HP-UX 11i Mobility Solutions

Leadership UNIX

Learn more:

Related products

Get what you need:

Mobile IT for Mobile Workforce

Your employees are spending more hours working away from their desks: working from home, working on the road, working in meetings, working at customer sites. Across industries, professionals and knowledge workers perform their work away from their desks more than half the time.

An IT infrastructure designed primarily to provide services to your employees’ desk is no longer in sync with the business needs.

To ensure maximal productivity, you need to provide IT services that follow the users: one where all the business data and applications, computation and communication services follow the users. We call an infrastructure with such “follow-me” capabilities a Mobile IT Infrastructure.

Building a Mobile IT Infrastructure

Wireless technologies and highly capable mobile devices are important and necessary elements of a Mobile IT Infrastructure but they are not sufficient. A Mobile IT Infrastructure needs to address the following issues.

• identification – how to identify a mobile device in a global context
• transport – how to track and route services to a mobile device
• security – how to ensure the secure delivery of services to a mobile device

Indeed, the challenge is not so much at the edge of the network but the network infrastructure itself.

With in-depth technical expertise and extensive practical experience with trend-setting customers, HP-UX networking engineers have gained unique insights on these issues. Their know-how and insight are encapsulated in the implementation of the HP-UX 11i Mobility Services

Based on the experience of HP-UX networking engineers, the following is a high level blueprint for building a Mobile IT Infrastructure,

• Begin with HP-UX 11i’s industry-leading, high-performing, highly-available Internet services.
• Enable the productive use of any mobile personal products, including all of HP’s personal products.
• Allow the user to connect to the network via either Local (e.g. cell network access, or public wireless LAN) or Regional (e.g. dial-up) Mobility Access servers.
• Use functionality that is compliant with Internet Standards to ensure interoperability and avoid proprietary functionality.
• Use Wireless-TCP to ensure high network throughput.
• Use IPv6 to provide a mobile device with a globally unique identity.
• Use Mobile-IP to allow the user’s device to connect AND continue to roam without dropping the connection or having to re-gain permission to use the network.
• Use the Authentication, Authorization and Accounting (AAA) server to make sure that the user and the device are allowed to connect to the network
• Use IPSec. to ensure communication security

In the following, the foundational components of a mobile IT infrastructure are further described.

HP-UX 11i Wireless TCP

Wireless networks pose unique challenges to the networking professionals. Performance is degraded considerably by the lower bandwidths in wireless links and the retransmission of packets caused by a higher error rate due to interference and noise. The movement of the mobile device as it moves from one location to another leads to further packet loss.

To address these challenges, the HP-UX 11i networking team has been working very closely with our customers on the development and deployment of Wireless TCP protocol. Wireless TCP on the HP-UX 11i networking stack is being used extensively, including a customer with over 43M mobile subscribers accessing the Internet using cell phones.

• RFC 1191 - Path MTU Discovery
• RFC 1323 - TCP Extensions for High Performance
• RFC 2018 - TCP Selective Acknowledgement Options
• RFC 2414 - Increasing TCP’s Initial Window
• RFC 2581 - TCP Congestion Control
• RFC 3042 - Enhancing TCP’s Loss Recovery Using Limited Transmit
• Support of larger-than-default IP MTU size
• Smoothed RTO algorithm

HP-UX 11i Mobile IPv6
HP-UX 11i Mobile IPv6 enables users with portable handheld devices or laptops to roam throughout the Internet from one domain to another while constantly communicating (maintaining the same connection) to a remote application or service without interruptions.

• A large IP address space to eliminate the need for private addresses and network address translation
• Stateless autoconfiguration for allocating a home address
• Authentication Header and Encapsulated Security Payload IPv6 extension for security
• IPv6 Routing header for better performance and less overhead

• Designed for Multi-Processor scaling
• Uses IPSec for message authentication and required end-to-end security for user data
• Extensive interoperability testing and multi-vendor verification at TAHI project forums and Connectathon bakeoffs
• Intuitive, easy to use configuration and administration tools which includes HP’s nettl tracing tool for Mobile IPv6 packet tracing
• Mobile IPv6 product is bundled with TOUR 2.0 and can be obtained through HP’s Software depot (www.software.hp.com)

• RFC 3775 - Mobility Support in IPv6
• RFC 3776 – Using IPSec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents

HP-UX 11i Mobile IPv4
HP-UX Mobile IPv4 provides IP mobility support for IPv4 networks. It implements a protocol that allows transparent routing of IP packets sent by any node that needs to communicate with the mobile node.

The mobile node (terminal) is always identified by its home address, regardless of its point of attachment to the Internet. In the home network, a server (Home Agent) is assigned to a mobile node. The Home Agent is responsible for keeping track of the mobile node as it moves from one domain to another domain and the forwarding of packets to the mobile node. The router (Foreign Agent) on the foreign network is used to detect the presence of the mobile node and to notify the Home Agent where the mobile node is currently located.

HP-UX Mobile IPv4 includes three important features: robust route optimization, AAA support and reverse tunneling.

Deployed with the HP-UX AAA Server, it provides authentication for mobile devices. Used in the AAA mode, the Home AAA server becomes a key generation and distribution center for mobile components (HAs, FAs, and MNs), eliminating the key configuration nightmare for system administrators.

Built for interoperability in multi-vendor environments, HP designed Mobile IPv4 to offer minimal mobile node hand-off latency (smooth hand-off). The Reverse Tunneling feature allows traffic to pass through routers that impose Ingress Filtering rules. Interoperability testings with leading mobile clients on the Windows and Linux platforms have also been performed.

This product can be used to support wired and wireless LAN topologies for use on corporate networks, university campuses, hotspots, and enterprise solutions.

• RFC 3344 - IP Mobility Support for IPv4
• RFC 2344 - Reverse Tunneling for Mobile IP
• RFC 2794 - Mobile IP Network Access Identifier for IPv4
• RFC 3012 - Mobile IPv4 Challenge/Response Extensions
• Draft-ietf-aaa-diameter-mobileip-08
• Draft-ietf-aaa-diameter-08
• Draft-ietf-mobileip-optim-11
• Draft-ietf-mobileip-aaa-key-10

HP-UX 11i AAA Server
Security is a critical element in mobility deployment. When a mobile node contacts the home agent for accessing its home network, there is a need to ensure that the node is the one that it claims to be (Authentication) and is allowed to access the services (Authorization) and applications that it is requesting. Once authenticated and authorized, the mobile node’s resource usage is monitored for accounting reasons (Accounting).

These functionalities are provided by an AAA server. As a Mobile Node roams into a foreign domain, the AAA server on the foreign domain must communicate with the Mobile Node’s home AAA server to authenticate the credentials of the mobile node and grant the user access to the foreign domain it has entered.

The HP-UX 11i AAA Server is a Remote Authentication Dial-In User Service (RADIUS)-compliant access policy server; provides authentication, authorization and accounting (AAA) solutions for controlling user access to network resources.

The HP-UX 11i AAA Server provides user authentication by identifying passwords, authorization of services and applications, and accounting for user accessing the network.

It is a scalable, very powerful solution that supports a wide array of network topologies and authentication requirements. It is built on a modular and object-oriented architecture, and is designed to deliver high performance. Maintaining the integrity of remote and local access account management is critical while mobility deployment grows. The AAA Server eliminates or reduces the need for separate access control systems for different access methods (e.g. dial in vs. wireless LAN) providing quality of administration.

HP-UX 11i IPsec
HP-UX 11i IPsec provides authentication, integrity, and confidentiality of end-to-end communication ensuring that the data exchange is done in a secure way. It implements a family of interrelated protocols, including the Authentication Header (AH), the Encapsulating Security Payload (ESP), the Internet Key Exchange (IKE), and the Internet Security Association Key Management Protocol/Oakley (ISAKAMP/Oakley).

AH and ESP define encryption and authentication methods for IP payloads. IKE and ISAKMP manage the exchange of secret keys, authenticate the communicating parties, and manage their security associations (SA). IKE dynamically manages and generates the secret cryptography keys used to encrypt and authenticate IP packets. ISAKMP/Oakley allows a receiver to obtain a public key and authenticate a sender using digital certificates.

IPSec supports two encryption modes: Transport and Tunnel. In Transport mode, IPSec provides host-to-host security for a host running IPSec from HP or non-HP vendors. Transport mode encrypts only the data (payload) of each packet, leaving the header unencrypted. In Tunnel mode, IPSec implements tunnels to a gateway running IPSec from non-HP vendors. Tunnel mode encrypts both the header and the payload; the receiving IPSec-compliant device must decrypt each packet.