The protocol canuse two different types of care-of addresses: a “foreign agent care-of address” is anaddress of a foreign agent with which the mobile node is registered, and a “colocat-
Trang 1CHAPTER 25
Mobile IP Protocols
CHRISTOS DOULIGERIS and THANOS VASILAKOS
Institute of Computer Science, FORTH, Heraklion, Crete, Greece
25.1 INTRODUCTION
The Internet currently offers access to a variety of information worldwide in an efficientand, through the use of web technologies, user-friendly manner It is based on the Trans-port Control/Internet Protocol (TCP/IP) protocol stack [6] which has been developed withdata communications and fixed access location points in mind The wide use of wirelesstechnologies for voice communications and the proliferation of handheld and other de-vices that can provide access to the Internet call for a new paradigm for connecting mobileusers to the Internet Such an endeavor needs to take into account the existing Internetprotocols, compatibility issues, and the requirements of mobile users
Mobile IP, as proposed by the Internet Engineering Task Force (IETF) in RFC 2002 [1]and subsequent RFCs [2], provides an efficient, scalable mechanism for node mobilitywithin the Internet Nodes may move and change their point of attachment to the Internetwithout changing their IP address This allows them to maintain transport and higher-layerconnections while moving Node mobility is realized without the need to propagate host-specific routes throughout the Internet routing fabric The mobile node uses two IP ad-dresses: a fixed home address and a care-of address that changes at each new point of at-tachment
Mobile IP is intended to solve node mobility issues over the IP layer It is just as suitablefor mobility across homogeneous media as it is for mobility across heterogeneous media.Mobile IP facilitates node movement from one Ethernet segment to another as well as han-dling node movement from an Ethernet segment to a wireless local area network (LAN) One can think of mobile IP as solving the “macro” mobility management problem It isless well suited for more “micro” mobility management applications, for example, hand-off amongst wireless transceivers, each of which covers only a very small geographic area
In this situation, link layer mechanisms for link maintenance (i.e., link layer handoff)might offer faster convergence and fewer overheads than mobile IP
Finally, it is noted that mobile nodes are assigned (home) IP addresses largely the sameway in which stationary hosts are assigned long-term IP addresses; namely, by the author-ity that owns them Properly applied, mobile IP allows mobile nodes to communicate us-ing only their home address, regardless of their current location Mobile IP, therefore,
529
Copyright © 2002 John Wiley & Sons, Inc ISBNs: 0-471-41902-8 (Paper); 0-471-22456-1 (Electronic)
Trang 2makes no attempt to solve the problems related to local or global addressing (IP address,renumbering etc)
In brief, mobile IP routing works as follows Packets destined to a mobile node arerouted first to their home network—a network identified by the network prefix of the mo-bile node’s (permanent) home address At the home network, the mobile node’s homeagent intercepts such packets and tunnels them to the mobile node’s most recently report-
ed care-of address At the endpoint of the tunnel, the inner packets are decapsulated anddelivered to the mobile node In the reverse direction, packets sourced by mobile nodesare routed to their destination using standard IP routing mechanisms
The mobile IP protocol defines the following:
앫 An authenticated registration procedure by which a mobile node informs its homeagent(s) of its care-of address(es)
앫 An extension to Internet Control Message Protocol (ICMP) Router Discovery [9],which allows mobile nodes to discover prospective home agents and foreign agents
앫 The rules for routing packets to and from mobile nodes, including the specification
of one mandatory tunneling mechanism [4] and several optional tunneling nisms [7, 2]
mecha-This chapter will present the mobile IP standard as well as current efforts within the IETF
to provide connectivity in the future wireless world In the next section, an introduction tothe requirements and constraints imposed by IP in a mobile environment are presented, aswell as necessary functions a mobile protocol should perform and principles it should ad-here to Section 25.3 presents in detail the mobile IP protocol as defined in RFC2002 andits revisions The following sections present issues that the mobile IP community faces re-garding route optimization, transferring to an Ipv6 environment, organization of databas-
es, and security
25.2 MOBILITY REQUIREMENTS AND CONSTRAINTS
IN AN IP ENVIRONMENT
IP Version 4, which is the current, most implemented version of IP, assumes that a node’s
IP address uniquely identifies the node’s point of attachment to the Internet A node must
be located on the network indicated by its IP address in order to receive datagrams tined for it; otherwise, datagrams destined to the node would be undeliverable If a nodechanges its point of attachment, in order not to lose its ability to communicate, one of thetwo following mechanisms must typically be employed:
des-1 The node must change its IP address whenever it changes its point of attachment
2 Host-specific routes must be propagated throughout much of the Internet
The first alternative makes it impossible for a node to maintain transport and layer connections when the node changes location The second does not scale very well
Trang 3higher-A mobile node must be able to communicate with other nodes after changing its linklayer point of attachment to the Internet, yet without changing its IP address A mobilenode must be able to communicate with other nodes that do not implement these mobilityfunctions No protocol enhancements are required in hosts or architectural entities Allmessages used to update another node as to the location of a mobile node must be authen-ticated in order to protect against remote redirection attacks.
Wireless links have substantially lower bandwidth and higher error rates than
tradition-al wired networks Minimizing power consumption is important for battery powered bile nodes Therefore, signaling and processing should be minimized Integration of mo-bility with IP should also place no additional constraints on the assignment of IPaddresses The companies or organizations that own the mobile nodes should assign IP ad-dresses
mo-25.3 MOBILE IP PROTOCOL OVERVIEW
25.3.1 Mobile IP New Architectural Entities
Mobile IP introduces three new functional entities:
1 Mobile Node A host or router that changes its point of attachment from one
net-work or subnetnet-work to another A mobile node may change its location withoutchanging its IP address; it may continue to communicate with other Internet nodes
at any location using its (constant) IP address, assuming link layer connectivity to apoint of attachment is available
2 Home Agent A router on a mobile node’s home network that tunnels datagrams for
delivery to the mobile node when it is away from home, and maintains current tion information for the mobile node
loca-3 Foreign Agent A router on a mobile node’s visited network that provides routing
services to the mobile node while registered The foreign agent detunnels and ers datagrams to the mobile node that were tunneled by the mobile node’s homeagent For datagrams sent by a mobile node, the foreign agent may serve as a de-fault router for registered mobile nodes
deliv-A mobile node is given a long-term IP address on a home network This home address
is administered in the same way that a “permanent” IP address is provided to a stationaryhost When away from its home network, a “care-of address” is associated with the mobilenode that reflects the mobile node’s current point of attachment The mobile node uses itshome address as the source address of all IP datagrams that it sends and for datagramssent for certain mobility management functions
The following terminology is used in the mobile IP documents
Agent Advertisement An advertisement message constructed by attaching a special
Ex-tension to a router advertisement message
Trang 4Care-of Address The termination point of a tunnel toward a mobile node, for
data-grams forwarded to the mobile node while it is away from home The protocol canuse two different types of care-of addresses: a “foreign agent care-of address” is anaddress of a foreign agent with which the mobile node is registered, and a “colocat-
ed care-of address” is an externally obtained local address that the mobile node hasassociated with one of its own network interfaces
Correspondent Node A peer with which a mobile node is communicating A
corre-spondent node may be either mobile or stationary
Foreign Network Any network other than the mobile node’s home network.
Home Address An IP address that is assigned for an extended period of time to a
mo-bile node It remains unchanged regardless of where the node is attached to the ternet
In-Home Network A network, possibly virtual, having a network prefix matching that of a
mobile node’s home address Note that standard IP routing mechanisms will deliverdatagrams destined to a mobile node’s home address to the mobile node’s home net-work
Link Layer Address The address used to identify an endpoint of some communication
over a physical link A facility or medium over which nodes can communicate at thelink layer
Link Typically, the link layer address is an interface’s media access control (MAC)
ad-dress
Mobility Agent Either a home agent or a foreign agent.
Mobility Binding The association of a home address with a care-of address, along with
the remaining lifetime of that association
Mobility Security Association A collection of security contexts between a pair of nodes
that may be applied to mobile IP protocol messages exchanged between them Eachcontext indicates an authentication algorithm and mode, a secret (a shared key orappropriate public/private key pair), and the style of replay protection in use
Node A host or a router.
Nonce A randomly chosen value, different from previous choices, inserted in a
mes-sage to protect against replays
Security Parameter Index (SPI) An index identifying a security context between a pair
of nodes among the contexts available in the Mobility Security Association SPI ues 0 through 255 are reserved and must not be used in any Mobility Security Asso-ciation function
val-Tunnel The path followed by a datagram while it is encapsulated It is routed to a
knowledgeable decapsulating agent, which decapsulates the datagram and then rectly delivers it to its ultimate destination
cor-Virtual Network A network with no physical instantiation beyond a router (with a
physical network interface on another network) The router (e.g., a home agent) erally advertises reachability to the virtual network using conventional routing pro-tocols
Trang 5gen-Visited Network A network other than a mobile node’s home network, to which the
mo-bile node is currently connected
Visitor List The list of mobile nodes visiting a foreign agent.
25.3.2 Operation of Mobile IP
Mobile IP provides two basic functions: agent discovery and registration During agentdiscovery, home agents and foreign agents may advertise their availability on each linkfor which they provide service A newly arrived mobile node can send a solicitation onthe link to learn if any prospective agents are present When the mobile node is awayfrom home, it registers its care-of address with its home agent during the registrationphase Depending on its method of attachment, the mobile node will register either di-rectly with its home agent, or through a foreign agent that forwards the registration tothe home agent
The following steps provide a rough outline of operation of the mobile IP protocol [1]:
앫 Mobility agents (i.e., foreign agents and home agents) advertise their presence viaagent advertisement messages A mobile node may optionally solicit an agent adver-tisement message from any locally attached mobility agents through an agent solici-tation message
앫 A mobile node receives these agent advertisements and determines whether it is onits home network or a foreign network
앫 When the mobile node detects that it is located on its home network, it operateswithout mobility services If returning to its home network from being registeredelsewhere, the mobile node deregisters with its home agent through exchange of aregistration request and registration reply message with it
앫 When a mobile node detects that it has moved to a foreign network, it obtains a
care-of address on the foreign network.The care-care-of address can either be determinedfrom a foreign agent’s advertisements (a foreign agent care-of address), or by someexternal assignment mechanism such as the dynamic configuration protocol(DHCP) [6] (a colocated care-of address)
앫 The mobile node operating away from home then registers its new care-of addresswith its home agent through exchange of a registration request and registration replymessage with it, possibly via a foreign agent
앫 Datagrams sent to the mobile node’s home address are intercepted by its homeagent, tunneled by the home agent to the mobile node’s care-of address, received atthe tunnel endpoint (either at a foreign agent or at the mobile node itself), and final-
ly delivered to the mobile node
앫 In the reverse direction, datagrams sent by the mobile node are generally routingmechanisms, not necessarily passing through the home agent
When away from home, mobile IP uses protocol tunneling to hide a mobile node’shome address from intervening routers between its home network and its current location
Trang 6The tunnel terminates at the mobile node’s care-of address The care-of address must be anaddress to which datagrams can be delivered via conventional IP routing At the care-ofaddress, the original datagram is removed from the tunnel and delivered to the mobilenode.
Mobile IP provides two alternative modes for the acquisition of a care-of address:
앫 A “foreign agent care-of address” is a care-of address provided by a foreign agentthrough its agent advertisement messages In this case, the care-of address is an IPaddress of the foreign agent
앫 A “colocated care-of address” is a care-of address acquired by the mobile node as alocal IP address through some external network interfaces
The mode of using a colocated care-of address has the advantage that it allows a mobilenode to function without a foreign agent, for example, in networks that have not yet de-ployed a foreign agent It does, however, place additional burden on the IPv4 addressspace because it requires a pool of addresses within the foreign network to be made avail-able to visiting mobile nodes It is difficult to efficiently maintain pools of addresses foreach subnet that may permit mobile nodes to visit
Figure 25.1 illustrates the routing of datagrams to be registered with the home agent Inthe figure, the mobile node is using a foreign agent care-of address In Step 1, a datagram
to a mobile node arrives on the home network via standard IP routing In Step 2, the gram is intercepted by home agent and is tunneled to the care-of address In Step 3, thedatagram is detunneled and delivered to the mobile node In Step 4, for datagrams sent bythe mobile node, standard IP routing delivers each of them to its destination Note that theforeign agent is the mobile node’s default router
data-Figure 25.1 Transmission of messages in a mobile IP environment
Trang 70 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
Type indicates the particular type of extension.
Length indicates the length (in bytes) of the data field within this extension The length
does not include the type and length bytes
Data indicates the particular data associated with this extension This field may be zero
or more bytes in length The type and length fields determine the format and length
of the data field
The total length of the IP datagram indicates the end of the list of extensions
Two separately maintained sets of numbering spaces, from which extension type valuesare allocated, are used in mobile IP:
The first set consists of those extensions that may appear only in mobile IP controlmessages Currently, the following types are defined for extensions appearing in mobile
IP control messages:
The second set consists of those extensions that may appear only in ICMP router covery messages [4] Currently, mobile IP defines the following types for extensions ap-pearing in ICMP router discovery messages:
32 Mobile Home Authentication
33 Mobile Foreign Authentication
34 Foreign Home Authentication
0 One-byte Padding (encoded with no length nor data field)
16 Mobility Agent Advertisement
19 Prefix Lengths
Trang 825.3.4 Agent Discovery
Agent discovery is the method by which a mobile node determines whether it is currentlyconnected to its home network or to a foreign network, and by which a mobile node candetect when it has moved from one network to another When connected to a foreign net-work, the methods specified in this section also allow the mobile node to determine theforeign agent care-of address being offered by each foreign agent on that network.Mobile IP extends ICMP router discovery [4] as its primary mechanism for agent dis-covery Including a mobility agent advertisement extension in an ICMP router advertise-ment message forms an agent advertisement An agent solicitation message is identical to
an ICMP router solicitation [with IP time-to-live (TTL) set to 1] Agent advertisement andagent solicitation may not be necessary for link layers that already provide this functional-ity
25.3.4.1 Agent Advertisement
To advertise its services on a link, a mobility agent transmits agent advertisements bile nodes use these advertisements to determine their current point of attachment to theInternet An agent advertisement is an ICMP router advertisement that has been extended
Mo-to also carry a mobility agent and, optionally, a prefix length extension, one-byte paddingextension, or other extensions that might be defined in the future
Within an agent advertisement message, ICMP router advertisement fields of the sage are required to conform to the following additional specifications:
mes-Link Layer Fields
Destination Address The link layer destination address of a unicast agent
advertise-ment must be the same as the source link layer address of the agent solicitation thatprompted the advertisement
IP Fields
TTL The TTL for all agent advertisements must be set to 1.
Destination Address As specified for ICMP router discovery [4], the IP destination
ad-dress of an agent advertisement must be either the “all systems on this link” cast address (224.0.0.1) [5] or the “limited broadcast” address (255.255.255.255).The subnet-directed broadcast address of the form <prefix>.<-1> cannot be usedsince mobile nodes will not generally know the prefix of the foreign network
multi-ICMP Fields
Code The Code field of the agent advertisement is interpreted as follows:
0 = The mobility agent handles common traffic, that is, it acts as a router for IP
datagrams not necessarily related to mobile nodes
16 = The mobility agent does not route common traffic However, all foreign
agents must (minimally) forward to a default router any datagrams receivedfrom a registered mobile node
Lifetime The maximum length of time that the advertisement is considered valid in the
absence of further advertisements
Trang 9Router Address(es) Addresses that may appear in this portion of the agent
advertise-ment
Num Addrs The number of router addresses advertised in this message Note that in an
agent advertisement message, the number of router addresses specified in the ICMProuter advertisement portion of the message may be set to 0
The protocol also specifies the periodicity of the transmission of these messages Ahome agent must always be prepared to serve the mobile nodes for which it is the homeagent When a foreign agent wishes to require registration even from those mobile nodesthat have acquired a colocated care-of address, it sets a special bit, the “R” bit, to one
An agent solicitation is identical to an ICMP router solicitation (with the IP TTL fieldset to 1)
Foreign Agent and Home Agent Considerations
Any mobility agent that cannot be discovered by a link layer protocol must send agent vertisements An agent, which can be discovered by a link layer protocol, should also im-plement agent advertisements However, the advertisements need not be sent, except whenthe site policy requires registration with the agent, or as a response to a specific agent so-licitation All mobility agents should respond to agent solicitations If the home network isnot a virtual network, then the home agent for any mobile node should be located on thelink identified by the mobile node’s home address, and agent advertisement messages sent
ad-by the home agent on this link must have the “H” bit set In this way, mobile nodes on theirown home network will be able to determine that they are indeed at home
If the home network is a virtual network, mobile nodes are always treated as beingaway from home
Mobile Node Considerations
Every mobile node must implement agent solicitation Solicitations should only be sent inthe absence of agent advertisements and when a care-of address has not been determinedthrough a link-layer protocol or other means The mobile node uses the same procedures,defaults, and constants for agent solicitation as specified for ICMP router solicitationmessages [4], except that the mobile node may solicit more often than once every threeseconds, and a mobile node that is currently not connected to any foreign agent may solic-
it more times than a specified maximum number The mobile node must limit the rate atwhich a mobile node sends solicitations
A mobile node can detect that it has returned to its home network when it receives anagent advertisement from its own home agent If so, it should deregister with its homeagent
25.3.5 Registration
Mobile IP registration provides a flexible mechanism for mobile nodes to communicatetheir current reachability information to their home agent It is the method by which mo-bile nodes request forwarding services when visiting a foreign network, inform their home
Trang 10agent of their current care-of address, renew a registration that is due to expire, and/orderegister when they return home.
Registration messages exchange information between a mobile node (optionally), aforeign agent, and the home agent Registration creates or modifies a mobility binding atthe home agent, associating the mobile node’s home address with its care-of address forthe specified lifetime
Several other (optional) capabilities are available through the registration procedure;these enable a mobile node to: maintain multiple simultaneous registrations, deregisterspecific care-of addresses while retaining other mobility bindings, and discover the ad-dress of a home agent if the mobile node is not configured with this information
25.3.5.1 Registration Overview
Mobile IP defines two different registration procedures, one via a foreign agent that relaysthe registration to the mobile node’s home agent, and one directly with the mobile node’shome agent The following rules determine which of these two registration procedures touse in any particular circumstance
앫 If a mobile node is registering a foreign agent care-of address, the mobile node mustregister via that foreign agent
앫 If a mobile node is using a colocated care-of address, and receives an agent tisement from a foreign agent on the link on which it is using this care-of address,the mobile node should register via that foreign agent (or via another foreign agent
adver-on this link) if the “R” bit is set in the received agent advertisement message
앫 If a mobile node is otherwise using a colocated care-of address, the mobile nodemust register directly with its home agent
앫 If a mobile node has returned to its home network and is (de)registering with itshome agent, the mobile node must register directly with its home agent
Both registration procedures involve the exchange of registration request and tion reply messages When registering via a foreign agent, the registration procedure re-quires the following four messages:
registra-앫 The mobile node sends a registration request to the prospective foreign agent to gin the registration process
be-앫 The foreign agent processes the registration request and then relays it to the homeagent
앫 The home agent sends a registration reply to the foreign agent to grant or deny therequest
앫 The foreign agent processes the registration reply and then relays it to the mobilenode
When the mobile node instead registers directly with its home agent, the registrationprocedure requires only the following two messages:
Trang 11앫 The mobile node sends a registration request to the home agent.
앫 The home agent sends a registration reply to the mobile node, granting or denyingthe request
25.3.5.2 Authentication
Each mobile node, foreign agent, and home agent must be able to support a mobility rity association for mobile entities, indexed by their SPI and IP address Registration mes-sages between a mobile node and its home agent must be authenticated with the mobilehome authentication extension This extension immediately follows all nonauthenticationextensions, except those foreign agent-specific extensions that may be added to the mes-sage after the mobile node computes the authentication
secu-25.3.5.3 Registration Request
A mobile node registers with its home agent using a registration request message so thatits home agent can create or modify a mobility binding for that mobile node (e.g., with anew lifetime) The request may be relayed to the home agent by the foreign agent throughwhich the mobile node is registering, or it may be sent directly to the home agent in thecase in which the mobile node is registering a colocated care-of address
25.3.5.4 Registration Reply
A mobility agent returns a registration reply message to a mobile node that has sent a istration request message If the mobile node is requesting a service from a foreign agent,that foreign agent will receive the reply from the home agent and subsequently relay it tothe mobile node The reply message contains the necessary codes to inform the mobilenode about the status of its request, along with the lifetime granted by the home agent,which may be smaller than the original request
reg-25.3.5.5 Mobile Node Considerations
A mobile node must be configured with its home address, a netmask, and a mobility rity association for each home agent In addition, a mobile node may be configured withthe IP address of one or more of its home agents; otherwise, the mobile node may discov-
secu-er a home agent using specific procedures
For each pending registration, the mobile node maintains the following information:
앫 The link layer address of the foreign agent to which the registration request wassent, if applicable
앫 The IP destination address of the registration request
앫 The care-of address used in the registration
앫 The identification value sent in the registration
앫 The originally requested lifetime
앫 The remaining lifetime of the pending registration
Trang 1225.3.5.6 Foreign Agent Considerations
The foreign agent plays a mostly passive role in mobile IP registration It relays tion requests between mobile nodes and home agents, and, when it provides the care-ofaddress, decapsulates datagrams for delivery to the mobile node It should also send peri-odic agent advertisement messages to advertise its presence, if not detectable by link layermeans
registra-A foreign agent must not transmit a registration request except when relaying a tration request received from a mobile node to the mobile node’s home agent A foreignagent must not transmit a registration reply except when relaying a registration reply re-ceived from a mobile node’s home agent, or when replying to a registration request re-ceived from a mobile node in the case in which the foreign agent is denying service to themobile node In particular, a foreign agent must not generate a registration request or replybecause a mobile node’s registration lifetime has expired A foreign agent also must notoriginate a registration request message that asks for deregistration of a mobile node;however, it must relay valid (de)registration requests originated by a mobile node.Each foreign agent must be configured with a care-of address In addition, for eachpending or current registration, the foreign agent must maintain a visitor list entry con-taining the following information obtained from the mobile node’s registration request:
regis-앫 The link layer source address of the mobile node
앫 The IP source address (the mobile node’s home address)
앫 The IP destination address
앫 The UDP source port
앫 The home agent address
앫 The identification field
앫 The requested registration lifetime
앫 The remaining lifetime of the pending or current registration
25.3.5.7 Home Agent Considerations
Home agents play a reactive role in the registration process The home agent receives istration requests from the mobile node (perhaps relayed by a foreign agent), updates itsrecord of the mobility bindings for this mobile node, and issues a suitable registration re-ply in response to each
reg-A home agent must not transmit a registration reply except when replying to a tion request received from a mobile node In particular, the home agent must not generate
registra-a registrregistra-ation reply to indicregistra-ate thregistra-at the lifetime hregistra-as expired
25.3.6 Routing Considerations
This section describes how mobile nodes, home agents, and (possibly) foreign agents operate to route datagrams to/from mobile nodes that are connected to a foreign net-work The mobile node informs its home agent of its current location using the registra-tion procedure described in the previous sections Home agents and foreign agents must