Your SlideShare is downloading. ×
IP Mobility Concepts - Study Notes
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

IP Mobility Concepts - Study Notes

342
views

Published on

As end-points become detached from the physical infrastructure and are mobile, the routing infrastructure is challenged to evolve from a topology centric addressing model to a more flexible …

As end-points become detached from the physical infrastructure and are mobile, the routing infrastructure is challenged to evolve from a topology centric addressing model to a more flexible architecture. This new architecture is capable of allowing IP addresses to freely and efficiently move across the infrastructure.
There are several ways of adding mobility to the IP infrastructure, and each of them

addresses the problem with different degrees of effectiveness.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
342
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IP Mobility Concepts Study Notes +W - Technology Skills For Women Series1 http://SlideShare.net/OxfordCambridge 1 Men are allowed to read too, if they wish, as the language style and the document format are universal.
  • 2. Study Notes http://SlideShare.net/OxfordCambridge 2 | P a g e I P M o b i l i t y C o n c e p t s Table of Contents About “+W - Technology Skills For Women” series ................................................................................ 5 Sources: ................................................................................................................................................... 6 Protocol operation and agent discovery ............................................................................................................. 7 Learning objectives:................................................................................................................................. 7 A. Making the case for Mobile IP................................................................................................................. 7 1. Development of Mobile IP................................................................................................................... 7 Quiz.......................................................................................................................................................... 9 2. Mobile IP specifications....................................................................................................................... 9 Quiz........................................................................................................................................................ 10 3. The Mobile IP network ...................................................................................................................... 10 Quiz........................................................................................................................................................ 11 Summary................................................................................................................................................ 12 B. Mobile IP operation............................................................................................................................... 13 1. The Mobile IP process ....................................................................................................................... 13 Quiz........................................................................................................................................................ 15 2. Acquiring a care-of address............................................................................................................... 15 Quiz........................................................................................................................................................ 16 Quiz........................................................................................................................................................ 16 Quiz........................................................................................................................................................ 17 Summary................................................................................................................................................ 17 C. Agent discovery ..................................................................................................................................... 18 1. The functions of agent discovery....................................................................................................... 18 Quiz........................................................................................................................................................ 18 Note....................................................................................................................................................... 20 Quiz........................................................................................................................................................ 21 2. Agent advertisements ....................................................................................................................... 22 Note....................................................................................................................................................... 22 Quiz........................................................................................................................................................ 23 3. Move detection ................................................................................................................................. 24 Quiz........................................................................................................................................................ 25 Summary................................................................................................................................................ 25 Registration, routing, and security.................................................................................................................... 26
  • 3. Study Notes http://SlideShare.net/OxfordCambridge 3 | P a g e I P M o b i l i t y C o n c e p t s Learning objectives:............................................................................................................................... 26 D. Registration ........................................................................................................................................... 26 1. Registration purpose and procedures............................................................................................... 26 Quiz........................................................................................................................................................ 27 Note....................................................................................................................................................... 28 Quiz........................................................................................................................................................ 29 Quiz........................................................................................................................................................ 29 2. Mobile IP registration considerations ............................................................................................... 29 Quiz........................................................................................................................................................ 31 Quiz........................................................................................................................................................ 32 Quiz........................................................................................................................................................ 32 Summary................................................................................................................................................ 32 E. Routing considerations.......................................................................................................................... 34 1. Mobile Node, Foreign Agent, and Home Agent considerations........................................................ 34 Quiz........................................................................................................................................................ 37 Quiz........................................................................................................................................................ 37 Quiz........................................................................................................................................................ 37 Quiz........................................................................................................................................................ 38 2. Mobile routers................................................................................................................................... 38 Quiz........................................................................................................................................................ 39 Quiz........................................................................................................................................................ 40 Summary................................................................................................................................................ 40 F. Security considerations ......................................................................................................................... 42 Introduction........................................................................................................................................... 42 Threats to Mobile IP .............................................................................................................................. 42 Denial-of-service attack......................................................................................................................... 42 Passive eavesdropping .......................................................................................................................... 43 Session-stealing attack .......................................................................................................................... 43 Replay attack ......................................................................................................................................... 43 Mitigating the threats to Mobile IP....................................................................................................... 43 Cryptography......................................................................................................................................... 44 Problems with ARP ................................................................................................................................ 44 Authentication....................................................................................................................................... 44 Firewalls................................................................................................................................................. 45 Replay protection .................................................................................................................................. 45 Summary................................................................................................................................................ 46
  • 4. Study Notes http://SlideShare.net/OxfordCambridge 4 | P a g e I P M o b i l i t y C o n c e p t s G. Conclusion ............................................................................................................................................. 47 IP Mobility Requirements...................................................................................................................... 47 Mobile IPv4............................................................................................................................................ 47 Mobile IPv6............................................................................................................................................ 48 H. Glossary ................................................................................................................................................. 49 I. Quizzes’ Answers................................................................................................................................... 57
  • 5. Study Notes http://SlideShare.net/OxfordCambridge 5 | P a g e I P M o b i l i t y C o n c e p t s About “+W - Technology Skills For Women” series Study Notes in the field of technology will be put together under this category for the following reasons:  to encourage ladies, who wish to do so, to stand up and look over the fence into technology related topics;  with apprehension or fear;  and perhaps consider embracing a career move into this technological path;  or simply as to broaden their general knowledge; after all ICT is in most aspects of everyday life;  no matter the decision, their skills, professional strengths, and contribution can only be something positive for technical and technological fields.
  • 6. Study Notes http://SlideShare.net/OxfordCambridge 6 | P a g e I P M o b i l i t y C o n c e p t s Sources: http://www.cisco.com/ (IP Mobility Overview) http://en.wikipedia.org/wiki/Mobile_IP (Mobile IP) Ad Hoc Mobile Wireless Networks: Protocols and Systems, C.-K. Toh, Prentice Hall PTR Mobile IP Design Principles and Practices, Charles E. Perkins, Prentice Hall PTR Mobile IP the Internet Unplugged, James Solomon, Prentice Hall PTR The Wireless Mobile Internet: Architectures, Protocols and Services, Abbas Jamalipour, John Wiley & Sons A Survey on Network Architectures for Mobility, XiuJia Jin, (http://www.cs.wustl.edu/~jain/cse574- 06/ftp/mobility_arch/index.html)
  • 7. Study Notes http://SlideShare.net/OxfordCambridge 7 | P a g e I P M o b i l i t y C o n c e p t s Protocol operation and agent discovery Learning objectives:  identify the components and operational requirements of Mobile IP.  identify the steps and processes involved in Mobile IP operation.  identify how a mobile node determines its location relative to its home address. A. Making the case for Mobile IP B. Mobile IP operation C. Agent discovery A. Making the case for Mobile IP 1. Development of Mobile IP 2. Mobile IP specifications 3. The Mobile IP network 1. Development of Mobile IP The rise in use of the Internet and advances in mobile communication have led to mobile computing technology redefining the way we access information. Most mobile devices now need to support voice and video transfer technology. Although mobility is supported by link-layer technology, data transfer across networks or different layers is not. Internet Protocol version 4 (IPv4) takes a node's IP address literally; it assumes that the address is a unique location within a network. When data is sent to this IP address, the node will not receive it unless the node is located at this physical IP address. IPv4 presents mobile users with the problem of how to avoid losing their ability to communicate when they move between networks. A limited way of addressing the problem of connectivity is for the mobile user to  change their IP address  create host specific routes
  • 8. Study Notes http://SlideShare.net/OxfordCambridge 8 | P a g e I P M o b i l i t y C o n c e p t s change their IP address If a mobile user changes their IP address, they cannot maintain transport, session, presentation, and application layer connections. Changing IP addresses can also compromise network services. create host specific routes Creating host specific routes throughout much of the Internet routing fabric has obvious and severe scaling problems. First each host in a network would require its own entry in every router's routing table, worldwide. The memory for a router to do this would exceed that of all the computers in your office. Also, each time you move your computer from one router to another, the routing table in every router has to change. This change requires a routing update from your new router to all other routers, which creates a lot of network traffic. The development of mobile devices that can be used for data transfer has driven the demand for a technology that allows mobile users to roam from one network to another while maintaining network connections.  Cellular phones  Laptops Cellular phones Cellular phones can use Bluetooth technology to power connections to networks. Bluetooth technology enables your cellular phone to connect to a network without wires, by using short-range radio wave transmissions. Laptops Wireless laptop connections to data networks are often powered by WiFi technology. Among the different technologies available for wireless local networks, the most widely used is IEEE 802.11. Wireless Fidelity (WiFi) technology is based on IEEE 802.11b, a descendant of IEEE 802.11. WIFI meets the demand for higher data transmission rates, allowing for transmissions of up to 11 Mbps. The limitations of IPv4 and the proliferation of mobile devices required a new scalable mechanism – Mobile IP. Mobile IP is a standard for allowing mobile computers to roam from one network to another while maintaining network connections and counteracting data transfer problems. Mobile IP  allows you to retain your IP address  is scalable for the Internet allows you to retain your IP address Mobile IP allows you to stay connected and maintain ongoing applications when roaming between IP networks, and there is no need to change your IP address.
  • 9. Study Notes http://SlideShare.net/OxfordCambridge 9 | P a g e I P M o b i l i t y C o n c e p t s is scalable for the Internet Mobile IP is scalable for the Internet, and because it is based on IP, any media that can support IP can support Mobile IP. Quizi Identify the advantages of Mobile IP technology. Options: 1. Any IP compliant media can support Mobile IP 2. It alters the way in which IPv4 operates 3. Mobile IP allows the mobile node to maintain connectivity when switching networks without changing its IP address 2. Mobile IP specifications A mobile node should be able to  communicate with other nodes after changing its link layer point of attachment to the Internet while maintaining its IP address  communicate with other nodes that do not implement these mobility functions It is important that some devices are not interrupted when a mobile node roams across network boundaries.  Remote login  Remote printing  File transfer Remote login Remote login is one of the most popular Internet applications. Instead of having a hardwired terminal on each host, you can log in to one host and then log in remotely across the network to any other network device on which access is permitted. In this way, it is possible to manage network devices such as routers or switches. Telnet is a remote login application. If a mobile user was using remote login to manage their network, loss of connectivity could affect the integrity of the network and leave it vulnerable to a session-stealing attack. Remote printing
  • 10. Study Notes http://SlideShare.net/OxfordCambridge 10 | P a g e I P M o b i l i t y C o n c e p t s Although electronic mail is preferable as a means of third-party communication, in some cases it may be necessary to print information in hard-copy form at a remote location. The remote output device may consist of a standard line printer, a printer with multiple fonts and faces, a printer that can reproduce graphics, or a facsimile device. Remote output may be accompanied by information that identifies the intended recipient. If a mobile user loses their connection while printing to a remote location, the full document will not be delivered. This leads to increased overheads, as the action will have to be repeated, and reduces productivity. File transfer File transfer is usually achieved using File Transfer Protocol (FTP). FTP is used to share files (computer programs and/or data) and to shield a user from variations in file storage systems among hosts. It is also used to transfer data reliably and efficiently. FTP, though usable directly by a user at a terminal, is designed mainly for use by programs. This means that most of the time the user is unaware that the protocol is being used. A drop in connectivity during file upload will lead to users not viewing the latest version of files and will cause delays in transactions. Other applications that require constant connectivity are multimedia applications using multicast addresses, online collaboration, and file sharing. When a mobile node moves to another network, it sends updates to other nodes - which must be authenticated - declaring it's new location. A Mobile IP solution works when you remain within the same network topology. For instance, if you begin communicating from within a network and then move to another network, Mobile IP ensures that your data connection is maintained. Mobile IP also allows you to roam between different network types, such as moving from a wired Ethernet network to a wireless WAN. The Mobile IP solution is possible because the mobility functions are performed at the network layer rather than at the physical layer. Quizii Identify the true statement in relation to Mobile IP specifications. Options: 1. For Mobile IP to operate successfully, the mobile node must remain within a single network type 2. Mobile IP compliant software must be installed on all participating nodes to facilitate roaming 3. Mobile IP's mobility functions are performed at the physical layer 4. With Mobile IP, it is safe to roam between different networks when using remote login 3. The Mobile IP network The Mobile IP infrastructure allows mobile nodes to roam from network to network.
  • 11. Study Notes http://SlideShare.net/OxfordCambridge 11 | P a g e I P M o b i l i t y C o n c e p t s The Mobile IP network has four main entities.  Mobile node  Correspondent node  Foreign agent  Home agent Mobile node The mobile node can be a cell phone, PDA, laptop, or router. A mobile node is administered a long-term IP address in the same way that a stationary host is given a permanent IP address. This IP address, known as a care-of address, allows the mobile node to continue to communicate with other Internet nodes at any location. Correspondent node A correspondent node is a device on the Internet. It can be a workstation, server, router, or other network device with which the mobile node is communicating. A correspondent node need only know the home address of the mobile node and may be either mobile or stationary. Foreign agent The foreign agent is a router that acts as a conduit, delivering data between the mobile node and the home agent, when the mobile node roams to a foreign network. Home agent The home agent is a router on the home network that acts as an anchor for communication with the mobile node. It maintains the current location of the mobile node and tunnels information from the correspondent node to the mobile node. Quiziii Match the network entities to their functions. Options: 1. Correspondent node 2. Foreign agent 3. Home agent
  • 12. Study Notes http://SlideShare.net/OxfordCambridge 12 | P a g e I P M o b i l i t y C o n c e p t s 4. Mobile node Targets: A. This device need not know the mobile nodes location B. This device can communicate with other Internet nodes regardless of location C. This device maintains the current location information of the mobile node D. This device tunnels data to the mobile node when it is away from home Summary The increase in use of mobile devices has driven the demand for a technology that facilitates roaming and supports data transfer between networks. Mobile computing technology aims to marry the reliability of desktop connectivity with the rootless adaptability of the cell phone. IPv4 provided a limited solution to this problem, but it was the development of mobile IP that finally enabled users to roam between networks and continue to deliver and receive data. Mobile IP meets the dual criteria for roaming – it allows a mobile node to change its link-layer point of attachment to the Internet without changing its IP address and is backward compatible. Mobile IP allows the mobile node to roam within homogeneous and heterogeneous networks, and it performs all its mobility functions at the network layer. The mobile IP infrastructure is based on four main entities – the mobile node, the correspondent node, and the home and foreign agents. Each entity plays a role in ensuring that the mobile node can continue to send and receive data while roaming between networks.
  • 13. Study Notes http://SlideShare.net/OxfordCambridge 13 | P a g e I P M o b i l i t y C o n c e p t s B. Mobile IP operation 1. The Mobile IP process 2. Acquiring a care-of address 1. The Mobile IP process There are three phases in the Mobile IP process.  Agent discovery  Registration  Tunneling Agent discovery In the agent discovery stage, the mobile node establishes whether it is in a home or foreign network. The mobile node establishes its location by listening to advertisements from home agents (HA) and foreign agents (FA). Agent advertisements carry information such as the agent care-of address and services like reverse tunneling or generic routing encapsulation (GRE) that are available on the network. Description of network using Mobile IP follows. There is a laptop in a foreign network receiving an agent advertisement from a foreign agent. The foreign network is linked to the Internet, which is linked to the home network of the laptop which has an HA. Description ends. There are two modes of agent discovery: Mobile nodes can listen to the advertisements sent by the mobility agents and discover their location in this way. Mobile nodes can send out agent solicitation messages. These messages force agents on the network to send out agent advertisements and indicate the location of the mobile node. A mobile node can determine whether it is located in its home network or a foreign network. A mobile node can discover when it has returned to a home network. When this happens, the mobile node
  • 14. Study Notes http://SlideShare.net/OxfordCambridge 14 | P a g e I P M o b i l i t y C o n c e p t s sends a registration request message to an HA in order to deregister because it no longer requires an HA. A mobile node can also discover that it has remained in a home network. In this case, it does not operate using mobility services therefore does not initiate communication with either an HA or FA. When a mobile node discovers it is in a foreign network, it acquires a care-of address (COA). It can acquire a COA from the FA agent advertisement message. Alternatively, the mobile node can acquire a co-located care-of address (CCOA) through external means. Registration The second phase of Mobile IP is registration. The mobile node uses the IP address and mobility security association of its HA, its home IP address or another user identifier, and information gained from the agent advertisement to form a Mobile IP registration request. In the registration phase, mobile nodes notify the HA of their position. They do this by registering their COA or CCOA through registration request and reply messages. The mobile security association is a collection of security contexts between a pair of nodes that may be applied to Mobile IP protocol exchanges and is used in home agent/mobile node authentication. The contexts define the authentication algorithm to be used, the type of replay protection to be used and the secret key, either shared or public/private. Registration is completed directly or indirectly. If the mobile node has a COA, it must send its registration request through the FA. The FA then forwards it to the HA. The HA then sends a registration reply to the FA, which forwards this on to the mobile node. Description of registration process using Mobile IP follows. The graphic shows a person with a laptop moving between foreign networks. As the person moves to a new network he is allocated a new COA and registers this with his home agent. Description ends. If the mobile node has a CCOA, it sends the registration request directly to the HA. The HA then sends the reply to the registration request directly back to the mobile node. Tunnelling Once registration has taken place, packets addressed to the mobile node's home address are forwarded to the mobile node in its new location. Datagrams intended for the mobile node are intercepted by the HA and tunneled to the FA or sent directly to the mobile nodes using its CCOA. If data is traveling from the mobile node to corresponding nodes, standard IP routing mechanisms are used. In this case, the datagrams do not always have to pass through the HA. Because this process is transparent to corresponding nodes, the mobile node will always appear to be on its home network.
  • 15. Study Notes http://SlideShare.net/OxfordCambridge 15 | P a g e I P M o b i l i t y C o n c e p t s Quiziv Suppose a mobile node has established that it is operating away from home, and it has already acquired a co- located care-of address (CCOA). What does the mobile node do next? Options: 1. Continues to operate without mobility services 2. Registers its CCOA with the HA 3. Register its new care-of-address with the HA via the FA 2. Acquiring a care-of address The following two modes are available to mobile nodes for acquiring care-of addresses:  foreign agent care-of address (COA)  co-located care-of address (CCOA) The network administrator decides which address acquisition mode to use. In the foreign agent care-of address mode, the mobile node acquires the COA through the agent advertisement messages sent by the FA. The COA is an IP address of the FA on the foreign network. Packets intended for the mobile node are intercepted by the HA and forwarded to the FA. The FA acts as the endpoint for tunneled datagrams intended for the mobile host. The FA decapsulates the datagrams and delivers the relevant data to the mobile node. In CCOA mode, the mobile node acquires a CCOA externally. It is assigned to one of the mobile node's interfaces, it represents the mobile node's current location, and it can only be used by one mobile node at a time. The CCOA may be temporarily acquired dynamically through the dynamic host configuration protocol (DHCP). Alternatively, the mobile node may own a long-term address for its exclusive use when visiting particular foreign networks. When CCOA mode is used, datagrams intended for the mobile node are sent directly to the CCOA. The mobile node acts as the endpoint of the tunnel and decapsulates the datagrams tunneled to it.
  • 16. Study Notes http://SlideShare.net/OxfordCambridge 16 | P a g e I P M o b i l i t y C o n c e p t s There is an advantage to each address acquisition mode. In COA mode, there is less pressure for IPv4 addresses than in CCOA mode. This is because FA interface IP addresses can be assigned to multiple mobile nodes, rather than being assigned to single mobile nodes at any one time. An FA is not essential to mobility in the CCOA method. This is because the mobile node does not use the FA's interface as its care-of address. Instead it acquires an address from an external source, such as a DHCP server. Quizv A mobile node moves into a foreign network and registers its new address indirectly with its HA. Where has it acquired its temporary address? Options: 1. From the HA 2. From the FA 3. Through dynamic host configuration 4. It uses its own special IP address for operation in foreign networks It is essential to note the difference between a care-of address (either COA or CCOA) and an FA. A care-of address is an endpoint for tunnelled datagrams to a mobile host. An FA is a mobility agent. The FA provides network services to mobile nodes on its network. It is possible to have more than one FA on a network. An FA is likely to be a router, but could be any network device capable of acting as a tunnel endpoint and sending agent advertisements. Quizvi What is the main advantage of using CCOA mode? Options: 1. Low demand for IPv4 addresses 2. Mobile node can function without an FA 3. Registration with the HA is optional There are different routing processes in  COA  CCOA COA In COA mode, the FA and mobile node must be on the same network link. The mobile node and FA route packets to each other to their respective data-link layer addresses (usually their MAC addresses). Both nodes bypass standard IP routing protocols.
  • 17. Study Notes http://SlideShare.net/OxfordCambridge 17 | P a g e I P M o b i l i t y C o n c e p t s CCOA In CCOA mode. the mobile node must be on the same network link as that indicated in the network prefix of the CCOA. If they are on different networks, packets will not be deliverable. Suppose a commuter is using a laptop while traveling through a foreign network. First the laptop registers the COA, acquired from the agent advertisement of the FA, with its own HA. Once the laptop has registered its new address with the HA, datagrams intended for the laptop are intercepted by the HA, and tunneled toward the FA. The FA decapsulates the data and forwards it to the laptop in its new location. Quizvii Suppose you are using your laptop while traveling on a train. When you power on your laptop, it discovers that it is in a foreign network through agent advertisement messages. What happens next? Options: 1. Data intended for the laptop is tunneled from the HA to the FA 2. The laptop acquires a COA 3. The laptop registers its new address with the HA 4. The laptop sends a registration request to the HA Summary There are three processes in Mobile IP. These are agent discovery, where a mobile node establishes its location and acquires a care-of address if in a foreign network, registration, where the mobile node registers its new location with the HA and tunneling, where data intended for the mobile node is tunneled from the HA to the FA. At the FA, data is decapsulated and sent on to the mobile node. There are two modes of acquiring a care-of address. First a foreign agent care-of address (COA) can be acquired. In this case, the address is an interface address of the FA. Second, mobile nodes can acquire a co- located care-of address (CCOA). In this mode, the mobile node acquires the address from an external network source. There are different advantages associated with each mode
  • 18. Study Notes http://SlideShare.net/OxfordCambridge 18 | P a g e I P M o b i l i t y C o n c e p t s C. Agent discovery 1. The functions of agent discovery 2. Agent advertisements 3. Move detection 1. The functions of agent discovery Agent discovery is the first phase of the Mobile IP process. In this phase, mobile nodes determine their location. Mobile nodes use agent discovery to establish whether they are on a home or foreign network and to identify that they have moved from one network to another. In agent discovery, mobile nodes rely on agent advertisements from mobility agents (foreign or home agents) to determine their location. They can also send agent solicitations, which force mobility agents to respond with agent advertisements. Mobile nodes acquire a care-of address from the agent advertisement when visiting a foreign network. An agent advertisement is a message constructed by attaching a special extension to a Router Advertisement. Mobility agents broadcast these messages. Quizviii Which of the following are functions of agent discovery? Options: 1. Used by the mobile node to determine whether the node is in a home or foreign network 2. Used to determine whether a mobile node has moved from one network to another 3. Used to register location of mobile nodes Mobile IP uses existing ICMP mechanisms by adapting ICMP router discovery for the operation of agent discovery. Router discovery was traditionally achieved by the host reading a list of one or more router addresses contained in its configuration files when it was powered on.
  • 19. Study Notes http://SlideShare.net/OxfordCambridge 19 | P a g e I P M o b i l i t y C o n c e p t s Another traditional method for router discovery on multicast links is for the host to listen to routing protocol traffic. # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 10.5.161.60 server1 #data repository 1 10.5.164.201 server2 #data repository 2 10.5.164.200 server3 #software depository 10.5.161.58 server4 10.5.161.56 server5 The two disadvantages of reading configuration files are the considerable resource time needed to keep the configuration files updated and the inability of these files to dynamically track changes in router availability. The disadvantage of listening in on router traffic is that hosts are required to recognize the various routing protocols used from network to network. # Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example:
  • 20. Study Notes http://SlideShare.net/OxfordCambridge 20 | P a g e I P M o b i l i t y C o n c e p t s # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 10.5.161.60 server1 #data repository 1 10.5.164.201 server2 #data repository 2 10.5.164.200 server3 #software depository 10.5.161.58 server4 10.5.161.56 server5 Because of the disadvantages of traditional router discovery methods, Mobile IP has adapted ICMP router discovery. In ICMP, there is no need to manually configure router address lists and ICMP is independent of any routing protocol. Mobile IP combines its agent advertisements with ICMP router discovery messages. Note Router discovery messages are not a protocol in themselves. They allow hosts to discover the existence of neighbouring routers, but not which routers are best for reaching a particular destination. The following ICMP router discovery messages are used by Mobile IP agent advertisement and solicitation messages.  Router advertisements  Router solicitations ICMP (Internet Control Message Protocol) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1. ICMP[3] differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like Ping and Traceroute). Router advertisements In Mobile IP, the agent advertisements are part of these ICMP router advertisements. The agent advertisement is formed by adding a mobility agent advertisement extension into the ICMP router advertisement message. In ICMP, each router on a network broadcasts or multicasts router advertisements from each of its interfaces at defined intervals to set all nodes on the same network link. Router solicitations In Mobile IP, agent solicitations are the same as ICMP router solicitations, except that IP TTL (time to live for packets) must be set to 1. A router solicitation is where a mobile node multicasts a message to ask for advertisements from neighboring routers on the same network link instead of waiting for periodic advertisements to arrive.
  • 21. Study Notes http://SlideShare.net/OxfordCambridge 21 | P a g e I P M o b i l i t y C o n c e p t s If the mobile node does not receive any response, it can retransmit the router solicitation messages, but after a set interval must stop. Once this happens, the mobile node will have to wait and discover the routers through the periodic agent advertisements. Each router advertisement contains a  preference level  lifetime field preference level Each router advertisement contains a preference level for all of its advertised addresses. When acquiring a care-of address from an agent advertisement, the mobile node should choose an address of the highest preference. The network administrator configures the preference levels and can use this to discourage the use of certain addresses. lifetime field Each router advertisement includes a lifetime field. The lifetime field specifies the amount of time a router is considered valid by the mobile agent, assuming no further advertisements are received. The lifetime field ensures that a mobile node will drop failed routers, uncontactable routers, or routers that are no longer functioning as routers. In the agent discovery phase, the default rate at which agent advertisements are issued is once every 7 to 10 minutes. The default lifetime of an advertisement is 30 minutes. Because router advertisements may be unavailable, or disabled by an administrator, on any link or from any router, they are not appropriate for black hole detection (that is, detecting when the first hop of a path fails). Hosts should already have a system in place for detecting black holes. However, network administrators can configure the default advertising rate to be suitable as an additional element of black hole detection. Suppose a commuter is using her laptop while traveling to a client. When the commuter moves into a foreign network, her laptop picks up one of the ICMP router advertisements from a local router. The agent advertisement extension is contained in this message. The commuter's laptop will then choose the highest preference-level interface address contained in the agent advertisement extension and use this as its care-of address. The laptop is then ready to register and use this temporary address. Quizix Which of the following are characteristics of agent discovery in Mobile IP? Options:
  • 22. Study Notes http://SlideShare.net/OxfordCambridge 22 | P a g e I P M o b i l i t y C o n c e p t s 1. An agent advertisement is part of an ICMP router advertisement 2. An agent solicitation message is identical to an ICMP router solicitation 3. Mobile IP extends ICMP router discovery 4. Mobile nodes discover neighboring router addresses by listening for advertisements 2. Agent advertisements Agent advertisements are messages transmitted by mobility agents (foreign and home agents) to advertise their services on a certain network link. Mobile nodes use these to determine where they are connected to the Internet. A mobile node also selects a router interface address from agent advertisements. The node then uses this address as a care-of address. Information directed to the mobile node home address is redirected to the care-of address for as long as the node is registered at this address. Agent advertisements are sent at set intervals. The interval should normally be one-third of the router's lifetime, which is specified in the ICMP header. Note A lifetime is the length of time a router should be considered valid by mobile nodes in the absence of further agent advertisements. By setting the lifetime to one-third of the router's lifetime, a mobile node can miss three successive advertisements before removing the router from its list of available agents. Home agents must always be prepared to provide services to mobile nodes for which they are the home agent. This ensures mobility for all mobile nodes roaming between home and foreign networks. Foreign agents (FAs) may have periods when they are too busy to serve any more mobile nodes. During this time, they must continue to send agent advertisements. This keeps nodes that the FA is servicing up to date on the FA's availability. Even though the FA cannot service any additional mobile nodes, it can continue to support the mobile nodes on its current list. An FA can indicate to nodes that it is too busy to service new ones. It does this by setting the busy bit in its agent advertisement. All mobility agents should adhere to the following rules:
  • 23. Study Notes http://SlideShare.net/OxfordCambridge 23 | P a g e I P M o b i l i t y C o n c e p t s  if an agent is not detectable using a data-link layer protocol, it must send an agent advertisement  agents should send an agent advertisement even if they can be discovered by a data-link layer protocol  agents should respond to agent advertisements Quizx Identify the characteristics of how home agents (HAs) and foreign agents (FAs) operate in relation to agent advertisements? Options: 1. FAs and HAs must always be prepared to serve mobile nodes 2. FAs can indicate that they are too busy to service additional mobile nodes 3. HAs are sometimes too busy to serve additional nodes 4. HAs must always be prepared to serve the mobile nodes for which they are Has Mobile IP agent discovery operates in the same way as ICMP router discovery, except for the following areas:  broadcast rate  IP source address requirements  when to broadcast broadcast rate Mobility agents are required to set limits on their broadcast rate. This means they must cap the rate at which they multicast agent advertisements. A recommended maximum broadcast rate is one agent advertisement per second. IP source address requirements Mobility agents must not require that the IP source address in agent advertisements are from neighboring nodes. This means the router can accept solicitations from nodes that are foreign to their network. when to broadcast Mobility agents have some choice in when to broadcast. They may be configured to send agent advertisements only in response to agent solicitation messages. Suppose a commuter is traveling by train to a meeting. He is using a laptop to access files on the company home network. As the train crosses into a new network, the laptop continues to listen for agent advertisements. These are sent by two routers, Router A and Router B, in the new network every 10 minutes. The commuter's laptop registers with Router A as its foreign agent because its available interface addresses are of the highest preference level. Router A then fails to send any further agent advertisements. After 10 minutes (one-third of Router A's lifetime), the laptop deletes Router A as its foreign agent and registers with Router B. The lifetime of Router B has not expired and it continues to broadcast agent advertisements. The laptop keeps Router B as its foreign agent until moving into a different network.
  • 24. Study Notes http://SlideShare.net/OxfordCambridge 24 | P a g e I P M o b i l i t y C o n c e p t s 3. Move detection In move detection, it is recommended that a mobile node registers its new care-of address when it has moved to a different network. It is essential that it does not register more than once per second on average. A mobile node detects that it has moved to its home network when it receives an agent advertisement from its home agent (HA). At this point, it should deregister with its HA and configure its routing table to home network specifications. Mobile nodes employ two methods to detect movement between networks.  Method 1  Method 2 Method 1 Method 1 is based on the lifetime field in the ICMP router advertisement part of the agent advertisement. Mobile nodes should  record the lifetime of that addresses in the lifetime field of the agent advertisement  assume that the router has failed is they do not receive any subsequent agent advertisements from that router after the lifetime has expired  attempt to discover a new mobility agent to register with is the lifetime of the current agent has expired and they have received no further advertisements If the lifetime of the current mobile agent has expired and the mobile node has previously received an advertisement from an agent whose lifetime fields have not expired, they may immediately attempt to register with that agent. Method 2 In Method 2 the mobile node compares network prefixes contained in agent advertisements to establish whether or not it has moved. The mobile node may compares prefix-lenghts in the new agent advertisement with that in the agent advertisement of its current mobility agent. If the prefix-lenghts are different, the mobile node may assume that it has moved. When the lifetime of the current agent advertisement expires, the mobile node may choose to register with
  • 25. Study Notes http://SlideShare.net/OxfordCambridge 25 | P a g e I P M o b i l i t y C o n c e p t s the foreign agent who sent the new agent advertisement with the different prefix length. This is on the condition that the lifetime of the new agent advertisement has not expired. Quizxi What are the characteristics of the move detection method that is based on the lifetime field? Options: 1. Mobile nodes record the lifetime of all foreign agents 2. Uses comparisons in prefix-lengths extensions 3. Uses information in the lifetime field of the ICMP router advertisement section of the agent advertisement 4. When the lifetime of the foreign agent expires, mobile nodes must wait for a new agent advertisement Summary Agent discovery is where mobile nodes detect their current location through agent advertisements from mobility agents. Mobile IP has adapted the ICMP router discovery mechanism for its agent discovery processes. It utilizes ICMP router advertisements and ICMP router solicitations to send agent advertisements and agent solicitations. Agent advertisements are messages broadcast by mobility agents to advertise services. They are used by mobile nodes for move detection and forward care-of address acquisition. There are different mobile service requirements for home and foreign agents. On the whole, agent discovery operates in the same manner as ICMP router discovery. In move detection, mobile nodes should register their new care-of addresses with their HAs. A mobile node discovers it has returned to its home network though agent advertisements from its HA. There are two methods for movement detection. Method 1 is based on information in the lifetime field of the router advertisement. Method 2 is based on comparing prefix-lengths extensions in agent advertisements.
  • 26. Study Notes http://SlideShare.net/OxfordCambridge 26 | P a g e I P M o b i l i t y C o n c e p t s Registration, routing, and security Learning objectives:  identify how a mobile node requests services from a foreign network and communicates its location to the home agent.  identify the procedures that enable mobile nodes, foreign agents, and home agents to route data to and from a mobile node.  distinguish the types of security threats Mobile IP faces and what can be done to mitigate those threats. D. Registration E. Routing considerations F. Security considerations D. Registration 1. Registration purpose and procedures 2. Mobile IP registration considerations Summary 1. Registration purpose and procedures Mobile IP enables mobile nodes roaming between IP networks to use the same IP address, ensuring the mobile node is still reachable and that sessions or connections are not dropped because they are away from the home network. Mobile IP also enables the remote user to maintain on-going applications while roaming. These applications include remote login and file transfer. With Mobile IP, next-hop decisions are based on a mobile node's care-of address - current point of attachment to the Internet - not on the IP address of the destination. Registration messages exchange information between a mobile node and a home agent. This can be done either directly or via a foreign agent. Mobile IP registration enables a mobile node to:  inform its home agent of its care-of address
  • 27. Study Notes http://SlideShare.net/OxfordCambridge 27 | P a g e I P M o b i l i t y C o n c e p t s  seek forwarding services from a foreign network  renew a registration  support several registrations at the same time  deregister specific care-of addresses  find the address of a home agent  deregister when it returns to its home network inform its home agent of its care-of address During registration, a mobile node can inform its home agent of its current care-of address. This can be a foreign agent care-of address or a co-located care-of address. seek forwarding services from a foreign network A mobile node can request forwarding services from a foreign network, acquiring a temporary care-of address. renew a registration A mobile node can renew a registration that is due to expire. support several registrations at the same time A mobile node can support multiple registrations at the same time. This means that a copy of every datagram can be tunnelled to each of the mobile node's care-of addresses. deregister specific care-of addresses A mobile node can deregister a specified care-of address and still retain its other mobility bindings. find the address of a home agent A mobile node can find the IP address of its home agent if it doesn't already have this information configured. deregister when it returns to its home network A mobile node can deregister when it returns to its home network. In fact, deregistering should take place only after the mobile node has received an agent advertisement from its home agent indicating that it has returned home and it has reconfigured its routing table for the home network. In registration, a mobility binding is created at the home agent. This is when a mobile node's home address is associated with its care-of address for a specified period of time. The mobile node keeps its own IP address. Quizxii What does Mobile IP registration allow a mobile node to do? Options: 1. Deregister when it returns to its home network 2. Inform its home agent of the care-of address 3. Maintain multiple registrations simultaneously 4. Register a new home IP address There are two registration procedures defined by Mobile IP - registering directly with a mobile node's home agent or using a foreign agent to pass the registration to the mobile node's home.
  • 28. Study Notes http://SlideShare.net/OxfordCambridge 28 | P a g e I P M o b i l i t y C o n c e p t s Both procedures involve the exchange of registration request and registration reply messages. A mobile node must register or deregister directly with its home agent when it returns to its home network. A mobile node using a foreign agent care-of address must register via that foreign agent. The registration process for using a foreign agent is as follows:  Step 1  Step 2  Step 3  Step 4 Step 1: The mobile node sends a registration request to the foreign agent. Step 2: The foreign agent processes the registration request and passes it to the home agent. Step 3: The home agent sends a registration reply to the foreign agent permitting or refusing the request. Step 4: The outcome of the request is processed by the foreign agent and then forwarded to the mobile node. A mobile node using a co-located care-of address must register directly with its home agent. When registering directly with its home agent, a mobile node first sends a registration request to the home agent. The home agent then sends a registration reply permitting or refusing the request. Note A mobile node using a co-located care-of address that receives an agent advertisement from a foreign agent on the link used by the care-of address must register via that foreign agent if the 'R' bit is set in the received agent advertisement message. A mobile node uses a registration request message to register with its home agent, enabling the home agent to create or modify a mobility binding for the mobile node. The registration request can be sent directly to the home agent if the mobile node is registering a co-located care-of address. Alternatively, the registration request can be sent via the foreign agent the mobile node is registering with. After it has sent the registration request message, the mobile node receives a registration reply from either the home agent or the foreign agent. If the mobile node requested service from a foreign agent, the foreign agent will receive a registration reply from the home agent and forward it to the mobile node. This reply message informs the mobile node of the status of its request and the lifetime permitted by the home agent. The lifetime permitted can be smaller than the original request.
  • 29. Study Notes http://SlideShare.net/OxfordCambridge 29 | P a g e I P M o b i l i t y C o n c e p t s Quizxiii Suppose a mobile node is registering its care-of address via a foreign agent. Rank the broadcast messages in the order they are exchanged. Option Description A The registration request is passed on to the home agent B The registration reply is sent to the foreign agent C A registration request is sent to the foreign agent D The registration reply is forwarded to the mobile node Quizxiv In which instances should you register a mobile node via a foreign agent? Options: 1. If it is deregistering on its home network 2. If it is registering using a foreign care-of address 3. If it is using a co-located care-of address 4. If it is using a co-located care-of address and receives an advertisement with the R bit set 2. Mobile IP registration considerations In Mobile IP registration, messages are exchanged directly between home agents and mobile nodes, or they are exchanged via foreign agents.  Mobile node  Foreign agent  Home agent
  • 30. Study Notes http://SlideShare.net/OxfordCambridge 30 | P a g e I P M o b i l i t y C o n c e p t s Mobile node A mobile node must be configured with its own home address, a mobility security association for each home agent, and a network mask. It can be configured with the IP address of one or more of its home agents. If the mobile node does not have the IP address of the home agent, it must find a home agent. The mobile node plays an active role in mobile registration, for instance, it initiates the registration requests sent to home agents. It may also supply the care-of address when registering. If the mobile node supplies the care-of address, it will also encapsulate and decapsulate all traffic to and from the home agent. The mobile node is responsible for determining its location within the Internetwork and registering and deregistering accordingly. A mobile node should not attempt a new registration if its current registration has not expired and it is still receiving agent advertisements from the foreign agent with which it is currently registered. For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). A mobile node must maintain the following information for each pending registration:  the link-layer address of the foreign agent to which the registration request was sent, in this case, 00-04-8A-03- 26-5E  the IP destination address of the registration request, in this case,172.16.8.1  the care-of address used in the registration, in this case, 172.16.8.1  the Identification value sent in the registration, in this example, 13  the originally requested lifetime, in this example,18000  the remaining lifetime of the pending registration, in this case,17521 The mobile node should register or reregister with a foreign agent if the mobile node detects that the foreign agent has rebooted or that the current registration's lifetime is near expiration. A mobile node can register with a different agent if transport layer protocols indicate excessive retransmission. It should not register with a new foreign agent if it receives an ICMP redirect from a foreign agent that is currently providing service to it. Foreign agent In Mobile IP registration, the foreign agent's role is a mostly passive one. Each foreign agent must be configured with a care-of address. The foreign agent provides the care-of address and passes registration
  • 31. Study Notes http://SlideShare.net/OxfordCambridge 31 | P a g e I P M o b i l i t y C o n c e p t s requests between mobile nodes and home agents. When it provides the care-of address, the foreign agent decapsulates datagrams that are delivered to the mobile node. If the foreign agent is not detectable by link-layer means, it should occasionally send agent advertisement messages to indicate that it is present. The foreign agent keeps a visitor list entry for each pending or current registration. The information in the visitor list is obtained from the mobile node's registration request. For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). The FA's visitor list entry contains the following information:  the link-layer source address of the mobile node, in this case, 00-07-8B-03-26-5E  the IP source address, in this case, 192.168.5.4  the IP destination address, in this case, 172.16.8.1  the UDP source port, in this case, 43  the home agent address, in this case, 192.168.5.1  the identification field, in this case, 13  the requested registration lifetime, in this case,18000  the remaining lifetime of the pending or current registration, in this case, 17521 Home agent In registration, the home agent plays a reactive role, receiving registration requests directly from the mobile node or a foreign agent. The home agent updates its record of the mobility bindings for the mobile node. It then issues a registration reply accepting or rejecting each request. A home agent should only transmit a registration reply when replying to a registration request received from a mobile node. It must not generate a registration reply to indicate that the lifetime has expired. The configuration requirements for a home agent include the following:  it must be configured with the IP address and prefix size of the home network  it must be configured with the home address and mobility security association of each mobile node it serves as a home agent The home agent must create - or modify - an entry in its mobility binding list for each of the authorized mobile nodes. For example, a mobile node (192.168.5.4) has a foreign agent care-of address (172.16.8.1). The mobility binding list entry must contain the mobile node's care-of address:172.16.8.1. The mobility binding list entry must also contain the identification field from the registration reply, in this case 13, and the remaining lifetime of the registration, in this case, 17521. Quizxv Match each Mobile IP agent with the role it plays in IP registration. Options:
  • 32. Study Notes http://SlideShare.net/OxfordCambridge 32 | P a g e I P M o b i l i t y C o n c e p t s 1. It makes registration requests 2. It receives registration requests 3. It relays registration requests Targets: A. Foreign agent B. Home agent C. Mobile node Quizxvi Match each Mobile IP agent with its configuration requirements. Options: 1. It must be configured with the IP address of the home network 2. It must be configured with its own IP address 3. It must be configured with a care-of address Targets: A. Foreign agent B. Home agent C. Mobile node Quizxvii Suppose a sales representative out on the road wants to download the latest product information from the home network. The laptop is currently registered with a foreign agent (FA) with the IP address 10.5.4.3. Identify the circumstances in which this mobile node should register with a new foreign agent. Options: 1. When another foreign agent sends agent advertisement messages to it 2. When its current registration lifetime has expired 3. When it receives an ICMP redirect from the FA 10.5.4.3 4. When transport layer protocols indicate excessive transmissions Summary In Mobile IP registration, a mobile node's home address is associated, for a specified lifetime, with a care-of address. This mobility binding can be created directly with the home agent by using a co-located care-of address. Alternatively, a foreign agent can be used to relay the registration. Both procedures involve the exchange of registration request and registration reply messages. Also in Mobile IP registration, the mobile node plays an active role, initiating requests to home agents. The
  • 33. Study Notes http://SlideShare.net/OxfordCambridge 33 | P a g e I P M o b i l i t y C o n c e p t s foreign agent plays a passive role, relaying requests from mobile nodes and the home agent's replies. The home agent plays a reactive role in the registration process. The registration requests are sent to the home agent by a foreign agent, or are received directly from the mobile node. The home agent updates its mobility bindings records accordingly and issues a registration reply accepting or rejecting the request.
  • 34. Study Notes http://SlideShare.net/OxfordCambridge 34 | P a g e I P M o b i l i t y C o n c e p t s E. Routing considerations 1. MN, FA, and HA considerations 2. Mobile routers Summary 1. Mobile Node, Foreign Agent, and Home Agent considerations IGMP (Internet Group Management Protocol) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast. IGMP can be used for one-to-many networking applications such as online streaming video and gaming, and allows more efficient use of resources when supporting these types of applications. IGMP is used on IPv4 networks. Multicast management on IPv6 networks is handled by Multicast Listener Discovery (MLD) which uses ICMPv6 messaging in contrast to IGMP's bare IP encapsulation. Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network answers the ARP queries for a network address that is not on that network. The ARP Proxy is aware of the location of the traffic's destination, and offers its own MAC address in reply, effectively saying, "send it to me, and I'll get it to where it needs to go." Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy. The "captured" traffic is then typically routed by the Proxy to the intended destination via another interface or via a tunnel. The process which results in the node responding with its own MAC address to an ARP request for a different IP address for proxying purposes is sometimes referred to as 'publishing'. In Mobile IP registration, a mobile node (MN) informs its home agent (HA) of its current location by registering – or deregistering – its care-of address. The mobile node can register via a foreign agent (FA) or register directly with its home agent using a co-located care-of address. Any datagrams addressed to a (registered) mobile node visiting a foreign network are routed first to its home network. The home agent intercepts and sends back these datagrams to the mobile node's care-of address. After a mobile node has informed its home agent of its current location, all packets sent to or from the mobile node are routed by the foreign agent or home agent, maintaining the appearance that it is still on its home network.  Mobile node  Foreign agent
  • 35. Study Notes http://SlideShare.net/OxfordCambridge 35 | P a g e I P M o b i l i t y C o n c e p t s  Home agent Mobile node A mobile node connected to its home network does not use mobility services and operates as a fixed host or router. The rules a mobile node follows when selecting a default router on a foreign network depend on whether the mobile node has registered directly with the home agent or via a foreign agent. A mobile node registered using a co-located care-of address – registered directly with its home agent – should select a default router from the list of router addresses advertised in any ICMP router advertisement message that it receives. This should happen only if the externally obtained care-of address and the router address match under the network prefix. A mobile node registered using a foreign agent care-of address must select a default router from the router IP addresses advertised in the ICMP router advertisement portion of the agent advertisement message. The mobile node can also choose the IP source address of the agent advertisement as the address of the default router, for example, if the list of router addresses in the ICMP router advertisement portion is empty. The lowest preference for a default router is the IP source address. If the network prefix of the mobile node's co-located care-of address and the IP source address of the agent advertisement match, the mobile node can choose the IP source address as the IP address of the default router. The IP source address must be considered as the lowest preference for the default router. The network prefix – if present – can be obtained from the Prefix-Lengths Extension in the router advertisement. To receive multicasts, a mobile node must join a multicast group. The mobile node can join the group via a local multicast router – if there is one present – on the visited subnet. A mobile node using a co-located care- of address should use this address as the source address of its IGMP messages. Otherwise, it must use its home address. The mobile node can join a multicast group via a bidirectional tunnel to its home agent, provided the home agent is a multicast router. The mobile node sends IGMP messages to its home agent, and the home agent forwards the multicast datagrams down the tunnel to the mobile node. Foreign agent When a foreign agent (FA) receives an encapsulated datagram that was sent to its advertised care-of address, it compares the destination to the entries in its visitor list (a list of addresses of the currently registered mobile nodes). If it finds a match, the FA decapsulates the datagram and forwards it to the mobile node. For example, a correspondent node on the home network sends a datagram with the mobile node's address (192.168.5.4) to the home agent (192.168.5.1). The home agent adds the foreign agent's address (172.16.8.1) and sends the datagram on to the foreign agent. The foreign agent (172.16.8.1) compares the address (192.168.5.4) to its visitor list and finds a match. It sends the datagram to the mobile node using layer 2
  • 36. Study Notes http://SlideShare.net/OxfordCambridge 36 | P a g e I P M o b i l i t y C o n c e p t s addressing. If there is no matching entry in the visitor list, the FA should discard the datagram. An example of when this might occur is when a mobile node leaves the foreign network and registers either with another foreign network or returns to its own network. When the FA is unable to forward an incoming tunneled datagram, it must not send ICMP destination unreachable messages as this could prevent legitimate traffic from reaching its destination. The foreign agent must not advertise the presence of a mobile router to other mobile nodes or to any other routers in its routing domain. The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram from a registered mobile node, the FA must follow this procedure. The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram from a registered mobile node, the FA must follow the following procedure: In the first step, it verifies the IP header checksum of the datagram. In the second step, it decrements the IP time-to-live of the datagram. In the third step, it recomputes the IP header checksum of the datagram. In the fourth step, it sends the datagram to a default router. In the fifth step, the FA should also send an ICMP redirect message back to the mobile node. This step is optional, but it is recommended if the FA is not the default router. Home agent When the mobile node is away from home, the home agent (HA) must be able to intercept any datagrams addressed to the mobile node – using gratuitous or proxy ARP to do this – on the home network. For example, a sales representative when travelling can download any e-mail addressed to them from a file server. With gratuitous ARP, an ARP packet – either an ARP request or an ARP reply packet – is sent by a node in order to cause other nodes to update an entry in their ARP cache. The ARP packet has to be transmitted as a local broadcast packet on the local link. Any node receiving the ARP packet – and with an entry for that IP address already in its ARP cache – must update its local ARP cache with the sender protocol and hardware addresses specified in the ARP packet. With proxy ARP, a node that is either unable or unwilling to answer its own ARP requests can use another node to send an ARP reply on its behalf. The sender of a proxy ARP reverses the Sender and Target Protocol Address fields, typically supplying its own configured link-layer address in the Sender Hardware Address field. The node receiving the ARP reply associates this link-layer address with the IP address of the original target node. It then transmits all future datagrams for the target node to the node with that link-layer address.
  • 37. Study Notes http://SlideShare.net/OxfordCambridge 37 | P a g e I P M o b i l i t y C o n c e p t s The IP addresses of all arriving datagrams must be examined by the HA and compared to the home addresses of any of its mobile nodes that are currently registered away from home. Any matching datagrams are tunneled to the mobile node's currently registered care-of address or addresses. When a home agent supports multiple simultaneous mobility bindings (an optional facility), it tunnels a copy of the datagram to each care-of address in the mobile node's mobility binding list. The home agent assumes a mobile node is at home if it has no current mobility bindings and forwards the datagram directly onto the home network. A home agent must forward received broadcast datagrams to the mobile nodes in its mobility binding list that have requested this facility. It must not forward the datagram to any of the other mobile nodes in its mobility binding list. Quizxviii Suppose a mobile node is registered directly with its home agent and is using a co-located care-of address. Identify the rules used to select a default router for this mobile node. Options: 1. It can select an IP address from the list of router addresses given in the ICMP router advertisement portion of the agent advertisement message 2. It can select the IP source address of the agent advertisement 3. It must select a default router from the addresses advertised in the ICMP router advertisement of the agent advertisement message Quizxix Suppose a foreign agent receives a datagram and cannot find the IP address of the destination in its visitor list. Identify the actions the foreign agent should take. Options: 1. It should discard the datagram 2. It should forward the datagram to the mobile node 3. It should modify the IP header of the datagram 4. It should refrain from sending an ICMP "destination unreachable" message Quizxx A home agent processes datagrams addressed to a mobile node registered away from home on the home network.
  • 38. Study Notes http://SlideShare.net/OxfordCambridge 38 | P a g e I P M o b i l i t y C o n c e p t s Identify the characteristics of how the home agent processes datagrams. Options: 1. It can send to several FAs (multiple routers) 2. It checks its mobility bindings if the node is away from home 3. It never forwards broadcast datagrams 4. It sends gratuitous ARP to discover the location of the mobile node Quizxxi Suppose a mobile node is registered using a foreign agent care-of address (10.5.4.3). The mobile node receives an ICMP router advertisement from 10.5.4.3 containing the router address 10.5.4.12. The mobile node then receives an ICMP router advertisement from another router with the IP address 10.5.4.5. What is the preferred default router IP address for this mobile node? Options: 1. 10.5.4.12 2. 10.5.4.3 3. 10.5.4.5 2. Mobile routers A mobile node can also be a router responsible for the mobility of a network or networks moving together, for example, on an airplane or a train. The nodes connected to a mobile network can be fixed nodes, mobile nodes, or routers. A mobile node can also act as a foreign agent, providing a foreign agent care-of address to mobile nodes connected to the mobile network. For example, Helen, a teleworker, wants to connect to her home network to download her email. She connects her laptop – mobile node – to a network port on a bus. The laptop registers on this foreign network using a foreign agent care-of address (172.16.8.1). The bus's foreign agent sends an agent advertisement enabling the care-of address to be picked up.
  • 39. Study Notes http://SlideShare.net/OxfordCambridge 39 | P a g e I P M o b i l i t y C o n c e p t s The network on the bus is also a mobile network. The foreign agent – router (172.16.8.1) – on the bus can serve as a default router connecting the bus network to the rest of the Internet. This router's home agent (172.16.8.15 ) is a node on the fixed network at the bus company's headquarters. When the bus is in transit, the router (172.16.8.1) registers via a radio link to other foreign agents. When the bus is at home, this router attaches to the bus' home network. There are a number of steps involved in routing to a mobile node via a mobile router on a mobile network . Suppose a correspondent node sends a datagram to Helen, using her laptop's home address (192.168.5.4). On the home network, the laptop's home agent (192.168.5.1) intercepts and sends the datagram to the laptop's care-of address (172.16.8.1). This is the IP address of the foreign agent – the router on the bus, in this example. The datagram is then sent using normal IP routing methods to the fixed network at the bus company's headquarters. The router in the bus company's headquarters (172.16.8.15) – that is also the foreign agent's home agent – intercepts the datagram and sends it to the bus router's care-of address, for example, the foreign agent (10.5.4.3) on the bus route. This datagram has now been encapsulated by the laptop's home agent and by the bus' home agent. The bus' foreign agent (10.5.4.3) decapsulates the datagram and sends it via a radio link to the bus. The datagram is still encapsulated with the laptop's home agent (the destination address of the laptop's care-of address). Finally, the foreign agent (172.16.8.1) on the bus decapsulates the datagram. The datagram now has the destination address of the datagram, that is, the laptop's home address (192.168.5.4). The foreign agent on the bus then delivers the datagram over the bus network to the laptop's link-layer address. Quizxxii A sales manager on a flight connects to the home network using the aircraft's network. A datagram is sent to a laptop's home address (192.168.5.4). The laptop's foreign agent care-of address is the aircraft's router (10.5.4.3). The aircraft's router also has a foreign agent care-of address (188.1.6.10). Rank the steps involved in sending this datagram over the aircraft mobile network. Options Option Description
  • 40. Study Notes http://SlideShare.net/OxfordCambridge 40 | P a g e I P M o b i l i t y C o n c e p t s Options Option Description A The aircraft's foreign agent care-of address (188.1.6.10) sends the datagram to the aircraft B The aircraft's router (10.5.4.3) decapsulates and sends the datagram to the laptop C The datagram is sent to the airline headquarters, where it is forwarded to the aircraft's care-of address (188.1.6.10) D The laptop's home agent sends the datagram to the laptop's care-of address (10.5.4.3) Quizxxiii Suppose a reporter on a cycling tour has a laptop (192.16.2.15). Router A, (192.16.2.1) advertises the address for router B in a mobility agent advertisement. If the laptop is using the Router A address of 192.16.2.1 as its default gateway, which can we assume? Options: 1. All datagrams from the home agent are decapsulated by the foreign agent 2. All datagrams from the home agent are decapsulated by the mobile node 3. The advertised router was not on the same subnet 4. The mobile node is using a foreign agent's care-of address If a fixed node has a mobile network as its home network, its home agent can be configured to have a permanent registration for this fixed node, indicating the mobile router's address as the fixed host's care-of address. Any datagrams sent to the fixed node will use recursive tunneling. The home agent – usually a mobile router's home agent – is responsible for advertising connectivity using normal routing protocols to the fixed node. An alternative method – that avoids the need for recursive tunneling of datagrams – is when the mobile router advertises the connectivity to the mobile network using normal IP routing protocols via a bidirectional tunnel to its own home agent. Summary A mobile node can select a default router from the router IP addresses advertised in the ICMP router advertisement portion of that agent's advertisement message. When a foreign agent receives an encapsulated datagram, it compares the destination to the entries in its visitor list. If there is no matching
  • 41. Study Notes http://SlideShare.net/OxfordCambridge 41 | P a g e I P M o b i l i t y C o n c e p t s entry, the datagram must be discarded. When the mobile node is away from home, the home agent intercepts any datagrams on the home network that are addressed to the mobile node and forwards them to the mobile node's care-of address. A mobile node can also be a router responsible for the mobility of a network. It can act as a foreign agent providing a foreign agent care-of address to mobile nodes connected to this mobile network. The nodes connected to this mobile network can be fixed nodes, mobile nodes, or routers
  • 42. Study Notes http://SlideShare.net/OxfordCambridge 42 | P a g e I P M o b i l i t y C o n c e p t s F. Security considerations Introduction Threats to Mobile IP Mitigating the threats to Mobile IP Summary Introduction Mobile IP has become important for the average consumer and for businesses. Mobile IP standards are ever improving, as are the services offered by service providers. Because of this, more efficient services and applications are available to mobile users. In business, key employees can be kept up to date with critical information, which results in improved customer service and, ultimately, in improved customer relations. Mobile IP allows consumers to communicate and to avail of a variety of services, such as instant messaging and SMS alerts to their cellular phones with, for instance, the latest traffic reports or sports results. With the development of large open networks – networks with access to the Internet, and other private and public networks – threats to security have increased and more security vulnerabilities have been discovered. The technical knowledge required to hack a network has become more widely available and hacking tools are more user friendly. Because of the way Mobile IP operates, the transfer of information is vulnerable in terms of security. The registration process in itself is vulnerable because, typically, mobile computers are connected to the network via wireless links. When mobile nodes on foreign networks register with their home networks via wireless links, they are vulnerable to attacks such as passive eavesdropping and active replay. This means that authentication mechanisms in Mobile IP registration need to be particularly strong. For example, service providers need to authenticate messages sent between foreign agents and home agents to ensure only legitimate customers are provided with service and to enable billing. Threats to Mobile IP Specific threats to Mobile IP include the following:  denial-of-service attack  passive eavesdropping  session-stealing attack  replay attack Denial-of-service attack A denial-of-service (DoS) attack is specifically designed to disrupt the normal functioning of a system by destroying or modifying data, or by overloading the system's servers. The organization (or user) is then deprived of services such as e-mail or perhaps the temporary loss of all network connectivity and services. One type of DoS is a nuisance packet attack (TCP SYN flooding). This type of attack can be quite difficult to prevent because a sender can spoof the source address. However, the service provider can use ingress filtering in routers to make sure the IP source address of a packet is authenticated before it is forwarded.
  • 43. Study Notes http://SlideShare.net/OxfordCambridge 43 | P a g e I P M o b i l i t y C o n c e p t s Another type of DoS attack precludes packets from flowing between two nodes. For example, an attacker – who must be on the path between the two nodes – creates a bogus registration request, giving a personal IP address as the care-of address for a mobile node. This means the mobile node's home agent will send all packets to the attacker. This type of attack can be prevented if there are cryptographically resilient authentication procedures between a mobile node and its home agent. KEYED MD5 is the default algorithm used, drawing on RFC 1321 to provide secret-key authentication and integrity checking. Although all mobile nodes must sustain this algorithm, Mobile IP does enable a mobile node to use different types of authentication. Passive eavesdropping Theft of information can occur when an attacker accesses network packets that come across the network to which he is attached (man-in-the-middle attack), typically by using network packet sniffers and routing and transport protocols. Encryption is a common way of preventing a passive eavesdropping (or theft-of- information) attack, protecting the data from being accessed by unauthorized persons. Link-layer encryption is commonly used between a mobile node and its foreign agent of a wireless link where all packets exchanged over the link are encrypted. Because no physical connection is required, it can be easier to snoop on a wireless link. End-to-end encryption, where the data is encrypted and decrypted at the source and destination, is the most thorough method of protecting the data. Secure Sockets Layer (SSL), Secure Copy (SCP), and Secure Shell (SSH) are examples of Internet-based applications that provide end-to-end protection. Other application programs that do not provide for encryption can use Encapsulating Security Payload RFC (1827) for end-to- end encryption. Session-stealing attack A session-stealing attack is when an attacker pretends to be a legitimate node and captures a session. The attacker waits for a valid node to authenticate itself and initiate an application session. The attacker then transmits numerous nuisance packets to prevent the node from recognizing that the session has been captured. Session-stealing attacks can be prevented by end-to-end and link-layer encryption. Replay attack A replay attack is when an attacker obtains and stores a copy of a legitimate registration request and replays it later to create a forged care-of address for a mobile node. To prevent this, a mobile node produces a unique value for the Identification field for each successive registration. The Identification field allows the home agent to ascertain what the subsequent value should be. The attacker is therefore hampered because the home agent will be able to identify the Identification field in the stored registration request as outdated. Mitigating the threats to Mobile IP The registration process of Mobile IP requires strong authentication procedures as it offers many opportunities for malicious intervention. Any sensitive data that is transferred should be encrypted. If location privacy is required, mobile nodes can connect to their home network via a tunnel. The home agent forwards any packets sent to the mobile node to its care-of address and so the mobile node still appears to be on the home network.
  • 44. Study Notes http://SlideShare.net/OxfordCambridge 44 | P a g e I P M o b i l i t y C o n c e p t s Cryptography Cryptography is one of the main methods used to maintain confidentiality, that is, to ensure sensitive data is viewed only by users who are authorized. Cryptography involves the use of cryptographic algorithms and the exchange of either public or secret keys to ensure only authorized parties can decrypt information. There are two main categories of cryptographic algorithms: secret-key algorithms – where both the sender and receiver use the same key – and public-key algorithms. With public-key algorithms, a pair of related keys are used, one by the sender and the other by the receiver. One of these keys is published publicly and the other is kept private. The information is authenticated using either private-key (secret-key) or public-key encryption. There are two categories of private-key encryption, one utilizes a type of cryptographic algorithm called a message digest (a fixed-length piece of data computed from a large piece of data), whereas the other category uses the same algorithms used to execute private-key encryption. There are also two categories of public-key authentication – one method uses a similar method to secret-key authentication, except it uses public-key encryption. The other type of public-key authentication uses digital signatures. A public-key conversion is performed on a plain-text message, using the private key, and the resulting ciphertext is called a digital signature. Only the sender has the key, which means the sender cannot later deny having sent this information (non-repudiation). If necessary, the message, the time stamp, and a message digest confirming that the message has not been altered in transit (integrity checking) can be re- sent. Problems with ARP In Mobile IP registration, a mobility binding is created at the home agent where a mobile node's home address is associated with its care-of address for a specified lifetime. If registration was not authenticated properly, this tunneling feature could prove to be a significant security vulnerability. It also means Address Resolution Protocol (ARP) was not authenticated, and could potentially be used to steal another host's traffic. If Gratuitous ARP is used, where an ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache, then all the risks associated with ARP will also need to be factored in. For these reasons, it is imperative that home agents and mobile nodes perform authentication. Authentication Mobile nodes and home agents must be able to perform authentication. There are several factors that determine the strength of an authentication mechanism. These include the strength and secrecy of the key used, the strength of the authentication algorithm, and the quality of the implementation. The default algorithm used by home agents and mobile nodes for message authentication is HMAC-MD5 with a key size of 128 bits. The foreign agent must support authentication using HMAC-MD5 with manual key distribution of key sizes of 128 bits or greater. It must also support keys with arbitrary binary values. When producing and verifying the authentication data supplied with Mobile IP registration messages, new implementations of Mobile IP should use MD5 as one of the additional authentication algorithms. This is because the "prefix + suffix" use of MD5 to protect data is considered vulnerable to attack. However, the use of keyed MD-5 does not mean other authentication algorithms and modes cannot be used. Keyed MD-5 authentication should use a 128-bit key that is both secret and pseudo-random.
  • 45. Study Notes http://SlideShare.net/OxfordCambridge 45 | P a g e I P M o b i l i t y C o n c e p t s Key distribution in a Mobile IP network can often be a difficult task due to the absence of a network key management protocol. Because of this, some messages sent to the foreign agent do not require authentication. Firewalls A Firewall is a device that protects the resources of a private network from an untrusted public network such as the Internet. There are several different types of firewall. Firewalls use secure logon procedures and authentication certificates to allow mobile users remote access to the private network. Common security policies such as ingress filtering – where routers do not forward packets that appear to have a topologically incorrect source address – can prove to be problematic in Mobile IP networks. For example, a router running firewall software could block incoming packets from a mobile node trying to contact a node on its home network. The firewall blocks this node as it is trying to enter the intranet using the address of a machine inside the intranet. However this mobile node is trying to access the home network using its own home address. To counteract this problem, a mobile node can use the foreign agent supplied care-of address as the source address – this is called reverse tunneling. Reverse tunneled packets can pass normally through routers that use ingress filtering, and the ingress filtering rules can still locate the true source of the packet in the same way as packets from non-mobile nodes. Replay protection To prevent a replay attack, a mobile node produces a unique value for the Identification field for each successive message. There are two methods used to interpret Identification fields – time stamps and nonces. All mobile nodes and home agents must implement replay protection based on time stamps. Nonce-based replay protection is optional. With time stamp replay protection, the node generating a message inserts the current time of day. The node receiving the message checks that this time stamp is sufficiently close to its own time of day. The value used to limit the time difference should be greater than three seconds – the default value is seven seconds. These nodes must have adequately synchronized time-of-day clocks. With nonce replay protection, a node – node A – includes a new random number in every message it sends to another node – node B. Node A then checks that node B returns that same number in its reply. Both messages use an authentication code to protect against alteration by an attacker. As part of the mobile security association, a mobile node and its home agent have to agree on the method of replay protection that will be used. The low-order 32 bits of the identification has to be copied unchanged from the registration request to the registration reply regardless of which method is used. The foreign agent uses the mobile node's home address and the low-order 32 bits to match registration requests with corresponding replies. The mobile node has to verify that the low-order 32 bits of any registration reply are identical to the bits it sent in the registration request. The identification used in a new registration request cannot be the same as the preceding request. Re-transmission is allowed, but a request shouldn't be repeated while the same security context is being used between the mobile node and the home agent.
  • 46. Study Notes http://SlideShare.net/OxfordCambridge 46 | P a g e I P M o b i l i t y C o n c e p t s Summary Security in Mobile IP networks needs to address a number of different issues to fixed networks. Specific threats to Mobile IP include denial-of-service attacks, passive eavesdropping, replay attacks, and session- stealing attacks. Confidentiality can be maintained by using cryptographic algorithms and the exchange of either public or secret keys to ensure only authorized parties can decrypt information. There are two main categories of cryptographic algorithms: secret-key algorithms and public-key algorithms. Security methods such as end-to-end and link-layer encryption, enabling ingress filtering in routers, and the use of time stamp-based replay protection and nonce-based replay protection are common protective measures used in Mobile IP.
  • 47. Study Notes http://SlideShare.net/OxfordCambridge 47 | P a g e I P M o b i l i t y C o n c e p t s G. Conclusion IP Mobility Requirements The requirements for an IP mobility solution can be generalized to a few key aspects. To make a fair comparison of existing solutions and clearly understand the added benefit of the LISP Host Mobility solution, we will quickly touch on the different functional aspects that must be addressed in an IP mobility solution. • Redirection The ultimate goal of IP mobility is to steer traffic to the valid location of the end-point. This aspect is generally addressed by providing some sort of re-direction mechanism to enhance the traffic steering already provided by basic routing. Redirection can be achieved by replacing the destination address with a surrogate address that is representative of the new location of the end-point. Different techniques will allow the redirection of traffic either by replacing the destination's address altogether or by leveraging a level of indirection in the addressing such as that achieved with tunnels and encapsulations. The different approaches impact applications to different degrees. The ultimate goal of IP mobility is to provide a solution that is totally transparent to the applications and allows for the preservation of established sessions, as end-points move around the IP infrastructure. • Scalability Most techniques create a significant amount of granular state to re-direct traffic effectively. The state is necessary to correlate destination IP addresses to specific locations, either by means of mapping or translation. This additional state must be handled in a very efficient manner to attain a solution that can support a deployable scale at a reasonable cost in terms of memory and processing. • Optimized Routing As end-points move around, it is key that traffic is routed to these end-points following the best possible path. Since mobility is based largely on re-direction of traffic, the ability to provide an optimal path is largely a function of the location of the re-directing element. Depending on the architecture, the solution may generate sub-optimal traffic patterns often referred to as traffic triangulation or hair-pinning in an attempt to describe the unnecessary detour traffic needs to take when the destination is mobile. A good mobility solution is one that can provide optimized paths regardless of the location of the end-point. • Client Independent Solution It is important that the mobility solution does not depend on agents installed on the mobile end-points or on the clients communicating with these end-points. A network based solution is highly desirable and is key to the effective deployment of a mobility solution given the precedent of the large installed base of end- points that cannot be changed or managed at will to install client software. • Address Family Agnostic Solution The solution provided must work independently of IPv4 or IPv6 end-points and networks. Since mobility relies on the manipulation of the mapping of identity to location, address families with lengthier addresses tend to provide alternatives not available with smaller address spaces. These address dependent solutions have limited application as they usually call for an end to end deployment of IPv6. To cover the broad installed base of IPv4 networking and end-points, the ideal solution should work for IPv4 or IPv6 independently. Mobile IPv4 Mobile IP is defined for IPv4 in IETF RFC 3344. Basically mobile IPv4 provides a mechanism to redirect traffic to a mobile node whenever this node moves from its "Home Network" to a "Foreign Network." Every host will have a "Home Address" within a "Home Network" which is front-ended by a router that acts as a "Home Agent" and that advertises the "Home Network" into the routing protocol. Traffic destined to the "Home Address" will always be routed to the "Home Agent." If the mobile node is in its "Home Network" traffic will be forwarded directly in the data plane to the host as per regular routing. If the host has moved to a "Foreign Network", traffic will be IP tunnelled by the "Home Agent" to a "Care-of- Address" which is the address of the gateway router for the "Foreign Network."
  • 48. Study Notes http://SlideShare.net/OxfordCambridge 48 | P a g e I P M o b i l i t y C o n c e p t s With Mobile IPv4 there is always a triangular traffic pattern. Also, Mobile IPv4 does not offer a solution for multicast. Since the mobile node is usually sourcing traffic, if the Foreign Agent is not directly connected, there is the need for host route injection at the foreign site to get RPF to work. In addition, multicast traffic from the mobile node has to always hairpin through the home agent since the distribution tree is built and rooted at the "Home Agent." Mobile IPv6 IETF RFC 3775 defines mobility support in IPv6. IPv6 takes a step beyond IPv4 mobility and provides optimal data paths between server and client. The process in IPv6 is similar to that of IPv4 with a few additions. Rather than having the Home Agent always redirect the traffic to the Care-of-Address (CoA) for the server that has moved, the Home Agent is taken out of the data path by distributing the CoA to Home Address Binding information to the client itself. Once the client has the CoA information for a particular server, it can send traffic directly to the CoA rather than triangulating it through the Home Address. This provides a direct path from client to server. Although Mobile IPv6 provides direct path routing for mobile nodes, it is limited to IPv6 enabled end-points, it requires that the entire data path be IPv6 enabled, and it also requires that the end-points have IPv6 mobility agents installed on them.
  • 49. Study Notes http://SlideShare.net/OxfordCambridge 49 | P a g e I P M o b i l i t y C o n c e p t s H. Glossary Abstract Syntax Notation One See ASN.1. access router An edge router equipped with and potentially connected to a range of base station technologies. ACID Acronym for atomicity, consistency, isolation, and durability – the four properties that all transactions should possess. administrative relationship The interaction between the different devices that use SNMP. For example, how the node interacts with the MIB and the agent. agent A software program run by the remote monitoring device in an RMON configuration. agent advertisement An advertisement message constructed by attaching a special extension to a router advertisement message. agent discovery A process in Mobile IP where a mobile node discovers its foreign agent and home agent. agent solicitation The same as router solicitation, except that the IP TTL must be set to 1. Application Protocol Data Unit See APDU. architecture Structure that addresses how changes to the configuration of a device are effected, how management information is transmitted, and how management information is written. ASN.1 Abbreviation for Abstract Syntax Notation One, a notational standard governing the communication of multi-vendor devices. authentication In network communication, the process of verifying that a sender or receiver of data is who they say they are. base station Cellular IP nodes that communicate with mobile hosts via a wireless interface. Basic Encoding Rules Encoding rules that use bit patterns (1s and 0s) to represent values, so that the receiving application can recognize them. BER See Basic Encoding Rules. break In EMA, when a mobile host severs a connection with an access router. Card Validation Code/Card Verification Value Three-digit or four-digit security code that is printed on the back of some cards, typically the last three digits in a row, on the signature panel. care-of address An IP address acquired by a mobile node while operating in a foreign network. Cellular IP A protocol that provides mobility and handoff support for frequently moving hosts. Cellular IP node Interconnected nodes that make up Cellular IP Networks. They route IP packets and communicate with mobile hosts via a wireless interface. check digit The algorithm used to detect keystroke errors when a charge card number is entered on a web site.
  • 50. Study Notes http://SlideShare.net/OxfordCambridge 50 | P a g e I P M o b i l i t y C o n c e p t s chip & PIN A secure card payment system where a microchip on the cardholder's debit or credit card stores the user's card data. In a transaction, the cardholder inserts her card into a special card reader, inputs the transaction details, and then inputs a personal identification number (PIN) instead of signing a receipt. CHIPS Acronym for Clearing House Interbank Payment System, an example of a clearing house system where transactions between members of a clearing channel are recorded. client The application that runs on the network management station and presents RMON information to the user. co-located care-of address An IP address acquired by a mobile node while operating in a foreign network from an external source or a permanent IP address owned by the mobile node used only in foreign networks. community profile The association of an access mode with a MIB view. CVC2 See Card Validation Code. CVV2 See Card Verification Value. CyberCash An electronic payment system that enables credit cards to be used securely over the Internet. The customer registers their credit card with CyberCash. The merchant receives an encrypted version of the customer's credit card number, and sends this to CyberCash for verification. DigiCash An electronic payment system developed by Doctor David Chaum and based on a system of digital tokens called digital coins. DigiCash mint An institution that mints and receives digital coins. digital certificate Certificate used to prove the identity of communicating parties (authentication) and ensures the sender and receiver cannot later deny having sent or received a SET message (non-repudiation). digital coins Also known as e-cash, in a DigiCash transaction, digital coins (or digital tokens) are created by the user and digitally signed by a DigiCash mint. The digital coins are cashed in a DigiCash mint or exchanged with other users. These digital coins are backed by a currency that the digital mint has on deposit. digital signature Signature contained in a digital certificate and used by SSL to authenticate the client and server. eBill A paperless bill that is accessed on the Internet rather than delivered by traditional mail. Customers set up an eBill account with a web site from which they can view, pay, and track the history of all bill payments. The system allows customers to set up recurring payments and reminders and guarantees payment direct from the account of their selection. eCheck Electronic representations of paper checks that operate using the same principles, but are used over the Internet and email. e-commerce Abbreviation for electronic commerce, the conducting of business communications and fund transfers over networks and through computers. Edge Mobility Architecture See EMA. EFT Abbreviation for electronic funds transfer, an electronic commerce system now so pervasive that the net value of all electronic transfers exceeds the total value of all physical cash used.
  • 51. Study Notes http://SlideShare.net/OxfordCambridge 51 | P a g e I P M o b i l i t y C o n c e p t s electronic funds transfer See EFT. EMA Acronym for Edge Mobility Architecture. It is a combination of traditional intra-domain routing protocols and the MANET protocol. escrow Money, property, deed, or bond put into the custody of a third party (an escrow service) for delivery to a grantee after the specified conditions of the transaction have been fulfilled. e-wallet Abbreviation for electronic wallet, a plug-in application that stores SET digital certificates and information about the customer's credit cards and contact details. FA Abbreviation for foreign agent, a router on the foreign network that the mobile node is visiting. The foreign agent provides routing services to the mobile node while the mobile node is registered with it, that is, the foreign agent detunnels and delivers datagrams to the mobile node that were tunneled by the mobile node's home agent. fast handoff An improved handoff process and action of maintaining active transmission when there is a change in the transmission address of a mobile host. Fast handoff ensures reduced packet loss. fault An abnormality that may result in the failure of a device foreign agent See FA. gateway foreign agent See GFA. Gator digital Wallet A pre-packaged registration application, user details are stored encrypted on the user's PC in a Gator digital wallet. The Gator digital wallet can simplify online registration by automatically filling out forms with these details. GetNextRequest A PDU used by managers to traverse arrays and MIB trees. GetRequest A PDU issued by an NMS application to an agent to retrieve a specific, single value from a MIB. GetResponse A PDU sent by agents in reply to GetRequest, GetNextRequest, or SetRequest PDU messages. GFA Acronym for gateway foreign router. A router that provides TeleMIP mobility services to mobile nodes on foreign networks. handoff The process and action of maintaining active transmission when there is a change in the transmission address of a mobile host. Handoff Aware Wireless Access Internet Infrastructure See HAWAII. handshake The beginning of an SSL session between a client and a server. The SSL handshake begins when the client sends its version number, cipher settings, and other information to the server. HAWAII Acronym for Handoff Aware Wireless Access Internet Infrastructure. In IP mobility, it supports mobility by using a domain- based approach. hierarchical This refers to the arrangement of the different agents in a mobile network. Hierarchical Mobile IP
  • 52. Study Notes http://SlideShare.net/OxfordCambridge 52 | P a g e I P M o b i l i t y C o n c e p t s A protocol that supports movement of mobile nodes in foreign and networks. home address An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet. home agent A router on a mobile node's home network that tunnels datagrams for delivery to the mobile node when it is away from home. It also maintains current location information for the mobile node. hybrid card A type of smartcard that combines elements of contact and contactless smartcards. ICMP Internet Control Message Protocol, a network layer Internet protocol that reports errors and provides other information relevant to IP packet processing. This protocol is defined in RFC 792. IDMP Acronym for Intra-domain Mobility Management Protocol, a protocol that supports routing of data to a mobile device from outside its domain. Internet Protocol Time to Live See IP TTL. intra-domain Communication is maintained between domains. Intra-domain Mobility Management Protocol See IDMP. IP TTL Acronym for Internet Protocol Time to Live, a field in Internet Protocol (IP) that specifies how many more hops a packet can travel before being discarded or returned. link A facility or medium over which nodes can communicate at the data-link layer. A link underlies the network layer. link-layer address An address, usually an interface's MAC address, used to identify an endpoint of communication over a physical link. Luhn algorithm Algorithm based on modulus 10, and on which the credit card check digit algorithm is based. make In EMA, when a mobile host establishes a connection with an access router. managed object A software abstraction of a resource that can be managed across an OSI network. It can be a logical or physical network component, such as a hard drive, network router, database system, or operating system component. Management Information Base See MIB. MANET Acronym for Mobile Ad hoc NETwork, a protocol where mobile nodes have a permanent IP address and rapidly roam in an ad hoc topology. MasterCard PayPass A dual interface card with built-in chip technology as well as a standard magnetic stripe. In PayPass-accepting retail locations, the user can pay with one touch of the card. The user's payment card details are sent via short-range radio waves to the specially equipped PayPass terminals. The card can also be used in the traditional manner (by swiping the magnetic stripe). MD5 Acronym for Message Digest 5, a hashing algorithm invented by Ronald Rivest. It produces a fixed output or message digest of 128 bits and is used for message authentication in SNMPv2. It verifies the integrity of the communication, authenticates the origin, and checks for timeliness. MER
  • 53. Study Notes http://SlideShare.net/OxfordCambridge 53 | P a g e I P M o b i l i t y C o n c e p t s Acronym for Mobile Enhanced Routing, the provision of a modified intra-domain routing protocol providing prefix-based routing in a domain, and host routes for movement away from the home domain. MIB Abbreviation for Management Information Base. A virtual information store that allows a network management system (NMS) to query and configure all of the managed objects on a managed device, for example, a router or switch. MIB tree A structure that groups MIB objects in a hierarchy and uses an abstract syntax notation to define manageable objects. MicroMint An electronic payment system designed for unrelated low-value payments. MicroMint coins are generated by a broker and sold to users who then exchange these coins with other users. The identity of the user is embedded in the hash key values of the MicroMint coin. micromobility Protocols designed to overcome the limitation imposed by mobile IP. Mobile Ad hoc NETwork See MANET. Mobile Enhanced Routing See MER. mobile host A host connected to the Internet via a wireless interface that changes its position frequently. Mobile IP An open standard, defined by Internet Engineering Task Force (IETF) RFC 2002, that allows users to keep the same IP address, stay connected, and maintain on-going applications while roaming between IP networks. mobile node A host or router that changes its point of attachment from one network or subnetwork to another. A mobile node can change its location without changing its IP address. If link-layer connectivity to a point of attachment is available, the mobile node can communicate with other Internet nodes at any location using its home IP address. mobility agent Either a foreign agent or home agent used in Mobile IP networks. Mondex card A contact smart card that holds the equivalent of cash. Cash is stored on an integrated circuit (IC) on the smart card and can be securely transferred from one IC to another. Unlike other payment cards, a Mondex card requires no signature, PIN, or transaction authorization. NACHA Acronym for National Automated Clearing House Association. Established in 1974, NACHA forms a link between regions for the ACHs and provides a nationwide electronic payment and collection network among US financial institutions. NMS Abbreviation for network management station, a device that sends queries or requests to agents. Also an abbreviation for network management system, a collection of devices and software used to monitor and manage network devices. node A station on a network that communicates with the network management station. nonce replay protection A method of replay protection. A random value is included in data exchanged between nodes to help detect and protect against replay attacks. notational system A category of electronic commerce in which the electronic information transferred is an instruction to change the accounting information in a ledger, such as a credit card company's records. The monetary value is in the ledger, not in the instruction. object An instance of the data structure and behaviour defined by the object's class. object group A group used to define and categorize a managed object.
  • 54. Study Notes http://SlideShare.net/OxfordCambridge 54 | P a g e I P M o b i l i t y C o n c e p t s octet A set of 8 bits, used instead of the term "byte". paging Paging areas consist of a collection of subnetworks or base stations. When a mobile device moves within a paging area, it doesn't have to re-register with the network. It only registers when it changes paging area. paging cache A cache maintained by some Cellular IP nodes, used to route packets to mobile hosts. participating site A site that supports a Microsoft Passport service. Path setup messages Messages established in certain routers for a mobile host. Path setup schemes The organization of when, how, and which routers are updated by path setup messages. PayPal An electronic payment system commonly used to transfer money over the Internet. The sender and recipient must both be PayPal members, have an email address, and a credit card or bank account. PayPal is commonly used to settle purchases made on Internet auction sites such as eBay. PDU Acronym for Protocol Data Unit. See APDU. private-key encryption Encryption where both parties share an encryption key, which is used both to encrypt and to decrypt the message. proximity payments Transactions that are conducted without having to manually swipe a card through a point-of-sale device. The user must be within a specified range of the wireless-reading device. A number of wireless technologies are used for proximity payment including: Bluetooth, contactless smart cards, dual interface cards, infrared and RFID. public-key encryption Encryption method that uses two keys – one to encrypt, and one to decrypt. The sender asks the receiver for the encryption key, encrypts the message, and sends the encrypted message to the receiver. Only the receiver can then decrypt the message. QoS Acronym for Quality of Service, the reliability of a protocol to transmit information to and from mobile hosts accurately and in a timely fashion. Quality of Service See QoS. regional registration A process in Hierarchical Mobile IP where a mobile node reregisters with a GFA when it has changed base stations but stayed under the same GFA. registration In Mobile IP a mobile node registers its care-of address with its home agent. Remote Network Monitoring See RMON. replay attack An attacker obtains and stores a copy of a legitimate registration request and replays it later to create a forged care-of address for a mobile node. replay protection Used to prevent replay attacks, a mobile node produces a unique value for the Identification field for each successive message. There are two methods used to interpret Identification fields – time stamp replay protection and nonce replay protection. RFC 1156 Describes the MIB for network management of TCP/IP-based internets. RFID
  • 55. Study Notes http://SlideShare.net/OxfordCambridge 55 | P a g e I P M o b i l i t y C o n c e p t s Acronym for radio frequency identification technology, a data collection technology that uses electronic tags to store identification data and a wireless transmitter or reader to capture it. RFID is commonly used in road tolling applications. RMON Abbreviation for Remote Network Monitoring, a standard MIB that defines current and historical data-link layer statistics and control objects. It enables the retrieval of real-time information across an entire network. RMON2 The latest version of RMON. This version provides information on network and application layer traffic. router advertisement A message sent by routers from each router interface advertising the address of that interface. router solicitation A message issued by hosts to ask for immediate router advertisements. routing A process of moving data from its source to its destination. routing cache A cache maintained by all Cellular IP nodes, used to route packets to mobile hosts. SA Abbreviation for subnet agent, a router that provides the mobile device with a care-of address in a foreign domain. Secure Electronic Transaction Transaction protocol created by a group of organizations to tackle security concerns in the area of credit card transactions. It is modeled as a card-present transaction. Secure Sockets Layer See SSL. SET Acronym for Secure Electronic Transaction. SetRequest A PDU sent by an NMS to an agent to set variable values within a MIB. Simple Network Management Protocol See <a href="#"><span class="crossref">SNMP</span></a>. single sign-on Users create a single set of credentials – their Microsoft Passport username and password – that enable them to log into any participating site. single-use card A temporary credit card. When a user buys online with a single-use credit card service, a single-use card number is generated. The user can use this number to pay online without sending his or her actual credit card details over the Internet. When the transaction is complete, this number is mapped back to the user's credit card and the relevant account is then debited. single-use card number A unique, disposable account number (CPN) generated by a registered user of a single-use credit card service for an online transaction. smart card A card that is similar to a magnetic stripe card but contains a microprocessor chip. There are three smart card types – contact smart card, contactless smart card, and a hybrid or combi card. SNMP Abbreviation for Simple Network Management Protocol, the protocol used by application and agent to communicate with each other in an RMON configuration. SNMPv1 Simple Network Management Protocol version one. SNMPv2 Simple Network Management Protocol version two. SNMPv3 Simple Network Management Protocol version three. Soft-state Refers to memory cache in network devices that needs to be refreshed on a regular basis.
  • 56. Study Notes http://SlideShare.net/OxfordCambridge 56 | P a g e I P M o b i l i t y C o n c e p t s SSL Abbreviation for Secure Sockets Layer, the standard protocol for authenticated and encrypted communication between clients and servers. It is used to secure the tunnel for transactions between merchants and their customers. string In a programming language, any set of consecutive characters. subnet agent. See SA SWIFT Acronym for Society for Worldwide Interbank Financial Telecommunications, a global telecommunications network that provides a strict message format for the exchange of financial information between financial institutions. Messages automatically pass through electronic links built between SWIFT and the local electronic clearing systems in different countries. syntax The structure of strings in a programming (or other) language. TeleMIP Acronym for Telecommunications-Enhanced Mobile IP architecture, a protocol that uses IDMP for managing intra-domain mobility and Mobile IP for supporting global mobility. timestamp replay protection A method of replay protection. The node generating a message inserts its system clock time. The node receiving the message compares this time stamp to its own current time. TLS Abbreviation for Transport Layer Security protocol, a protocol designed to secure client/server application communications over the Internet. token system A category of electronic commerce in which the electronic data transferred has an intrinsic legal value. For example, if you transferred $60 from one account to another, the electronic data representing that $60 is legally worth $60 in itself. Transport Layer Security protocol See TLS. Trap A PDU sent by an agent to a manager when a specified event has occurred that requires the manager's attention. tunnel The path followed by an encapsulated datagram. Virtual PIN An electronic payment system created by First Virtual Holdings. Payments were authorized by e-mail and the customer included their Virtual PIN and transaction details in an e-mail to the merchant. The merchant sent these details to First Virtual, who verified the transaction.
  • 57. Study Notes http://SlideShare.net/OxfordCambridge 57 | P a g e I P M o b i l i t y C o n c e p t s I. Quizzes’ Answers i Answer Any IP compliant media can support Mobile IP, and Mobile IP allows the mobile user to maintain connectivity when switching networks without changing their IP address. Option 1 is correct. Mobile IP is based on IP, which means it is scalable and therefore reduces resource requirements and costs. Option 2 is incorrect. IPv4 takes an IP address literally – a node needs to be in the actual physical location of its IP address. This is not altered by Mobile IP. Option 3 is correct. Because Mobile IP can relocate data to virtual IP addresses, it allows a mobile node to traverse different networks while all the time maintaining connectivity. ii Answer With Mobile IP, it is safe to roam between different networks when using remote login. Option 1 is incorrect. Mobile IP facilitates roaming within a single network type, but it also enables mobile nodes to roam to different network types without affecting connectivity. Option 2 is incorrect. Mobile IP is backward compatible; it allows mobile nodes to communicate with other nodes that have not implemented mobility functions. Option 3 is incorrect. Mobile IP performs its mobility functions at the network layer. It operates independently of layer 1 and 2. This means that wherever TCP/IP is used Mobile IP can be implemented. Option 4 is correct. Mobile IP enables remote login to maintain connectivity when roaming between networks. A drop in connectivity, which would happen if the mobile node was using only IPv4, would make the home network susceptible to such network attacks as session stealing. iii Answer The correspondent node does not need to know the mobile nodes location, and a foreign agent maintains the current location information of the mobile node. A mobile node can communicate with other Internet nodes regardless of location, and a home agent tunnels data to the mobile node when it is away from home. The correspondent node is the device with which the mobile node is communicating. It can be any network device from a printer to a server and can be stationary or mobile. The foreign agent stands on the foreign network that the mobile node has moved to. It acts as the point of contact for the mobile node's home agent and delivers data to the mobile node. The home agent is a router on the mobile nodes home network that tunnels data received from correspondent nodes to the mobile node. The mobile node's care-of address allows it to communicate with peer nodes regardless of location. Mobile nodes must be enabled for roaming in order to maintain network mobility. iv Answer A mobile node registers its new CCOA directly with the HA when it has established that it is on a foreign network and has acquired a CCOA. Option 1 is incorrect. For a mobile node to operate in a foreign network using Mobile IP, it must register with its home agent. If the mobile node was not supported by mobility services, there would be no address available to forward intended packets. Option 2 is correct. Once a mobile node has discovered that it is operating in a foreign network and it has acquired a CCOA, it registers directly with its HA. It does this by sending a registration request to the HA, which then sends a registration reply back to the mobile node. Option 3 is incorrect. The mobile node will only register with the HA via the FA when it uses a COA. It must do this because the COA is an IP address of the FA - this address is the address that the home agent will forward traffic to. v Answer When a mobile node registers indirectly with its HA, it has acquired its care-of address from an FA on its current network.
  • 58. Study Notes http://SlideShare.net/OxfordCambridge 58 | P a g e I P M o b i l i t y C o n c e p t s Option 1 is incorrect. HAs do not issue care-of addresses to mobile nodes for which they are acting as HAs. They do allocate care-of addresses to mobile nodes for which they act as foreign agents. Option 2 is correct. When a mobile node registers indirectly with its HA, it does this via the FA. This is because the mobile node has acquired the care-of address from the FA, from which the registration request is sent. Option 3 is incorrect. If a mobile node has acquired a care-of address through dynamic host configuration, it has a co-located care-of address. In this situation, mobile nodes register directly with the HA. Option 4 is incorrect. Mobile nodes that use a special permanent IP address reserved for use on foreign networks register directly with their HA. They do not need to send registration request via any intermediaries. It is essential to note the difference between a care-of address (either COA or CCOA) and an FA. A care-of address is an endpoint for tunnelled datagrams to a mobile host. An FA is a mobility agent. The FA provides network services to mobile nodes on its network. It is possible to have more than one FA on a network. An FA is likely to be a router, but could be any network device capable of acting as a tunnel endpoint and sending agent advertisements. vi Answer The main advantage of using the CCOA mode of address acquisition is that the mobile node can function on a foreign network without an FA. Option 1 is incorrect. In CCOA mode, the assigned IP address can be used by only one mobile node at a time. This means there is a high demand for IPv4 addresses. In COA mode, there is less demand for IPv4 addresses. Option 2 is correct. CCOA mode has the advantage that it allows a mobile node to function without an FA.This is because it acquires its temporary address from means external to the foreign network or it uses a unique address it has permanently for operating away from its home domain. Option 3 is incorrect. In CCOA mode, the mobile node must register with the HA. Mobile nodes on foreign networks must register with their HA in order to receive any information sent to their home address. vii Answer When the laptop has established that it is in a foreign network, it acquires a COA from the agent advertisement message. Option 1 is incorrect. In order for data intended for the laptop to be tunnelled to the FA, it must first have acquired a COA and registered this with the HA. The data will then be tunnelled to the FA and forwarded on to the laptop. Option 2 is correct. The next step is for the laptop to acquire its COA address from the agent advertisement. The COA is the interface address of the foreign agent. Option 3 is incorrect. The laptop must first acquire the new address (COA) before registering it with the HA. It will then register with the HA via the FA. Option 4 is incorrect. The laptop must have a COA before it can send the registration request to the HA. If it sends a registration request to the HA without a COA, the HA will not know the new location of the laptop. viii Answer Agent discovery is used to determine whether a mobile node has moved from one network to another and to determine whether the node is in a home or foreign network. Option 1 is correct. Agent discovery is used to establish the location of the mobile host. If a mobile node is in its home network, it discovers this through agent advertisements from the home agent. If the mobile node is in a foreign network, it discovers this through foreign agent advertisements. Option 2 is correct. Agent discovery enables mobile nodes to establish whether they have moved networks. The mobile node establishes this through agent advertisements broadcast by routers on each network. Option 3 is incorrect. Mobile nodes register their location in the registration phase. This comes after agent discovery has taken place. ix Answer Agent advertisements are part of ICMP router advertisements in Mobile IP agent discovery. Mobile IP extends ICMP router discovery, and mobile nodes discover neighboring router addresses by listening for advertisements.
  • 59. Study Notes http://SlideShare.net/OxfordCambridge 59 | P a g e I P M o b i l i t y C o n c e p t s Option 1 is correct. An agent advertisement is formed by including a mobility agent advertisement extension in an ICMP router advertisement message. The agent advertisement is then included in the periodic router advertisements. Option 2 is incorrect. An agent solicitation differs from an ICMP router solicitation in one way – the IP TTL (time to live) must be set to 1. Option 3 is correct. Mobile IP extends ICMP router advertisements by combining agent advertisements with ICMP router advertisements, and agent solicitations with ICMP router solicitations. Option 4 is correct. Once the mobile node receives an agent advertisement, it can acquire a care-of address from the advertisement. x Answer HAs must always be prepared to serve the mobile nodes for which they are HAs. FAs can indicate that they are too busy to service additional mobile nodes. Option 1 is incorrect. HAs must always be prepared to serve mobile nodes for which they are an HA. FAs do not always need to be available to mobile nodes, but must continue to issue agent advertisements, even when busy. Option 2 is correct. FAs can indicate in their agent advertisements that they are too busy to serve any extra mobile nodes. But the FA must continue to send agent advertisements to ensure the nodes it does service know that the FA is functional and within range. Option 3 is incorrect. HAs must always be prepared to serve the mobile nodes for which they are HAs. But FAs can sometimes be too busy to provide services to visiting mobile nodes. Option 4 is correct. HAs must always be available to provide network services to mobile nodes for which they are HAs. This is to ensure mobility of all nodes on the network. xi Answer In lifetime move detection, mobile nodes use the information in the lifetime field of the ICMP router advertisement section of the agent advertisement. They must also record the lifetime of all foreign agents from which they have received agent advertisements. Option 1 is correct. In lifetime move detection, mobile nodes must record the lifetime of all foreign agents from which it has received an advertisement until their lifetimes have expired. Option 2 is incorrect. The lifetime move detection method does not use prefix-lengths extensions. These are used in an alternative method of movement detection. Option 3 is correct. In lifetime move detection, mobile nodes use the information in the lifetime field in the main body of the ICMP router advertisement section to detect when they have moved networks. Option 4 is incorrect. When the lifetime of the mobile node's foreign agent expires, the mobile node should immediately attempt to register with an agent from which it has already received an advertisement. The lifetime field of the new agent must still be valid at the time the mobile node attempts registration. xii Answer Mobile IP registration enables a mobile node to deregister when it returns to its home network, to inform its home agent of its care-of address, and to maintain multiple registrations simultaneously. Option 1 is correct. A mobile node should deregister only after the mobile node has received an agent advertisement from its own home agent indicating that it has returned home and it has reconfigured its routing table for the home network. Option 2 is correct. This can be a foreign agent's care-of address or a co-located care-of address. Option 3 is correct. This means that a copy of every datagram is tunnelled to each of the mobile node's care-of addresses. Option 4 is incorrect. With Mobile IP, the mobile node must retain its own IP address. A temporary care-of address is associated with the mobile node's IP address, making it appear as if it is still on the home network. xiii Answer Correct ranking Option Description
  • 60. Study Notes http://SlideShare.net/OxfordCambridge 60 | P a g e I P M o b i l i t y C o n c e p t s C A registration request is sent to the foreign agent The mobile node sends the request to the foreign agent. A The registration request is passed on to the home agent The foreign agent processes the request and forwards it to the home agent. B The registration reply is sent to the foreign agent Sent by the home agent, the reply message outlines the status of the request and the lifetime granted. D The registration reply is forwarded to the mobile node The foreign agent processes the reply and then passes it on to the mobile node. The lifetime granted by the home agent can sometimes be smaller than the original request. xiv Answer A mobile node can register via a foreign agent if it is registering using a foreign care-of address and if it is using a co-located care-of address and receives an advertisement from a foreign agent on this link with the 'R' bit set. Option 1 is incorrect. The mobile node must register or deregister directly with its home agent when it turns to its home network. Option 2 is correct. After processing the request, the home agent sends a registration reply to the foreign agent. The foreign agent then forwards the reply to the mobile node. Option 3 is incorrect. If a mobile node is using a co-located care-of address, it must register directly with its home agent. Option 4 is correct. The mobile node should register if the 'R' bit is set in the agent advertisement but only if the advertised foreign agent is on the same link as the mobile node. xv Answer A mobile node makes the registration request, the foreign agent relays the request, and the home agent receives the request. The mobile node plays an active role in Mobile IP registration. It sends requests directly or via a foreign agent to a home agent. A home agent plays a reactive role in Mobile IP registration, receiving requests either directly from a mobile node or via a foreign agent and sending the appropriate response. A foreign agent plays a passive role in Mobile IP registration, relaying requests from the mobile node to the home agent and returning the home agent's responses to these requests. xvi Answer A foreign agent must be configured with a care-of address, a home agent must be configured with the IP address of the home network, and a mobile node must be configured with its own IP address. The home agent must be configured with the home address and mobility security association of any mobile node it serves as a home agent. A mobile node must also be configured with a network mask and the mobility security association for each home agent. A foreign agent must also maintain a visitor list entry for each pending or current registration. xvii Answer The mobile node should register with a new foreign agent when the current registration lifetime has expired and when transport layer protocols indicate excessive transmissions. Option 1 is incorrect. It should not register with a new FA as long as it is still receiving agent advertisements from the foreign agent with which it is currently registered. Option 2 is correct. Alternatively, the mobile node can reregister with its existing foreign agent just before the registration lifetime expires. Option 3 is incorrect. A mobile node should not register with another foreign agent if it receives an ICMP redirect message. Option 4 is correct. Link-layer indications of changes in the point of attachment can indicate that the mobile node should register with another foreign agent.
  • 61. Study Notes http://SlideShare.net/OxfordCambridge 61 | P a g e I P M o b i l i t y C o n c e p t s xviii Answer Mobile nodes that are registered directly with their home network using a co-located care-of address can select the default router IP address from the list of router addresses given in the ICMP router advertisement portion of the agent advertisement message. The default router can also be the IP source address of the agent advertisement. Option 1 is correct. The router addresses advertised each have a preference level associated with them. The mobile node should choose the default router with the highest preference and a network address that matches its co-located care-of address. Option 2 is correct. The IP source address of the agent advertisement is considered the worst choice for a default router. Option 3 is incorrect. It need not select an address from those in the router advertisement. The advertisement may not contain an address that matches the network portion of the mobile node's care-of address. xix Answer The foreign agent should discard the datagram and not send an ICMP "destination unreachable" message. Option 1 is correct. If the mobile node isn't in the visitor list, the foreign agent should discard the datagram. Option 2 is incorrect. If the mobile node is not registered in the domain the foreign agent should not forward the datagram, as to do so may cause routing loops. Option 3 is incorrect. A foreign agent will only modify the header if it can forward the datagram. When a foreign agent can forward the datagram, it verifies the IP header checksum, decrements the IP time-to-live, recomputes the IP header checksum, and sends the datagram to the default router. Option 4 is correct. If the mobile node is not in the visitor list it may have moved to another foreign agent. Sending a "destination unreachable" message could prevent legitimate traffic from reaching its destination. xx Answer When a home agent receives a broadcast to a mobile node, it checks the visitor list if the node is away from home, and it can send to several FAs (multiple routers). Option 1 is correct. If multiple mobility bindings are supported, the home agent sends a copy to each care-of address in the mobile node's mobility binding list. Option 2 is correct. If a mobile node has no mobility bindings, the home agent assumes it is at home and forwards datagrams directly on the home network. Option 3 is incorrect. The home agent forwards broadcast messages to any mobile nodes in its mobility list that have requested this facility. Option 4 is incorrect. A home agent has a mobility list with the list of mobile nodes that are registered away from home. xxi Answer The IP address of the default router selected by the mobile node is 10.5.4.12. Option 1 is correct. A mobile node registered using a foreign agent care-of address must select a default router from the router IP addresses advertised in the ICMP router advertisement portion of the agent advertisement message. Option 2 is incorrect. If the ICMP router advertisement portion is empty, the source address of the agent advertisement can be selected as the default router. It is the least preferred option. Option 3 is incorrect. The mobile node ignores the ICMP router advertisement from 10.5.4.5 as it arrived after the ICMP router advertisement from 10.5.4.3 – the mobile node's foreign agent care-of address. xxii Answer Correct ranking Option Description
  • 62. Study Notes http://SlideShare.net/OxfordCambridge 62 | P a g e I P M o b i l i t y C o n c e p t s D The laptop's home agent sends the datagram to the laptop's care-of address (10.5.4.3) The laptop's foreign agent care-of address (10.5.4.3) is the IP address of the router on the airplane. C The datagram is sent to the airline headquarters, where it is forwarded to the aircraft's care-of address (188.1.6.10) The router at the airline's HQ is the aircraft's home agent. It intercepts and sends the datagram to the aircraft router's care-of address (a foreign agent on the ground). A The aircraft's foreign agent care-of address (188.1.6.10) sends the datagram to the aircraft Before the aircraft's foreign agent (188.1.6.10) sends the datagram to the aircraft, it decapsulates the datagram. The datagram is still encapsulated with the destination address of the laptop's care-of address. B The aircraft's router (10.5.4.3) decapsulates and sends the datagram to the laptop The aircraft's router has to decapsulate the datagram to get the destination address of the laptop's home address. xxiii Answer In this scenario, all datagrams from the home agent are decapsulated by the mobile node. The advertised router was not on the same subnet. Option 1 is incorrect. The foreign agent will decapsulate the datagram only if the datagram is addressed to it. In this case, the home agent will send datagrams directly to the mobile node. Option 2 is correct. The mobile node is using a co-located care-of address and the home agent will forward all traffic to this address. The default router does not decapsulate the datagrams, it merely forwards them. Option 3 is correct. The laptop is registered directly with its home agent using a co-located care-of address. If the laptop receives an agent advertisement that matches the network prefix of its care-of address, it can consider having that IP source address as a default router. Option 4 is incorrect. The laptop address (192.16.2.15) is using an address in the same subnet as the local router (192.16.2.1), therefore, it can register directly with its home agent using a co-located care-of address.