IP Mobility Concepts - Study Notes

IP Mobility Concepts
Study Notes
+W - Technology Skills For Women Series1
http://SlideShare.net/OxfordCambridge
1
Men are allowed to read too, if they wish, as the language style and the document format are universal.

Study Notes http://SlideShare.net/OxfordCambridge
2 | P a g e I P M o b i l i t y C o n c e p t s
Table of Contents
About “+W - Technology Skills For Women” series ................................................................................ 5
Sources: ................................................................................................................................................... 6
Protocol operation and agent discovery ............................................................................................................. 7
Learning objectives:................................................................................................................................. 7
A. Making the case for Mobile IP................................................................................................................. 7
1. Development of Mobile IP................................................................................................................... 7
Quiz.......................................................................................................................................................... 9
2. Mobile IP specifications....................................................................................................................... 9
Quiz........................................................................................................................................................ 10
3. The Mobile IP network ...................................................................................................................... 10
Quiz........................................................................................................................................................ 11
Summary................................................................................................................................................ 12
B. Mobile IP operation............................................................................................................................... 13
1. The Mobile IP process ....................................................................................................................... 13
Quiz........................................................................................................................................................ 15
2. Acquiring a care-of address............................................................................................................... 15
Quiz........................................................................................................................................................ 16
Quiz........................................................................................................................................................ 16
Quiz........................................................................................................................................................ 17
Summary................................................................................................................................................ 17
C. Agent discovery ..................................................................................................................................... 18
1. The functions of agent discovery....................................................................................................... 18
Quiz........................................................................................................................................................ 18
Note....................................................................................................................................................... 20
Quiz........................................................................................................................................................ 21
2. Agent advertisements ....................................................................................................................... 22
Note....................................................................................................................................................... 22
Quiz........................................................................................................................................................ 23
3. Move detection ................................................................................................................................. 24
Quiz........................................................................................................................................................ 25
Summary................................................................................................................................................ 25
Registration, routing, and security.................................................................................................................... 26

Learning objectives:............................................................................................................................... 26
D. Registration ........................................................................................................................................... 26
1. Registration purpose and procedures............................................................................................... 26
Quiz........................................................................................................................................................ 27
Note....................................................................................................................................................... 28
Quiz........................................................................................................................................................ 29
Quiz........................................................................................................................................................ 29
2. Mobile IP registration considerations ............................................................................................... 29
Quiz........................................................................................................................................................ 31
Quiz........................................................................................................................................................ 32
Quiz........................................................................................................................................................ 32
Summary................................................................................................................................................ 32
E. Routing considerations.......................................................................................................................... 34
1. Mobile Node, Foreign Agent, and Home Agent considerations........................................................ 34
Quiz........................................................................................................................................................ 37
Quiz........................................................................................................................................................ 37
Quiz........................................................................................................................................................ 37
Quiz........................................................................................................................................................ 38
2. Mobile routers................................................................................................................................... 38
Quiz........................................................................................................................................................ 39
Quiz........................................................................................................................................................ 40
Summary................................................................................................................................................ 40
F. Security considerations ......................................................................................................................... 42
Introduction........................................................................................................................................... 42
Threats to Mobile IP .............................................................................................................................. 42
Denial-of-service attack......................................................................................................................... 42
Passive eavesdropping .......................................................................................................................... 43
Session-stealing attack .......................................................................................................................... 43
Replay attack ......................................................................................................................................... 43
Mitigating the threats to Mobile IP....................................................................................................... 43
Cryptography......................................................................................................................................... 44
Problems with ARP ................................................................................................................................ 44
Authentication....................................................................................................................................... 44
Firewalls................................................................................................................................................. 45
Replay protection .................................................................................................................................. 45
Summary................................................................................................................................................ 46

G. Conclusion ............................................................................................................................................. 47
IP Mobility Requirements...................................................................................................................... 47
Mobile IPv4............................................................................................................................................ 47
Mobile IPv6............................................................................................................................................ 48
H. Glossary ................................................................................................................................................. 49
I. Quizzes’ Answers................................................................................................................................... 57

About “+W - Technology Skills For Women” series
Study Notes in the field of technology will be put together under this category for the following reasons:
 to encourage ladies, who wish to do so, to stand up and look over the fence into technology related
topics;
 with apprehension or fear;
 and perhaps consider embracing a career move into this technological path;
 or simply as to broaden their general knowledge; after all ICT is in most aspects of everyday life;
 no matter the decision, their skills, professional strengths, and contribution can only be something
positive for technical and technological fields.

Sources:
http://www.cisco.com/ (IP Mobility Overview)
http://en.wikipedia.org/wiki/Mobile_IP (Mobile IP)
Ad Hoc Mobile Wireless Networks: Protocols and Systems, C.-K. Toh, Prentice Hall PTR
Mobile IP Design Principles and Practices, Charles E. Perkins, Prentice Hall PTR
Mobile IP the Internet Unplugged, James Solomon, Prentice Hall PTR
The Wireless Mobile Internet: Architectures, Protocols and Services, Abbas Jamalipour, John Wiley & Sons
A Survey on Network Architectures for Mobility, XiuJia Jin, (http://www.cs.wustl.edu/~jain/cse574-
06/ftp/mobility_arch/index.html)

Protocol operation and agent discovery
Learning objectives:
 identify the components and operational requirements of Mobile IP.
 identify the steps and processes involved in Mobile IP operation.
 identify how a mobile node determines its location relative to its home address.
A. Making the case for Mobile IP
B. Mobile IP operation
C. Agent discovery
A. Making the case for Mobile IP
1. Development of Mobile IP
2. Mobile IP specifications
3. The Mobile IP network
1. Development of Mobile IP
The rise in use of the Internet and advances in mobile communication have led to mobile computing
technology redefining the way we access information.
Most mobile devices now need to support voice and video transfer technology. Although mobility is
supported by link-layer technology, data transfer across networks or different layers is not.
Internet Protocol version 4 (IPv4) takes a node's IP address literally; it assumes that the address is a unique
location within a network. When data is sent to this IP address, the node will not receive it unless the node is
located at this physical IP address.
IPv4 presents mobile users with the problem of how to avoid losing their ability to communicate when they
move between networks.
A limited way of addressing the problem of connectivity is for the mobile user to
 change their IP address
 create host specific routes

change their IP address
If a mobile user changes their IP address, they cannot maintain transport, session, presentation, and
application layer connections. Changing IP addresses can also compromise network services.
create host specific routes
Creating host specific routes throughout much of the Internet routing fabric has obvious and severe scaling
problems. First each host in a network would require its own entry in every router's routing table, worldwide.
The memory for a router to do this would exceed that of all the computers in your office.
Also, each time you move your computer from one router to another, the routing table in every router has to
change. This change requires a routing update from your new router to all other routers, which creates a lot of
network traffic.
The development of mobile devices that can be used for data transfer has driven the demand for a
technology that allows mobile users to roam from one network to another while maintaining network
connections.
 Cellular phones
 Laptops
Cellular phones
Cellular phones can use Bluetooth technology to power connections to networks. Bluetooth technology
enables your cellular phone to connect to a network without wires, by using short-range radio wave
transmissions.
Laptops
Wireless laptop connections to data networks are often powered by WiFi technology. Among the different
technologies available for wireless local networks, the most widely used is IEEE 802.11.
Wireless Fidelity (WiFi) technology is based on IEEE 802.11b, a descendant of IEEE 802.11. WIFI meets the
demand for higher data transmission rates, allowing for transmissions of up to 11 Mbps.
The limitations of IPv4 and the proliferation of mobile devices required a new scalable mechanism – Mobile
IP.
Mobile IP is a standard for allowing mobile computers to roam from one network to another while
maintaining network connections and counteracting data transfer problems.
Mobile IP
 allows you to retain your IP address
 is scalable for the Internet
allows you to retain your IP address
Mobile IP allows you to stay connected and maintain ongoing applications when roaming between IP
networks, and there is no need to change your IP address.

is scalable for the Internet
Mobile IP is scalable for the Internet, and because it is based on IP, any media that can support IP can support
Mobile IP.
Quizi
Identify the advantages of Mobile IP technology.
Options:
1. Any IP compliant media can support Mobile IP
2. It alters the way in which IPv4 operates
3. Mobile IP allows the mobile node to maintain connectivity when switching networks without changing its IP
address
2. Mobile IP specifications
A mobile node should be able to
 communicate with other nodes after changing its link layer point of attachment to the Internet while
maintaining its IP address
 communicate with other nodes that do not implement these mobility functions
It is important that some devices are not interrupted when a mobile node roams across network boundaries.
 Remote login
 Remote printing
 File transfer
Remote login
Remote login is one of the most popular Internet applications. Instead of having a hardwired terminal on each
host, you can log in to one host and then log in remotely across the network to any other network device on
which access is permitted. In this way, it is possible to manage network devices such as routers or switches.
Telnet is a remote login application.
If a mobile user was using remote login to manage their network, loss of connectivity could affect the integrity
of the network and leave it vulnerable to a session-stealing attack.
Remote printing

Although electronic mail is preferable as a means of third-party communication, in some cases it may be
necessary to print information in hard-copy form at a remote location. The remote output device may consist
of a standard line printer, a printer with multiple fonts and faces, a printer that can reproduce graphics, or a
facsimile device. Remote output may be accompanied by information that identifies the intended recipient.
If a mobile user loses their connection while printing to a remote location, the full document will not be
delivered. This leads to increased overheads, as the action will have to be repeated, and reduces productivity.
File transfer
File transfer is usually achieved using File Transfer Protocol (FTP). FTP is used to share files (computer
programs and/or data) and to shield a user from variations in file storage systems among hosts. It is also used
to transfer data reliably and efficiently. FTP, though usable directly by a user at a terminal, is designed mainly
for use by programs. This means that most of the time the user is unaware that the protocol is being used.
A drop in connectivity during file upload will lead to users not viewing the latest version of files and will cause
delays in transactions.
Other applications that require constant connectivity are multimedia applications using multicast addresses,
online collaboration, and file sharing.
When a mobile node moves to another network, it sends updates to other nodes - which must be
authenticated - declaring it's new location.
A Mobile IP solution works when you remain within the same network topology. For instance, if you begin
communicating from within a network and then move to another network, Mobile IP ensures that your data
connection is maintained.
Mobile IP also allows you to roam between different network types, such as moving from a wired Ethernet
network to a wireless WAN.
The Mobile IP solution is possible because the mobility functions are performed at the network layer rather
than at the physical layer.
Quizii
Identify the true statement in relation to Mobile IP specifications.
Options:
1. For Mobile IP to operate successfully, the mobile node must remain within a single network type
2. Mobile IP compliant software must be installed on all participating nodes to facilitate roaming
3. Mobile IP's mobility functions are performed at the physical layer
4. With Mobile IP, it is safe to roam between different networks when using remote login
3. The Mobile IP network
The Mobile IP infrastructure allows mobile nodes to roam from network to network.

The Mobile IP network has four main entities.
 Mobile node
 Correspondent node
 Foreign agent
 Home agent
Mobile node
The mobile node can be a cell phone, PDA, laptop, or router. A mobile node is administered a long-term IP
address in the same way that a stationary host is given a permanent IP address. This IP address, known as a
care-of address, allows the mobile node to continue to communicate with other Internet nodes at any
location.
Correspondent node
A correspondent node is a device on the Internet. It can be a workstation, server, router, or other network
device with which the mobile node is communicating. A correspondent node need only know the home
address of the mobile node and may be either mobile or stationary.
Foreign agent
The foreign agent is a router that acts as a conduit, delivering data between the mobile node and the home
agent, when the mobile node roams to a foreign network.
Home agent
The home agent is a router on the home network that acts as an anchor for communication with the mobile
node. It maintains the current location of the mobile node and tunnels information from the correspondent
node to the mobile node.
Quiziii
Match the network entities to their functions.
Options:
1. Correspondent node
2. Foreign agent
3. Home agent

4. Mobile node
Targets:
A. This device need not know the mobile nodes location
B. This device can communicate with other Internet nodes regardless of location
C. This device maintains the current location information of the mobile node
D. This device tunnels data to the mobile node when it is away from home
Summary
The increase in use of mobile devices has driven the demand for a technology that facilitates roaming and
supports data transfer between networks. Mobile computing technology aims to marry the reliability of
desktop connectivity with the rootless adaptability of the cell phone. IPv4 provided a limited solution to this
problem, but it was the development of mobile IP that finally enabled users to roam between networks and
continue to deliver and receive data.
Mobile IP meets the dual criteria for roaming – it allows a mobile node to change its link-layer point of
attachment to the Internet without changing its IP address and is backward compatible. Mobile IP allows the
mobile node to roam within homogeneous and heterogeneous networks, and it performs all its mobility
functions at the network layer.
The mobile IP infrastructure is based on four main entities – the mobile node, the correspondent node, and
the home and foreign agents. Each entity plays a role in ensuring that the mobile node can continue to send
and receive data while roaming between networks.

B. Mobile IP operation
1. The Mobile IP process
2. Acquiring a care-of address
1. The Mobile IP process
There are three phases in the Mobile IP process.
 Agent discovery
 Registration
 Tunneling
Agent discovery
In the agent discovery stage, the mobile node establishes whether it is in a home or foreign network. The
mobile node establishes its location by listening to advertisements from home agents (HA) and foreign agents
(FA). Agent advertisements carry information such as the agent care-of address and services like reverse
tunneling or generic routing encapsulation (GRE) that are available on the network.
Description of network using Mobile IP follows.
There is a laptop in a foreign network receiving an agent advertisement from a foreign agent. The foreign
network is linked to the Internet, which is linked to the home network of the laptop which has an HA.
Description ends.
There are two modes of agent discovery:
Mobile nodes can listen to the advertisements sent by the mobility agents and discover their location in this
way.
Mobile nodes can send out agent solicitation messages. These messages force agents on the network to send
out agent advertisements and indicate the location of the mobile node.
A mobile node can determine whether it is located in its home network or a foreign network.
A mobile node can discover when it has returned to a home network. When this happens, the mobile node

sends a registration request message to an HA in order to deregister because it no longer requires an HA.
A mobile node can also discover that it has remained in a home network. In this case, it does not operate using
mobility services therefore does not initiate communication with either an HA or FA.
When a mobile node discovers it is in a foreign network, it acquires a care-of address (COA). It can acquire a
COA from the FA agent advertisement message.
Alternatively, the mobile node can acquire a co-located care-of address (CCOA) through external means.
Registration
The second phase of Mobile IP is registration. The mobile node uses the IP address and mobility security
association of its HA, its home IP address or another user identifier, and information gained from the agent
advertisement to form a Mobile IP registration request.
In the registration phase, mobile nodes notify the HA of their position. They do this by registering their COA or
CCOA through registration request and reply messages.
The mobile security association is a collection of security contexts between a pair of nodes that may be applied
to Mobile IP protocol exchanges and is used in home agent/mobile node authentication. The contexts define
the authentication algorithm to be used, the type of replay protection to be used and the secret key, either
shared or public/private.
Registration is completed directly or indirectly. If the mobile node has a COA, it must send its registration
request through the FA. The FA then forwards it to the HA. The HA then sends a registration reply to the FA,
which forwards this on to the mobile node.
Description of registration process using Mobile IP follows.
The graphic shows a person with a laptop moving between foreign networks. As the person moves to a new
network he is allocated a new COA and registers this with his home agent.
Description ends.
If the mobile node has a CCOA, it sends the registration request directly to the HA. The HA then sends the reply
to the registration request directly back to the mobile node.
Tunnelling
Once registration has taken place, packets addressed to the mobile node's home address are forwarded to the
mobile node in its new location.
Datagrams intended for the mobile node are intercepted by the HA and tunneled to the FA or sent directly to
the mobile nodes using its CCOA.
If data is traveling from the mobile node to corresponding nodes, standard IP routing mechanisms are used. In
this case, the datagrams do not always have to pass through the HA. Because this process is transparent to
corresponding nodes, the mobile node will always appear to be on its home network.

Quiziv
Suppose a mobile node has established that it is operating away from home, and it has already acquired a co-
located care-of address (CCOA).
What does the mobile node do next?
Options:
1. Continues to operate without mobility services
2. Registers its CCOA with the HA
3. Register its new care-of-address with the HA via the FA
2. Acquiring a care-of address
The following two modes are available to mobile nodes for acquiring care-of addresses:
 foreign agent care-of address (COA)
 co-located care-of address (CCOA)
The network administrator decides which address acquisition mode to use.
In the foreign agent care-of address mode, the mobile node acquires the COA through the agent
advertisement messages sent by the FA. The COA is an IP address of the FA on the foreign network.
Packets intended for the mobile node are intercepted by the HA and forwarded to the FA. The FA acts as the
endpoint for tunneled datagrams intended for the mobile host. The FA decapsulates the datagrams and
delivers the relevant data to the mobile node.
In CCOA mode, the mobile node acquires a CCOA externally. It is assigned to one of the mobile node's
interfaces, it represents the mobile node's current location, and it can only be used by one mobile node at a
time.
The CCOA may be temporarily acquired dynamically through the dynamic host configuration protocol (DHCP).
Alternatively, the mobile node may own a long-term address for its exclusive use when visiting particular
foreign networks.
When CCOA mode is used, datagrams intended for the mobile node are sent directly to the CCOA. The mobile
node acts as the endpoint of the tunnel and decapsulates the datagrams tunneled to it.

There is an advantage to each address acquisition mode. In COA mode, there is less pressure for IPv4
addresses than in CCOA mode. This is because FA interface IP addresses can be assigned to multiple mobile
nodes, rather than being assigned to single mobile nodes at any one time.
An FA is not essential to mobility in the CCOA method. This is because the mobile node does not use the FA's
interface as its care-of address. Instead it acquires an address from an external source, such as a DHCP server.
Quizv
A mobile node moves into a foreign network and registers its new address indirectly with its HA.
Where has it acquired its temporary address?
Options:
1. From the HA
2. From the FA
3. Through dynamic host configuration
4. It uses its own special IP address for operation in foreign networks
It is essential to note the difference between a care-of address (either COA or CCOA) and an FA. A care-of
address is an endpoint for tunnelled datagrams to a mobile host. An FA is a mobility agent. The FA provides
network services to mobile nodes on its network.
It is possible to have more than one FA on a network. An FA is likely to be a router, but could be any network
device capable of acting as a tunnel endpoint and sending agent advertisements.
Quizvi
What is the main advantage of using CCOA mode?
Options:
1. Low demand for IPv4 addresses
2. Mobile node can function without an FA
3. Registration with the HA is optional
There are different routing processes in
 COA
 CCOA
COA
In COA mode, the FA and mobile node must be on the same network link. The mobile node and FA route
packets to each other to their respective data-link layer addresses (usually their MAC addresses). Both nodes
bypass standard IP routing protocols.

CCOA
In CCOA mode. the mobile node must be on the same network link as that indicated in the network prefix of
the CCOA. If they are on different networks, packets will not be deliverable.
Suppose a commuter is using a laptop while traveling through a foreign network. First the laptop registers the
COA, acquired from the agent advertisement of the FA, with its own HA.
Once the laptop has registered its new address with the HA, datagrams intended for the laptop are
intercepted by the HA, and tunneled toward the FA. The FA decapsulates the data and forwards it to the
laptop in its new location.
Quizvii
Suppose you are using your laptop while traveling on a train. When you power on your laptop, it discovers that it
is in a foreign network through agent advertisement messages.
What happens next?
Options:
1. Data intended for the laptop is tunneled from the HA to the FA
2. The laptop acquires a COA
3. The laptop registers its new address with the HA
4. The laptop sends a registration request to the HA
Summary
There are three processes in Mobile IP. These are agent discovery, where a mobile node establishes its
location and acquires a care-of address if in a foreign network, registration, where the mobile node registers
its new location with the HA and tunneling, where data intended for the mobile node is tunneled from the HA
to the FA. At the FA, data is decapsulated and sent on to the mobile node.
There are two modes of acquiring a care-of address. First a foreign agent care-of address (COA) can be
acquired. In this case, the address is an interface address of the FA. Second, mobile nodes can acquire a co-
located care-of address (CCOA). In this mode, the mobile node acquires the address from an external
network source. There are different advantages associated with each mode

C. Agent discovery
1. The functions of agent discovery
2. Agent advertisements
3. Move detection
1. The functions of agent discovery
Agent discovery is the first phase of the Mobile IP process. In this phase, mobile nodes determine their
location. Mobile nodes use agent discovery to establish whether they are on a home or foreign network and
to identify that they have moved from one network to another.
In agent discovery, mobile nodes rely on agent advertisements from mobility agents (foreign or home agents)
to determine their location. They can also send agent solicitations, which force mobility agents to respond
with agent advertisements. Mobile nodes acquire a care-of address from the agent advertisement when
visiting a foreign network.
An agent advertisement is a message constructed by attaching a special extension to a Router Advertisement.
Mobility agents broadcast these messages.
Quizviii
Which of the following are functions of agent discovery?
Options:
1. Used by the mobile node to determine whether the node is in a home or foreign network
2. Used to determine whether a mobile node has moved from one network to another
3. Used to register location of mobile nodes
Mobile IP uses existing ICMP mechanisms by adapting ICMP router discovery for the operation of agent
discovery.
Router discovery was traditionally achieved by the host reading a list of one or more router addresses
contained in its configuration files when it was powered on.

Another traditional method for router discovery on multicast links is for the host to listen to routing protocol
traffic.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
10.5.161.60 server1 #data repository 1
10.5.164.200 server3 #software depository
10.5.161.58 server4
10.5.161.56 server5
The two disadvantages of reading configuration files are the considerable resource time needed to keep the
configuration files updated and the inability of these files to dynamically track changes in router availability.
The disadvantage of listening in on router traffic is that hosts are required to recognize the various routing
protocols used from network to network.
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:

#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
10.5.164.200 server3 #software depository
10.5.161.58 server4
10.5.161.56 server5
Because of the disadvantages of traditional router discovery methods, Mobile IP has adapted ICMP router
discovery. In ICMP, there is no need to manually configure router address lists and ICMP is independent of
any routing protocol.
Mobile IP combines its agent advertisements with ICMP router discovery messages.
Note
Router discovery messages are not a protocol in themselves. They allow hosts to discover the existence of
neighbouring routers, but not which routers are best for reaching a particular destination.
The following ICMP router discovery messages are used by Mobile IP agent advertisement and solicitation
messages.
 Router advertisements
 Router solicitations
ICMP (Internet Control Message Protocol) is one of the main protocols of the Internet Protocol Suite. It is
used by network devices, like routers, to send error messages indicating, for example, that a requested
service is not available or that a host or router could not be reached. ICMP can also be used to relay query
messages. It is assigned protocol number 1. ICMP[3] differs from transport protocols such as TCP and UDP in
that it is not typically used to exchange data between systems, nor is it regularly employed by end-user
network applications (with the exception of some diagnostic tools like Ping and Traceroute).
Router advertisements
In Mobile IP, the agent advertisements are part of these ICMP router advertisements. The agent
advertisement is formed by adding a mobility agent advertisement extension into the ICMP router
advertisement message.
In ICMP, each router on a network broadcasts or multicasts router advertisements from each of its interfaces
at defined intervals to set all nodes on the same network link.
Router solicitations
In Mobile IP, agent solicitations are the same as ICMP router solicitations, except that IP TTL (time to live for
packets) must be set to 1. A router solicitation is where a mobile node multicasts a message to ask for
advertisements from neighboring routers on the same network link instead of waiting for periodic
advertisements to arrive.

If the mobile node does not receive any response, it can retransmit the router solicitation messages, but after
a set interval must stop. Once this happens, the mobile node will have to wait and discover the routers
through the periodic agent advertisements.
Each router advertisement contains a
 preference level
 lifetime field
preference level
Each router advertisement contains a preference level for all of its advertised addresses. When acquiring a
care-of address from an agent advertisement, the mobile node should choose an address of the highest
preference.
The network administrator configures the preference levels and can use this to discourage the use of certain
addresses.
lifetime field
Each router advertisement includes a lifetime field. The lifetime field specifies the amount of time a router is
considered valid by the mobile agent, assuming no further advertisements are received.
The lifetime field ensures that a mobile node will drop failed routers, uncontactable routers, or routers that
are no longer functioning as routers.
In the agent discovery phase, the default rate at which agent advertisements are issued is once every 7 to 10
minutes. The default lifetime of an advertisement is 30 minutes.
Because router advertisements may be unavailable, or disabled by an administrator, on any link or from any
router, they are not appropriate for black hole detection (that is, detecting when the first hop of a path fails).
Hosts should already have a system in place for detecting black holes. However, network administrators can
configure the default advertising rate to be suitable as an additional element of black hole detection.
Suppose a commuter is using her laptop while traveling to a client. When the commuter moves into a foreign
network, her laptop picks up one of the ICMP router advertisements from a local router. The agent
advertisement extension is contained in this message.
The commuter's laptop will then choose the highest preference-level interface address contained in the
agent advertisement extension and use this as its care-of address. The laptop is then ready to register and
use this temporary address.
Quizix
Which of the following are characteristics of agent discovery in Mobile IP?
Options:

1. An agent advertisement is part of an ICMP router advertisement
2. An agent solicitation message is identical to an ICMP router solicitation
3. Mobile IP extends ICMP router discovery
4. Mobile nodes discover neighboring router addresses by listening for advertisements
2. Agent advertisements
Agent advertisements are messages transmitted by mobility agents (foreign and home agents) to advertise
their services on a certain network link. Mobile nodes use these to determine where they are connected to
the Internet.
A mobile node also selects a router interface address from agent advertisements. The node then uses this
address as a care-of address. Information directed to the mobile node home address is redirected to the
care-of address for as long as the node is registered at this address.
Agent advertisements are sent at set intervals. The interval should normally be one-third of the router's
lifetime, which is specified in the ICMP header.
Note
A lifetime is the length of time a router should be considered valid by mobile nodes in the absence of further
agent advertisements.
By setting the lifetime to one-third of the router's lifetime, a mobile node can miss three successive
advertisements before removing the router from its list of available agents.
Home agents must always be prepared to provide services to mobile nodes for which they are the home agent.
This ensures mobility for all mobile nodes roaming between home and foreign networks.
Foreign agents (FAs) may have periods when they are too busy to serve any more mobile nodes. During this
time, they must continue to send agent advertisements. This keeps nodes that the FA is servicing up to date on
the FA's availability. Even though the FA cannot service any additional mobile nodes, it can continue to support
the mobile nodes on its current list.
An FA can indicate to nodes that it is too busy to service new ones. It does this by setting the busy bit in its
agent advertisement.
All mobility agents should adhere to the following rules:

 if an agent is not detectable using a data-link layer protocol, it must send an agent advertisement
 agents should send an agent advertisement even if they can be discovered by a data-link layer
protocol
 agents should respond to agent advertisements
Quizx
Identify the characteristics of how home agents (HAs) and foreign agents (FAs) operate in relation to agent
advertisements?
Options:
1. FAs and HAs must always be prepared to serve mobile nodes
2. FAs can indicate that they are too busy to service additional mobile nodes
3. HAs are sometimes too busy to serve additional nodes
4. HAs must always be prepared to serve the mobile nodes for which they are Has
Mobile IP agent discovery operates in the same way as ICMP router discovery, except for the following areas:
 broadcast rate
 IP source address requirements
 when to broadcast
broadcast rate
Mobility agents are required to set limits on their broadcast rate. This means they must cap the rate at which
they multicast agent advertisements. A recommended maximum broadcast rate is one agent advertisement
per second.
IP source address requirements
Mobility agents must not require that the IP source address in agent advertisements are from neighboring
nodes. This means the router can accept solicitations from nodes that are foreign to their network.
when to broadcast
Mobility agents have some choice in when to broadcast. They may be configured to send agent
advertisements only in response to agent solicitation messages.
Suppose a commuter is traveling by train to a meeting. He is using a laptop to access files on the company
home network. As the train crosses into a new network, the laptop continues to listen for agent
advertisements. These are sent by two routers, Router A and Router B, in the new network every 10 minutes.
The commuter's laptop registers with Router A as its foreign agent because its available interface addresses
are of the highest preference level. Router A then fails to send any further agent advertisements.
After 10 minutes (one-third of Router A's lifetime), the laptop deletes Router A as its foreign agent and
registers with Router B. The lifetime of Router B has not expired and it continues to broadcast agent
advertisements. The laptop keeps Router B as its foreign agent until moving into a different network.

3. Move detection
In move detection, it is recommended that a mobile node registers its new care-of address when it has
moved to a different network. It is essential that it does not register more than once per second on average.
A mobile node detects that it has moved to its home network when it receives an agent advertisement from
its home agent (HA). At this point, it should deregister with its HA and configure its routing table to home
network specifications.
Mobile nodes employ two methods to detect movement between networks.
 Method 1
 Method 2
Method 1
Method 1 is based on the lifetime field in the ICMP router advertisement part of the agent advertisement.
Mobile nodes should
 record the lifetime of that addresses in the lifetime field of the agent advertisement
 assume that the router has failed is they do not receive any subsequent agent advertisements from that router
after the lifetime has expired
 attempt to discover a new mobility agent to register with is the lifetime of the current agent has expired and
they have received no further advertisements
If the lifetime of the current mobile agent has expired and the mobile node has previously received an
advertisement from an agent whose lifetime fields have not expired, they may immediately attempt to register
with that agent.
Method 2
In Method 2 the mobile node compares network prefixes contained in agent advertisements to establish
whether or not it has moved. The mobile node may compares prefix-lenghts in the new agent advertisement
with that in the agent advertisement of its current mobility agent. If the prefix-lenghts are different, the
mobile node may assume that it has moved.
When the lifetime of the current agent advertisement expires, the mobile node may choose to register with

the foreign agent who sent the new agent advertisement with the different prefix length.
This is on the condition that the lifetime of the new agent advertisement has not expired.
Quizxi
What are the characteristics of the move detection method that is based on the lifetime field?
Options:
1. Mobile nodes record the lifetime of all foreign agents
2. Uses comparisons in prefix-lengths extensions
3. Uses information in the lifetime field of the ICMP router advertisement section of the agent advertisement
4. When the lifetime of the foreign agent expires, mobile nodes must wait for a new agent advertisement
Summary
Agent discovery is where mobile nodes detect their current location through agent advertisements from
mobility agents. Mobile IP has adapted the ICMP router discovery mechanism for its agent discovery
processes. It utilizes ICMP router advertisements and ICMP router solicitations to send agent advertisements
and agent solicitations.
Agent advertisements are messages broadcast by mobility agents to advertise services. They are used by
mobile nodes for move detection and forward care-of address acquisition. There are different mobile service
requirements for home and foreign agents. On the whole, agent discovery operates in the same manner as
ICMP router discovery.
In move detection, mobile nodes should register their new care-of addresses with their HAs. A mobile node
discovers it has returned to its home network though agent advertisements from its HA. There are two
methods for movement detection. Method 1 is based on information in the lifetime field of the router
advertisement. Method 2 is based on comparing prefix-lengths extensions in agent advertisements.

Registration, routing, and security
Learning objectives:
 identify how a mobile node requests services from a foreign network and communicates its
location to the home agent.
 identify the procedures that enable mobile nodes, foreign agents, and home agents to route data
to and from a mobile node.
 distinguish the types of security threats Mobile IP faces and what can be done to mitigate those
threats.
D. Registration
E. Routing considerations
F. Security considerations
D. Registration
1. Registration purpose and procedures
2. Mobile IP registration considerations
Summary
1. Registration purpose and procedures
Mobile IP enables mobile nodes roaming between IP networks to use the same IP address, ensuring the
mobile node is still reachable and that sessions or connections are not dropped because they are away from
the home network.
Mobile IP also enables the remote user to maintain on-going applications while roaming. These applications
include remote login and file transfer.
With Mobile IP, next-hop decisions are based on a mobile node's care-of address - current point of
attachment to the Internet - not on the IP address of the destination.
Registration messages exchange information between a mobile node and a home agent. This can be done
either directly or via a foreign agent.
Mobile IP registration enables a mobile node to:
 inform its home agent of its care-of address

 seek forwarding services from a foreign network
 renew a registration
 support several registrations at the same time
 deregister specific care-of addresses
 find the address of a home agent
 deregister when it returns to its home network
inform its home agent of its care-of address
During registration, a mobile node can inform its home agent of its current care-of address. This can be a
foreign agent care-of address or a co-located care-of address.
seek forwarding services from a foreign network
A mobile node can request forwarding services from a foreign network, acquiring a temporary care-of address.
renew a registration
A mobile node can renew a registration that is due to expire.
support several registrations at the same time
A mobile node can support multiple registrations at the same time. This means that a copy of every datagram
can be tunnelled to each of the mobile node's care-of addresses.
deregister specific care-of addresses
A mobile node can deregister a specified care-of address and still retain its other mobility bindings.
find the address of a home agent
A mobile node can find the IP address of its home agent if it doesn't already have this information configured.
deregister when it returns to its home network
A mobile node can deregister when it returns to its home network. In fact, deregistering should take place only
after the mobile node has received an agent advertisement from its home agent indicating that it has returned
home and it has reconfigured its routing table for the home network.
In registration, a mobility binding is created at the home agent. This is when a mobile node's home address is
associated with its care-of address for a specified period of time. The mobile node keeps its own IP address.
Quizxii
What does Mobile IP registration allow a mobile node to do?
Options:
1. Deregister when it returns to its home network
2. Inform its home agent of the care-of address
3. Maintain multiple registrations simultaneously
4. Register a new home IP address
There are two registration procedures defined by Mobile IP - registering directly with a mobile node's home
agent or using a foreign agent to pass the registration to the mobile node's home.

Both procedures involve the exchange of registration request and registration reply messages.
A mobile node must register or deregister directly with its home agent when it returns to its home network.
A mobile node using a foreign agent care-of address must register via that foreign agent. The registration
process for using a foreign agent is as follows:
 Step 1
 Step 2
 Step 3
 Step 4
Step 1: The mobile node sends a registration request to the foreign agent.
Step 2: The foreign agent processes the registration request and passes it to the home agent.
Step 3: The home agent sends a registration reply to the foreign agent permitting or refusing the request.
Step 4: The outcome of the request is processed by the foreign agent and then forwarded to the mobile node.
A mobile node using a co-located care-of address must register directly with its home agent.
When registering directly with its home agent, a mobile node first sends a registration request to the home
agent. The home agent then sends a registration reply permitting or refusing the request.
Note
A mobile node using a co-located care-of address that receives an agent advertisement from a foreign agent
on the link used by the care-of address must register via that foreign agent if the 'R' bit is set in the received
agent advertisement message.
A mobile node uses a registration request message to register with its home agent, enabling the home agent
to create or modify a mobility binding for the mobile node.
The registration request can be sent directly to the home agent if the mobile node is registering a co-located
care-of address. Alternatively, the registration request can be sent via the foreign agent the mobile node is
registering with.
After it has sent the registration request message, the mobile node receives a registration reply from either
the home agent or the foreign agent.
If the mobile node requested service from a foreign agent, the foreign agent will receive a registration reply
from the home agent and forward it to the mobile node. This reply message informs the mobile node of the
status of its request and the lifetime permitted by the home agent. The lifetime permitted can be smaller
than the original request.

Quizxiii
Suppose a mobile node is registering its care-of address via a foreign agent. Rank the broadcast messages in the
order they are exchanged.
Option Description
A The registration request is passed on to the home agent
B The registration reply is sent to the foreign agent
C A registration request is sent to the foreign agent
D The registration reply is forwarded to the mobile node
Quizxiv
In which instances should you register a mobile node via a foreign agent?
Options:
1. If it is deregistering on its home network
2. If it is registering using a foreign care-of address
3. If it is using a co-located care-of address
4. If it is using a co-located care-of address and receives an advertisement with the R bit set
2. Mobile IP registration considerations
In Mobile IP registration, messages are exchanged directly between home agents and mobile nodes, or they
are exchanged via foreign agents.
 Mobile node
 Foreign agent
 Home agent

Mobile node
A mobile node must be configured with its own home address, a mobility security association for each home
agent, and a network mask.
It can be configured with the IP address of one or more of its home agents. If the mobile node does not have
the IP address of the home agent, it must find a home agent.
The mobile node plays an active role in mobile registration, for instance, it initiates the registration requests
sent to home agents. It may also supply the care-of address when registering. If the mobile node supplies the
care-of address, it will also encapsulate and decapsulate all traffic to and from the home agent.
The mobile node is responsible for determining its location within the Internetwork and registering and
deregistering accordingly.
A mobile node should not attempt a new registration if its current registration has not expired and it is still
receiving agent advertisements from the foreign agent with which it is currently registered.
For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). A mobile node
must maintain the following information for each pending registration:
 the link-layer address of the foreign agent to which the registration request was sent, in this case, 00-04-8A-03-
26-5E
 the IP destination address of the registration request, in this case,172.16.8.1
 the care-of address used in the registration, in this case, 172.16.8.1
 the Identification value sent in the registration, in this example, 13
 the originally requested lifetime, in this example,18000
 the remaining lifetime of the pending registration, in this case,17521
The mobile node should register or reregister with a foreign agent if the mobile node detects that the foreign
agent has rebooted or that the current registration's lifetime is near expiration.
A mobile node can register with a different agent if transport layer protocols indicate excessive retransmission.
It should not register with a new foreign agent if it receives an ICMP redirect from a foreign agent that is
currently providing service to it.
Foreign agent
In Mobile IP registration, the foreign agent's role is a mostly passive one. Each foreign agent must be
configured with a care-of address. The foreign agent provides the care-of address and passes registration

requests between mobile nodes and home agents. When it provides the care-of address, the foreign agent
decapsulates datagrams that are delivered to the mobile node.
If the foreign agent is not detectable by link-layer means, it should occasionally send agent advertisement
messages to indicate that it is present.
The foreign agent keeps a visitor list entry for each pending or current registration. The information in the
visitor list is obtained from the mobile node's registration request.
For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). The FA's visitor list
entry contains the following information:
 the link-layer source address of the mobile node, in this case, 00-07-8B-03-26-5E
 the IP source address, in this case, 192.168.5.4
 the IP destination address, in this case, 172.16.8.1
 the UDP source port, in this case, 43
 the home agent address, in this case, 192.168.5.1
 the identification field, in this case, 13
 the requested registration lifetime, in this case,18000
 the remaining lifetime of the pending or current registration, in this case, 17521
Home agent
In registration, the home agent plays a reactive role, receiving registration requests directly from the mobile
node or a foreign agent. The home agent updates its record of the mobility bindings for the mobile node. It
then issues a registration reply accepting or rejecting each request.
A home agent should only transmit a registration reply when replying to a registration request received from a
mobile node. It must not generate a registration reply to indicate that the lifetime has expired.
The configuration requirements for a home agent include the following:
 it must be configured with the IP address and prefix size of the home network
 it must be configured with the home address and mobility security association of each mobile node it serves as a
home agent
The home agent must create - or modify - an entry in its mobility binding list for each of the authorized mobile
nodes. For example, a mobile node (192.168.5.4) has a foreign agent care-of address (172.16.8.1). The mobility
binding list entry must contain the mobile node's care-of address:172.16.8.1.
The mobility binding list entry must also contain the identification field from the registration reply, in this case
13, and the remaining lifetime of the registration, in this case, 17521.
Quizxv
Match each Mobile IP agent with the role it plays in IP registration.
Options:

1. It makes registration requests
2. It receives registration requests
3. It relays registration requests
Targets:
A. Foreign agent
B. Home agent
C. Mobile node
Quizxvi
Match each Mobile IP agent with its configuration requirements.
Options:
1. It must be configured with the IP address of the home network
2. It must be configured with its own IP address
3. It must be configured with a care-of address
Targets:
A. Foreign agent
B. Home agent
C. Mobile node
Quizxvii
Suppose a sales representative out on the road wants to download the latest product information from the home
network. The laptop is currently registered with a foreign agent (FA) with the IP address 10.5.4.3.
Identify the circumstances in which this mobile node should register with a new foreign agent.
Options:
1. When another foreign agent sends agent advertisement messages to it
2. When its current registration lifetime has expired
3. When it receives an ICMP redirect from the FA 10.5.4.3
4. When transport layer protocols indicate excessive transmissions
Summary
In Mobile IP registration, a mobile node's home address is associated, for a specified lifetime, with a care-of
address. This mobility binding can be created directly with the home agent by using a co-located care-of
address. Alternatively, a foreign agent can be used to relay the registration. Both procedures involve the
exchange of registration request and registration reply messages.
Also in Mobile IP registration, the mobile node plays an active role, initiating requests to home agents. The

foreign agent plays a passive role, relaying requests from mobile nodes and the home agent's replies. The
home agent plays a reactive role in the registration process. The registration requests are sent to the home
agent by a foreign agent, or are received directly from the mobile node. The home agent updates its mobility
bindings records accordingly and issues a registration reply accepting or rejecting the request.

E. Routing considerations
1. MN, FA, and HA considerations
2. Mobile routers
Summary
1. Mobile Node, Foreign Agent, and Home Agent considerations
IGMP (Internet Group Management Protocol) is a communications protocol used by hosts and adjacent
routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast.
IGMP can be used for one-to-many networking applications such as online streaming video and gaming, and
allows more efficient use of resources when supporting these types of applications. IGMP is used on IPv4
networks. Multicast management on IPv6 networks is handled by Multicast Listener Discovery (MLD) which
uses ICMPv6 messaging in contrast to IGMP's bare IP encapsulation.
Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network answers the ARP
queries for a network address that is not on that network. The ARP Proxy is aware of the location of the
traffic's destination, and offers its own MAC address in reply, effectively saying, "send it to me, and I'll get it
to where it needs to go." Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy.
The "captured" traffic is then typically routed by the Proxy to the intended destination via another interface
or via a tunnel.
The process which results in the node responding with its own MAC address to an ARP request for a different
IP address for proxying purposes is sometimes referred to as 'publishing'.
In Mobile IP registration, a mobile node (MN) informs its home agent (HA) of its current location by
registering – or deregistering – its care-of address. The mobile node can register via a foreign agent (FA) or
register directly with its home agent using a co-located care-of address.
Any datagrams addressed to a (registered) mobile node visiting a foreign network are routed first to its home
network. The home agent intercepts and sends back these datagrams to the mobile node's care-of address.
After a mobile node has informed its home agent of its current location, all packets sent to or from the
mobile node are routed by the foreign agent or home agent, maintaining the appearance that it is still on its
home network.
 Mobile node
 Foreign agent

 Home agent
Mobile node
A mobile node connected to its home network does not use mobility services and operates as a fixed host or
router.
The rules a mobile node follows when selecting a default router on a foreign network depend on whether the
mobile node has registered directly with the home agent or via a foreign agent.
A mobile node registered using a co-located care-of address – registered directly with its home agent – should
select a default router from the list of router addresses advertised in any ICMP router advertisement message
that it receives. This should happen only if the externally obtained care-of address and the router address
match under the network prefix.
A mobile node registered using a foreign agent care-of address must select a default router from the router IP
addresses advertised in the ICMP router advertisement portion of the agent advertisement message.
The mobile node can also choose the IP source address of the agent advertisement as the address of the
default router, for example, if the list of router addresses in the ICMP router advertisement portion is empty.
The lowest preference for a default router is the IP source address.
If the network prefix of the mobile node's co-located care-of address and the IP source address of the agent
advertisement match, the mobile node can choose the IP source address as the IP address of the default
router. The IP source address must be considered as the lowest preference for the default router.
The network prefix – if present – can be obtained from the Prefix-Lengths Extension in the router
advertisement.
To receive multicasts, a mobile node must join a multicast group. The mobile node can join the group via a
local multicast router – if there is one present – on the visited subnet. A mobile node using a co-located care-
of address should use this address as the source address of its IGMP messages. Otherwise, it must use its
home address.
The mobile node can join a multicast group via a bidirectional tunnel to its home agent, provided the home
agent is a multicast router.
The mobile node sends IGMP messages to its home agent, and the home agent forwards the multicast
datagrams down the tunnel to the mobile node.
Foreign agent
When a foreign agent (FA) receives an encapsulated datagram that was sent to its advertised care-of address,
it compares the destination to the entries in its visitor list (a list of addresses of the currently registered mobile
nodes). If it finds a match, the FA decapsulates the datagram and forwards it to the mobile node.
For example, a correspondent node on the home network sends a datagram with the mobile node's address
(192.168.5.4) to the home agent (192.168.5.1). The home agent adds the foreign agent's address (172.16.8.1)
and sends the datagram on to the foreign agent. The foreign agent (172.16.8.1) compares the address
(192.168.5.4) to its visitor list and finds a match. It sends the datagram to the mobile node using layer 2

addressing.
If there is no matching entry in the visitor list, the FA should discard the datagram. An example of when this
might occur is when a mobile node leaves the foreign network and registers either with another foreign
network or returns to its own network.
When the FA is unable to forward an incoming tunneled datagram, it must not send ICMP destination
unreachable messages as this could prevent legitimate traffic from reaching its destination. The foreign agent
must not advertise the presence of a mobile router to other mobile nodes or to any other routers in its routing
domain.
The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram
from a registered mobile node, the FA must follow this procedure.
The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram
from a registered mobile node, the FA must follow the following procedure:
In the first step, it verifies the IP header checksum of the datagram.
In the second step, it decrements the IP time-to-live of the datagram.
In the third step, it recomputes the IP header checksum of the datagram.
In the fourth step, it sends the datagram to a default router.
In the fifth step, the FA should also send an ICMP redirect message back to the mobile node. This step is
optional, but it is recommended if the FA is not the default router.
Home agent
When the mobile node is away from home, the home agent (HA) must be able to intercept any datagrams
addressed to the mobile node – using gratuitous or proxy ARP to do this – on the home network. For example,
a sales representative when travelling can download any e-mail addressed to them from a file server.
With gratuitous ARP, an ARP packet – either an ARP request or an ARP reply packet – is sent by a node in order
to cause other nodes to update an entry in their ARP cache.
The ARP packet has to be transmitted as a local broadcast packet on the local link. Any node receiving the ARP
packet – and with an entry for that IP address already in its ARP cache – must update its local ARP cache with
the sender protocol and hardware addresses specified in the ARP packet.
With proxy ARP, a node that is either unable or unwilling to answer its own ARP requests can use another
node to send an ARP reply on its behalf.
The sender of a proxy ARP reverses the Sender and Target Protocol Address fields, typically supplying its own
configured link-layer address in the Sender Hardware Address field.
The node receiving the ARP reply associates this link-layer address with the IP address of the original target
node. It then transmits all future datagrams for the target node to the node with that link-layer address.

The IP addresses of all arriving datagrams must be examined by the HA and compared to the home addresses
of any of its mobile nodes that are currently registered away from home. Any matching datagrams are
tunneled to the mobile node's currently registered care-of address or addresses.
When a home agent supports multiple simultaneous mobility bindings (an optional facility), it tunnels a copy of
the datagram to each care-of address in the mobile node's mobility binding list.
The home agent assumes a mobile node is at home if it has no current mobility bindings and forwards the
datagram directly onto the home network.
A home agent must forward received broadcast datagrams to the mobile nodes in its mobility binding list that
have requested this facility.
It must not forward the datagram to any of the other mobile nodes in its mobility binding list.
Quizxviii
Suppose a mobile node is registered directly with its home agent and is using a co-located care-of address.
Identify the rules used to select a default router for this mobile node.
Options:
1. It can select an IP address from the list of router addresses given in the ICMP router advertisement portion of
the agent advertisement message
2. It can select the IP source address of the agent advertisement
3. It must select a default router from the addresses advertised in the ICMP router advertisement of the agent
advertisement message
Quizxix
Suppose a foreign agent receives a datagram and cannot find the IP address of the destination in its visitor list.
Identify the actions the foreign agent should take.
Options:
1. It should discard the datagram
2. It should forward the datagram to the mobile node
3. It should modify the IP header of the datagram
4. It should refrain from sending an ICMP "destination unreachable" message
Quizxx
A home agent processes datagrams addressed to a mobile node registered away from home on the home
network.

Identify the characteristics of how the home agent processes datagrams.
Options:
1. It can send to several FAs (multiple routers)
2. It checks its mobility bindings if the node is away from home
3. It never forwards broadcast datagrams
4. It sends gratuitous ARP to discover the location of the mobile node
Quizxxi
Suppose a mobile node is registered using a foreign agent care-of address (10.5.4.3). The mobile node receives an
ICMP router advertisement from 10.5.4.3 containing the router address 10.5.4.12. The mobile node then receives
an ICMP router advertisement from another router with the IP address 10.5.4.5.
What is the preferred default router IP address for this mobile node?
Options:
1. 10.5.4.12
2. 10.5.4.3
3. 10.5.4.5
2. Mobile routers
A mobile node can also be a router responsible for the mobility of a network or networks moving together,
for example, on an airplane or a train.
The nodes connected to a mobile network can be fixed nodes, mobile nodes, or routers. A mobile node can
also act as a foreign agent, providing a foreign agent care-of address to mobile nodes connected to the
mobile network.
For example, Helen, a teleworker, wants to connect to her home network to download her email. She
connects her laptop – mobile node – to a network port on a bus. The laptop registers on this foreign network
using a foreign agent care-of address (172.16.8.1).
The bus's foreign agent sends an agent advertisement enabling the care-of address to be picked up.

The network on the bus is also a mobile network. The foreign agent – router (172.16.8.1) – on the bus can
serve as a default router connecting the bus network to the rest of the Internet. This router's home agent
(172.16.8.15 ) is a node on the fixed network at the bus company's headquarters.
When the bus is in transit, the router (172.16.8.1) registers via a radio link to other foreign agents. When the
bus is at home, this router attaches to the bus' home network.
There are a number of steps involved in routing to a mobile node via a mobile router on a mobile network .
Suppose a correspondent node sends a datagram to Helen, using her laptop's home address (192.168.5.4).
On the home network, the laptop's home agent (192.168.5.1) intercepts and sends the datagram to the
laptop's care-of address (172.16.8.1). This is the IP address of the foreign agent – the router on the bus, in
this example.
The datagram is then sent using normal IP routing methods to the fixed network at the bus company's
headquarters.
The router in the bus company's headquarters (172.16.8.15) – that is also the foreign agent's home agent –
intercepts the datagram and sends it to the bus router's care-of address, for example, the foreign agent
(10.5.4.3) on the bus route.
This datagram has now been encapsulated by the laptop's home agent and by the bus' home agent.
The bus' foreign agent (10.5.4.3) decapsulates the datagram and sends it via a radio link to the bus. The
datagram is still encapsulated with the laptop's home agent (the destination address of the laptop's care-of
address).
Finally, the foreign agent (172.16.8.1) on the bus decapsulates the datagram. The datagram now has the
destination address of the datagram, that is, the laptop's home address (192.168.5.4).
The foreign agent on the bus then delivers the datagram over the bus network to the laptop's link-layer
address.
Quizxxii
A sales manager on a flight connects to the home network using the aircraft's network. A datagram is sent to a
laptop's home address (192.168.5.4). The laptop's foreign agent care-of address is the aircraft's router (10.5.4.3).
The aircraft's router also has a foreign agent care-of address (188.1.6.10).
Rank the steps involved in sending this datagram over the aircraft mobile network.
Options
Option Description

Options
Option Description
A The aircraft's foreign agent care-of address (188.1.6.10) sends the datagram to the
aircraft
B The aircraft's router (10.5.4.3) decapsulates and sends the datagram to the laptop
C The datagram is sent to the airline headquarters, where it is forwarded to the
aircraft's care-of address (188.1.6.10)
D The laptop's home agent sends the datagram to the laptop's care-of address (10.5.4.3)
Quizxxiii
Suppose a reporter on a cycling tour has a laptop (192.16.2.15). Router A, (192.16.2.1) advertises the address for
router B in a mobility agent advertisement.
If the laptop is using the Router A address of 192.16.2.1 as its default gateway, which can we assume?
Options:
1. All datagrams from the home agent are decapsulated by the foreign agent
2. All datagrams from the home agent are decapsulated by the mobile node
3. The advertised router was not on the same subnet
4. The mobile node is using a foreign agent's care-of address
If a fixed node has a mobile network as its home network, its home agent can be configured to have a
permanent registration for this fixed node, indicating the mobile router's address as the fixed host's care-of
address. Any datagrams sent to the fixed node will use recursive tunneling. The home agent – usually a
mobile router's home agent – is responsible for advertising connectivity using normal routing protocols to the
fixed node.
An alternative method – that avoids the need for recursive tunneling of datagrams – is when the mobile
router advertises the connectivity to the mobile network using normal IP routing protocols via a bidirectional
tunnel to its own home agent.
Summary
A mobile node can select a default router from the router IP addresses advertised in the ICMP router
advertisement portion of that agent's advertisement message. When a foreign agent receives an
encapsulated datagram, it compares the destination to the entries in its visitor list. If there is no matching

entry, the datagram must be discarded. When the mobile node is away from home, the home agent
intercepts any datagrams on the home network that are addressed to the mobile node and forwards them to
the mobile node's care-of address.
A mobile node can also be a router responsible for the mobility of a network. It can act as a foreign agent
providing a foreign agent care-of address to mobile nodes connected to this mobile network. The nodes
connected to this mobile network can be fixed nodes, mobile nodes, or routers

F. Security considerations
Introduction
Threats to Mobile IP
Mitigating the threats to Mobile IP
Summary
Introduction
Mobile IP has become important for the average consumer and for businesses. Mobile IP standards are ever
improving, as are the services offered by service providers. Because of this, more efficient services and
applications are available to mobile users. In business, key employees can be kept up to date with critical
information, which results in improved customer service and, ultimately, in improved customer relations.
Mobile IP allows consumers to communicate and to avail of a variety of services, such as instant messaging
and SMS alerts to their cellular phones with, for instance, the latest traffic reports or sports results.
With the development of large open networks – networks with access to the Internet, and other private and
public networks – threats to security have increased and more security vulnerabilities have been discovered.
The technical knowledge required to hack a network has become more widely available and hacking tools are
more user friendly.
Because of the way Mobile IP operates, the transfer of information is vulnerable in terms of security. The
registration process in itself is vulnerable because, typically, mobile computers are connected to the network
via wireless links. When mobile nodes on foreign networks register with their home networks via wireless
links, they are vulnerable to attacks such as passive eavesdropping and active replay. This means that
authentication mechanisms in Mobile IP registration need to be particularly strong. For example, service
providers need to authenticate messages sent between foreign agents and home agents to ensure only
legitimate customers are provided with service and to enable billing.
Threats to Mobile IP
Specific threats to Mobile IP include the following:
 denial-of-service attack
 passive eavesdropping
 session-stealing attack
 replay attack
Denial-of-service attack
A denial-of-service (DoS) attack is specifically designed to disrupt the normal functioning of a system by
destroying or modifying data, or by overloading the system's servers. The organization (or user) is then
deprived of services such as e-mail or perhaps the temporary loss of all network connectivity and services.
One type of DoS is a nuisance packet attack (TCP SYN flooding). This type of attack can be quite difficult to
prevent because a sender can spoof the source address. However, the service provider can use ingress
filtering in routers to make sure the IP source address of a packet is authenticated before it is forwarded.

Another type of DoS attack precludes packets from flowing between two nodes. For example, an attacker –
who must be on the path between the two nodes – creates a bogus registration request, giving a personal IP
address as the care-of address for a mobile node. This means the mobile node's home agent will send all
packets to the attacker.
This type of attack can be prevented if there are cryptographically resilient authentication procedures
between a mobile node and its home agent. KEYED MD5 is the default algorithm used, drawing on RFC 1321
to provide secret-key authentication and integrity checking. Although all mobile nodes must sustain this
algorithm, Mobile IP does enable a mobile node to use different types of authentication.
Passive eavesdropping
Theft of information can occur when an attacker accesses network packets that come across the network to
which he is attached (man-in-the-middle attack), typically by using network packet sniffers and routing and
transport protocols. Encryption is a common way of preventing a passive eavesdropping (or theft-of-
information) attack, protecting the data from being accessed by unauthorized persons. Link-layer encryption
is commonly used between a mobile node and its foreign agent of a wireless link where all packets
exchanged over the link are encrypted. Because no physical connection is required, it can be easier to snoop
on a wireless link.
End-to-end encryption, where the data is encrypted and decrypted at the source and destination, is the most
thorough method of protecting the data. Secure Sockets Layer (SSL), Secure Copy (SCP), and Secure Shell
(SSH) are examples of Internet-based applications that provide end-to-end protection. Other application
programs that do not provide for encryption can use Encapsulating Security Payload RFC (1827) for end-to-
end encryption.
Session-stealing attack
A session-stealing attack is when an attacker pretends to be a legitimate node and captures a session. The
attacker waits for a valid node to authenticate itself and initiate an application session. The attacker then
transmits numerous nuisance packets to prevent the node from recognizing that the session has been
captured. Session-stealing attacks can be prevented by end-to-end and link-layer encryption.
Replay attack
A replay attack is when an attacker obtains and stores a copy of a legitimate registration request and replays
it later to create a forged care-of address for a mobile node. To prevent this, a mobile node produces a
unique value for the Identification field for each successive registration. The Identification field allows the
home agent to ascertain what the subsequent value should be. The attacker is therefore hampered because
the home agent will be able to identify the Identification field in the stored registration request as outdated.
Mitigating the threats to Mobile IP
The registration process of Mobile IP requires strong authentication procedures as it offers many
opportunities for malicious intervention. Any sensitive data that is transferred should be encrypted. If
location privacy is required, mobile nodes can connect to their home network via a tunnel. The home agent
forwards any packets sent to the mobile node to its care-of address and so the mobile node still appears to
be on the home network.

Cryptography
Cryptography is one of the main methods used to maintain confidentiality, that is, to ensure sensitive data is
viewed only by users who are authorized. Cryptography involves the use of cryptographic algorithms and the
exchange of either public or secret keys to ensure only authorized parties can decrypt information. There are
two main categories of cryptographic algorithms: secret-key algorithms – where both the sender and receiver
use the same key – and public-key algorithms. With public-key algorithms, a pair of related keys are used, one
by the sender and the other by the receiver. One of these keys is published publicly and the other is kept
private.
The information is authenticated using either private-key (secret-key) or public-key encryption. There are two
categories of private-key encryption, one utilizes a type of cryptographic algorithm called a message digest (a
fixed-length piece of data computed from a large piece of data), whereas the other category uses the same
algorithms used to execute private-key encryption.
There are also two categories of public-key authentication – one method uses a similar method to secret-key
authentication, except it uses public-key encryption. The other type of public-key authentication uses digital
signatures. A public-key conversion is performed on a plain-text message, using the private key, and the
resulting ciphertext is called a digital signature. Only the sender has the key, which means the sender cannot
later deny having sent this information (non-repudiation). If necessary, the message, the time stamp, and a
message digest confirming that the message has not been altered in transit (integrity checking) can be re-
sent.
Problems with ARP
In Mobile IP registration, a mobility binding is created at the home agent where a mobile node's home
address is associated with its care-of address for a specified lifetime. If registration was not authenticated
properly, this tunneling feature could prove to be a significant security vulnerability. It also means Address
Resolution Protocol (ARP) was not authenticated, and could potentially be used to steal another host's traffic.
If Gratuitous ARP is used, where an ARP packet sent by a node in order to spontaneously cause other nodes
to update an entry in their ARP cache, then all the risks associated with ARP will also need to be factored in.
For these reasons, it is imperative that home agents and mobile nodes perform authentication.
Authentication
Mobile nodes and home agents must be able to perform authentication. There are several factors that
determine the strength of an authentication mechanism. These include the strength and secrecy of the key
used, the strength of the authentication algorithm, and the quality of the implementation. The default
algorithm used by home agents and mobile nodes for message authentication is HMAC-MD5 with a key size
of 128 bits. The foreign agent must support authentication using HMAC-MD5 with manual key distribution of
key sizes of 128 bits or greater. It must also support keys with arbitrary binary values.
When producing and verifying the authentication data supplied with Mobile IP registration messages, new
implementations of Mobile IP should use MD5 as one of the additional authentication algorithms. This is
because the "prefix + suffix" use of MD5 to protect data is considered vulnerable to attack. However, the use
of keyed MD-5 does not mean other authentication algorithms and modes cannot be used. Keyed MD-5
authentication should use a 128-bit key that is both secret and pseudo-random.

Key distribution in a Mobile IP network can often be a difficult task due to the absence of a network key
management protocol. Because of this, some messages sent to the foreign agent do not require
authentication.
Firewalls
A Firewall is a device that protects the resources of a private network from an untrusted public network such
as the Internet. There are several different types of firewall. Firewalls use secure logon procedures and
authentication certificates to allow mobile users remote access to the private network.
Common security policies such as ingress filtering – where routers do not forward packets that appear to
have a topologically incorrect source address – can prove to be problematic in Mobile IP networks. For
example, a router running firewall software could block incoming packets from a mobile node trying to
contact a node on its home network. The firewall blocks this node as it is trying to enter the intranet using
the address of a machine inside the intranet. However this mobile node is trying to access the home network
using its own home address. To counteract this problem, a mobile node can use the foreign agent supplied
care-of address as the source address – this is called reverse tunneling. Reverse tunneled packets can pass
normally through routers that use ingress filtering, and the ingress filtering rules can still locate the true
source of the packet in the same way as packets from non-mobile nodes.
Replay protection
To prevent a replay attack, a mobile node produces a unique value for the Identification field for each
successive message. There are two methods used to interpret Identification fields – time stamps and nonces.
All mobile nodes and home agents must implement replay protection based on time stamps. Nonce-based
replay protection is optional.
With time stamp replay protection, the node generating a message inserts the current time of day. The node
receiving the message checks that this time stamp is sufficiently close to its own time of day. The value used
to limit the time difference should be greater than three seconds – the default value is seven seconds. These
nodes must have adequately synchronized time-of-day clocks.
With nonce replay protection, a node – node A – includes a new random number in every message it sends to
another node – node B. Node A then checks that node B returns that same number in its reply. Both
messages use an authentication code to protect against alteration by an attacker.
As part of the mobile security association, a mobile node and its home agent have to agree on the method of
replay protection that will be used. The low-order 32 bits of the identification has to be copied unchanged
from the registration request to the registration reply regardless of which method is used. The foreign agent
uses the mobile node's home address and the low-order 32 bits to match registration requests with
corresponding replies. The mobile node has to verify that the low-order 32 bits of any registration reply are
identical to the bits it sent in the registration request. The identification used in a new registration request
cannot be the same as the preceding request. Re-transmission is allowed, but a request shouldn't be
repeated while the same security context is being used between the mobile node and the home agent.

Summary
Security in Mobile IP networks needs to address a number of different issues to fixed networks. Specific
threats to Mobile IP include denial-of-service attacks, passive eavesdropping, replay attacks, and session-
stealing attacks. Confidentiality can be maintained by using cryptographic algorithms and the exchange of
either public or secret keys to ensure only authorized parties can decrypt information. There are two main
categories of cryptographic algorithms: secret-key algorithms and public-key algorithms.
Security methods such as end-to-end and link-layer encryption, enabling ingress filtering in routers, and the
use of time stamp-based replay protection and nonce-based replay protection are common protective
measures used in Mobile IP.

G. Conclusion
IP Mobility Requirements
The requirements for an IP mobility solution can be generalized to a few key aspects. To make a fair comparison of
existing solutions and clearly understand the added benefit of the LISP Host Mobility solution, we will quickly touch on
the different functional aspects that must be addressed in an IP mobility solution.
• Redirection The ultimate goal of IP mobility is to steer traffic to the valid location of the end-point. This aspect is
generally addressed by providing some sort of re-direction mechanism to enhance the traffic steering already provided
by basic routing. Redirection can be achieved by replacing the destination address with a surrogate address that is
representative of the new location of the end-point. Different techniques will allow the redirection of traffic either by
replacing the destination's address altogether or by leveraging a level of indirection in the addressing such as that
achieved with tunnels and encapsulations. The different approaches impact applications to different degrees. The
ultimate goal of IP mobility is to provide a solution that is totally transparent to the applications and allows for the
preservation of established sessions, as end-points move around the IP infrastructure.
• Scalability Most techniques create a significant amount of granular state to re-direct traffic effectively. The state is
necessary to correlate destination IP addresses to specific locations, either by means of mapping or translation. This
additional state must be handled in a very efficient manner to attain a solution that can support a deployable scale at a
reasonable cost in terms of memory and processing.
• Optimized Routing As end-points move around, it is key that traffic is routed to these end-points following the
best possible path. Since mobility is based largely on re-direction of traffic, the ability to provide an optimal path is
largely a function of the location of the re-directing element. Depending on the architecture, the solution may generate
sub-optimal traffic patterns often referred to as traffic triangulation or hair-pinning in an attempt to describe the
unnecessary detour traffic needs to take when the destination is mobile. A good mobility solution is one that can
provide optimized paths regardless of the location of the end-point.
• Client Independent Solution It is important that the mobility solution does not depend on agents installed on the
mobile end-points or on the clients communicating with these end-points. A network based solution is highly desirable
and is key to the effective deployment of a mobility solution given the precedent of the large installed base of end-
points that cannot be changed or managed at will to install client software.
• Address Family Agnostic Solution The solution provided must work independently of IPv4 or IPv6 end-points and
networks. Since mobility relies on the manipulation of the mapping of identity to location, address families with
lengthier addresses tend to provide alternatives not available with smaller address spaces. These address dependent
solutions have limited application as they usually call for an end to end deployment of IPv6. To cover the broad installed
base of IPv4 networking and end-points, the ideal solution should work for IPv4 or IPv6 independently.
Mobile IPv4
Mobile IP is defined for IPv4 in IETF RFC 3344. Basically mobile IPv4 provides a mechanism to redirect traffic to a mobile
node whenever this node moves from its "Home Network" to a "Foreign Network." Every host will have a "Home
Address" within a "Home Network" which is front-ended by a router that acts as a "Home Agent" and that advertises
the "Home Network" into the routing protocol. Traffic destined to the "Home Address" will always be routed to the
"Home Agent." If the mobile node is in its "Home Network" traffic will be forwarded directly in the data plane to the
host as per regular routing. If the host has moved to a "Foreign Network", traffic will be IP tunnelled by the "Home
Agent" to a "Care-of- Address" which is the address of the gateway router for the "Foreign Network."

IP Mobility Concepts - Study Notes

IP Mobility Concepts - Study Notes

Recommended

Recommended

More Related Content

Similar to IP Mobility Concepts - Study Notes

Similar to IP Mobility Concepts - Study Notes (20)

More from Marius FAILLOT DEVARRE

More from Marius FAILLOT DEVARRE (20)

Recently uploaded

Recently uploaded (20)

IP Mobility Concepts - Study Notes