In this series of six articles, the authors of “Building the Mobile Internet “ provide a tutorial on extending Internet connectivity into mobile networking by using extensions of protocols such as IPv4 and IPv6 as well as mobile specific protocols such as DSMIP, IKEv2 and MoBIKE. Part 4: Mobile IPv6 technology overview .
Mobile IPv6 is standardized in RFC 3775. Much like Mobile IPv4 discussed earlier in Part 1 , Part 2 and Part 3 , Mobile IPv6 provides transparent mobility support for mobile nodes communicating across IPv6 networks.
Mobile IPv6 shares many of the same features and capabilities as Mobile IPv4 while leveraging the advantages that the IPv6 protocol itself provides. The major differences between Mobile IPv4 and Mobile IPv6 include the following:
1) Mobile IPv4 foreign agents provide local mobility agent function for a mobile node that has roamed into a foreign network. Mobile IPv6 does not require a local mobility anchor, so no foreign agent exists in a Mobile IPv6 network.
2) Because no foreign agent exists, route optimization and reverse tunneling options are not required for Mobile IPv6. The Mobile IPv6 route optimization capability allows the Mobile IPv6 protocol to coexist with ingress filtering devices located at border gateways.
3) The IPv6 protocol supports neighbor unreachability. This detection can be used in Mobile IPv6 to assure symmetric routing between the mobile node and its default router in the foreign network.
4) Rather than using IP in IP or other encapsulation techniques, the majority of traffic sent to a mobile node is done so using the IPv6 routing header.
5) Mobile IPv6 does not create the same challenges with link layer interactions. Instead of relying on ARP, Mobile IPv6 relies on IPv6 neighbor discovery.
Mobile IPv6 Operation
Mobile IPv6 operation is similar to that of Mobile IPv4. The mobile node is always reachable through its HoA, regardless of point of attachment. The mobile node registers its CoA with a home agent in the home network whenever it changes point of attachment within foreign networks.
While the binding between the mobile node’s CoA and home address allows any node corresponding with the mobile node to continue communication, traffic is routed in a nonoptimal manner.
Mobile IPv6 resolves this by allowing the correspondent node to participate in the Mobile IPv6 process. The two nodes (mobile and correspondent) communicate through two different methods—bidirectional tunneling and route optimization—as explained in the sections that follow.
(Note: As you will see later in this series, the operation of route optimization requires that the Correspondent Node supports additional Mobile IPv6 functionality. )
Bidirectional Tunneling Mode
Bidirectional tunneling mode does not require the correspondent node to support Mobile IPv6. In this mode, traffic is routed similarly to a reverse tunneling mode in Mobile IPv4. Figure 5-27 below illustrates bidirectional tunneling mode in Mobile IPv6.
Packets from the mobile node toward the correspondent node are tunneled to the home agent and then routed from the home network to the correspondent node.
Click on image to enlarge.
Packets from the correspondent node are routed to the home agent and then tunneled to the mobile node. Bidirectional tunneling mode requires IPv6 neighbor discovery capability in the home agent.
IPV6 neighbor discovery, defined in RFC 2461, is an important function in Mobile IPv6. IPv6 neighbor discovery allows a network node to discover the link layer address of nodes residing on the same network and a network host to find a default router.
The IPv6 neighbor discovery capability allows Mobile IPv6 to function over any link layer technology and disassociates the home agent from taking part in any link layer communications.
When a mobile node moves outside the home network, it registers with the home agent. The home agent uses proxy neighbor discovery to notify link-adjacent nodes that all traffic destined for the mobile node should be sent to the home agent.
Route Optimization Mode
Route optimization mode in Mobile IPv6 allows the IPv6 network to use standard short-est-path (or policy-based) algorithms to determine how packets are routed from the correspondent node to the mobile node. This mode requires the correspondent node to support the Mobile IPv6 protocol.
Figure 5-28 below illustrates route optimization mode in Mobile IPv6. To populate the bindings database on the correspondent node, the mobile node sends Binding Update messages, similar to those sent to the home agent. The correspondent node maintains a bindings database that maps the mobile node’s home address and CoA.
Clickon image to enlarge.
Figure 5-28. Mobile IPv6 route optimization mode
Packets from the mobile node toward the correspondent node are sent directly to the correspondent node. Packets from the correspondent node are routed directly to the CoA of the mobile node.
IPv6 Destination Option Header
In Mobile IPv6 route optimization mode, the mobile node sources all packets from its CoA. This is required to conform with reverse path forwarding (RPF), a technique for preventing IP address spoofing.
TCP sessions, as discussed in the introduction to this chapter, are bound to both source and destination IP addresses. Under normal circumstances, the TCP layer would break when the mobile node’s source IP address (CoA) changed, because the correspondent node’s TCP stack would no longer have an associated flow.
The Mobile IPv6 Destination Options header resolves this problem. In Mobile IPv6, the Destination Options header is used in packets sent by the mobile node to notify the correspondent node of its home address. The inclusion of the home address in this Destination Options header makes the use of the CoA for transport transparent above the network layer.
Figure 5-29 Mobile IPv6 Destination Options Header
The correspondent node replaces the IPv6 source address in the IPv6 header with the home address provided in the Destination Options header.
The replacing of the address with that recovered from the Options header ensures that the operation of route optimization is masked from the upper layer applications. Figure 5-29 above illustrates how a correspondent node uses the home address provided in the Destination Options header.
IPv6 Type 2 Routing Header
In Mobile IPv6 route optimization mode, the correspondent node uses the mobile node CoA as the destination for all packets. By ensuring that all packets are sent to the mobile node’s CoA, ingress filtering devices or devices that require topologically accurate source/destination address pairs continue to operate normally.
Under normal circumstances, the TCP layer would break when the mobile node changes point of attachment because the mobile node’s TCP stack would no longer have an associated flow. The Mobile IPv6 Type 2 Routing header resolves this problem.
In Mobile IPv6, the Type 2 Routing header is used in packets sent by the correspondent node to the mobile node. The correspondent node puts the mobile node’s home address in this header.
Figure 5-30. IPv6 mobility header structure
The mobile node replaces the IPv6 destination address in the IPv6 header with the home address provided in the Type 2 Routing header. Figure 5-30 above illustrates how a mobile node uses the home address provided in the Type 2 Routing header.
Mobile IPv6 messages and message formats
Although it relies heavily on standard IPv6 extensions and protocols, the Mobile IPv6 protocol does define a number of IPv6 header extensions and protocol extensions. The most notable IPv6 changes are the inclusion of a mobility header in IPv6 packets and creation of four new ICMPv6 messages.
Figure 5-31. IPv6 mobility header structure
Mobile IPv6 mobility header. As shown in Figure 5-31 above, the mobility header is an extension header used by any node participating in the mobile IPv6 process. The extensions can be added by the home agent, mobility node or correspondent node (when route optimization mode is used).
The mobility header is used for the creation and management of mobility bindings. The BU and BA messages are illustrated in Figure 5-32 below .
Clickon image to enlarge.
To ensure that the mobile node sending the binding update is the same mobile node that is sending data packets, the return routability procedure is used. The return routability procedure allows the correspondent node to verify both the CoA and home address of the mobile node.
The correspondent node sends two test messages using the IPv6 Mobility header – one to the CoA and one to the home address, simultaneously. The message destined for the CoA is routed directly to the mobile node.
Clickon image to enlarge.
The message destined for the home address is initially routed through the home agent. Upon successful reply by the mobile node to both messages, the correspondent node establishes an entry in its binding database, and no subsequent verification traffic needs to be sent to the mobile node. Figure 5-33 above illustrates the return routability procedure.
Mobile IPv6 ICMP Message Types
Mobile IPv6 introduces four new ICMP message types, used during dynamic home agent address discovery, network renumbering, and address configuration on the mobile node.
Reserved IPv6 Subnet Anycast Addresses RFC 2526 defines the format and set of “reserved” anycast addresses within each subnet. These addresses allow nodes on the network to access one of many servers all responding to the same request.
Unlike a multicast request, which gets sent to every member of a group, an anycast request gets sent to only one member of the group, usually the closest (determined through routing topology).
This RFC defines the Mobile IPv6 home agent’s anycast address with the structure illustrated in Figure 5-34 below.
Figure 5-34. IPv6 Home Agent’s Anycast Address Structure
Dynamic Home Agent Discovery
Mobile IPv6 provides support for multiple home agents and reconfiguration of the home network. In these cases, the mobile node might not know the IP address of its own home agent.
When a mobile node needs to send a BU message but is unaware of any home agent on its home network, the mobile node can attempt to discover the address of a home agent by sending an ICMP Home Agent Address Discovery message to the IPv6 home agent’s anycast address. Figure 5-35 below illustrates a mobile node using the Home Agent Address Discovery message.
Clickon image to enlarge.
Figure 5-35. Dynamic home agent address discovery
Mobile IPv6 Bootstrapping
A mobile node needs a minimal amount of information to register with a home agent. The process of obtaining this information—namely, the IPv6 address, a home agent address, and a security association with the home agent—is known as bootstrapping.
RFC 4640 provides guidelines and scenarios where bootstrapping a mobile node in a Mobile IPv6 network is preferable to statically configuring this information.
Many protocols have been proposed to facilitate the bootstrapping process, including Dynamic Host Configuration Protocol version 6 (DHCPv6), IEEE 802.1x, and Protocol for carrying Authentication Network Access (PANA).
It is important, independent of the bootstrap protocol, that the bootstrapping process be integrated with the AAA functions.
RADIUS Support for Mobile IPv6
Mobile IPv6 interactions with RADIUS servers have not been fully standardized in the IETF. The current working draft, defined in draft-ietf-mip6-radius, describes the set of attributes to facilitate Mobile IPv6 bootstrapping and operations.
The draft-ietf-mip6-radius IETF working draft also maintains a list of RADIUS attributes and Diameter Code Values for use when communicating to the AAA infrastructure.
The network access gateway in a Mobile IPv6 network functions similarly to how a foreign agent can function from an AAA perspective in Mobile IPv4. Two scenarios might occur:
Scenario #1 : The access network provider is the same as the mobility service provider.
Scenario #2: The access service provider is different from the mobility service provider.
In the first case, when network access is requested, the network access gateway interacts with the access service RADIUS server, which acts as a proxy to the mobility service RADIUS server.
The network access gateway retrieves mobile node information through some already-established protocol, such as PPP, DHCPv6, or Internet Key Exchange version 2 (IKEv2). This allows the mobility service RADIUS server to provide the parameters required for the mobile node to initiate the registration request. Figure 5-36 below illustrates this scenario.
Clickon image to enlarge.
In the second case, Mobile IPv6 bootstrapping is not performed as part of the network access authentication procedure. A protocol between the mobile node and the home agent is required to trigger RADIUS interactions. While there is none specifically defined, this can be Mobile IPv6 or another protocol such as IKEv2. Figure 5-37 below illustrates this scenario.
Clickon image to enlarge.
Mobile Node Identifier Option for MIPv6 RFC 4283 provides a capability similar to that in Mobile IPv4 that allows the mobile node to identify itself by some other mechanism than home IP address.
Identifiers such as the NAI, fully qualified domain name (FQDN), Mobile Subscriber Number (MSISDN), and International Mobile Station Identifier (IMSI) are some examples of this identification.
The Mobile Node Identifier header is included after the Mobility header in an IPv6 packet to allow the AAA infrastructure to authenticate a mobile node, authorize the mobile node for service, allocate a home agent IP address, and assign a home address.
While the network access gateway makes use of a number of existing RADIUS attributes, including User-Name, Service-Type, NAS-Port-Type, and Calling-Station-ID, a number of new attributes are also defined for Mobile IPv6.
Mobility Message Authentication Option Additional RADIUS attributes have been defined in support of RFC 4285, “Authentication Protocol for Mobile IPv6.” This authentication protocol defines a new signaling option, the Mobility Message Authentication Option.
This authentication option provides a method of securely transporting information in Binding Update and Binding Acknowledgment messages between the mobile node and home agent.
This confidentiality capability is useful when the mobile node is authenticated for access in one operator domain and authenticated for mobility in a different operator domain.
The Authentication Protocol for Mobile IPv6 is one option for confidentiality of credentials in the transport network, in addition to an IPsec Security Association (SA) option that exists in the Mobile IPv6 RFC.
Diameter Support for Mobile IPv6 . Mobile IPv6 interactions with Diameter servers are standardized in IETF RFC 5447. The same scenarios presented earlier in relation to RADIUS are applicable to the Diameter protocol. Similar to the RADIUS attributes defined for Mobile IPv6, Diameter Attribute-Value Pairs (AVP) have been defined.
Network Mobility Basic Support Protocol
Network Mobility (NEMO), defined in RFC 3963, is an extension of Mobile IPv6 that enables session continuity for all nodes connected to a mobile network. NEMO introduces the concept of a mobile router, which is a Mobile IPv6 mobile node that can route traffic between its CoA and a subnet that moves with the router.
This allows reachability to all nodes behind the mobile router, regardless of their support for any mobility protocol, as the router changes its point of attachment to the network.
NEMO works by using the bidirectional tunnel mode of Mobile IPv6 to tunnel all traffic between the mobile router and the home agent. For nodes that reside on the mobile router’s network, known as the mobile network, the mobile router acts as the default gateway.
The mobile router acts as a mobile node from a home agent perspective, including the normal BU/BA sequence and Binding Update messages to the home agent. However, the mobile router can also notify the home agent of the mobile prefix assigned to its subnet so that the home agent can provide routing functions for that mobile network and ensure that traffic is sent to the mobile router.
Mobile Network Routing While NEMO relies on the home agent to route all traffic to the mobile router and the prefixes that reside behind the mobile router, this can also be accomplished outside the scope of the NEMO protocol.
Clickon image to enlarge.
Rather than notifying the home agent of network prefixes through Mobile IPv6 header options, the mobile router and home agent can also use standard routing protocols, such as Open Shortest Path First (OSPF) or Border Gateway Protocol (BGP). Figure 5-38 above illustrates NEMO.
Next in Part 5 : Mobile IPv6 in practice .
To read Part 1 , go to “Transport layer mobility challenges. ”
To read Part 2 , go to “ Mobile IPv4 registration and AAA.”
To read Part 3, go to “ Mobile IPv4 tunners,bindings and diagrams.
This series of articles is from the book “Building the Mobile Internet”, by Mark Grayson, KevinShatzkamer and Klass Wierenga.Copyright 2011, used by permission of PearsonEducation, Inc.. Written permission from Pearson Education, Inc. is required forall other uses.
Mark Grayson is a distinguished consulting engineer atCisco Systems with responsibility for leading Cisco’smobile architecture strategy. With 20 years experience in the wireless industry,he holds first class honors in electronics and communications engineering fromthe University of Birmingham (England) as well as a PhD, in radio engineering.
Kevin Shatzkamer is a distinguished system architect atCisco Systems with responsibility for long term strategy and architecturalevolution of mobile wireless networks. He holds a Bachelor of engineering degreefrom the University of Floriga and a MBA from Indiana University.
Klaas Wierenga is a senior consulting engineer in theoffice of the CTO at Cisco. His 15 plus years of experience include planning,analysis and design of systems in the fields of mobility, security and identify.He holds a Master’s degree in consumer science from the University of Groningen,The Netherlands.