cisco mobility application

of 81/81
8/18/2019 Cisco Mobility Application http://slidepdf.com/reader/full/cisco-mobility-application 1/81

Post on 06-Jul-2018

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 8/18/2019 Cisco Mobility Application

    1/81

  • 8/18/2019 Cisco Mobility Application

    2/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   2

    Agenda

    Introduction to IP Mobility

    Mobile IP Technology

    Cisco Mobile IP Applications

    Summary and References

  • 8/18/2019 Cisco Mobility Application

    3/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   3

    “Mobility” in the Context

    The First Impression?

  • 8/18/2019 Cisco Mobility Application

    4/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   4

    “Mobility” in the Context

    Nomadic

    Portability

    Roaming

    Common RelatedBuzz WordsIn the Context…

    Where? Location

    What? Type

    How? Movement

    The First Impression?

  • 8/18/2019 Cisco Mobility Application

    5/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   5

    Mobility in the IP Networking World

    Applications

    Services

    Internet

    EnablesContinuous

    Application and

    Service Accessover IP Networks

    Regardless ofLocation, Type of

    Devices, andMovement

    IP Networks

  • 8/18/2019 Cisco Mobility Application

    6/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   6

    Layer 2 Mobility

    Movement within aLayer 3 boundary

    IP address doesnot change

    Application continuityis maintained

    An example is Inter-Access Point Protocol(IAPP) defined in IEEE

    Radio

    DeviceLayer 3

    DeviceLayer 2

    Device

  • 8/18/2019 Cisco Mobility Application

    7/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   7

    Radio

    Device

    Layer 2

    Device

    Layer 3 Mobility

    Movement acrossLayer 3 boundaries

    “IP address”is changed

    Application continuityis maintained even

    if it is across a Layer3 boundary

    Examples are

    LWAPP in WLAN

    GTP in GPRS

    Mobile IP in 1xRTT

    LWAPP: Lightweight Access Point Protocol

    GTP: GPRS Tunneling Protocol

    1xRTT: One Time Radio Transmission Technology

    Layer 3

    Device

  • 8/18/2019 Cisco Mobility Application

    8/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   8

    Multi-Access Mobility

    Movement acrossdifferent types of

    access networks

    “IP address” is changed

    Application continuityis maintained even a

    Layer 3 boundary andan access networkare across

    Examples are

    Mobile IP defined inIETF standard

     Vendor proprietaryprotocols

    Layer 3

    Device

    Ethernet

    Cellular Wireless

    Data Access

    (i.e. UMTS, EVDO)

    802.11

  • 8/18/2019 Cisco Mobility Application

    9/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   9

    IP Mobility in Our Context

    L3 Mobility + Multi-Access Mobility

    Design to Fit?

  • 8/18/2019 Cisco Mobility Application

    10/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   10

    Mobile Wireless Service FrameworkMobile Wireless Service

    Functional Layers

    Mobile Device

    Wireless

    IP Networks

    Application,Service, Content

    CDMA, GSM,

    W-CDMA, OFDM

    802.11a/b/g

    4.9GSatellite

    Bluetooth

    ZigBee

    (IP Mobility)

  • 8/18/2019 Cisco Mobility Application

    11/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   11

    Why Has IP Mobility Been Used

    in the Framework?

    Extend coverage

    Enhance usability andeffectiveness

    Enable new servicesand applications

    Wider is perceived better, but…

    Cost for perfection

    Bandwidth vs. coverage

    Use IP Mobility to leveragemulti-access and multi-IPnetworks to create one virtual

    large network

    Muni-WiFiHotspot 3G

    Extending Coverage

    Can Be Simple

    IP Mobility

  • 8/18/2019 Cisco Mobility Application

    12/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   12

    Why Has IP Mobility Been Used

    in the Framework?

    Extend coverage

    Enhance usability andeffectiveness

    Enable new servicesand applications

    Always-on and uninterruptednetwork and application

    operations

    Hidden network complexityfrom users

    Better user and customer

    satisfaction

    vlanN vlanN+1

    Ethernet WLAN

    FileTransfer 

    Cellular Wireless Data

    Networks

    Home

    WLAN

    Public

    Hotspot

  • 8/18/2019 Cisco Mobility Application

    13/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   13

    Oil Company

    Why Has IP Mobility Been Used

    in the Framework?

    Extend coverage

    Enhance usability andeffectiveness

    Enable new servicesand applications

    Seamless Internet roaming

    Secure mobile VPN access

    Remote mobile office

    Push software updates

    Dispatch call and data

    Fleet management

    Video surveillance

    Internet access for passenger Utility Workers

    KnowledgeWorkers

    Public Safety

    Transportation

  • 8/18/2019 Cisco Mobility Application

    14/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   14

    Mobile IP An IP Mobility

    Technology

  • 8/18/2019 Cisco Mobility Application

    15/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   15

    Mobile IP Concept: The Problems

    R2

    R3

    R1

    R4

    R6

    5.5.5.0/24

    5.5.5.1

    3.3.3.1

    IPCP

    5.5.5.1

    Assume the IPAddress IsUnchanged

    IPCP a New Local

    IP Address

    Problem 1:

    Network Continuesto Route Traffic to R1Which Is Dropped

    Problem 2:

    TCP/IP Points to 5.5.5.1

    TCPIP 5.5.5.1

    App

    When Going

    Unwired…

    5.5.5.0/24 R1

  • 8/18/2019 Cisco Mobility Application

    16/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   16

    R5

    5.5.5.1

    Mobile IP Concept: The Basics

    Introduce the concept of“mobile node gateway”

     which keeps track of

     where a mobile node isGateway

    5.5.5.1/24 R3

    5.5.5.1 R2

    R1

    5.5.5.0/24

    5.5.5.1

    To Reach 5.5.5.1, Go to R1

    To Reach 5.5.5.1, Go to R1

    5.5.5.1

    R3

    R4

    R6

    R2

     A fixed IP address is used by themobile node to communicate

     with any correspondent node

  • 8/18/2019 Cisco Mobility Application

    17/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   17

    R5

    R3

    R4

    R6

    R2

    Mobile IP Concept: Protocol

    Operation Requirements

    How does the gateway—Home Agent—get the

    new location of themobile device?

    Gateway

    5.5.5.1/24 R3

    5.5.5.0/24 R1

    5.5.5.0/24 R1

    5.5.5.0/24 R1

    5.5.5.1/24 R2

    How do the systemsknow a movementhas occurred and what the new pointof attachment is?

    R1

  • 8/18/2019 Cisco Mobility Application

    18/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   18

    Mobile IP Protocol Components

    Movement

    Detectionand

    Location

    Discovery

    Location Info

    Propagation

    Data Path

    Update

    Conceptual Level

    Location

    DatabaseUpdate and

    Tunnel

    Creation

    Agent

    Discovery

    Registration

    Process

    Software Components

    Control Signaling Data Plane

    Hardware Components

    (Optional)

    Foreign Agent

    Home Agent(the Gateway)

    Mobile Node (MN)(Device with Mobile IPClient Software)

  • 8/18/2019 Cisco Mobility Application

    19/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   19

    Mobile IPProtocol Details

  • 8/18/2019 Cisco Mobility Application

    20/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   20

    Movement Detection and

    Location Discovery

    RegistrationProcess

    Location DatabaseUpdate and

    TunnelEstablishment

    Topology DataPropagation

    TopologyEstablishment

    Move Detectionand

    Location Discovery

    AgentDiscovery

    Control Signaling

  • 8/18/2019 Cisco Mobility Application

    21/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   21

    Movement Detection and Location

    Discovery Overview

    Performed by the mobile node with assistance from networks

    Foreign Agent sends out a signal message including thelocation information

    Mobile node evaluates the message to detect its movementand discover its location

    Mobile node can send a signal message to seek a foreign agent

    FASignal Message (Location)

    Mobile Node

    a) Discover theLocation

    b) Determine If

    It Moves

    Known as Agent Advertisement 

    Signal Message (FA Exist?)

    Known as Agent Solicitation

    MN

  • 8/18/2019 Cisco Mobility Application

    22/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   22

    Agent Advertisements Message Format

    What?

    An ICMP packet withMobility Agent extension

    Who?

    Used by home agent

    and foreign agent

    Determined by Flags

    When?

    Periodically sent

    Or response asolicitation from MN

    Mobility Agent

    Extensions

    ICMP

    Header 

    IP

    Header 

    Type (16) Lifetime FlagsCare of

    Address…. ….

    Type (19) PrefixLength

    ….

    DA224.0.0.1

    255.255.255.255

    Type 9 Lifetime….Router

    Address

  • 8/18/2019 Cisco Mobility Application

    23/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   23

    “How” Does Movement Detection Work?

    Lifetime Expiration(in ICMP Header)

    If not receiving anotheradvertisement from theannounced window, MNthinks it has moved

    Prefix Length Extension

    If this FA is on a differentsubnet, we must have moved

    Not Equal

    Movement Detected

    Example:

    Mobility Agent

    Extensions

    ICMP

    Header 

    IP

    Header 

    Type (16) Lifetime FlagsCare of

    Address…. ….

    Type (19) PrefixLength

    ….

    DA224.0.0.1

    255.255.255.255

    Type 9 Lifetime….Router

    Address

    2.2.3.0242.2.3.1New

    2.2.2.0242.2.2.1Existing

    SubnetPrefixRouter

     Addr 

     Agent

  • 8/18/2019 Cisco Mobility Application

    24/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   24

    “How” Does Location Discover Work?

    Care-of-Address (CoA)

    Any address on a FA (the first hop router or known as anaccess router)

    CoA

    AgentAdvertisement

    FA HA

    CoAMN

    NHDest

    MN

  • 8/18/2019 Cisco Mobility Application

    25/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   25

    “How” Does Location Discover Work?

    Care-of-Address (CoA)

    Any address on a FA (the first hop router or known as anaccess router)

    What if there is no FA?

    Collocated Care-of-Address (CCoA)

    Commonly the IP address acquired via DHCP or IPCPby a mobile node

    Agent

    Solicitation

    Router HA

    CCoAMN

    NHDest

    MN

    DHCP

    No response. I’ll use theDHCP address as CoA

  • 8/18/2019 Cisco Mobility Application

    26/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   26

    What Is Significant?

    Agent Discovery can influence roaming time

    Fast detection =fast roaming

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   26

  • 8/18/2019 Cisco Mobility Application

    27/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   27

    What Is Significant? (Cont.)

    Adjust Agent Advertisement timer?

    Fast vs. chatty

    Proactive approach

    Trigger Agent Solicitation when an interface is up

    When there is no agent at all, DHCP/IPCP operationsbecome an important roaming time factor 

  • 8/18/2019 Cisco Mobility Application

    28/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   28

    Topology Information Propagation

    Location DatabaseUpdate and

    TunnelEstablishment

    TopologyEstablishment

    Move Detectionand

    Location Discovery

    AgentDiscovery

    Control Signaling

    RegistrationProcess

    Topology DataPropagation

  • 8/18/2019 Cisco Mobility Application

    29/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   29

    Registration Process Overview

    Reporting MN’s location to HA

    Occurring periodically or after the movementis detected

    Involving MN, FA, and HA

    Used for deregistration purposes—reporting MNleaving the Mobile IP networks

    Accomplished through Registration Request Message(RRQ) and Registration Reply Message (RRP)

    FA HA

    MN Registration

    RRQ

    RRP

  • 8/18/2019 Cisco Mobility Application

    30/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   30

    Registration Request Message

    Who is the mobile node?

    Where is a mobile node’s location? Where to send the registration message?

    How long is the registration valid?

    How to ensure the MN is an authorized user?

    Answers the Following Questions

  • 8/18/2019 Cisco Mobility Application

    31/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   31

    RRQ Message FormatIP

    Header 

    UDP Header

    (Dest. 434)Registration Message

    Foreign-Home

    Authentication

    Mobile-Foreign

    AuthenticationHome Address

    Lifetime

    Identification

    Care-of-Address

    Home Agent

    Address

    Type

    Flags (SBDMGV)

    Mobile-HomeAuthentication

    Extension

    Optional

    Extensions

    Required Fields

    Option Fields

    ie:

    NAI

    Extension

  • 8/18/2019 Cisco Mobility Application

    32/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   32

    Home Address and Home Network

    Home NetworkNetworks attached to aHome Agent

    Can be a physical orlogical interface

    Logical is usually easierto use

    Cisco IOS® Softwarelogical networks arecalled “virtual networks”

    Home Address An IP address on the homenetwork allocated to aMobile Node

    Used for all communication

    192.168.1.0/24

    Home Address of MN:192.168.1.20

    Home Agent192.168.1.20

    Home Network

    MNMNFA

  • 8/18/2019 Cisco Mobility Application

    33/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   33

    Home Address (HoA) vs.

    Care-of-Address (CoA)

    Home Agent

    MNCN

    FA

    I am talking toa host with the

    IP addressequal to homeaddress (HoA)

    I am forwardinga mobile node’shome address

    (HoA) to itscurrent Care-of-Address (CoA) Care-of-Address

    (CoA)

    Home Address(HoA)

  • 8/18/2019 Cisco Mobility Application

    34/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   34

    Another Method to Identify a

    Mobile Node

    Network AccessIdentifier (NAI)

    Save IP addresses

    a user name appendedas an extension inregistration message

    Formation is either“user” or “[email protected]

    A home address still

    needs to be allocatedto a mobile nodewhen requested

    [email protected]

    Home

    Agent

    RRQ:NAI

    ([email protected])

    RRP:Home

    Address

    (HoA)

    MN

    1.1.1.1[email protected]

    Home AddressNAI

  • 8/18/2019 Cisco Mobility Application

    35/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   35

    Home

    Agent

    RRQ

    RRQ

    MN

    How Long Is the RRQ Valid?

    Lifetime:

    Maximum amount of time

    a mobile node will bekept active

    RRQ is periodically sent

    Can be used to validate thepath to a home agent

    Fast vs. performance

  • 8/18/2019 Cisco Mobility Application

    36/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   36

    Secure Authentication Review

    Security Association (SA)

    Is a set of security parameters used to sign a message

    Hash algorithms

    Key size

    Replay protection

    Security Parameter Index (SPI)Is a numeric identifier for the SA

    Allows multiple SAs to be configured between two devicesto support multiple sessions

    Key Management

    Manual key distribution

    Public Key Infrastructure (PKI)

  • 8/18/2019 Cisco Mobility Application

    37/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   37

    Mobile IP Registration Authentication Mobile IP authentication

    can occur between anytwo Mobile IP components

    The mandatory one isbetween the mobile nodeand home agent—knownas MHAE

    Foreign-Home

    Authentication

    Mobile-Foreign

    Authentication

    Mobile-Home

    AuthenticationExtension

    IPHeader 

    UDP Header(Dest. 434)

    Registration Message

    Required Fields

    Option Fields

    Manual DistributionKeyManagement

    Timestamp and NonceReplayProtection

    128-bitKey

    HMAC-MD5; Keyed-MD5 Algorithm

    SA and Key ManagementUsed by Mobile IP

  • 8/18/2019 Cisco Mobility Application

    38/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   38

    Registration Authentication

    MHAE, Example

    Selects SAUsing SPI 100

    Secret Registration Message

    HMAC-MD5

    MessageDigest

    Completed RRQ

    Home

    Agent

    Same Approach as MN toConstruct the Message Digest

    Compare Message Digests

    Equal and Timestamp <Accepted Interval

    Timestamp

    Authenticated

    Selects SAUsing MNHome Addressand SPI 100

    All Prior ExtensionsType, Length, SPI Fields

    MN

    TimestampReplayProtection

    SecretKey

    HMAC-MD5 Algorithm

    SPI 100

    TimestampReplayProtection

    SecretKey

    HMAC-MD5 Algorithm

    MN 10.1.1.1/SPI 100

    Authentication Is Built-in,

    in the Mobile IP Protocol,but Data Encryption Is Not

  • 8/18/2019 Cisco Mobility Application

    39/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   39

    Registration Reply (RRP) Generated by HA to ACK the

    acceptance or rejection of theregistration (RRQ)

    Packet format is similar toRRQ with an additional“code” field

    The code filed is particular

    useful to indicate whaterrors may be

    Reply codes range: 0 to 2550–8: Success

    64–127: Error from the

    Foreign Agent128–192: Error from theHome Agent

    192–255: Unallocated

    129—Administratively ProhibitedDenied by an access list

    130—Insufficient ResourcesCould not assign a Home Address

    131—Mobile Node Failed Authentication

    Mismatched keys or SPI

    133—Registration IdentificationMismatch

    Clocks out of sync; shouldretry automatically

  • 8/18/2019 Cisco Mobility Application

    40/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   40

    Registration Messages Review

    © 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID   40

    What is used torepresent the

    current location?

    How to identify an MN?

    What is the destinationof the registrationmessages?

    How long is theregistration valid?

    How can the network

    ensure that the MN isan authorized user?

    How to response thesuccess of registrationmessage?

    CoA or CCoA

    Home address or “NAI”

    Home Agent address

    RFP Message

    Security Association

    Lifetime

  • 8/18/2019 Cisco Mobility Application

    41/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   41

    Topology Establishment

    Move Detectionand

    Location Discovery

    AgentDiscovery

    Control Signaling

    RegistrationProcess

    Topology DataPropagation

    Location DatabaseUpdate and

    TunnelEstablishment

    TopologyEstablishment

  • 8/18/2019 Cisco Mobility Application

    42/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   42

    Topology Establishment

    Location database update

    Contains CoA (the current point of attachment) of a MN

    Similar to a routing protocol’s topology table

    The tables are known as “binding table” on a home agent and“visitor table” on a foreign agent in Cisco IOS Software

    Tunnel creationA logical interface to forward traffic to and from a mobile node

    Can be an IPinIP, GRE, or UDP tunnel or referring to as aMobile IP tunnel in the Mobile IP context

    FA HA

    MN Mobile IP Tunnel

  • 8/18/2019 Cisco Mobility Application

    43/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   43

    Reverse Tunneling

    Reverse Tunneling—Traffic is sent from the MN to theHA via the tunnel, then delivered via routing

    Ingress filtering and uRPF will drop packets that havetopologically incorrect source address

    MobileNode

    HomeAgent

    ForeignAgent

    CorrespondentHost

    COA

  • 8/18/2019 Cisco Mobility Application

    44/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   44

    Topology Establishment Example

    HA

    Eth0CoATunnelMN HoA

    NHDest

    Eth0

    WLANFAFA*

    NHDest

    FAWLAN

    WLANMN

    NHDest

    T1

    MN HoA

    Src

    Tunnel

    NH

    T1HA

    HA FA MN

    Home Address

    (HoA)

    Data Data Data

    Data Data Data

    Src (HA)Dest (CoA)

    Src (CoA)

    Dest (HA)

    MN

    HA Address CoA

    Mobile IP Tunnel

  • 8/18/2019 Cisco Mobility Application

    45/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   45

    Mobile IP Protocol Summary

    Move Detectionand

    Location Discovery

    AgentDiscovery

    Control Signaling

    RegistrationProcess

    Topology DataPropagation

    Location DatabaseUpdate andTunnel

    Establishment

    TopologyEstablishment

  • 8/18/2019 Cisco Mobility Application

    46/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   46

    Cisco Mobile IPImplementations

    and Key Features

  • 8/18/2019 Cisco Mobility Application

    47/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   47

    Cisco Mobile IP Technology IETF RFC 3344 and 3GPP2 compliant

    General availability since January 1999 Cisco platforms and software for Home Agent and

    Foreign Agent functions are

    3rd party standard compliant Mobile IP clients can beused with the Cisco Home Agent and Foreign Agent

    IETF RFC 3344and 3GPP2

    SX ImageCisco 7200, MWAM

    IETF RFC 3344T Train with IP VoiceFeature Set or Above

    Cisco 1800, 2800, 3800,7200, 7300, 7400

    IETF RFC 3344T Train with IP Plus

    Feature Set or AboveCisco 1700,

    2600XM, 3700

    Standard ComplianceSoftwareHardware

  • 8/18/2019 Cisco Mobility Application

    48/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   48

    AAA DHCP

    Adding Mobile IP Adding mobile IP is as

    simple as adding an HA

    or enabling the HA onan existing router 

    … and installing client

    software Mobile IP can run in

    co-located Care-of-Address mode

    MN

  • 8/18/2019 Cisco Mobility Application

    49/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   49

    Home Agent Configurations

    radius-server host 10.82.70.12 key

    itsasecretRADIUS Server 

    ip mobile home-agent

    ip mobile host nai @example address pool

    dhcp-proxy-client

    dhcp-server 10.82.70.10 interface

    FastEthernet0/0 aaa load-sa!

    Enable HA andIdentify Clients

     Allowed to Roam

    router mobile

    !

    Enable Mobile

    IP Process

    interface FastEthernet0/0

    ip address 192.168.1.1 255.255.255. 0

    !Home Network

    aaa new-model

    aaa authorization ipmobile default group

    radius

    !

     AAA

  • 8/18/2019 Cisco Mobility Application

    50/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   50

    Turning on the FA The FA needs be enabled

    on edge routers if used

    FA is only minimaloverhead

    Reverse tunneling may

    not be needed insidean enterprise network

    AAA DHCP

    MN

    FA

  • 8/18/2019 Cisco Mobility Application

    51/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   51

    FA Configuration

    ip mobile foreign-agent care-of Loopback0/0Enable theForeign Agent

    router mobile

    !Enable MobileIP Process

    interface FastEthernet0/1

    ip address 192.168.101.1 255.255.255.0

    ip irdp

    ip mobile foreign-service

    ip mobile prefix-length!

    Foreign Interface

    interface Loopback0

    ip address 192.168.250.1 255.255.255.255

    !

    COA Interface

  • 8/18/2019 Cisco Mobility Application

    52/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   52

    Cisco Mobile IPKey Features YouHave Most Likely

    Encountered

  • 8/18/2019 Cisco Mobility Application

    53/81

    RFC 3519

  • 8/18/2019 Cisco Mobility Application

    54/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   54

    NAPT Traversal Detection Outbound registration sets

    up the NAT translation

    Home Agent detects thatsource of registration isnot the same as CoA

    If RRQ contains UDPtunneling extension, theHA enables UDP tunneling

    MN can force UDPtunneling for firewalltraversal

    SRC: 10.2.2.20COA: 10.1.1.10

    SRC: 4.3.2.10COA: 10.1.1.10

    Translation10.1.1.10:55234.3.2.10:7178NATNAT

    PrivateNetwork

    Internet

    RR Q

  • 8/18/2019 Cisco Mobility Application

    55/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   55

    Cisco Stateful Home Agent Redundancy Uses Cisco HSRP to detect the

    failure within seconds

    The redundant Home Agent is in

    the “standby” mode

    The redundant Home Agentcontains real-time mobile user’sservice context

    The redundant Home Agent isparticipating in the network routingand can forward traffic if needed

    Service Context

    Recovery

    Enterprises

    Failure

    Detection

    System

    Initialization

    Part

    Replacement

    Network

    Converge

    Resume

    Service

    Active HomeAgent 

    RedundantHome Agent 

    H S RP 

    Derived from Enterprise Costs: Infonetics Research, September 2000

  • 8/18/2019 Cisco Mobility Application

    56/81

  • 8/18/2019 Cisco Mobility Application

    57/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   57

    Mobile IPv6 Protocol RFC 3775

    Similar to the Mobile IPv4 concept

    A home agent keeps track of the mobile node’s location

    Including location discovery, movement detection, registration,and topology establishment

    Different from the Mobile IPv4

    No Foreign Agent

    Traffic can be sent directly between two communicating nodes

    A driver for IPv6

    Location Discovery:

  • 8/18/2019 Cisco Mobility Application

    58/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   58

    A Host Builds a Link-

    Local Address, then Its

    Global IPv6 Address(es)

    from the RA

    RA (Subnet Prefix)

    yIPv6 Host Address Auto-Configuration

    Stateless (RFC 2462)

    Host autonomously configures

    its own Link-Local address

    Router Solicitation (RS)are sent by booting nodesto request Router

    Advertisement (RA)

    Stateful (DHCPv6)(RFC 3315)

    The acquired address is theCoA—represents the pointof attachment

    SUBNET PREFIX +MAC ADDRESS

    SUBNET PREFIX +

    MAC ADDRESSSubnet Prefix +MAC Address

    SUBNET PREFIX +

    MAC ADDRESS

    SUBNET PREFIX +MAC ADDRESSSubnet Prefix +

    MAC Address

    Stateless

  • 8/18/2019 Cisco Mobility Application

    59/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   59

    Movement Detection

    Informs Home Agent of a new pointof attachment

    How?

    Slightly complicated, but conceptually…

    When a new prefix has appeared and thecurrent default router has disappeared

    Fast detection is possible

    msec vs. sec for Router Advertisement interval

    Can also be done using link layer—up/down

    RA:Old Prefix

    RA:New Prefix

    OldRouter 

    NewRouter 

    Stateless Host AddressAuto Configuration

    Dynamic Home Agent Address

  • 8/18/2019 Cisco Mobility Application

    60/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   60

    Discovery (DHAAD)

    A mechanism to find an active home agent in the home link

    MN still needs to configure the home link address

    But not the specific home agent address—Anycast address

    Useful if an existing home agent router needs to be replaced

    Mobile nodes away from home can automatically use thenew home agent

    Provides a failover protection

    A non-stateful approach

    RFC 3775

    HA1 HA2

    Anycast Address

    Home Link

  • 8/18/2019 Cisco Mobility Application

    61/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   61

    Mobility Header 

    NextHeader 

    Hdr ExtLength

    Message Data

    MH TypeReserved

    Checksum

    IPv6 Protocol Extensions for Mobile IPv6

    Previous

    Header 

    Next Header 

    Home Address

    Next

    Header 

    Hdr Ext

    Length

    Option

    Type

    OptionLength

    Destination Header Next Header = 60

    Example

    Alternate Care-of-Address Option

    Defined for Mobile IPv6registration and bindingcreation

     Various types and

    option extensions

    RFC 3775 for details

    IPv6 basicHeader 

    = 135

    Binding Refresh

    Request0

    Binding Acknowledge

    6

    Binding Update5

    MessageMHValue

    R i i

  • 8/18/2019 Cisco Mobility Application

    62/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   62

    Registration

    Two important messages youshould know

    Binding Update (BU) and Binding Acknowledge (BA)

    Encapsulation vs. optionextensions

    Care-of-AddressTypically derived from the sourceIP address of the header 

    Optionally stored in the“alternative care of address” field

    Home address

    Stored in Destination Optionheader of IPv6

    Mobile IPv4 Comparison

    RRQ and RRP

    UDP (434) encapsulation

    RFC 3775

    Care of address

     A field inside of RRQ

    Home address

     A field inside of RRQ

    T 2 R ti H d

  • 8/18/2019 Cisco Mobility Application

    63/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   63

    Type 2 Routing Header 

    A new routing header variant

    Allows a packet to be routed directly from a CN to an MN CoA

    CoA is inserted in the IPv6 Destination Address field (from CN)

    MN swaps the Home Address in the routing header with the

    destination address in the IP header (normal IPv6 process)

    Next Header Hdr Ext Length

    Home Address

    Routing Type = 2 Segments Left = 1

    IPv6 Basic Header Next Header = 43

    Routing Header

    Routing Header 

    Reserved

    Put All Together:M bil IP 6 R i t ti

  • 8/18/2019 Cisco Mobility Application

    64/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   64

    (New Home

     Agent

    Information

    Option)

    RA

    Mobile IPv6 RegistrationMobile

    Node

    Access

    Router 

    Home

    Agent 1

    Home

    Agent 2

    Correspondent 

    Node

    RS

    RA

    DHAAD Request 

    Acquired IP Address

    on the Visit Network

    (Used as Care-of-Addr)

    DHAAD Reply

    Use the First 

    HA AddressBinding Update (BU)

    Binding Ack (BA)

    Create

    Binding

    CacheCreate HA Cache

    Use HA

    Anycast Address

    Redistribute

    Mobile Networks

    (Home Agent List)

    Core

    Bi-Directional Tunnel

    Data Packets Data PacketsIPinIP

    M bil IP 6 P d t A il bilit

  • 8/18/2019 Cisco Mobility Application

    65/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   65

    Mobile IPv6 Product Availability

    Cisco Mobile IPv6 Home Agent available inCisco IOS Software Release 12.3(14)T

    RFC 3755 compliance

    Does not support IPsec yet

    Mobile IPv6 client

    Microsoft Tech preview for Windows XP and 2000

  • 8/18/2019 Cisco Mobility Application

    66/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   66

    Cisco MobileIP ApplicationsMobile Networks

    Host Mobility vs Group Mobility

  • 8/18/2019 Cisco Mobility Application

    67/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   67

    Host Mobility vs. Group Mobility

    Host Mobility Group Mobility

    I can go anywhereI want! Free ride! Savesus lots of energy!

    Network Mobility

  • 8/18/2019 Cisco Mobility Application

    68/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   68

    Network Mobility

    Capability to enable IPmobility for a groupof hosts

    Also known as “MobileNetworks” in Cisco

    The network or subnet

     where the group of hostsconnected to is referringto as “mobile network”

    The router where themobile network isconnected to is referringto as “mobile router”

    MobileNetwork

    Mobile Router 

    Mobile Networks Solution Concept

    ANIMATION

  • 8/18/2019 Cisco Mobility Application

    69/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   69

    Mobile Networks Solution Concept

    Based on the sameconcept as theMobile IP

    Home Agent as thegateway to routetraffic destined toa mobile network

    Foreign agentis optional

    Useful for fastroaming, performance,and managementimprovement

    Mobile Router (MR)is similar to a mobilenode but with a networkconnecting to it

    Home Agent

    (HA)

    Mobile Network HA

    MobileNetwork

    Mobile Network HA

    MobileNetwork

    R1 (FA)

    Mobile Router 

    More Details

  • 8/18/2019 Cisco Mobility Application

    70/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   70

    More Details…

    Basic Mobile IP Concept

    For traffic destined

    to a mobile router,it is routed as usual

    Home Agent(HA)

    FACoA

    MRHome Address Router 1

    Int FE0

    Int. FE0Router 1CoA

    TunnelBlue

    CoAMR Home Address

    Out Int.Next HopDestination

    More Details (Cont )

  • 8/18/2019 Cisco Mobility Application

    71/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   71

    MR Home AddressMobile Network

    Int. FE0Router 1CoA

    Tunnel BlueCoAMR Home Address

    Out Int.Next HopDestination

    More Details… (Cont.)

    If I know how to reach amobile router, then I cansimply forward the mobile

    network associated withthe mobile router to thatmobile router 

    Home Agent(HA)

    FACoA

    Router 1

    Int FE0

    MRHome Address

    Tunnel Green

    MobileNetwork

    Connection Management on CiscoMobile Router

  • 8/18/2019 Cisco Mobility Application

    72/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   72

    Mobile Router 

    Multiple links are likelyequipped by a mobile router 

    Select the “best” link to

    establish a Mobile IP tunnel

    3G: UMTS,EVDO

    ProprietaryWireless Link

    802.11bWiFi

    Mobile

    Router 

    11Mbps

    ~500kbps

    9.6kbps

    Selection Algorithm

    Priority can be configured on

    mobile router interfaces(default 100)

    MR prefers to register withhigher priority interface

    If priority is equal, the interface

     with the higher bandwidthis preferred

    If priority and bandwidth areequal, then the interface

     with the higher IP addressis preferred

    Cisco Mobile Networks

    Cisco Network Mobility forIPv4 Is Available Since2001

  • 8/18/2019 Cisco Mobility Application

    73/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   73

    Cisco Mobile Networks

    Cisco home agent and foreign agent

    The same home agent routers and the foreign agent routers

    running Cisco IOS Software Release 12.2T or later for themobile nodes can be used for the mobile networks

    Cisco mobile routers

    Available in the Cisco IOS Software Release 12.2T or later  Support Cisco Home Agent Redundancy and NAT

    traversal features

    Cisco Mobile Networks for IPv6Implementation is based on IETF RFC3963—NEMO

    Test image is available

    Cisco Mobile Access Router 3200

  • 8/18/2019 Cisco Mobility Application

    74/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   74

    Cisco Mobile Access Router 3200

     A specialrugged router 

    Equipped with 802.11 wireless cards

    Connecting toan external

     wireless modemthrough aserial interface

    In-Vehicle Configuration WAN WirelessNetworks

    SMIC

    FESMIC

     

     

     

     

     

     

     

     

    WMIC

    MARC

    WMIC

          P      C      I

          B    u    s

    802.11

    Cellular/OtherWireless

    SatCom

    In-Vehicle Wireless/Wired LAN(s)

    Modem/Radio

  • 8/18/2019 Cisco Mobility Application

    75/81

    Summary

  • 8/18/2019 Cisco Mobility Application

    76/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   76

    Summary

    IP Mobility is a keyfunctionality for mobile

     wireless networking

    Mobile IP, a IP Mobilityprotocol, enables seamlessmulti-access roaming

    Move Detectionand

    Location Discovery

    Agent Discovery

    Control Signaling

    RegistrationProcess

    Topology DataPropagation

    Location DatabaseUpdate and

    TunnelEstablishment 

    TopologyEstablishment 

    CDMA, GSM,

    W-CDMA, OFDM

    802.11a/b/g

    4.9GSatellite

    Bluetooth

    ZigBee

    Summary (Cont.)

  • 8/18/2019 Cisco Mobility Application

    77/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   77

    y ( )

    Components to construct aMobile IP network

    Cisco Mobile Networks enablesmobility for an entire subnet

    MobileNetwork

    Mobile Router 

    Home Agent(HA)

    ForeignAgent (FA)

    (Optional)

    Mobile Node(MN)

    Reference Materials

  • 8/18/2019 Cisco Mobility Application

    78/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   78

    Cisco Mobile IP on CCO

    Collateral: http://www.cisco.com/go/mobile_ip

    Feature Navigator: http://www.cisco.com/go/fn

    Mobile IP Client

    Birdstep: http://www.birdstep.com

    IPunplugged: http://www.ipunplugged.com

    IETF Standards

    http://www.mip4.org

    http://www.ietf.org/html.charters/mip4-charter.html

    Recommended Reading

  • 8/18/2019 Cisco Mobility Application

    79/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   79

    g

    Mobile IP Technology and Applications,ISBN: 1-58705-132-X

    802.11 Wireless LAN Fundamentals[1-58705-077-3]

    Wireless Networks First-Step[1-58720-111-9] available August 2004

    Deploying License-Free WirelessWide-Area Networks [1-58705-069-2]

    802.11 Wireless Network Site Surveyingand Installation [1-58705-164-8]

    available September 2004

    Available On-Site at the Cisco Company Store

  • 8/18/2019 Cisco Mobility Application

    80/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   80

    Q and A

  • 8/18/2019 Cisco Mobility Application

    81/81

    © 2007 Cisco Systems, Inc. All rights reserved.Presentation_ID   81