Asymmetric Extended Route Optimization (AERO)

Asymmetric Extended Route Optimization (AERO)

Fred L. Templin (Association for Computing Machinery (ACM), USA)
DOI: 10.4018/978-1-4666-8371-6.ch014
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Modern enterprise networks must accommodate mobile devices such as cell phones, tablets and laptop computers. When a mobile device moves to a new access network, it often receives a new Internet Protocol (IP) address. This can disrupt communication sessions and create challenges for locating and tracking mobile assets. The enterprise network should therefore provide each mobile device with a stable IP address or prefix that never changes, but this requires a new mobility architecture. Asymmetric Extended Route Optimization (AERO) supports mobility by modeling the enterprise network as a virtual link through a process known as encapsulation. The AERO system tracks mobile devices through control message signaling and an efficient routing system. AERO maintains optimal routes for roaming devices so that performance is maximized and congestion points are avoided. This chapter describes the AERO system for accommodating mobile devices within enterprise networks.
Chapter Preview
Top

Introduction

The Internet was designed long before the advent of modern mobile networked devices. The Internet Protocol (IP) therefore includes no provisions for a device to move between different network points of attachment while still maintaining a stable IP address or prefix. Instead, each mobile device is assigned an IP address that is topologically-inferred, i.e., bound to its current access network point of attachment. This address is called a Topologically-Fixed Address (TFA). If the device moves to a new access network, it must relinquish its former TFA address and obtain a new one. In some instances, this may disrupt ongoing communication sessions and complicate mobile device tracking. A means of maintaining a stable IP address or prefix across mobility events would therefore result in a more flexible architecture.

In addition to the mobility challenges, the Internet is currently undergoing growing pains since there are now billions of networked devices worldwide with many more on the way. This exponential growth has exhausted the IP version 4 (IPv4) (Postel et al., 1981) address space that is physically constrained to support at most 4 billion addresses. To remedy this address run-out condition, the Internet Engineering Task Force (IETF) has designed IP version 6 (IPv6) (Deering & Hinden, 1998) with sufficient address space for the forseeable future. Moreover, mobile devices often require not just a single address but a mobile network prefix that can address multitudes of additional devices and services. Since all public IPv4 prefixes have already been consumed (and since private IPv4 addresses are not routable outside the enterprise) this can only be cleanly accommodated by the expanded address space offered by IPv6.

Modern enterprise networks appear as Autonomous Systems (ASes) in the Internet’s Border Gateway Protocol (BGP) routing system (Rekhter, Li, & Hares, 2006), but they are internally organized as an Internet unto themselves. These enterprise networks have an internal routing system and addressing architecture that must be capable of providing pervasive connectivity to ensure the smooth operation of enterprise services. More and more, mobile enterprise network devices connect through multiple diverse wireless (e.g., Wireless LAN or “WLAN”) and wired-line (e.g., Ethernet) access technologies. However, each time the mobile device transitions from one access network to another it receives a new TFA and discontinues the use of its old TFA. Without specific mitigations, this can disrupt ongoing communication sessions and can make tracking and locating devices based on IP address challenging.

It has long been known that a technique called tunneling can present a mobile device with a stable Topology-Independent Address (TIA) (or TIA prefix) even if its TFA changes frequently. Tunneling involves the encapsulation of an inner IP packet with a TIA source and/or destination address within an outer IP header that uses TFA addresses. The enterprise network routing system then bases its packet forwarding decisions on the outer TFA address instead of the inner TIA address, i.e., the TFA and TIA address spaces are kept separate. Tunneling introduces additional header bytes that reduce the amount of space available for user data and consume network bandwidth resources. However, tunneling is seen in widespread and ever-growing use throughout the Internet since the benefits often outweigh the costs.

Tunnels have an ingress endpoint and one or more egress endpoints, but the discovery of an egress endpoint nearest the packet’s destination (also known as “route optimization”) is required to provide optimum performance and reduce network cost. The selection of an egress endpoint must also be securely coordinated with mobility events to defeat encapsulation-based attacks. Asymmetric Extended Route Optimization (AERO) was therefore designed to address these needs.

Key Terms in this Chapter

End User Network (EUN): an internal virtual or external edge IP network that an AERO Client connects to the rest of the network via the AERO interface. More specifically, the Client acts as a mobile router on behalf of its (downstream-attached) EUNs.

AERO Address: an IPv6 link-local address with an embedded IP prefix and assigned to a Client's AERO interface.

AERO Link: a Non-Broadcast, Multiple Access (NBMA) tunnel virtual overlay configured over an enterprise network.

AERO Client: a node that assigns AERO addresses to an AERO interface and receives IP prefixes via a DHCPv6 Prefix Delegation (PD) exchanges with one or more AERO Servers.

AERO Service Prefix (ASP): an IP prefix associated with the AERO link and from which AERO Client Prefixes (ACPs) are derived (for example, the IPv6 ACP 2001 AU20: The in-text citation "ACP 2001" is not in the reference list. Please correct the citation, add the reference to the list, or delete the citation. :db8:1:2::/64 is derived from the IPv6 ASP 2001 AU21: The in-text citation "ASP 2001" is not in the reference list. Please correct the citation, add the reference to the list, or delete the citation. :db8::/32).

Link-Layer Address: a TFA address along with the UDP port number used for encapsulation. Link-layer addresses are used as the encapsulation header source and destination addresses.

AERO Client Prefix (ACP): an IP prefix taken from an ASP and delegated to a Client.

AERO Interface: a node's attachment to an AERO link.

Topology-Independent Address (TIA): an address provided to an AERO Client by the AERO service and that can be used from any enterprise network point of attachment.

AERO Node: a node that configures an AERO interface on an AERO link.

AERO Relay: a node that configures an AERO interface to relay IP packets between nodes on the same AERO link and/or forward IP packets to correspondents on other networks.

Network Layer Address: the source or destination address of the encapsulated IP packet.

AERO Server: a node that configures an AERO interface to provide default forwarding and DHCPv6 services for AERO Clients.

Topologically-Fixed Address (TFA): an IP address assigned to an AERO node’s access network connection to the enterprise network.

Complete Chapter List

Search this Book:
Reset