Mobile Ip Cisco

Mobile Networking
Technology
The benefit of Mobile IP
“
“Mobile IP provides an IP node the ability to
retain the same IP address and maintain
uninterrupted network and application
connectivity while traveling across
networks ”
”
Which Applications
The objective
Maintaining continuous IP connectivity while crossing

network boundaries, e.g. subnets or between
networks
Gateway A
171.68.0.0 Host B
Internet Gateway C
140.31.0.0
Mobile Router
171.68.69.0
171.68.70.0 Mobile Router
171.68.69.0
171.68.70.0
The Possibilities
Many Networks Roaming
Mobile Routers
Internet
IETF Proposed Standard
 Approved by the Internet Engineering Steering Group (IESG) in June

1996; published proposed standard in
Nov. 1996
 Mobile IP is an IETF proposed standard solution for mobility at Layer
3 IP
 RFC2002/3220 - Mobile IP
 RFC2003 and RFC2004 - Tunnel encapsulation
 RFC2005 - Mobile IP applicability
 RFC2006 - Mobile IP MIB
 Associated RFCs
 RFC1701 GRE – Generic Routing Encapsulation
 RFC3024 - Reverse Tunneling for Mobile IP
The Problem with Mobility
“Connect to
Where is 171.68.69.0??? 171.68.69.24”
Gateway A
?
171.68.0.0 Host B
Internet Gateway C
140.31.0.0
Mobile Router
171.68.69.0
X
171.68.69.0 SEND
171.68.70.0
• Gateway A replies to Host B with an ICMP unreachable
• Gateway C blocks router from joining network
• Routing Protocol rejects duplicate network advertisements
Mobile IP Solution
Mobility Binding Table:
MR CoA
171.68.69.0 140.31.2.1
Host B
Internet Foreign Agent
Home Agent COA 140.31.2.1
Mobile Router 171.68.60.1
171.68.69.0
171.68.69.0
171.68.70.0
• Mobile Router sends Registration Request [RRQ] to Home Agent (HA)
• Home Agent forwards packets to Mobile Router via Care of Address
[CoA]
Mobile IP
Operator Benefits
• All applications work without

modifications (unlike
application/transport layer mobility)
• Operator can control handover
policies
• Access link independent (unlike link
layer mobility)
“IETF Standard RFC 3344!”
Solution in a Nutshell
 A mobile node has a “home address” for the

end-to-end communications, but also uses a
temporary “care-of address” on access
networks for routing purpose.
 A home agent maintains a mobility binding of
home address and care-of address.
Mobile IP Network Elements
– Mobile Node (MN): Mobile IP enabled clients

identified by home address or NAI (notebooks, cell
phones, PDAs) updates CoA via registrations
– Home Agent (HA): Mobile IP enabled gateway acts
as location database for MNs
– Foreign Agent (FA): Mobile IP enabled gateway
[Optional] off-loads CPU processing of
encapsulation/decapsulation, enforces local network
administration policy, allows for billing of MNs,
conserves IP address space, reduce access link
usage
Mobile IP Key Concepts
 How does the Mobile Node find out where it is?

 Mobility Agent Advertisements—facilitates discovery of Mobility Agents
(MN may solicits on demand)

 How does the Mobile Node inform the Home Agent of its current location?
 Via Registration—updates mobility binding after successful
authentication using security association between MN and HA

 How does the Mobile Node receive packets from the Home Agent?
 Tunneling—Home agent adds IP header to direct packets to CoA, where
decapsulation occurs
Mobile IP Activities Example

MN CoA
171.68.69.24 140.31.2.1
Home Agent
171.68.69.1 Host B
Internet Foreign Agent

Host A
171.68.69.24 140.31.2.1
Host A
 MN learns about FA and registers CoA 171.68.69.24
 HA maintains MN location database and tunnels traffic to
FA
Mobile IP Terminology
CN
Internet
HA FA
 Mobile Router (MR)

 Home Agent (HA)
 Foreign Agent (FA) [1 Hop Away from MR] MR
 Care of Address (CoA) [Tunnel Endpoint]
 Correspondent Node (CN)
 Security Association (SA) [SPI/Key]
 ICMP Router Discovery Protocol (IRDP) [Advertisement]
 Registration Request (RRQ)
Step 1: Agent Discovery
Edited slide from original by
Dest Addr Src Addr Lawrence Searcy, Cisco Systems
MR Addr FA Intfc Addr

Advertisement
Includes COA
FA HA
Src Addr Dest Addr MR

MR
MR addr 224.0.0.2 1.1.1.7
1.1.1.7
Solicitation
 MR sends out advertisement request (Solicitation) to “all router”

multicast address 224.0.0.2
 FA responds with unicast advertisement to MR
Response includes Care-of Address

Options in FA advertisements
 R Registration required. Registration with this foreign
 agent (or another foreign agent on this link) is required
 even when using a co-located care-of address.
 B Busy. The foreign agent will not accept registrations

 from additional mobile nodes.
 H Home agent. This agent offers service as a home agent on

 the link on which this Agent Advertisement message is
 sent.
 F Foreign agent. This agent offers service as a foreign

 agent on the link on which this Agent Advertisement
 message is sent.
 M Minimal encapsulation. This agent implements receiving

 tunneled datagrams that use minimal encapsulation [34].
 G GRE encapsulation. This agent implements receiving

 tunneled datagrams that use GRE encapsulation [16].
 r Sent as zero; ignored on reception. SHOULD NOT be

 allocated for any other uses.
 T Foreign agent supports reverse tunneling [27].

Step 2: Registration Request
FA HA
MR Src Addr Dest Addr Src Addr Dest Addr 1.1.1.7

1.1.1.7 MR Addr FA Intfc Addr FA Intfc Addr HA Addr
Src Port Dest Port Src Port Dest Port
random 434 434 434
RRQ RRQ
Includes COA from FA Includes COA
 MR retrieves CoA from Advertisement and sends in

RRQ
 FA checks requested services and either rejects and
replies or forwards the RRQ to HA
Options in RRQ
 S Simultaneous bindings. If the 'S' bit is set, the mobile
 node is requesting that the home agent retain its prior
 mobility bindings, as described in Section 3.6.1.2.
 B Broadcast datagrams. If the 'B' bit is set, the mobile

 node requests that the home agent tunnel to it any
 broadcast datagrams that it receives on the home network,
 as described in Section 4.3.
 D Decapsulation by mobile node. If the 'D' bit is set, the

 mobile node will itself decapsulate datagrams which are
 sent to the care-of address. That is, the mobile node is
 using a co-located care-of address.
 M Minimal encapsulation. If the 'M' bit is set, the mobile

 node requests that its home agent use minimal
 encapsulation [34] for datagrams tunneled to the mobile
 node.
 G GRE encapsulation. If the 'G' bit is set, the mobile

 node requests that its home agent use GRE encapsulation
 [16] for datagrams tunneled to the mobile node.
 r Sent as zero; ignored on reception. SHOULD NOT be

 allocated for any other uses.
 T Reverse Tunneling requested; see [27].

Step 2: RRQ Reply
Dest Addr Src Addr Dest Addr Src Addr
MR Addr FA Intfc Addr FA HA Intfc Addr
Dest Port Src Port Dest Port Src Port
Orig Port 434 434 434
RRP Reply RRP Reply
FA HA
MR 1.1.1.7
1.1.1.7
Foreign Agent
• FA sees MR is Home Agent
authenticated  HA authenticates MR
 Sends RRP
• Forwards RRP to  Proxy ARPs for MR
MR  Brings up tunnel and adds host
• Brings up tunnel route
MR States
MR has five states that it can be in:

 Unknown – MR has not heard any agent advertisements and does
not know where to send registration requests (RRQs)
 Isolated – MR has heard an agent advertisement
 Pending – MR has sent an RRQ and is waiting for a registration
reply (RRP) from HA
 Registered – MR has been accepted and received the RRP from
HA, which has set up a binding table entry, tunnels, and routes for
the MR
 Home—MR is on its home network
Step 3: Routing
Correspondent
Home Host
Agent
Foreign
Agent
Mobile
Router
• Traffic is sent as usual to the home subnet

• The home agent intercepts the traffic while the Mobile
Router is registered as away
• Traffic is tunneled to the CoA of the MR and
forwarded to MR
• Traffic from the Mobile Networks can go directly to the
correspondent host = “Triangle Routing”
Mobile Network Routing – Packet
Flow
Mobile
Networks
Node on MR
Mobile Router
Foreign Agent
Internet
Mobile
Networks
appear to
Correspondent Node Edited slide from original
be here Home Agent

by Lawrence Searcy, Cisco
Systems
Flow
Mobile
Networks
Node on MR
Mobile Router
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
to be here Home Agent
Flow
Mobile
Networks
Nodes on MR
HA-MR Tunnel Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
Flow
Mobile
Networks
Node on MR
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
Mobile Network Routing – Return
Packet Flow
Mobile
Networks
Node on MR
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
Tunneling
 HA double encapsulates the packets, creating two
tunnels:
HA to FA
HA to MR
 FA strips outer header and forwards to MR

 MR strips inner header and forwards to node on
mobile network
Outer Header Inner Header

Original Packet
HA FA HA MR
100.100.100.1 30.30.30.1 100.100.100.1 65.1.1.1 <src> <dest> Data

Tunneling cont.
 HA dynamically creates tunnel(s) as MRs and Mobile
Hosts register
 Tunnels are handled as interfaces
 HA Routing Table shows Tunnels as interfaces
 So “Tunneling” involves
ENCAPSULATION
INTERFACES IN ROUTING TABLE
HA State – Routing Table
Home_Agent_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
M 110.10.11.0/24 is directly connected, Mobile0
M 110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2
M 110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel0
C 10.10.10.32/27 is directly connected, FastEthernet0/0
C 10.10.10.76/30 is directly connected, Loopback0
O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0
M 10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1
M 10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
MR Routing
 Once MR is registered, routing is disabled on

the MR’s roaming interfaces.
 When MR is home, routing is resumed on the
interfaces (bindings and tunnels are no longer

needed).
Mobile Router Timers
 Agent Solicitation-By default it is off, but if configured, keeps track of

when to send next solicitation
 Agent Advertisement-Based on IRDP lifetime. As advertisements are
received, timer is restarted. When timer expires, agent removed from
agent table.
 Registration-Keeps track of when to send registrations before the
registration lifetime expires. MR re-registers until a reply is received.
 Registration lifetime-Based on granted lifetime. As replies are
received, timer is restarted. When timer expires, there is no more
registration.
 Hold down-By default it is off, but if configured, MR waits for timer to
expire before using an agent heard on that interface.
Mobile IP
Features
Mobile Router Features
Co-located Care-of Address

Reverse tunneling
Preferred interfaces
Hold down timer
Agent solicitation
Mobile Router Features
MR redundancy
MR Asymmetric Links
MR Dynamic Networks
Identification mismatch adjustment
Sequence number detection
Co-located Care-of Address
Support
MR HA
 Care-of Address resides on Mobile Router itself
Rather than on the Foreign Agent
 Does away with the need for Foreign Agents
 Two IP-in-IP tunnels are created: HA-Co-located
address, HA-MR
HA-Co-located address tunnel is only used for routing
Tunnel “Interfaces” added in Routing table
cont.
MR HA
 Static Co-located Care-of Address support uses

the address statically configured on the roaming
interface as care-of address
 Used for fixed-IP address connections
e.g. Cellular Data Modem
Static Co-located Care-of
Address
© 2002, Cisco Systems, Inc. All rights reserved. Cisco Mobile Access Router—Module 2 -38
cont.
MR HA
 CCoA can be Static or Dynamic
 Dynamic Co-located Care-of Address support

uses DHCP or IPCP to obtain a care-of address
for the roaming interface
Reverse Tunneling
 Normally, routers route packets by looking at the

destination address only.
 A security measure against attacks (such as
spoofing), ingress filtering on a router checks the
source and destination addresses on a packet to
make sure that they are topologically correct.
 This poses a problem for Mobile IP because the
source address of a packet from a mobile node does
not belong to the network from which it emanated.
Flow
Mobile Network
Node on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here Home Agent Correspondent Node
Reverse Tunneling
 Reverse tunneling satisfies ingress filtering

 Packets from the mobile network are sent back to the HA
through the tunnel
 HA de-capsulates the packets and forwards them to their
destination through normal routing
 Thus, the received packets’ path is topologically correct
Mobile Network Routing – Reverse
Tunneling
Mobile Network
Node on MR
Roaming
Interface
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears Edited slide from original
to be here Home Agent Correspondent Node

by Lawrence Searcy, Cisco
Systems
Preferred Interfaces
 By default, the Mobile Router sends data out the active
interface with the highest bandwidth.
 If the bandwidth on multiple interfaces is equal, then the
interface with the higher IP address is preferred.
 Priority can be configured on mobile router interfaces
(default 100).
 MR prefers to register with higher priority interface.
 Uses – least-cost routing, preferential routing
Asymmetric Links
 Mobile Router can route traffic unidirectionally
over half-duplex links
 Especially for a satellite environment
 MR configured to send traffic to a downlink router
even though it hears advertisements on another
interface
 FA configured to advertise foreign-agent service
out only one interface, the uplink interface
connected to MR
Asymmetric Links
MR sends RRQ to HA
FA advertises service on via FA using its uplink
its uplink to MR’s downlink
Downlink Uplink Downlink Uplink

ADVT
RRQ
RRP
Home Agent Foreign Agent MR
Then tunnels are

RRP is sent to FA, set up between HA-FA,
which forwards it to HA-MR’s downlink
MR on its uplink. interface
Dynamic Mobile Networks
•Mobile Networks can register with Home
Agent dynamically (as opposed to static
network configuration on HA)
•Critical Vendor/Organization Specific
Extension (CVSE) is appended to the RRQ
by MR, which contains the mobile network
information
•Re-registrations do not append CVSE
cont.
•When mobile network is added/deleted,
MR immediately sends another re-
registration with CVSE
•HA processes RRQ with CVSE by
adding/deleting mobile network(s) and
creating/deleting routes to the mobile
network via MR
•If mobile network already exists HA
ignores the request
cont. 2
•FA needs to be able to process RRQs
with CVSE in order to forward them on
to HA.
•Dynamic and Static Networks can be
configured at the same time for an MR.
NOTE: CVSE is being replaced by AVSE
(standards-based) in near future
Mobile IP
in real deployments
Mobile IP and GPRS
Similarities
GGSN IP Network
SGSN
GTP
MT
HA
IP Network
FA
IPinIP/GRE/UDP
MN
Mobile IP and GPRS
Integration BSC
BTS
AP
Serving GPRS RADIUS WLAN

Support Node Server
Hotspot
(SGSN)
GPRS
Backbone
Network GTP
(IP-Based)
Internet
Gateway
GPRS
Support Node
Home Agent (GGSN) Foreign Agent function can be
added to GGSN and WLAN
Access Router, though Mobile IP
works without FA as well.
3GPP WLAN
Interworking Scenarios
 6 Scenarios identified which corresponds to incremental steps in terms of services and
operational features
1. Common billing and Customer care
  no impact on 3GPP specs as such; access to Open internet
• 3GPP system based access control and charging with access to
  UMTS/GSM authentication (based on EAP-SIM/AKA methods)
4. Access to 3GPP system PS based services (e.g. IMS, Streaming, MMS, etc.)
  bearer path to the home domain (current GPRS model)
6. Service Continuity
  L3 Mobility introduction (e.g. Mobile IP technology)
• Seamless service provision
• Access to 3GPP CS Services (no use case so far)
 UMTS R6 includes scenario 2 & 3
 UMTS R7 will consider scenario 4 (mobility)
WLAN/GPRS Seamless Mobility
Scenario 4 (Tentative)
Applications
PDG Dual-mode handsets

(FA) with L3 Mobility support
WLAN 802.11
Access
Network
Mobility
(HA)
IP Core
CMX
GPRS/UMTS
GGSN(FA)
Content SGSN
RAN
RNC
Reiterate Benefit
 Mobile IP operates at network layer, independent of
link layer access technologies, allowing migration
and coexistence of various access networks while
providing seamless mobility transparently to the user
 Proven mobility across satellite, WLAN, GPRS,
CDMA2000 1xRTT, Flash OFDM, iDEN, CDPD, etc.
Differences between Mobile
IPv4 and Mobile IPv6
 Mobile IPv6 leverages enormous IPv6 address space
 Mobile IPv6 is integrated into base IPv6 protocol
 MNv6 automatically obtain CoA after Router Advertisement
received
 No Foreign Agent in Mobile IPv6
 Registrations are protected by IPSec in Mobile IPv6
 Built in route optimization between MNv6 and CNv6
Security implications of
Mobile IP
 Access authentication independent of Mobile
IP
 PPP CHAP for dial up
 802.1x for WLAN
 Service authorization
 Mobile IP security association for registrations
QOS Implications of Mobile IP
 DSCP copy to tunnel header

 Per MN session policing
Mobile IP Scalability and
Flexibility
 Demonstrated deployment of millions of MNs
 Mobile IP used for macro-mobility and micro-
mobility
References
 Books
 MOBILE IP The Internet Unplugged, ISBN 0-13-
856246-6 James D. Solomon
 Cisco Mobile IP Web Page
• http://www.cisco.com/go/mobile_ip
 IETF Mobile IP Working Group
• http://www.ietf.org/html.charters/mobileip-charter.html
Cisco Mobile IP
Software Development
Mobile IP Portfolio
 Product portfolio consists of:

 Innovations
 Standards compliance
IOS Features
Features Releases
Home Agent and Foreign Agent

(RFC 2002, RFC 2003) 12.0(1)T
Home Agent and Foreign Agent MIBs
(RFC 2006) 12.0(1)T
Home Agent Redundancy 12.0(2)T
Cisco Enterprise Mobile IP MIBs 12.2(2)T
Home Agent Redundancy with SA Synchronization 12.1(7.1) 12.2(0.11)T
Resynchronize SA 12.1(5.6) 12.2(0.11)T
HA and FA Set/Trap MIBs 12.2(2)T
Mobile Router Redundancy
Mobile Node MIBs
(RFC 2006)
IPinIP Tunnel CEF Switching 12.2(13)T
Cisco Mobile Networks Dynamic Network
Cisco Mobile Networks Asymmetric Link
Mobile IP Generic Network Access Identfier (NAI) Support and Home Address Allocation
(RFC 2794)
Mobile IP Support for Foreign Agent Reverse Tunneling
(RFC 2344, RFC 3024)
Mobile IP RFC 3220 and RFC 3344 Compliance
HMAC-MD5 Authentication
Vendor Specific Extensions
(RFC 3025, RFC 3115)
Mobile IP Challenge/Response Extensions
(RFC 3012)
Mobile IP - NAT Detect
IOS Features
Features Releases
Mobile IP Home Agent Policy Routing 12.2(13)T

Cisco Enterprise Mobile IP MIBs (NAI and HA Redundancy) 12.2(13)T
Mobile IP - Home Agent Accounting 12.2(15)T
Cisco Mobile Networks - Static Collocated Care-of Address 12.2(15)T
Cisco Mobile Networks - Priority HA Assignment 12.2(15)T
Cisco Mobile Networks - Tunnel Templates for Multicast 12.2(15)T
Mobile IP Dynamic Security Association and Key Distribution 12.3(4)T
Mobile Networks Deployment MIB 12.3(4)T
Mobile Networks Dynamic Collocated Care-of Address 12.3(4)T
Mobile Networks Home Agent Redundancy For Dynamic Networks 12.3(4)T
MIBs for Reverse Tunnel, FA Challenge, and VSE 12.3(4)T
NAT Detect for FA COA 12.3(5.2) 12.3(5.5)T
IGMP Query Trigger 12.3(5.9) 12.3(5.9)T
Mobile IP NAT Traversal (RFC 3519) 12.3(8)T
Cisco’s IP Mobility Role
in Standards
Standards Priority
 Focus on pragmatic existing deployment
issues
 Address real world problems in Mobile IPv4 WG
 Focus on features needed to facilitate Mobile
IPv6 deployments
 Evaluate GAPs, CDMA2000 requirements
Cisco IETF drafts
Cisco Authored Drafts
WG TITLE DRAFT AUTHORS STATUS
MIP4
The Definitions of Managed Objects for IP Mobility Support using SMIv2, revised draft-ietf-mobileip-rfc2006bis-01.txt kleung
WG item
Dynamic HA Assignment Framework draft-ietf-mip4-dynamic-assignment-00.txt mkulkarn, alpesh, kleung WG item
Experimental Message, Extension and Error Codes for Mobile IPv4 draft-ietf-mip4-experimental-messages-00.txt alpesh, kleung
WG item
Mobile IPv4 NAI-based Home Address Assignment draft-paulkandasamy-mobileip-nai-based-home-address-00.txt naveenpk,
kleung
MIP6
The Mobile IPv6 MIB draft-ietf-mipv6-mib-01.txt sgundave WG item
Authentication Protocol for Mobile IPv6 draft-patel-mipv6-auth-protocol-00.txt alpesh, kleung
Network Access Identifier Option for Mobile IPv6 draft-patel-mipv6-nai-option-00.txt alpesh, kleung
Vendor/Organization Specific Mobility Options for MIPv6 draft-patel-vendor-options-00.txt alpesh
Experimental Mobility Options for MiPv6 draft-patel-experimental-options-00.txt alpesh
Mobile IPv6 Bootstrap TBD alpesh
NEMO
Base NEMO draft-ietf-nemo-base.txt pthubert WG item
NEMO MIB draft-ietf-nemo-mib.00.txt sgundave WG item
OSPF-MANET
Problem Statement for OSPF Extensions for Mobile Ad Hoc Routing draft-baker-manet-ospf-problem-statement-00.txt mchandra
WG item
Extensions to OSPF to Support Mobile Ad Hoc Networking draft-mchandra-ospf-manet-ext-00.txt mchandra WG item
Mobile IP is also about
the clients
Handover enhancements, why Mobile IP is as good a
other mobility schemes
Make before break
Clients are always connected to at least one radio

network such as 2.5 or 3G, those are the underlying
building blocks of IP Mobility
Clients can measure radio network characteristics,
especially of those other/extra radio available ( WIFI /
WIMAX / … )
 They can always perform a new Registration Request on
a new access link before having lost the previous link
 Home Agent and Client establish new association
 All routing changes updated before losing previous
association
 There is no packet loss in handover process
Mobile IP Clients
Notebook/PDA Support
Birdstep Technology Birdstep Intelligent Mobile IP Client

Cisco & Toshiba Partnership Cisco Mobile IP Client
Intel Intelligent Roaming Continuous Roaming Mobile IP Client

Lifix Systems Lifix Go! Mobile Client
ipUnplugged ipUnplugged Roaming Client
Ecutel Viatores Client
Greenpacket SONmobile
Cellphone Support
Motorola iDEN (Integrated Digital Enhanced Network) Motorola iDEN handsets Nextel is the Service Provider
Mobile IPv4 Clients
PC/Workstation
IP Operating Systems Name License Comments
4 Cisco IOS Cisco Mobile IP commercial
4 FreeBSD 2.2.2 Monarch BSD style 1998 - Rice University
4 FreeBSD 2.2.8, 4.6, 4.8, 4.9, 5.2 Secure Mobile Net BSD style 2003 - Portland State University, actively updated
4 HP-UX 11.11 HP commercial Mobile IPv4 HA/CN, Reverse Tunneling, Route Optimization and AAA support
4 Linux Dynamics GPLv2 2001 - Helsinki University of Technology, not updated

4 Linux Secgo Mobile IP commercial
4 Linux Secure Mobile Net BSD style 2003 - Portland State University, actively updated
4 Linux UoB-NOMAD SPL 2003 - based on NOMADv4
4 Linux kernel 2.2.16 MosquitoNet GPL? 2000 Stanford University
4 NetBSD 1.1 Monarch BSD style 1998 - Rice University
4 Solaris Sun Mobile IP commercial
4 Userland, (platform independent) HP Mobile IP restricted 1997
4 Windows Birdstep commercial
4 Windows EcuTel commercial
4 Windows Roamin proprietary 2000 - binary dist. for non-commercial use only
4 Windows Secgo Mobile IP commercial
4 Windows ipUnplugged commercial
4 Windows client Dynamics GPLv2 2001 - Helsinki University of Technology, not updated
4 Windows/Linux Netseal MPN commercial High availability HA(Linux), MN(Windows)
4 embedded systems Birdstep commercial
4 embedded, OS independent Treck Inc. commercial
Mobile IPv6 Clients
IP
PC/Workstation
Operating Systems Name License Comments
6 BSD? NEC MIPv6? 2001? - NEC
6 Cisco IOS Cisco Mobile IP commercial 2003? - technology preview
6 FreeBSD SFC-MIP BSD-style?2002? - SFC of WIDE
6 FreeBSD 2.2.2 with INRIA's IPv6 Monarch BSD style 1997 - Rice University, (draft -03)
6 FreeBSD 3.4 INRIA HMIPv6 BSD-style 2000
6 FreeBSD 4.9 KAME BSD-style 2004 - Stable, MIP code experimental, actively updated
6 HP-UX 11.11, 11.23 HP commercial Mobile IPv6 HA/CN, draft-24
6 Linux HMIPv6 GPL or BSD-style 2003 - Monash University, based on MIPL
6 Linux Lancaster MIPv6 Pkg ? 1998 - Lancaster University

6 Linux 2.4 TKN HMIPv6 ? 2002 - Technical University of Berlin
6 Linux 2.4.0 MIPL GPL 2003 - draft -24
6 NetBSD 1.6.1 KAME BSD-style 2004 - Stable, MIP code experimental, actively updated
6 Tru64 UNIX 5.1B HP commercial 2003 - draft -24
6 Windows Microsoft Research ? 2000 - partial MIP v6 support
6 embedded, OS independent Treck Inc. commercial
Concrete applications in Mobile SP
Mobile IP key deployment
points
Home Agent is the anchor point for MNs
Bandwidth overhead and FA relationship
Authentication process
 It is a second authentication, for mobility service
 There is still a initial link layer authentication
Preferred interfaces
 Make before break and minimal / no IP interruption
 interfacing layer 2 signal strengths
Cisco Wireless Convergence
1 Access 2 Control 3 Services
Access Networks Network Manager Agg. Off Net Services
Venue Owners Auth./ Access Control
Service / Content Billing
Billing
Authent. Content Corporate
GPRS Provider Intranet
Cisco Mobile
Exchange L2TP
GGSN
Internet Wireless
3G 802.11
GRE
ASP
IPSec
WiMAX
MPLS
VPN
IPV4
Other
WLAN IPV6
Streaming Localization
WiMAX On Net Services

Mobile Internet Edge
Next-Generation IP Infrastructure
Hosted Presence Handsets with VoIP &
All-IP Multimedia Mobile Network

CCM Applications dual-mode support &
Corp Home Visited Mobility support
AAA AAA AAA
WLAN 802.11
Access
Session control (FA) Network
(SIP) Mobility
(HA)
IP Core Visited
AAA
CMX GPRS/UMTS/
GGSN(FA)/ CDMA
PDSN SGSN
RAN
V
RNC
Enterprises PSTN Gateway PLMN

MSC/VLR
MSC/VLR
Unified IP-based infrastructure allows for uniform delivery of services

across consumer, enterprise and carrier domain
Cisco & Mobile IP
 Market Leaders
 Early Field Trial since 1997, General Availability January 1999
 Home Agent Redundancy
 Largest mobile implementation of MoIP worldwide - Nextel
 Mobile IPv4 RFC Compliant

 2002, 2003, 2005, 2006, 2794, 3012, 3220, 3344, 3519, 3543 compliant
 Applications
 Foreign Agent, Home Agent, Proxy Mobile Node, Mobile Router
 Platforms Support
 2600 through 7200, Cat5K RSM, Cat6K MSFC, 7600
 Cisco IOS
 Tightly integrated with Cisco IOS functionality
GGSN Mobile IP support
 Mobile IP proxy Foreign Agent

 On PDP context activation GGSN will perform:
 AAA req to authenticate and get the HA credentials (IP address,

security keys)
 MIP RegistrationReq to the HA
 PDP Address can be allocated by HA
 GTPv0 and GTPv1 support
 Transparent to the MS (no Mobile IP support in the MS)
 GGSN 5.0 feature
 Full FA functionality on the roadmap

HA – Cisco IOS
Basis and Resources
 HA products leverage high proportion of IOS code
base to enable advanced IP network services
 Current features under use today in HA from IOS
include MoIP, IPSec, Routing Protocols (e.g. OSPF,
RIP, BGP, EIGRP), HSRP, ODAP, VRF, QoS
 HA runs on established platforms (7200, 6500,
7600) and can leverage the service blades and
functionality of the platforms
6500/7600 Product Family
Performance & Scalability Redundancy
• 32Gbps (No fabric) • Redundant Supervisors

• 256 Gbps Fabric Module • Redundant load sharing power supplies
• 30-210+ Mpps Layer 2/3/4 • Redundant System Clocks
• 30-210+ Mpps QoS, ACLs • Redundant Uplinks
• 178 GE Ports • Redundant Switch fabrics
• 576 10/100 Ports • All system elements including ps, fans,
6500
• 2 Gigabit Uplinks (Sup2) sups, line-card modules, and switch fabrics
• 32k Security ACLs (hardware) are hot-swappable
Configurations
• 6500 Family : 03/06/09/13 slots
• 7600 Family : 03/06/09/13 slots
7600 Supervisor Engine 2 (SUP2) – MSFC2

MWAM Product Overview
• Multiprocessor WAN Application Module
• Hardware design based on existing modules, e.g.
Firewall Module
• Vehicle for delivery of IOS based features; IOS
application runs on the daughter card
• 5 processors per MWAM utilized, 5 instances of HA or
PDSN
• All Mobile Wireless Applications use same Underlying
Hardware - SSG, GGSN, PDSN, HA
• Management : Mobile Wireless Center (MWC)
6509NEBs/7609 HA
Sample Configuration*
• Supervisor Modules (SUP2)
– Central Switching and management
function
– Runs separate IOS
– Second SUP2 can be configured for
redundancy
• MWAM
– HA application
– Up to 6 MWAMs per chassis**
• IPSec VPN Services Module

– IPSec Acceleration
• I/O Modules:
– 100BaseT (Fast Ethernet)
– 1000BaseT (Gigabit Ethernet)
*This is a sample configuration for xx09 only.

** 6513/7613 chassis can have up to 10 MWAMs.
65xx/76xx Flexibility
 Licensing is flexible to allow easy growth
 Can be licensed per MWAM
 Can be licensed per processor
 True for HA, CSG, SSG
 Same chassis can be utilized for multiple CMX components

 Cost savings on h/w
 Easy growth and expansion as add services; example:

 Simple IP services with VPN required for initial deployment.
 Mobile IP Services added. MWAM for HA added to same chassis.
 Additional content billing capabilities desired. CSG added to same chassis.
Cisco HA Features &
Compliance
 Standards-based product ensures successful interoperation with other
vendors.
 Basic features provide robust HA
 HA redundancy: No impact to user.
 HA load balancing: One IP address presented to FA.
 WLAN interworking: Seamless roaming.
 Premium features further enhance the HA

 VRF: Supports overlapping IP addresses.
 Hotlining: Supports IP packet redirection
 QoS: Downstream per session QoS. Aggregate QoS on interfaces.

Mobile Wireless Home Agent
(HA) Roadmap
HA R1.2 FCS HA R2.0 EC HA R3.0 NC
HA Rx.0 NC
(7206VXR/76xx/65xx) (7206VXR/76xx/65xx) (7206VXR/76xx/65xx) EFT –
EFT – 15 May ’02 / 18 Nov ‘02 EFT – 15 Jan ‘04 EFT – Q1 CY05 FCS –
FCS – 16 Sept ’02 / 30 Dec ’02 FCS – 30 Apr ’04 FCS – Q2 CY05
HA Key Features: 76xx/65xx Key Platform Features : 76xx/65xx Key Platform Features : PDSN/HA Key Features:
Firewall & IDS Module Support Sup720 Capacity/Performance Improvements
Proxy MoIP
HA Redundancy (1:1) Broadcast/Multicast
HA Binding Update HA Key Features: Standards Compliance
7206 Key Platform Features :
HA Accounting NPE-G1 with 1GB DRAM Capacity/Performance Improvements Continuous MIB Enhancement
3DES Encryption Support SA-VAM2 Mobile IPv6 Diameter
MoIP MIB Enhancements IP Reachability per 835B (DNS update by PSD
HA)
HA Key Features : HA Accounting per 835C
HA Load Balancer (HA-SLB) (MWAM Continuous MIB Enhancement
Dynamic IPSec per 835B NOTE: PRICING TBD.
Solution Notes: only)
Standards Compliance
Features consistent on all platforms HA Redundancy Enhancements
ODAP
3DES Encryption Support (h/w Static IPSec per 835B
required) Resource Revocation per 835C
Packet of Disconnect (PoD) per 835C Solution Notes:
Conditional Debugs for MoIP L2TPv3
VRF (overlapping IP addresses) MPLS
Hotlining MWAM – Sibyte with 1GHz Processor and
(rebuild) QoS 1G of memory
Solution Notes:
NOTE: Pricing Available SSHv2 NOTE: PRICING TBD.
WLAN Interworking
NOTE: Pricing Available
Sep Oct Nov Dec Jan Feb Mar Apr May Jun CQ03 CQ04 CQ01 CQ02 CQ03 CQ04
2002 2002 2002 2002 2003 2003 2003 2003 2003 2003 2003 2003 2004 2004 2004 2004
GA = Generally Available FCS = First Customer Ship EFT = Early Field Trials EC = Execute Committed CC = Concept Committed NC = Not Committed
Note: There is an associated cost for each release. Some features may have additional cost in addition to the base.
R1.2 HA Feature Highlights
 HA Redundancy
 HA Binding Update
 Wireless LAN Interworking
 Feature set is the same on 7206VXR and
6500/7600.
Home Agent Redundancy
HA 1
1.1.1.3
10.31.1.1
FA
1.1.1.7
HA 2
MN COA
1.1.1.8 1.1.1.3 10.31.1.1
10.31.2.1
1.1.1.7 10.31.1.1
1.1.1.8 10.31.2.1
HSRP Group 1.1.1.5 10.31.3.1
• Two HAs are configured in hot-standby mode, based on Cisco Hot

Standby Routing Protocol (HSRP)
• Configured to provide 1:1 redundancy
• No service disruption!
Release 2.0
HA Feature
• Home List
Agent Load Balancer (HA-SLB)
• VRF – support for overlapping IP addresses
• Hotlining
• MoIP Resource Revocation per IS-835C
• Packet of Disconnect (PoD) per IS-835C
• Conditional Debug Enhancements – Mobile IP
• *QoS
*Will be available in rebuild.

Home Agent SLB
• IOS Based Solution
Will leverage RLB function of IOS already used to provide
LB for SSG within CMX.
The RLB function will be acting as a front end to a pool of
HAs.
MWAM only
• Virtual server represents a group of real servers
• Modes of Operation
Dispatched mode (layer 2 connected)
Direct mode (routed)
• Load Balancing
Static round robin configuration
Dynamic Feedback Protocol
Home Agent SLB
Load balancing
-round-robin
-Load via dfp
FA contacts HA-SLB
IP HSRP address
Real HA 1
(MWAM)
HA SLB Standalone HA
PDSN/FA HA HSRP pair
On sup
Real HA replies
to MN
Real HA 2
(MWAM)
Hot Lining
• IP packet level re-direction supported in the
upstream path
• Supports IS-835C CoA messages to change user
session profiles at start of and in mid-session.
• Supports "web steering" statically configured by
realm and dynamically configured per user within the
realm.
Hot Lining
Mobile Node PDSN/FA Home Agent
Server 1
Session established and transferring

data normally
Radius sends COA to HA to activate

hotlining for session Hotline
Server
Radius
HA redirects traffic to configured
hotline server
Virtual HA & Security
Home Agent
Corporate 1
S1 VRF1 GRE VPN
Corporate 2
S2 VRF2
IPsec VPN
A VRF is associated with the following elements:
•IP routing table
•Derived forwarding table, based on the Cisco
Express Forwarding (CEF) technology Identification of “subscriber community”
•A set of interfaces that use the derived forwarding Can be downloaded from AAA
table • Criteria such as user-name, user-
•A set of routing protocols and routing peers that domain etc. may be used to identify
inject information into the VRF “subscriber community”
R1.2 HA Performance
HA xx13 HA
Users 7206 HA per Chassis
MWAM 10 MWAMs
Total Bindings 235K 1.175M 11.75M
Throughput - NDR
160 Mbps 2.5 Gbps 25 Gbps
(512 bytes/pkt)
• Results based on 512 Byte packets, unfragmented.

• Performance measured for No Drop Rate. NDR is 0.01% or 1 in 10,000 packets.
High-Capacity HA
Configuration
•13 Slots available :
–2 Supervisor Modules (System CPU)
–10 MWAM Modules (HA Application)
–1 FE/GigE Module
xx13 PDSN
7’Rack
Chassis
2-7613 Chassis
10 MWAMs
Total
Bindings 11.75M 23.5M
Throughput 25 Gbps 50 Gbps
• Results based on 512 Byte packets, unfragmented. Tested & Ready

• Performance measured for No Drop Rate. NDR is for IOT or
0.01% or 1 in 10,000 packets.
commercial
deployment
Home Agent Summary
 Feature Rich
• Highly Compliant to Specifications and Customer Requirements
• Value added service support such as VRF, Hot Lining, QoS
• Service enablement via Cisco Mobile Exchange Framework components
 Fault Tolerance
• HA Redundancy, HA-SLB
• Geographic Resiliency
 Product Maturity
• Real life deployment; deployed since 2001
 Capacity and Performance Scalability
• Small to very large deployment options
 Management
• Provisioning, Fault Mediation, Performance Mediation, Troubleshooting &
Security
Cisco 3200
Mobile Access Router
Product Overview
Agenda
 Overview of the Cisco 3200 Series Mobile Access Router

 Mobile Access Router Card
 Serial Mobile Interface Card
 Fast Ethernet Switch MIC
 Cisco 3200 Example Configurations
Cisco Mobile Access Router
Overview
 Mobile Access Router Card (MARC)
 High performance processor
 One 10/100 Ethernet
 One console
 One powered async serial (for GPS)
 Mobile Interface Cards (MICs)
MIC
 SMIC: 4 port sync/async serial
 FESMIC: 4 port FE/E Switch Card MIC
MARC
Remember the Names
 Cisco 3200 Mobile Access Router
 Cisco 3200 Series
 Cisco 3251 Mobile Access Router Card (MARC)
 Cisco 3201 Serial Mobile Interface Card (SMIC)
 Cisco 3201 FastEthernet Switch Mobile Interface
Card (FESMIC)
Cisco 3250 Mobile Access Router
Platform
S D )
t r ol (E
High performance mobile access router Co n
ta t ic
 Modular Circuit-board construction S
 Mobile Access Router Card (Cisco3251MARC)
 Serial Mobile Interface Card (Cisco3201SMIC) MARC
 Fast Ethernet Switch MIC (FESMIC)
 PC/104-Plus Form Factor FESMIC
 PC/104-Plus “Compliance”, PCI-Only
 Runs Cisco IOS SMIC
 Utilizes Cisco Mobile IP Feature Set SMIC
 Industrial Grade
 -40 C to 85 C local ambient
PC 104-Plus Mechanical
Standard
Industry Standard Hardware form factor
•Cisco 3200 Series will

test with a 3rd Party Lab
to conform to the level
of PC104-Plus
Compliant
More Specific
information at
www.PC104.org
Including definition of
our level of compliance
Size = 3.775” x 3.55”

Source: PC104-Plus Specification Version 1.2
Why PC-104-Plus?
 Smallest industry standard computing platform
 Both ISA and PCI bus
 Cisco puts signals on PCI bus only
 Any non-Cisco cards cannot signal on PCI bus
 ISA bus OK
 Self-stacking
 No backplane or cardcage required
 Stand-offs and screws recommended
 Designed for rugged, industrial-grade applications
 Good product availability, vendor support
PC-104-Plus Card Format
PCI Bus Connector Power provided By
SI
120 pin, stack Power supply pins
through, PCI BUS and grounds are
Connector (no key) connected to the
Cisco boards via
ISA / PCI
connectors
ISA Bus
Connector
104 pin, Stack
through, ISA Bus
Connector (no
Cables and key)
Connectors on I/O
No Cisco signals
side provided by SI over ISA Bus
Complete Solution Requires
Integration
Cisco 3200 Series MARC + FESMIC+SMIC
Aironet 350 Access Points
Wireless Infrastructure with external

Radios compatible with network
Cables + Power Supply + Enclosure

Environmental/Ruggedized to specs and
integrated with customer-supplied device
or vehicle
Installation, deployment, training, etc.
System
Integration
Mobile Access Router Card
(MARC)
 MPC8250, running at 200MHz CPU core,
133MHz CPM core and 66MHz Motorola 60x
Bus.
 32-bit PCI bus version 2.1 running at 25MHz,
connects to Cisco MICs.
 128Mbyte 64 bit, Unbuffered, Synchronous
DRAM,
 32Mbyte 16 bit of Flash memory,
 Single 10/100 Fast Ethernet, full-duplex 100
Base-T, with auto negotiation.
 Single Console, with modem flow control.
 Single Asynchronous, RS-232 serial, for
GPS/AUX devices.
 Integrated host-to-PCI bridge (PCI bus version
2.1), with built-in PCI arbiter that supports three
external bus masters/PCI agents.
Mobile Access Router Card
PCI Bus Connector
120 pin, stack
through, PCI BUS
Connector (no key)
ISA Bus
Connector
104 pin, Stack
through, ISA Bus
34 pin, locking header Connector (no
Aux key)
Console No Cisco signals
over ISA Bus
LED’s 10 pin, locking header, for
5V power MARC Fast Ethernet
Serial Mobile Interface Card
(Cisco3201SMIC)
PCI Bus ISA Bus
• Type of Mobile Interface Card (MIC)
• Typically used for a WAN (modem)
interface to a wireless / satellite network
• Asynch/Synch
 Supports up to 2Mbps
• 4 Cisco 12-in-1 Serial Interfaces
• All existing 12-in-1 signals supported
• Signals thru 2 60-pin multifunction headers
• PCI Bus
• Up to 3 per stack
 Set rotary switch to unique number
Rotary Switch
60-pin Multifunction Header

Fast Ethernet Switch MIC
(FESMIC) Fast Ethernet Headers
 1 10/100 Ethernet with 4 port
switch with VLAN
802.1q and 802.1p supported
Can route between FESMIC
and MARC FastE

 LED signals thru LED header
 No in-line power provided
 ISL not supported
 Limit one FESMIC per 3200
ISA Bus
LED Header PCI Bus
Presentation_ID © 2001, Cisco Systems, Inc. 111
Cisco 3200
IOS Configuration
Agenda
 Configuration Outline
 Configuration Commands
 Example Configurations
 Troubleshooting
 Reference:
 http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/1
22tcr/122tip1r/p1ftmobi.htm
Configuring Mobile IP
An Outline
© 2002, Cisco Systems, Inc. All rights reserved. 114

Steps to Configure Home
Agent
• Step 1 –
• A. Create HA as a mobile IP agent
• Define it as an HA
• B. Set virtual nets in HA
• Redistribute the virtual nets in routing updates
• C. Define the IP address of the mobile router so the
HA will recognize it
• Define the networks that will be associated with that Mobile Router
• D. Set up security association for that Mobile Router
Virtual Networks
 Virtual Network is:

 Non-physical = no interface
 Added to Routing Table
 “Home” network for Mobile Host and Router
 Mobile Host addresses are assigned from this

 Must be unrelated to “real” networks
Steps to Configure Foreign
Agent
• Step 2 –
• A. Create FA as a mobile IP agent
• B. Define it as an Foreign Agent
• Specify the interface to be used as Care-of Address
• C. Configure an interface to support Mobile IP
• IP address and mask
• Enable IRDP
• Optional: IRDP advertisement intervals
• max, min, and holdtime
• Enable FA service on the interface
Steps to Configure Mobile
Router
• Step 3 –
• A. Create Mobile Router as a mobile IP agent
• B. Define it as an MR
• Specify its address and subnet mask
• Specify the IP address of its HA
• Optional – registration parameters
• Optional - Set Reverse Tunnel on
• C. Configure Security Association with HA
• Must match HA
• D. Specify an interface with Mobile IP service
• Set the IP address and mask
• Enable roaming
Mobile Router – Optional
Features
• Step 4 – Enable services (optional)
• Solicitation, retransmission intervals
• Co-Located Care-of Address (optional)
• Enable CCOA on interface
• Set Default Gateway on interface
Mobile Router Redundancy
• Step 5 –Mobile Router Redundancy (optional)
• Enable HSRP on interface
• Set Priority
• Set Preempt
• Configure group name
• Add redundancy group name to Mobile Router configuration
Cisco 3200 Installation Course
Lab Diagram
Network 10.10.10.0/24 Network 10.10.11.0/24
Foreign FA1 Bridge
WebCam Agent 1
.35/28 FE0/0 .130/28
FE0/1
.74/30
.129/28
802.11b 3200 Bridge
10.10.11.36/28
FE0/1 Virtual Network
Home .73/30 110.10.11.0 / 24
Agent
E1/0
.33/28
FE0/0 Lo0 .77/30
.69/30
E1 .33/28
802.11b
FE0/0
.70/30 C3200 .34/28
FE0/1
Server .97/28
.34/28 .98/28
Foreign Loopback 0
FA2 Bridge
Agent 2 110.10.11.209/32
Configuring Mobile IP

Configure HA
HA(config)#router mobile Enables Mobile IP on the router
HA(config-routerip mob)#ip mobile home-agent Enables home agent service.
HA(config)#ip mobile virtual-network Creates a Virtual network
net mask [address address ]
HA(config)# router protocol [process ID] Enters router configuration mode
HA(config-router)# redistribute mobile subnets Enables redistribution of virtual
network and mobile subnets into
routing protocols
HA(config)# ip mobile host lower [upper] Specifies mobile nodes on a virtual
virtual-network net mask network
HA(config)#ip mobile host lower [upper] Specifies mobile nodes on a physical
interface name interface
HA(config)# ip mobile mobile-networks address Specifies mobile router to be set up
HA(mobile-networks)# network net mask Specifies a network that will be
hosted on the mobile host (router)
HA(config)#ip mobile secure host Sets up mobile host security
address spi spi key [hex/ascii] string associations.
Configure HA (example)
HA(config)# router mobile
HA(config-router)# ip mobile home-agent
HA(config)# ip mobile virtual-network 10.10.11.0 255.255.255.0
HA(config)# router ospf 64
HA(config-router)# redistribute mobile subnets
HA(config)# ip mobile host 10.10.11.77 virtual-network 10.10.11.0 255.255.255.0
HA(config)# ip mobile mobile-networks 10.10.11.77
HA(mobile-networks)# network 10.10.11.76 255.255.255.252
HA(config)# ip mobile secure host 10.10.11.77 spi 300 key hex

12345678123456781234567812345678
HA(config)#ip mobile home-agent lifetime 65535

Configure FA
FA(config)#router mobile Enables Mobile IP on the router
FA(config)#ip mobile foreign-agent Sets up care-of addresses advertised to
care-of interface all foreign agent-enabled interfaces.
FA(config-if)#ip mobile foreign-service Enables foreign agent service on the
interface.
FA(config)#router mobile
FA(config)#ip mobile foreign-agent care-of Faste 0/0
FA(config)#ip mobile foreign-agent care-of Faste 0/1
FA(config)#interface Faste 0/0
FA(config-if)#ip mobile foreign-service
FA(config-if)#ip mobile registration-lifetime 65535
FA(config)#interface Faste 0/1
FA(config-if)#ip mobile foreign-service
Configure Mobile Access
Router
C3200_(config)# interface loopback number Configure loopback address
C3200_(config-if)# ip address <IP address Specifies IP address for loopback
subnet mask> interface
C3200_(config)# router mobile Enable Mobile IP on the router
C3200_(config-router)#ip mobile router Configure the mobile router
C3200_(mobile-router)# address IP address of mobile router (using
<IP address><SN mask> loopback address)
C3200_(mobile-router# home-agent Specify Home Agent and priority
<IP address> [priority priority]
C3200_(config)# ip mobile secure home-agent Set up authentication key
<IP add> spi spi key [ hex/ascii ] string
C3200_(config)# interface interface Configure roaming interface
C3200_(config-if)# ip mobile router-service roam [priority priority level ]
C3200_(config-if)# ip mobile router-service solicit [interval seconds] [retransmit
initital interval maximum interval retry number of retries ]
Configure Mobile Access
Router (example)
C3200_# interface loopback
C3200_(Interface)# ip address 10.0.11.77 255.255.255.252
C3200_# router mobile
C3200_# ip mobile router
C3200_# address 10.0.11.77 255.255.255.252
C3200_# home-agent 10.0.10.77
C3200_# ip mobile secure home-agent 10.0.10.77 spi 300 key hex
12345678123456781234567812345678
C3200_# interface Faste 0/0
C3200_(interface)# ip mobile router-service roam
C3200_(interface)# ip mobile router-service solicit
Configure HA Advertisements
(Optional)
HA(config)#interface name Interface providing the service
HA(config-if)#ip irdp Turn on the advertisements on the interface
HA(config-if)#ip irdp maxadvertinterval [4-1800]
HA(config-if)#ip irdp minadvertinterval [3-1800]
HA(config)#interface e5/0/2
HA(config-if)#ip irdp
HA(config-if)#ip irdp maxadvertinterval 10
HA(config-if)#ip irdp minadvertinterval 4
Configure FA Advertisements
(Optional)
FA(config)#interface name Interface providing the service
FA(config-if)#ip irdp Turn on the advertisements on the interface
FA(config-if)#ip irdp maxadvertinterval [4-1800]
FA(config-if)#ip irdp minadvertinterval [3-1800]
FA(config)#interface e3/1
FA(config-if)#ip irdp
FA(config-if)#ip irdp maxadvertinterval 10
FA(config-if)#ip irdp minadvertinterval 4
FA(config)#interface e3/2
FA(config-if)#ip irdp
Troubleshooting Mobile IP

Troubleshooting Mobile IP -
Outline
1. What is router’s configuration?
 Verify Agent, Operation
 Is it sending Advertisements?
 SHOW IP MOBILE GLOBALS
 DEBUG IP MOBILE ADVERTISEMENTS
4. What is Mobile Router seeing?
 Is Wireless associated?
 Is Mobile Router receiving Advertisements?
 DEBUG IP ICMP
5. What is router doing?
 Is Mobile Router trying to register?
 Are FA and HA accepting registrations?
 DEBUG IP MOBILE
7. Who are router’s neighbors?
 SHOW IP ROUTE
 SHOW ARP
Outline
1.

What is router’s configuration?
Verify Agent, Operation
 DEBUG IP ICMP
 DEBUG IP MOBILE
 SHOW IP ROUTE
 SHOW ARP
Verifying HA Configuration
HA#show ip mobile globals
IP Mobility global information:
Home Agent
Registration lifetime: 10:00:00 (36000 secs)

Broadcast disabled
Replay protection time: 7 secs
Reverse tunnel enabled
ICMP Unreachable enabled
Virtual networks
110.10.11.0 /24
Foreign Agent is not enabled, no care-of address
0 interfaces providing service

Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled
Tunnel path MTU discovery aged out after 10 min
ha_#
Verifying FA Configuration
FA#show ip mobile globals
Foreign_Agent_2_#sh ip mob globals

IP Mobility global information:
Home Agent is not enabled
Foreign Agent
Pending registrations expire after 15 secs

Care-of addresses advertised
FastEthernet0/1 (10.10.10.97) - up
1 interface providing service

Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled
Tunnel path MTU discovery aged out after 10 min
Foreign_Agent_2_#
Debug Advertisements on FA
Foreign_Agent_2_#debug ip mobile advertise
IP mobility agent advertisements debugging is on
Foreign_Agent_2_#
02:30:02: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2984, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:02: Care-of address: 10.10.10.97
02:30:05: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2985, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:05: Care-of address: 10.10.10.97
Outline
1.

 DEBUG IP ICMP
 DEBUG IP MOBILE
 SHOW IP ROUTE
 SHOW ARP
MR: Advertisements
MR#debug ip icmp
*Mar 1 04:09:27.938: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
> It is receiving advertisements from Foreign Agent 10.10.10.97

1.

Outline
 DEBUG IP ICMP
 DEBUG IP MOBILE
 SHOW IP ROUTE
 SHOW ARP
MR: Registration Requests
RRQs
MR#debug ip mob
IP mobility events debugging is on

MR#
*Mar 1 04:12:12.898: MobileIP: Authentication algorithm MD5
> It is sending in Registration Requests and not getting any answer

Debugs on HA –
Registration Rejected
Home_Agent_#debug ip mobile
Home_Agent_#
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D8742C end 7D87442
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87442 end 7D87442
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Identification field has timestamp 146 secs greater than our
current time 03/01/93 00:14:18 (> allowed 7 secs) for MN 10.4.1.1
00:14:18: %IPMOBILE-6-SECURE: Security violation on HA from MN 10.4.1.1 - errcod
e registration id mismatch (133), reason Bad identifier (3)
00:14:18: MobileIP: HA rejects registration for MN 10.4.1.1 - registration id mi
smatch (133)
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
Debugs on HA – Registration
Accepted
Home_Agent_# debug ip mobile
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D877EC end 7D87802
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87802 end 7D87802
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Mobility binding for MN 10.4.1.1 created
00:14:18: MobileIP: 15 ifs in use
00:14:18: MobileIP: Tunnel0 (IP/IP) created with src 10.1.4.1 dst 10.3.1.1
00:14:18: MobileIP: 16 ifs in use
00:14:18: MobileIP: Tunnel1 (IP/IP) created with src 10.1.4.1 dst 10.4.1.1
00:14:18: MobileIP: Roam timer started for MN 10.4.1.1, lifetime 36000
00:14:18: MobileIP: MN 10.4.1.1 is now roaming
00:14:18: MobileIP: Insert route 10.4.1.1/255.255.255.255 via gateway 10.3.1.1 on Tunnel0
00:14:18: MobileIP: Insert route 10.5.2.0/255.255.255.0 via gateway 10.4.1.1 on Tunnel1
00:14:18: MobileIP: HA accepts registration from MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
00:14:19: MobileIP: swif coming up Tunnel0
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
00:14:19: MobileIP: swif coming up Tunnel1
Home_Agent_#
Debugs on FA - Registration
FA#debug ip mobile
1d02h: MobileIP: FA received registration for MN 20.0.197.84 on Ethernet3/1 using COA 40.0.197.19 HA 20.0.197.82
lifetime 990 options sBdmgvt
1d02h: MobileIP: Ethernet3/1 glean 20.0.197.84 accepted
1d02h: MobileIP: FA queued MN 20.0.197.84 in register table
1d02h: MobileIP: Visitor registration timer started for MN 20.0.197.84, lifetime 15
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200210AC end 200210C2
1d02h: MobileIP: FA forwarded registration for MN 20.0.197.84 to HA 20.0.197.82
1d02h: MobileIP: FA received accept (0) reply for MN 20.0.197.84 on Ethernet3/5 using HA 20.0.197.82 lifetime 990
1d02h: MobileIP: Reply in for MN 20.0.197.84, accepted
1d02h: MobileIP: Update visitor table for MN 20.0.197.84
1d02h: MobileIP: Tunnel2 (IP/IP) created with src 40.0.197.19 dst 20.0.197.82
1d02h: MobileIP: ARP entry for MN 20.0.197.84 inserted
1d02h: MobileIP: Visitor timer started for MN 20.0.197.84, lifetime 990
1d02h: MobileIP: FA dequeued MN 20.0.197.84 from register table
1d02h: MobileIP: MN 20.0.197.84 visiting on Ethernet3/1
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200215A8 end 200215BE
1d02h: MobileIP: FA forwarding reply to MN 20.0.197.84 using src 20.0.197.84 mac 0030.8538.1c90
1d02h: MobileIP: swif coming up Tunnel2
Debugs on MR - Registration
FA#debug ip mobile
*Mar 1 04:21:53.778: MobileIP: ParseRegExt type MHAE(32) addr 6002A08 end 6002A
1E
*Mar 1 04:21:53.778: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:53.778: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:53.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: ParseRegExt type MHAE(32) addr 61BF1A8 end 61BF1
BE
*Mar 1 04:21:57.782: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:57.782: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Tunnel0 (IP/IP) created with src 110.10.11.217 d
st 10.10.10.77
*Mar 1 04:21:58.782: MobileIP: swif coming up Tunnel0
1.

Outline
 DEBUG IP ICMP
 DEBUG IP MOBILE
 SHOW IP ROUTE
 SHOW ARP
HA Binding Table
ha_#show ip mobile binding ?
A.B.C.D IP address
home-agent Mobility bindings for specific home agent
summary Summary of binding table
| Output modifiers
<cr>
ha_#show ip mobile binding
Mobility Binding List:
Total 9
110.10.11.237:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.D8F21340
Tunnel2 src 10.10.10.77 dest 10.10.10.97 reverse-allowed
MR Tunnel1 src 10.10.10.77 dest 110.10.11.237 reverse-allowed mobile-network
110.10.11.237
Routing Options -
110.10.11.233:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.5F153F64
………… etc.
HA State – Routing Table
Home_Agent_#show ip route
M 110.10.11.0/24 is directly connected, Mobile0 Virtual Network
M 110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2
M 110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel0
M 10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1
M 10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
FA State – Visiting Mobile
Routers
Foreign_Agent_2_#show ip mobile visitor
Mobile Visitor List:
Total 5
110.10.11.229:
Interface FastEthernet0/1, MAC addr 0001.6441.87ba
IP src 110.10.11.229, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C1098.B402FE18
Lifetime 10:00:00 (36000) Remaining 08:56:25
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options -
110.10.11.245:
Interface FastEthernet0/1, MAC addr 0001.6441.87a2
IP src 110.10.11.245, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C114E.911E78F8
Lifetime 10:00:00 (36000) Remaining 08:59:27
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options -
……… etc.
Foreign Agent Routing Table
Foreign_Agent_2_#show ip route
110.0.0.0/24 is subnetted, 1 subnets
O E2 110.10.11.0 [110/20] via 10.10.10.33, 00:58:44, FastEthernet0/0
O 10.10.10.72/30 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
O 10.10.10.77/32 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
O E2 10.10.11.112/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
O E2 10.10.11.144/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
Foreign_Agent_2_#
FA State – ARP Table
Foreign_Agent_2_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.73 8 000a.8a7d.0f41 ARPA FastEthernet0/0
Internet 10.10.10.129 - 000a.8a83.0d81 ARPA FastEthernet0/1
Internet 10.10.10.130 7 0040.9657.cc93 ARPA FastEthernet0/1
Internet 10.10.10.74 - 000a.8a83.0d80 ARPA FastEthernet0/0
Internet 110.10.11.237 2 00ff.ff40.00aa ARPA FastEthernet0/1
Foreign_Agent_2_#
What FA is MR Visiting? Part 1
mar_demo_1_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.3.1.1 12 000a.8a83.0d81 ARPA Vlan1
Internet 10.5.2.1 - 00ff.ff40.00aa ARPA FastEthernet0/0
Internet 10.5.3.1 - 00ff.ff40.00ab ARPA Vlan1
Internet 10.5.3.2 137 0040.9657.2624 ARPA Vlan1
Internet 10.5.3.34 4 0010.a49f.57d9 ARPA Vlan1
mar_demo_1_#
What FA is MR Visiting? Part 2
mar_demo_1_#sh ip rout
Gateway of last resort is 10.3.1.1 to network 0.0.0.0

M 10.3.1.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1
C 10.5.3.0/24 is directly connected, Vlan1
M 10.1.4.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1
M* 0.0.0.0/0 [3/1] via 10.3.1.1, 00:07:28, Vlan1
Debugs on HA/FA - Handoff
ha_# 05:17:02: MobileIP: HA 120 received registration for MN 110.10.11.225 on
FastEthernet0/1 using COA 10.10.10.129 HA 10.10.10.77 lifetime 36000 options
sbdmgvt
05:17:02: MobileIP: MN 110.10.11.225 - authenticating MN 110.10.11.225 using SPI
5005
05:17:02: MobileIP: Delete tunnel route for 110.10.11.225/255.255.255.255 via gateway
10.10.10.97
05:17:02: MobileIP: Deleted user (7 remains) from Tunnel2 src 10.10.10.77 dest
10.10.10.97
05:17:02: MobileIP: Mobility binding for MN 110.10.11.225 updated – tunnel changed
05:17:02: MobileIP: Added user (2 active) on Tunnel0 src 10.10.10.77 dest 10.10.10.129
05:17:02: MobileIP: Insert route 110.10.11.225/255.255.255.255 via gateway
10.10.10.129 on Tunnel0
05:17:02: MobileIP: Roam timer started for MN 110.10.11.225, lifetime 36000
05:17:02: MobileIP: HA accepts registration from MN 110.10.11.225
05:17:02: MobileIP: MN 110.10.11.225 - MH auth ext added (SPI 5005) to MN
110.10.11.225
Debug Tunnel
HA#debug tunnel
05:41:15: Tunnel8: IP/IP encapsulated 10.10.10.77->110.10.11.217 (linktype=7, len=61)
05:41:15: Tunnel0: IP/IP encapsulated 10.10.10.77->10.10.10.129 (linktype=7, len=81)
Home_Agent_#sh ip cache
IP routing cache 8 entries, 1324 bytes
92 adds, 84 invalidates, 0 refcounts
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last second, 0 in last 3 seconds
Last full cache invalidation occurred 05:41:46 ago
Prefix/Length Age Interface Next Hop

10.10.10.128/30 00:10:08 FastEthernet0/1 10.10.10.74
10.10.11.32/30 00:10:08 Tunnel8 110.10.11.217
110.10.11.217/32 00:10:08 Tunnel0 10.10.10.129
FA#debug tunnel
02:39:07: Tunnel0: to decaps IP/IP packet 20.0.197.82->40.0.197.19 (len=120, ttl=254)
02:39:07: Tunnel0: decapsulated IP/IP packet 20.0.1.50->20.0.197.84 (len=100 ttl=253)
Show IP Mobile Traffic (Home
Agent)
Home_Agent_#show ip mobile traffic
IP Mobility traffic:
Advertisements:
Solicitations received 0
Advertisements sent 0, response to solicitation 0
Home Agent Registrations:
Register 2622, Deregister 2 requests
Register 1302, Deregister 2 replied
Accepted 87, No simultaneous bindings 0
Denied 1215, Ignored 1322 , Dropped 0
Unspecified 1198, Unknown HA 0
Administrative prohibited 0, No resource 0
Authentication failed MN 0, FA 0, active HA 0
Bad identification 17, Bad request form 0
Unavailable encap 0, reverse tunnel 0
Binding updates received 0, sent 0 total 0 fail 0
Binding update acks received 0, sent 0
Binding info request received 0, sent 0 total 0 fail 0
Binding info reply received 0 drop 0, sent 0 total 0 fail 0
Binding info reply acks received 0 drop 0, sent 0
Gratuitous 0, Proxy 0 ARPs sent CONTINUED >>>
Show IP Mobile Traffic (Home
Agent) cont.
Home_Agent_#show ip mobile traffic
CONTINUED…..
Foreign Agent Registrations:
Request in 0,
Forwarded 0, Denied 0, Ignored 0
Unspecified 0, HA unreachable 0
Administrative prohibited 0, No resource 0
Bad lifetime 0, Bad request form 0
Unavailable encapsulation 0, Compression 0
Unavailable reverse tunnel 0
Replies in 0
Forwarded 0, Bad 0, Ignored 0
Authentication failed MN 0, HA 0
Home_Agent_#
Show IP Mobile Tunnels
Home_Agent_#show ip mob tunnel
Mobile Tunnels:
Tunnel1:
src 10.10.10.77, dest 110.10.11.237
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel2
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
10508 packets output, 1237820 bytes
Tunnel5:
src 10.10.10.77, dest 110.10.11.245
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel0
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes
Show IP Mobile Secure Hosts
Home_Agent_# show ip mob secure host
Security Associations (algorithm,mode,replay protection,key):
10.10.11.77:
SPI 300, MD5, Prefix-suffix, Timestamp +/- 7,
Key 12345678123456781234567812345678
110.10.11.213:
Key 23456781234567812345678123456781
110.10.11.217:
Key 45678123456781234567812345678102
110.10.11.221:
Key 56781234567812345678123456781203
110.10.11.225:
Key 67812345678123456781234567812304
……. etc.
Show IP Mobile Host
HA#show ip mobile host 20.0.197.84
Mobile Host List:
20.0.197.84:
Allowed lifetime INFINITE/default)
Roam status -Registered-, Home link on interface Ethernet5/0/2
Accepted 8, Last time 03/26/01 10:40:30
Overall service time 00:28:39
Denied 1, Last time 04/24/02 18:13:22
Last code 'registration id mismatch (133)'
Total violations 1
Tunnel to MN - pkts 1, bytes 100
Reverse tunnel from MN - pkts 0, bytes 0
Show IP Mobile Interface
Foreign_Agent_2_#sh ip mobile interface
IP Mobility interface information:
Interface FastEthernet0/1:
IRDP (includes agent advertisement) enabled
Prefix Length not advertised
Lifetime is 36000 seconds
Foreign Agent service provided
No registration required
Not busy
Home Agent access list:
Current number of visitors: 5
Foreign_Agent_2_#
Clear Commands
Router#clear ip mobile binding [addr] Removes the binding entry.

Router#clear ip mobile traffic Clears all the Mobile IP counters.
Router#clear ip mobile host counters [addr] Clears Mobile Host Counters.
Router#clear ip mobile visitor Removes the visitor information.
Invalid SPI - Debug
MobileIP: HA 30 received registration for MN 20.0.197.84 on Ethernet5/0/2 using COA 40.0.197.19

HA 20.0.197.82 lifetime 65535 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 61D8EBE4 end 61D8EBFA
MobileIP: Skip2TLV look for type 32, addr start 61D8EBFA end 61D8EBFA
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using SPI 100
MobileIP: MN 20.0.197.84 - invalid authenticator for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - MN failed authentication (131)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN 20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81

Invalid SPI – Violations Log
HA#show ip mobile violation
Security Violation Log:
Total violations 1
Mobile Hosts:
20.0.197.84:
Violations: 1, Last time: 02/11/02 10:49:11
SPI: 100, Identification: C0122026.6D841504
Error Code: MN failed authentication (131), Reason: Bad authenticator (2)
Timestamp Mismatch
MobileIP: HA 32 received registration for MN 20.0.197.84 on
Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime
1000 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end
616B4116
616B4116
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using
SPI 100
MobileIP: MN 20.0.197.84 - authenticated MN 20.0.197.84 using
SPI 100
MobileIP: Identification field 2939948267 has timestamp
288712535 secs less than our current time 04/24/02 18:13:22
3228660802 (< allowed 7 secs) for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - registration
id mismatch (133)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN
20.0.197.84
MN Not Configured
MobileIP: HA 32 received registration for MN

20.0.197.85 on Ethernet5/0/2 using COA 40.0.197.19
HA 20.0.197.82 lifetime 1000 options sBdmgvt
MobileIP: MN 20.0.197.85 is not configured, request
ignored
Shorter Lifetime on HA
MobileIP: HA 32 received registration for MN 30.2.0.2 on
Ethernet5/0/2 using COA 40.0.200.1 HA 20.0.197.82 lifetime 1900
options sBdmgvt
616B4116
616B4116
MobileIP: MN 30.2.0.2 - authenticating MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 - authenticated MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 requested broadcast support, but disabled
locally
MobileIP: Mobility binding for MN 30.2.0.2 updated
MobileIP: Roam timer started for MN 30.2.0.2, lifetime 1000
MobileIP: HA accepts registration from MN 30.2.0.2
MobileIP: MN 30.2.0.2 - MH auth ext added (SPI 200) to MN
30.2.0.2
Larger Lifetime on FA
MobileIP: FA received registration for MN 30.2.0.2 on

Serial4/1 using COA 40.0.200.1 HA 20.0.197.82
lifetime 40000 options sBdmgvt
MobileIP: Lifetime is too long in request from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 -
lifetime too long (69)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
Lifetime Expires
MobileIP: Roam timer expired for MN 20.0.197.84

MobileIP: Delete tunnel route for 20.0.197.84 via gateway
40.0.197.19
MobileIP: Deleted Tunnel0 src 20.0.197.82 dest 40.0.197.19
MobileIP: HA route maint started with index 0
HA not replying (seen from
FA)
MobileIP: FA received registration for MN 30.2.0.2 on Serial4/1
using COA 40.0.200.1 HA 20.0.197.83 lifetime 4000 options
sBdmgvt
MobileIP: FA queued MN 30.2.0.2 in register table
MobileIP: Visitor registration timer started for MN 30.2.0.2,
lifetime 15
MobileIP: Skip2TLV look for type 32, addr start 2000060C end
20000622
MobileIP: FA forwarded registration for MN 30.2.0.2 to HA
20.0.197.83
MobileIP: Visitor registration timer expired for MN 30.2.0.2
MobileIP: FA dequeued MN 30.2.0.2 from register table
MobileIP: Visitor timer expired for MN 30.2.0.2
MobileIP: Host route 30.2.0.2 deleted from routing table
MobileIP: ARP entry for MN 30.2.0.2 removed
MobileIP: Deleted Tunnel0 src 40.0.200.1 dest 20.0.197.82
MobileIP: MN 30.2.0.2 no longer visiting on Serial4/1
Invalid Care-of Address
MobileIP: FA received registration for MN 30.2.0.2 on

Serial4/1 using COA 40.0.200.10 HA 20.0.197.82 lifetime
40000 options sBdmgvt
MobileIP: Care-of addr 40.0.200.10 is invalid in request
from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 - reason
unspecified (64)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 170

Mobile Ip Cisco

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Mobile Ip Cisco

Caricato da

Copyright:

Formati disponibili

Mobile Networking

Maintaining continuous IP connectivity while crossing

Many Networks Roaming

 Approved by the Internet Engineering Steering Group (IESG) in June

 RFC2005 - Mobile IP applicability

 RFC2006 - Mobile IP MIB

• All applications work without

 A mobile node has a “home address” for the

– Mobile Node (MN): Mobile IP enabled clients

 How does the Mobile Node find out where it is?

(MN may solicits on demand)

authentication using security association between MN and HA

Mobility Binding Table:

Internet Foreign Agent

 Mobile Router (MR)

MR Addr FA Intfc Addr

Src Addr Dest Addr MR

 MR sends out advertisement request (Solicitation) to “all router”

 B Busy. The foreign agent will not accept registrations

 H Home agent. This agent offers service as a home agent on

 F Foreign agent. This agent offers service as a foreign

 M Minimal encapsulation. This agent implements receiving

 G GRE encapsulation. This agent implements receiving

 r Sent as zero; ignored on reception. SHOULD NOT be

 T Foreign agent supports reverse tunneling [27].

MR Src Addr Dest Addr Src Addr Dest Addr 1.1.1.7

 MR retrieves CoA from Advertisement and sends in

 B Broadcast datagrams. If the 'B' bit is set, the mobile

 D Decapsulation by mobile node. If the 'D' bit is set, the

 M Minimal encapsulation. If the 'M' bit is set, the mobile

 G GRE encapsulation. If the 'G' bit is set, the mobile

 r Sent as zero; ignored on reception. SHOULD NOT be

 T Reverse Tunneling requested; see [27].

RRP Reply RRP Reply

MR has five states that it can be in:

• Traffic is sent as usual to the home subnet

be here Home Agent

HA-MR Tunnel Mobile Router

HA-MR Tunnel Mobile Router

HA-MR Tunnel Mobile Router

 FA strips outer header and forwards to MR

Outer Header Inner Header

100.100.100.1 30.30.30.1 100.100.100.1 65.1.1.1 <src> <dest> Data

 Once MR is registered, routing is disabled on

interfaces (bindings and tunnels are no longer

 Agent Solicitation-By default it is off, but if configured, keeps track of

Co-located Care-of Address

 Static Co-located Care-of Address support uses

 CCoA can be Static or Dynamic

 Dynamic Co-located Care-of Address support

 Normally, routers route packets by looking at the

 Reverse tunneling satisfies ingress filtering

HA-MR Tunnel Mobile Router

to be here Home Agent Correspondent Node

Downlink Uplink Downlink Uplink

Then tunnels are

Serving GPRS RADIUS WLAN

PDG Dual-mode handsets

 DSCP copy to tunnel header

 Product portfolio consists of:

Home Agent and Foreign Agent

Mobile IP Home Agent Policy Routing 12.2(13)T