DMM | D. Liu, Ed. |
Internet-Draft | China Mobile |
Intended status: Informational | JC. Zuniga, Ed. |
Expires: April 2, 2015 | InterDigital |
P. Seite | |
Orange | |
H. Chan | |
Huawei Technologies | |
CJ. Bernardos | |
UC3M | |
September 29, 2014 |
Distributed Mobility Management: Current practices and gap analysis
draft-ietf-dmm-best-practices-gap-analysis-08
This document analyzes deployment practices of existing IP mobility protocols in a distributed mobility management environment. It then identifies existing limitations when compared to the requirements defined for a distributed mobility management solution.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 2, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Existing network-layer mobility management protocols have primarily employed a mobility anchor to ensure connectivity of a mobile node by forwarding packets destined to, or sent from, the mobile node after the node has moved to a different network. The mobility anchor has been centrally deployed in the sense that the traffic of millions of mobile nodes in an operator network is typically managed by the same anchor. This centralized deployment of mobility anchors to manage IP sessions poses several problems. In order to address these problems, a distributed mobility management (DMM) architecture has been proposed. This document investigates whether it is feasible to deploy current IP mobility protocols in a DMM scenario in a way that can fulfill the requirements as defined in [RFC7333]. It discusses current deployment practices of existing mobility protocols and identifies the limitations (gaps) in these practices from the standpoint of satisfying DMM requirements. The analysis is primarily towards IPv6 deployment, but can be seen to also apply to IPv4 whenever there are IPv4 counterparts equivalent to the IPv6 mobility protocols.
The rest of this document is organized as follows. Section 3 analyzes existing IP mobility protocols by examining their functions and how these functions can be configured and used to work in a DMM environment. Section 4 presents the current practices of IP wireless networks and 3GPP architectures. Both network- and host-based mobility protocols are considered. Section 5 presents the gap analysis with respect to the current practices.
All general mobility-related terms and their acronyms used in this document are to be interpreted as defined in the Mobile IPv6 base specification [RFC6275], in the Proxy Mobile IPv6 specification [RFC5213], and in the Distributed Mobility Management Requirements [RFC7333]. These terms include mobile node (MN), correspondent node (CN), home agent (HA), Local Mobility Anchor (LMA), Mobile Access Gateway (MAG), centrally depoyed mobility anchors, distributed mobility management, hierarchical mobile network, flatter mobile network, and flattening mobile network.
In addition, this document also introduces some definitions of IP mobility functions in Section 3.
In this document there are also references to a "distributed mobility management environment." By this term, we refer to a scenario in which the IP mobility, access network and routing solutions allow for setting up IP networks so that traffic is distributed in an optimal way, without relying on centrally deployed mobility anchors to manage IP mobility sessions.
The host-based Mobile IPv6 (MIPv6) [RFC6275] and its network-based extension, Proxy Mobile IPv6 (PMIPv6) [RFC5213], as well as Hierarchical Mobile IPv6 (HMIPv6) [RFC5380] are logically centralized mobility management approaches addressing primarily hierarchical mobile networks. Although these approaches are centralized, they have important mobility management functions resulting from years of extensive work to develop and to extend these functions. It is therefore useful to take these existing functions and examine them in a DMM scenario in order to understand how to deploy the existing mobility protocols to provide distributed mobility management.
The main mobility management functions of MIPv6, PMIPv6, and HMIPv6 are the following:
In Mobile IPv6, the home agent (HA) typically provides the anchoring function (AF); the location information server (LIs) is at the HA whereas the location information client (LIc) is at the MN; the Forwarding Management (FM) function resides in both ends of the tunnel at the HA and the MN.
In Proxy Mobile IPv6, the Local Mobility Anchor (LMA) provides the anchoring function (AF); the location information server (LIs) is at the LMA whereas the location information client (LIc) is at the mobile access gateway (MAG); the Forwarding Management (FM) function resides in both ends of the tunnel at the HA and the MAG.
In Hierarchical Mobile IPv6 (HMIPv6) [RFC5380], the Mobility Anchor Point (MAP) serves as a location information aggregator between the LIs at the HA and the LIc at the MN. The MAP also provides the FM function to enable tunneling between HA and itself as well as tunneling between MN and itself.
This section documents deployment practices of existing mobility protocols to satisfy distributed mobility management requirements. This description considers both IP wireless, e.g., evolved Wi-Fi hotspots, and 3GPP flattening mobile network.
While describing the current DMM practices, the section provides references to the generic mobility management functions described in Section 3 as well as some initial hints on the identified gaps with respect to the DMM requirements documented in [RFC7333].
There are many different approaches that can be considered to implement and deploy a distributed anchoring and mobility solution. The focus of the gap analysis is on certain current mobile network architectures and standardized IP mobility solutions, considering any kind of deployment options which do not violate the original protocol specifications. In order to limit the scope of our analysis of DMM practices, we consider the following list of technical assumptions: [RFC6724].
Applications which can cope with changes in the MN's IP address do not depend on IP mobility management protocols such as DMM. Typically, a connection manager together with the operating system will configure the source address selection mechanism of the IP stack. This might involve identifying application capabilities and triggering the mobility support accordingly. Further considerations on application management and source address selection are out of the scope of this document, but the reader might consult
This section focuses on common IP wireless network architectures and how they can be flattened from an IP mobility and anchoring point of view using common and standardized protocols. We take Wi-Fi as an useful wireless technology, since it is widely known and deployed nowadays. Some representative examples of Wi-Fi deployment architectures are depicted in Figure 1.
+-------------+ _----_ +---+ | Access | _( )_ |AAA|. . . . . . | Aggregation |----------( Internet ) +---+ | Gateway | (_ _) +-------------+ '----' | | | | | +-------------+ | | | | | +-----+ +---------------+ | | AR | | | +--+--+ +-----+ +-----+ *----+----* | RG | | WLC | ( LAN ) +-----+ +-----+ *---------* . / \ / \ / \ +-----+ +-----+ +-----+ +-----+ / \ |Wi-Fi| |Wi-Fi| |Wi-Fi| |Wi-Fi| MN1 MN2 | AP1 | | AP2 | | AP3 | | AP4 | +-----+ +-----+ +-----+ +-----+ . . / \ / \ / \ / \ MN3 MN4 MN5 MN6
Figure 1: IP Wi-Fi network architectures
In Figure 1, three typical deployment options are shown [I-D.gundavelli-v6ops-community-wifi-svcs]. On the left hand side of the figure, mobile nodes MN1 and MN2 directly connect to a Residential Gateway (RG) at the customer premises. The RG hosts the 802.11 Access Point (AP) function to enable wireless layer-2 access connectivity and also provides layer-3 routing functions. In the middle of the figure, mobile nodes MN3 and MN4 connect to Wi-Fi Access Points (APs) AP1 and AP2 that are managed by a Wireless LAN Controller (WLC), which performs radio resource management on the APs, domain-wide mobility policy enforcement and centralized forwarding function for the user traffic. The WLC could also implement layer-3 routing functions, or attach to an access router (AR). Last, on the right-hand side of the figure, access points AP3 and AP4 are directly connected to an access router. This can also be used as a generic connectivity model.
IP mobility protocols can be used to provide heterogeneous network mobility support to users, e.g., handover from Wi-Fi to cellular access. Two kind of protocols can be used: Proxy Mobile IPv6 [RFC5213] or Mobile IPv6 [RFC5555], with the role of mobility anchor, e.g., Local Mobility Anchor or home agent, typically being played by the edge router of the mobile network [SDO-3GPP.23.402].
Although this section has made use of the example of Wi-Fi networks, there are other flattening mobile network architectures specified, such as WiMAX [IEEE.802-16.2009], which integrates both host- and network-based IP mobility functions.
Existing IP mobility protocols can also be deployed in a flatter manner, so that the anchoring and access aggregation functions are distributed. We next describe several practices for the deployment of existing mobility protocols in a distributed mobility management environment. The analysis in this section is limited to protocol solutions based on existing IP mobility protocols, either host- or network-based, such as Mobile IPv6 [RFC6275], [RFC5555], Proxy Mobile IPv6 (PMIPv6) [RFC5213], [RFC5844] and Network Mobility Basic Support protocol (NEMO) [RFC3963]. Extensions to these base protocol solutions are also considered. The analysis is divided into two parts: host- and network-based practices.
Mobile IPv6 (MIPv6) [RFC6275] and its extension to support mobile networks, the NEMO Basic Support protocol (hereafter, simply referred to as NEMO) [RFC3963] are well-known host-based IP mobility protocols. They depend on the function of the Home Agent (HA), a centralized anchor, to provide mobile nodes (hosts and routers) with mobility support. In these approaches, the Home Agent typically provides the Anchoring Function (AF), Forwarding Management (FM), and Internetwork Location Information server (LIs) functions. The mobile node possesses the Location Information client (LIc) function and the FM function to enable tunneling between HA and itself. We next describe some practices that show how MIPv6/NEMO and several other protocol extensions can be deployed in a distributed mobility management environment.
One approach to distribute the anchors can be to deploy several HAs (as shown in Figure 2), and assign the topologically closest anchor to each MN [RFC4640], [RFC5026], [RFC6611]. In the example shown in Figure 2, the mobile node MN1 is assigned to the home agent HA1 and uses a home address anchored by HA1 to communicate with the correspondent node CN1. Similarly, the mobile node MN2 is assigned to the home agent HA2 and uses a home address anchored by HA2 to communicate with the correspondent node CN2. Note that MIPv6/NEMO specifications do not prevent the simultaneous use of multiple home agents by a single mobile node. In this deployment model, the mobile node can use several anchors at the same time, each of them anchoring IP flows initiated at a different point of attachment. However, there is currently no mechanism specified in IETF to enable an efficient dynamic discovery of available anchors and the selection of the most suitable one.
<-INTERNET-> <- HOME NETWORK -> <------- ACCESS NETWORK -------> +-----+ +-----+ +--------+ | CN1 |--- ===| AR1 |=======| MN1 | +-----+ \ +-----------+ // +-----+ |(FM,LMc)| ---| HA1 |=== +--------+ |(AF,FM,LMs)| +-----+ (anchored +-----------+ | AR2 | at HA1) +-----+ +-----+ | CN2 |-------------- +-----+ \ +-----+ +--------+ -------------| AR3 |-------| MN2 | +-----------+ +-----+ |(FM,LMc)| | HA2 | +--------+ |(AF,FM,LMs)| +-----+ (anchored +-----------+ | AR4 | at HA2) +-----+ CN1 CN2 HA1 HA2 AR1 AR3 MN1 MN2 | | | | | | | | |<-------------->|<================+=============>| | BT mode | | | | | | | | | |<---------------------------------+-------------->| RO mode | | | | | | | |
Figure 2: Distributed operation of Mobile IPv6 (BT and RO) / NEMO
One goal of the deployment of mobility protocols in a distributed mobility management environment is to avoid the suboptimal routing caused by centralized anchoring. Here, the Route Optimization (RO) support provided by Mobile IPv6 can be used to achieve a flatter IP data forwarding. By default, Mobile IPv6 and NEMO use the so-called Bidirectional Tunnel (BT) mode, in which data traffic is always encapsulated between the MN and its HA before being directed to any other destination. The RO mode allows the MN to update its current location on the CNs, and then use the direct path between them. Using the example shown in Figure 2, MN1 is using BT mode with CN1, while MN2 is in RO mode with CN2. However, the RO mode has several drawbacks:
Notwithstanding these considerations, the RO mode does offer the possibility of substantially reducing traffic through the Home Agent, in cases when it can be supported by the relevant correspondent nodes. Note that a mobile node can also use its care-of-address (CoA) directly [RFC5014] when communicating with CNs on the same link or anywhere in the Internet, although no session continuity support would be provided by the IP stack in this case.
Hierarchical Mobile IPv6 (HMIPv6) [RFC5380] (as shown in Figure 3), is another host-based IP mobility extension which can be considered as a complement to provide a less centralized mobility deployment. It allows the reduction of the amount of mobility signaling as well as improving the overall handover performance of Mobile IPv6 by introducing a new hierarchy level to handle local mobility. The Mobility Anchor Point (MAP) entity is introduced as a local mobility handling node deployed closer to the mobile node. It provides LI intermediary function between the LI server (LIs) at the HA and the LI client (LIc) at the MN. It also performs the FM function to tunnel with the HA and also with the MN.
<INTERNET> <- HOME NETWORK -> <---------- ACCESS NETWORK ----------> LCoA anchored at AR1 +---+ +--------+ ===|AR1|==| MN1 | +-----+ +-----------+ +----------+ // +---+ |(FM,LMc)| | CN1 |----| HA1 |======| MAP1 |=== +--------+ +-----+ |(AF,FM,LMs)| /|(AF,FM,LM)| +---+ HoA, +-----------+ / +----------+ |AR2| RCoA, HoA anchored / RCoA anchored +---+ LCoA at HA1 / at MAP1 / +---+ / |AR3| +-----+ / +----------+ +---+ | CN2 |---------------- | MAP2 | +-----+ |(AF,FM,LM)| +---+ +----------+ |AR4| +---+ CN1 CN2 HA1 MAP1 AR1 MN1 | | | | | | |<-------------->|<===============>|<======================>| HoA | | | | | | | |<-------------------------->|<======================>| RCoA | | | | | |
Figure 3: Hierarchical Mobile IPv6
When HMIPv6 is used, the MN has two different temporary addresses: the Regional Care-of Address (RCoA) and the Local Care-of Address (LCoA). The RCoA is anchored at one MAP, which plays the role of local home agent, while the LCoA is anchored at the access router level. The mobile node uses the RCoA as the CoA signaled to its home agent. Therefore, while roaming within a local domain handled by the same MAP, the mobile node does not need to update its home agent, i.e., the mobile node does not change its RCoA.
The use of HMIPv6 enables some form of route optimization, since a mobile node may decide to directly use the RCoA as source address for a communication with a given correspondent node, particularly if the MN does not expect to move outside the local domain during the lifetime of the communication. This can be seen as a potential DMM mode of operation, though it fails to provide session continuity if and when the MN moves outside the local domain. In the example shown in Figure 3, MN1 is using its global HoA to communicate with CN1, while it is using its RCoA to communicate with CN2.
Furthermore, a local domain might have several MAPs deployed, enabling therefore a different kind of HMIPv6 deployments which are flattening and distributed. The HMIPv6 specification supports a flexible selection of the MAP, including those based on the distance between the MN and the MAP, or taking into consideration the expected mobility pattern of the MN.
Another extension that can be used to help distributing mobility management functions is the Home Agent switch specification [RFC5142], which defines a new mobility header for signaling a mobile node that it should acquire a new home agent. [RFC5142] does not specify the case of changing the mobile node's home address, as that might imply loss of connectivity for ongoing persistent connections. Nevertheless, that specification could be used to force the change of home agent in those situations where there are no active persistent data sessions that cannot cope with a change of home address.
There are other host-based approaches standardized that can be used to provide mobility support. For example MOBIKE [RFC4555] allows a mobile node encrypting traffic through IKEv2 [RFC5996] to change its point of attachment while maintaining a Virtual Private Network (VPN) session. The MOBIKE protocol allows updating the VPN Security Associations (SAs) in cases where the base connection initially used is lost and needs to be re-established. The use of the MOBIKE protocol avoids having to perform an IKEv2 re-negotiation. Similar considerations to those made for Mobile IPv6 can be applied to MOBIKE; though MOBIKE is best suited for situations where the address of at least one endpoint is relatively stable and can be discovered using existing mechanisms such as DNS.
Extensions have been defined to the mobility protocol to optimize the handover performance. Mobile IPv6 Fast Handovers (FMIPv6) [RFC5568] is the extension to optimize handover latency. It defines new access router discovery mechanism before handover to reduce the new network discovery latency. It also defines a tunnel between the previous access router and the new access router to reduce the packet loss during handover. The Candidate Access Router Discovery (CARD) [RFC4066] and Context Transfer Protocol (CXTP) [RFC4067] protocols were standardized to improve the handover performance. The DMM deployment practice discussed in this section can also use those extensions to improve the handover performance.
Proxy Mobile IPv6 (PMIPv6) [RFC5213] is the main network-based IP mobility protocol specified for IPv6. Proxy Mobile IPv4 [RFC5844] defines some IPv4 extensions. With network-based IP mobility protocols, the Local Mobility Anchor (LMA) typically provides the Anchoring Function (AF), Forwarding Management (FM) function, and Internetwork Location Information server (LIs) function. The mobile access gateway (MAG) provides the Location Information client (LIc) function and Forwarding Management (FM) function to tunnel with LMA. PMIPv6 is architecturally almost identical to MIPv6, as the mobility signaling and routing between LMA and MAG in PMIPv6 is similar to those between HA and MN in MIPv6. The required mobility functionality at the MN is provided by the MAG so that the involvement in mobility support by the MN is not required.
We next describe some practices that show how network-based mobility protocols and several other protocol extensions can be deployed in a distributed mobility management environment.
One way to decentralize Proxy Mobile IPv6 operation can be to deploy several Local Mobility Anchors and use some selection criteria to assign LMAs to attaching mobile nodes. An example of this type of assignment is shown in Figure 4. As with the client based approach, a mobile node may use several anchors at the same time, each of them anchoring IP flows initiated at a different point of attachment. This assignment can be static or dynamic. The main advantage of this simple approach is that the IP address anchor, i.e., the LMA, could be placed closer to the mobile node. Therefore the resulting paths are close-to-optimal. On the other hand, as soon as the mobile node moves, the resulting path will start deviating from the optimal one.
<INTERNET> <--- HOME NETWORK ---> <------ ACCESS NETWORK -------> +--------+ +---+ =======| MAG1 |------|MN1| +-----+ +-----------+ // |(FM,LMc)| +---+ | CN1 |-------| LMA1 |======= +--------+ +-----+ |(AF,FM,LMs)| +-----------+ +--------+ +-----+ | MAG2 | | CN2 |--- |(FM,LMc)| +-----+ \ +-----------+ +--------+ ---| LMA2 |======= +-----+ |(AF,FM,LMs)| \\ +--------+ +---+ | CN3 | +-----------+ =======| MAG3 |------|MN2| +-----+ |(FM,LMs)| +---+ +--------+ CN1 CN2 LMA1 LMA2 MAG1 MAG3 MN1 MN2 | | | | | | | | |<-------------->|<=========================>|<----------->| | | | | | | | | | | |<-------------->|<========================>|<----------->| | | | | | | | |
Figure 4: Distributed operation of Proxy Mobile IPv6
In a similar way to the host-based IP mobility case, network-based IP mobility has some extensions defined to mitigate the suboptimal routing issues that may arise due to the use of a centralized anchor. The Local Routing extensions [RFC6705] enable optimal routing in Proxy Mobile IPv6 in three cases: i) when two communicating MNs are attached to the same MAG and LMA, ii) when two communicating MNs are attached to different MAGs but to the same LMA, and iii) when two communicating MNs are attached to the same MAG but have different LMAs. In these three cases, data traffic between the two mobile nodes does not traverse the LMA(s), thus providing some form of path optimization since the traffic is locally routed at the edge. The main disadvantage of this approach is that it only tackles the MN-to-MN communication scenario, and only under certain circumstances.
An interesting extension that can also be used to facilitate the deployment of network-based mobility protocols in a distributed mobility management environment is the support of LMA runtime assignment described in [RFC6463]. This extension specifies a runtime Local Mobility Anchor assignment functionality and corresponding mobility options for Proxy Mobile IPv6. This runtime Local Mobility Anchor assignment takes place during the Proxy Binding Update / Proxy Binding Acknowledgment message exchange between a mobile access gateway and a local mobility anchor. While this mechanism is mainly aimed for load-balancing purposes, it can also be used to select an optimal LMA from the routing point of view. A runtime LMA assignment can be used to change the assigned LMA of an MN, for example, in cases when the mobile node does not have any active session, or when the running sessions can survive an IP address change. Note that several possible dynamic Local Mobility Anchor discovery solutions can be used, as described in [RFC6097].
The 3rd Generation Partnership Project (3GPP) is the standards development organization that specifies the 3rd generation mobile network and the Evolved Packet System (EPS) [SDO-3GPP.23.402], which mainly comprises the Evolved Packet Core (EPC) and a new radio access network, usually referred to as LTE (Long Term Evolution).
Architecturally, the 3GPP Evolved Packet Core (EPC) network is similar to an IP wireless network running PMIPv6 or MIPv6, as it relies on the Packet Data Network Gateway (PGW) anchoring services to provide mobile nodes with mobility support (see Figure 5). There are client-based and network-based mobility solutions in 3GPP, which for simplicity will be analyzed together. We next describe how 3GPP mobility protocols and several other completed or ongoing extensions can be deployed to meet some of the DMM requirements [RFC7333].
+---------------------------------------------------------+ | PCRF | +-----------+--------------------------+----------------+-+ | | | +----+ +-----------+------------+ +--------+-----------+ +-+-+ | | | +-+ | | Core Network | | | | | | +------+ |S|__ | | +--------+ +---+ | | | | | | |GERAN/|_|G| \ | | | HSS | | | | | | | +-----+ UTRAN| |S| \ | | +---+----+ | | | | E | | | | +------+ |N| +-+-+ | | | | | | | x | | | | +-+ /|MME| | | +---+----+ | | | | t | | | | +---------+ / +---+ | | | 3GPP | | | | | e | | +-----+ E-UTRAN |/ | | | AAA | | | | | r | | | | +---------+\ | | | SERVER | | | | | n | | | | \ +---+ | | +--------+ | | | | a | | | | 3GPP AN \|SGW+----- S5---------------+ P | | | l | | | | +---+ | | | G | | | | | | +------------------------+ | | W | | | I | | UE | | | | | | P | | | +------------------------+ | | +-----+ | | | |+-------------+ +------+| | | | | | n | | | || Untrusted +-+ ePDG +-S2b---------------+ | | | e | | +---+| non-3GPP AN | +------+| | | | | | t | | | |+-------------+ | | | | | | w | | | +------------------------+ | | | | | o | | | | | | | | r | | | +------------------------+ | | | | | k | | +---+ Trusted non-3GPP AN +-S2a--------------+ | | | s | | | +------------------------+ | | | | | | | | | +-+-+ | | | | +--------------------------S2c--------------------| | | | | | | | | | +----+ +--------------------+ +---+
Figure 5: EPS (non-roaming) architecture overview
The GPRS Tunneling Protocol (GTP) [SDO-3GPP.29.060] [SDO-3GPP.29.281] [SDO-3GPP.29.274] is a network-based mobility protocol specified for 3GPP networks (S2a, S2b, S5 and S8 interfaces). In a similar way to PMIPv6, it can handle mobility without requiring the involvement of the mobile nodes. In this case, the mobile node functionality is provided in a proxy manner by the Serving Data Gateway (SGW), Evolved Packet Data Gateway (ePDG), or Trusted Wireless Access Gateway (TWAG [SDO-3GPP.23.402]) .
3GPP specifications also include client-based mobility support, based on adopting the use of Dual-Stack Mobile IPv6 (DSMIPv6) [RFC5555] for the S2c interface [SDO-3GPP.24.303]. In this case, the User Equipment (UE) implements the binding update functionality, while the home agent role is played by the PGW.
A Local IP Access (LIPA) and Selected IP Traffic Offload (SIPTO) enabled network [SDO-3GPP.23.401] allows offloading some IP services at the local access network above the Radio Access Network (RAN) without the need to travel back to the PGW (see Figure 6).
+---------+ IP traffic to mobile operator's CN | User |....................................(Operator's CN) | Equipm. |.................. +---------+ . Local IP traffic . +-----------+ |Residential| |enterprise | |IP network | +-----------+
Figure 6: LIPA scenario
SIPTO enables an operator to offload certain types of traffic at a network node close to the UE's point of attachment to the access network, by selecting a set of GWs (SGW and PGW) that are geographically/topologically close to the UE's point of attachment.
SIPTO Traffic | . . +-------+ +------+ | L-PGW | ---- | MME | +-------+ / +------+ | / +------+ +-----+ +-----+/ +-----+ | UE |.....| eNB |....| SGW |........| PGW |.... CN Traffic +------+ +-----+ +-----+ +-----+
Figure 7: SIPTO architecture
LIPA, on the other hand, enables an IP addressable UE connected via a Home eNB (HeNB) to access other IP addressable entities in the same residential/enterprise IP network without traversing the mobile operator's network core in the user plane. In order to achieve this, a Local GW (LGW) collocated with the HeNB is used. LIPA is established by the UE requesting a new Public Data Network (PDN) connection to an access point name for which LIPA is permitted, and the network selecting the Local GW associated with the HeNB and enabling a direct user plane path between the Local GW and the HeNB.
+---------------+------+ +----------+ +-------------+ ===== |Residential | | HeNB | | Backhaul | |Mobile | ( IP ) |Enterprise |..|------|..| |..|Operator |..(Network) |Network | | LGW | | | |Core network | ======= +---------------+------+ +----------+ +-------------+ / | / +-----+ | UE | +-----+
Figure 8: LIPA architecture
The 3GPP architecture specifications also provide mechanisms to allow discovery and selection of gateways [SDO-3GPP.29.303]. These mechanisms enable decisions taking into consideration topological location and gateway collocation aspects, relying upon the DNS as a "location database."
Both SIPTO and LIPA have a very limited mobility support, especially in 3GPP specifications up to Rel-12. Briefly, LIPA mobility support is limited to handovers between HeNBs that are managed by the same LGW (i.e., mobility within the local domain). There is no guarantee of IP session continuity for SIPTO.
This section identifies the limitations in the current practices, described in Section 4, with respect to the DMM requirements listed in [RFC7333].
According to requirement REQ1 stated in [RFC7333], IP mobility, network access and forwarding solutions provided by DMM must make it possible for traffic to avoid traversing a single mobility anchor far from the optimal route.
From the analysis performed in Section 4, a DMM deployment can meet the requirement "REQ1 Distributed mobility management" usually relying on the following functions:
Regarding the ability to transfer registration context between anchors, there are already some solutions that could be reused or adapted to fill that gap, such as Fast Handovers for Mobile IPv6 [RFC5568] -- to enable traffic redirection from the old to the new anchor --, the Context Transfer protocol [RFC4067] -- to enable the required transfer of registration information between anchors --, or the Handover Keying architecture solutions [RFC6697], to speed up the re-authentication process after a change of anchor. Note that some extensions might be needed in the context of DMM, as these protocols were designed in the context of centralized client IP mobility, focusing on the access re-attachment and authentication.
The requirement REQ2 for "bypassable network-layer mobility support for each application session" introduced in [RFC7333] requires flexibility in determining whether network-layer mobility support is needed. This requirement enables one to choose whether or not to use network-layer mobility support. The following two functions are also needed:
This requirement states that DMM solutions should primarily target IPv6 as the primary deployment environment. IPv4 support is not considered mandatory and solutions should not be tailored specifically to support IPv4.
All analyzed DMM practices support IPv6. Some of them, such as MIPv6/NEMO including the support of dynamic HA selection, MOBIKE, SIPTO also have IPv4 support. Some solutions, e.g., PMIPv6, also have some limited IPv4 support. In conclusion, this requirement is met by existing DMM practices.
A DMM solution must first consider reusing and extending IETF-standardized protocols before specifying new protocols.
As stated in [RFC7333], a DMM solution could reuse existing IETF and standardized protocols before specifying new protocols. Besides, Section 4 of this document discusses various ways to flatten and distribute current mobility solutions. Actually, nothing prevents the distribution of mobility functions within IP mobility protocols. However, as discussed in Section 5.1 and Section 5.2, limitations exist.
The 3GPP data plane anchoring function, i.e., the PGW, can also be distributed, but with limitations; e.g., no anchoring relocation, no context transfer between anchors and centralized control plane. The 3GPP architecture is also going in the direction of flattening with SIPTO and LIPA, though they do not provide full mobility support. For example, mobility support for SIPTO traffic can be rather limited, and offloaded traffic cannot access operator services. Thus, the operator must be very careful in selecting which traffic to offload.
According to [RFC7333], DMM implementations are required to co-exist with existing network deployments, end hosts and routers. Additionally, DMM solutions are expected to work across different networks, possibly operated as separate administrative domains, when the necessary mobility management signaling, forwarding, and network access are allowed by the trust relationship between them. All current mobility protocols can co-exist with existing network deployments and end hosts. There is no gap between existing mobility protocols and this requirement.
This requirement actually comprises several aspects, as summarized below.
As stated in [RFC7333], a DMM solution has to support any security protocols and mechanisms needed to secure the network and to make continuous security improvements. In addition, with security taken into consideration early in the design, a DMM solution cannot introduce new security risks, or amplify existing security risks, that cannot be mitigated by existing security protocols and mechanisms.
Any solutions that are intended to fill in gaps identified in this document need to meet this requirement. At present, it does not appear that using existing solutions to support DMM has introduced any new security issues. For example, Mobile IPv6 defines security features to protect binding updates both to home agents and correspondent nodes. It also defines mechanisms to protect the data packets transmission for Mobile IPv6 users. Proxy Mobile IPv6 and other variations of mobile IP also have similar security considerations.
It is stated in [RFC7333] that DMM solutions are expected to allow the development of multicast solutions to avoid network inefficiency in multicast traffic delivery.
Current IP mobility solutions address mainly the mobility problem for unicast traffic. Solutions relying on the use of an anchor point for tunneling multicast traffic down to the access router, or to the mobile node, introduce the so-called "tunnel convergence problem." This means that multiple instances of the same multicast traffic can converge to the same node, diminishing the advantage of using multicast protocols.
[RFC6224] documents a baseline solution for the previous issue, and [RFC7028] a routing optimization solution. The baseline solution suggests deploying a Multicast Listener Discovery (MLD) proxy function at the MAG, and either a multicast router or another MLD proxy function at the LMA. The routing optimization solution describes an architecture where a dedicated multicast tree mobility anchor or a direct routing option can be used to avoid the tunnel convergence problem.
Besides the solutions highlighted before, there are no other mechanisms for mobility protocols to address the multicast tunnel convergence problem.
We next list the main gaps identified from the analysis performed above:
The deployment of DMM using existing IP mobility protocols raises similar security threats as those encountered in centralized mobility management systems. Without authentication, a malicious node could forge signaling messages and redirect traffic from its legitimate path. This would amount to a denial of service attack against the specific node or nodes for which the traffic is intended. Distributed mobility anchoring, while keeping current security mechanisms, might require more security associations to be managed by the mobility management entities, potentially leading to scalability and performance issues. Moreover, distributed mobility anchoring makes mobility security problems more complex, since traffic redirection requests might come from previously unconsidered origins, thus leading to distributed points of attack. Consequently, the DMM security design needs to account for the distribution of security associations between additional mobility entities.
Charles E. Perkins Huawei Technologies EMail: charliep@computer.org
This document has benefited to valuable contributions from
[RFC7333] | Chan, H., Liu, D., Seite, P., Yokota, H. and J. Korhonen, "Requirements for Distributed Mobility Management", RFC 7333, August 2014. |