Communications systems evolve more and more towards an Internet Protocol (IP)-based network. They typically consist of many interconnected networks, in which speech and data is transmitted from one terminal to another terminal in pieces, so-called packets. IP packets are routed to the destination by routers in a connection-less manner. Therefore, packets comprise IP header and payload information, whereby the header comprises among other things source and destination IP address.
For scalability reasons, an IP network uses a hierarchical addressing scheme. Hence, an IP address does not only identify the corresponding terminal, but additionally contains location information about this terminal. With additional information provided by routing protocols, routers in the network are able to identify the next router towards a specific destination.
In particular, a process referred to as routing is used to move data packets from a source to a destination over at least one intermediate network. In order for the data packet to reach the destination, the data packet needs to be handed off from one router to another, until it gets to the physical network of the destination device. This is also referred to as next-hop routing, since the routing is based on a step-by-step basis, that is, the exact path between the source and the destination is not known at the beginning, but each intermediate router knows the next-hop router to which to forward the data packet. The main advantage achieved by this is that each router only needs to know which neighboring router should be the next recipient for a given data packet, rather than knowing all the routers on the path to every destination network.
Exemplary, after the source device sends a packet to its local router, the data link layer of the local router passes it up to the router's IP layer. Correspondingly, after removing the layer 2 frame, the layer 3 header of the packet is examined, and the router decides to which next router the packet is to be sent. Consequently, the packet is re-encapsulated in an appropriate layer 2 frame and is passed back down to the data link layer, which sends it over one of the router's physical network links to the determined next router.
In this respect, a router maintains a set of information, called routing table, that provides a mapping between different network IDs (IP address prefixes) and the other routers to which it is connected. Correspondingly, the router checks the destination IP address of a data packet against the routing table entries to determine the next-hop router, based on the longest match of the destination address with an entry of the routing table. In addition, a metric value defined for each routing table entry allows to rate, based on certain criteria, particular routing entries, and thus to select the best path among several possible paths.
The routing tables are thus relevant for an efficient provision of data and may be configured manually by an operator, or dynamically. A manual setting of static routes is only feasible for smaller networks, whereas in the common Internet, which changes constantly, mainly dynamic routing tables are applied. The automatic construction of routing tables is managed and updated by routing protocols, involving a series of periodic or on-demand messages containing routing information that is exchanged between routers.
The network layer 3 (OSI) is the layer where the routing of packets actually takes place, wherein the layer 3 header of a data packet is not changed while routed through intermediate networks. As higher layers of a source and a destination are only “logically” connected, that is, there is no real/physical connectivity, it is necessary for the packets to traverse the lower layers 2 and 1 to get physically delivered to the destination. Since different protocols may be used in each layer 2, each data packet passed from e.g. layer 3 to layer 2 has to be appropriately framed.
Accordingly, encapsulation of data packets is usually used to transmit data from an upper layer protocol via a lower layer protocol. For instance, IPv4 and IPv6 protocol are network layer protocols, and the User Data Protocol (UDP) or the Transmission Control Protocol (TCP) are transport layer protocols. Consequently, user data is encapsulated in a UDP datagram (layer 4), which is then encapsulated in an IP packet (layer 3). Sequentially, the IP packet, along with the encapsulated user data, may then be transmitted over the data link layer protocol (e.g. Ethernet, layer 2), which again entails an encapsulation.
Furthermore, encapsulation may also be used within a same layer in case one protocol of a particular layer is used for transporting a data packet encapsulated by another protocol of the same particular layer. A logical construct called a tunnel is established between the device that encapsulates and the device that decapsulates, wherein the process itself is referred to as tunneling. The tunneling may be used for transmitting data packets of one network protocol through a network (controlled by a different protocol) which would otherwise not support it. Tunneling may also be used to provide various types of Virtual Private Network (VPN) functionalities such as private addressing and security or for mobility support. For instance, there is the GPRS Tunnelling Protocol (GTP), the Point-to-Point Tunneling Protocol (PPTP) or the IP security Protocol (IPsec).
One of the most commonly used tunneling mechanisms is the IP (layer 3)-in-IP (layer 3) encapsulation, which refers to the process of encapsulating an IP-datagram with another IP header and may be used e.g. for Mobile IP. Mobile IPv6—also denoted MIPv6—(see D. Johnson, C. Perkins, J. Arkko, “Mobility Support in IPv6”, IETF RFC 3775, Jun. 2004, incorporated herein by reference) is an IP-based mobility protocol that enables mobile nodes to move between subnets in a manner transparent for higher layers and applications, i.e. without breaking higher-layer connections. In other words, the mobile nodes remain reachable while moving around in the IPv6 internet network.
Usually, when a terminal powers on, it configures an IP address that is based on the IP address prefix of the access network. If a terminal is mobile, a so-called mobile node (MN), and moves between subnets with different IP prefix addresses, it must change its IP address to a topological correct address due to the hierarchical addressing scheme. However, since connections on higher-layers such as TCP connections are defined with the IP addresses (and ports) of the communicating nodes, the connection to the active IP sessions breaks if one of the nodes changes its IP address, e.g. due to movement. One possible protocol to address said problem is the MIPv6 protocol.
The main principle of MIPv6 is that a mobile node is always identified by its Home Address (HoA), regardless of its topological location in the Internet, while a Care-of Address (CoA) of the mobile node provides information about the current topological location of the mobile node.
In more detail, a mobile node (mainly referred to as MN or User Equipment UE) has two IP addresses configured: a Care-of Address and a Home Address. The mobile node's higher layers use the Home Address for communication with the communication partner (destination terminal), from now on mainly called Correspondent Node (CN). This address does not change and serves the purpose of identifying the mobile node. Topologically, it belongs to the Home Network (HN) of the mobile node. In contrast, the Care-of Address changes on every movement resulting in a subnet change and is used as the locator for the routing infrastructure. Topologically, it belongs to the network the mobile node is currently visiting. One out of a set of Home Agents (HA) located on the home link maintains a mapping of the mobile node's Care-of Address to the mobile node's Home Address and redirects incoming traffic for the mobile node to its current location. Reasons for deploying a set of home agents instead of a single home agent may be e.g. redundancy and load balancing.
Mobile IPv6 currently defines two modes of operation, one of which is bi-directional tunneling (FIG. 1). The other mode is the route optimization mode (FIG. 2). In using bi-directional tunneling, data packets sent by the correspondent node 101 and addressed to the home address of the mobile node 102 are intercepted by the home agent 111 in the home network 110. IP-in-IP encapsulation is required because each data packet that is intercepted needs to be resent over the network to the Care-of Address of the MN 102. Accordingly, each intercepted data packet is included as the payload in a new IP data packet addressed to the CoA of the MN 102 and tunneled to the MN 102, which is located at the foreign network 120. The start of the corresponding tunnel is the Home Agent 111, which does the encapsulation and the end is the mobile node 102. It might also be possible that a local agent in the foreign network 120 receives messages on behalf of the mobile node, strips off the outer IP header and delivers the decapsulated data packet to the mobile node (not shown).
Data packets sent by the mobile node 102 are reverse tunneled to the home agent 111, which decapsulates the packets and sends them to the correspondent node 101. Reverse tunneling means that packets are tunneled by the mobile node to the home agent in a “reverse” manner to the “forward” tunnel.
Regarding this operation, in MIPv6 only the Home Agent 111 is informed about the Care-of Address of the mobile node 102. Therefore, the mobile node sends Binding Update (BU) messages to the Home Agent. These messages are advantageously sent over an iPsec security association, and are thus authenticated and integrity protected.
Generally, IPsec provides security services at the IP layer for other protocols and applications in order for them to communicate securely. That is, IPsec sets up a secure path between two communicating nodes over insecure intermediate systems. In this respect, IPsec is composed of several components to provide security service, wherein the two main ones are the Authentication Header (AH) protocol and the Encapsulating Security Payload (ESP) protocol. They provide authenticity and privacy to IP data by adding particular headers to the IP data packet.
FIG. 3 shows a diagram of an exemplary data packet exchange between a CN 101 and a MN 102 via the Home Agent 111 of the MN 102, wherein the packet format during the communication is illustrated in detail. It is assumed that all communication between the CN and the MN is conducted via the MN's HA 111, that is, no route optimization has been performed. Consequently, the IP header of a data packet transmitted from the CN to the MN contains the Home Address of the MN as destination address, and the IP address of the CN as the source address. In accordance with the destination address of the packet being the Home Address of the MN, the data packet is routed to the Home Network, and then to the Home Agent of the MN.
As explained above, upon receiving the data packet, the HA applies the IP-in-IP encapsulation based on MIPv6 procedures and sends the encapsulated packet to the MN. In other words, the HA tunnels the received data packets to the MN by applying the IP-in-IP encapsulation. More specifically, the HA adds another IP header to the packet, comprising its own address as the source address, and the Care-of Address of the MN as the destination address of the additional header. As apparent from FIG. 3 this augments the packet size with another 40 bytes. For the following discussion and description of the various embodiments of the invention, it should be noted that the IP-in-IP header applied at the HA is mainly called “outer header”, whereas the header encapsulated by the outer header will be mostly referred to as “encapsulated header” or “inner header”. The outer header and the encapsulated header(s) form a concatenation of headers.
Data packets that are returned by the MN are encapsulated with two IP headers. The outer header is used by routers for routing the packet and relates to the tunneling of the data packet to the HA, and accordingly includes the address of the HA as the destination address, and the Care-of Address of the MN as the source address. The inner IP header includes the CN's address as the destination, and the MN's Home Address as the source address.
Therefore, each data packet of a communication session between a MN and a CN is augmented between the HA and the MN, this resulting in additional traffic in the corresponding network. This is especially disadvantageous in networks with limited data bandwidth capabilities, e.g. wireless networks.
This is only one example in which additional overhead is generated during the transfer of data packets to a receiving entity. Other scenarios may include even more additional header bytes. For instance, in case data security is necessary on a particular path, the IPSec protocol may be used to transmit encrypted data packets on said path, which however adds another 48 bytes. Furthermore, provided that said path is between the HA and the mobile node, this means that each data packet has 88 bytes (40 bytes (IP-in-IP)+48 bytes (IPSec)) of overhead.