Survivability Evaluation of SIGMA and
Mobile IP
Shaojian Fu, Mohammed Atiquzzaman
TR-OU-TNRL-05-109
April 2005
Telecommunication & Network Research Lab
School of Computer Science
THE UNIVERSITY OF OKLAHOMA
200 Felgar Street, Room 159, Norman, Oklahoma 73019-6151
(405)-325-4042, atiq@ou.edu, www.cs.ou.edu/˜atiq
Survivability Evaluation of SIGMA and Mobile IP
Shaojian Fu, Mohammed Atiquzzaman
Telecommunications and Networks Research Lab
School of Computer Science, University of Oklahoma,
Norman, OK 73019-6151, USA.
Email: {sfu,atiq}@ou.edu
Abstract
Mobile IP has been developed by IETF to handle mobility of Internet hosts at the network layer. Mobile IP
suffers from a number of drawbacks, one of which is low survivability due to single-point failure of Home Agents.
In our previous study, Seamless IP diversity based Generalized Mobility Architecture (SIGMA) was proposed to
support low latency, low packet loss IP mobility. In this paper, we show that the location management scheme used
in SIGMA can enhance the survivability of the mobile network. We develop an analytical model to evaluate the
survivability of SIGMA as compared to that of Mobile IP. Numerical results have shown the improvement in system
response time and service blocking probability of SIGMA over Mobile IP in practical environments under the risk
of hardware failures and distributed DoS attacks.
I. INTRODUCTION
Mobile IP (MIP) [1] is designed to handle mobility of Internet hosts at the network layer. Several
drawbacks exist when using MIP in a mobile computing environment, one of which is low survivability
due to single-point failure of Home Agents. Mobile IP is based on the concept of Home Agent (HA) for
recording the current location of the Mobile Host (MH) and forwarding packets to MH when it moves
out of its home network. In MIP, the location database of all the mobile nodes are distributed across all
the HAs that are scattered at different locations (home networks). According to principles of distributed
computing, this approach appears to have good survivability. However, there are two major drawbacks to
this location management scheme as given below:
• Each user’s location and account information can only be accessible through its HA. The transparent
replication of the HA, if not impossible, is not an easy task as it involves extra signaling support as
proposed in [2].
• HAs have to be located in the home network of an MH in order to intercept the packets sent to the
MH. The complete home network could be located in a hostile environment, in the case of failure of
the home networks, all the MHs belonging to the home network would no longer be accessible.
As the amount of real-time traffic over wireless networks keeps growing, the deficiencies of the network
layer based Mobile IP, in terms of high latency and packet loss, becomes more obvious. Since most of
the applications in the Internet are end-to-end, a transport layer mobility solution would be a natural
candidate for an alternative approach. A number of transport layer mobility protocols have been proposed,
for example, MSOCKS [3] and connection migration solution [4] in the context of TCP, and M-SCTP [5]
and mobile SCTP [6] in the context of SCTP [7]. In our previous study in [8], we proposed an new
architecture for supporting low latency, low packet loss mobility called Seamless IP diversity based
Generalized Mobility Architecture (SIGMA), and evaluated its handover performance compared with
MIPv6 enhancements.
The location management and data traffic forwarding functions in SIGMA are decoupled, allowing it
to overcome the drawbacks of MIP in terms of survivability. In SIGMA, Location Managers (LM) can
be combined with DNS servers, which can be deployed anywhere in the Internet and in a highly secure
location. Also, it would be fairly straightforward to duplicate the LMs since they are not responsible for
user data forwarding.
In the literature, two recent papers that have addressed the problem of MIP survivability are [9] and [10].
Ref [9] proposed a procedure to let MH register with multiple MAPs to avoid single point failure. Ref [10]
used a similar idea as SIGMA, and the authors proposed a way to move HA (they call it Location Register)
to a secure location and duplicate HA through some translation servers or a Quorum Consensus algorithm
borrowed from distributed database systems. But none of the papers analytically models the survivability
of MIP. Through analytical models, the objective of this paper is to show that the location management
scheme used in SIGMA can enhance the survivability of the mobile network. The contributions of the
current study can be summarized as:
• Illustrate the reason of SIGMA can achieve better survivability than MIP.
• Develop a analytical model based Markov Reward Process to determine the survivability of location
management schemes.
• Compare the survivability of SIGMA and MIP in terms of system availability and user response time.
The rest of this paper is structured as follows: Sec. II reviews the location management scheme used
by SIGMA, Sec. III illustrates the basic reason of SIGMA being able to achieve better survivability than
MIP. The analytical model is described in Sec. IV and the numerical results are shown in Sec. V. Finally,
the concluding remarks are presented in Sec. VI.
Internet
Correspondent
Node
DNS Server
Mobile
Host
6
.
S
e
t
u
p
&
D
a
t
a
P
a
c
k
e
t
s
5
.
A
n
s
w
e
r
t
o
t
h
e
Q
u
e
r
y
Root Name Server
2. Query for current MH location
3. Answer with IP of the DNS
Server
4
.
Q
u
e
r
y
P
r
i
m
a
r
y
S
e
r
v
e
r
1
.
U
p
d
a
t
e
c
u
r
r
e
n
t
M
H
’
s
l
o
c
a
t
i
o
n
New Domain
Previous Domain
Fig. 1. Location management in SIGMA
II. LOCATION MANAGEMENT OF SIGMA
SIGMA needs to setup a location manager for maintaining a database of the correspondence between
MH’s identity and its current primary IP address. Unlike MIP, the location manager in SIGMA is not
restricted to the same subnet as MH’s home network (in fact, SIGMA has no concept of home or foreign
network). The location of the LM does not have impact on the handover performance of SIGMA. This
will make the deployment of SIGMA much more flexible than MIP.
The location management can be done in the following sequence as shown in Fig. 1: (1) MH updates
the location manager with the current primary IP address. (2) When CN wants to setup a new association
with MH, CN sends a query to the location manager with MH’s identity (home address, domain name,
or public key, etc.) (3) Location manager replies to CN with the current primary IP address of MH. (4)
CN sends an SCTP INIT chunk to MH’s new primary IP address to setup the association.
If we use the domain name as MH’s identity, we can merge the location manager into a DNS server.
The idea of using a DNS server to locate mobile users can be traced back to [11]. The advantage of this
approach is its transparency to existing network applications that use domain name to IP address mapping.
An Internet administrative domain can allocate one or more location servers for its registered mobile users.
Compared to MIP’s requirement that each subnet must have a location management entity (HA), SIGMA
can reduce system complexity and operating cost significantly by not having such a requirement. Moreover,
the survivability of the whole system will also be enhanced as discussed in Sec. III.
III. SURVIVABILITY COMPARISON OF SIGMA AND MIP
In this section we discuss the survivability of MIP and SIGMA. We highlight the disadvantages of MIP
in terms of survivability, and then discuss how those issues are taken care of in SIGMA.
A. Survivability of MIP
In MIP, the location database of all the mobile nodes are distributed across all the HAs that are scattered
at different locations (home networks). According to principles of distributed computing, this approach
appears to have good survivability. However, there are two major drawbacks to this distributed nature of
location management as given below:
• If we examine the actual distribution of the mobile users’ location information in the system, we
can see that each user’s location and account information can only be accessible through its HA;
these information are not truly distributed to increase the survivability of the system. The transparent
replication of the HA, if not impossible, is not an easy task as it involves extra signaling support as
proposed in [2].
• Even if we replicate HA to another agent, these HAs have to be located in the home network of an
MH in order to intercept the packets sent to the MH. The complete home network could be located
in a hostile environment, such as a battlefield, where the possibility of all HAs being destroyed is
still relatively high. In the case of failure of the home networks, all the MHs belonging to the home
network would no longer be accessible.
B. Centralized Location Management of SIGMA offers Higher Survivability
Referring to Fig. 1, SIGMA uses a centralized location management approach. As discussed in Sec. II,
the location management and data traffic forwarding functions in SIGMA are decoupled, allowing it to
overcome many of the drawbacks of MIP in terms of survivability (see Sec. III-A) as given below:
• The LM uses a structure which is similar to a DNS server, or can be directly combined with a
DNS server. It is, therefore, easy to replicate the Location Manager of SIGMA at distributed secure
locations to improve survivability.
• Only location updates/queries need to be directed to the LM. Data traffic do not need to be intercepted
and forwarded by the LM to the MH. Thus, the LM does not have to be located in a specific network
to intercept data packets destined to a particular MH. It is possible to avoid physically locating the
LM in a hostile environment; it can be located in a secure environment, making it highly available
in the network.
Internet
Correspondent
Node
Mobile
Host
4
.
T
r
y
B
a
c
k
u
p
S
e
r
v
e
r
1
Access Router
6
.
S
e
t
u
p
&
D
a
t
a
P
a
c
k
e
t
s
5
.
A
n
s
w
e
r
t
o
t
h
e
Q
u
e
r
y
Backup Server 1
Root Name Server
1. Query for current MH location
2. IP of primary and backup servers
3
.
T
r
y
P
r
i
m
a
r
y
S
e
r
v
e
r
Primary Server
Backup Server 2
DNS
Zone
Fig. 2. Survivability of SIGMA’s location management.
Fig. 2 illustrates the survivability of SIGMA’s location management, implemented using DNS servers
as location servers. Currently, there are 13 servers in the Internet [12] which constitute the root of the
DNS name space hierarchy. There are also several delegated name servers in the DNS zone [13], one of
which is primary and the others are for backup and they share a common location database. If an MH’s
domain name belongs to this DNS zone, the MH is managed by the name servers in that zone. When the
CN wishes to establish a connection with the MH, it first sends a request to one of the root name servers,
which will direct the CN to query the intermediate name servers in the hierarchy. At last, CN obtains
the IP addresses of the name servers in the DNS zone to which the MH belongs. The CN then tries to
contact the primary name server to obtain MH’s current location. If the primary server is down, CN drops
the previous request and retries backup name server 1, and so on. When a backup server replies with the
MH’s current location, the CN sends a connection setup message to MH. There is an important difference
between the concept of MH’s DNS zone in SIGMA and MH’s home network in MIP. The former is a
logical or soft boundary defined by domain names while the latter is a hard boundary determined by IP
routing infrastructure.
If special software is installed in the primary/backup name servers to constitute a high-availability
cluster, the location lookup latency can be further reduced. During normal operation, heart beat signals
are exchanged within the cluster. When the primary name server goes down, a backup name server
automatically takes over the IP address of the primary server. A query requests from a CN is thus
transparently routed to the backup server without any need for retransmission of the request from the CN.
Other benefits SIGMA’s centralized location management over MIP’s location management can be
summarized as follows:
• Security: Storing user location information in a central secure database is much more secure than
being scattered over various Home Agents located at different sub-networks (in the case of Mobile
IP).
• Scalability: Location servers do not intervene with data forwarding task, which helps in adapting to
the growth in the number of mobile users gracefully.
• Manageability: Centralized location management provides a mechanism for an organization/service
provider to control user accesses from a single server.
IV. ANALYTICAL MODEL
The aim of our model is to perform a combined analysis of system availability and performance
evaluation. J. Meyer created a new measure called performability in [14], [15], which will be used in
this paper to measure the survivability of a system. A performability model consists of a availability sub-
model, a performance sub-model, and a glue model that combine these two sub-models. We choose Markov
Reward Model as the glue model since it provides a natural framework for an integrated specification
of state transitions due to server failures and the system performance (equivalent to reward) under each
system state.
A. Networking Architecture
The networking architecture been considered in the analytical model is shown in Fig. 3. The router in
Fig. 3 forwards location updates from MHs, location queries from CNs, and DDoS attack traffic to N
location managers according to a round-robin policy. Each location manager has an independent queue
of size K packets. After being processed by one of location managers, the acknowledgement/reply to the
update/query/attack packets are transmitted back to their originators.
B. Assumptions and Notations
We have made the following assumptions in our analytical model to make it computationally tractable:
• Arrival of location updates, queries, and DDoS attacks are Poisson processes.
• Location managers can not differentiate DDoS attack traffic from legitimate traffic.
• All location managers share common set of MH’s mobility bindings.
• Processing time of location updates, queries, and DDoS attacks are exponential distributed and have
same mean value.
Router
S
1
S
2
S
N
K
Location
updates/queries/
DDoS attacks
Ack/Replies
Fig. 3. Queuing model of N location managers
• Hardware failures can be perfectly covered1, i.e. system can degrade gracefully when one of the
working server fails.
• Hardware failures always occurs on the servers with heaviest load.
Following are the notations that will be used in the analytical model:
N total number of location managers.
λu, λq, λa arrival rate of location updates, queries, and DDoS attack, respectively.
λ summation of λu, λq, λa.
µ location manager processing rate.
K queue size of each location manager (packets).
γ, δ hardware failure rate and repair rate, respectively.
τ mean time to failure (MTTF)
φ mean time to repair (MTTR)
C. Combined System Availability & Performance model for SIGMA survivability
The objective of our model is to determine the average response time and blocking probability of
SIGMA under the impact of hardware failures and DDoS attacks. We use a two-dimensional Continuous
Time Markov Chain (CTMC) to capture system characteristics. The state transition diagram is shown in
Fig. 4, in which each state is labelled as (Nw, L), where Nw is the number of currently working servers
and L is the total number of packets in the system. When Nw equals N , since each server has a queue
size of K, the maximum value of L is K ′′ = N ×K. Similarly, When Nw equals N − 1, the maximum
value of L is K ′ = (N − 1)×K.
We illustrate the transition diagram through several examples:
1In an imperfect coverage system, some failures are impossible to be detected and the failure of one component will halt the whole system.
• current state is (N ,0), the hardware failure of any one server (happens with a rate of Nγ) will make
the next state (N − 1,0).
• current state is (N ,1), arrival of one update/query/attack packet will change the state to (N ,2). Since
router use a round-robin policy, each server has equal share of load. Therefore, the transition rate is
λ/N .
• current state is (N ,2), departure of one packet will change the state to (N ,1). Since each server has
equal processing rate of µ, therefore, the transition rate is µ/N .
• current state is (N ,2), one hardware failure will make the next state (N − 1,1). Since we assume the
hardware failure always occurs on the servers with heaviest load (equals one in this case), the packets
assigned to the failed server will be lost.
• current state is (N − 1,1), the repair of the failed server will change the state of (N ,1).
(0,0)
(1,0)
δ γ
(1,1)
λ
µ
(1,K)
λ
µ
λ
µ
γ
γ
δ δ
2γ 2γδ
δ
2γ
(N − 1)γ
(N-1,0) (N-1,1)
λ
N−1
µ
(N-1,K’)
λ
N−1
µ
λ
N−1
µ
(N − 1)γ (N − 1)γ
(N,0) (N,1) (N,2)
δ Nγ
Nγ Nγ
δ
δ
λ
N
µ
λ
N
µ
(N,K")
Nγ
λ
N
µ
λ
N
µ
Fig. 4. State digram of N location managers
We can determine each element of infinitesimal generator matrix Q of CTMC shown in Fig. 4 as
follows:
qi,j =
λ/Nw j = i+ 1, Li ≤ NwK (arrival)
µ j = i− 1, Li ≥ 1 (departure)
γNw j = i−
⌈
i−1
Nw
⌉
− K(Nw−1)
2
(failure)
δ j = i+NwK + 1 (repair)
0 other j 6= i
−
∑m
k=1 qi,k j = i, k 6= i
(1)
Where Li is the total number of packets in system when current state is labelled as i, and m is the size
of matrix, which is given by:
m = K
N(N + 1)
2
+ (N + 1) (2)
In the failure case in Eqn. 1, j is determined by:
j =
(
i− 1−
Nw−1∑
x=0
xK∑
z=0
1
)
−
(
i− 1−
∑Nw−1
x=0
∑xK
z=0 1
)
Nw
+
(
1 +
Nw−2∑
x=0
xK∑
z=0
1
)
= [i− (Nw − 1)K − 1]−
(
i− 1−
∑Nw−1
x=0
∑xK
z=0 1
)
Nw
= i−
⌈
i− 1
Nw
⌉
−
K(Nw − 1)
2
(3)
Once we have determined the infinitesimal generator matrix Q, we can compute the stationary distrib-
ution of the CTMC pi by:
piQ = 0 (4)
When a packet arrives, if the system is in state (0,0) or a state where (Nw,NwK), the packet is dropped
since no service is possible. Therefore, the blocking probability can be calculated by:
Pb = piB
T
where B = [1, B1, · · ·Bj · · ·BN ],
and Bj = [0, · · · 0, 1]jK+1, j = 1, · · · , N (5)
The average number of packets in the whole system can be calculated by:
E[n] = pivT
where v = [v0, v1, · · · vj · · · vN ],
and vj = [0, 1, · · · jK], j = 0, · · · , N (6)
According to Little’s law, the system response time can be determined by:
E[T ] =
E[n]
λaccepted
=
E[n]
λ(1− Pb)
(7)
D. Analytical Model for MIP survivability
In this section, the survivability of MIP is analyzed. We use the same assumptions and notations as
used for SIGMA in Sec. IV-B. In addition to the notations in Sec. IV-B, let λd be the arrival payload data
traffic rate at HA, then λ = λu + λq + λa + λd. Two modes of MIP will be considered here:
• single server mode: only one HA available for one network. Once failure happens, all service requests
are blocked until the server repaired.
• standby mode: there are multiple HAs available, one of which is the primary HA. Once the primary
HA fails, one of the backup HAs will be switched in within time Tsw. During Tsw, all service requests
are blocked.
Both these two MIP modes can be modelled by a CMTC as shown in Fig. 5. At any time, there can only
be at most one HA serving req
本文档为【Survivability_Evaluation_of_SIGMA_and_Mobile_IP】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。