Secure triangular routing: fast and secure mobile connections for Mobile IPv4

State of the art

Mobile IPv4 (MIPv4) is an extension to the Internet Protocol (IPv4) allowing for mobile nodes to roam among MIP enabled networks while maintaining the same IP address. MIPv4 default routing scheme is called triangular routing, but it is not compatible with the widespread egress filtering policies applied by most of the currently deployed firewalls and described as network security best practices. As a result, mobile connections use the alternative reverse tunneling routing schemes, that pays its better compatibility with lower performance.

Secure triangular routing

Secure triangular routing is a novel routing scheme able to deliver the same performance of triangular routing, while being compatible with all the traffic filtering and network security best practices. The underlying idea is to make the MIP infrastructure cooperate with the firewalls deployed in the MIP-enabled networks. Firewalling rules are dynamically modified to reflect the possible presence of authenticated mobile nodes within their boundaries, thus allowing their traffic to pass through the firewall.

The main strengths of the proposed idea are:

• compatibility with MIPv4 and with all the currently deployed network infrastructures
• compliance with egress filtering best practices
• ability to achieve the same performance of egress filtering while maintaining the same security guarantees of reverse tunneling

Viability and performance of the proposed solutions have been evaluated through a prototype realized with Open Source software.