3.1. Previous Works
As mentioned earlier, we cannot claim that each CN does or must implement a binding cache. Thus, the MRT approach proposed in [8] to remove such limitations demands that only edge routers must support the MRT. However, even if we ask all the edge routers in the Internet to support the MRT, the approach still results in protocol deployment limitation. In order to reduce the limitation, for example, some routers will support and some will not, there must be a method which is able to find the appropriate routers supporting MRT that can be used to enhance transmission performance.
To overcome those limitations, we have introduced three HA-initiated schemes that cooperate with the MRT to optimize routing paths [8]. When the HA is going to forward a packet received from the CN to the MN by tunneling, the HA will try to find the appropriate MRT-enabled routers along the path between the HA and the CN. If found, the HA will send the MRT binding update messages with corresponding binding information to MRT-enabled routers such that the MRT-enabled routers can forward the successive packets to the MN directly. Hence, the triangular routing problem can be avoided. All the HA-initiated schemes begin the MRT router discovery procedure at the HA and have similar signaling overhead and performance representation. Therefore, we describe a representative scheme, a backward tracking scheme, in detail in what follows. More information on the other two schemes can be found in [8].
The backward tracking scheme uses the ICMP router discovery and SNMP query messages to find the routers that may support MRT. The ICMP messages include "router advertisements" and "router solicitations." Each router periodically broadcasts such advertisements via each of its interfaces to announce the IP address(es) of that interface. After the HA forwards the first packet received from the CN to the MN by tunneling, the HA broadcasts an ICMP router solicitation message to the network where the CN is located. After receiving the ICMP router advertisement message, the HA can find the default gateway of the CN.
The HA then sends an MRT binding message to the found router. If the HA receives an MRT acknowledgement message, the gateway is an MRT-enabled router. If no MRT acknowledgement is received within the time limit which is set by network administrator, that router does not support MRT. Then the HA uses SNMP query messages and combines with a Reverse Path Forwarding (RPF) [26] mechanism to find a router with one hop closer to the HA. The HA then sends an MRT binding message to the possible router. The HA iterates sending SNMP messages and MRT binding messages to the found routers. The iteration will be stopped when the HA receives an MRT response or tracks back to the HA. This approach can find the possible routers that support MRT in the path from CN to HA. If there is no MRT router located on this path, the process may fail, yet the packets are still transmitted by tunneling at the HA.
Figure 2 illustrates the operation of the backward tracking scheme of the MRT approach, in which the main steps of the scheme are listed as follows.
(1)The HA acquires the address of R1 by an ICMP router solicitation message. The HA then sends an MRT binding message to R1, but no MRT ACK replies.
(2)The HA obtains the address of the next hop router closer to the HA, R2, via SNMP query.
(3)The HA sends an MRT binding message to R2, but still no MRT ACK replies.
(4)The HA obtains the address of the next hop router closer to the HA, R3, via SNMP query.
(5)The HA sends an MRT binding message to R3 and receives an MRT ACK message. The appropriate MRT router is found and can forward the follow-up packets to the MN directly.
(6)If R3 does not support the MRT approach, the backward tracking continues until it reaches the HA.
3.2. Proposed MN-Initiated Schemes
The HA-initiated schemes can support discovering the MRT routers. Unfortunately, those schemes may generate too many control messages in order to find a useful MRT-enabled router. Furthermore, the backward tracking scheme starts the searching procedure with ICMP router solicitation, which is sent to the CN by directed broadcast. Many routers may block directed broadcast messages to avoid Denial of Service (DoS) or Distributed DoS (DDoS) attacks by default [27]. The other two HA-initiated schemes also have similar security concerns. Thus, the HA-initiated schemes may not work as expected.
In a client/server model, the MN, for the most part, may act as a client and the CN acts as a server. Therefore, the communications will be initiated at the MN. If the discovery procedure can be triggered when the MN leaves its home network and visits a foreign network, then the execution of the MRT router discovery procedure can be started earlier than the MN-initiated schemes. In other words, if the MN handoffs to a new foreign network and activates the discovery procedure before it communicates with a CN, then the first packet sent from the CN can be redirected to the MN by the discovered MRT router without the tunneling process at the HA.
We propose two new MN-initiated schemes, in which the discovery procedure is activated by the MN. These two schemes can find appropriate MRT routers within fewer control messages than HA-initiated schemes. Therefore, the signaling overhead can be significantly reduced. These two MN-initiated schemes can provide a more efficient discovery procedure while avoiding the security problems that affect other schemes. However, if the communication model is peer-to-peer, the communication may be started with the CN. The MN can activate the discovery procedure when the MN receives the first tunneled packet sent by the CN.
These two new MN-initiated schemes, the ICMP echo scheme and the ICMP destination-unreachable scheme, are presented in the following sections.
3.2.1. ICMP Echo Scheme
In the traditional ICMP echo mechanism, the sender can issue a request packet which can carry any information in the payload. The receiver just sends back a reply packet with the same payload it received. Therefore, we may put the MRT binding information into the payload of an echo request packet. In this scheme, the MN just issues an ICMP echo request packet, in which the MRT binding information is inserted into its payload, when the MN leaves its home network and visits a foreign network or receives a tunneled packet from the CN. The CN will just send back an ICMP echo reply message as usual. The intermediate MRT-enabled routers will identify the payload of the ICMP echo reply message and begin updating the HA of MN with new binding information. Therefore, the MRT-enabled router can forward packets destined to the MN directly.
Figure 3 illustrates the operation of the ICMP echo scheme of the MRT approach, in which the main steps of the scheme are listed as follows.
(1)The MN encapsulates an ICMP echo request packet which contains its binding information as illustrated in Figure 4(a). The packet is sent to the CN by conventional routing.
(2)The CN sends back an ICMP echo reply packet with the same payload it received. The packet is sent to the HA.
(3)The intermediate MRT routers, R3 and R4, inspect every ICMP echo reply message. If there is an MRT binding message in the payload, R3 and R4 will send binding requests to the HA listed in the ICMP payload. Thus, R3 and R4 can update its MRT table. During R3 and R4 are sending binding request messages to the HA, they modify the content of the payload as illustrated in Figure 4(b). Then, the modified ICMP echo reply packet is sent to the HA.
(4)After ICMP reply message reaches the HA, HA forwards the packet to the MN by tunneling as usual.
In this scheme, the signaling for mobility management is triggered by the exchanges of ICMP echo messages. The payload of the ICMP echo request and reply messages are specified by means of text-based messages similar to SIP [23]. Figure 4(a) shows an example of an MRT binding message within a payload of an ICMP echo request, and Figure 4(b) shows an example of an MRT binding message within a payload of an ICMP echo reply message.
The MRT binding information within the payload starts with "MRTBinding" used for the MRT-enabled router to quickly identify the packet. The protocol is named MRT in the current version of 1.0. The second line in the example shows that the address binding is an IP version 4 address. The "From" and "To" fields show the addresses of the MN and CN, respectively. The "CoA" field keeps the current CoA of the MN. The "HAA" and "FAA" fields keep the addresses of the HA and FA, respectively. The most important field is "MRT;" the MRT-enabled routers will insert their IP addresses into this field delimited with commas if more than one MRT-enabled router found. The "MRTLimit" filed is used to limit the number of found MRT-enabled routers that will begin its binding update procedure. The "Updated" field is used to store the number of MRT-enabled routers found. Each MRT-enabled router will increase its value by 1 before forwarding. Figure 4(b) shows an example of the payload of ICMP echo reply. It starts with "200 OK," and the "MRT" and "Updated" fields have been modified by the MRT-enabled routers.
3.2.2. ICMP Destination-Unreachable Scheme
As defined in the RFC 792 [9], when a host or router cannot deliver a datagram, the datagram is discarded, and the host or router sends an ICMP destination-unreachable message back to the source host. The code field for this message specifies the reason for discarding the datagram. In this scheme, we use a special transport port number which is unused in well-known Internet services and is used only for the MRT discovery scheme. When the MN leaves its home network and visits a foreign network or receives a tunneled packet from the CN, the MN first sends a probe packet to the CN with a predefined and unused destination port number, for example, 10101. The probe packet is a general UDP message used to trigger CN to reply an ICMP destination-unreachable error report. Thus, The CN will issue an ICMP destination-unreachable message back to the MN with the code filed of ICMP message equal to 3 since the CN does not listen to that port number. The ICMP error message will be transferred to the HA. When the intermediate MRT-enabled routers receive an ICMP destination-unreachable message with the code equal to 3 and the destination port number of the original transport header equals the predefined number, they will issue an MRT binding request to the destination address of the ICMP message and try to update their binding tables. In other words, the ICMP destination-unreachable message is used to trigger the MRT-enabled routers to update their binding tables.
Figure 3 also illustrates the operation of the ICMP destination-unreachable scheme of the MRT approach, in which the main steps of the scheme are listed as follows.
(1)The MN sends a probe message to the CN.
(2)The CN issues an ICMP destination-unreachable error message destined to the home address of the MN.
(3)The intermediate MRT routers, for example, R3 and R4, inspect every ICMP destination-unreachable message. If the error reason is "destination port unreachable" (code equals to 3) and the port number matches, each MRT router sends an MRT binding request to the HA after forwarding the ICMP error message to the next hop.
(4)The HA receives the ICMP destination-unreachable message and tunnels to the MN. The HA also has to inform the MN of the addresses of related MRT routers.
3.3. Handoff Operation
In the original MRT approach [7], the Last Elapsed Time (LET) timer specifies how long an MRT router should wait in the absence of MRT binding update messages about an entry in the binding cache before it removes that entry. In order to keep the accuracy of the MRT binding entries, when the MN moves and changes its CoA, the MRT router has to be updated with a binding message. To trigger the MRT routers to modify their binding information, we have to store the addresses of related MRT routers. Two nodes may be used to keep those addresses: the HA and the MN. Due to concerns about size of the address table, using the MN to maintain the address table is better than using the HA. Thus, we add an address table in the MN to store the addresses of related MRT routers.
In the ICMP echo scheme, when the CN sends an echo reply message back to the MN, each intermediate MRT router appends its own address to the "MRT" field and forwards the echo packet to the MN via HA. The MN can thus obtain IP addresses of the MRT routers that have been found. In the ICMP destination-unreachable scheme, the intermediate MRT-enabled routers issue the MRT binding request messages to the HA. After replying to the MRT binding response message, the HA also uses a table to keep addresses of MRT routers and informs the MN.
Once the MN moves and changes its CoA, the MN sends a binding update message to its HA and binding warning messages to all the related MRT routers. Those messages are encrypted by the session key described in Section 4.1. The binding warning messages trigger the MRT routers to begin their binding update procedures with HA. Therefore, the MRT routers can quickly forward the following packets to the new CoA accurately.
The number of MRT binding update messages may be too high and affects the system performance if many MRT routers are found by the MN-initiated schemes. However, this can be reduced by limiting the number of MRT-enabled routers to learn. This can be done by reducing the value of "MRTLimit" field in the ICMP echo scheme.
3.4. Signaling Overhead
As mentioned above, the HA-initiated schemes may generate too many control messages. By contrast, the ICMP echo scheme triggered by the MN issues only one single ICMP echo request packet. The signaling overhead of the ICMP echo scheme is very low. The ICMP destination-unreachable scheme also needs few control messages. Moreover, the macrodomain handoffs happen infrequently. It seems that these control messages are unlikely to impose serious overhead to the involved domains.
In most cases, the CN is an Internet server with a fixed location. Furthermore, the HA and CN are not moved during the communications. So, the MRT router discovery process needs to be executed only once for each CN no matter how the MN moves.
3.5. Implementation Cost
Although the MRT approach benefits protocol deployment, it has two deficits: binding cache size and maintenance. First, the MRT routers have to store the binding information of each MN. The MNs also have to store the IP addresses of the MRT routers they used. When the MNs increase and each MN communicates with large numbers of CNs, the cache size may become a serious problem, since most routers only get installed with relatively small amounts of memory. In such a case, the MRT router may bypass the binding information or override the oldest binding record. If the binding cache is large enough to support many MNs, then the cache maintenance will result in large overhead. Therefore, we should choose an appropriate cache size that balances between these competing needs.
In the proposed MN-initiated schemes, each MRT-enabled router has to inspect the ICMP echo reply and destination-unreachable messages. The loading of routers increases as the number of ICMP messages increases.
3.6. Impact of Dynamic Routing
Routing operations in the Internet are dynamic. Packets may be sent through different paths, which mean that packets issued from the CN can be forwarded through the path without MRT routers. In such a case, the HA will send those packets to the MN by tunneling. If the HA-initiated scheme is used, the HA will begin the HA-initiated scheme when a packet reaches the HA. Although this may help the discovery of the potential MRT-enabled routers on different routes, it also increases signaling cost.
If the MN-initiated scheme is used, it can find more potential MRT-enabled routers on the path from the CN to HA. This can reduce the likelihood that packets take a detour on which no MRT-enabled router can be found and the packets reach the HA. However, even if some packets bypass MRT-enabled routers and reach the HA, the HA will send those packets to the MN by tunneling. When the MN receives the HA-tunneled packets, it can do nothing but suffer from longer delays, or the MN can trigger a new MN-initiated scheme to find potential MRT-enabled routers on the current route, which results in increasing signaling overhead.
No matter which strategy is used for discovering new potential MRT-enabled routers, the signaling cost increases. Thus, we prefer that the HA or MN should not trigger any additional MRT discovery scheme to reduce signaling overhead. Furthermore, packets issued from the CN can be forwarded through the path without MRT routers under dynamic routing. In such a case, the MN will receive out-of-order packets, which is normal in dynamic routing.
The most popular routing protocol running between different autonomous systems is BGP in current Internet. BGP is a policy-based routing protocol that routes traffic via predefined policies. Thus, the multiple routing paths are not happened usually under BGP. We think that the proposed MRT approach can still work in most case.
3.7. Comparison between MN-Initiated Schemes
The ICMP echo scheme only needs fewer messages to discover MRT-enabled routers compared with other schemes. The MRT-enabled router informs the MN of its address within the ICMP echo reply message directly, and no additional control message is needed. The overhead is very light compared to the other schemes and we prefer using this scheme in most cases. However, some enterprises or departments, including National Chi Nan University and Hsiuping Institute of Technology, both in Taiwan, may block the ICMP echo packets because of security policies. Thus, the ICMP echo scheme may not work well in all situations.
The ICMP destination-unreachable scheme is a feasible alternative. It needs three round trip messages: the first round-trip message triggers the MRT routers to start the binding update procedure, which is completed by the second round-trip message. The third round-trip message informs the MN of the addresses of MRT-enabled routers. Although the number of control messages is slightly higher than the ICMP echo scheme, ICMP destination-unreachable messages are generally not filtered out by routers based on security concerns. The ICMP destination-unreachable scheme should, therefore, work well. However, we suggest that the MN use the ICMP destination-unreachable scheme only if the ICMP echo scheme cannot work well, because the ICMP echo scheme generates minimum signaling overhead compared with other schemes.