Route Optimization

ROUTE OPTIMIZATION

Mobile IPv4 route optimization

Mobile IPv4 route optimization is a proposed extension to the Mobile IPv4 protocol. It provides enhancements to the routing of data grams between the mobile node and to the correspondent node. The enhancements provide means for a correspondent node to tunnel data grams directly to the mobile node or to its foreign agent care-of address.

Route optimization messages and data structures

The route optimization extension adds a conceptual data structure, the binding cache, to the correspondent node and to the foreign agent. The binding cache contains bindings for mobile nodes' home addresses and their current care-of addresses. With the binding the correspondent node can tunnel data grams directly to the mobile node's care-of address.

Every time the home agent receives a datagram that is destined to a mobile node currently away from home, it sends a binding update to the correspondent node to update the information in the correspondent node's binding cache. After this the correspondent node can directly tunnel packets to the mobile node. Thus direct bi-directional communication is achieved with route optimization.

Direct routing with route optimization and foreign agent care-of address.

Route optimization adds four new UDP-messages to the Mobile IPv4 protocol:

Binding update informs the correspondent node or foreign agent of the mobile node's new location. It is sent by the home agent or in the case of previous foreign agent notification, by the new foreign agent, as shown in Figure 4. The binding update contains the care-of address and the home address of the mobile node and also the lifetime of the binding. It also must contain a mobile IP authentication extension. An identification number may also be present to provide a way of matching updates with acknowledgements and to protect against replay attacks.

Binding acknowledgement is sent by the correspondent node or the foreign agent in response to the binding update. It contains the mobile node's home address and a status code. It also contains an identification number, if there was one in the corresponding binding update.

Binding request is sent by the correspondent node to the home agent to request a binding update. It contains the home address of the queried mobile node and possibly an identification number.

Binding warning is sent by the previous foreign agent in response to receiving a tunnelled datagram for a mobile node for which it has a binding and for which it is not acting as the current foreign agent. The binding warning is sent to the home agent. It contains the home address of the mobile node and the address of the correspondent node that does not have up to date information of the mobile node's current care-of address. With this information the home agent can send a binding update to the correspondent node.

Binding update to correspondent node

The effect on static routes

As the correspondent node learns the care-of address of the mobile node from the binding update, it can tunnel data grams directly to the mobile node's care-of address . Thus only the first data grams are routed via the home agent. This reduces the network load and also reduces the delays caused by routing. Thus the optimization is valuable to mobile nodes that visit networks located far from their home agent.

However, the overhead caused by tunnelling is not decreased. The correspondent node's use of minimal encapsulation is a partial remedy, if both the encapsulator and the decapsulator support it. Ingress filtering may also prevent the mobile node from sending data grams directly to the correspondent node. The use of direct reverse tunnelling from the care-of address to the correspondent node's address is a possible solution to ingress filtering. However, it is not possible with foreign agent care-of addresses, since the current reverse tunnelling standard requires the foreign agent to tunnel all packets to the home agent of the mobile node.

Smooth handoffs with route optimization

In the static case the protocol is fairly simple, but handoffs somewhat complicate the situation. When the correspondent node has an out of date entry for the mobile node's care-of address it tries to send the tunnelled datagram to the mobile node's previous location and the datagram is lost. To solve this problem the protocol includes the previous foreign agent notification mechanism, which adds a binding cache to the foreign agent.

When a mobile node moves to a new sub network it sends a registration request to the new foreign agent. The registration request may contain a previous foreign agent notification extension. Upon receiving such a request the foreign agent builds a binding update and sends it to the previous foreign agent. The previous foreign agent can then, after authenticating the update, create a binding for the mobile node. With this binding it can re-tunnel data grams to the mobile node's new care-of address. The re-tunnelling requires foreign agent care-of addresses in order for the agents to act as tunnel endpoints.

The previous foreign agent notification mechanism provides temporary localization of the handoffs. It does not reduce the signalling load between the home agent and the mobile node, but reduces the number of data grams lost due to correspondent nodes with out-of date bindings.

Security considerations

Since the correspondent nodes and foreign agents have binding caches, which change the routing of data grams destined to mobile nodes, the binding updates must be authenticated. The authentication is performed in a similar manner as in base Mobile IPv4. All binding updates contain a route optimization or smooth handoff authentication extension. This extension contains a hash, which is calculated from the datagram and the shared secret.

The correspondent node and the mobile node's home agent need a security association. This association is used for the authentication of the binding updates. Since the mobile node sends a binding update directly to its previous foreign agent, they also need a security association. If the security associations are not preconfigured they can be established via a key management protocol such as ISAKMP or SKIP.

General deployment requirements

In order to make use of the binding updates the correspondent nodes must be able to process and authenticate them and be able to encapsulate data grams. To establish this, the network stacks of the operating systems require changes. Since correspondent nodes need to establish a security association with the home agent and foreign agents need to establish one with the mobile node, a widely deployed key management system is obviously needed. Otherwise only nodes with statically configured security associations can benefit from the binding updates.

Mobile IPv6 and route optimization

Main characteristics of Mobile IPv6

Whereas Mobile IP was added on top of the IPv4 protocol, in IPv6 mobility support is built into the IP-layer. In mobile IPv6 route optimization is an essential part of the protocol. Mobile nodes have a binding update list, which contains the bindings other nodes have for it. Correspondent nodes and home agents have a binding cache, which contains the home and care-of addresses of mobile nodes they have been recently communicating with. All signalling is performed via destination options that are appended to the base IPv6 header. Thus all signalling traffic can be piggybacked on data grams with a data payload, as in Figure 5.

The destination options are:

·        Binding update option, which is sent by the mobile node to its home agent and correspondent nodes to inform them of a change of location.

·                                Binding acknowledgement option, which is sent in response to the binding update.

·                                Binding request option, with which a node can request a new binding update from the mobile node, when the binding is about to expire.

 • Home address option, which the mobile node appends to all data grams it sends while away from its home network. The home address option is used to avoid the negative effects of ingress filtering by using the topologically correct care-of address as the source address and including the home address in the option. The receiving node will then copy the home address to the source address before passing the packet to any transport level protocol.

 All care-of addresses in Mobile IPv6 are co-located; thus foreign agents are not a part of the protocol. Since all nodes are only required to understand the home address option, triangle routing will occur also with mobile IPv6. However, if the correspondent node implements the draft fully, only the first data grams it sends will be routed via the home agent. The mobile node always sends a binding update to the original sender of a tunnelled datagram. With this binding the correspondent node can send data grams directly to the mobile node using a routing header.

A datagram with a routing header contains the care-of address as the destination address and the home address in the routing extension header as the final destination. Thus the datagram will be normally routed to the care-of address. When the mobile node receives a datagram with a routing header it swaps the final destination with the destination address field. The home address option and the routing header make the mobility transparent with direct routing.

The Effect on Routing

By using direct routes in both directions the consumption of network resources is minimized. The 40-byte IPv6 headers consume extra bandwidth when compared to 20 byte IPv4 headers. However the use of routing header and home address option removes the need for constant tunnelling, thus decreasing the bandwidth consumption. Although they both add overhead to packets they still are considerably smaller than IPv6 headers, which would be used in tunnelling. The destination options used for signalling can be piggybacked [4] which decreases the signalling overhead considerably, since the options are relatively small when compared to UDP packets.

The effect on handoffs

The IPv6 mobility support provides the previous router notification mechanism, with which the amount of lost of packets in handoffs can be reduced. In IPv6 the mobile node sends a binding update directly to the previous router, which consumes more bandwidth but is faster than the mechanism used with Mobile IPv4 route optimization.

Problems solved

Mobile IPv6 provides improvements on routing and signalling efficiency. As the signalling can be mostly piggybacked on data packets there will be considerably less signalling overhead between the mobile node and the correspondent nodes than in mobile IPv4 route optimization between the home agent and the correspondent nodes. The minimum requirements for the correspondent node provide at least triangle routing even in the worst case, since care-of address can be used as the source address. Hosts that are likely to communicate with mobile nodes will probably implement the binding cache and communicate directly with the mobile node. In both cases the routing saves network capacity and decreases delays, when compared to reverse bi-directional tunnelling between the mobile node and correspondent node.

The key management problem is not solved Mobile IPv6 does not solve the key management problem, but the integration of IPSec into IPv6 is likely to result in support for key management protocols in most operating systems implementing IPv6.