ip mobility technologies - …d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/brkrst-2370.pdfan overview...
TRANSCRIPT
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Session Details
3
Mobility is a very important current BUZZ topic in the industry. However, it is also a topic which means many different things depending on who speaks about it. This session will demystify what Mobility means and how network architectures and internet protocols deliver the “mobility” experience.
An overview of Mobility use cases will be given and demonstrated to generate the participants feedback in the marketing exercise which consists of determining if such and such use case is a valid one the industry should be concerned of. This initial discussion will abstract the network architectures and focus on the user experience. The discussion will then refocus on current network architectures which deliver Mobility as it is mostly understood by many, hence Mobile Cellular and Enterprise WLAN architectures, highlighting protocols such as GTP, MIP/PMIP, and CAPWAP.
The session will then dive more into protocol details and see how these compare in delivering a Mobility experience. The previous protocols such as GTP, MIP/PMIP and CAPWAP will be compared in detail but others such as LISP, SCTP, MPTCP, SIP & “pure application level Mobility” will also be inserted in the comparison. Through this wide set of protocol examples, we will highlight the common mechanisms that are required for Mobility. This will allow the participants to understand that throughout the differences in the proposed protocols, many fundamentals remain the same and are simply implemented at various levels of the OSI stack. The conclusion will focus on how these technologies can and will insert into current architectures and deployments.
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Agenda
Why Session Persistency
Session Persistency Facts
Some Protocols in Detail
Protocol Comparison
Client Impacts
Summary
5
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
The Mobile Internet is Changing Everything
7
More Broadband
New Pricing
New Devices
New Applications
Video will be 66% of mobile traffic by 2014. 7
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Cisco Visual Networking Index (VNI) Global Mobile Data Traffic Forecast Update Increasing Average Mobile User; Traffic per Month
8
Source: Cisco VNI Global Mobile Data Traffic Forecast, 2012–2017
2012 2017 GLOBAL
Global MB per Month
BY REGION
North America
United States
Canada
201
753
763
638
2,037
6,176
6,302
4,929
BY COUNTRY
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Small Cell Market Drivers for Change
Attractive
Economics
of Offload
Growth in
Mobile Data Lack of
Spectrum
Anytime
Anywhere
Access to
Data
Increase in
Indoor
Consumption
High growth opportunities are attracting intense competition
9
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Drivers For Change: Scaling Supply
10
Source: Agilent
2010 2011 2012 2013 2014 2015
3.8 EB per Mo
0.24 EB per Mo
6.3 EB
per Mo
2.2 EB
per Mo
1.2 EB
per Mo
0.6 EB
per Mo
92% CAGR 2010–2015
1000
100
10
1 1990 1995 2000 2005 2010 2015
Gro
wth
Spectrum
Average
Macrocell
Efficiency
Macrocell
Capacity
26x
Growth
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
“Offloading” Traffic To Small Cells 66% of Mobile Traffic to be Offloaded from Macro RAN by 2017
11
0.0
1.0
2.0
3.0
4.0
5.0
6.0
2012 2013 2014 2015 2016 2017
Ex
ab
yte
s p
er
Mo
nth
Offload Traffic from Mobile Devices
Cellular Traffic from Mobile Devices
66%
34%
Source: Cisco VNI Global Mobile Data Traffic Forecast, 2012–2017
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Community Wifi Example NY MSOs & Paris (Free Wifi, SFR WIFI)
12
People activating the service at home can connect on other residential hotspots
Large Scale Requirements (Million of APs, Million of IP addresses)
Security requirements for private / public traffic segregation, fraud prevention and billing
Roaming requirement between APs
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
User experience is what defines Session Persistency
Mobile Networks have always been designed in such a way that roaming / mobility events do not impact user traffic and allow sessions to be persistent
However the quality of persistence is the key factor to consider: No perception of any change by user
Application stalls and resumes
Application stalls and can not recover
Some applications may be more sensitive than others in the sense that the use experience is more degraded.
Main question : what is a session ? An IP transport/session flow identified by some ID
An application flow identified by some application ID ( HTTP cookie, Video ID, Application state maintained on both sides )
Other …
14
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Common User Applications
15
Standard Real Time
Conferencing
Business
&
Productivity
Video
Streaming
Collaboration Tools
Email applications
1. Loss of packets on bearer
channel (RTP/UDP) acceptable
2. Loss of packets on control
channel (SIP/TCP/RCTP)
unacceptable
3. Not tolerant to delay, latency,
errrors
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
An Introduction to the Mobility Challenges
16
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Network Anchors exist in all the Cellular Architectures
17
GGSN
SGSN
Serving
RNC
Node B
La
ye
r 3
3GPP
HSPA 3GPP2
EVDO
SAE
GW
MME
eNode B
CSN
ASN
GW
Base
Station
3GPP
SAE/LTE WIMAX
MAG/
LMA
eBTS
3GPP2
UMB
IP
IP IP IP
Mobile Networks Evolution
PDSN
PDSN
PCF
BS
IP
HA PDN
GW HA
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
WLC Cluster Resources
Network Anchor exist also in the 802.11 Environment
Enterprise LWAPP/CAPWAP Infrastructure also bring an anchor point for the 802.11 networks
18
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobility / Session Persistence Mechanisms
19
Layer 2 Layer 3 Layer 4 Application Layer
Ethernet Spanning Tree
LAM ( Local Area Mobility )
:
host routes
SCTP SSL Reconnect
PPP
MIPv4/v6
DSMIP
PMIP
MTCP
(Multipath TCP) SIP Re-Invite
GTP LISP ILNP Adaptive Video
EthoIP / EthoGRE VPNs WAAS …
MOBIKE …
HIP
LISP
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobility & The OSI Layers
20
L2 is fast, but not scalable
L3 scales well, support multiple L2 links and is application independent
L4/5 session management provides end to end session identification, path optimization
Application layers provide application recovery when all else has failed. Can be very application specific
L2 L3
L4/5
L7
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobile IPv6 Protocol Summary
RFC 2460 : Internet Protocol, Version 6 (IPv6) Specification
RFC 3775 : Mobility Support in IPv6
RFC 4225 : Mobile IP Version 6 Route Optimization Security Design Background
Move Detection &
Location Discovery
Topology Data Propagation
Topology Establishment
Location Database &
Tunnel Creation
Control Signaling
Agent Discovery
Registration Process
23
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
HA
MIPv6 Overview
24
MN 2001:1:1:1::2 /64
CN 2001:2:2:2::1 /64
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
Mobile Node is at home
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
HA
MIPv6 – MN Roaming
MN 2001:1:1:1::2 /64
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
Internet
?
2001:3:3:3:: /64
2001:1:1:1:: /64
MN moves to foreign network
25
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
HA
MIPv6 – MN Dynamic Addressing
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
Internet
?
2001:3:3:3:: /64
Prefix
MN receives new prefix on foreign network
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
26
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
MN auto configures prefix as CoA
CN 2001:2:2:2::1 /64
HA
MIPv6 – MN CoA
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address
Internet
?
2001:3:3:3:: /64
CoA: 2001:3:3:3::2 /64
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
27
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
HA
MIPv6 – MN Binding
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
Internet
?
2001:3:3:3:: /64
BU
MN sends BU to HA with CoA
CoA: 2001:3:3:3::2 /64
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
28
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
MIPv6 – HA Binding Acknowledgment
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation
Internet
?
2001:3:3:3:: /64
BA
HA acknowledges BU back to MN
CoA: 2001:3:3:3::2 /64
DAD
HA
HA sends NS with the Home Address of the MN
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
29
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
HA
MIPv6 – HA Binding Cache
AR
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
Internet 2001:3:3:3:: /64
BINDING CACHE
HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes
HA creates BC for MN to tunnel packets
CoA: 2001:3:3:3::2 /64
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
30
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
HA
MIPv6 – CN to MN Traffic
AR Internet 2001:3:3:3:: /64
2001:2:2:2::1 2001:1:1:1::2 DATA
BINDING CACHE
HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
CN sends ping to MN (2001:1:1:1::2 /64)
CoA: 2001:3:3:3::2 /64
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
31
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
AR Internet 2001:3:3:3:: /64
CN 2001:2:2:2::1 /64
MIPv6 – HA to MN Tunneling
HA
BINDING CACHE
HAddr CoA HA 2001:1:1:1::2 /64 2001:3:3:3::2 /64 Yes
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
HA Encapsulates and forwards ping to CoA
CoA: 2001:3:3:3::2 /64
2001:1:1:1:: /64
MN 2001:1:1:1::2 /64
32
2001:2:2:2::1 2001:1:1:1::2 DATA 2001:1:1:1::1 2001:3:3:3::2
ENCAPSULATION
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
MIPv6 allows MN to detect and securely optimize route to CN
MIPv6 – Route Optimization
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
HA
CoA: 2001:3:3:3::2 /64
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
HoTi – Home Test Init CoTi – Care-of Test Init
CN 2001:2:2:2::1 /64
MN 2001:1:1:1::2 /64
Optimal Route
Sub-Optimal Route
33
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
MN initiates return routability test
MN sends HoTi packet through HA
and CoTi directly to CN
CN 2001:2:2:2::1 /64
MIPv6 – Return Routability Test – Step 1
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
HA
CoTi CoA: 2001:3:3:3::2 /64
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
HoTi – Home Test Init CoTi – Care-of Test Init
HoTi
MN 2001:1:1:1::2 /64
HoTi
34
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN replies to HoTi/CoTi by sending key split between HoT and CoT messages
MIPv6 – Return Routability Test – Step 2
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
CoA: 2001:3:3:3::2 /64
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache HoT – Home Test
CoT – Care-of Test
MN 2001:1:1:1::2 /64
HoT
CoT
HA
HoT
CN 2001:2:2:2::1 /64
35
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
MN sends BU to CN signed with key assembled from HoT/CoT messages
CN 2001:2:2:2::1 /64
MIPv6 – Return Routability - Completed
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
HA
BU CoA: 2001:3:3:3::2 /64
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache HoT – Home Test
CoT – Care-of Test
MN 2001:1:1:1::2 /64
36
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
MIPv6 – CN Binding Acknowledgement
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
HA
CN 2001:2:2:2::1 /64 BA
CN acknowledges BU with BA back to MN
CoA: 2001:3:3:3::2 /64
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
MN 2001:1:1:1::2 /64
37
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN 2001:2:2:2::1 /64
MIPv6 – Home Address Option
AR Internet
2001:1:1:1:: /64
2001:3:3:3:: /64
HA
MN sends packet to CN with HAddr option
CoA: 2001:3:3:3::2 /64 2001:2:2:2::1 2001:3:3:3::2 DATA 2001:1:1:1::2
HAddr
CN process packet by replacing SA with HAddr
before sending to upper layers
HA – Home Agent AR – Access Router
CN – Correspondent Node MN – Mobile Node
CoA – Care of Address BU – Binding Update
BA – Binding Acknowledgement DAD – Duplicate Address Discovery
NS – Neighbor Solicitation BC – Binding Cache
HAddr – Home Address
MN 2001:1:1:1::2 /64
38
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobile IPv6 Registration
IPinIP
Bi-directional Tunnel
39
MN Access Router HA1 CN
Acquired IP address
on the visit network
(used as Care-of-Addr)
Use HA anycast
address
Use the 1st HA address
Create HA Cache
Data Traffic
Create Binding Cache
Data Traffic
RS
RA
DHAAD Request
DHAAD Reply (home agent list)
Binding Update (BU)
Binding Ack. (BA)
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
What is Proxy Mobile IPv6?
This network based mobility solution
Mobile node is not aware when it moves to a new access “link”/ access router (i.e. home network emulation)
Re-use of Mobile IPv6 protocol, though signaling and tunneling between access router and anchor router
Enhancements for signaling between access router and anchor router to support many mobile nodes
Enhancements for signaling for access routers to support mobile node moving between them (e.g. message sequencing)
40
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
PMIPv6: IPv6 Domain Join sequence
41
AAA CN MN
AAA Request (MN-Identifier,…) Access to a new IP Link
MAG1 LMA
AAA Response (MN authorization, MN-ID acquisition…)
MN attached
event
PBU (MN-ID1, MAG1…) Router Solicitation (IPv6 prefix)
LMA adds entry to BC
ID Prefix MAG
(Proxy-COA)
MN-ID1 Pref1::/64 MAG1
PBA (MN-ID1, MAG1, Pref1::/64…)
1
2
3 4
5
6
LMA Sets up a Bidir. Tunnel 7
Router Advertisement (Pref1::/64) 8
Hold by MAG1
IPv6 header (src=Proxy-COA, dst=LMA_ADDR) IPv6 header (src=MN_ADDR, dst=CN_ADDR)
IPv6 header (src=LMA_ADDR, dst=Proxy-COA) IPv6 header (src=CN_ADDR, dst=MN_ADDR)
Mobile Profile Retrieval
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Simple handoff from one MAG to the other MAG, over the same MN interface. This handoff will update an existing mobility session.
MAG1 MAG2
LMA
Before: Wi-Fi
After: Wi-Fi
MAG1
MAG2 LMA
Before: Wi-Fi
After: 4G
Inter-technology handoff from one MN interface to a different MN interface. This handoff will update an existing mobility session
Handoffs should be fully transparent
A note on Handoffs
42
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
3GPP System Logical Architecture
44
Gf
Uu
Um
D
Gn
Iu
Gc
C E
Gp
Gs
Signalling and Data Transfer Interface
Signalling Interface
MSC/VLR
TE MT UTRA N TE PDN
Gr Iu
HLR
Other PLMN
SGSN
GGSN
Gd
SM-SC SMS-GMSC
SMS- IWMSC
GGSN
EIR SGSN
Gn CGF
Ga
Billing
System
Gb
TE MT BSS
R
A
R
CA MEL GSM
SCF
Ge
Ga
Gi
PLMN=Public Land Mobile Network
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
3GPP R7 System Packet Core
45
NodeB
SGSN RNC Iu-PS
UE
PCRF
MAP
HLR
3G GGSN
Gn
L2
RLC
PDCP
WCDMA
IP
Direct Tunnel allows
SGSN to remove itself
from data plane.
Mobility controlled by
SGSN
MAC-
HS
MAC
RLC
PDCP
WCDMA
MAC-
HS
MAC
UDP
GTP-U
L1
IP
L2
UDP
GTP-U
L1
IP
IP
USER PLANE
Gn Gx
SGSN
PCRF
MAP
HLR
3G GGSN
Gn Gx
SGSN
Gn
MAP
L2
UDP
GTP-C
L1
IP
L2
UDP
GTP-C
L1
IP
CONTROL PLANE
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
3GPP R8 System Packet Core
46
eNodeB
MME
S1-MME
UE
PCRF
S6a HSS
SGW
S1-U
USER PLANE
S5/S8
Gx
MME
PCRF
DIAMETER HSS
SGW
GTPv2
Gx
L2
UDP
GTP-C
L1
IP
L2
UDP
GTP-C
L1
IP
CONTROL PLANE
PGW
S11
IP
L1
L2
IP (user)
IP
UDP
GTP-U
L1
L2 MAC
RLC
PDCP
OFDMA
IP (user)
MAC
RLC
PDCP
OFDMA
IP
UDP
GTP-U
L1
L2
IP
UDP
GTP-U
L1
L2
PMIP S1-U
36.414 GRE GRE UDP
PMIP GTP-U S5/S8
29.274
(GTP)
-
29.275
(PMIPv6)
SGW
PGW GTPv2
L2
UDP
GTP-C
L1
IP
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
GTP Mobility
47
RNC
3G SGSN
GGSN
NodeB
1. 3GPP Direct Tunnel
2. 3GPP LTE/EPC
NodeB
RNC
MME
SGW
NodeB
NodeB
RNC
MME
SGW
PGW
Zero Packet Lost
Traffic Forwarding
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
3GPP Pre-R8 Mobility
48
Decision to Move
Old RNC New RNC Old SGSN GGSN NodeB UE New SGSN GTP-U Tunnel
Relocation Request
Relocation Request
Relocation Request
Radio Bearer Establishment
Tunnel Downlink
Relocation Procedure to move to NEW RNC and SGSN
Update PDP Context Request
GTP-U Tunnel
Update PDP Context Response Release of Resources OLD
1) User moves to a new
RNC
2) Forward downlink
traffic between Source
and Target RNC done
before GTP-U is
updated
3) Duplicated traffic
handled by Target RNC
4) Once GTP-U tunnel is
modified Resources in
source RNC are
removed
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
GTP Tunnel Management Messages
49
Update Session
Delete Session
Create Session
• Create PDP Context Request/Response
(GTPv1)
• Create Session Request/Response
(GTPv2)
• Create Bearer Request/Response
(GTPv2)
• Bearer Setup Request/Response
(GTPv2)
• Delete PDP Context Request/Response (GTPv1)
• Delete Session Request/Response (GTPv2)
• Delete Bearer Request/Response (GTPv2)
• Update PDP Context Request/Response
(GTPv1)
• Update Bearer Request/Response (GTPv2)
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Important IEs in the Create PDP Context Request
IMSI, MSISDN, End User Address, Access Point Name (not needed for secondary PDPs)
Tunnel Endpoint Identifier Data I
Tunnel Endpoint Identifier Control Plane
NSAPI, linked NSAPIs (for secondary PDP contexts; linked to the primary NSAPI)
SGSN address (signaling, data traffic)
QoS Profile
Protocol Configuration Options (sent transparently from MS to GGSN e.g. user name, password etc.)
50
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Application
Socket API
Transport
Network
Link
SMTP, HTTP, etc.
TCP, UDP, SCTP, MPTCP
IPv4, IPv6, MIP, LISP
Ethernet, 3G, WiFi
Transport Layers
52
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Transport Layer Developments
SCTP: Stream Control Transmission Protocol
– Cisco-initiated, first standardized in IETF in 2000, now rising interest
– Significant performance improvements over TCP for transport
– Two mobility mechanisms introduced multihoming and multipathing
MPTCP: Multipath TCP
– Since 2008
– Useful ideas and algorithms, particularly multipath congestion management
Minions
53
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Connection Initiation of TCP and SCTP
TCP prone to SYN packet flood (denial of service attack).
SCTP protects against this type of attack by 4-way handshake and introduction of cookie.
Data is allowed to move in cookie-echo and cookie-ack packets
54
HTTP GET
HTTP GET HTTP GET
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
SCTP Call Flow
The association establishment in SCTP, uses the four-way handshake.
During association startup, a list of transport addresses (i.e. IP address-port -pairs) is provided between the communicating entities.
The ADDIP extension used in mSCTP supports dynamic address reconfiguration.
55
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
SCTP: Multi-Streaming
56
Lost
Packet
SCTP
Association
TCP Connection
Stream 0
Stream 1
Stream 2
Lost
Packet Data packets blocked by
packet loss ahead. HOL
occurs on the entire
connection
Data packets in stream 0
blocked by packet loss
ahead. HOL occurs only
on stream 0
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
What is LISP
58
Locator and ID Separation Protocol
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public 59
LISP creates “Level of Indirection” with ID and Locator through Dynamic Mapping
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Internet
Device IPv4 or IPv6
address represents
identity and location
1.1.1.1
What do we mean by “Location” and “ID”
60
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Internet
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1 Device IPv4 or IPv6
address represents
identity and location
What do we mean by “Location” and “ID”
61
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
What do we mean by “Location” and “ID”
62
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
LISP Behavior
Loc/ID “split” Internet
1.1.1.1
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
What do we mean by “Location” and “ID”
63
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Device IPv4 or IPv6
address represents
identity only.
LISP Behavior
Loc/ID “split” Internet
1.1.1.1
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
What do we mean by “Location” and “ID”
64
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Device IPv4 or IPv6
address represents
identity only.
LISP Behavior
Loc/ID “split” Internet
3.3.3.3 1.1.1.1
Its location is here!
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
What do we mean by “Location” and “ID”
65
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Device IPv4 or IPv6
address represents
identity only.
LISP Behavior
Loc/ID “split” Internet
3.3.3.3 4.4.4.4
1.1.1.1
1.1.1.1
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
What do we mean by “Location” and “ID”
66
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Device IPv4 or IPv6
address represents
identity only.
When the device moves, keeps
its IPv4 or IPv6 address.
It has the same identity
LISP Behavior
Loc/ID “split” Internet
3.3.3.3 4.4.4.4
Only the location changes
Internet
Device IPv4 or IPv6
address represents
identity and location
Today’s Internet Behavior
Loc/ID “overloaded” semantic
1.1.1.1
2.2.2.2
When the device moves, it gets
a new IPv4 or IPv6 address for
its new identity and location
1.1.1.1
1.1.1.1
What do we mean by “Location” and “ID”
67
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Roaming Control Plane
68
Map-Resolver
LISP-ALT LISP-ALT
LISP-ALT LISP-ALT
Map-Server
Map-Resolver Map-Resolver
EID: 153.16.2.1 EID: 153.16.3.1
3.3.3.3 -> 65.1.1.1 LISP AH Map-Register
153.16.1.1 -> (3.3.3.3, 4.4.4.4)
153.16.1.0./24
EID: 153.16.1.1
Legend:
EIDs -> Green, RLOCs -> Red
3G network -> 3.0.0.0/8
4G network -> 4.0.0.0/8
BGP-over-GRE
Map-Register
BGP update
65.1.1.1
(1) No matter where MN3 roams, MN1 and MN2 can find it’s locator by using the database mapping system.
MN1 MN2
(2) Only the Map-Server will store 153.16.1.1/32 state with the latest set of RLOCs.
(3) Data always travels on shortest path to and from MN.
MN3
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Roaming Data Plane
69
Map-Cache entry:
EID-prefix: 153.16.1.1/32
RLOC-set:
4.4.4.4, priority: 1, weight: 50
3.3.3.3, priority: 1, weight: 50
DNS entry: mn.abc.com A 153.16.1.1
Provider A 1.0.0.0/8
Provider B 2.0.0.0/8
S
ITR
ITR
4G Provider 4.0.0.0/8
S1
S2
LISP EID-prefix 10.0.0.0/8
Legend: EIDs -> Green, Locators -> Red
EID: 153.16.1.1
3.3.3.3
4.4.4.4
WiFi Provider 5.0.0.0/8
EID: 153.16.1.1
4.4.4.4
5.5.5.5
MN roams, stays multi-homed and TCP connection does not reset
Map-Cache entry:
EID-prefix: 153.16.1.1/32
RLOC-set:
4.4.4.4, priority: 2, weight: 100
5.5.5.5, priority: 1, weight: 100
10.0.0.1 -> 153.16.1.1
1.0.0.1 -> 4.4.4.4 10.0.0.1 -> 153.16.1.1
3G Provider 3.0.0.0/8
10.0.0.1 -> 153.16.1.1
1.0.0.1 -> 5.5.5.5
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
LWAPP
Centralized Wireless LAN Architecture LWAPP Protocol
LWAPP - Light Weight Access Point Protocol is used between APs and WLAN Controller
LWAPP carries control and data traffic between the two
– Control plane is AES-CCM encrypted, Authentication by X.509 Cert.
– Data plane is not encrypted
It facilitates centralized management and automated configuration
Open, standards-based protocol (Submitted to IETF CAPWAP WG)
71
Access Point Controller
WiFi Client
Business Application
Control Plane
Data Plane
Client
X.509
Certificate
Server
X.509
Certificate
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Division of Labor—Split MAC
72
LWAPP Tunnel
Lightweight
Access Point
WLAN
Controller
Ingress/Egress point from/to
switched/routed wired
network (802.1Q trunk)
Switched/routed wired network
Control messages
Data encapsulation
Real-time 802.11/MAC functionality:
• Beacon Generation
• Probe Response
• Power management/Packet buffering
• 802.11e/WMM scheduling, queueing
• MAC layer data encryption/decryption
• 802.11 control messages
Data encapsulation/de-encapsulation
Fragmentation/De-fragmentation
Non real-time 802.11/MAC functionality:
• Assoc/Disassoc/Reassoc
• 802.11e/WMM resource reservation
• 802.1X/EAP
• Key management
802.11 Distribution services
Wired/Wireless Integration services
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Division of Labor—Split MAC Illustrated
802.11 Beacon
Probe Request
Probe is Processed by
the AP and forwarded to
the controller
Probe
Response
802.11 Authentication/
Association
Add Mobile
(Cleartext, 802.1X Only)
802.1X Authentication & 802.11i
Key Exchange
Add Mobile (AES-CCMP, PTK)
802.11 Action Frames
802.11 Data
Encryption/Decryption of
RF Packets handled at
the AP
LWAPP Tunnel
73
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Intra-Controller Roaming
Intra-Controller roam happens when an MN moves association between APs joined to the same controller
Client must be re-authenticated and new security session established
Controller updates client database entry with new AP and appropriate security context
No IP address refresh needed
74
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Layer-2 Roaming—Inter-Controller
75
Client must be re-authenticated and new security session established
Client database entry moved to new controller
No IP address refresh needed
L2 Inter-Controller roam happens when a MN moves association between APs joined to the different controllers but client traffic bridged onto the same subnet
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Layer-3 Roaming—Inter-Controller
76
L3 Inter-Controller roam happens when an MN moves association between APs joined to the different controllers but client traffic bridged onto different subnet
Client must be re-authenticated and new security session established
Client database entry copied to new controller
Original controller tagged as the “Anchor”
New controller tagged as the “Foreign”
No IP address refresh needed
Asymmetric traffic path established
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Layer-3 Roaming—Symetric Roaming
77
Foreign controllers will send Layer 3 roaming client’s packet back to its anchor controller through EtherIP tunneling
Source IP address of the packet will be the foreign controller’s management IP address
Upstream routers that have Reverse Path Forwarding (RPF) will forward on packets
Configurable option in software release 4.1
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Maintaining a VPN session with Mobike
79
Internet
Node A
Local Area Network Network A
MOBIKE
Gateway
Local IP 10.1.1.1
VPN IP 192.168.1.50 192.168.1.1 10.1.1.100
Bearer Traffic
Outer Source IP Outer Destination IP Inner Source IP Inner Destination IP
10.1.1.1 10.1.1.100 192.168.1.50 192.168.1.5 Node A
Local IP 10.2.1.1
VPN IP 192.168.1.50 Bearer Traffic
Outer Source IP Outer Destination IP Inner Source IP Inner Destination IP
10.2.1.1 10.1.1.100 192.168.1.50 192.168.1.5
Move
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobike Call Flow
80
Internet
Node A MOBIKE
Gateway
Local IP 10.1.1.1
VPN IP 192.168.1.50 192.168.1.1 10.1.1.100
Bearer Traffic
Outer Source IP Outer Destination IP Inner Source IP Inner Destination IP
10.1.1.1 10.1.1.100 192.168.1.50 192.168.1.5 Node A
Local IP 10.2.1.1
VPN IP 192.168.1.50
Bearer Traffic
Outer Source IP Outer Destination IP Inner Source IP Inner Destination IP
10.2.1.1 10.1.1.100 192.168.1.50 192.168.1.5
INFORMATIONAL request
(UPDATE_SA_ADDRESS)
Source IP = 10.2.1.1 Destination IP=10.1.1.100 INFORMATIONAL response
Source IP = 10.1.1.100 Destination IP=10.2.1.1
Move
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Webex SSL reconnect
82
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Webex SSL reconnect
83
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Video Adaptive Bit Rate Solutions
Apple HLS ( HTTP Live Streaming )
MS Silverlight
– MediaElement.BufferingTime defaults to 5 seconds
– smooth HD
Adobe Flash
– Zeri engine
MPEG DASH ( Dynamic Adaptive Streaming over HTTP )
84
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
3GPP Based Small Cell MNO Integration Trusted Non-3GPP Access
86
Swm SP WiFi
Access:
Trusted
WLAN
Access GW
“TWAG”
STa
SP Wi-Fi Access
Network
Conventional MNO
HSS MME
GERAN
UTRAN
E-UTRAN IP
Services
Serving
Gateway PDN
Gateway
3GPP
AAA PCRF
S2a
S5 S1
S6a
Gx
Swx
Device
Integrated EPC
Subscriber Control
And Services
SP WiFi as Trusted
Non-3GPP Access
Integrated Mobility
IFOM behaviours ?
Single IP across
Different RATs
IP
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Protocol Comparison Criterias
88
Session initialization overhead / complexity
Session Persistency efficiency
Handover signalisation change
Optimized route
Security
•Initial Authentication
•Man in the middle attacks
•Privacy
Multipath / multilink support
Policy Control
The transition mechanisms from today to tomorrow
•Deployability
•Business models
Analysis Criteria
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Handover Packet Loss
89
The two causes for packet loss are:
• A physical layer change disrupting layer 1 communication
• change of a radio frequency
• A logical mismatch between a MN and a CN
• time to acquire a new IP address, if no other available
•change of a tunnel endpoint IP address and duration to logically rebuild the tunnel
• propagation time for the update message to reach the other side
Single versus multiple bearers
• Packet loss is unavoidable when using a single bearer due to physics change
• Buffering and forwarding buffered packets is the only choice
• Using multiple bearers can allow zero packet loss if anticipating layer 2 disruptions
L2
Network Access Authentication Movement Detection
Data Packets Data Packets
New Address Configuration
& Follow up Movement
detection Mobility
Signaling
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Handover signaling plane performance & security
Register a new location IP address : ~ All solutions equivalent GTP : Update PDP Context
MIPv4: RRQ
MIPv6: BU
PMIPv6 : PBU
SCTP: Add address
Multipath TCP: Add address
Secure the registration of a new IP address : Network solutions more secure GTP : secure since originated by a network device
MIPv4: weak authentication ( based on HMAC-MD5 hash )
MIPv6: based on IPv6 IPSEC between MN and HA ( requires 3 RT packet exchange )
SCTP: requires security, RFC negates shared key and negotiated key. Private/Public key best.
Multipath TCP: requires some security, mechanisms open
LISP MN : requires security, mechanism open
90
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
CN MN
Anchoring Point
Optimized Routing Not available in network based solutions
91
Infrastructure
Traffic flow without RO
Traffic flow with RO
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobility Updates Security Options
Network based solutions :
– User Network Authentication is the key and then messages are exchanged between trusted entities:
Application level solutions:
– Shared keys : impossible on internet scale
– Negotiatiated keys at session initiation – Can be spoofed ( as specified in SCTP RFC )
– PKI – Requires both MN and CN to support the algorythms
– Only MN needs a private / public key pair
92
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Mobility & Location Privacy
End2End mobility allows a CN to know of any IP address change from the MN.
IP addresses can be used to know your location:
“netstat –on” gives the peers you communicate with
http://whatismyipaddress.com/
93
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Multipath
User definable policies to route traffic to a specific mobile path (direct or tunnel based on solution)
Application classification based on port number, DSCP, protocol type, IP addresses
Flow routing policies must match on both sides
94
High speed link
MAG or ITR
int3
C
D
C
Vi
Vo
D
Vo
Routing
Policy
Vi
Routing
Policy
Vi
C
D
Vo C
int1 Low latency link
Reliable link MAG or ITR
MAG or ITR
int2
Protect business important application
Better application performance
Control wireless cost
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Parameters for Multipath
95
Interface / IP route availibility : based on layer 2 / 3
Available bandwith theoretical ( based on layer 2 )
Path management ( based on layer 4 ) :
Available
Congested
Broken
Application flow split ( signalling versus data or multiple data channels )
Application dynamic adjustment: codec adaptation
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
IP Policy Management
96
Connection Manager
Methods : 802. 1x / EAP / WISPR / propriatary
Port Managers
Network Persistency
Manager
WiFi
PM
Port
3G
PM
Port
CDMA
PM
Port
WiMAX
PM
Port
Satellite
PM
Port
Ethernet
PM
Port
Sate
llit
e
WiF
i IP
3G
IP
CD
MA
IP
WiM
AX
IP
Sate
llit
e
IP
Eth
ern
et
IP
Policy Client
(ANDSF)
+
Geoloc Services
(MSE)
NP & RO Interfaces
Eth
ern
et
CD
MA
WiM
AX
WiF
i
3G
L3 Mobility Protocol – Mobile IP
L3 Mobility Protocol – SSL
L3 Mobility Protocol - ???
Local Applications / Endpoint
NP Virtual Interface
Local Sensors Admin Tools
Ingress Interfaces
Mobile Apps
Satellite
Ethernet
CDMA
WiMAX
WiFi
3G Connection
Policies
Application
Routing
Policies
Connection P
rofile
s
WiF
i W
iFi IP
Eth
ern
et
IP
Eth
ern
et
MR Ingress Interfaces
Routing Manager
WiFi
PM
Port Port
Roaming Interfaces
Identities
User/pwd
SIM
Certs
Path Manager SCTP API
Path
Management
Policies
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Protocol Comparison Criterias
98
Session initialization overhead / complexity ~ Equivalent
Session Persistency efficiency
Handover signalisation change
Performance is ~equivalent for all
Scale differs between Layer 3 solutions and Upper layer
Optimized route Strength of LISP and transport solutions
Security and scale concerns
Security
•Initial Authentication
•Man in the middle attacks
•Privacy
Possible solutions for all
Scale concerns with 1 to many security associations : PKI
Multipath / multilink support
Policy Control Strong dependency on device support
The transition mechanisms from today to tomorrow
•Deployability
•Business models
Layer 3 solutions possible as of today in SP with GTP / PMIP correlation
PMIP and LISP in ENT – still need enhancements.
ENT can use CAPWAPP today for most needs
Analysis Criteria Proposals
© 2013 Cisco and/or its affiliates. All rights reserved. BRKRST-2370 Cisco Public
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Cisco Daily Challenge points for each session evaluation you complete.
Complete your session evaluation online now through either the mobile app or internet kiosk stations.
99