it seems!!!!!!!!

• Mobile IP as a natural extension

• Cisco’s competitive advantage

• How will it help Wireless Service providers?

[13]
 Mobile IP as a Battleground
Three main approaches:

• The Cisco Approach [13]

• The key joint venture [13]

• The raft of partnerships [13]

Expert's Quotes
• "The marriage of these two networks can greatly increase
applications and the productivity to the end user," said Ali
Tabissi, chief technology and development officer at
Mobilestar Network Corp.
• "Mobility, along with security, is becoming a key requirement
for many of our customers," said Johan Fornaeus, CEO,
Interpeak.
• “Despite the recent downturn in technology stocks, mobile
data services and wireless computing still hold the
imagination of the public, the allure of investors, and the
promise of value-added applications for service providers.
“Gerry Christensen, Contributing Editor,
Searchnetworking.com
 Major Competitors in MIP
• Cisco
• ipunplugged
• Secgo
• Netmotionwireless
• Giga-wave
• Intel
• Columbitech
• Lucent
• Nokia
(for more information please go to http://www.dpo.uab.edu/~amit81/index2.htm )
 Conclusion
“Wireless internet is the next big revolution being
driven by growing maturity of 3G networks and
rapidly increasing convergence of voice and data.
Mobile IP is the key technology in the evolution of
internet protocol from fixed line, fixed host routing
model to a nomadic wireless model [19].”
 References
[1] William Stallings, Wireless Communication and Networks, Pearson education Inc, 2002.
[2] http://www.hut.fi/~sponkane/tlark/10/MIP.html#luku3
[3] http://caislab.icu.ac.kr/course/2002/autumn/ice615/project/inter_DIV.ppt
[4] http://cs.engr.uky.edu/~singhal/CS685-papers/46
[5] http://www.cs.uky.edu/~singhal/term-papers/mobileIP.doc
[6]http://www.cisco.com/en/US/products/hw/routers/ps272/
products_configuratio_guide_chapter09186a0080186ffd.html
[7] http://www.cs.uky.edu/~singhal/CS685-papers/Mobile-IP.ppt
[8] http://www.secgo.com/docs/secgo_mip_whitepaper.pdf
[9] http://www.ipunplugged.com/products.asp?mi=2.3
[10] http://www.ipunplugged.com/pdf/imos_41_IPU-20040059_B.pdf
[11] http://www.birdstep.com/collaterals/mip_certification.pdf
[12] http://searchnetworking.techtarget.com
[13] http://www.thefeature.com
[14] http://www.bridgewatersystems.com
[15] http://intel.com
[16] http://www.wi-fiplanet.com/tutorials/article.php/2205821
[17] http://ctd.grc.nasa.gov/5610/publications/E-12548_pp1-7.pdf
[18] http://net.pku.edu.cn/mobile/reference7.pdf
[19] http://www.tcs.com/0_service_practices/ATC_new/Assets/downloads/Mobile_IP.pdf
Thank You.

Questions

?
Mobile IP Security
 Security issues in designing a
Mobile IP system.
• “Ingress Filtering: The mobile node uses its home
address in the packets it is sending to a corresponding
node.”[5]

• “Minimize the number of required trusted entities:

Security may be enhanced, if the number of the required
trusted entities, i.e., Home Agent, is decreased.”[5]

• “Authentication: Is the process of verifying a claimed

identity of a node as the originator of a message or the
identity of a node as the end point of a channel.”[5]
 Security issues in designing a
Mobile IP system.
• “Authorization: An organization that owns or operates a
network would need to decide who may attach to this
network and what network resources may be used by the
attaching node.”[5]

• “Non-repudiation: In the future wireless Internet, the sender

of a message should not be able to falsely deny that it
originated a message at a later time.”[5]

• “Encryption key distribution: The authentication, integrity

and non-repudiation can only be accurately provided by
using some form of cryptography which requires the
distribution/exchange of encryption key information
amongst message senders and receivers.”[5]
 Security issues in designing a
Mobile IP system.
• “Location privacy: A sender of a message should be able
to control which receivers know the location of the
sender’s current physical attachment to the network.”[5]

• “Firewall support in Mobile IP: If a Mobile Node has to

enter a private Internet network that is securely protected
by a firewall, then Mobile IP aware support at this firewall
is required. In Mobile IP this support is not provided.”[5]
 Security Associations.
• “Security associations establish trust between devices in
a peer-to-peer relationship.”[6]

• Here are two types of security associations: IPsec and

IKE.
 Security Associations.

• “IPsec Security Association (IPsec SA): requires that

separate IPsec SAs be established in each direction to
provide non-repudiation, data integrity, and payload
confidentiality.”[6]

• “Internet Key Exchange (IKE): provides negotiation, peer

authentication, key management, and key exchange.”[6]
 Summary
• “Mobile IP registration has built-in prevention of denial-
of-service attacks. Specifically, it is impossible for a Bad
Guy to lie to a mobile node’s home agent about that
mobile node’s current care-of address, because all
registration messages provide authentication of the
message’s source, integrity checking and replay
protection.”[7]
 Mobile IP

Business Sector
 Business Sector
Keywords

• IPsec

• AAA
 Factors considered to meet
Competition
General Aspects

• Interoperability

• ready to meet future changes

• compatible with Existing architecture

• Scalability

• more supporting platforms

• Cost Efficiency
 Factors considered to meet
Competition
Technical Aspects

• Failover

• Load Balancing

• Server Pools
 Major Companies in the game
• Cisco

• Hewlett Packard

• SunMicrosystems

• Secgo

• Interpeak

• ipUnplugged

• Birdstep (technology)
 Secgo Mobile Solution Features

• No dependence on Media Type

• Flexible Security

• Total Transparency to Applications

• NAT/NAPT Transversal

• Constant Reachability
 Secgo Products
• Mobile IP Server

Table 1: Snapshot of Secgo Mobile IP Server Features [8]

 Secgo Products
• Mobile IP Client

Table 2: Snapshot of Secgo Mobile IP Client Features [8]

 ipUnplugged Products [2]

• Roaming Gateway

• Roaming Client

• Roaming Server

Roaming Gateway and Roaming Server act together

 ipUnplugged Products
• Roaming Gateway

Model Max number Max encrypted

of concurrent throughput
connections

RGW 50 50 8/21 Mbit/s

Figure 1: RGW 50 [9]

RGW310 1000 44/91 Mbit/s Figure 2: RGW 310/380 [9]

RGW380 5000 300/324 Mbit/s

 ipUnplugged Mobile Solution
Features
• Mobile IP Support

• Dynamic Home IP Address Assignment

• Dynamic Home Agent Assignment

• Dynamic Provisioning of MIP/IKE keys to HA

• Mobile IP Tunneling

• Reverse Tunneling

• Triangular Routing [11]

 Birdstep Mobile IP Certification

• Mobile IP e-Learning Certification

Program Course [12]

• Price for the complete e-learning

course: USD 740