Download Mobile IP Technology Overview

Mobile Networking
Technology
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -1
The benefit of Mobile IP
“
“Mobile IP provides an IP node the ability to
retain the same IP address and maintain
uninterrupted network and application
connectivity while traveling across
networks ”
”
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-2
Which Applications
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -3
The objective
Maintaining continuous IP connectivity
while crossing network boundaries, e.g.
subnets or between networks
Gateway A
171.68.0.0
Host B
Internet
Mobile Router
171.68.69.0
171.68.70.0
© 2002, Cisco Systems, Inc. All rights reserved.
Gateway C
140.31.0.0
Mobile Router
171.68.69.0
171.68.70.0
Cisco Mobile Access Router—Module 2-4
The Possibilities
Many Networks Roaming
Internet
© 2002, Cisco Systems, Inc. All rights reserved.
Mobile Routers
Cisco Mobile Access Router—Module 2-5
IETF Proposed Standard
• Approved by the Internet Engineering Steering Group
(IESG) in June 1996; published proposed standard in
Nov. 1996
• Mobile IP is an IETF proposed standard solution for
mobility at Layer 3 IP
– RFC2002/3220 - Mobile IP
– RFC2003 and RFC2004 - Tunnel encapsulation
– RFC2005 - Mobile IP applicability
– RFC2006 - Mobile IP MIB
• Associated RFCs
– RFC1701 GRE – Generic Routing Encapsulation
– RFC3024 - Reverse Tunneling for Mobile IP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-6
The Problem with Mobility
Where is 171.68.69.0???
?
Gateway A
171.68.0.0
Mobile Router
171.68.69.0
171.68.70.0
“Connect to
171.68.69.24”
Host B
Internet
Gateway C
140.31.0.0
X
Mobile Router
171.68.69.0
171.68.70.0
SEND
• Gateway A replies to Host B with an ICMP unreachable
• Gateway C blocks router from joining network
• Routing Protocol rejects duplicate network advertisements
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-7
Mobile IP Solution
Mobility Binding Table:
MR
CoA
171.68.69.0 140.31.2.1
Host B
Internet
Home Agent
Mobile Router 171.68.60.1
171.68.69.0
171.68.70.0
Foreign Agent
COA 140.31.2.1
Mobile Router
171.68.69.0
171.68.70.0
• Mobile Router sends Registration Request [RRQ] to Home Agent (HA)
• Home Agent forwards packets to Mobile Router via Care of Address
[CoA]
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-8
Mobile IP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -9
Operator Benefits
• All applications work without
modifications (unlike
application/transport layer mobility)
• Operator can control handover
policies
• Access link independent (unlike link
layer mobility)
“IETF Standard RFC 3344!”
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-10
Solution in a Nutshell
• A mobile node has a “home address”
for the end-to-end communications,
but also uses a temporary “care-of
address” on access networks for
routing purpose.
• A home agent maintains a mobility
binding of home address and care-of
address.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-11
Mobile IP Network Elements
1. Mobile Node (MN): Mobile IP enabled
clients identified by home address or NAI
(notebooks, cell phones, PDAs) updates
CoA via registrations
2. Home Agent (HA): Mobile IP enabled
gateway acts as location database for
MNs
3. Foreign Agent (FA): Mobile IP enabled
gateway [Optional] off-loads CPU
processing of
encapsulation/decapsulation, enforces
local network administration policy,
allows for billing of MNs, conserves IP
address space, reduce access link usage
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-12
Mobile IP Key Concepts
• How does the Mobile Node find out where it is?
Mobility Agent Advertisements—facilitates discovery of
Mobility Agents (MN may solicits on demand)
• How does the Mobile Node inform the Home Agent of its current
location?
Via Registration—updates mobility binding after successful
authentication using security association between MN and
HA
• How does the Mobile Node receive packets from the Home
Agent?
Tunneling—Home agent adds IP header to direct packets to
CoA, where decapsulation occurs
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-13
Mobile IP Activities Example
Mobility Binding Table:
MN
CoA
171.68.69.24
140.31.2.1
Home Agent
171.68.69.1
Host A
171.68.69.24
Host B
Internet
Foreign Agent
140.31.2.1
Host A
171.68.69.24
• MN learns about FA and registers CoA
• HA maintains MN location database and
tunnels traffic to FA
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-14
Mobile IP Terminology
CN
HA
•
•
•
•
•
•
•
•
Internet
FA
Mobile Router (MR)
Home Agent (HA)
MR
Foreign Agent (FA) [1 Hop Away from MR]
Care of Address (CoA) [Tunnel Endpoint]
Correspondent Node (CN)
Security Association (SA) [SPI/Key]
ICMP Router Discovery Protocol (IRDP) [Advertisement]
Registration Request (RRQ)
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-15
Step 1: Agent Discovery
Dest Addr
MR Addr
Edited slide from original by
Lawrence Searcy, Cisco Systems
Src Addr
FA Intfc Addr
Advertisement
Includes COA
FA
MR
1.1.1.7
Src Addr
MR addr
HA
Dest Addr
224.0.0.2
MR
1.1.1.7
Solicitation
• MR sends out advertisement request (Solicitation) to
“all router” multicast address 224.0.0.2
• FA responds with unicast advertisement to MR
Response includes Care-of Address
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-16
Options in FA advertisements
•
•
•
R
Registration required. Registration with this foreign
agent (or another foreign agent on this link) is required
even when using a co-located care-of address.
•
•
B
Busy. The foreign agent will not accept registrations
from additional mobile nodes.
•
•
•
H
Home agent. This agent offers service as a home agent on
the link on which this Agent Advertisement message is
sent.
•
•
•
F
Foreign agent. This agent offers service as a foreign
agent on the link on which this Agent Advertisement
message is sent.
•
•
M
Minimal encapsulation. This agent implements receiving
tunneled datagrams that use minimal encapsulation [34].
•
G
•
tunneled datagrams that use GRE encapsulation [16].
•
•
r
•
T
© 2002, Cisco Systems, Inc. All rights reserved.
GRE encapsulation. This agent implements receiving
Sent as zero; ignored on reception. SHOULD NOT be
allocated for any other uses.
Foreign agent supports reverse tunneling [27].
Cisco Mobile Access Router—Module 2-17
Step 2: Registration Request
FA
MR
1.1.1.7
Src Addr
MR Addr
Src Port
random
Dest Addr
FA Intfc Addr
Dest Port
434
RRQ
Includes COA from FA
HA
Src Addr
FA Intfc Addr
Src Port
434
Dest Addr
HA Addr
Dest Port
434
1.1.1.7
RRQ
Includes COA
• MR retrieves CoA from Advertisement and
sends in RRQ
• FA checks requested services and either
rejects and replies or forwards the RRQ to HA
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-18
Options in RRQ
•
S
Simultaneous bindings. If the 'S' bit is set, the mobile
•
node is requesting that the home agent retain its prior
•
mobility bindings, as described in Section 3.6.1.2.
•
B
•
node requests that the home agent tunnel to it any
•
broadcast datagrams that it receives on the home network,
•
as described in Section 4.3.
•
D
Decapsulation by mobile node. If the 'D' bit is set, the
•
mobile node will itself decapsulate datagrams which are
•
sent to the care-of address. That is, the mobile node is
•
using a co-located care-of address.
•
M
Minimal encapsulation. If the 'M' bit is set, the mobile
•
node requests that its home agent use minimal
•
encapsulation [34] for datagrams tunneled to the mobile
•
node.
•
G
GRE encapsulation. If the 'G' bit is set, the mobile
•
node requests that its home agent use GRE encapsulation
•
[16] for datagrams tunneled to the mobile node.
•
r
•
•
© 2002, Cisco Systems, Inc. All rights reserved.
Broadcast datagrams. If the 'B' bit is set, the mobile
Sent as zero; ignored on reception. SHOULD NOT be
allocated for any other uses.
T
Reverse Tunneling requested; see [27].
Cisco Mobile Access Router—Module 2-19
Step 2: RRQ Reply
Dest Addr
MR Addr
Dest Port
Orig Port
Dest Addr
FA
Dest Port
434
Src Addr
FA Intfc Addr
Src Port
434
Src Addr
HA Intfc Addr
Src Port
434
RRP Reply
RRP Reply
FA
HA
MR
1.1.1.7
1.1.1.7
Home Agent
Foreign Agent
FA sees MR is
authenticated
•
HA authenticates MR
•
•
Sends RRP
Forwards RRP to
MR
•
Proxy ARPs for MR
•
Brings up tunnel
•
Brings up tunnel and
adds host route
•
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-20
MR States
MR has five states that it can be in:
• Unknown – MR has not heard any agent
advertisements and does not know where to send
registration requests (RRQs)
• Isolated – MR has heard an agent advertisement
• Pending – MR has sent an RRQ and is waiting for a
registration reply (RRP) from HA
• Registered – MR has been accepted and received the
RRP from HA, which has set up a binding table entry,
tunnels, and routes for the MR
• Home—MR is on its home network
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-21
Step 3: Routing
Correspondent
Host
Home
Agent
Foreign
Agent
Mobile
Router
• Traffic is sent as usual to the home subnet
• The home agent intercepts the traffic while the Mobile
Router is registered as away
• Traffic is tunneled to the CoA of the MR and
forwarded to MR
• Traffic from the Mobile Networks can go directly to the
correspondent host = “Triangle Routing”
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-22
Mobile Network Routing – Packet Flow
Mobile
Networks
Node on MR
Mobile Router
Foreign Agent
Internet
Mobile
Networks
appear to
be here
Correspondent Node
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Edited slide from original
by Lawrence Searcy, Cisco
Systems
Cisco Mobile Access Router—Module 2-23
Mobile Network Routing – Packet Flow
Mobile
Networks
Node on MR
Mobile Router
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Correspondent Node
Cisco Mobile Access Router—Module 2-24
Mobile Network Routing – Packet Flow
Mobile
Networks
Nodes on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Correspondent Node
Cisco Mobile Access Router—Module 2-25
Mobile Network Routing – Packet Flow
Mobile
Networks
Node on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Correspondent Node
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-26
Mobile Network Routing – Return Packet Flow
Mobile
Networks
Node on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Correspondent Node
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-27
Tunneling
• HA double encapsulates the packets,
creating two tunnels:
HA to FA
HA to MR
• FA strips outer header and forwards to MR
• MR strips inner header and forwards to
node on mobile network
Outer Header
HA
FA
100.100.100.1 30.30.30.1
© 2002, Cisco Systems, Inc. All rights reserved.
Inner Header
HA
100.100.100.1
MR
65.1.1.1
Original Packet
<src> <dest> Data
Cisco Mobile Access Router—Module 2-28
Tunneling cont.
• HA dynamically creates tunnel(s) as MRs
and Mobile Hosts register
• Tunnels are handled as interfaces
• HA Routing Table shows Tunnels as
interfaces
• So “Tunneling” involves
ENCAPSULATION
INTERFACES IN ROUTING TABLE
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-29
HA State – Routing Table
Home_Agent_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
M
110.10.11.0/24 is directly connected, Mobile0
M
110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2
M
110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel0
10.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
C
10.10.10.32/27 is directly connected, FastEthernet0/0
C
10.10.10.76/30 is directly connected, Loopback0
O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0
M
10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1
O IA 10.10.10.128/27 [110/2] via 10.10.10.74, 00:57:35, FastEthernet0/1
M
10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-30
MR Routing
• Once MR is registered, routing is
disabled on the MR’s roaming
interfaces.
• When MR is home, routing is
resumed on the interfaces (bindings
and tunnels are no longer needed).
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-31
Mobile Router Timers
• Agent Solicitation-By default it is off, but if
configured, keeps track of when to send next
solicitation
• Agent Advertisement-Based on IRDP lifetime. As
advertisements are received, timer is restarted. When
timer expires, agent removed from agent table.
• Registration-Keeps track of when to send
registrations before the registration lifetime expires.
MR re-registers until a reply is received.
• Registration lifetime-Based on granted lifetime. As
replies are received, timer is restarted. When timer
expires, there is no more registration.
• Hold down-By default it is off, but if configured, MR
waits for timer to expire before using an agent heard
on that interface.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-32
Mobile IP
Features
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -33
Mobile Router Features
Co-located Care-of Address
Reverse tunneling
Preferred interfaces
Hold down timer
Agent solicitation
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-34
Mobile Router Features
MR redundancy
MR Asymmetric Links
MR Dynamic Networks
Identification mismatch adjustment
Sequence number detection
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-35
Co-located Care-of Address Support
MR
HA
• Care-of Address resides on Mobile Router
itself
Rather than on the Foreign Agent
• Does away with the need for Foreign Agents
• Two IP-in-IP tunnels are created: HA-Colocated address, HA-MR
HA-Co-located address tunnel is only used for
routing
Tunnel “Interfaces” added in Routing table
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-36
Co-located Care-of Address cont.
MR
HA
• Static Co-located Care-of Address
support uses the address statically
configured on the roaming interface as
care-of address
Used for fixed-IP address connections
e.g. Cellular Data Modem
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-37
Static Co-located Care-of Address
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco
CiscoMobile
MobileAccess
AccessRouter—Module
Router—Module 22-38
-38
Co-located Care-of Address cont.
HA
MR
• CCoA can be Static or Dynamic
• Dynamic Co-located Care-of Address
support uses DHCP or IPCP to obtain a
care-of address for the roaming
interface
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-39
Reverse Tunneling
• Normally, routers route packets by looking
at the destination address only.
• A security measure against attacks (such
as spoofing), ingress filtering on a router
checks the source and destination
addresses on a packet to make sure that
they are topologically correct.
• This poses a problem for Mobile IP
because the source address of a packet
from a mobile node does not belong to the
network from which it emanated.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-40
Mobile Network Routing – Packet Flow
Mobile Network
Node on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Correspondent Node
Cisco Mobile Access Router—Module 2-41
Reverse Tunneling
• Reverse tunneling satisfies ingress filtering
• Packets from the mobile network are sent
back to the HA through the tunnel
• HA de-capsulates the packets and forwards
them to their destination through normal
routing
• Thus, the received packets’ path is
topologically correct
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-42
Mobile Network Routing – Reverse Tunneling
Mobile Network
Node on MR
Roaming
Interface
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
Correspondent Node
Edited slide from original
by Lawrence Searcy, Cisco
Systems
Cisco Mobile Access Router—Module 2-43
Preferred Interfaces
• By default, the Mobile Router sends data out
the active interface with the highest
bandwidth.
• If the bandwidth on multiple interfaces is
equal, then the interface with the higher IP
address is preferred.
• Priority can be configured on mobile router
interfaces (default 100).
• MR prefers to register with higher priority
interface.
• Uses – least-cost routing, preferential routing
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-44
Asymmetric Links
• Mobile Router can route traffic
unidirectionally over half-duplex links
Especially for a satellite environment
• MR configured to send traffic to a
downlink router even though it hears
advertisements on another interface
• FA configured to advertise foreignagent service out only one interface, the
uplink interface connected to MR
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-45
Asymmetric Links
MR sends RRQ to HA
via FA using its uplink
FA advertises service on
its uplink to MR’s downlink
Downlink
ADVT
Uplink
Downlink
Uplink
RRQ
RRP
Home Agent
Foreign Agent
RRP is sent to FA,
which forwards it to
MR on its uplink.
© 2002, Cisco Systems, Inc. All rights reserved.
MR
Then tunnels are
set up between HA-FA,
HA-MR’s downlink
interface
Cisco Mobile Access Router—Module 2-46
Dynamic Mobile Networks
•Mobile Networks can register with Home
Agent dynamically (as opposed to static
network configuration on HA)
•Critical Vendor/Organization Specific
Extension (CVSE) is appended to the RRQ
by MR, which contains the mobile network
information
•Re-registrations do not append CVSE
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-47
Dynamic Mobile Networks cont.
•When mobile network is added/deleted,
MR immediately sends another reregistration with CVSE
•HA processes RRQ with CVSE by
adding/deleting mobile network(s) and
creating/deleting routes to the mobile
network via MR
•If mobile network already exists HA
ignores the request
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-48
Dynamic Mobile Networks cont. 2
•FA needs to be able to process RRQs
with CVSE in order to forward them on
to HA.
•Dynamic and Static Networks can be
configured at the same time for an MR.
NOTE: CVSE is being replaced by AVSE
(standards-based) in near future
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-49
Mobile IP
in real deployments
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -50
Mobile IP and GPRS Similarities
GGSN
IP Network
SGSN
GTP
MT
HA
IP Network
FA
IPinIP/GRE/UDP
MN
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-51
Mobile IP and GPRS Integration
BSC
BTS
AP
RADIUS
Server
Serving GPRS
Support Node
(SGSN)
GPRS
Backbone
Network
(IP-Based)
Home Agent
© 2002, Cisco Systems, Inc. All rights reserved.
WLAN
Hotspot
GTP
Internet
Gateway
GPRS
Support Node
(GGSN)
Foreign Agent function can be
added to GGSN and WLAN
Access Router, though Mobile IP
works without FA as well.
Cisco Mobile Access Router—Module 2-52
3GPP WLAN
Interworking Scenarios
•
6 Scenarios identified which corresponds to incremental steps in terms of
services and operational features
1.
Common billing and Customer care
 no impact on 3GPP specs as such; access to Open internet
2.
3GPP system based access control and charging with access to
 UMTS/GSM authentication (based on EAP-SIM/AKA methods)
3.
Access to 3GPP system PS based services (e.g. IMS, Streaming,
MMS, etc.)
 bearer path to the home domain (current GPRS model)
4.
Service Continuity
 L3 Mobility introduction (e.g. Mobile IP technology)
5.
Seamless service provision
6.
Access to 3GPP CS Services (no use case so far)
•
UMTS R6 includes scenario 2 & 3
•
UMTS R7 will consider scenario 4 (mobility)
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-53
WLAN/GPRS Seamless Mobility
Scenario 4 (Tentative)
Applications
Dual-mode handsets
with L3 Mobility support
PDG
(FA)
WLAN 802.11
Access
Network
IP Core
Mobility
(HA)
CMX
Content
GPRS/UMTS
GGSN(FA)
SGSN
RAN
RNC
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-54
Reiterate Benefit
• Mobile IP operates at network layer,
independent of link layer access
technologies, allowing migration and
coexistence of various access networks
while providing seamless mobility
transparently to the user
• Proven mobility across satellite, WLAN,
GPRS, CDMA2000 1xRTT, Flash OFDM,
iDEN, CDPD, etc.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-55
Differences between Mobile IPv4 and
Mobile IPv6
• Mobile IPv6 leverages enormous IPv6 address
space
• Mobile IPv6 is integrated into base IPv6 protocol
• MNv6 automatically obtain CoA after Router
Advertisement received
• No Foreign Agent in Mobile IPv6
• Registrations are protected by IPSec in Mobile IPv6
• Built in route optimization between MNv6 and CNv6
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-56
Security implications of Mobile IP
• Access authentication independent
of Mobile IP
PPP CHAP for dial up
802.1x for WLAN
• Service authorization
Mobile IP security association for
registrations
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-57
QOS Implications of Mobile IP
• DSCP copy to tunnel header
• Per MN session policing
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-58
Mobile IP Scalability and Flexibility
• Demonstrated deployment of millions
of MNs
• Mobile IP used for macro-mobility
and micro-mobility
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-59
References
• Books
MOBILE IP The Internet Unplugged, ISBN
0-13-856246-6 James D. Solomon
• Cisco Mobile IP Web Page
http://www.cisco.com/go/mobile_ip
• IETF Mobile IP Working Group
http://www.ietf.org/html.charters/mobilei
p-charter.html
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-60
Cisco Mobile IP Software
Development
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -61
Mobile IP Portfolio
• Product portfolio consists of:
Innovations
Standards compliance
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-62
IOS Features
Features
Releases
Home Agent and Foreign Agent
(RFC 2002, RFC 2003)
12.0(1)T
Home Agent and Foreign Agent MIBs
(RFC 2006)
12.0(1)T
Home Agent Redundancy
12.0(2)T
Cisco Enterprise Mobile IP MIBs
12.2(2)T
Home Agent Redundancy with SA Synchronization
12.1(7.1) 12.2(0.11)T
Resynchronize SA
12.1(5.6) 12.2(0.11)T
HA and FA Set/Trap MIBs
12.2(2)T
Mobile Router Redundancy
Mobile Node MIBs
(RFC 2006)
IPinIP Tunnel CEF Switching
12.2(13)T
Cisco Mobile Networks Dynamic Network
Cisco Mobile Networks Asymmetric Link
Mobile IP Generic Network Access Identfier (NAI) Support and Home Address Allocation
(RFC 2794)
Mobile IP Support for Foreign Agent Reverse Tunneling
(RFC 2344, RFC 3024)
Mobile IP RFC 3220 and RFC 3344 Compliance
HMAC-MD5 Authentication
Vendor Specific Extensions
(RFC 3025, RFC 3115)
Mobile IP Challenge/Response Extensions
(RFC 3012)
Mobile IP - NAT Detect
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-63
IOS Features
Features
Releases
Mobile IP Home Agent Policy Routing
12.2(13)T
Cisco Enterprise Mobile IP MIBs (NAI and HA Redundancy)
12.2(13)T
Mobile IP - Home Agent Accounting
12.2(15)T
Cisco Mobile Networks - Static Collocated Care-of Address
12.2(15)T
Cisco Mobile Networks - Priority HA Assignment
12.2(15)T
Cisco Mobile Networks - Tunnel Templates for Multicast
12.2(15)T
Mobile IP Dynamic Security Association and Key Distribution
12.3(4)T
Mobile Networks Deployment MIB
12.3(4)T
Mobile Networks Dynamic Collocated Care-of Address
12.3(4)T
Mobile Networks Home Agent Redundancy For Dynamic Networks
12.3(4)T
MIBs for Reverse Tunnel, FA Challenge, and VSE
12.3(4)T
NAT Detect for FA COA
12.3(5.2) 12.3(5.5)T
IGMP Query Trigger
12.3(5.9) 12.3(5.9)T
Mobile IP NAT Traversal (RFC 3519)
12.3(8)T
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-64
Cisco’s IP Mobility Role in
Standards
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -65
Standards Priority
• Focus on pragmatic existing
deployment issues
Address real world problems in Mobile
IPv4 WG
• Focus on features needed to facilitate
Mobile IPv6 deployments
Evaluate GAPs, CDMA2000 requirements
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-66
Cisco IETF drafts
Cisco Authored Drafts
WG
TITLE
DRAFT
AUTHORS
STATUS
MIP4
The Definitions of Managed Objects for IP Mobility Support using SMIv2, revised
WG item
Dynamic HA Assignment Framework
draft-ietf-mobileip-rfc2006bis-01.txt
draft-ietf-mip4-dynamic-assignment-00.txt mkulkarn, alpesh, kleung
Experimental Message, Extension and Error Codes for Mobile IPv4
WG item
kleung
WG item
draft-ietf-mip4-experimental-messages-00.txt
Mobile IPv4 NAI-based Home Address Assignment
draft-paulkandasamy-mobileip-nai-based-home-address-00.txt
The Mobile IPv6 MIB
sgundave
alpesh, kleung
naveenpk,
kleung
MIP6
draft-ietf-mipv6-mib-01.txt
Authentication Protocol for Mobile IPv6
WG item
draft-patel-mipv6-auth-protocol-00.txt
Network Access Identifier Option for Mobile IPv6
alpesh, kleung
draft-patel-mipv6-nai-option-00.txt
Vendor/Organization Specific Mobility Options for MIPv6 draft-patel-vendor-options-00.txt
Experimental Mobility Options for MiPv6
draft-patel-experimental-options-00.txt
Mobile IPv6 Bootstrap
alpesh
TBD
alpesh, kleung
alpesh
alpesh
NEMO
Base NEMO draft-ietf-nemo-base.txt pthubert WG item
NEMO MIB
draft-ietf-nemo-mib.00.txt
sgundave
WG item
OSPF-MANET
Problem Statement for OSPF Extensions for Mobile Ad Hoc Routing
WG item
draft-baker-manet-ospf-problem-statement-00.txt
mchandra
Extensions to OSPF to Support Mobile Ad Hoc Networking
draft-mchandra-ospf-manet-ext-00.txt
WG item
© 2002, Cisco Systems, Inc. All rights reserved.
mchandra
Cisco Mobile Access Router—Module 2-67
Mobile IP is also about
the clients
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -68
Handover enhancements, why Mobile IP is as good a other mobility
schemes
Make before break
Clients are always connected to at least one radio
network such as 2.5 or 3G, those are the underlying
building blocks of IP Mobility
Clients can measure radio network characteristics,
especially of those other/extra radio available ( WIFI /
WIMAX / … )
 They can always perform a new Registration Request on
a new access link before having lost the previous link
 Home Agent and Client establish new association
 All routing changes updated before losing previous
association
 There is no packet loss in handover process
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-69
Mobile IP Clients
Notebook/PDA Support
Birdstep Technology
Birdstep Intelligent Mobile IP Client
Cisco & Toshiba Partnership Cisco Mobile IP Client
Intel Intelligent Roaming
Continuous Roaming Mobile IP Client
Lifix Systems
Lifix Go! Mobile Client
ipUnplugged
ipUnplugged Roaming Client
Ecutel
Viatores Client
Greenpacket
SONmobile
Cellphone Support
Motorola iDEN (Integrated Digital Enhanced Network)
© 2002, Cisco Systems, Inc. All rights reserved.
Motorola iDEN handsets
Nextel is the Service Provider
Cisco Mobile Access Router—Module 2-70
Mobile IPv4 Clients PC/Workstation
IP
Operating Systems
Name
4
Cisco IOS
Cisco Mobile IP
commercial
4
FreeBSD 2.2.2
Monarch
1998 - Rice University
4
FreeBSD 2.2.8, 4.6, 4.8, 4.9, 5.2
Secure Mobile Net
4
HP-UX 11.11
HP
commercial Mobile IPv4 HA/CN, Reverse Tunneling, Route Optimization and AAA support
4
Linux
Dynamics
GPLv2
4
Linux
Secgo Mobile IP
commercial
4
Linux
Secure Mobile Net
BSD style
4
Linux
UoB-NOMAD SPL
2003 - based on NOMADv4
4
Linux kernel 2.2.16
MosquitoNet GPL?
2000 Stanford University
4
NetBSD 1.1
Monarch
1998 - Rice University
4
Solaris
Sun Mobile IP
commercial
4
Userland, (platform independent)
HP Mobile IP restricted
1997
4
Windows
Birdstep
commercial
4
Windows
EcuTel
commercial
4
Windows
Roamin
proprietary
4
Windows
Secgo Mobile IP
4
Windows
ipUnplugged commercial
4
Windows client
Dynamics
4
Windows/Linux
Netseal MPN commercial High availability HA(Linux), MN(Windows)
4
embedded systems
Birdstep
commercial
4
embedded, OS independent
Treck Inc.
commercial
© 2002, Cisco Systems, Inc. All rights reserved.
License
BSD style
BSD style
GPLv2
Comments
BSD style
2003 - Portland State University, actively updated
2001 - Helsinki University of Technology, not updated
2003 - Portland State University, actively updated
2000 - binary dist. for non-commercial use only
commercial
2001 - Helsinki University of Technology, not updated
Cisco Mobile Access Router—Module 2-71
Mobile IPv6 Clients PC/Workstation
IP
Operating Systems
Name
License
6
BSD?
NEC MIPv6?
2001? - NEC
6
Cisco IOS
Cisco Mobile IP
commercial
6
FreeBSD
SFC-MIP
BSD-style?2002? - SFC of WIDE
6
FreeBSD 2.2.2 with INRIA's IPv6 Monarch
BSD style 1997 - Rice University, (draft -03)
6
FreeBSD 3.4
INRIA HMIPv6
BSD-style 2000
6
FreeBSD 4.9
KAME
BSD-style 2004 - Stable, MIP code experimental, actively updated
6
HP-UX 11.11, 11.23
HP
commercial
Mobile IPv6 HA/CN, draft-24
6
Linux
HMIPv6
GPL or BSD-style
2003 - Monash University, based on MIPL
6
Linux
Lancaster MIPv6 Pkg ?
1998 - Lancaster University
6
Linux 2.4
TKN HMIPv6
?
2002 - Technical University of Berlin
6
Linux 2.4.0
MIPL
GPL
2003 - draft -24
6
NetBSD 1.6.1
KAME
BSD-style 2004 - Stable, MIP code experimental, actively updated
6
Tru64 UNIX 5.1B
HP
commercial
6
Windows
Microsoft Research
?
6
embedded, OS independent
Treck Inc.
commercial
© 2002, Cisco Systems, Inc. All rights reserved.
Comments
2003? - technology preview
2003 - draft -24
2000 - partial MIP v6 support
Cisco Mobile Access Router—Module 2-72
Concrete applications in Mobile SP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -73
Mobile IP key deployment points
Home Agent is the anchor point for MNs
Bandwidth overhead and FA relationship
Authentication process
 It is a second authentication, for mobility service
 There is still a initial link layer authentication
Preferred interfaces
 Make before break and minimal / no IP interruption
 interfacing layer 2 signal strengths
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-74
Cisco Wireless Convergence
1 Access
2 Control
Access Networks
Venue Owners
Network Manager Agg.
Auth./ Access Control
Service / Content Billing
Billing
Authent.
GPRS
3G
GGSN
802.11
WiMAX
VPN
WLAN
3 Services
Other
Cisco Mobile
Exchange
Off Net Services
Content
Provider
L2TP
GRE
Internet
IPSec
Corporate
Intranet
Wireless
ASP
MPLS
IPV4
IPV6
WiMAX
Streaming
Localization
On Net Services
Mobile Internet Edge
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-75
Next-Generation IP Infrastructure
All-IP Multimedia Mobile Network
CCM
Hosted
Applications
Handsets with VoIP &
dual-mode support &
Mobility support
Presence
Corp
AAA
Visited
AAA
Home
AAA
Session control
(SIP)
IP Core
WLAN 802.11
Access
Network
(FA)
Mobility
(HA)
CMX
Visited
AAA
GPRS/UMTS/
GGSN(FA)/ CDMA
PDSN
SGSN
RAN
V
RNC
Enterprises
PSTN Gateway
PLMN
MSC/VLR
MSC/VLR
Unified IP-based infrastructure allows for uniform delivery of services
across consumer, enterprise and carrier domain
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-76
Cisco & Mobile IP
• Market Leaders
Early Field Trial since 1997, General Availability January 1999
Home Agent Redundancy
Largest mobile implementation of MoIP worldwide - Nextel
• Mobile IPv4 RFC Compliant
2002, 2003, 2005, 2006, 2794, 3012, 3220, 3344, 3519, 3543
compliant
• Applications
Foreign Agent, Home Agent, Proxy Mobile Node, Mobile Router
• Platforms Support
2600 through 7200, Cat5K RSM, Cat6K MSFC, 7600
• Cisco IOS
Tightly integrated with Cisco IOS functionality
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-77
GGSN Mobile IP support
• Mobile IP proxy Foreign Agent
On PDP context activation GGSN will perform:
• AAA req to authenticate and get the HA credentials
(IP address, security keys)
• MIP RegistrationReq to the HA
PDP Address can be allocated by HA
GTPv0 and GTPv1 support
Transparent to the MS (no Mobile IP support in the MS)
• GGSN 5.0 feature
• Full FA functionality on the roadmap
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-78
HA – Cisco IOS
Basis and Resources
• HA products leverage high proportion of
IOS code base to enable advanced IP
network services
• Current features under use today in HA
from IOS include MoIP, IPSec, Routing
Protocols (e.g. OSPF, RIP, BGP, EIGRP),
HSRP, ODAP, VRF, QoS
• HA runs on established platforms (7200,
6500, 7600) and can leverage the service
blades and functionality of the platforms
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-79
MWAM Product Overview
• Multiprocessor WAN Application Module
• Hardware design based on existing modules, e.g.
Firewall Module
• Vehicle for delivery of IOS based features; IOS
application runs on the daughter card
• 5 processors per MWAM utilized, 5 instances of HA or
PDSN
• All Mobile Wireless Applications use same Underlying
Hardware - SSG, GGSN, PDSN, HA
• Management : Mobile Wireless Center (MWC)
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-81
6509NEBs/7609 HA
Sample Configuration*
• Supervisor Modules (SUP2)
– Central Switching and management
function
– Runs separate IOS
– Second SUP2 can be configured for
redundancy
• MWAM
– HA application
– Up to 6 MWAMs per chassis**
• IPSec VPN Services Module
– IPSec Acceleration
• I/O Modules:
– 100BaseT (Fast Ethernet)
– 1000BaseT (Gigabit Ethernet)
*This is a sample configuration for xx09 only.
6513/7613
chassis
can have up to 10 MWAMs.
© 2002,**
Cisco
Systems, Inc. All rights
reserved.
Cisco Mobile Access Router—Module 2-82
65xx/76xx Flexibility
• Licensing is flexible to allow easy growth
Can be licensed per MWAM
Can be licensed per processor
True for HA, CSG, SSG
• Same chassis can be utilized for multiple CMX components
Cost savings on h/w
Easy growth and expansion as add services; example:
Simple IP services with VPN required for initial deployment.
Mobile IP Services added. MWAM for HA added to same
chassis.
Additional content billing capabilities desired. CSG added
to same chassis.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-83
Cisco HA Features & Compliance
• Standards-based product ensures successful interoperation
with other vendors.
• Basic features provide robust HA
HA redundancy: No impact to user.
HA load balancing: One IP address presented to FA.
WLAN interworking: Seamless roaming.
• Premium features further enhance the HA
VRF: Supports overlapping IP addresses.
Hotlining: Supports IP packet redirection
QoS: Downstream per session QoS. Aggregate QoS on
interfaces.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-84
Mobile Wireless Home Agent (HA)
Roadmap
HA R1.2 FCS
(7206VXR/76xx/65xx)
HA R2.0
EC
(7206VXR/76xx/65xx)
HA R3.0
NC
(7206VXR/76xx/65xx)
EFT – 15 May ’02 / 18 Nov ‘02
FCS – 16 Sept ’02 / 30 Dec ’02
EFT – 15 Jan ‘04
FCS – 30 Apr ’04
EFT – Q1 CY05
FCS – Q2 CY05
76xx/65xx Key Platform Features :
HA Key Features:
Firewall & IDS Module Support
Proxy MoIP
HA Redundancy (1:1)
HA Binding Update
HA Accounting
3DES Encryption Support
MoIP MIB Enhancements
7206 Key Platform Features :
NPE-G1 with 1GB DRAM
SA-VAM2
Solution Notes:
Features consistent on all platforms
3DES Encryption Support (h/w
required)
NOTE: Pricing Available
Sep
2002
Oct
Nov
2002 2002
GA = Generally Available
HA Key Features :
HA Load Balancer (HA-SLB) (MWAM
only)
HA Redundancy Enhancements
ODAP
Static IPSec per 835B
Resource Revocation per 835C
Packet of Disconnect (PoD) per 835C
Conditional Debugs for MoIP
VRF (overlapping IP addresses)
Hotlining
(rebuild) QoS
Solution Notes:
SSHv2
WLAN Interworking
HA Rx.0
NC
EFT –
FCS –
76xx/65xx Key Platform Features :
Sup720
PDSN/HA Key Features:
HA Key Features:
Broadcast/Multicast
Standards Compliance
Continuous MIB Enhancement
Capacity/Performance Improvements
Mobile IPv6
IP Reachability per 835B (DNS update by
HA)
HA Accounting per 835C
Continuous MIB Enhancement
Dynamic IPSec per 835B
Standards Compliance
Capacity/Performance Improvements
Diameter
PSD
NOTE: PRICING TBD.
Solution Notes:
L2TPv3
MPLS
MWAM – Sibyte with 1GHz Processor and
1G of memory
NOTE: PRICING TBD.
NOTE: Pricing Available
Dec Jan
2002 2003
Feb
2003
Mar
2003
FCS = First Customer Ship
Apr
2003
May
2003
Jun
2003
EFT = Early Field Trials
CQ03
2003
CQ04
2003
EC = Execute Committed
CQ01
2004
CQ02
2004
CC = Concept Committed
CQ03
2004
CQ04
2004
NC = Not Committed
Note: There is an associated cost for each release. Some features may have additional cost in addition to the base.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-85
R1.2 HA Performance
HA
Users
7206 HA
per
MWAM
Total Bindings
235K
1.175M
Throughput NDR
160 Mbps 2.5 Gbps
xx13 HA
Chassis
10 MWAMs
11.75M
25 Gbps
(512 bytes/pkt)
•
•
Results based on 512 Byte packets, unfragmented.
Performance measured for No Drop Rate. NDR is 0.01% or 1 in 10,000 packets.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-94
Home Agent Summary
• Feature Rich
Highly Compliant to Specifications and Customer Requirements
Value added service support such as VRF, Hot Lining, QoS
Service enablement via Cisco Mobile Exchange Framework
components
• Fault Tolerance
HA Redundancy, HA-SLB
Geographic Resiliency
• Product Maturity
Real life deployment; deployed since 2001
• Capacity and Performance Scalability
Small to very large deployment options
• Management
Provisioning, Fault Mediation, Performance Mediation,
Troubleshooting & Security
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-96
Cisco 3200
Mobile Access Router
Product Overview
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -97
Agenda
• Overview of the Cisco 3200 Series Mobile
Access Router
• Mobile Access Router Card
• Serial Mobile Interface Card
• Fast Ethernet Switch MIC
• Cisco 3200 Example Configurations
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-98
Cisco Mobile Access Router
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-99
Mobile Access Router Overview
• Mobile Access Router Card (MARC)
–High performance processor
–One 10/100 Ethernet
–One console
–One powered async serial (for GPS)
• Mobile Interface Cards (MICs)
–SMIC: 4 port sync/async serial
–FESMIC: 4 port FE/E Switch Card
© 2002, Cisco Systems, Inc. All rights reserved.
MIC
MIC
MARC
Cisco Mobile Access Router—Module 2-100
Remember the Names
• Cisco 3200 Mobile Access Router
• Cisco 3200 Series
• Cisco 3251 Mobile Access Router Card
(MARC)
• Cisco 3201 Serial Mobile Interface Card
(SMIC)
• Cisco 3201 FastEthernet Switch Mobile
Interface Card (FESMIC)
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-101
Cisco 3250 Mobile Access Router Platform
High performance mobile access router
• Modular Circuit-board construction
• Mobile Access Router Card
(Cisco3251MARC)
• Serial Mobile Interface Card
(Cisco3201SMIC)
• Fast Ethernet Switch MIC (FESMIC)
•
•
•
•
•
•
PC/104-Plus Form Factor
PC/104-Plus “Compliance”, PCI-Only
Runs Cisco IOS
Utilizes Cisco Mobile IP Feature Set
Industrial Grade
-40 C to 85 C local ambient
© 2002, Cisco Systems, Inc. All rights reserved.
MARC
FESMIC
SMIC
SMIC
Cisco Mobile Access Router—Module 2-102
PC 104-Plus Mechanical Standard
Industry Standard Hardware form factor
•Cisco 3200 Series will
test with a 3rd Party Lab
to conform to the level
of PC104-Plus
Compliant
More Specific
information at
www.PC104.org
Including definition of
our level of compliance
Size = 3.775” x 3.55”
Source: PC104-Plus Specification Version 1.2
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-103
Why PC-104-Plus?
• Smallest industry standard computing
platform
• Both ISA and PCI bus
Cisco puts signals on PCI bus only
Any non-Cisco cards cannot signal on PCI bus
ISA bus OK
• Self-stacking
No backplane or cardcage required
Stand-offs and screws recommended
• Designed for rugged, industrial-grade
applications
• Good product availability, vendor support
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-104
PC-104-Plus Card Format
PCI Bus Connector
120 pin, stack
through, PCI BUS
Connector (no key)
Power provided
By SI
Power supply pins
and grounds are
connected to the
Cisco boards via
ISA / PCI
connectors
ISA Bus
Connector
Cables and
Connectors on I/O
side provided by SI
© 2002, Cisco Systems, Inc. All rights reserved.
104 pin, Stack
through, ISA Bus
Connector (no
key)
No Cisco signals
over ISA Bus
Cisco Mobile Access Router—Module 2-105
Complete Solution Requires
Integration
Cisco 3200 Series MARC + FESMIC+SMIC
Aironet 350 Access Points
Wireless Infrastructure with external
Radios compatible with network
Cables + Power Supply + Enclosure
Environmental/Ruggedized to specs and
integrated with customer-supplied device
or vehicle
Installation, deployment, training, etc.
System
Integration
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-106
Mobile Access Router Card (MARC)
• MPC8250, running at 200MHz CPU
core, 133MHz CPM core and 66MHz
Motorola 60x Bus.
• 32-bit PCI bus version 2.1 running at
25MHz, connects to Cisco MICs.
• 128Mbyte 64 bit, Unbuffered,
Synchronous DRAM,
• 32Mbyte 16 bit of Flash memory,
• Single 10/100 Fast Ethernet, full-duplex
100 Base-T, with auto negotiation.
• Single Console, with modem flow
control.
• Single Asynchronous, RS-232 serial,
for GPS/AUX devices.
• Integrated host-to-PCI bridge (PCI bus
version 2.1), with built-in PCI arbiter
that supports three external bus
masters/PCI agents.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-107
Mobile Access Router Card
PCI Bus Connector
120 pin, stack
through, PCI BUS
Connector (no key)
ISA Bus
Connector
34 pin, locking header
Aux
Console
LED’s
5V power
© 2002, Cisco Systems, Inc. All rights reserved.
104 pin, Stack
through, ISA Bus
Connector (no
key)
No Cisco signals
over ISA Bus
10 pin, locking header, for
MARC Fast Ethernet
Cisco Mobile Access Router—Module 2-108
Serial Mobile Interface Card (Cisco3201SMIC)
• Type of Mobile Interface Card (MIC)
PCI Bus
ISA Bus
• Typically used for a WAN (modem)
interface to a wireless / satellite
network
• Asynch/Synch
Supports up to 2Mbps
• 4 Cisco 12-in-1 Serial Interfaces
All existing 12-in-1 signals
supported
• Signals thru 2 60-pin multifunction
headers
• PCI Bus
• Up to 3 per stack
Rotary Switch
• Set rotary switch to unique
60-pin Multifunction Header
number
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-109
Fast Ethernet Switch MIC (FESMIC)
Fast Ethernet Headers
• 1 10/100 Ethernet with 4 port
switch with VLAN
802.1q and 802.1p
supported
Can route between
FESMIC and MARC FastE
• LED signals thru LED header
• No in-line power provided
• ISL not supported
• Limit one FESMIC per 3200
ISA Bus
LED Header
© 2002, Cisco Systems, Inc. All rights reserved.
PCI Bus
Cisco Mobile Access Router—Module 2-110
Presentation_ID
© 2001, Cisco Systems, Inc.
111
Cisco 3200
Mobile Access Router
IOS Configuration
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2 -112
Agenda
•
Configuration Outline
•
Configuration Commands
•
Example Configurations
•
Troubleshooting
• Reference:
• http://www.cisco.com/univercd/cc/td/doc/product/software/ios12
2/122newft/122tcr/122tip1r/p1ftmobi.htm
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-113
Configuring Mobile IP
An Outline
© 2002,
Cisco
Systems,
Inc.
AllAll
rights
reserved.
© 2002,
Cisco
Systems,
Inc.
rights
reserved.
Cisco Mobile Access Router—Module 2-114 114
Steps to Configure Home Agent
• Step 1 –
A. Create HA as a mobile IP agent
Define it as an HA
B. Set virtual nets in HA
Redistribute the virtual nets in routing updates
C. Define the IP address of the mobile router so the
HA will recognize it
Define the networks that will be associated with that
Mobile Router
D. Set up security association for that Mobile Router
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-115
Virtual Networks
• Virtual Network is:
Non-physical = no interface
Added to Routing Table
“Home” network for Mobile Host and Router
Mobile Host addresses are assigned from this
Must be unrelated to “real” networks
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-116
Steps to Configure Foreign Agent
•
Step 2 –
A. Create FA as a mobile IP agent
B. Define it as an Foreign Agent
Specify the interface to be used as Care-of
Address
C. Configure an interface to support Mobile IP
IP address and mask
Enable IRDP
Optional: IRDP advertisement intervals
max, min, and holdtime
Enable FA service on the interface
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-117
Steps to Configure Mobile Router
•
Step 3 –
A. Create Mobile Router as a mobile IP agent
B. Define it as an MR
Specify its address and subnet mask
Specify the IP address of its HA
Optional – registration parameters
Optional - Set Reverse Tunnel on
C. Configure Security Association with HA
Must match HA
D. Specify an interface with Mobile IP service
Set the IP address and mask
Enable roaming
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-118
Mobile Router – Optional Features
• Step 4 – Enable services (optional)
Solicitation, retransmission intervals
Co-Located Care-of Address (optional)
Enable CCOA on interface
Set Default Gateway on interface
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-119
Mobile Router Redundancy
• Step 5 –Mobile Router Redundancy (optional)
Enable HSRP on interface
Set Priority
Set Preempt
Configure group name
Add redundancy group name to Mobile Router
configuration
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-120
Cisco 3200 Installation Course
Lab Diagram
Network 10.10.10.0/24
WebCam
.35/28
FA1 Bridge
Foreign
Agent 1
FE0/0
.130/28
FE0/1
.74/30
Network 10.10.11.0/24
.129/28
802.11b
3200 Bridge
10.10.11.36/28
FE0/1
Home .73/30
Virtual Network
110.10.11.0 / 24
Agent
E1/0
.33/28
FE0/0
.69/30
Lo0 .77/30
802.11b
E1 .33/28
FE0/0
.70/30
C3200
FE0/1
Server
.34/28
© 2002, Cisco Systems, Inc. All rights reserved.
.97/28
Foreign
Agent 2
.98/28
FA2 Bridge
.34/28
Loopback 0
110.10.11.209/32
Cisco Mobile Access Router—Module 2-121
Configuring Mobile IP
© 2002,
Cisco
Systems,
Inc.
AllAll
rights
reserved.
© 2002,
Cisco
Systems,
Inc.
rights
reserved.
Cisco Mobile Access Router—Module 2-122 122
Configure HA
HA(config)#router mobile
Enables Mobile IP on the router
HA(config-routerip mob)#ip mobile home-agent Enables home agent service.
HA(config)#ip mobile virtual-network
net mask [address address ]
Creates a Virtual network
HA(config)# router protocol [process ID]
Enters router configuration mode
HA(config-router)# redistribute mobile subnets Enables redistribution of virtual
network and mobile subnets into
routing protocols
HA(config)# ip mobile host lower [upper]
virtual-network net mask
Specifies mobile nodes on a virtual
network
HA(config)#ip mobile host lower [upper]
interface name
Specifies mobile nodes on a physical
interface
HA(config)# ip mobile mobile-networks address Specifies mobile router to be set up
HA(mobile-networks)# network net mask
Specifies a network that will be
hosted on the mobile host (router)
HA(config)#ip mobile secure host
address spi spi key [hex/ascii] string
Sets up mobile host security
associations.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-123
Configure HA (example)
HA(config)# router mobile
HA(config-router)# ip mobile home-agent
HA(config)# ip mobile virtual-network 10.10.11.0 255.255.255.0
HA(config)# router ospf 64
HA(config-router)# redistribute mobile subnets
HA(config)# ip mobile host 10.10.11.77 virtual-network 10.10.11.0 255.255.255.0
HA(config)# ip mobile mobile-networks 10.10.11.77
HA(mobile-networks)# network 10.10.11.76 255.255.255.252
HA(config)# ip mobile secure host 10.10.11.77 spi 300 key hex
12345678123456781234567812345678
HA(config)#ip mobile home-agent lifetime 65535
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-124
Configure FA
FA(config)#router mobile
Enables Mobile IP on the router
FA(config)#ip mobile foreign-agent
care-of interface
Sets up care-of addresses advertised to
all foreign agent-enabled interfaces.
FA(config-if)#ip mobile foreign-service Enables foreign agent service on the
interface.
FA(config)#router mobile
FA(config)#ip mobile foreign-agent care-of Faste 0/0
FA(config)#ip mobile foreign-agent care-of Faste 0/1
FA(config)#interface Faste 0/0
FA(config-if)#ip mobile foreign-service
FA(config-if)#ip mobile registration-lifetime 65535
FA(config)#interface Faste 0/1
FA(config-if)#ip mobile foreign-service
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-125
Configure Mobile Access Router
C3200_(config)# interface loopback number Configure loopback address
C3200_(config-if)# ip address <IP address
subnet mask>
Specifies IP address for loopback
interface
C3200_(config)# router mobile
Enable Mobile IP on the router
C3200_(config-router)#ip mobile router
Configure the mobile router
C3200_(mobile-router)# address
<IP address><SN mask>
IP address of mobile router (using
loopback address)
C3200_(mobile-router# home-agent
<IP address> [priority priority]
Specify Home Agent and priority
C3200_(config)# ip mobile secure home-agent
<IP add> spi spi key [ hex/ascii ] string
C3200_(config)# interface interface
Set up authentication key
Configure roaming interface
C3200_(config-if)# ip mobile router-service roam [priority priority level ]
C3200_(config-if)# ip mobile router-service solicit [interval seconds] [retransmit
initital interval maximum interval retry number of retries ]
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-126
Configure Mobile Access Router
(example)
C3200_# interface loopback
C3200_(Interface)# ip address 10.0.11.77 255.255.255.252
C3200_# router mobile
C3200_# ip mobile router
C3200_# address 10.0.11.77 255.255.255.252
C3200_# home-agent 10.0.10.77
C3200_# ip mobile secure home-agent 10.0.10.77 spi 300 key hex
12345678123456781234567812345678
C3200_# interface Faste 0/0
C3200_(interface)# ip mobile router-service roam
C3200_(interface)# ip mobile router-service solicit
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-127
Configure HA Advertisements
(Optional)
HA(config)#interface name
Interface providing the service
HA(config-if)#ip irdp
Turn on the advertisements on the interface
HA(config-if)#ip irdp maxadvertinterval [4-1800]
HA(config-if)#ip irdp minadvertinterval [3-1800]
HA(config)#interface e5/0/2
HA(config-if)#ip irdp
HA(config-if)#ip irdp maxadvertinterval 10
HA(config-if)#ip irdp minadvertinterval 4
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-128
Configure FA Advertisements
(Optional)
FA(config)#interface name
Interface providing the service
FA(config-if)#ip irdp
Turn on the advertisements on the interface
FA(config-if)#ip irdp maxadvertinterval [4-1800]
FA(config-if)#ip irdp minadvertinterval [3-1800]
FA(config)#interface e3/1
FA(config-if)#ip irdp
FA(config-if)#ip irdp maxadvertinterval 10
FA(config-if)#ip irdp minadvertinterval 4
FA(config)#interface e3/2
FA(config-if)#ip irdp
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-129
Troubleshooting Mobile IP
© 2002,
Cisco
Systems,
Inc.
AllAll
rights
reserved.
© 2002,
Cisco
Systems,
Inc.
rights
reserved.
Cisco Mobile Access Router—Module 2-130 130
Troubleshooting Mobile IP - Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
•
SHOW IP MOBILE GLOBALS
•
DEBUG IP MOBILE ADVERTISEMENTS
2.
What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
3.
What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
•
DEBUG IP MOBILE
4.
Who are router’s neighbors?
•
SHOW IP ROUTE
•
SHOW ARP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-131
Troubleshooting Mobile IP Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
•
SHOW IP MOBILE GLOBALS
•
DEBUG IP MOBILE ADVERTISEMENTS
2.
What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
3.
What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
•
DEBUG IP MOBILE
4.
Who are router’s neighbors?
•
SHOW IP ROUTE
•
SHOW ARP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-132
Verifying HA Configuration
HA#show ip mobile globals
IP Mobility global information:
Home Agent
Registration lifetime: 10:00:00 (36000 secs)
Broadcast disabled
Replay protection time: 7 secs
Reverse tunnel enabled
ICMP Unreachable enabled
Virtual networks
110.10.11.0 /24
Foreign Agent is not enabled, no care-of address
0 interfaces providing service
Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled
Tunnel path MTU discovery aged out after 10 min
ha_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-133
Verifying FA Configuration
FA#show ip mobile globals
Foreign_Agent_2_#sh ip mob globals
IP Mobility global information:
Home Agent is not enabled
Foreign Agent
Pending registrations expire after 15 secs
Care-of addresses advertised
FastEthernet0/1 (10.10.10.97) - up
1 interface providing service
Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled
Tunnel path MTU discovery aged out after 10 min
Foreign_Agent_2_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-134
Debug Advertisements on FA
Foreign_Agent_2_#debug ip mobile advertise
IP mobility agent advertisements debugging is on
Foreign_Agent_2_#
02:30:02: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2984, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:02: Care-of address: 10.10.10.97
02:30:05: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2985, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:05: Care-of address: 10.10.10.97
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-135
Troubleshooting Mobile IP Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
•
SHOW IP MOBILE GLOBALS
•
DEBUG IP MOBILE ADVERTISEMENTS
2.
What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
3.
What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
•
DEBUG IP MOBILE
4.
Who are router’s neighbors?
•
SHOW IP ROUTE
•
SHOW ARP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-136
MR: Advertisements
MR#debug ip icmp
*Mar
*Mar
*Mar
*Mar
*Mar
1 04:09:27.938: ICMP: rdp advert
1 04:09:31.938: ICMP: rdp advert
1 04:09:34.934: ICMP: rdp advert
1 04:09:37.934: ICMP: rdp advert
1 04:09:39.934: ICMP: rdp advert
rcvd
rcvd
rcvd
rcvd
rcvd
type
type
type
type
type
9, code 0, from 10.10.10.97
9, code 0, from 10.10.10.97
9, code 0, from 10.10.10.97
9, code 0, from 10.10.10.97
9, code 0, from 10.10.10.97
> It is receiving advertisements from Foreign Agent 10.10.10.97
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-137
Troubleshooting Mobile IP Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
•
SHOW IP MOBILE GLOBALS
•
DEBUG IP MOBILE ADVERTISEMENTS
2.
What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
3.
What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
•
DEBUG IP MOBILE
4.
Who are router’s neighbors?
•
SHOW IP ROUTE
•
SHOW ARP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-138
MR: Registration Requests RRQs
MR#debug ip mob
IP mobility events debugging is on
MR#
*Mar 1 04:12:12.898: MobileIP: Authentication
*Mar 1 04:12:16.898: MobileIP: Authentication
*Mar 1 04:12:18.898: MobileIP: Authentication
*Mar 1 04:12:22.898: MobileIP: Authentication
algorithm
algorithm
algorithm
algorithm
MD5
MD5
MD5
MD5
> It is sending in Registration Requests and not getting any answer
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-139
Debugs on HA – Registration
Rejected
Home_Agent_#debug ip mobile
Home_Agent_#
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D8742C end 7D87442
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87442 end 7D87442
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Identification field has timestamp 146 secs greater than our
current time 03/01/93 00:14:18 (> allowed 7 secs) for MN 10.4.1.1
00:14:18: %IPMOBILE-6-SECURE: Security violation on HA from MN 10.4.1.1 - errcod
e registration id mismatch (133), reason Bad identifier (3)
00:14:18: MobileIP: HA rejects registration for MN 10.4.1.1 - registration id mi
smatch (133)
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-140
Debugs on HA – Registration
Accepted
Home_Agent_# debug ip mobile
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D877EC end 7D87802
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87802 end 7D87802
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Mobility binding for MN 10.4.1.1 created
00:14:18: MobileIP: 15 ifs in use
00:14:18: MobileIP: Tunnel0 (IP/IP) created with src 10.1.4.1 dst 10.3.1.1
00:14:18: MobileIP: 16 ifs in use
00:14:18: MobileIP: Tunnel1 (IP/IP) created with src 10.1.4.1 dst 10.4.1.1
00:14:18: MobileIP: Roam timer started for MN 10.4.1.1, lifetime 36000
00:14:18: MobileIP: MN 10.4.1.1 is now roaming
00:14:18: MobileIP: Insert route 10.4.1.1/255.255.255.255 via gateway 10.3.1.1 on Tunnel0
00:14:18: MobileIP: Insert route 10.5.2.0/255.255.255.0 via gateway 10.4.1.1 on Tunnel1
00:14:18: MobileIP: HA accepts registration from MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
00:14:19: MobileIP: swif coming up Tunnel0
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
00:14:19: MobileIP: swif coming up Tunnel1
Home_Agent_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-141
Debugs on FA - Registration
FA#debug ip mobile
1d02h: MobileIP: FA received registration for MN 20.0.197.84 on Ethernet3/1 using COA 40.0.197.19 HA 20.0.197.82
lifetime 990 options sBdmgvt
1d02h: MobileIP: Ethernet3/1 glean 20.0.197.84 accepted
1d02h: MobileIP: FA queued MN 20.0.197.84 in register table
1d02h: MobileIP: Visitor registration timer started for MN 20.0.197.84, lifetime 15
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200210AC end 200210C2
1d02h: MobileIP: FA forwarded registration for MN 20.0.197.84 to HA 20.0.197.82
1d02h: MobileIP: FA received accept (0) reply for MN 20.0.197.84 on Ethernet3/5 using HA 20.0.197.82 lifetime 990
1d02h: MobileIP: Reply in for MN 20.0.197.84, accepted
1d02h: MobileIP: Update visitor table for MN 20.0.197.84
1d02h: MobileIP: Tunnel2 (IP/IP) created with src 40.0.197.19 dst 20.0.197.82
1d02h: MobileIP: ARP entry for MN 20.0.197.84 inserted
1d02h: MobileIP: Visitor timer started for MN 20.0.197.84, lifetime 990
1d02h: MobileIP: FA dequeued MN 20.0.197.84 from register table
1d02h: MobileIP: MN 20.0.197.84 visiting on Ethernet3/1
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200215A8 end 200215BE
1d02h: MobileIP: FA forwarding reply to MN 20.0.197.84 using src 20.0.197.84 mac 0030.8538.1c90
1d02h: MobileIP: swif coming up Tunnel2
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-142
Debugs on MR - Registration
FA#debug ip mobile
*Mar 1 04:21:53.778: MobileIP: ParseRegExt type MHAE(32) addr 6002A08 end 6002A
1E
*Mar 1 04:21:53.778: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:53.778: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:53.782: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:53.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.762: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:57.782: MobileIP: ParseRegExt type MHAE(32) addr 61BF1A8 end 61BF1
BE
*Mar 1 04:21:57.782: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:57.782: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:57.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Tunnel0 (IP/IP) created with src 110.10.11.217 d
st 10.10.10.77
*Mar 1 04:21:58.782: MobileIP: swif coming up Tunnel0
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-143
Troubleshooting Mobile IP Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
•
SHOW IP MOBILE GLOBALS
•
DEBUG IP MOBILE ADVERTISEMENTS
2.
What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
3.
What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
•
DEBUG IP MOBILE
4.
Who are router’s neighbors?
•
SHOW IP ROUTE
•
SHOW ARP
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-144
HA Binding Table
ha_#show ip mobile binding ?
A.B.C.D IP address
home-agent Mobility bindings for specific home agent
summary Summary of binding table
|
Output modifiers
<cr>
ha_#show ip mobile binding
Mobility Binding List:
Total 9
110.10.11.237:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.D8F21340
Tunnel2 src 10.10.10.77 dest 10.10.10.97 reverse-allowed
MR Tunnel1 src 10.10.10.77 dest 110.10.11.237 reverse-allowed mobile-network
110.10.11.237
Routing Options 110.10.11.233:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.5F153F64
………… etc.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-145
HA State – Routing Table
Home_Agent_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
M
110.10.11.0/24 is directly connected, Mobile0 Virtual Network
M
110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2
M
110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel0
10.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
C
10.10.10.32/27 is directly connected, FastEthernet0/0
C
10.10.10.72/30 is directly connected, FastEthernet0/1
C
10.10.10.76/30 is directly connected, Loopback0
O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0
M
10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1
O IA 10.10.10.128/27 [110/2] via 10.10.10.74, 00:57:35, FastEthernet0/1
M
10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-146
FA State – Visiting Mobile Routers
Foreign_Agent_2_#show ip mobile visitor
Mobile Visitor List:
Total 5
110.10.11.229:
Interface FastEthernet0/1, MAC addr 0001.6441.87ba
IP src 110.10.11.229, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C1098.B402FE18
Lifetime 10:00:00 (36000) Remaining 08:56:25
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options 110.10.11.245:
Interface FastEthernet0/1, MAC addr 0001.6441.87a2
IP src 110.10.11.245, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C114E.911E78F8
Lifetime 10:00:00 (36000) Remaining 08:59:27
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options ……… etc.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-147
Foreign Agent Routing Table
Foreign_Agent_2_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/24 is subnetted, 1 subnets
O E2 110.10.11.0 [110/20] via 10.10.10.33, 00:58:44, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks
C
10.10.10.32/27 is directly connected, FastEthernet0/0
O
10.10.10.72/30 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
O
10.10.10.77/32 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
C
10.10.10.96/27 is directly connected, FastEthernet0/1
O E2 10.10.11.112/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
O IA 10.10.10.128/27 [110/3] via 10.10.10.33, 00:58:47, FastEthernet0/0
O E2 10.10.11.144/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
Foreign_Agent_2_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-148
FA State – ARP Table
Foreign_Agent_2_#sh arp
Protocol Address
Age
Internet 10.10.10.73
8
Internet 10.10.10.129
Internet 10.10.10.130
7
Internet 10.10.10.74
Internet 110.10.11.237
2
Foreign_Agent_2_#
© 2002, Cisco Systems, Inc. All rights reserved.
(min) Hardware Addr Type Interface
000a.8a7d.0f41 ARPA FastEthernet0/0
000a.8a83.0d81 ARPA FastEthernet0/1
0040.9657.cc93 ARPA FastEthernet0/1
000a.8a83.0d80 ARPA FastEthernet0/0
00ff.ff40.00aa ARPA FastEthernet0/1
Cisco Mobile Access Router—Module 2-149
What FA is MR Visiting? Part 1
mar_demo_1_#sh arp
Protocol Address
Internet 10.3.1.1
Internet 10.5.2.1
Internet 10.5.3.1
Internet 10.5.3.2
Internet 10.5.3.34
mar_demo_1_#
© 2002, Cisco Systems, Inc. All rights reserved.
Age (min) Hardware Addr Type Interface
12 000a.8a83.0d81 ARPA Vlan1
- 00ff.ff40.00aa ARPA FastEthernet0/0
- 00ff.ff40.00ab ARPA Vlan1
137 0040.9657.2624 ARPA Vlan1
4 0010.a49f.57d9 ARPA Vlan1
Cisco Mobile Access Router—Module 2-150
What FA is MR Visiting? Part 2
mar_demo_1_#sh ip rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.3.1.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
M
10.3.1.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1
C
10.5.3.0/24 is directly connected, Vlan1
M
10.1.4.1/32 [3/1] via 10.3.1.1, 00:07:28, Vlan1
C
10.5.1.0/24 is directly connected, Loopback0
M* 0.0.0.0/0 [3/1] via 10.3.1.1, 00:07:28, Vlan1
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-151
Debugs on HA/FA - Handoff
ha_# 05:17:02: MobileIP: HA 120 received registration for MN 110.10.11.225 on
FastEthernet0/1 using COA 10.10.10.129 HA 10.10.10.77 lifetime 36000 options
sbdmgvt
05:17:02: MobileIP: MN 110.10.11.225 - authenticating MN 110.10.11.225 using SPI
5005
05:17:02: MobileIP: MN 110.10.11.225 - authenticated MN 110.10.11.225 using SPI 5005
05:17:02: MobileIP: Delete tunnel route for 110.10.11.225/255.255.255.255 via gateway
10.10.10.97
05:17:02: MobileIP: Deleted user (7 remains) from Tunnel2 src 10.10.10.77 dest
10.10.10.97
05:17:02: MobileIP: Mobility binding for MN 110.10.11.225 updated – tunnel changed
05:17:02: MobileIP: Added user (2 active) on Tunnel0 src 10.10.10.77 dest 10.10.10.129
05:17:02: MobileIP: Insert route 110.10.11.225/255.255.255.255 via gateway
10.10.10.129 on Tunnel0
05:17:02: MobileIP: Roam timer started for MN 110.10.11.225, lifetime 36000
05:17:02: MobileIP: HA accepts registration from MN 110.10.11.225
05:17:02: MobileIP: MN 110.10.11.225 - MH auth ext added (SPI 5005) to MN
110.10.11.225
05:17:02: MobileIP: MN 110.10.11.225 - HA sent reply to 10.10.10.74
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-152
Show IP Mobile Traffic (Home Agent)
Home_Agent_#show ip mobile traffic
IP Mobility traffic:
Advertisements:
Solicitations received 0
Advertisements sent 0, response to solicitation 0
Home Agent Registrations:
Register 2622, Deregister 2 requests
Register 1302, Deregister 2 replied
Accepted 87, No simultaneous bindings 0
Denied 1215, Ignored 1322 , Dropped 0
Unspecified 1198, Unknown HA 0
Administrative prohibited 0, No resource 0
Authentication failed MN 0, FA 0, active HA 0
Bad identification 17, Bad request form 0
Unavailable encap 0, reverse tunnel 0
Binding updates received 0, sent 0 total 0 fail 0
Binding update acks received 0, sent 0
Binding info request received 0, sent 0 total 0 fail 0
Binding info reply received 0 drop 0, sent 0 total 0 fail 0
Binding info reply acks received 0 drop 0, sent 0
Gratuitous 0, Proxy 0 ARPs sent
© 2002, Cisco Systems, Inc. All rights reserved.
CONTINUED >>>
Cisco Mobile Access Router—Module 2-154
Show IP Mobile Traffic (Home Agent) cont.
Home_Agent_#show ip mobile traffic
CONTINUED…..
Foreign Agent Registrations:
Request in 0,
Forwarded 0, Denied 0, Ignored 0
Unspecified 0, HA unreachable 0
Administrative prohibited 0, No resource 0
Bad lifetime 0, Bad request form 0
Unavailable encapsulation 0, Compression 0
Unavailable reverse tunnel 0
Replies in 0
Forwarded 0, Bad 0, Ignored 0
Authentication failed MN 0, HA 0
Home_Agent_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-155
Show IP Mobile Tunnels
Home_Agent_#show ip mob tunnel
Mobile Tunnels:
Tunnel1:
src 10.10.10.77, dest 110.10.11.237
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel2
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
10508 packets output, 1237820 bytes
Tunnel5:
src 10.10.10.77, dest 110.10.11.245
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel0
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-156
Show IP Mobile Secure Hosts
Home_Agent_# show ip mob secure host
Security Associations (algorithm,mode,replay protection,key):
10.10.11.77:
SPI 300, MD5, Prefix-suffix, Timestamp +/- 7,
Key 12345678123456781234567812345678
110.10.11.213:
SPI 200, MD5, Prefix-suffix, Timestamp +/- 7,
Key 23456781234567812345678123456781
110.10.11.217:
SPI 3003, MD5, Prefix-suffix, Timestamp +/- 7,
Key 45678123456781234567812345678102
110.10.11.221:
SPI 4004, MD5, Prefix-suffix, Timestamp +/- 7,
Key 56781234567812345678123456781203
110.10.11.225:
SPI 5005, MD5, Prefix-suffix, Timestamp +/- 7,
Key 67812345678123456781234567812304
……. etc.
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-157
Show IP Mobile Host
HA#show ip mobile host 20.0.197.84
Mobile Host List:
20.0.197.84:
Allowed lifetime INFINITE/default)
Roam status -Registered-, Home link on interface Ethernet5/0/2
Accepted 8, Last time 03/26/01 10:40:30
Overall service time 00:28:39
Denied 1, Last time 04/24/02 18:13:22
Last code 'registration id mismatch (133)'
Total violations 1
Tunnel to MN - pkts 1, bytes 100
Reverse tunnel from MN - pkts 0, bytes 0
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-158
Show IP Mobile Interface
Foreign_Agent_2_#sh ip mobile interface
IP Mobility interface information:
Interface FastEthernet0/1:
IRDP (includes agent advertisement) enabled
Prefix Length not advertised
Lifetime is 36000 seconds
Foreign Agent service provided
No registration required
Not busy
Home Agent access list:
Current number of visitors: 5
Foreign_Agent_2_#
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-159
Clear Commands
Router#clear ip mobile binding [addr]
Removes the binding entry.
Router#clear ip mobile traffic
Clears all the Mobile IP counters.
Router#clear ip mobile host counters [addr] Clears Mobile Host Counters.
Router#clear ip mobile visitor
© 2002, Cisco Systems, Inc. All rights reserved.
Removes the visitor information.
Cisco Mobile Access Router—Module 2-160
Invalid SPI - Debug
MobileIP: HA 30 received registration for MN 20.0.197.84 on Ethernet5/0/2 using COA 40.0.197.19
HA 20.0.197.82 lifetime 65535 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 61D8EBE4 end 61D8EBFA
MobileIP: Skip2TLV look for type 32, addr start 61D8EBFA end 61D8EBFA
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using SPI 100
MobileIP: MN 20.0.197.84 - invalid authenticator for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - MN failed authentication (131)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN 20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-161
Invalid SPI – Violations Log
HA#show ip mobile violation
Security Violation Log:
Total violations 1
Mobile Hosts:
20.0.197.84:
Violations: 1, Last time: 02/11/02 10:49:11
SPI: 100, Identification: C0122026.6D841504
Error Code: MN failed authentication (131), Reason: Bad authenticator (2)
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-162
Timestamp Mismatch
MobileIP: HA 32 received registration for MN 20.0.197.84 on
Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime
1000 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end
616B4116
MobileIP: Skip2TLV look for type 32, addr start 616B4116 end
616B4116
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using
SPI 100
MobileIP: MN 20.0.197.84 - authenticated MN 20.0.197.84 using
SPI 100
MobileIP: Identification field 2939948267 has timestamp
288712535 secs less than our current time 04/24/02 18:13:22
3228660802 (< allowed 7 secs) for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - registration
id mismatch (133)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN
20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-163
MN Not Configured
MobileIP: HA 32 received registration for MN
20.0.197.85 on Ethernet5/0/2 using COA 40.0.197.19
HA 20.0.197.82 lifetime 1000 options sBdmgvt
MobileIP: MN 20.0.197.85 is not configured, request
ignored
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-164
Shorter Lifetime on HA
MobileIP: HA 32 received registration for MN 30.2.0.2 on
Ethernet5/0/2 using COA 40.0.200.1 HA 20.0.197.82 lifetime 1900
options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end
616B4116
MobileIP: Skip2TLV look for type 32, addr start 616B4116 end
616B4116
MobileIP: MN 30.2.0.2 - authenticating MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 - authenticated MN 30.2.0.2 using SPI 200
MobileIP: MN 30.2.0.2 requested broadcast support, but disabled
locally
MobileIP: Mobility binding for MN 30.2.0.2 updated
MobileIP: Roam timer started for MN 30.2.0.2, lifetime 1000
MobileIP: HA accepts registration from MN 30.2.0.2
MobileIP: MN 30.2.0.2 - MH auth ext added (SPI 200) to MN
30.2.0.2
MobileIP: MN 30.2.0.2 - HA sent reply to 20.0.197.81
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-165
Larger Lifetime on FA
MobileIP: FA received registration for MN 30.2.0.2 on
Serial4/1 using COA 40.0.200.1 HA 20.0.197.82
lifetime 40000 options sBdmgvt
MobileIP: Lifetime is too long in request from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 lifetime too long (69)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-166
Lifetime Expires
MobileIP: Roam timer expired for MN 20.0.197.84
MobileIP: Delete tunnel route for 20.0.197.84 via gateway
40.0.197.19
MobileIP: Deleted Tunnel0 src 20.0.197.82 dest 40.0.197.19
MobileIP: HA route maint started with index 0
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-167
HA not replying (seen from FA)
MobileIP: FA received registration for MN 30.2.0.2 on Serial4/1
using COA 40.0.200.1 HA 20.0.197.83 lifetime 4000 options
sBdmgvt
MobileIP: FA queued MN 30.2.0.2 in register table
MobileIP: Visitor registration timer started for MN 30.2.0.2,
lifetime 15
MobileIP: Skip2TLV look for type 32, addr start 2000060C end
20000622
MobileIP: FA forwarded registration for MN 30.2.0.2 to HA
20.0.197.83
MobileIP: Visitor registration timer expired for MN 30.2.0.2
MobileIP: FA dequeued MN 30.2.0.2 from register table
MobileIP: Visitor timer expired for MN 30.2.0.2
MobileIP: Host route 30.2.0.2 deleted from routing table
MobileIP: ARP entry for MN 30.2.0.2 removed
MobileIP: Deleted Tunnel0 src 40.0.200.1 dest 20.0.197.82
MobileIP: MN 30.2.0.2 no longer visiting on Serial4/1
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-168
Invalid Care-of Address
MobileIP: FA received registration for MN 30.2.0.2 on
Serial4/1 using COA 40.0.200.10 HA 20.0.197.82 lifetime
40000 options sBdmgvt
MobileIP: Care-of addr 40.0.200.10 is invalid in request
from MN 30.2.0.2
MobileIP: FA rejects registration from MN 30.2.0.2 - reason
unspecified (64)
MobileIP: MN 30.2.0.2 - FA sent reply to 30.2.0.2
© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-169
©
2002, Cisco Systems, Inc. All rights reserved.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Access Router—Module 2-170
170