Date post: | 14-Nov-2014 |
Category: |
Documents |
Upload: | api-27431931 |
View: | 143 times |
Download: | 0 times |
Mobile Networking Technology
The benefit of Mobile IP
“Mobile IP provides an IP node the ability to retain the same IP address and maintain uninterrupted network and application
connectivity while traveling across networks ”
“
”
Which ApplicationsWhich ApplicationsWhich ApplicationsWhich Applications
The objective
Maintaining continuous IP connectivity while crossing network boundaries, e.g. subnets or between
networks
Internet
Host BGateway A171.68.0.0
Gateway C140.31.0.0
Mobile Router171.68.69.0171.68.70.0 Mobile Router
171.68.69.0171.68.70.0
The Possibilities
Many Networks Roaming
InternetMobile Routers
Approved by the Internet Engineering Steering Group (IESG) in June 1996; published proposed standard in Nov. 1996
Mobile IP is an IETF proposed standard solution for mobility at Layer 3 IP
RFC2002/3220 - Mobile IP RFC2003 and RFC2004 - Tunnel encapsulation RFC2005 - Mobile IP applicability RFC2006 - Mobile IP MIB
Associated RFCs RFC1701 GRE – Generic Routing Encapsulation RFC3024 - Reverse Tunneling for Mobile IP
IETF Proposed Standard
The Problem with Mobility
Internet
Host BGateway A171.68.0.0
Gateway C140.31.0.0
Mobile Router171.68.69.0171.68.70.0 Mobile Router
171.68.69.0171.68.70.0
“Connect to171.68.69.24”
?
• Gateway A replies to Host B with an ICMP unreachable• Gateway C blocks router from joining network
SEND
X
• Routing Protocol rejects duplicate network advertisements
Where is 171.68.69.0???
Mobile IP Solution
Internet
Host B
Home Agent171.68.60.1Mobile Router
171.68.69.0171.68.70.0 Mobile Router
171.68.69.0171.68.70.0
Mobility Binding Table:MR CoA171.68.69.0 140.31.2.1
Mobility Binding Table:MR CoA171.68.69.0 140.31.2.1
Foreign AgentCOA 140.31.2.1
• Home Agent forwards packets to Mobile Router via Care of Address [CoA]
• Mobile Router sends Registration Request [RRQ] to Home Agent (HA)
Mobile IP
Operator Benefits
• All applications work without modifications (unlike application/transport layer mobility)
• Operator can control handover policies
• Access link independent (unlike link layer mobility)
“IETF Standard RFC 3344!”
Solution in a Nutshell
A mobile node has a “home address” for the end-to-end communications, but also uses a temporary “care-of address” on access networks for routing purpose.
A home agent maintains a mobility binding of home address and care-of address.
Mobile IP Network Elements
1. Mobile Node (MN): Mobile IP enabled clients identified by home address or NAI (notebooks, cell phones, PDAs) updates CoA via registrations
2. Home Agent (HA): Mobile IP enabled gateway acts as location database for MNs
3. Foreign Agent (FA): Mobile IP enabled gateway [Optional] off-loads CPU processing of encapsulation/decapsulation, enforces local network administration policy, allows for billing of MNs, conserves IP address space, reduce access link usage
Mobile IP Key Concepts
How does the Mobile Node find out where it is? Mobility Agent Advertisements—facilitates discovery of Mobility Agents
(MN may solicits on demand) How does the Mobile Node inform the Home Agent of its current location?
Via Registration—updates mobility binding after successful authentication using security association between MN and HA
How does the Mobile Node receive packets from the Home Agent? Tunneling—Home agent adds IP header to direct packets to CoA, where
decapsulation occurs
Mobility Binding Table:MN CoA171.68.69.24 140.31.2.1
Mobility Binding Table:MN CoA171.68.69.24 140.31.2.1
Mobile IP Activities Example
MN learns about FA and registers CoA HA maintains MN location database and tunnels traffic to
FA
Internet
Host BHome Agent 171.68.69.1
Host A171.68.69.24
Host A171.68.69.24
Foreign Agent 140.31.2.1
Mobile Router (MR) Home Agent (HA) Foreign Agent (FA) [1 Hop Away from MR] Care of Address (CoA) [Tunnel Endpoint] Correspondent Node (CN) Security Association (SA) [SPI/Key] ICMP Router Discovery Protocol (IRDP) [Advertisement] Registration Request (RRQ)
Mobile IP Terminology
MR
HA FA
CNInternet
MR sends out advertisement request (Solicitation) to “all router” multicast address 224.0.0.2
FA responds with unicast advertisement to MRResponse includes Care-of Address
AdvertisementIncludes COAAdvertisementIncludes COA
Src AddrFA Intfc Addr
Src AddrFA Intfc Addr
Dest AddrMR Addr
Dest AddrMR Addr
FA HA
SolicitationSolicitation
Src AddrMR addrSrc AddrMR addr
Dest Addr224.0.0.2
Dest Addr224.0.0.2
Edited slide from original by Lawrence Searcy, Cisco Systems
Step 1: Agent Discovery
MR1.1.1.7
MR1.1.1.7
Options in FA advertisements
R Registration required. Registration with this foreign agent (or another foreign agent on this link) is required even when using a co-located care-of address.
B Busy. The foreign agent will not accept registrations from additional mobile nodes.
H Home agent. This agent offers service as a home agent on the link on which this Agent Advertisement message is sent.
F Foreign agent. This agent offers service as a foreign agent on the link on which this Agent Advertisement message is sent.
M Minimal encapsulation. This agent implements receiving tunneled datagrams that use minimal encapsulation [34].
G GRE encapsulation. This agent implements receiving tunneled datagrams that use GRE encapsulation [16].
r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.
T Foreign agent supports reverse tunneling [27].
Step 2: Registration Request
MR retrieves CoA from Advertisement and sends in RRQ
FA checks requested services and either rejects and replies or forwards the RRQ to HA
1.1.1.7MR
FA
1.1.1.7
HA
RRQIncludes COA from FA
RRQIncludes COA from FA
Dest Port434
Src AddrMR AddrSrc AddrMR Addr
Src PortrandomSrc Portrandom
Dest AddrFA Intfc Addr
RRQ Includes COA
RRQ Includes COA
Dest Port434
Src AddrFA Intfc Addr
Src AddrFA Intfc Addr
Src Port434
Src Port434
Dest AddrHA Addr
Options in RRQ S Simultaneous bindings. If the 'S' bit is set, the mobile node is requesting that the home agent retain its prior mobility bindings, as described in Section 3.6.1.2.
B Broadcast datagrams. If the 'B' bit is set, the mobile node requests that the home agent tunnel to it any broadcast datagrams that it receives on the home network, as described in Section 4.3.
D Decapsulation by mobile node. If the 'D' bit is set, the mobile node will itself decapsulate datagrams which are sent to the care-of address. That is, the mobile node is using a co-located care-of address.
M Minimal encapsulation. If the 'M' bit is set, the mobile node requests that its home agent use minimal encapsulation [34] for datagrams tunneled to the mobile node.
G GRE encapsulation. If the 'G' bit is set, the mobile node requests that its home agent use GRE encapsulation [16] for datagrams tunneled to the mobile node.
r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.
T Reverse Tunneling requested; see [27].
Home Agent HA authenticates MR Sends RRP Proxy ARPs for MR Brings up tunnel and adds host route
RRP ReplyRRP Reply
Dest AddrFA
Dest AddrFA
Dest Port434
Dest Port434
Src AddrHA Intfc Addr
Src AddrHA Intfc Addr
Src Port 434
Src Port 434
Step 2: RRQ Reply
RRP ReplyRRP Reply
Dest AddrMR Addr Dest AddrMR Addr
Dest PortOrig PortDest PortOrig Port
Src AddrFA Intfc Addr
Src AddrFA Intfc Addr
Src Port 434
Src Port 434
Foreign Agent
• FA sees MR is authenticated
• Forwards RRP to MR
• Brings up tunnel
1.1.1.7MR
FA
1.1.1.7
HA
MR States
MR has five states that it can be in: Unknown – MR has not heard any agent advertisements and does
not know where to send registration requests (RRQs) Isolated – MR has heard an agent advertisement Pending – MR has sent an RRQ and is waiting for a registration
reply (RRP) from HA Registered – MR has been accepted and received the RRP from
HA, which has set up a binding table entry, tunnels, and routes for the MR
Home—MR is on its home network
Step 3: Routing
HomeAgent
ForeignAgent
Correspondent Host
• The home agent intercepts the traffic while the Mobile Router is registered as away
• Traffic is sent as usual to the home subnet
• Traffic is tunneled to the CoA of the MR and forwarded to MR
• Traffic from the Mobile Networks can go directly to the correspondent host = “Triangle Routing”
MobileRouter
Mobile Network Routing – Packet Flow
Mobile Router
Foreign Agent
Home AgentCorrespondent Node
Internet
Mobile Networks
Mobile Networksappear to be here
Node on MR
Mobile Networks
Edited slide from original by Lawrence Searcy, Cisco Systems
Mobile Router
Foreign Agent
Correspondent Node
Internet
HA-FA Tunnel
Node on MR
Mobile Network Routing – Packet Flow
Home Agent
Mobile Networkappears to be here
Mobile Networks
Mobile Router
Foreign Agent
Correspondent Node
Internet
HA-FA Tunnel
HA-MR Tunnel
FA WAN
Nodes on MR
Mobile Network Routing – Packet Flow
Home Agent
Mobile Networkappears to be here
Mobile Networks
Mobile Router
Foreign Agent
Correspondent Node
HA-MR Tunnel
Internet
HA-FA Tunnel
FA WAN
Node on MR
Mobile Network Routing – Packet Flow
Home Agent
Mobile Networkappears to be here
Mobile Networks
Mobile Router
Foreign Agent
Correspondent Node
HA-MR Tunnel
Internet
HA-FA Tunnel
FA WAN
Node on MR
Mobile Network Routing – Return Packet Flow
Home Agent
Mobile Networkappears to be here
Mobile Networks
Tunneling HA double encapsulates the packets, creating two
tunnels: HA to FAHA to MR
FA strips outer header and forwards to MR MR strips inner header and forwards to node on
mobile network
Outer HeaderHA FA
Inner HeaderHA MR
Original Packet
100.100.100.1 30.30.30.1 100.100.100.1 65.1.1.1 <src> <dest> Data
Tunneling cont.
HA dynamically creates tunnel(s) as MRs and Mobile Hosts register
Tunnels are handled as interfaces HA Routing Table shows Tunnels as interfaces So “Tunneling” involves
ENCAPSULATIONINTERFACES IN ROUTING TABLE
Home_Agent_#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not set 110.0.0.0/8 is variably subnetted, 10 subnets, 2 masksM 110.10.11.0/24 is directly connected, Mobile0M 110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2M 110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel010.0.0.0/8 is variably subnetted, 14 subnets, 3 masksC 10.10.10.32/27 is directly connected, FastEthernet0/0C 10.10.10.76/30 is directly connected, Loopback0O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0M 10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1O IA 10.10.10.128/27 [110/2] via 10.10.10.74, 00:57:35, FastEthernet0/1M 10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
HA State – Routing Table
MR Routing
Once MR is registered, routing is disabled on the MR’s roaming interfaces.
When MR is home, routing is resumed on the interfaces (bindings and tunnels are no longer needed).
Mobile Router Timers
Agent Solicitation-By default it is off, but if configured, keeps track of when to send next solicitation
Agent Advertisement-Based on IRDP lifetime. As advertisements are received, timer is restarted. When timer expires, agent removed from agent table.
Registration-Keeps track of when to send registrations before the registration lifetime expires. MR re-registers until a reply is received.
Registration lifetime-Based on granted lifetime. As replies are received, timer is restarted. When timer expires, there is no more registration.
Hold down-By default it is off, but if configured, MR waits for timer to expire before using an agent heard on that interface.
Mobile IPFeatures
Mobile Router Features
Co-located Care-of Address
Reverse tunneling
Preferred interfaces
Hold down timer
Agent solicitation
Mobile Router Features
MR redundancy
MR Asymmetric Links
MR Dynamic Networks
Identification mismatch adjustment
Sequence number detection
Co-located Care-of Address Support
Care-of Address resides on Mobile Router itselfRather than on the Foreign Agent
Does away with the need for Foreign Agents Two IP-in-IP tunnels are created: HA-Co-located
address, HA-MRHA-Co-located address tunnel is only used for routing Tunnel “Interfaces” added in Routing table
MR HA
Co-located Care-of Address cont.
Static Co-located Care-of Address support uses the address statically configured on the roaming interface as care-of address
Used for fixed-IP address connectionse.g. Cellular Data Modem
MR HA
© 2002, Cisco Systems, Inc. All rights reserved. Cisco Mobile Access Router—Module 2 -38
Static Co-located Care-of Address
Co-located Care-of Address cont.
CCoA can be Static or Dynamic
Dynamic Co-located Care-of Address support uses DHCP or IPCP to obtain a care-of address for the roaming interface
MR HA
Reverse Tunneling
Normally, routers route packets by looking at the destination address only.
A security measure against attacks (such as spoofing), ingress filtering on a router checks the source and destination addresses on a packet to make sure that they are topologically correct.
This poses a problem for Mobile IP because the source address of a packet from a mobile node does not belong to the network from which it emanated.
Mobile Router
Foreign Agent
Correspondent Node
HA-MR Tunnel
Internet
Mobile Network
HA-FA Tunnel
FA WAN
Node on MR
Mobile Network Routing – Packet Flow
Home Agent
Mobile Networkappears to be here
Reverse Tunneling
Reverse tunneling satisfies ingress filtering Packets from the mobile network are sent back to the HA
through the tunnel HA de-capsulates the packets and forwards them to their
destination through normal routing Thus, the received packets’ path is topologically correct
Mobile Router
Foreign Agent
Correspondent Node
HA-MR Tunnel
Internet
RoamingInterface
Mobile Network
HA-FA Tunnel
FA WAN
Node on MR
Mobile Network Routing – Reverse Tunneling
Edited slide from original by Lawrence Searcy, Cisco Systems Home Agent
Mobile Networkappears to be here
Preferred Interfaces By default, the Mobile Router sends data out the active
interface with the highest bandwidth. If the bandwidth on multiple interfaces is equal, then the
interface with the higher IP address is preferred. Priority can be configured on mobile router interfaces
(default 100). MR prefers to register with higher priority interface. Uses – least-cost routing, preferential routing
Asymmetric Links
Mobile Router can route traffic unidirectionally over half-duplex links
Especially for a satellite environment MR configured to send traffic to a downlink
router even though it hears advertisements on another interface
FA configured to advertise foreign-agent service out only one interface, the uplink interface connected to MR
Asymmetric Links
Home Agent Foreign Agent
UplinkDownlink
MR
FA advertises service onits uplink to MR’s downlink
MR sends RRQ to HAvia FA using its uplink
RRP is sent to FA,which forwards it to MR on its uplink.
UplinkDownlink
ADVTRRQ
RRP
Then tunnels areset up between HA-FA,HA-MR’s downlink interface
Dynamic Mobile Networks
•Mobile Networks can register with Home Agent dynamically (as opposed to static network configuration on HA)
•Critical Vendor/Organization Specific Extension (CVSE) is appended to the RRQ by MR, which contains the mobile network information
•Re-registrations do not append CVSE
Dynamic Mobile Networks cont. •When mobile network is added/deleted, MR immediately sends another re-registration with CVSE
•HA processes RRQ with CVSE by adding/deleting mobile network(s) and creating/deleting routes to the mobile network via MR
•If mobile network already exists HA ignores the request
Dynamic Mobile Networks cont. 2
•FA needs to be able to process RRQs with CVSE in order to forward them on to HA.
•Dynamic and Static Networks can be configured at the same time for an MR.
NOTE: CVSE is being replaced by AVSE (standards-based) in near future
Mobile IPin real deployments
Mobile IP and GPRS Similarities
MT
GGSN
SGSNIP Network
MN
HA
FAIP Network
GTP
IPinIP/GRE/UDP
Mobile IP and GPRS Integration
Internet
WLAN WLAN HotspotHotspot
Serving GPRSSupport Node(SGSN)
BSC
BTS
Gateway GPRSSupport Node(GGSN)
RADIUS Server
GPRSGPRSBackboneBackboneNetworkNetwork
(IP-Based)(IP-Based)GTP
AP
Home Agent Foreign Agent function can be added to GGSN and WLAN Access Router, though Mobile IP works without FA as well.
3GPP WLAN Interworking Scenarios
6 Scenarios identified which corresponds to incremental steps in terms of services and operational features
1. Common billing and Customer care 11 no impact on 3GPP specs as such; access to Open internet
2. 3GPP system based access control and charging with access to UMTS/GSM authentication (based on EAP-SIM/AKA methods)3. Access to 3GPP system PS based services (e.g. IMS, Streaming, MMS, etc.) bearer path to the home domain (current GPRS model)4. Service Continuity L3 Mobility introduction (e.g. Mobile IP technology)5. Seamless service provision6. Access to 3GPP CS Services (no use case so far)
UMTS R6 includes scenario 2 & 3 UMTS R7 will consider scenario 4 (mobility)
WLAN/GPRS Seamless Mobility Scenario 4 (Tentative)
SGSNGGSN(FA)
GPRS/UMTS
IP CoreCMX
PDG (FA)
WLAN 802.11Access Network
Mobility(HA)
Dual-mode handsets with L3 Mobility support
Applications
RAN
RNCRNC
Content
Reiterate Benefit
Mobile IP operates at network layer, independent of link layer access technologies, allowing migration and coexistence of various access networks while providing seamless mobility transparently to the user
Proven mobility across satellite, WLAN, GPRS, CDMA2000 1xRTT, Flash OFDM, iDEN, CDPD, etc.
Differences between Mobile IPv4 and Mobile IPv6 Mobile IPv6 leverages enormous IPv6 address space Mobile IPv6 is integrated into base IPv6 protocol MNv6 automatically obtain CoA after Router Advertisement
received No Foreign Agent in Mobile IPv6 Registrations are protected by IPSec in Mobile IPv6 Built in route optimization between MNv6 and CNv6
Security implications of Mobile IP Access authentication independent of Mobile
IP PPP CHAP for dial up 802.1x for WLAN
Service authorization Mobile IP security association for registrations
QOS Implications of Mobile IP DSCP copy to tunnel header Per MN session policing
Mobile IP Scalability and Flexibility Demonstrated deployment of millions of MNs Mobile IP used for macro-mobility and micro-
mobility
References
Books MOBILE IP The Internet Unplugged, ISBN 0-13-
856246-6 James D. Solomon Cisco Mobile IP Web Page
• http://www.cisco.com/go/mobile_ip IETF Mobile IP Working Group
• http://www.ietf.org/html.charters/mobileip-charter.html
Cisco Mobile IP Software Development
Mobile IP Portfolio
Product portfolio consists of: Innovations Standards compliance
IOS FeaturesFeatures Releases
Home Agent and Foreign Agent(RFC 2002, RFC 2003) 12.0(1)T
Home Agent and Foreign Agent MIBs(RFC 2006) 12.0(1)T
Home Agent Redundancy 12.0(2)T
Cisco Enterprise Mobile IP MIBs 12.2(2)T
Home Agent Redundancy with SA Synchronization 12.1(7.1) 12.2(0.11)T
Resynchronize SA 12.1(5.6) 12.2(0.11)T
HA and FA Set/Trap MIBs 12.2(2)T
Mobile Router Redundancy
Mobile Node MIBs (RFC 2006)
IPinIP Tunnel CEF Switching 12.2(13)T
Cisco Mobile Networks Dynamic Network
Cisco Mobile Networks Asymmetric Link
Mobile IP Generic Network Access Identfier (NAI) Support and Home Address Allocation (RFC 2794)
Mobile IP Support for Foreign Agent Reverse Tunneling (RFC 2344, RFC 3024)
Mobile IP RFC 3220 and RFC 3344 Compliance
HMAC-MD5 Authentication
Vendor Specific Extensions (RFC 3025, RFC 3115)
Mobile IP Challenge/Response Extensions (RFC 3012)
Mobile IP - NAT Detect
IOS FeaturesFeatures Releases
Mobile IP Home Agent Policy Routing 12.2(13)T
Cisco Enterprise Mobile IP MIBs (NAI and HA Redundancy) 12.2(13)T
Mobile IP - Home Agent Accounting 12.2(15)T
Cisco Mobile Networks - Static Collocated Care-of Address 12.2(15)T
Cisco Mobile Networks - Priority HA Assignment 12.2(15)T
Cisco Mobile Networks - Tunnel Templates for Multicast 12.2(15)T
Mobile IP Dynamic Security Association and Key Distribution 12.3(4)T
Mobile Networks Deployment MIB 12.3(4)T
Mobile Networks Dynamic Collocated Care-of Address 12.3(4)T
Mobile Networks Home Agent Redundancy For Dynamic Networks 12.3(4)T
MIBs for Reverse Tunnel, FA Challenge, and VSE 12.3(4)T
NAT Detect for FA COA 12.3(5.2) 12.3(5.5)T
IGMP Query Trigger 12.3(5.9) 12.3(5.9)T
Mobile IP NAT Traversal (RFC 3519) 12.3(8)T
Cisco’s IP Mobility Role in Standards
Standards Priority
Focus on pragmatic existing deployment issues Address real world problems in Mobile IPv4 WG
Focus on features needed to facilitate Mobile IPv6 deployments Evaluate GAPs, CDMA2000 requirements
Cisco IETF drafts
Cisco Authored Drafts
WG TITLE DRAFT AUTHORS STATUS
MIP4
The Definitions of Managed Objects for IP Mobility Support using SMIv2, revised draft-ietf-mobileip-rfc2006bis-01.txt kleung WG item
Dynamic HA Assignment Framework draft-ietf-mip4-dynamic-assignment-00.txt mkulkarn, alpesh, kleung WG item
Experimental Message, Extension and Error Codes for Mobile IPv4 draft-ietf-mip4-experimental-messages-00.txt alpesh, kleung WG item
Mobile IPv4 NAI-based Home Address Assignment draft-paulkandasamy-mobileip-nai-based-home-address-00.txt naveenpk, kleung
MIP6
The Mobile IPv6 MIB draft-ietf-mipv6-mib-01.txt sgundave WG item
Authentication Protocol for Mobile IPv6 draft-patel-mipv6-auth-protocol-00.txt alpesh, kleung
Network Access Identifier Option for Mobile IPv6 draft-patel-mipv6-nai-option-00.txt alpesh, kleung
Vendor/Organization Specific Mobility Options for MIPv6 draft-patel-vendor-options-00.txt alpesh
Experimental Mobility Options for MiPv6 draft-patel-experimental-options-00.txt alpesh
Mobile IPv6 Bootstrap TBD alpesh
NEMO
Base NEMO draft-ietf-nemo-base.txt pthubert WG item
NEMO MIB draft-ietf-nemo-mib.00.txt sgundave WG item
OSPF-MANET
Problem Statement for OSPF Extensions for Mobile Ad Hoc Routing draft-baker-manet-ospf-problem-statement-00.txt mchandra WG item
Extensions to OSPF to Support Mobile Ad Hoc Networking draft-mchandra-ospf-manet-ext-00.txt mchandra WG item
Mobile IP is also about the clients
Handover enhancements, why Mobile IP is as good a other mobility schemes
Make before break
Clients are always connected to at least one radio network such as 2.5 or 3G, those are the underlying building blocks of IP Mobility
Clients can measure radio network characteristics, especially of those other/extra radio available ( WIFI / WIMAX / … )
They can always perform a new Registration Request on a new access link before having lost the previous link
Home Agent and Client establish new association
All routing changes updated before losing previous association
There is no packet loss in handover process
Mobile IP Clients
Notebook/PDA Support
Birdstep Technology Birdstep Intelligent Mobile IP Client
Cisco & Toshiba Partnership Cisco Mobile IP Client
Intel Intelligent Roaming Continuous Roaming Mobile IP Client
Lifix Systems Lifix Go! Mobile Client
ipUnplugged ipUnplugged Roaming Client
Ecutel Viatores Client
Greenpacket SONmobile
Cellphone Support
Motorola iDEN (Integrated Digital Enhanced Network) Motorola iDEN handsets Nextel is the Service Provider
Mobile IPv4 Clients PC/Workstation
IP Operating Systems Name License Comments
4 Cisco IOS Cisco Mobile IP commercial
4 FreeBSD 2.2.2 Monarch BSD style 1998 - Rice University
4 FreeBSD 2.2.8, 4.6, 4.8, 4.9, 5.2 Secure Mobile Net BSD style 2003 - Portland State University, actively updated
4 HP-UX 11.11 HP commercial Mobile IPv4 HA/CN, Reverse Tunneling, Route Optimization and AAA support
4 Linux Dynamics GPLv2 2001 - Helsinki University of Technology, not updated
4 Linux Secgo Mobile IP commercial
4 Linux Secure Mobile Net BSD style 2003 - Portland State University, actively updated
4 Linux UoB-NOMAD SPL 2003 - based on NOMADv4
4 Linux kernel 2.2.16 MosquitoNet GPL? 2000 Stanford University
4 NetBSD 1.1 Monarch BSD style 1998 - Rice University
4 Solaris Sun Mobile IP commercial
4 Userland, (platform independent) HP Mobile IP restricted 1997
4 Windows Birdstep commercial
4 Windows EcuTel commercial
4 Windows Roamin proprietary 2000 - binary dist. for non-commercial use only
4 Windows Secgo Mobile IP commercial
4 Windows ipUnplugged commercial
4 Windows client Dynamics GPLv2 2001 - Helsinki University of Technology, not updated
4 Windows/Linux Netseal MPN commercial High availability HA(Linux), MN(Windows)
4 embedded systems Birdstep commercial
4 embedded, OS independent Treck Inc. commercial
Mobile IPv6 Clients PC/Workstation
IP Operating Systems Name License Comments
6 BSD? NEC MIPv6? 2001? - NEC
6 Cisco IOS Cisco Mobile IP commercial 2003? - technology preview
6 FreeBSD SFC-MIP BSD-style?2002? - SFC of WIDE
6 FreeBSD 2.2.2 with INRIA's IPv6 Monarch BSD style 1997 - Rice University, (draft -03)
6 FreeBSD 3.4 INRIA HMIPv6 BSD-style 2000
6 FreeBSD 4.9 KAME BSD-style 2004 - Stable, MIP code experimental, actively updated
6 HP-UX 11.11, 11.23 HP commercial Mobile IPv6 HA/CN, draft-24
6 Linux HMIPv6 GPL or BSD-style 2003 - Monash University, based on MIPL
6 Linux Lancaster MIPv6 Pkg ? 1998 - Lancaster University
6 Linux 2.4 TKN HMIPv6 ? 2002 - Technical University of Berlin
6 Linux 2.4.0 MIPL GPL 2003 - draft -24
6 NetBSD 1.6.1 KAME BSD-style 2004 - Stable, MIP code experimental, actively updated
6 Tru64 UNIX 5.1B HP commercial 2003 - draft -24
6 Windows Microsoft Research ? 2000 - partial MIP v6 support
6 embedded, OS independent Treck Inc. commercial
Concrete applications in Mobile SP
Mobile IP key deployment pointsHome Agent is the anchor point for MNs
Bandwidth overhead and FA relationship
Authentication process
It is a second authentication, for mobility service
There is still a initial link layer authentication
Preferred interfaces
Make before break and minimal / no IP interruption
interfacing layer 2 signal strengths
Cisco Wireless Convergence
1 Access 3 Services2 Control
Network Manager Agg.Auth./ Access Control
Service / Content Billing
Mobile Internet Edge
Access NetworksVenue Owners
Off Net Services
3G
WLAN
GPRS
WiMAX
Cisco Mobile Exchange
BillingAuthent. Corporate
Intranet
WirelessASP
ContentProvider
Internet
On Net Services
Streaming Localization
L2TP
GRE
IPSec
MPLS
IPV4
IPV6
GGSN
802.11
WiMAX
VPN
Other
Next-Generation IP Infrastructure All-IP Multimedia Mobile Network
SGSNGGSN(FA)/
PDSN
GPRS/UMTS/CDMA
PLMN
IP Core
MSC/VLR
CCM
MSC/VLR
CMX
Session control(SIP)
PSTN Gateway
Visited AAA
Home AAA
(FA)
WLAN 802.11Access Network
Visited AAA
Mobility(HA)
Handsets with VoIP & dual-mode support &
Mobility supportCorp AAA
PresenceHosted Applications
V
Enterprises
Unified IP-based infrastructure allows for uniform delivery of services across consumer, enterprise and carrier domain
RAN
RNCRNC
Market Leaders Early Field Trial since 1997, General Availability January 1999 Home Agent Redundancy Largest mobile implementation of MoIP worldwide - Nextel
Mobile IPv4 RFC Compliant 2002, 2003, 2005, 2006, 2794, 3012, 3220, 3344, 3519, 3543 compliant
Applications Foreign Agent, Home Agent, Proxy Mobile Node, Mobile Router
Platforms Support 2600 through 7200, Cat5K RSM, Cat6K MSFC, 7600
Cisco IOS Tightly integrated with Cisco IOS functionality
Cisco & Mobile IP
GGSN Mobile IP support
Mobile IP proxy Foreign Agent On PDP context activation GGSN will perform:
AAA req to authenticate and get the HA credentials (IP address, security keys)
MIP RegistrationReq to the HA PDP Address can be allocated by HA GTPv0 and GTPv1 support Transparent to the MS (no Mobile IP support in the MS)
GGSN 5.0 feature
Full FA functionality on the roadmap
HA – Cisco IOSBasis and Resources
HA products leverage high proportion of IOS code base to enable advanced IP network services
Current features under use today in HA from IOS include MoIP, IPSec, Routing Protocols (e.g. OSPF, RIP, BGP, EIGRP), HSRP, ODAP, VRF, QoS
HA runs on established platforms (7200, 6500, 7600) and can leverage the service blades and functionality of the platforms
• Multiprocessor WAN Application Module
• Hardware design based on existing modules, e.g. Firewall Module
• Vehicle for delivery of IOS based features; IOS application runs on the daughter card
• 5 processors per MWAM utilized, 5 instances of HA or PDSN
• All Mobile Wireless Applications use same Underlying Hardware - SSG, GGSN, PDSN, HA
• Management : Mobile Wireless Center (MWC)
MWAM Product Overview
6509NEBs/7609 HA Sample Configuration*
• Supervisor Modules (SUP2)– Central Switching and management
function– Runs separate IOS – Second SUP2 can be configured for
redundancy
• MWAM– HA application– Up to 6 MWAMs per chassis**
• IPSec VPN Services Module– IPSec Acceleration
• I/O Modules:– 100BaseT (Fast Ethernet)– 1000BaseT (Gigabit Ethernet)
*This is a sample configuration for xx09 only.
** 6513/7613 chassis can have up to 10 MWAMs.
65xx/76xx Flexibility
Licensing is flexible to allow easy growth Can be licensed per MWAM Can be licensed per processor True for HA, CSG, SSG
Same chassis can be utilized for multiple CMX components Cost savings on h/w Easy growth and expansion as add services; example:
Simple IP services with VPN required for initial deployment. Mobile IP Services added. MWAM for HA added to same chassis. Additional content billing capabilities desired. CSG added to same chassis.
Standards-based product ensures successful interoperation with other vendors.
Basic features provide robust HA HA redundancy: No impact to user. HA load balancing: One IP address presented to FA. WLAN interworking: Seamless roaming.
Premium features further enhance the HA VRF: Supports overlapping IP addresses. Hotlining: Supports IP packet redirection QoS: Downstream per session QoS. Aggregate QoS on interfaces.
Cisco HA Features & Compliance
Mobile Wireless Home Agent (HA) Roadmap
GA = Generally Available FCS = First Customer Ship EFT = Early Field Trials EC = Execute Committed CC = Concept Committed NC = Not Committed
HA R1.2 FCS(7206VXR/76xx/65xx)
EFT – 15 May ’02 / 18 Nov ‘02FCS – 16 Sept ’02 / 30 Dec ’02
76xx/65xx Key Platform Features :Sup720
HA Key Features:Capacity/Performance ImprovementsMobile IPv6IP Reachability per 835B (DNS update by HA)HA Accounting per 835CContinuous MIB EnhancementDynamic IPSec per 835BStandards Compliance
Solution Notes:L2TPv3MPLSMWAM – Sibyte with 1GHz Processor and 1G of memory
NOTE: PRICING TBD.
HA R2.0 EC(7206VXR/76xx/65xx)
EFT – 15 Jan ‘04FCS – 30 Apr ’04
HA R3.0 NC(7206VXR/76xx/65xx)
EFT – Q1 CY05FCS – Q2 CY05
76xx/65xx Key Platform Features :Firewall & IDS Module Support
7206 Key Platform Features :NPE-G1 with 1GB DRAMSA-VAM2
HA Key Features :HA Load Balancer (HA-SLB) (MWAM only)HA Redundancy EnhancementsODAPStatic IPSec per 835BResource Revocation per 835CPacket of Disconnect (PoD) per 835CConditional Debugs for MoIPVRF (overlapping IP addresses)Hotlining(rebuild) QoS Solution Notes:SSHv2WLAN Interworking
NOTE: Pricing Available
CQ042003
CQ032003
Jun2003
Feb2003
Jan2003
Dec2002
Nov2002
Oct2002
Sep2002
Note: There is an associated cost for each release. Some features may have additional cost in addition to the base.Note: There is an associated cost for each release. Some features may have additional cost in addition to the base.
Mar2003
Apr2003
May2003
CQ012004
CQ022004
CQ032004
HA Key Features:Proxy MoIPHA Redundancy (1:1)HA Binding UpdateHA Accounting3DES Encryption SupportMoIP MIB Enhancements
Solution Notes:Features consistent on all platforms3DES Encryption Support (h/w required)
NOTE: Pricing Available
CQ042004
PDSN/HA Key Features:Capacity/Performance ImprovementsBroadcast/MulticastStandards ComplianceContinuous MIB EnhancementDiameterPSD
NOTE: PRICING TBD.
HA Rx.0 NCEFT – FCS –
R1.2 HA Performance
Users 7206 HAHAper
MWAM
xx13 HA Chassis
10 MWAMs
Total Bindings 235K 1.175M 11.75M
Throughput - NDR(512 bytes/pkt)
160 Mbps 2.5 Gbps 25 Gbps
• Results based on 512 Byte packets, unfragmented.• Performance measured for No Drop Rate. NDR is 0.01% or 1 in 10,000 packets.
Home Agent Summary
Feature Rich• Highly Compliant to Specifications and Customer Requirements• Value added service support such as VRF, Hot Lining, QoS• Service enablement via Cisco Mobile Exchange Framework components
Fault Tolerance• HA Redundancy, HA-SLB • Geographic Resiliency
Product Maturity• Real life deployment; deployed since 2001
Capacity and Performance Scalability • Small to very large deployment options
Management• Provisioning, Fault Mediation, Performance Mediation, Troubleshooting &
Security
Cisco 3200 Mobile Access Router Product Overview
Agenda
Overview of the Cisco 3200 Series Mobile Access Router Mobile Access Router Card Serial Mobile Interface Card Fast Ethernet Switch MIC Cisco 3200 Example Configurations
Cisco Mobile Access Router
Mobile Access Router Overview
Mobile Access Router Card (MARC) High performance processor One 10/100 Ethernet One console One powered async serial (for GPS)
Mobile Interface Cards (MICs) SMIC: 4 port sync/async serial FESMIC: 4 port FE/E Switch Card
MARC
MIC
MIC
Remember the Names
Cisco 3200 Mobile Access Router Cisco 3200 Series Cisco 3251 Mobile Access Router Card (MARC) Cisco 3201 Serial Mobile Interface Card (SMIC) Cisco 3201 FastEthernet Switch Mobile Interface
Card (FESMIC)
Cisco 3250 Mobile Access Router Platform
High performance mobile access router Modular Circuit-board construction Mobile Access Router Card (Cisco3251MARC) Serial Mobile Interface Card (Cisco3201SMIC) Fast Ethernet Switch MIC (FESMIC) PC/104-Plus Form Factor PC/104-Plus “Compliance”, PCI-Only Runs Cisco IOS Utilizes Cisco Mobile IP Feature Set Industrial Grade -40 C to 85 C local ambient
MARC
SMIC
SMIC
FESMIC
Static Control (ESD)
PC 104-Plus Mechanical Standard
More Specific information at www.PC104.org Including definition of our level of compliance
•Cisco 3200 Series will test with a 3rd Party Lab to conform to the level of PC104-Plus Compliant
Industry Standard Hardware form factor
Source: PC104-Plus Specification Version 1.2
Size = 3.775” x 3.55”
Why PC-104-Plus?
Smallest industry standard computing platform Both ISA and PCI bus
Cisco puts signals on PCI bus only Any non-Cisco cards cannot signal on PCI bus
ISA bus OK Self-stacking
No backplane or cardcage required Stand-offs and screws recommended
Designed for rugged, industrial-grade applications Good product availability, vendor support
PC-104-Plus Card Format
Cables and Connectors on I/O side provided by SI
PCI Bus Connector
120 pin, stack through, PCI BUS Connector (no key)
ISA Bus Connector
104 pin, Stack through, ISA Bus Connector (no key)
No Cisco signals over ISA Bus
Power provided By SIPower supply pins and grounds are connected to the Cisco boards via ISA / PCI connectors
Complete Solution Requires Integration
Cisco 3200 Series MARC + FESMIC+SMICAironet 350 Access Points
Wireless Infrastructure with external Radios compatible with network
Cables + Power Supply + EnclosureEnvironmental/Ruggedized to specs and integrated with customer-supplied device
or vehicle
Installation, deployment, training, etc.
System IntegrationSystem Integration
Mobile Access Router Card (MARC)
MPC8250, running at 200MHz CPU core, 133MHz CPM core and 66MHz Motorola 60x Bus.
32-bit PCI bus version 2.1 running at 25MHz, connects to Cisco MICs.
128Mbyte 64 bit, Unbuffered, Synchronous DRAM,
32Mbyte 16 bit of Flash memory, Single 10/100 Fast Ethernet, full-duplex 100
Base-T, with auto negotiation. Single Console, with modem flow control. Single Asynchronous, RS-232 serial, for
GPS/AUX devices. Integrated host-to-PCI bridge (PCI bus version
2.1), with built-in PCI arbiter that supports three external bus masters/PCI agents.
Mobile Access Router Card
34 pin, locking header Aux ConsoleLED’s5V power
10 pin, locking header, for MARC Fast Ethernet
PCI Bus Connector
120 pin, stack through, PCI BUS Connector (no key)
ISA Bus Connector
104 pin, Stack through, ISA Bus Connector (no key)
No Cisco signals over ISA Bus
Serial Mobile Interface Card (Cisco3201SMIC)
• Type of Mobile Interface Card (MIC) • Typically used for a WAN (modem)
interface to a wireless / satellite network• Asynch/Synch
Supports up to 2Mbps
• 4 Cisco 12-in-1 Serial Interfaces• All existing 12-in-1 signals
supported• Signals thru 2 60-pin multifunction headers• PCI Bus• Up to 3 per stack
Set rotary switch to unique number
60-pin Multifunction Header
Rotary Switch
PCI Bus ISA Bus
Fast Ethernet Switch MIC (FESMIC) 1 10/100 Ethernet with 4 port
switch with VLAN 802.1q and 802.1p supported Can route between FESMIC and MARC FastE
LED signals thru LED header No in-line power provided ISL not supported Limit one FESMIC per 3200
Fast Ethernet Headers
PCI BusLED HeaderISA Bus
111Presentation_ID © 2001, Cisco Systems, Inc.
Cisco 3200Cisco 3200Mobile Access RouterMobile Access RouterIOS Configuration
Agenda Configuration Outline Configuration Commands Example Configurations Troubleshooting
Reference: http://www.cisco.com/univercd/cc/td/doc/product/software/
ios122/122newft/122tcr/122tip1r/p1ftmobi.htm
Configuring Mobile IP An Outline
© 2002, Cisco Systems, Inc. All rights reserved. 114
• Step 1 – • A. Create HA as a mobile IP agent
• Define it as an HA
• B. Set virtual nets in HA • Redistribute the virtual nets in routing updates
• C. Define the IP address of the mobile router so the HA will recognize it • Define the networks that will be associated with that Mobile Router
• D. Set up security association for that Mobile Router
Steps to Configure Home Agent
Virtual Networks
Virtual Network is: Non-physical = no interface Added to Routing Table “Home” network for Mobile Host and Router
Mobile Host addresses are assigned from this Must be unrelated to “real” networks
• Step 2 – • A. Create FA as a mobile IP agent • B. Define it as an Foreign Agent
• Specify the interface to be used as Care-of Address
• C. Configure an interface to support Mobile IP• IP address and mask• Enable IRDP
• Optional: IRDP advertisement intervals• max, min, and holdtime
• Enable FA service on the interface
Steps to Configure Foreign Agent
• Step 3 – • A. Create Mobile Router as a mobile IP agent • B. Define it as an MR
• Specify its address and subnet mask• Specify the IP address of its HA• Optional – registration parameters• Optional - Set Reverse Tunnel on
• C. Configure Security Association with HA• Must match HA
• D. Specify an interface with Mobile IP service• Set the IP address and mask• Enable roaming
Steps to Configure Mobile Router
• Step 4 – Enable services (optional)• Solicitation, retransmission intervals
• Co-Located Care-of Address (optional) • Enable CCOA on interface
• Set Default Gateway on interface
Mobile Router – Optional Features
• Step 5 –Mobile Router Redundancy (optional)
• Enable HSRP on interface• Set Priority
• Set Preempt
• Configure group name
• Add redundancy group name to Mobile Router configuration
Mobile Router Redundancy
Cisco 3200 Installation CourseLab Diagram Network 10.10.10.0/24 Network 10.10.11.0/24
FE0/0.69/30 E1 .33/28
.34/28
Loopback 0110.10.11.209/32
10.10.11.36/283200 Bridge802.11b
802.11b
Home Agent
Foreign Agent 1
Foreign Agent 2
FE0/1.73/30
FE0/0
.74/30FE0/1
.129/28
FE0/0
.70/30
.130/28
.98/28
FE0/1
.97/28
FA1 Bridge
FA2 Bridge
E1/0.33/28
WebCam.35/28
Server.34/28
C3200
Lo0 .77/30
Virtual Network
110.10.11.0 / 24
Configuring Mobile IP
© 2002, Cisco Systems, Inc. All rights reserved. 122
HA(config)#router mobile Enables Mobile IP on the router
HA(config-routerip mob)#ip mobile home-agent Enables home agent service.
HA(config)#ip mobile virtual-network Creates a Virtual network net mask [address address ]
HA(config)# router protocol [process ID] Enters router configuration mode
HA(config-router)# redistribute mobile subnets Enables redistribution of virtual network and mobile subnets into
routing protocols
HA(config)# ip mobile host lower [upper] Specifies mobile nodes on a virtual virtual-network net mask network
HA(config)#ip mobile host lower [upper] Specifies mobile nodes on a physical interface name interface
HA(config)# ip mobile mobile-networks address Specifies mobile router to be set up
HA(mobile-networks)# network net mask Specifies a network that will be hosted on the mobile host (router)
HA(config)#ip mobile secure host Sets up mobile host security address spi spi key [hex/ascii] string associations.
Configure HA
HA(config)# router mobile
HA(config-router)# ip mobile home-agent
HA(config)# ip mobile virtual-network 10.10.11.0 255.255.255.0
HA(config)# router ospf 64
HA(config-router)# redistribute mobile subnets
HA(config)# ip mobile host 10.10.11.77 virtual-network 10.10.11.0 255.255.255.0
HA(config)# ip mobile mobile-networks 10.10.11.77
HA(mobile-networks)# network 10.10.11.76 255.255.255.252
HA(config)# ip mobile secure host 10.10.11.77 spi 300 key hex 12345678123456781234567812345678
HA(config)#ip mobile home-agent lifetime 65535
Configure HA (example)
FA(config)#router mobile Enables Mobile IP on the router
FA(config)#ip mobile foreign-agent Sets up care-of addresses advertised to care-of interface all foreign agent-enabled interfaces.
FA(config-if)#ip mobile foreign-service Enables foreign agent service on the interface.
FA(config)#router mobile
FA(config)#ip mobile foreign-agent care-of Faste 0/0
FA(config)#ip mobile foreign-agent care-of Faste 0/1
FA(config)#interface Faste 0/0
FA(config-if)#ip mobile foreign-service
FA(config-if)#ip mobile registration-lifetime 65535
FA(config)#interface Faste 0/1
FA(config-if)#ip mobile foreign-service
Configure FA
C3200_(config)# interface loopback number Configure loopback address
C3200_(config-if)# ip address <IP address Specifies IP address for loopback subnet mask> interface
C3200_(config)# router mobile Enable Mobile IP on the router
C3200_(config-router)#ip mobile router Configure the mobile router
C3200_(mobile-router)# address IP address of mobile router (using <IP address><SN mask> loopback address)
C3200_(mobile-router# home-agent Specify Home Agent and priority <IP address> [priority priority]
C3200_(config)# ip mobile secure home-agent Set up authentication key <IP add> spi spi key [ hex/ascii ] string
C3200_(config)# interface interface Configure roaming interface
C3200_(config-if)# ip mobile router-service roam [priority priority level ]
C3200_(config-if)# ip mobile router-service solicit [interval seconds] [retransmit initital interval maximum interval retry number of retries ]
Configure Mobile Access Router
C3200_# interface loopback
C3200_(Interface)# ip address 10.0.11.77 255.255.255.252
C3200_# router mobile
C3200_# ip mobile router
C3200_# address 10.0.11.77 255.255.255.252
C3200_# home-agent 10.0.10.77
C3200_# ip mobile secure home-agent 10.0.10.77 spi 300 key hex 12345678123456781234567812345678
C3200_# interface Faste 0/0
C3200_(interface)# ip mobile router-service roam
C3200_(interface)# ip mobile router-service solicit
Configure Mobile Access Router (example)
HA(config)#interface name Interface providing the service
HA(config-if)#ip irdp Turn on the advertisements on the interface
HA(config-if)#ip irdp maxadvertinterval [4-1800]
HA(config-if)#ip irdp minadvertinterval [3-1800]
HA(config)#interface e5/0/2
HA(config-if)#ip irdp
HA(config-if)#ip irdp maxadvertinterval 10
HA(config-if)#ip irdp minadvertinterval 4
Configure HA Advertisements (Optional)
FA(config)#interface name Interface providing the service
FA(config-if)#ip irdp Turn on the advertisements on the interface
FA(config-if)#ip irdp maxadvertinterval [4-1800]
FA(config-if)#ip irdp minadvertinterval [3-1800]
FA(config)#interface e3/1
FA(config-if)#ip irdp
FA(config-if)#ip irdp maxadvertinterval 10
FA(config-if)#ip irdp minadvertinterval 4
FA(config)#interface e3/2
FA(config-if)#ip irdp
Configure FA Advertisements (Optional)
Troubleshooting Mobile IP
© 2002, Cisco Systems, Inc. All rights reserved. 130
Troubleshooting Mobile IP - Outline
1. What is router’s configuration? Verify Agent, Operation Is it sending Advertisements?
SHOW IP MOBILE GLOBALS DEBUG IP MOBILE ADVERTISEMENTS2. What is Mobile Router seeing?
Is Wireless associated? Is Mobile Router receiving Advertisements?
DEBUG IP ICMP3. What is router doing?
Is Mobile Router trying to register? Are FA and HA accepting registrations?
DEBUG IP MOBILE4. Who are router’s neighbors? SHOW IP ROUTE SHOW ARP
Troubleshooting Mobile IP - Outline1. What is router’s configuration?
Verify Agent, Operation Is it sending Advertisements?
SHOW IP MOBILE GLOBALS DEBUG IP MOBILE ADVERTISEMENTS2. What is Mobile Router seeing?
Is Wireless associated? Is Mobile Router receiving Advertisements?
DEBUG IP ICMP3. What is router doing?
Is Mobile Router trying to register? Are FA and HA accepting registrations?
DEBUG IP MOBILE4. Who are router’s neighbors? SHOW IP ROUTE SHOW ARP
IP Mobility global information:
Home Agent
Registration lifetime: 10:00:00 (36000 secs) Broadcast disabled Replay protection time: 7 secs Reverse tunnel enabled ICMP Unreachable enabled Virtual networks 110.10.11.0 /24
Foreign Agent is not enabled, no care-of address
0 interfaces providing serviceEncapsulations supported: IPIP and GRETunnel fast switching enabledTunnel path MTU discovery aged out after 10 minha_#
HA#show ip mobile globals
Verifying HA Configuration
Foreign_Agent_2_#sh ip mob globalsIP Mobility global information:Home Agent is not enabled
Foreign Agent
Pending registrations expire after 15 secs Care-of addresses advertised FastEthernet0/1 (10.10.10.97) - up
1 interface providing serviceEncapsulations supported: IPIP and GRETunnel fast switching enabledTunnel path MTU discovery aged out after 10 minForeign_Agent_2_#
FA#show ip mobile globals
Verifying FA Configuration
Foreign_Agent_2_#debug ip mobile advertise
IP mobility agent advertisements debugging is on
Foreign_Agent_2_#
02:30:02: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2984, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:02: Care-of address: 10.10.10.97
02:30:05: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2985, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:05: Care-of address: 10.10.10.97
Debug Advertisements on FA
Troubleshooting Mobile IP - Outline1. What is router’s configuration? Verify Agent, Operation Is it sending Advertisements?
SHOW IP MOBILE GLOBALS DEBUG IP MOBILE ADVERTISEMENTS2. What is Mobile Router seeing?
Is Wireless associated? Is Mobile Router receiving Advertisements?
DEBUG IP ICMP3. What is router doing?
Is Mobile Router trying to register? Are FA and HA accepting registrations?
DEBUG IP MOBILE4. Who are router’s neighbors? SHOW IP ROUTE SHOW ARP
MR: Advertisements
*Mar 1 04:09:27.938: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97*Mar 1 04:09:31.938: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97*Mar 1 04:09:34.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97*Mar 1 04:09:37.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97*Mar 1 04:09:39.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
> It is receiving advertisements from Foreign Agent 10.10.10.97
MR#debug ip icmp
Troubleshooting Mobile IP - Outline1. What is router’s configuration?
Verify Agent, Operation Is it sending Advertisements?
SHOW IP MOBILE GLOBALS DEBUG IP MOBILE ADVERTISEMENTS2. What is Mobile Router seeing?
Is Wireless associated? Is Mobile Router receiving Advertisements?
DEBUG IP ICMP3. What is router doing?
Is Mobile Router trying to register? Are FA and HA accepting registrations?
DEBUG IP MOBILE4. Who are router’s neighbors? SHOW IP ROUTE SHOW ARP
MR: Registration Requests RRQsMR#debug ip mob
IP mobility events debugging is onMR#*Mar 1 04:12:12.898: MobileIP: Authentication algorithm MD5*Mar 1 04:12:16.898: MobileIP: Authentication algorithm MD5*Mar 1 04:12:18.898: MobileIP: Authentication algorithm MD5*Mar 1 04:12:22.898: MobileIP: Authentication algorithm MD5
> It is sending in Registration Requests and not getting any answer
Home_Agent_#
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D8742C end 7D87442
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87442 end 7D87442
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Identification field has timestamp 146 secs greater than our
current time 03/01/93 00:14:18 (> allowed 7 secs) for MN 10.4.1.1
00:14:18: %IPMOBILE-6-SECURE: Security violation on HA from MN 10.4.1.1 - errcod
e registration id mismatch (133), reason Bad identifier (3)
00:14:18: MobileIP: HA rejects registration for MN 10.4.1.1 - registration id mi
smatch (133)
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
Home_Agent_#debug ip mobile
Debugs on HA – Registration Rejected
Home_Agent_# debug ip mobile 00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D877EC end 7D87802 00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87802 end 7D87802 00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 10000:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 10000:14:18: MobileIP: Mobility binding for MN 10.4.1.1 created00:14:18: MobileIP: 15 ifs in use00:14:18: MobileIP: Tunnel0 (IP/IP) created with src 10.1.4.1 dst 10.3.1.100:14:18: MobileIP: 16 ifs in use00:14:18: MobileIP: Tunnel1 (IP/IP) created with src 10.1.4.1 dst 10.4.1.100:14:18: MobileIP: Roam timer started for MN 10.4.1.1, lifetime 3600000:14:18: MobileIP: MN 10.4.1.1 is now roaming00:14:18: MobileIP: Insert route 10.4.1.1/255.255.255.255 via gateway 10.3.1.1 on Tunnel000:14:18: MobileIP: Insert route 10.5.2.0/255.255.255.0 via gateway 10.4.1.1 on Tunnel100:14:18: MobileIP: HA accepts registration from MN 10.4.1.100:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.100:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.200:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up00:14:19: MobileIP: swif coming up Tunnel000:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up00:14:19: MobileIP: swif coming up Tunnel1Home_Agent_#
Debugs on HA – Registration Accepted
1d02h: MobileIP: FA received registration for MN 20.0.197.84 on Ethernet3/1 using COA 40.0.197.19 HA 20.0.197.82 lifetime 990 options sBdmgvt
1d02h: MobileIP: Ethernet3/1 glean 20.0.197.84 accepted
1d02h: MobileIP: FA queued MN 20.0.197.84 in register table
1d02h: MobileIP: Visitor registration timer started for MN 20.0.197.84, lifetime 15
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200210AC end 200210C2
1d02h: MobileIP: FA forwarded registration for MN 20.0.197.84 to HA 20.0.197.82
1d02h: MobileIP: FA received accept (0) reply for MN 20.0.197.84 on Ethernet3/5 using HA 20.0.197.82 lifetime 990
1d02h: MobileIP: Reply in for MN 20.0.197.84, accepted
1d02h: MobileIP: Update visitor table for MN 20.0.197.84
1d02h: MobileIP: Tunnel2 (IP/IP) created with src 40.0.197.19 dst 20.0.197.82
1d02h: MobileIP: ARP entry for MN 20.0.197.84 inserted
1d02h: MobileIP: Visitor timer started for MN 20.0.197.84, lifetime 990
1d02h: MobileIP: FA dequeued MN 20.0.197.84 from register table
1d02h: MobileIP: MN 20.0.197.84 visiting on Ethernet3/1
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200215A8 end 200215BE
1d02h: MobileIP: FA forwarding reply to MN 20.0.197.84 using src 20.0.197.84 mac 0030.8538.1c90
1d02h: MobileIP: swif coming up Tunnel2
FA#debug ip mobile
Debugs on FA - Registration
*Mar 1 04:21:53.778: MobileIP: ParseRegExt type MHAE(32) addr 6002A08 end 6002A1E*Mar 1 04:21:53.778: MobileIP: ParseRegExt skipping 20 to next*Mar 1 04:21:53.778: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003*Mar 1 04:21:53.782: MobileIP: Authentication algorithm MD5*Mar 1 04:21:53.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003*Mar 1 04:21:57.762: MobileIP: Authentication algorithm MD5*Mar 1 04:21:57.782: MobileIP: ParseRegExt type MHAE(32) addr 61BF1A8 end 61BF1BE*Mar 1 04:21:57.782: MobileIP: ParseRegExt skipping 20 to next*Mar 1 04:21:57.782: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003*Mar 1 04:21:57.782: MobileIP: Authentication algorithm MD5*Mar 1 04:21:57.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003*Mar 1 04:21:57.782: MobileIP: Tunnel0 (IP/IP) created with src 110.10.11.217 dst 10.10.10.77*Mar 1 04:21:58.782: MobileIP: swif coming up Tunnel0
FA#debug ip mobile
Debugs on MR - Registration
Troubleshooting Mobile IP - Outline1. What is router’s configuration?
Verify Agent, Operation Is it sending Advertisements?
SHOW IP MOBILE GLOBALS DEBUG IP MOBILE ADVERTISEMENTS2. What is Mobile Router seeing?
Is Wireless associated? Is Mobile Router receiving Advertisements?
DEBUG IP ICMP3. What is router doing?
Is Mobile Router trying to register? Are FA and HA accepting registrations?
DEBUG IP MOBILE4. Who are router’s neighbors? SHOW IP ROUTE SHOW ARP
ha_#show ip mobile binding ? A.B.C.D IP address home-agent Mobility bindings for specific home agent summary Summary of binding table | Output modifiers <cr>ha_#show ip mobile binding Mobility Binding List:Total 9110.10.11.237: Care-of Addr 10.10.10.97, Src Addr 10.10.10.70 Lifetime granted 10:00:00 (36000), remaining 06:59:10 Flags sbdmgvt, Identification AF3BF344.D8F21340 Tunnel2 src 10.10.10.77 dest 10.10.10.97 reverse-allowed MR Tunnel1 src 10.10.10.77 dest 110.10.11.237 reverse-allowed mobile-network 110.10.11.237 Routing Options - 110.10.11.233: Care-of Addr 10.10.10.97, Src Addr 10.10.10.70 Lifetime granted 10:00:00 (36000), remaining 06:59:10 Flags sbdmgvt, Identification AF3BF344.5F153F64………… etc.
HA Binding Table
Home_Agent_#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not set 110.0.0.0/8 is variably subnetted, 10 subnets, 2 masksM 110.10.11.0/24 is directly connected, Mobile0M 110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2M 110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel010.0.0.0/8 is variably subnetted, 14 subnets, 3 masksC 10.10.10.32/27 is directly connected, FastEthernet0/0C 10.10.10.72/30 is directly connected, FastEthernet0/1C 10.10.10.76/30 is directly connected, Loopback0O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0M 10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1O IA 10.10.10.128/27 [110/2] via 10.10.10.74, 00:57:35, FastEthernet0/1M 10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
HA State – Routing Table
Virtual Network
Foreign_Agent_2_#show ip mobile visitor Mobile Visitor List:Total 5110.10.11.229: Interface FastEthernet0/1, MAC addr 0001.6441.87ba IP src 110.10.11.229, dest 10.10.10.97, UDP src port 434 HA addr 10.10.10.77, Identification AF3C1098.B402FE18 Lifetime 10:00:00 (36000) Remaining 08:56:25 Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed Routing Options - 110.10.11.245: Interface FastEthernet0/1, MAC addr 0001.6441.87a2 IP src 110.10.11.245, dest 10.10.10.97, UDP src port 434 HA addr 10.10.10.77, Identification AF3C114E.911E78F8 Lifetime 10:00:00 (36000) Remaining 08:59:27 Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed Routing Options - ……… etc.
FA State – Visiting Mobile Routers
Foreign_Agent_2_#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static routeGateway of last resort is not set 110.0.0.0/24 is subnetted, 1 subnetsO E2 110.10.11.0 [110/20] via 10.10.10.33, 00:58:44, FastEthernet0/0 10.0.0.0/8 is variably subnetted, 14 subnets, 4 masksC 10.10.10.32/27 is directly connected, FastEthernet0/0O 10.10.10.72/30 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0O 10.10.10.77/32 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0C 10.10.10.96/27 is directly connected, FastEthernet0/1O E2 10.10.11.112/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0O IA 10.10.10.128/27 [110/3] via 10.10.10.33, 00:58:47, FastEthernet0/0O E2 10.10.11.144/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0Foreign_Agent_2_#
Foreign Agent Routing Table
Foreign_Agent_2_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.73 8 000a.8a7d.0f41 ARPA FastEthernet0/0
Internet 10.10.10.129 - 000a.8a83.0d81 ARPA FastEthernet0/1
Internet 10.10.10.130 7 0040.9657.cc93 ARPA FastEthernet0/1
Internet 10.10.10.74 - 000a.8a83.0d80 ARPA FastEthernet0/0
Internet 110.10.11.237 2 00ff.ff40.00aa ARPA FastEthernet0/1
Foreign_Agent_2_#
FA State – ARP Table
mar_demo_1_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.3.1.1 12 000a.8a83.0d81 ARPA Vlan1
Internet 10.5.2.1 - 00ff.ff40.00aa ARPA FastEthernet0/0
Internet 10.5.3.1 - 00ff.ff40.00ab ARPA Vlan1
Internet 10.5.3.2 137 0040.9657.2624 ARPA Vlan1
Internet 10.5.3.34 4 0010.a49f.57d9 ARPA Vlan1
mar_demo_1_#
What FA is MR Visiting? Part 1
mar_demo_1_#sh ip routCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route
Gateway of last resort is 10.3.1.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masksM 10.3.1.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1C 10.5.3.0/24 is directly connected, Vlan1M 10.1.4.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1C 10.5.1.0/24 is directly connected, Loopback0M* 0.0.0.0/0 [3/1] via 10.3.1.1, 00:07:28, Vlan1
What FA is MR Visiting? Part 2
ha_# 05:17:02: MobileIP: HA 120 received registration for MN 110.10.11.225 on FastEthernet0/1 using COA 10.10.10.129 HA 10.10.10.77 lifetime 36000 options sbdmgvt05:17:02: MobileIP: MN 110.10.11.225 - authenticating MN 110.10.11.225 using SPI 500505:17:02: MobileIP: MN 110.10.11.225 - authenticated MN 110.10.11.225 using SPI 500505:17:02: MobileIP: Delete tunnel route for 110.10.11.225/255.255.255.255 via gateway 10.10.10.9705:17:02: MobileIP: Deleted user (7 remains) from Tunnel2 src 10.10.10.77 dest 10.10.10.9705:17:02: MobileIP: Mobility binding for MN 110.10.11.225 updated – tunnel changed05:17:02: MobileIP: Added user (2 active) on Tunnel0 src 10.10.10.77 dest 10.10.10.12905:17:02: MobileIP: Insert route 110.10.11.225/255.255.255.255 via gateway 10.10.10.129 on Tunnel005:17:02: MobileIP: Roam timer started for MN 110.10.11.225, lifetime 3600005:17:02: MobileIP: HA accepts registration from MN 110.10.11.22505:17:02: MobileIP: MN 110.10.11.225 - MH auth ext added (SPI 5005) to MN 110.10.11.22505:17:02: MobileIP: MN 110.10.11.225 - HA sent reply to 10.10.10.74
Debugs on HA/FA - Handoff
Home_Agent_#show ip mobile traffic IP Mobility traffic:Advertisements: Solicitations received 0 Advertisements sent 0, response to solicitation 0Home Agent Registrations: Register 2622, Deregister 2 requests Register 1302, Deregister 2 replied Accepted 87, No simultaneous bindings 0 Denied 1215, Ignored 1322 , Dropped 0 Unspecified 1198, Unknown HA 0 Administrative prohibited 0, No resource 0 Authentication failed MN 0, FA 0, active HA 0 Bad identification 17, Bad request form 0 Unavailable encap 0, reverse tunnel 0 Binding updates received 0, sent 0 total 0 fail 0 Binding update acks received 0, sent 0 Binding info request received 0, sent 0 total 0 fail 0 Binding info reply received 0 drop 0, sent 0 total 0 fail 0 Binding info reply acks received 0 drop 0, sent 0 Gratuitous 0, Proxy 0 ARPs sent CONTINUED >>>
Show IP Mobile Traffic (Home Agent)
Home_Agent_#show ip mobile traffic CONTINUED…..Foreign Agent Registrations: Request in 0, Forwarded 0, Denied 0, Ignored 0 Unspecified 0, HA unreachable 0 Administrative prohibited 0, No resource 0 Bad lifetime 0, Bad request form 0 Unavailable encapsulation 0, Compression 0 Unavailable reverse tunnel 0 Replies in 0 Forwarded 0, Bad 0, Ignored 0 Authentication failed MN 0, HA 0Home_Agent_#
Show IP Mobile Traffic (Home Agent) cont.
Home_Agent_#show ip mob tunnelMobile Tunnels:Tunnel1: src 10.10.10.77, dest 110.10.11.237 encap IP/IP, mode reverse-allowed, tunnel-users 1 IP MTU 1460 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface Tunnel2 HA created, fast switching enabled, ICMP unreachable enabled 0 packets input, 0 bytes, 0 drops 10508 packets output, 1237820 bytesTunnel5: src 10.10.10.77, dest 110.10.11.245 encap IP/IP, mode reverse-allowed, tunnel-users 1 IP MTU 1460 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface Tunnel0 HA created, fast switching enabled, ICMP unreachable enabled 0 packets input, 0 bytes, 0 drops 0 packets output, 0 bytes
Show IP Mobile Tunnels
Home_Agent_# show ip mob secure hostSecurity Associations (algorithm,mode,replay protection,key):10.10.11.77: SPI 300, MD5, Prefix-suffix, Timestamp +/- 7, Key 12345678123456781234567812345678110.10.11.213: SPI 200, MD5, Prefix-suffix, Timestamp +/- 7, Key 23456781234567812345678123456781110.10.11.217: SPI 3003, MD5, Prefix-suffix, Timestamp +/- 7, Key 45678123456781234567812345678102110.10.11.221: SPI 4004, MD5, Prefix-suffix, Timestamp +/- 7, Key 56781234567812345678123456781203110.10.11.225: SPI 5005, MD5, Prefix-suffix, Timestamp +/- 7, Key 67812345678123456781234567812304……. etc.
Show IP Mobile Secure Hosts
Show IP Mobile Host
Mobile Host List:
20.0.197.84:
Allowed lifetime INFINITE/default)
Roam status -Registered-, Home link on interface Ethernet5/0/2
Accepted 8, Last time 03/26/01 10:40:30
Overall service time 00:28:39
Denied 1, Last time 04/24/02 18:13:22
Last code 'registration id mismatch (133)'
Total violations 1
Tunnel to MN - pkts 1, bytes 100
Reverse tunnel from MN - pkts 0, bytes 0
HA#show ip mobile host 20.0.197.84
Show IP Mobile Interface
Foreign_Agent_2_#sh ip mobile interface
IP Mobility interface information:
Interface FastEthernet0/1:
IRDP (includes agent advertisement) enabled
Prefix Length not advertised
Lifetime is 36000 seconds
Foreign Agent service provided
No registration required
Not busy
Home Agent access list:
Current number of visitors: 5
Foreign_Agent_2_#
Clear Commands
Router#clear ip mobile binding [addr] Removes the binding entry.
Router#clear ip mobile traffic Clears all the Mobile IP counters.
Router#clear ip mobile host counters [addr] Clears Mobile Host Counters.
Router#clear ip mobile visitor Removes the visitor information.
MobileIP: HA 30 received registration for MN 20.0.197.84 on Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime 65535 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 61D8EBE4 end 61D8EBFA
MobileIP: Skip2TLV look for type 32, addr start 61D8EBFA end 61D8EBFA
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using SPI 100
MobileIP: MN 20.0.197.84 - invalid authenticator for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - MN failed authentication (131)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN 20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81
Invalid SPI - Debug
Security Violation Log:
Total violations 1
Mobile Hosts:
20.0.197.84:
Violations: 1, Last time: 02/11/02 10:49:11
SPI: 100, Identification: C0122026.6D841504
Error Code: MN failed authentication (131), Reason: Bad authenticator (2)
HA#show ip mobile violation
Invalid SPI – Violations Log
MobileIP: HA 32 received registration for MN 20.0.197.84 on Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime 1000 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end 616B4116
MobileIP: Skip2TLV look for type 32, addr start 616B4116 end 616B4116
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using SPI 100
MobileIP: MN 20.0.197.84 - authenticated MN 20.0.197.84 using SPI 100
MobileIP: Identification field 2939948267 has timestamp 288712535 secs less than our current time 04/24/02 18:13:22 3228660802 (< allowed 7 secs) for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - registration id mismatch (133)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN 20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81
Timestamp Mismatch
MobileIP: HA 32 received registration for MN 20.0.197.85 on Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime 1000 options sBdmgvt
MobileIP: MN 20.0.197.85 is not configured, request ignored
MN Not Configured
MobileIP: HA 32 received registration for MN 30.2.0.2 on Ethernet5/0/2 using COA 40.0.200.1 HA 20.0.197.82 lifetime 1900 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end 616B4116
MobileIP: Skip2TLV look for type 32, addr start 616B4116 end 616B4116
MobileIP: MN 30.2.0.2 - authenticating MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 - authenticated MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 requested broadcast support, but disabled locally
MobileIP: Mobility binding for MN 30.2.0.2 updated
MobileIP: Roam timer started for MN 30.2.0.2, lifetime 1000
MobileIP: HA accepts registration from MN 30.2.0.2
MobileIP: MN 30.2.0.2 - MH auth ext added (SPI 200) to MN 30.2.0.2
MobileIP: MN 30.2.0.2 - HA sent reply to 20.0.197.81
Shorter Lifetime on HA
MobileIP: FA received registration for MN 30.2.0.2 on Serial4/1 using COA 40.0.200.1 HA 20.0.197.82 lifetime 40000 options sBdmgvt
MobileIP: Lifetime is too long in request from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 - lifetime too long (69)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
Larger Lifetime on FA
MobileIP: Roam timer expired for MN 20.0.197.84
MobileIP: Delete tunnel route for 20.0.197.84 via gateway 40.0.197.19
MobileIP: Deleted Tunnel0 src 20.0.197.82 dest 40.0.197.19
MobileIP: HA route maint started with index 0
Lifetime Expires
MobileIP: FA received registration for MN 30.2.0.2 on Serial4/1 using COA 40.0.200.1 HA 20.0.197.83 lifetime 4000 options sBdmgvt
MobileIP: FA queued MN 30.2.0.2 in register table
MobileIP: Visitor registration timer started for MN 30.2.0.2, lifetime 15
MobileIP: Skip2TLV look for type 32, addr start 2000060C end 20000622
MobileIP: FA forwarded registration for MN 30.2.0.2 to HA 20.0.197.83
MobileIP: Visitor registration timer expired for MN 30.2.0.2
MobileIP: FA dequeued MN 30.2.0.2 from register table
MobileIP: Visitor timer expired for MN 30.2.0.2
MobileIP: Host route 30.2.0.2 deleted from routing table
MobileIP: ARP entry for MN 30.2.0.2 removed
MobileIP: Deleted Tunnel0 src 40.0.200.1 dest 20.0.197.82
MobileIP: MN 30.2.0.2 no longer visiting on Serial4/1
HA not replying (seen from FA)
MobileIP: FA received registration for MN 30.2.0.2 on Serial4/1 using COA 40.0.200.10 HA 20.0.197.82 lifetime 40000 options sBdmgvt
MobileIP: Care-of addr 40.0.200.10 is invalid in request from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 - reason unspecified (64)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
Invalid Care-of Address
170170170© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID