Improved Handover Algorithm To Avoid Duplication AAA Authentication In Proxy Mipv6

Hewei Yu¹  and  Meiling Zhou²

¹School of Computer Science & Engineering, South China University of Technology, Guang Zhou, P.R.China

²GF Fund Management Co., Ltd., Guang Zhou, P.R.China

Abstract

This paper proposes an improved handover algorithm which does not need authenticating again if Mobile Node moves within the same Proxy MIPv6 domain. When MN enters PMIPv6 domain at the first time, it needs to make an AAA authentication. But when MN moves between MAGs in the same domain, it can perform handover procedure without the second times of AAA authentication, and speed the handover process. We built a structure of PMIPv6 including AAA server on NS-2 and set up a real test-bed, and proposed an improved handover algorithm for PMIPv6 based on AAA authentication. The simulation and testing results show that the new scheme can effectively reduce the handover latency and ratio of packet loss, and improve network performance.

Keywords

PMIPv6; AAA; handover; fast handover

1. Introduction

Nowadays, the huge commercial demand for mobile Internet has brought new opportunity and challenge of technology. In 2008, the Internet Engineering Task Force (IETF) proposed a network-based mobility management protocol called Proxy MIPv6^[1]. Because of the bright prospect of PMIPv6, researchers  all over the world have carried out extensive and in-depth study on PMIPv6, and provides various effective handoff scheme. As a whole, the research on PMIPv6 has many aspects, including security, handover performance etc. On the security mechanism of PMIPv6, RFC5779^[2] defined AAA for authentication ,authorization and accounting. Document[3] designed and implemented the authentication and authorization of PMIPv6 network system, the testing results proved the validity and feasibility of the certification system. On the handover performance of PMIPv6, Kang[4] proposed a seamless handover scheme using the neighbor discovery message of IPv6 to reduce the handover latency and packet buffering at the Mobile Access Gateway (MAG) to avoid the on-the-fly packet loss during a handover for PMIPv6. However, it is unable to satisfy the real-time demand of higher business communication. Document[5] proposes a novel low latency handover scheme for PMIPv6 using Media Independent Handover (MIH) services. Magagula [6] tested the handover performance of PMIPv6 with and without the IEEE 802.21 MIH services in a heterogeneous wireless networks’ environment. The results showed that the handover performance had improved if the IEEE 802.21 MIH services is used, while there have some problem such as Signal overload. Of course, A scheme to Reduce Packet Loss during PMIPv6 Handover is called PL-PMIPv6, which is similar to the fast handover for MIPv6, and FH-PMIPv6 was improved based on it.

In the PMIPv6 system include AAA severs, when MN enters PMIPv6 domain at the first time, it is required to be authenticated. This paper proposes a scheme, MN only need to be authenticated once in the same domain. In another word, when MN moves into a new MAG in the same domain, it does not need to be authenticated again, so this schema can minimize the authentication latency and packet loss.

The rest of this paper is arranged as follows: the implementation of AAA server for PMIPv6 is introduced in section 2. Section 3 introduces the improved handover schema to minimize typical authentication procedures. Simulation in NS-2 and testing on test-bed and results analysis are provided in section 4 and 5 respectively. This paper is concluded in section 5.

2. Implementation Of AAA Server For Pmipv6[7]

PMIPv6 introduces two network entities: MAG (Mobile Access Gateway) and LMA(Local Mobility Anchor). LMA is the home agent for the MN in a PMIPv6 domain. It is the topological anchor point for the MN’s home network prefix(es) and is the entity that manages the MN’s binding state. MAG is a function on an access router that manages the mobility-related signalling. It is responsible for tracking the MN’s movements to and from the access link and for signalling the MN’s local mobility anchor.

In this paper, the functions of AAA server are implemented in NS2 using C++ language and TCL scripts. We add two structures that is AAA server and list of policy profile. Figure1. (a) and Figure1. (b) show the working flow chart of AAA server.

After AAA server is implemented, Figure.2 shows the signal flow when MN moves from P-MAG (pre-MAG) to N-MAG (new-MAG) in the same PMIPv6 domain.

Figure 1. (a)  Create list of policy profile

(b)  Judging the legality of MN

The whole handover procedure goes as follows:

• P-MAG sends DeReg PBU message (including MN-HNP and Proxy-CoA) to LMA when it detects that MN is going to leave. Then LMA can release the binding between MN-HNP and Proxy-CoA of MN.
• LMA starts the delay timer immediately when it receivs DeReg PBU message. So LMA allows N-MAG to wait for a period of time before updating the binding cache entry, and replies DeReg PBA message to P-MAG simultaneously.
• P-MAG receives DeReg PBA message.
• When N-MAG detects the attachment of MN, N-MAG obtains information about MN. Then MN sends RS message to N-MAG.
• N-MAG sends QUERY message to AAA server after received RS message, then gets policy profile of MN.
• After MN’s successful access authentication, N-MAG sends PBU message to LMA to update the LMA about the current location of MN.
• Upon receiving the PBU message, LMA updates binding cache entry. LMA sends PBA message including MN-HNP.
• After receiving the PBA message, N-MAG sets up a tunnel to LMA and adds a default route over tunnel to LMA. N-MAG then sends RA message to MN on the access link to advertise the MN-HNP.
• When MN receives RA and know that there are no change on L3 interface after checking, it keeps the same IP address and uses it for packet delivery.

Figure 2.  Signal flow of Proxy MIPv6 based on Inter-Domain Handover

As signal flow chart shows, the handover schemes for PMIPv6 networks includes deregistration( 1)-3) ),authentication( 4)-5) ) and registration( 6)-9) ) phases.

3. Improved Handover Scheme

In order to reduce the longer latency and extra cost caused by combining the AAA function while guaranteeing the handover performance, some handover procedure have been proposed as follows: in document[8], the AAA server selects the most suitable LMA based on the load information received from the LMAs. Moreover, the LMA performs admission control based on the number of current mobile nodes registered to the LMA. Document[9] proposed adaptive context transfer schemes for a fast handoff in Proxy MIPv6 which reduces the latency in AAA authentication and specifies context transfer scenarios taking into account proactive and reactive handover. When MNs attempt to handover inter/intra domain, the AAA context information stored in LMAs and MAGs will be used to support the handover without visiting the AAA server. Other documents put forward an configuration file based intra-domain handover method in PMIPv6. Optimize the intra-domain handover performance by expanding the contents of the configuration file and adding the proxy care-of address option. Of course, there are many improved schemes based on AAA server. In this section we discuss our proposed scheme to reduce the handover latency of Proxy MIPv6 which is based on intra domain.

As we know, handover latency in PMIPv6 is caused due to following four latencies^[10]:

• Link switching latency
• AAA authentication latency
• MN registration latency
• Latency due to Router Solicitation(RS) message and Router Advertisement(RA) message

In the proposed scheme, the handover latency is reduced due to AAA authentication again in the same domain.

As mentioned previously, the MAG detects the movements of MN and performs mobility-related signalling with the LMA in place of the MN. As Fig3 shows, the serving MAG(i.e.,P-MAG) will send handover initial (HI) message to the target MAG(i.e.,N-MAG) when MN is going to leave. Then N-MAG will be told the MN has been authentication. First ,N-MAG stores information (such as the AAA initiation information of MN(i.e.,MN-ID) and the address of LMA ) from HI message. Then N-MAG sends back a handover acknowledge(HACK) message to P-MAG. During this time, MN has not disconnected from P-MAG, so all the data packets are forwarded through P-MAG as before.

Figure 3. Signal flow of proposed Proxy MIPv6 based on intra-domain.

P-MAG sends DeReg PBU message to LMA while detects MN is disconnect. The deregistration period is the same as mentioned previously.

When N-MAG detects that MN enters or gets the Route Solicitation(RS) message from MN, it will check whether the MN’s information (including MN-ID and LMAA) have already existed. If N-MAG has MN’s information, it means that MN has been authenticated. So it is not need to registration again. Here we give some analysis about handover latency. Usually handover latency is marked by the maximum time interval between MN receives the last packet from the P-MAG and the first packet from N-MAG. Using some marks such as T_DeReg (deregistration) ,T_Auth (authentication), T_Reg(registration), T_MN-MAG (MN and MAG)_, T_MAG-LMA  (MAG and LMA), T_MAG-AAA(MAG and AAA) and T_L2 (layer2 handover)_, we can get handover latency (HL) of traditional algorithm according to Fig4.1. ]

HL  = T_DeReg +T_L2 +T_RS + T_Auth + T_Reg + T_RA

        =  4T_MAG,LMA+T_L2 +2T_MN，MAG +2T_MAG,AAA                                                                            (1)

The handover latency (HL) of proposed algorithm is as the following according to Figure 4 (b).

HL  = T_DeReg +T_L2 +T_RS + T_Reg + T_RA

        = 4T_MAG,LMA+T_L2+2T_MN,MAG                                                                       (2)

Compare equation (1) and (2), you will find that the delay of AAA authentication is eliminated in our algorithm.

Figure 4.  (a)  Handover latency of PMIPv6

 

Figure 4. (b)  Handover latency of proposed PMIPv6

4. Simulation And Analysis

We have taken simulation using NS-2 and compared the performance of the proposed scheme with the previous and the ordinary one when MN moves between MAGs in the same domain. In the simulation,  we assumed correspondent node(CN) sent packets to MN and MN moved form P-MAG to N-MAG , the packets from CN get to MAG through LMA and router. The simulation model is shown in Figure 5. The time in the simulation is controlled in 20 seconds. CN sent data packets at intervals of 0.05s after 1.0 second. At 14.4 second, MN moved away from P-MAG and went toward N-MAG.

Figure 5.  Practical simulation model

4.1. Handover latency comparison

The handover latency comparison between ordinary (marked by black) and proposed (marked by red) scheme is show in Figure 6. The abscissa represents the simulation time, the ordinate represents handover latency. Because of MN has not entered PMIPv6 network at the starting time, there are not handover latency and the delay time is 0s. The packets transfer delay is 0.05s.  There are two high vertical line, the first line represents

Figure 6.  Handover latency comparison between ordinary and proposed scheme

The latency that MN enters a new Proxy MIPv6 domain and attaches to P-MAG. The graph shows, handover latency is sharp increased up to 1.02s at 1s. It is the same as the ordinary scheme. However, there are visible difference in second line. The second line represents the latency that MN enters N-MAG. The handover latency of ordinary scheme is sharp increased up to 0.5s while it is 0.45s in proposed scheme, which shows that the proposed scheme can reduce the handover latency.

Table 1. shows some parameters about handover latency in the simulation.

Both of the start time of handover of the two scheme are 14.4s. The proposed scheme has finished handover at 14.85s, and the ordinary one has finished at 14.9s.

Handover latency of the ordinary scheme =0.5s

Handover latency of the proposed scheme =0.45s

Obviously, the handover latency of the proposed scheme has been reduced 0.05s (0.5-0.45=0.05s). It is decreased by 10% ((0.05/0.5)*100%=10%) according to our proposal.

4.2. Packet loss rate

Figure 7 shows the number of packet loss comparison of ordinary and proposed scheme. In this simulation, ordinary scheme lost 9 packets. As while as the proposed scheme lost 8 which is less than the ordinary one.

In the simulation, the largest number of data packet is 383 in two scheme by checking the simulation output trace file. So we can get table2.

Figure 7.  Number of packet loss of ordinary and proposed scheme

All of the forward data packets are 383.

The number of packet loss are 9 and 8 in ordinary and proposed scheme respectively.

Obviously, the ratio of packet loss of our proposed scheme has been reduced 1(9-8=1). So the ratio of packet loss is decreased by 11.11% ((1/9)*100%≈11.11%) according to our proposal.

To sum up, the proposed scheme is characterized by completed N-MAG authentication in advance of handover, so there is no need of authentication again. It is clear from the result of simulation, the proposed scheme reduces the handover latency and the ratio of packet loss without increased throughput.

Table 2.  packet loss comparison of ordinary and proposed scheme

5. Testing On Test-Bed

5.1. Set up test-bed

For further proving, we set up a test-bed about Proxy MIPv6 according to document[11] which introduced  an open source project OAI PMIPv6. Based on it we built up a real test-bed for wireless LAN. Furthermore, we modify the code and implement our handover algorithm. Figure 8 shows the experimental topology of our test-bed：

Figure 8.  A real PMIPv6 test-bed [11]

P-MAG, N-MAG and LMA should be configured the kernel and installed some software. Correspondent node (CN) and MN do not need any configuration. This test-bed is based on ubuntu 10.04, linux 2.6.32 kernel. The whole set-up procedures are described as follow:

• Install the required packages including “libpcap-dev”, “indent”, “bison”, “flex”, “iproute-dev”, “libc6-dev”, “libssl-dev”, “autoconf”, “libtool”, “macchanger”, “python-netaddr”.
• Recompile and reinstall the kernel to make some IPv6 features available. MAG and LMA need different features.
• Install SYSLOG Server on MAGs. It can detect MN’s attachment and detachment by receiving message from access point.
• Install FreeRadius Client in MAGs and LMA, configure file “radiusclient.conf” and server, modify the IP of FreeRadius Server and session key.
• Install FreeRadius Server in LMA, add user authentication information in file /usr/local/etc/raddb/users, including MN-ID, home network prefix and user password.
• Compile and install PMIP6D which is the main program of this test-bed.
• All the computers and routers should be linked as Figure 8.
• Configure the wireless routers so that it works as AP, insure them would not add their MAC Address to the packets that they forward. Enable and configure their SYSLOG client, make routers send “syslog” message to corresponding MAGs.
• Start the program by using well-configured “python” script after all installation above.

We test the proposed scheme’s handover latency in our test-bed and compare with the traditional scheme. Since the L2 layer accessing takes a long time (scale in seconds), which is much larger than the L3 layer handover latency (scale in milliseconds), using the traditional latency definition is not easy to see the improvement. Therefore, we adopt a new definition which make the printing output “pmip_mag_recv_rs: Router Solicitation received” as the beginning of handover, which means N-MAG just detects MN’s attachment. And we make the output “mag_end_registration: Out of setup route” as the end of the handover, which means N-MAG has completed signalling exchange with LMA, built tunnel and sent RA message to MN.

We have tested the traditional handover scheme and proposed scheme 100 times each, including 50 times switch to P-MAG from N-MAG and 50 times switch to N-MAG from P-MAG. Test data are shown in Figure 9:

Figure 9.  Handover latency of the traditional and proposed scheme

The average of test data is shown in table 3.

Table 3. Test data average

These data show that, due to the cancellation of the unnecessary AAA authentication, handover latency in proposed scheme has been decreased 12.62%. Thus, the improved scheme is superior to the traditional one.

6. Conclusions

In this paper, we introduce the present development of PMIPv6 and the way to add AAA server to PMIPv6 in NS-2. What’s more, we have proposed an improved handover scheme which can minimize handover latency and ratio of packet loss by omitting operation of AAA authentication again in the same domain. We evaluate the performance of both the ordinary and the proposed scheme in NS-2 and a real test-bed. The simulation and testing results show that our proposed scheme can effectively reduce the handover latency and ratio of packet loss. However, there are some drawbacks, for example, it is only satiable for intra-domain handover, the security issues is not perfect etc. Further work should include the improvement and simulation jobs aimed at the problems above.

Acknowledgements

This study is supported by National Natural Science Foundation of China (No. 61070179),  Guangzhou Science & Technology Project (No.2014J4100019), Key Collaborative Innovation Project among Industry, University and Institute of Guangzhou(No. 201604010001).

References

[1]     S. Gundavelli (Ed.), K. Leung, V. Devarapalli, K. Chowdhury and B. Patil, ‘Proxy Mobile IPv6’, Internet Engineering Task Force RFC 5213, August 2008.

[2]     J. Korhonen, Ed.Diameter Support for Proxy Mobile IPv6[S].IETF RFC 5779,2010.

[3]     LV Jianhua, ZHOU Huachun, QIU Luwei,et al. Implementation of authentication and authorization of proxy mobile IPv6. Computer Engineering and Application, 2012,48(22):109-116.

[4]     Ju Eun Kang, Dong Won Kun, Yang Li, You Ze Cho. Seamless Handover Scheme for  Proxy Mobile IPv6[J]. IEEE Computer Society, 2008,10.1109/WiMob:410-414.

[5]     Igor Kim, Young Chul Jung, Yong Tak Kim. Low Latency Proactive Handover Scheme for Proxy MIPv6 with MIN[J],SpringerLink, 2008, Volume 5297:344-353.

[6]     Linoh A.Magagula, Olabisi E.Falowo, H.Anthony Chan.Handover Optimization in Heterogeneous Wireless Networks: PMIPv6 vs. PMIPv6 with MIH [C] .Southern Africa Telecommunication Networks and  Applications Conference, 2009.

[7]     Nitesh M. Tarbani, B.R. Chandavarkar. Implementation of AAA Server for PMIPv6 in  NS-2[J]. PDCTA,2011. IEEE, 2011.

[8]     Viswanathan M, Yi M K, Yun S Y, et al. A novel local mobility anchor selection scheme for proxy mobile IPv6 networks[C], Proceedings of the 6th International Conference on Ubiquitous Information Management and Communication. ACM, 2012: 49.

[9]     Baek J J, Song J S. Adaptive context transfer scheme for fast handoff in Proxy Mobile IPv6[C], Next Generation Mobile Applications, Services and Technologies, 2008. NGMAST’08. The Second International Conference on. IEEE, 2008: 127-130.

[10]   Banerjee K, Tahasin Z I, Uddin R. An Efficient Handover Scheme for PMIPv6 in IEEE 802.16/WiMAX Network[J]. International Journal of Electrical & Computer Sciences, 2011, 11(5)

[11]   Giuliana Iapichino, Christian Bonnet. Experimental Evaluation of Proxy Mobile IPv6: an Implementation Perspective [J]. IEEE Wireless Communications and Networking Conference (WCNC), 2010 IEEE, April 2010

Authors

Hewei Yu Professor of South China University of Technology. His research interests focus on integration technology of heterogeneous wireless networks. He directed several projects supported by the National Natural Science Foundation of China, Science & Technology projects of Guangdong Province, and Guangzhou City.

Meiling Zhou  Got her Master degree from South China University of Technology. Her research direction is handoff technology of Proxy Mobile IPv6. Now she is working in the GF Fund Management Co., Ltd.