Mobile IP (Internet Protocol) enables the transfer of information to and from mobile computers, such as laptops and wireless communications. The mobile computer can change its location to a foreign network and still access and communicate with and through the mobile computer's home network. The Solaris implementation of Mobile IP supports only IPv4.
Current versions of the Internet Protocol (IP) assume that the point at which a computer attaches to the Internet or a network is fixed and its IP address identifies the network to which it is attached. Datagrams are sent to a computer based on the location information contained in the IP address.
The Mobile IP protocol allows for location-independent routing of IP datagrams on the Internet. Each mobile node is identified by its home address disregarding its current location in the Internet. While away from its home network, a mobile node is associated with a care-of address which identifies its current location and its home address is associated with the local endpoint of a tunnel to its home agent. Mobile IP specifies how a mobile node registers with its home agent and how the home agent routes datagrams to the mobile node through the tunnel....
Mobile IP introduces the following new functional entities:
1. Mobile Node (MN)–Host or router that changes its point of attachment from one network to another. A mobile node is an Internet-connected device whose location and point of attachment to the Internet may frequently be changed. This kind of nodeis often a cellular telephone or handheld or laptop computer, although a mobile node can also be a router.
· Home Agent (HA)–Router on a mobile node's home network that intercepts datagrams destined for the mobile node, and delivers them through the care-of address. The home agent also maintains current location information for the mobile node.
In Mobile Internet Protocol (Mobile IP), a home agent is a router on a mobile node's home network that maintains information about the device's current location, as identified in its care-of address.
· Foreign Agent (FA)–Router on a mobile node's visited network that provides routing services to the mobile node while the mobile node is registered.
In Mobile Internet Protocol (Mobile IP), a foreign agent is a router serving as a mobility agent for a mobile node.
1. Used in Internet routing, a care-of address (usually referred to as CoA) is a temporary IP address for a mobile device. This allows a home agent to forward messages to the mobile device.
This section explains how Mobile IP works. The Mobile IP process has three main phases, which are discussed in the following sections.
• Agent Discovery A Mobile Node discovers its Foreign and Home Agents during agent discovery.
• Registration The Mobile Node registers its current location with the Foreign Agent and Home Agent during registration.
• Tunneling A reciprocal tunnel is set up by the Home Agent to the care-of address (current location of the Mobile Node on the foreign network) to route packets to the Mobile Node as it roams.
Agent Discovery During the agent discovery phase, the Home Agent and Foreign Agent advertise their services on the network by using the ICMP Router Discovery Protocol (IRDP). The Mobile Node listens to these advertisements to determine if it is connected to its home network or foreign network. The IRDP advertisements carry Mobile IP extensions that specify whether an agent is a Home Agent, Foreign Agent, or both; its care-of address; the types of services it will provide such as reverse tunneling and generic routing encapsulation (GRE); and the allowed registration lifetime or roaming period for visiting Mobile Nodes. Rather than waiting for agent advertisements, a Mobile Node can send out an agent solicitation. This solicitation forces any agents on the link to immediately send an agent advertisement. If a Mobile Node determines that it is connected to a foreign network, it acquires a care-of address. Two types of care-of addresses exist: • Care-of address acquired from a Foreign Agent • Colocated care-of address A Foreign Agent care-of address is an IP address of a Foreign Agent that has an interface on the foreign network being visited by a Mobile Node. A Mobile Node that acquires this type of care-of address can share the address with other Mobile Nodes. A colocated care-of address is an IP address temporarily assigned to the interface of the Mobile Node itself. A colocated care-of address represents the current position of the Mobile Node on the foreign network and can be used by only one Mobile Node at a time. When the Mobile Node hears a Foreign Agent advertisement and detects that it has moved outside of its home network, it begins registration.
Registration The Mobile Node is configured with the IP address and mobility security association (which includes the shared key) of its Home Agent. In addition, the Mobile Node is configured with either its home IP address, or another user identifier, such as a Network Access Identifier. The Mobile Node uses this information along with the information that it learns from the Foreign Agent advertisements to form a Mobile IP registration request. It adds the registration request to its pending list and sends the registration request to its Home Agent either through the Foreign Agent or directly if it is using a colocated care-of address and is not required to register through the Foreign Agent. If the registration request is sent through the Foreign Agent, the Foreign Agent checks the validity of the registration request, which includes checking that the requested lifetime does not exceed its limitations, the requested tunnel encapsulation is available, and that reverse tunnel is supported. If the registration request is valid, the Foreign Agent adds the visiting Mobile Node to its pending list before relaying the request to the Home Agent. If the registration request is not valid, the Foreign Agent sends a registration reply with appropriate error code to the Mobile Node. The Home Agent checks the validity of the registration request, which includes authentication of the Mobile Node. If the registration request is valid, the Home Agent creates a mobility binding (an association of the Mobile Node with its care-of address), a tunnel to the care-of address, and a routing entry for forwarding packets to the home address through the tunnel. The Home Agent then sends a registration reply to the Mobile Node through the Foreign Agent (if the registration request was received via the Foreign Agent) or directly to the Mobile Node. If the registration request is not valid, the Home Agent rejects the request by sending a registration reply with an appropriate error code. The Foreign Agent checks the validity of the registration reply, including ensuring that an associated registration request exists in its pending list. If the registration reply is valid, the Foreign Agent adds the Mobile Node to its visitor list, establishes a tunnel to the Home Agent, and creates a routing entry for forwarding packets to the home address. It then relays the registration reply to the Mobile Node. Finally, the Mobile Node checks the validity of the registration reply, which includes ensuring an associated request is in its pending list as well as proper authentication of the Home Agent. If the registration reply is not valid, the Mobile Node discards the reply. If a valid registration reply specifies that the registration is accepted, the Mobile Node is confirmed that the mobility agents are aware of its roaming. In the colocated care-of address case, it adds a tunnel to the Home Agent. Subsequently, it sends all packets to the Foreign Agent. The Mobile Node reregisters before its registration lifetime expires. The Home Agent and Foreign Agent update their mobility binding and visitor entry, respectively, during reregistration. In the case where the registration is denied, the Mobile Node makes the necessary adjustments and attempts to register again. For example, if the registration is denied because of time mismatch and the Home Agent sends back its time stamp for synchronization, the Mobile Node adjusts the time stamp in future registration requests. Thus, a successful Mobile IP registration sets up the routing mechanism for transporting packets to and from the mobile node it roams.
Tunneling The Mobile Node sends packets using its home IP address, effectively maintaining the appearance that it is always on its home network. Even while the Mobile Node is roaming on foreign networks, its movements are transparent to correspondent nodes. How Mobile IP Works 5 Data packets addressed to the Mobile Node are routed to its home network, where the Home Agent now intercepts and tunnels them to the care-of address toward the Mobile Node. Tunneling has two primary functions: encapsulation of the data packet to reach the tunnel endpoint, and decapsulation when the packet is delivered at that endpoint. The default tunnel mode is IP Encapsulation within IP Encapsulation. Optionally, GRE and minimal encapsulation within IP may be used. Typically, the Mobile Node sends packets to the Foreign Agent, which routes them to their final destination, the Correspondent Node
Care-ofAddresses
Mobile IP provides the following alternative modes for the acquisition of a care-of address:
· A foreign agent provides a foreign agent care-of address through its agent advertisement messages. In this case, the care-of address is an IP address of the foreign agent. The foreign agent is the endpoint of the tunnel and, on receiving tunneled datagrams, de-encapsulates them and delivers the inner datagram to the mobile node. In this mode, many mobile nodes can share the same care-of address. This sharing reduces demands on the IPv4 address space and can also save bandwidth, because the forwarded packets, from the foreign agent to the mobile node, are not encapsulated. Saving bandwidth is important on wireless links.
· A mobile node acquires a co-located care-of address as a local IP address through some external means, which the mobile node then associates with one of its own network interfaces. The address might be dynamically acquired as a temporary address by the mobile node, such as through DHCP. The address might also be owned by the mobile node as a long-term address for its use only while visiting some foreign network. When using a co-located care-of address, the mobile node serves as the endpoint of the tunnel and performs de-encapsulation of the datagrams tunneled to it.
Co-located care-of address enables a mobile node to function without a foreign agent, for example, in networks that have not yet deployed a foreign agent.
If a mobile node is using a co-located care-of address, the mobile node must be located on the link identified by the network prefix of this care-of address. Otherwise, datagrams destined to the care-of address are undeliverable.
Routing Datagrams to and From Mobile Nodes
This section describes how mobile nodes, home agents, and foreign agents cooperate to route datagrams to and from mobile nodes that are connected to a foreign network.
Encapsulation Types
Home agents and foreign agents support tunneling datagrams using one of the available encapsulation methods (IP in IP Encapsulation, Minimal Encapsulation, or Generic Routing Encapsulation). Mobile nodes that use a co-located care-of address can receive tunneled datagrams using any encapsulation type.
Unicast Datagram Routing
When registered on a foreign network, the mobile node chooses a default router using the following rules:
· If the mobile node is registered using a foreign agent care-of address, then the mobile node chooses its default router from among the router addresses advertised in the ICMP router advertisement portion of that agent advertisement message. The mobile node can also consider the IP source address of the agent advertisement as another possible choice for the IP address of a default router.
· If the mobile node is registered directly with its home agent using a co-located care-of address, then the mobile node chooses its default router from among those advertised in any ICMP router advertisement message that it receives. The chosen default router network prefix must match the mobile nodes externally obtained care-of address. If the mobile node's externally obtained care-of address matches the IP source address of the agent advertisement under the network prefix, the mobile node can also consider that IP source address as another possible choice for the IP address of a default router.
· If the mobile node is registered, a foreign agent that supports reverse tunnels routes unicast datagrams from the mobile node to the home agent through the reverse tunnel.
Broadcast Datagrams
When a home agent receives a broadcast datagram, it does not forward the datagram to any mobile nodes in its mobility binding list. However, the home agent does forward the datagram if a mobile node has requested forwarding of broadcast datagrams. For each registered mobile node, the home agent forwards received broadcast datagrams to the mobile node; the method depends on how the configuration of the home agent specifies categories of broadcast datagrams forwarded to mobile nodes. Broadcast datagrams over reverse tunnels are not supported.
Multicast Datagram Routing
To receive multicasts, a mobile node joins the multicast group in one of the following ways:
· If a multicast router exists on the visited subnet, the mobile node uses this local multicast router. If the mobile node is using a co-located care-of address, it uses this address as the source IP address of its Internet Group Management Protocol (IGMP) messages. Otherwise, it uses its home address.
· If the mobile node's home agent is a multicast router, the mobile node can join groups using a bidirectional tunnel to its home agent. The mobile node tunnels IGMP messages to its home agent. The home agent then forwards multicast datagrams down the tunnel to the mobile node.
A mobile node that sends datagrams to a multicast group also has the following options:
· Send directly on the visited network
· Send through a tunnel to its home agent
Multicast routing depends on the IP source address. Therefore, a mobile node that sends multicast datagrams directly on the visited network uses a co-located care-of address as the IP source address. Similarly, a mobile node that tunnels a multicast datagram to its home agent uses its home address as the IP source address of both the multicast datagram and the encapsulating datagram. This second option assumes that the home agent is a multicast router.
In the case of reverse tunnels, multicast datagrams are not routed through reverse tunnels. The multicast datagrams are routed as previously described.
Security Mobile IP uses a strong authentication scheme for security purposes. All registration messages between a Mobile Node and Home Agent are required to contain the Mobile-Home Authentication Extension (MHAE). The integrity of the registration messages is protected by a preshared 128-bit key between a Mobile Node and Home Agent. The keyed message digest algorithm 5 (MD5) in “prefix+suffix” mode is used to compute the authenticator value in the appended MHAE, which is mandatory. Mobile IP also supports the hash-based message authentication code (HMAC-MD5). The receiver compares the authenticator value it computes over the message with the value in the extension to verify the authenticity. Optionally, the Mobile-Foreign Authentication Extension and Foreign-Home Authentication Extension are appended to protect message exchanges between a Mobile Node and Foreign Agent and between a Foreign Agent and Home Agent, respectively. Replay protection uses the identification field in the registration messages as a timestamp and sequence number. The Home Agent returns its time stamp to synchronize the Mobile Node for registration. Cisco IOS software allows the mobility keys to be stored on an authentication, authorization, and accounting (AAA) server that can be accessed using TACACS+ or RADIUS protocols. Mobile IP in Cisco IOS software also contains registration filters, enabling companies to restrict who is allowed to register
No comments:
Post a Comment