Network Working Group David B. Johnson
INTERNET DRAFT Carnegie Mellon University
28 November 1994 Andrew Myles
Macquarie University
Charles Perkins
IBM Corporation
Route Optimization in Mobile IP
draft-ietf-mobileip-optim-00.txt
Abstract
This document defines experimental extensions to the operation of
the basic Mobile IP protocol to allow for optimization of datagram
routing from a correspondent node to a mobile node. Without route
optimization, all datagrams destined to a mobile node are routed
through that mobile node's home agent, which then tunnels each
datagram to the mobile node's current location. The protocol
extensions described here provide a means for correspondent nodes
to cache the location of a mobile node and to then tunnel their own
datagrams for the mobile node directly to that location, bypassing
the possibly lengthy route for each datagram to and from the mobile
node's home agent. Extensions are also provided to optimize the
handoff from one foreign agent to another as the mobile node moves.
This draft is currently incomplete and changes to it are in progress.
We welcome any comments on it from others in the community.
Status of This Memo
This document is an Internet Draft. Internet Drafts are working
documents of the Internet Engineering task Force (IETF), its Areas,
and its Working Groups. Note that other groups may also distribute
working documents as Internet Drafts.
Internet Drafts are draft documents valid for a maximum of six
months. Internet Drafts may be updated, replaced, or obsoleted by
other documents at any time. It is not appropriate to use Internet
Drafts as reference material or to cite them other than as "working
drafts" or "work in progress".
Please check lid-abstracts.txt listing contained in the
internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net,
nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the
current status of an Internet Draft.
Johnson, Myles, Perkins Expires 28 May 1995 [Page i]
Internet Draft Route Optimization in Mobile IP 28 November 1994
Contents
Abstract i
Status of This Memo i
1. Introduction 1
2. Route Optimization Overview 3
2.1. Location Caching . . . . . . . . . . . . . . . . . . . . 3
2.2. Foreign Agent Handoff . . . . . . . . . . . . . . . . . . 3
2.3. Location Cache Updates . . . . . . . . . . . . . . . . . 6
3. Route Optimization Message Formats 8
3.1. Binding Advice Message . . . . . . . . . . . . . . . . . 9
3.2. Binding Inquire Message . . . . . . . . . . . . . . . . . 10
3.3. Binding Update Message . . . . . . . . . . . . . . . . . 11
3.4. Binding Acknowledge Message . . . . . . . . . . . . . . . 13
4. Route Optimization Extension Formats 14
4.1. Previous Foreign Agent Notification Extension . . . . . . 15
4.2. Route Optimization Authentication Extension . . . . . . . 17
4.3. Mobile Node Registration Key Extension . . . . . . . . . 18
4.4. Foreign Agent Registration Key Extension . . . . . . . . 19
5. Mobility Security Association Management 20
5.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 20
5.2. Mobility Security Associations . . . . . . . . . . . . . 21
5.3. Using a Master Key at the Home Agent . . . . . . . . . . 22
6. Location Cache Considerations 23
6.1. Cache Management . . . . . . . . . . . . . . . . . . . . 23
6.2. Receiving Binding Advice Messages . . . . . . . . . . . . 23
6.3. Receiving Binding Update Messages . . . . . . . . . . . . 23
7. Home Agent Considerations 24
7.1. Tunneling Datagrams . . . . . . . . . . . . . . . . . . . 24
7.2. Receiving Binding Inquire Messages . . . . . . . . . . . 24
8. Foreign Agent Considerations 25
8.1. Previous Foreign Agent Notification . . . . . . . . . . . 25
8.2. Receiving Tunneled Datagrams . . . . . . . . . . . . . . 25
Johnson, Myles, Perkins Expires 28 May 1995 [Page ii]
Internet Draft Route Optimization in Mobile IP 28 November 1994
9. Mobile Node Considerations 26
9.1. Previous Foreign Agent List . . . . . . . . . . . . . . . 26
9.2. Previous Foreign Agent Notification . . . . . . . . . . . 26
References 27
Chairs' Addresses 28
Authors' Addresses 29
Johnson, Myles, Perkins Expires 28 May 1995 [Page iii]
Internet Draft Route Optimization in Mobile IP 28 November 1994
1. Introduction
The basic Mobile IP protocol [2] allows a mobile node to move about,
changing its point of attachment to the Internet, while continuing
to be addressed by its home IP address. Correspondent nodes sending
IP datagrams to a mobile node address them to the mobile node's home
address in the same way as any destination.
While the mobile node is connected to the Internet away from its
home network, it is served by a "home agent" on its home network
and is associated with a "care-of address" indicating its current
location. The association between a mobile node's home address and
its care-of address is known as a "mobility binding". The care-of
address is generally the address of a "foreign agent" on the network
being visited by the mobile node, which forwards arriving datagrams
locally to the mobile node. Alternatively, the care-of address may
be temporarily assigned to the mobile node using DHCP [1] or other
means. All IP datagrams addressed to the mobile node are routed by
the normal IP routing mechanisms to the mobile node's home network,
where they are intercepted by the mobile node's home agent, which
then tunnels each datagram to the mobile node's current care-of
address. Datagrams sent by a mobile node use the foreign agent as a
default router but require no other special handling or routing.
This basic scheme allows transparent interoperation with mobile
nodes, but by forcing all datagrams for a mobile node to be routed
through its home agent, this basic protocol may often lead to
routing that is significantly less than optimal. For example, if a
mobile node, say MN1, is visiting some subnet, even datagrams from
a correspondent node on this same subnet must be routed through the
Internet to MN1's home agent on MN1's home network, only to then
be tunneled back to the original subnet to MN1's foreign agent for
delivery to MN1. This indirect routing can significantly delay the
delivery of the datagram to MN1 and places an unnecessary burden on
the networks and routers along this path through the Internet. If
the correspondent node in this example is actually another mobile
node, say MN2, then datagrams from MN1 to MN2 must likewise be routed
through MN2's home agent on MN2's home network and back to the
original subnet for delivery to MN1.
This document defines experimental extensions to the basic Mobile
IP protocol to allow for the optimization of datagram routing from
a correspondent node to a mobile node. These extensions provide a
means for nodes that implement them to cache the care-of address
of a mobile node and to then tunnel their own datagrams directly
there, bypassing the possibly lengthy route to and from that mobile
node's home agent. Extensions are also provided to allow datagrams
in flight when a mobile node moves or datagrams sent based on an
Johnson, Myles, Perkins Expires 28 May 1995 [Page 1]
Internet Draft Route Optimization in Mobile IP 28 November 1994
out-of-date cached care-of address to be forwarded directly to the
mobile node's new care-of address.
All operation of route optimization that effects the routing of IP
datagrams to the mobile node is authenticated using the same type
of authentication mechanism used in the basic Mobile IP protocol.
This authentication relies on a "mobility security association"
established in advance between the node sending a message and the
node receiving the message that must authenticate it. When the
required mobility security association has not been established, a
Mobile IP implementation using route optimization operates in the
same way as the basic Mobile IP protocol.
Section 2 of this document provides an overview of the operation of
route optimization. Section 3 defines the message types used by
route optimization, and Section 4 defines the message extensions
used. Section 5 discusses the problem of managing the mobility
security associations needed to provide authentication of all
messages that affect the routing of datagrams to a mobile node. The
final four sections of this document define in detail the operation
of route optimization from the point of view of each of the entities
involved: location cache considerations are presented in Section 6,
home agent considerations in Section 7. foreign agent considerations
in Section 8, and mobile node considerations in Section 9.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 2]
Internet Draft Route Optimization in Mobile IP 28 November 1994
2. Route Optimization Overview
2.1. Location Caching
Route optimization provides a means for any node that wishes to
optimize its own communication with mobile nodes to maintain a
"location cache" in which it caches the mobility binding of one or
more mobile nodes. When sending an IP datagram to a mobile node, if
the sender has a location cache entry for this mobile node, it may
tunnel the datagram directly to the care-of address indicated in the
cached mobility binding.
In the absence of any location cache entry, datagrams destined for
a mobile node will be routed to the mobile node's home network in
the same way as any other IP datagram, and are then tunneled to the
mobile node's current care-of address by the mobile node's home
agent. This is the only routing mechanism supported by the basic
Mobile IP protocol. With route optimization, as a side effect of
this indirect routing of a datagram to a mobile node, the original
sender of the datagram is informed of the mobile node's current
mobility binding, giving the sender an opportunity to cache the
binding.
A node may create a location cache entry for a mobile node only when
it has received and authenticated the mobile node's mobility binding.
Likewise, a node may update an existing location cache entry for a
mobile node, such as after the mobile node has moved to a new foreign
agent, only when it has received and authenticated the mobile node's
new mobility binding.
A location cache will, by necessity, have a finite size. Any node
implementing a location cache may manage the space in its cache
using any local cache replacement policy. If a datagram is sent
to a destination for which the cache entry has been dropped from
the cache, the datagram will be routed normally through the mobile
node's home network and will be tunneled to the mobile node's
care-of address by its home agent. As when a location cache entry
is initially created, this indirect routing to the mobile node will
result in the original sender of the datagram being informed of the
mobile node's current mobility binding, allowing it to add this entry
again to its location cache.
2.2. Foreign Agent Handoff
When a mobile node moves and registers with a new foreign agent, the
basic Mobile IP protocol does not notify the mobile node's previous
foreign agent. IP datagrams intercepted by the home agent after
Johnson, Myles, Perkins Expires 28 May 1995 [Page 3]
Internet Draft Route Optimization in Mobile IP 28 November 1994
the new registration are tunneled to the mobile node's new care-of
address, but datagrams in flight that had already been intercepted
by the home agent and tunneled to the old care-of address when the
mobile node moved are lost and are assumed to be retransmitted by
higher-level protocols if needed. The old foreign agent eventually
deletes the mobile node's registration after the expiration of the
lifetime period established when the mobile node registered there.
Route optimization provides a means for the mobile node's previous
foreign agent to be reliably notified of the mobile node's new
mobility binding, allowing datagrams in flight to the mobile node's
previous foreign agent to be forwarded directly to its new care-of
address. This notification also allows any datagrams tunneled to the
mobile node's previous foreign agent from correspondent nodes with
out-of-date location cache entries for the mobile node (they have not
yet learned that the mobile node has moved) to be forwarded directly
to its new care-of address. Finally, this notification allows any
resources consumed by the mobile node's registration at the previous
foreign agent (such as radio channel reservations) to be released
immediately, rather than waiting for the mobile node's registration
to expire.
During registration with a new foreign agent, the mobile node and
the new foreign agent may establish a "registration key", which acts
as a session key for this registration. The mobile node's home
agent may choose a registration key and include copies of it in the
Registration Reply message for the foreign agent and for the mobile
node. The copy for the mobile node is included in a Mobile Node
Registration Key extension and is encrypted under a key and algorithm
shared between the home agent and the mobile node as part of their
mobility security association. Likewise, the copy for the foreign
agent is included in a Foreign Agent Registration Key extension and
is encrypted under a key and algorithm shared between the home agent
and the foreign agent as part of their mobility security association.
If the home agent and foreign agent do not share a mobility security
association, then no registration key is established.
When the mobile node later registers with a new foreign agent, it may
use this registration key from its registration with its previous
foreign agent to notify it that it has moved. This notification
may also optionally include its new mobility binding, allowing the
previous foreign agent to create a location cache entry for the
mobile node to serve as a "forwarding pointer" to its new location.
Any datagrams for the mobile node tunneled to this previous foreign
agent that arrive after this location cache entry has been created
will then be re-tunneled to the mobile node's new location at the
care-of address in this location cache entry.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 4]
Internet Draft Route Optimization in Mobile IP 28 November 1994
To minimize the network bandwidth required for this registration
over the link between the mobile node and its new foreign agent,
the mobile node may request its new foreign agent to attempt to
notify its previous foreign agent on its behalf, by including a
Previous Foreign Agent Notification extension in its Registration
Request message sent to the new foreign agent. The new foreign agent
then builds a Binding Update message and transmits it to the mobile
node's previous foreign agent as part of registration, requesting
an acknowledgement from the previous foreign agent. The Previous
Foreign Agent Notification extension includes only those values
needed to construct the Binding Update message that are not already
contained in the Registration Request message. The authenticator for
the Binding Update message is computed by the mobile node based on
its registration key shared with its previous foreign agent.
If the Binding Acknowledgement message acknowledging this Binding
Update message is received by the new foreign agent before it sends
the Registration Reply to the mobile node, the new foreign agent
indicates the acknowledgement in the Registration Reply message to
the mobile node. Otherwise, the new foreign agent forwards the
Binding Acknowledgement message to the mobile node when it arrives;
the mobile node is responsible for occasionally retransmitting a
Binding Update message to its previous foreign agent until the
matching Binding Acknowledge message is received, or until the mobile
node can be sure of the expiration of its registration with that
foreign agent.
The location cache entry created at the mobile node's previous
foreign agent is treated in the same way as any other location cache
entry. In particular, it is possible that this location cache entry
could be deleted from the cache at any time. In this case, the
foreign agent will be unable to re-tunnel subsequently arriving
tunneled datagrams for the mobile node directly to its new location.
Suppose a node (such as this previous foreign agent) receives some
datagram that has been tunneled to this node, but this node is unable
to deliver the datagram locally to the destination mobile node (it
is not the mobile node itself, and it is not a foreign agent with a
visitor list entry for this mobile node). If this node also has no
location cache entry for the mobile node, the node re-tunnels the
datagram using a "special tunnel", in which the destination address
of the tunnel and the destination address of the datagram carried
with in the tunnel are both equal to the mobile node's address.
The tunneled datagram will eventually reach the mobile node's home
network, where it will be intercepted by the mobile node's home agent
and tunneled to the mobile node's current care-of address.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 5]
Internet Draft Route Optimization in Mobile IP 28 November 1994
The use of the "special tunnel" enables the home agent to determine
which node forwarded the datagram to it, allowing it to detect the
case in which a foreign agent has "forgotten" about one of the
visiting mobile nodes registered with it. For example, if a foreign
agent crashes and reboots, it will generally lose all information
in its visitor list. If this were to happen, datagrams destined to
mobile nodes that were registered with the foreign agent before it
crashed would instead loop infinitely between that foreign agent and
the mobile node's home agent. By allowing the home agent to detect
this situation, the datagram can instead be dropped by the home agent
when it receives it in the "special tunnel", rather than retunneling
it again to the foreign agent. For compatibility between foreign
agents that implement route optimization and home agents that do not,
if the foreign agent receive a tunneled datagram that is itself a
special tunneled datagram destined for a mobile node not registered
with this foreign agent, the foreign agent should drop the datagram.
2.3. Location Cache Updates
When a mobile node's home agent intercepts a datagram from the home
network and tunnels it to the mobile node, the home agent may deduce
that the original sender of the datagram has no location cache entry
for the destination mobile node. In this case, the home agent may
send a Binding Update message to the sender, informing it of the
mobile node's current mobility binding. No acknowledgement for this
Binding Update message is needed, since future datagrams intercepted
by the home agent from this sender for the mobile node will serve
to cause a retransmission of the Binding Update message. In order
for the home agent to send this Binding Update to the sender of
the datagram, the home agent and this node must have established a
mobility security association.
When the foreign agent serving a mobile node (or the mobile node
itself, when using a temporary local IP address as a care-of address)
receives a datagram tunneled to it for the mobile node, in which the
source address of the tunnel differs from the original source address
of the datagram carried within the tunnel, it may deduce that the
original sender of the datagram has an out-of-date location cache
entry for this mobile node. In this case, the foreign agent (or
the mobile node itself, when using a temporary local IP address as
a care-of address) may send a Binding Advice message to the mobile
node's home agent (the foreign agent learns the home agent address
during registration), advising it that the original sender of the
datagram has an out-of-date location cache entry for the mobile node.
However, if the source address of the tunnel is the mobile node's
home agent, then no Binding Advice message is needed, since in this
case, the home agent will have already sent a Binding Update message
Johnson, Myles, Perkins Expires 28 May 1995 [Page 6]
Internet Draft Route Optimization in Mobile IP 28 November 1994
to the original sender when it tunneled the datagram to the foreign
agent. As above, no acknowledgement of the Binding Advice message
is needed, since future datagrams for the mobile node from the same
sender will serve to cause a retransmissions of the Binding Advice
message.
No authentication of the Binding Advice message is necessary, since
it does not directly affect the routing of IP datagrams to the mobile
node. Instead, when a node receives a Binding Advice message, that
node sends a Binding Inquire message to the indicated mobile node's
home agent requesting the mobile node's current mobility binding,
which is answered by a Binding Update message from the home agent.
When the Binding Update message is received, the node may then create
a location cache entry for the mobile node. In order for this node
and the home agent to exchange these Binding Inquire and Binding
Update messages, they must have established a mobility security
association.
Included in each Binding Update message is an indication of the
time remaining in the lifetime associated with the mobile node's
current registration. Any location cache entry established or
updated in response to this Binding Update message must be marked
to be deleted after the expiration of this period. A node wanting
to provide continued service with a particular location cache entry
may attempt to reconfirm that mobility binding before the expiration
of this lifetime period. Location cache entry reconfirmation
may be appropriate when the node has indications (such as an open
transport-level connection to the mobile node) that the location
cache entry is still needed. This reconfirmation is performed by
the node sending a Binding Inquire message to the mobile node's home
agent, requesting it to reply with the mobile node's current mobility
binding in a new Binding Update message.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 7]
Internet Draft Route Optimization in Mobile IP 28 November 1994
3. Route Optimization Message Formats
Route optimization defines four message types used for management
of location cache entries. Each of these messages begins with a
one-octet field indicating the type of the message.
The following Type codes are defined in this document:
16 = Binding Advice message
17 = Binding Inquire message
18 = Binding Update message
19 = Binding Acknowledge message
Johnson, Myles, Perkins Expires 28 May 1995 [Page 8]
Internet Draft Route Optimization in Mobile IP 28 November 1994
3.1. Binding Advice Message
A Binding Advice message is used to advise a node that it appears
not to have a current mobility binding cached in a location cache
entry for some mobile node. It is sent by a mobile node's current
foreign agent when the foreign agent receives a tunneled datagram for
the mobile node, in which the source address of the tunnel differs
from the original source address of the datagram. The Binding Advice
message is sent to the original source of the datagram.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
16
Reserved
Sent as 0; ignored on reception.
Mobile Node Home Address
The home address of the mobile node to which the Binding Advice
message refers.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 9]
Internet Draft Route Optimization in Mobile IP 28 November 1994
3.2. Binding Inquire Message
A Binding Inquire message is used by a node when requesting a mobile
node's current mobility binding from the mobile node's home agent.
It is sent by a node upon receiving a Binding Advice message, or by
a node desiring to update the mobility binding in a location cache
entry that it holds for the mobile node.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
17
Reserved
Sent as 0; ignored on reception.
Mobile Node Home Address
The home address of the mobile node to which the Binding
Inquire refers.
Identification
A 64-bit sequence number, assigned by the node sending the
Binding Inquire message, used to assist in matching requests
with replies, and in protecting against replay attacks.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 10]
Internet Draft Route Optimization in Mobile IP 28 November 1994
3.3. Binding Update Message
The Binding Update message is used to notify another node of a mobile
node's current mobility binding. It may be sent by the mobile
node's home agent in response to a Binding Inquire message; it may
also be sent by a mobile node or the foreign agent with which it is
registering, when notifying the mobile node's previous foreign agent
that the mobile node has moved.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type |A| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ...
+-+-+-+-+-+-+-+-
Type
18
Acknowledge (A)
The Acknowledge (A) bit is set by the node sending the Binding
Update message to request a Binding Acknowledge message be
returned acknowledging its receipt.
Reserved
Sent as 0; ignored on reception.
Mobile Node Home Address
The home address of the mobile node to which the Binding Update
message refers.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 11]
Internet Draft Route Optimization in Mobile IP 28 November 1994
Care-of Address
The current care-of address of the mobile node.
Lifetime
The number of seconds remaining before the location cache entry
must be considered expired. A value of all ones indicates
infinity.
When sent by the mobile node's home agent in response to
a Binding Inquire message, this value should be less than
or equal to the remaining lifetime of the mobile node's
registration. When sent by the mobile node or its new foreign
agent to the mobile node's previous foreign agent during
registration, this value is ignored and the lifetime on the
location cache entry created at the previous foreign agent
must be set to the remaining lifetime of the mobile node's
registration with that foreign agent. When sent by the mobile
node to its previous foreign agent after completing its new
registration, this value should be less than or equal to the
remaining lifetime of the mobile node's current registration.
Identification
A 64-bit sequence number, assigned by the node sending the
Binding Inquire message, used to assist in matching requests
with replies, and in protecting against replay attacks.
The Route Optimization Authentication extension (Section 4.2) is
required.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 12]
Internet Draft Route Optimization in Mobile IP 28 November 1994
3.4. Binding Acknowledge Message
A Binding Acknowledge message is used to acknowledge receipt of a
Binding Update message. It is sent by the node receiving the Binding
Update message, if the Acknowledge (A) bit is set in the Binding
Update message.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mobile Node Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
19
Reserved
Sent as 0; ignored on reception.
Mobile Node Home Address
Copied from the Binding Update message being acknowledged.
Identification
Copied from the Binding Update message being acknowledged.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 13]
Internet Draft Route Optimization in Mobile IP 28 November 1994
4. Route Optimization Extension Formats
Route optimization defines the following two message extensions:
?? = Previous Foreign Agent Notification extension
?? = Route Optimization Authentication extension
?? = Mobile Node Registration Key extension
?? = Foreign Agent Registration Key extension
Johnson, Myles, Perkins Expires 28 May 1995 [Page 14]
Internet Draft Route Optimization in Mobile IP 28 November 1994
4.1. Previous Foreign Agent Notification Extension
The Previous Foreign Agent Notification Extension may be included in
a Registration Request message sent to a foreign agent. It is used
to request this foreign agent to send a Binding Update message to the
mobile node's previous foreign agent to notify it that the mobile
node has moved. The previous foreign agent deletes the mobile node's
visitor list entry and creates a location cache entry for the mobile
node pointing to its new care-of address. The extension contains
only those values needed to construct the Binding Update message
that are not otherwise already contained in the Registration Request
message.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Cache Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Previous Foreign Agent Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
???
Length
6 plus the length of the Authenticator
Cache Lifetime
The number of seconds remaining before the location cache
entry created by the previous foreign agent must be considered
expired. A value of all ones indicates infinity. A value
of zero indicates that the previous foreign agent should not
create a location cache entry for the mobile node once it
has deleted the mobile node's visitor list entry. The Cache
Lifetime value is copied into the Lifetime field of the Binding
Update message.
Previous Foreign Agent Address
The IP address of the mobile node previous foreign agent to
which the new foreign agent should send a Binding Update
message on behalf of the mobile node.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 15]
Internet Draft Route Optimization in Mobile IP 28 November 1994
Authenticator
The authenticator value to be used in the Route Optimization
Authentication extension in the Binding Update message sent by
the new foreign agent to the mobile node's previous foreign
agent.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 16]
Internet Draft Route Optimization in Mobile IP 28 November 1994
4.2. Route Optimization Authentication Extension
The Route Optimization Authentication Extension is used to
authenticate certain route optimization management messages. It
contains the same fields and is computed in the same way as the
Mobile-Home Authentication Extension used in the basic Mobile IP
protocol.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
???
Length
The length of the Authenticator
Authenticator
(variable length) A hash value taken over a stream of bytes
including the shared secret, all prior extensions in their
entirety, and the type and length of this extension, but not
including the Authenticator field itself.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 17]
Internet Draft Route Optimization in Mobile IP 28 November 1994
4.3. Mobile Node Registration Key Extension
The Mobile Node Registration Key extension may be used on
Registration Reply messages to send a registration key from the
mobile node's home agent to the mobile node. The extension is
authenticated along with the rest of the Registration Reply message,
and thus no additional authenticator is included in the extension.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Encrypted Key ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
???
Length
The length of the Encrypted Key
Encrypted Key
(variable length) The registration key, chosen by the home
agent, encrypted based on the mobility security association
between the mobile node and its home agent.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 18]
Internet Draft Route Optimization in Mobile IP 28 November 1994
4.4. Foreign Agent Registration Key Extension
The Foreign Agent Registration Key extension may be used on
Registration Reply messages to send a registration key from the home
agent to the foreign agent. An authenticator is included in the
extension to allow the foreign agent to authenticate the received
registration key.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Encrypted Key ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type
???
Length
The length of the Encrypted Key plus the length of the
Authenticator
Encrypted Key
(variable length) The registration key, chosen by the home
agent, encrypted based on the mobility security association
between the foreign agent and the home agent.
Authenticator
(variable length) A hash value taken over a stream of bytes
including the shared secret and the fields in this extension
other than the Authenticator field itself.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 19]
Internet Draft Route Optimization in Mobile IP 28 November 1994
5. Mobility Security Association Management
5.1. Motivation
One of the most difficult aspects of route optimization for Mobile IP
in the Internet today is the difficulty of providing authentication
for all messages that affect the routing of datagrams to a mobile
node. In the basic Mobile IP protocol, all routing of datagrams to
the mobile node while away from its home network is controlled by
the home agent, since only the home agent is aware of the mobile
node's mobility binding and only the home agent tunnels datagrams
to the mobile node. Authentication is achieved based on a manually
established "mobility security association" between the home agent
and the mobile node. Since the home agent and the mobile node
are both owned by the same organization (both are assigned IP
addresses within the same IP subnet), this manual configuration can
be performed fairly easily, for example while the mobile node is at
home.
With route optimization, though, there is a need in general to
authenticate messages between two nodes belonging to different
organizations, making establishment of a mobility security
association more difficult. Since no general authentication or key
distribution protocol is available in the Internet today, the route
optimization procedures defined in this document rely on the same
type of manually configured mobility security associations as are
used in the basic Mobile IP protocol.
For a correspondent node to be able to create a location cache entry
for a mobile node so that it can tunnel its own IP datagrams directly
to the mobile node at its current location, the correspondent node
and the mobile node's home agent must have established a mobility
security association. This mobility security association, though,
may be used in creating and updating location cache entries at this
correspondent node for all mobile nodes served by this home agent.
This places the correspondent node in a fairly natural relationship
with respect to the mobile nodes served by this home agent. For
example, these mobile nodes may represent different people affiliated
with the organization owning the home agent and these mobile nodes,
with which the user of this correspondent node often collaborates.
In this case, the effort of establishing the necessary mobility
security association with this home agent may be justified.
Similarly, for a mobile node to be able to notify its previous
foreign agent once it moves and is registering a new care-of
address, the foreign agent and the mobile node's home agent must
have established a mobility security association, and this mobility
security association may be used for all mobile nodes served by this
Johnson, Myles, Perkins Expires 28 May 1995 [Page 20]
Internet Draft Route Optimization in Mobile IP 28 November 1994
home agent that may register with this foreign agent. This places
the foreign agent in a fairly natural relationship with respect to
the mobile nodes served by this home agent. For example, these
mobile nodes may represent different people affiliated with the
organization owning the home agent and these mobile nodes, which
may often visit the network served by this foreign agent. In this
case, the effort of establishing the necessary mobility security
association with this home agent may be justified.
In general, if the movement and communication patterns of a mobile
node or the group of mobile nodes served by the same home agent are
sufficient to justify establishing a mobility security association
with the mobile node's home agent, users or network administrators
are likely to do so. Establishing a mobility security association
is not a requirement to using the protocol, though; if no mobility
security association has been established, the Mobile IP protocol
with route optimization behaves the same as the basic Mobile
IP protocol, and all datagrams destined for a mobile node are
intercepted by the mobile node's home agent and are then tunneled to
its current location by the home agent.
5.2. Mobility Security Associations
For use with route optimization, a mobility security association held
by a correspondent node or a foreign agent must in general include
the following parameters:
- the authentication type (including algorithm and algorithm mode),
- the secret (such as a shared key, or appropriate public/private
key pair),
- the home agent address (defining which mobility security
association this is), and
- an indication of which mobile nodes this mobility security
association applies to, such as by a netmask for the home agent
address, or by a list of the individual mobile nodes.
A mobility security association held by a home agent in general must
include the following parameters:
- the authentication type (including algorithm and algorithm mode),
- the secret (such as a shared key, or appropriate public/private
key pair), and
- the address of the node with which it has established this
mobility security association.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 21]
Internet Draft Route Optimization in Mobile IP 28 November 1994
5.3. Using a Master Key at the Home Agent
Rather than storing each mobility security association that it has
established with many different correspondent nodes and foreign
agents, a home agent may manage its mobility security associations so
that each of them can be generated from a single "master" key. With
the master key, the home agent could build a key for any given other
node by computing the node-specific key as
MD5(node-address || master-key || node-address)
where node-address is the IP address of the particular node for which
the home agent is building a key, and master-key is the single master
key held by the home agent for all mobility security associations it
has established with correspondent nodes. The node-specific key is
built by computing an MD5 hash over a string consisting of the master
key with the node-address concatenated as a prefix and as a suffix.
Using this scheme, when establishing each mobility security
association, the network administrator managing the home agent
computes the node-specific key and communicates this key to the
network administrator of the other node through some "secure"
channel, such as over the telephone. The mobility security
association is configured at this other node in the same way as any
mobility security association. At the home agent, though, no record
need be kept that this key has been given out. The home agent need
only be configured to know that this scheme is in use for all of its
mobility security associations.
When the home agent then needs a mobility security association as
part of the route optimization protocol, it builds the node-specific
key based on the master key and the IP address of the other node with
which it is attempting to authenticate. If the other node knows
the correct node-specific key, the authentication will succeed;
otherwise, it will fail as it should.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 22]
Internet Draft Route Optimization in Mobile IP 28 November 1994
6. Location Cache Considerations
(This section is incomplete, but will contain a detailed description
of the data structures and procedures related to managing a location
cache.)
6.1. Cache Management
LRU
Avoiding thrashing
Refreshing location cache entries: Binding Inquire and Binding
Update
6.2. Receiving Binding Advice Messages
Binding Inquire and Binding Update
6.3. Receiving Binding Update Messages
authenticating, building cache entry
Johnson, Myles, Perkins Expires 28 May 1995 [Page 23]
Internet Draft Route Optimization in Mobile IP 28 November 1994
7. Home Agent Considerations
(This section is incomplete, but will contain a detailed description
of the data structures maintained by a home agent and the route
optimization procedures from the point of view of a home agent.)
7.1. Tunneling Datagrams
Sending Binding Update messages
A home agent must provide some mechanism to limit the rate at which
it sends Binding Update messages to to the same node about any given
mobility binding, after tunneling a datagram intercepted on the home
network.
7.2. Receiving Binding Inquire Messages
Johnson, Myles, Perkins Expires 28 May 1995 [Page 24]
Internet Draft Route Optimization in Mobile IP 28 November 1994
8. Foreign Agent Considerations
(This section is incomplete, but will contain a detailed description
of the data structures maintained by a foreign agent and the route
optimization procedures from the point of view of a foreign agent.)
8.1. Previous Foreign Agent Notification
sending binding update on behalf of mobile node
when receive, change to cache, ack
how to make cache when notified
8.2. Receiving Tunneled Datagrams
Don't send binding advice if tunneled from home agent; the foreign
agent knows the home agent address from registration and thus can
recognize datagrams tunneled from the home agent
A foreign agent must provide some mechanism to limit the rate at
which it sends Binding Advice messages about any giving mobility
binding.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 25]
Internet Draft Route Optimization in Mobile IP 28 November 1994
9. Mobile Node Considerations
(This section is incomplete, but will contain a detailed description
of the data structures maintained by a mobile node and the route
optimization procedures from the point of view of a mobile node.)
9.1. Previous Foreign Agent List
9.2. Previous Foreign Agent Notification
extension in registration, manage own retransmissions
periodically retransmit to each foreign agent in previous foreign
agent list
need to add status code or bit to Registration Reply from foreign
agent
Johnson, Myles, Perkins Expires 28 May 1995 [Page 26]
Internet Draft Route Optimization in Mobile IP 28 November 1994
References
[1] Ralph Droms. Dynamic Host Configuration Protocol. Internet
Request For Comments RFC 1541, October 1993.
[2] Charles Perkins, editor. IP mobility support. Internet Draft,
October 1994. Work in progress.
Johnson, Myles, Perkins Expires 28 May 1995 [Page 27]
Internet Draft Route Optimization in Mobile IP 28 November 1994
Chairs' Addresses
The working group can be contacted via the current chairs:
Kannan Alagappan
???
Work: +1-???-???-????
Fax: +1-???-???-????
E-mail: kannan@emc.com
Tony Li
170 W. Tasman Dr.
San Jose, CA 95134
Work: +1-408-526-8186
Fax: +1-408-???-????
E-mail: tli@cisco.com
Johnson, Myles, Perkins Expires 28 May 1995 [Page 28]
Internet Draft Route Optimization in Mobile IP 28 November 1994
Authors' Addresses
Questions about this document can also be directed to the authors:
David B. Johnson
Computer Science Department
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213-3891
Phone: +1-412-268-7399
Fax: +1-412-268-5576
E-mail: dbj@cs.cmu.edu
Andrew Myles
Electronics Department
Macquarie University 2109
Sydney, Australia
Phone: +61-2-8059071
Fax: +61-2-8059128
E-mail: andrewm@mpce.mq.edu.au
Charles Perkins
Room J1-A25
T. J. Watson Research Center
IBM Corporation
P. O. Box 218
Yorktown Heights, NY 10598
Phone: +1-914-789-7350
Fax: +1-914-784-7007
E-mail: perk@watson.ibm.com
Johnson, Myles, Perkins Expires 28 May 1995 [Page 29]