Internet Engineering Task Force                                W. T. Teo
INTERNET DRAFT                               National Univ. of Singapore
                                                                   Y. Li
                                                      Bay Networks, Inc.
                                                            1 March 1998

        Mobile IP extension for Private Internets Support (MVPN)
                  draft-teoyli-mobileip-mvpn-00.txt


Status of this Memo

   This document is a submission to the Mobile-IP Working Group of the
   Internet Engineering Task Force (IETF). Comments should be submitted
   to the mobile-ip@smallworks.com mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft.  Internet-Drafts are working
   documents of the Internet Engineering Task Force (IETF), its areas,
   and its working groups.  Note that other groups may also distribute
   working documents as Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at
   any time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as ``work in progress.''

   To learn the current status of any Internet-Draft, please check the
   ``1id-abstracts.txt'' listing contained in the Internet-Drafts
   Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
   munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or
   ftp.isi.edu (US West Coast).

Abstract

   This memo describes a scheme to enable the mobile node to move from
   public to private domains or between private domains while it still
   maintains internet connectivity. This extended mobility support does
   not require that the private host have access to the global Internet.
   This memo takes advantage of the PAID agent, a domain border agent,
   specified in the private address identification (PAID) procotol. To
   register a mobility binding, we introduce a mobile extension in the
   regional registration messages with the PAID agent, and a private
   extension to the global registration messages with the home agent.








Teo, Li                Expires 31 August 1998                   [Page i]


Internet Draft                MVPN                          1 March 1998

1. Introduction

1.1 Problem

   Mobile IP base protocol [6] provides an efficient, scalable mechanism
   for node mobility within the public Internet. However, it does not
   support movement between private domains and between private domain
   and public domain.

   Private internets are defined in [9]. They differ from the existing
   public internet in terms of address allocation. Private internets are
   generally used to number hosts within an enterprise, organization or
   a community. These hosts are not meant to be accessed from public
   internet hosts outside the private internets. The problem arises when
   a private host providing services to other clients in the private
   networks moves to another private or public site.

   Besides, the uniqueness of private IP address for each host cannot
   be assumed. Since routers generally deliver datagrams based on their
   destination IP address, the mechanism provided by the Mobile IP will
   not work at all between different private internet communities.

1.2 MVPN

   The protocol (MVPN) specified in this memo attempts to extend the
   Mobile IP support to private internets, that is, to enable mobility
   between private domains and from public to private domains.

   The private address identification protocol (PAID) [4] proposes an
   approach which facilitates the private extension of the mobility
   support. It proposes to bind each private address, by regional
   registration, to a public address of another node (called PAID agent
   or domain border agent) and thus provides an unique identification of
   a private host. This protocol also invents a PAID Encapsulation
   mechanism. This approach enables the global communication between
   private domains.

   Taking advantage of the PAID agent, the MVPN introduces a private
   extension to the global Registration Request and Registration Reply
   messages as specified in the Mobile IP base protocol [6]. These
   messages will then be forwarded between the mobile node and the home
   agent by way of a foreign PAID agent and/or a home PAID agent.

   The idea of regional registration was introduced by Perkins [8]. It
   was meant to reduce the frequency of distant registrations with the
   home agent. We extend this idea to the private domains. When a mobile
   node moves to a private domain, it has to first register its private
   care-of address with the public PAID agent. To perform this regional
   registration, MVPN introduces a mobile PAID extension to the PAID
   registration messages as specified in the PAID protocol [4].


Teo, Li                Expires 31 August 1998                   [Page 1]


Internet Draft                MVPN                          1 March 1998

1.3. Applicability

   MVPN is intended to enable nodes to move from a public domain to a
   private domain, or to move between private domains. MVPN does not
   support movement from a private domain to a public one.

   With the support of MVPN, both the mobile node and the home agent can
   be public or private nodes. The foreign agent can be a public node
   only if the mobile node is in the same domain as the foreign agent or
   both the mobile node and the home agent are public nodes. In a
   private domain, MVPN does not require the foreign agent for
   registration, but the mobile node still uses the Agent Advertisement
   messages from the foreign agent to detect movement, from one subnet
   to another or from a domain to another.

   Although the corresponding node may not be able to access the private
   domain which the mobile node is visiting, as long as it is able to
   communicate with the mobile node's home network, the corresponding
   node will be able to communicate with the mobile node with help of
   the home agent, the home PAID agent, and the foreign PAID agent.

   MVPN is compatible with the PAID protocol [4]. When the Internet
   supports PAID partly or completely, the MVPN will even enable the
   mobile node to move from a private domain to a public one.

1.4. Terminology and Definitions

   Identification of Private Address (PAID)

      The identification of a private address is a <public, private>
      address pair. It is defined in [4]. We also call it as the binary
      identification of the private address.

   PAID Agent

      A PAID agent is a node that provides private nodes with the public
      portion of the binary identification. It is defined in [4].

   Home PAID Agent

      This is a PAID agent of the mobile node's home agent when the home
      agent is private. It supports MVPN in the mobile node's home
      domain. It does not process Registrtion Request and Registration
      Reply messages but it forwards these messages. The home PAID agent
      tunnels packets, including the registration messages, between the
      home agent and the foreign PAID agent or the foreign agent.






Teo, Li                Expires 31 August 1998                   [Page 2]


Internet Draft                MVPN                          1 March 1998

   Foreign PAID Agent

      This is a PAID agent of the mobile node's care-of address. It
      supports MVPN in the mobile node's foreign domain. It processes
      Registrtion Request and Registration Reply messages. It tunnels
      packets between the home agent/the home PAID agent and the foreign
      agent/the mobile node.

   Mobile Node

      The mobile node in MVPN is the same as that defined as in the
      Mobile IP base protocol, except that the mobile node address can
      be a public address, private address, or a <public, private>
      address pair.

   Home Agent

      The home agent in MVPN is the same as that defined as in the
      Mobile IP base protocol. Home agent address can be private or
      public.

   Foreign Agent

      The foreign agent in MVPN is the same as that defined as in the
      Mobile IP base protocol. Foreign agent address can be private or
      public.

      In MVPN, the foreign agent is less important since the mobile node
      can obtain co-located care-of address by DHCP [1].

   Care-of Address

      The care-of address in MVPN is the same as that defined as in the
      Mobile IP base protocol. It can be private or public. We refer as
      private care-of address to the care-of address of the mobile node
      when the care-of address is private.

   Public Care-of Address

      The public care-of address of the mobile node is referred to a
      public address of the foreign PAID agent.

   Mobility Binding

      Similar to that in the Mobile IP base protocol, the mobility
      binding in MVPN is the association of the binary identification
      of the mobile node home address, the binary identification of the
      care-of address, along with the lifetime of the association.




Teo, Li                Expires 31 August 1998                   [Page 3]


Internet Draft                MVPN                          1 March 1998

2. Protocol Overview

   When a home agent in MVPN moves to another private domain, it will
   identify the mobile node's location by the binary identification of
   the mobile node's care-of address, that is, the address pair <foraign
   PAID agent, care-of address>. On the other hand, the mobile node will
   identify the home agent by the binary identification of the home
   agent, that is, the address pair <home PAID agent, home agent
   address>.

2.1 Obtaining Care-of Address

   The mobile node, when moving to a private network in another domain,
   may attempt to obtain a private co-located care-of address by using
   DHCP [1]. Since there are plenty of private addresses in each
   enterprise network, using co-located care-of addresses is not
   expensive.

2.2 Discovery of Foreign PAID Agent

   After obtaining a care-of address, the mobile node may attempt to
   register a binary identification with a foreign PAID agent.

   The mobile node may discover the foreign PAID agent by the PAID agent
   discovery protocol in [4]. Alternatively, a foreign agent may include
   a PAID agent extension in the Agent Advertisement message, and thus
   the mobile node is able to learn the PAID agent from the foreign
   agent.

2.3 Regional Registration

   The mobile node may register a binary identification with a foraign
   PAID agent through exchange of a pair of PAID Registration Request
   and Reply messages as specified in the PAID registration protocol
   (see [4]).

   To additionally regionally register a mobility binding with the
   foreign PAID agent, the mobile node should include a Mobile PAID
   Extension in the PAID Registration Request message. The foreign PAID
   agent should associates the mobility binding regionally with itself
   and include the Mobile PAID Extension in the reply.

   This way the mobile node may not necessarily originate a home
   registration as in section 2.4 unless it moves to another domain.
   This is because the mobile node can be served by the same foreign
   PAID agent while moving inside the domain.






Teo, Li                Expires 31 August 1998                   [Page 4]


Internet Draft                MVPN                          1 March 1998

2.4 Home Registration

   Using the binary identification of its care-of address, the mobile
   node may register a mobility binding with its home agent, by
   exchange of a pair of Registration Request and Reply messages, via
   the foreign PAID agent and the home PAID agent. To register such a
   mobility binding, both the request and the reply should contain a
   Private Extension.

   The private extension contains private mobile node address, and/or
   private home agent address, and/or private care-of address. The
   foreign agent, foreign PAID agent, or home agent will determine if
   the Registration Request and reply messages supports MVPN by checking
   the presence of the private extension.

2.5 Transit Registration

   The mobile node may register a mobility binding with other foreign
   PAID agents in domains it visited previously. These foreign PAID
   agents will then redirect mobile traffic to the location where the
   mobile node is currently visiting. Transit registration can be
   performed in the same way as the home registration.

2.6 Movement Detection

   The mobile node will take advantage of Agent Advertisement messages
   to detect movement. In order to detect the movement from one domain
   to another, both the home agent and foreign agent should advertise
   all PAID agents in the domain as well as care-of addresses.

   A mobile node should detect a change in location when it receives an
   Agent Advertisement with a different set of care-of address. In
   contrast, when the mobile node learns the message has a different set
   of PAID agent addresses, it should be considered to have moved into
   another domain.

2.7 Datagram Forwarding / Tunnelling

   In general, IP Encapsulation within IP [7] or GRE [3] can be employed
   for tunneling from the home agent to the mobile node. In the MVPN
   case, it is difficult for a PAID agent to identify where the mobile
   traffic is destined.

   If the mobile node has register a binding with 'P' bit set, it means
   all agents support PAID encapsulation [4]. In this case, the home
   agent may tunnel packets to the private care-of address with PAID
   encapsulation. If the mobile node is not able to register a binding
   with the 'P' bit set, the PAID encapsulation should apply to the
   tunnels between the mobile node and the foreign PAID agent or between
   the home PAID agent and the home agent. Other tunnels may employ the
   a regular tunneling mechanism other than the PAID encapsulation.

Teo, Li                Expires 31 August 1998                   [Page 5]


Internet Draft                MVPN                          1 March 1998

   A private mobile node should use reverse tunnel [5] when originating
   packets to its home domain. This is because private hosts currently
   do not support PAID and packets are not deliverable between two
   private domains. If the PAID can be supported between the foreign
   domain and the destination domain, the mobile node should build two
   levels of PAID forwarding headers for packets origination.

2.8 Interoperability with Mobile IP Base Protocol

   Interoperability with the Mobile IP base protocol is unidirectional.
   When the mobile node moves from a public domain to a private domain,
   if the mobile node and the private domain supports MVPN while the
   public domain supports the base protocol, the mobile node will be
   able to register a mobility binding with the home agent successfully.

   In this case, to register a mobility binding, the mobile node should
   send a Registration Request to the home agent via the foreign PAID
   agent. This request should include a private extension which contains
   only the private care-of address. Since the Registration Reply does
   not include the care-of address field, the home agent does not
   neccesarily include a private extension in the reply to the mobile
   node.

   Supporting movement from a private domain to a public domain is
   difficult and unnecessary. It is difficult for a foreign agent to
   identify a private mobile node since there may be two mobile nodes
   that have the same private address. On the other hand, the Mobile IP
   base protocol currently supports movement between public networks or
   between networks in the same routing domain. Since more and more
   enterprise networks have been configured with private addresses, only
   movement to the private domain is realistic.





















Teo, Li                Expires 31 August 1998                   [Page 6]


Internet Draft                MVPN                          1 March 1998

3. Formats of Messages and Extensions

3.1 Registration Request Message

   There is only one new bit 'P' in the Registration Request:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |S|B|D|M|G|V|T|P|          Lifetime             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Public Home Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  Public Home Agent Address                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                   Public Care-of Address                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   +                       Identification                          +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      T        If the 'T' bit is set, the mobile node asks its home
               agent to accept a reverse tunnel from the care-of
               address. Mobile nodes using a foreign agent care-of
               address ask the foreign agent to reverse-tunnel its
               packets.

      P        If the 'P' bit is set, the mobile node asks its home
               agent to perform PAID encapsulation for packets destined
               to the mobile node.

      Public Home Address

               The mobile node's home address if the mobile node is
               public or otherwise the home PAID agent address.

      Public Home Agent Address

               The home agent address if the home agent is public
               or otherwise the home PAID agent address.

      Public Care-of Address

               The care-of address if there is no foreign PAID agent
               or otherwise the foriegn PAID agent address.

3.2 Registration Reply Message

   MVPN does not introduce any new field in the Registration Reply
   message except that it renames the home address field and the home
   agent field as follows.

Teo, Li                Expires 31 August 1998                   [Page 7]


Internet Draft                MVPN                          1 March 1998

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |           Lifetime            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Public Home Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  Public Home Agent Address                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Extensions ...
   +-+-+-+-+-+-+-+-

      Public Home Address

               The mobile node's home address if the mobile node is
               public or otherwise the home PAID agent address.

      Public Home Agent Address

               The home agent address if the home agent is public
               or otherwise the home PAID agent address.

3.3 PAID Agent Extension

   This extension is included in the Agent Advertisement message. The
   mobile node can use it to detect movement and find a foreign PAID
   agent. The presence of this extension signifies the agent supports
   MVPN.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |  Reserved     | No. of Agents |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       PAID Agent Addresses                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |            Lifetime           |B|H|F|  Rsvd   |  Preference   |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                               .                               |
   |                               .                               |
   |                               .                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Type     48

      Reserved 0


Teo, Li                Expires 31 August 1998                   [Page 8]


Internet Draft                MVPN                          1 March 1998

      No. of Agents

               The number of agents in this extension.

      PAID Agent Addresses

               A PAID agent address. It MUST be public.

      Lifetime The longest lifetime (measured in seconds) that this
               agent is willing to accept in any PAID Request.
               A value of 0xffff indicates infinity.

      B        Busy.  The PAID agent will not accept request from
               additional private nodes.

      H        Home PAID agent.  This agent offers service as a home
               PAID agent.

      F        Foreign PAID agent.  This agent offers service as a
               foreign PAID agent.

      Preference

               This is for load balancing or other purposes.
               0 means no service can be provided.
               infinity 0xff means unlimited services.

3.4 Private Extension

   This extension is included in Registration Request and Registration
   Reply messages. This is to extend the mobile IP to private internets.
   The presence of this extension signifies the mobile node supports
   MVPN.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |M|H|F|       Reserved          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               (If present) Private Home Address               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               (If present) Private Home Agent Address         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |               (If present) Private Care-of Address            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      M bit

         If set, the private home address is present.



Teo, Li                Expires 31 August 1998                   [Page 9]


Internet Draft                MVPN                          1 March 1998

      H bit

         If set, the private home agent address is present.

      F bit

         If set, the private care-of address is present.
         In Registration Reply message, this bit SHOULD be set to 0
         since the care-of address is not required.

3.5 Mobile PAID Extension

   This extension is included in the PAID Registration Request and PAID
   Registration Reply [4] messages. This is for the mobile node to
   regionally register a mobility binding with a foreign PAID agent.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Length    |P|        Reserved             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Public Home Address                    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                  (If present) Private Home Address            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      P bit

         If set, the private home address is present.























Teo, Li                Expires 31 August 1998                  [Page 10]


Internet Draft                MVPN                          1 March 1998

4. Mobile Node Consideration

   The mobile node supporting MVPN MUST always include the private
   extension in the Registration Request messages.

4.1 Private Mobile Node

   The discussion of movement from a private domain to a public domain
   is beyond the scope of this document. Therefore, it is assumed that
   the private mobile node moves to another private domain.

4.1.1 Regional Registration

   When the private mobile node performs the regional registration, it
   MUST include a mobile PAID extension in the PAID Registration Request
   message. This extension MUST contain the private mobile home address.

   When the mobile node receives a PAID Registration Reply, it SHOULD
   verify the presence of the mobile PAID extension. This extension
   SHOULD contain the private home address.

4.1.2 Home Registration

   When the private mobile node performs the home registration, it MUST
   include the private extension in the Registration Request and this
   extension MUST contain the private home address, the private home
   agent address, and the private care-of address.

   When the mobile node receives a Registration Reply, it MUST verify
   the presence of the private extension. The private extension MUST
   contain the private home address and the private home agent address.

4.1.3 Datagram Originating and Receiving

   The mobile node MUST employ the PAID encapsulation when it originates
   packets to a corresponding node that is in a domain other than its
   visiting domain. In this case, it SHOULD use reverse tunneling
   method.

   When receiving a packet tunneled by the foreign PAID agent, the
   mobile node SHOULD decapsulate the packet using the relevant
   encapsulation protocol as indicated in the packet.










Teo, Li                Expires 31 August 1998                  [Page 11]


Internet Draft                MVPN                          1 March 1998

4.2 Public Mobile Node

   The Mobile IP base protocol supports the scenary that a public mobile
   node moves to another public domain. In this case, a foreign PAID
   agent can also be deployed in this foreign domain so that the mobile
   node just keeps registering with this PAID agent regionally instead
   of frequently performing home registration. For the convenience of
   description as below, even if the care-of address is public, we still
   call the care-of address as "private care-of address".

4.2.1 Regional Registration

   When the public mobile node performs the regional registration, it
   MAY include a mobile PAID extension in the PAID Registration Request.
   This extension only contains the public mobile home address.

   When the mobile node receives a PAID Registration Reply, it SHOULD
   verify the presence of the mobile PAID extension. This extension
   SHOULD contain the public home address.

4.2.2 Home Registration

   When the public mobile node performs the home registration, it
   SHOULD include the private extension in the Registration Request.
   The extension SHOULD contain the private care-of address.

   When the mobile node receives a Registration Reply, it SHOULD not
   verify the presence of the private extension since the home agent
   probably does not support MVPN.

4.2.3 Datagram Originating and Receiving

   The mobile node MAY apply the PAID encapsulation when it originates
   packets to a corresponding node that is in a domain other than its
   visiting domain. In this case, it SHOULD use reverse tunneling
   method. If the visiting domain is public, the mobile node MAY use
   other encapsulation protocols to originate packets.

   When receiving a packet tunneled by the foreign PAID agent, the
   mobile node SHOULD decapsulate the packet using the relevant
   encapsulation protocol as indicated in the packet.











Teo, Li                Expires 31 August 1998                  [Page 12]


Internet Draft                MVPN                          1 March 1998

5. Foreign Agent Consideration

   The foreign agent MAY include the PAID agent extension in the Agent
   Advertisement messages. This is to allow the mobile node to detect
   the movement between different domains. The mobile node MAY also
   learn from the PAID agent extension and initiate the regional
   registration with a PAID agent.

   In MVPN, the registration messages MAY bypass the foreign agent since
   the mobile node MAY obtain co-located care-of address.

6. Foreign PAID Agent Consideration

6.1 Regional Registration

   When the foreign PAID agent receives a PAID Registration Request
   message with the mobile PAID extension included, if it can honour the
   request, it SHOULD associate the binary identification of the mobile
   node with the binary identification of the care-of address. It SHOULD
   return a PAID Registration Reply message with the mobile PAID
   extension.

6.2 Home Registration

6.2.1 Receiving Registration Request

   When the foreign PAID agent receives a Registration Request message,
   it SHOULD verify the reply is valid. The foreign PAID agent MUST
   already have a regional mobility binding for the mobile node, and the
   private extension MUST be present.

   If the request is invalid, the PAID agent SHOULD deny the request and
   respond with a Registration Reply message that contains a proper
   error code.

   If the request is valid, the PAID agent SHOULD associate the mobility
   binding of the mobile node with the home agent or the binary
   identification of the home agent.

   If the home agent is private, the foreign PAID agent SHOULD tunnel
   the request to the home PAID agent using PAID encapsulation.
   Otherwise, the foreign PAID agent SHOULD simply forward the message
   to the home agent.

6.2.2 Receiving Registration Reply

   When the foreign PAID agent receives a Registration Reply message,
   it SHOULD verify the reply is valid. If the mobile node is private,
   the private extension MUST be present, and the private home address
   and private home agent address MUST be present in the private
   extension.

Teo, Li                Expires 31 August 1998                  [Page 13]


Internet Draft                MVPN                          1 March 1998

   If the reply is invalid, the PAID agent SHOULD drop it and log a
   message.

   If the reply is valid, the PAID agent SHOULD activate the mobility
   binding for subsequent datagram forwarding, and then forwards the
   message to the mobile node.

6.3 Datagram Forwarding

   When the foreign PAID agent receives a packet destined for the mobile
   node, it MUST employ the PAID encapsulation to tunnel the packet to
   the mobile node.

   When the PAID agent receives a packet from the mobile node, it SHOULD
   verify it is PAID encapsulated. If the P bit was not set in the
   home registration for the mobility binding, the PAID agent MAY tunnel
   the packet to the home agent using IP within IP encapsulation.
   Otherwise, PAID encapsulation SHOULD be used.

7. Home PAID Agent Consideration

   The home PAID agent SHOULD forward Registration messages, as
   specified in PAID [4], between the home agent and the foreign PAID
   agent. It does not have to save any mobility binding.

8. Home Agent Consideration

8.1 Home Registration

   When the home agent receives a Registration Request message, it
   SHOULD verify the reply is valid. If the mobile node is private, the
   private extension MUST be present.

   If the request is invalid, the home agent SHOULD deny the request and
   respond with a Registration Reply message that contains a proper
   error code.

   If the request is valid, the home agent SHOULD associate the mobility
   binding of the mobile node with itself. The home agent SHOULD send a
   Registration Reply message, which SHOULD contain the original private
   extension in the request.

   If the home agent is private, it SHOULD tunnel the reply to the home
   PAID agent using PAID encapsulation. Otherwise, the home agent SHOULD
   simply forward the message to the foreign PAID agent or the foreign
   agent.






Teo, Li                Expires 31 August 1998                  [Page 14]


Internet Draft                MVPN                          1 March 1998

8.2 Data Forwarding

   When the home agent receives a packet destined for the mobile node,
   if it is private, it MUST employ the PAID encapsulation to tunnel the
   packet to the home PAID agent. Otherwise, the home agent MAY tunnel
   the packet to the foreign PAID agent or the foreign agent using
   IP within IP encapsulation.

   When the home agent receives a packet originated from the mobile
   node, it SHOULD simply forward it to the corresponding node.

9. Security

   The security issue is beyond the scope of this document.

10. Acknowledgements

   Many thanks to Dr. Y. C. Tay at the National University of Singapore
   for supporting this joint work as well as for his valuable comments.

   An implementation of MVPN is done by Wee Tuck Teo, one of the
   authors, at the National University of Singapore.

References:

   [1] R. Droms.  Dynamic Host Configuration Protocol.  RFC 2131, March
       1997.

   [2] K. Egevang, and P. Francis. The IP Network Address Translator,
       RFC 1631, May 1994.

   [3] S. Hanks, T. Li, D. Farinacci, and P. Traina.  Generic Routing
       Encapsulation (GRE).  RFC 1701, October 1994.

   [4] Y. Li and W. T. Teo. IP Private Address Identification, Internet
       Draft, January 1998.

   [5] G. Montenegro. Reverse Tunneling for Mobile IP, Internet Draft,
       March 1997.

   [6] C. Perkins. IP Mobility Support Version 2, Internet Drafts,
       November 1997.

   [7] C. Perkins.  IP Encapsulation within IP.  RFC 2003, May 1996.

   [8] C. Perkins.  Mobile-IP Local Registration with Hierarchical
       Foreign Agents.  February 1996.

   [9] Y. Rekhter and et. al. Address allocation for Private Internets,
       RFC 1918, February 1996.

Teo, Li                Expires 31 August 1998                  [Page 15]


Internet Draft                MVPN                          1 March 1998

Author's Address

   Questions about this memo can also be directed to the author:

        W. T. Teo
        Department of ISCS
        National University of Singapore
        Lower Kent Ridge Crescent
        SINGAPORE 119260

        E-mail: teoweetu@iscs.nus.edu.sg

        Y. Li
        Bay Networks, Inc.
        BL60-304
        600 Technology Park Drive
        Billerica, MA 01821

        Phone:  1-978-916-1130
        Fax:    1-978-670-8760
        E-mail: yli@BayNetworks.COM































Teo, Li                Expires 31 August 1998                  [Page 16]