ip mobility concepts - study notes

IP Mobility Concepts

Study Notes

+W - Technology Skills For Women Series1

http://SlideShare.net/OxfordCambridge

1 Men are allowed to read too, if they wish, as the language style and the document format are universal.

http://slideshare.net/OxfordCambridge

Study Notes http://SlideShare.net/OxfordCambridge

2 | P a g e I P M o b i l i t y C o n c e p t s

Table of Contents

About “+W - Technology Skills For Women” series ................................................................................ 5

Sources: ................................................................................................................................................... 6

Protocol operation and agent discovery ............................................................................................................. 7

Learning objectives: ................................................................................................................................. 7

A. Making the case for Mobile IP ................................................................................................................. 7

1. Development of Mobile IP ................................................................................................................... 7

Quiz .......................................................................................................................................................... 9

2. Mobile IP specifications ....................................................................................................................... 9

Quiz ........................................................................................................................................................ 10

3. The Mobile IP network ...................................................................................................................... 10

Quiz ........................................................................................................................................................ 11

Summary ................................................................................................................................................ 12

B. Mobile IP operation ............................................................................................................................... 13

1. The Mobile IP process ....................................................................................................................... 13

Quiz ........................................................................................................................................................ 15

2. Acquiring a care-of address ............................................................................................................... 15

Quiz ........................................................................................................................................................ 16

Quiz ........................................................................................................................................................ 16

Quiz ........................................................................................................................................................ 17

Summary ................................................................................................................................................ 17

C. Agent discovery ..................................................................................................................................... 18

1. The functions of agent discovery....................................................................................................... 18

Quiz ........................................................................................................................................................ 18

Note ....................................................................................................................................................... 20

Quiz ........................................................................................................................................................ 21

2. Agent advertisements ....................................................................................................................... 22

Note ....................................................................................................................................................... 22

Quiz ........................................................................................................................................................ 23

3. Move detection ................................................................................................................................. 24

Quiz ........................................................................................................................................................ 25

Summary ................................................................................................................................................ 25

Registration, routing, and security .................................................................................................................... 26



Learning objectives: ............................................................................................................................... 26

D. Registration ........................................................................................................................................... 26

1. Registration purpose and procedures ............................................................................................... 26

Quiz ........................................................................................................................................................ 27

Note ....................................................................................................................................................... 28

Quiz ........................................................................................................................................................ 29

Quiz ........................................................................................................................................................ 29

2. Mobile IP registration considerations ............................................................................................... 29

Quiz ........................................................................................................................................................ 31

Quiz ........................................................................................................................................................ 32

Quiz ........................................................................................................................................................ 32

Summary ................................................................................................................................................ 32

E. Routing considerations .......................................................................................................................... 34

1. Mobile Node, Foreign Agent, and Home Agent considerations ........................................................ 34

Quiz ........................................................................................................................................................ 37

Quiz ........................................................................................................................................................ 37

Quiz ........................................................................................................................................................ 37

Quiz ........................................................................................................................................................ 38

2. Mobile routers ................................................................................................................................... 38

Quiz ........................................................................................................................................................ 39

Quiz ........................................................................................................................................................ 40

Summary ................................................................................................................................................ 40

F. Security considerations ......................................................................................................................... 42

Introduction ........................................................................................................................................... 42

Threats to Mobile IP .............................................................................................................................. 42

Denial-of-service attack ......................................................................................................................... 42

Passive eavesdropping .......................................................................................................................... 43

Session-stealing attack .......................................................................................................................... 43

Replay attack ......................................................................................................................................... 43

Mitigating the threats to Mobile IP ....................................................................................................... 43

Cryptography ......................................................................................................................................... 44

Problems with ARP ................................................................................................................................ 44

Authentication ....................................................................................................................................... 44

Firewalls ................................................................................................................................................. 45

Replay protection .................................................................................................................................. 45

Summary ................................................................................................................................................ 46



G. Conclusion ............................................................................................................................................. 47

IP Mobility Requirements ...................................................................................................................... 47

Mobile IPv4 ............................................................................................................................................ 47

Mobile IPv6 ............................................................................................................................................ 48

H. Glossary ................................................................................................................................................. 49

I. Quizzes’ Answers ................................................................................................................................... 57



About “+W - Technology Skills For Women” series

Study Notes in the field of technology will be put together under this category for the following reasons:

to encourage ladies, who wish to do so, to stand up and look over the fence into technology related

topics;

with apprehension or fear;

and perhaps consider embracing a career move into this technological path;

or simply as to broaden their general knowledge; after all ICT is in most aspects of everyday life;

no matter the decision, their skills, professional strengths, and contribution can only be something

positive for technical and technological fields.



Sources:

http://www.cisco.com/ (IP Mobility Overview)

http://en.wikipedia.org/wiki/Mobile_IP (Mobile IP)

Ad Hoc Mobile Wireless Networks: Protocols and Systems, C.-K. Toh, Prentice Hall PTR

Mobile IP Design Principles and Practices, Charles E. Perkins, Prentice Hall PTR

Mobile IP the Internet Unplugged, James Solomon, Prentice Hall PTR

The Wireless Mobile Internet: Architectures, Protocols and Services, Abbas Jamalipour, John Wiley & Sons

A Survey on Network Architectures for Mobility, XiuJia Jin, (http://www.cs.wustl.edu/~jain/cse574-06/ftp/mobility_arch/index.html)

http://www.cisco.com/

http://en.wikipedia.org/wiki/Mobile_IP

http://www.cs.wustl.edu/~jain/cse574-06/ftp/mobility_arch/index.html

http://www.cs.wustl.edu/~jain/cse574-06/ftp/mobility_arch/index.html



Protocol operation and agent discovery Learning objectives:

identify the components and operational requirements of Mobile IP.

identify the steps and processes involved in Mobile IP operation.

identify how a mobile node determines its location relative to its home address.

A. Making the case for Mobile IP B. Mobile IP operation C. Agent discovery

A. Making the case for Mobile IP

1. Development of Mobile IP 2. Mobile IP specifications 3. The Mobile IP network

1. Development of Mobile IP

The rise in use of the Internet and advances in mobile communication have led to mobile computing

technology redefining the way we access information.

Most mobile devices now need to support voice and video transfer technology. Although mobility is

supported by link-layer technology, data transfer across networks or different layers is not.

Internet Protocol version 4 (IPv4) takes a node's IP address literally; it assumes that the address is a unique

location within a network. When data is sent to this IP address, the node will not receive it unless the node is

located at this physical IP address.

IPv4 presents mobile users with the problem of how to avoid losing their ability to communicate when they

move between networks.

A limited way of addressing the problem of connectivity is for the mobile user to

change their IP address

create host specific routes



change their IP address

If a mobile user changes their IP address, they cannot maintain transport, session, presentation, and

application layer connections. Changing IP addresses can also compromise network services.

create host specific routes

Creating host specific routes throughout much of the Internet routing fabric has obvious and severe scaling

problems. First each host in a network would require its own entry in every router's routing table, worldwide.

The memory for a router to do this would exceed that of all the computers in your office.

Also, each time you move your computer from one router to another, the routing table in every router has to

change. This change requires a routing update from your new router to all other routers, which creates a lot of

network traffic.

The development of mobile devices that can be used for data transfer has driven the demand for a

technology that allows mobile users to roam from one network to another while maintaining network

connections.

Cellular phones

Laptops

Cellular phones

Cellular phones can use Bluetooth technology to power connections to networks. Bluetooth technology

enables your cellular phone to connect to a network without wires, by using short-range radio wave

transmissions.

Laptops

Wireless laptop connections to data networks are often powered by WiFi technology. Among the different

technologies available for wireless local networks, the most widely used is IEEE 802.11.

Wireless Fidelity (WiFi) technology is based on IEEE 802.11b, a descendant of IEEE 802.11. WIFI meets the

demand for higher data transmission rates, allowing for transmissions of up to 11 Mbps.

The limitations of IPv4 and the proliferation of mobile devices required a new scalable mechanism – Mobile

IP.

Mobile IP is a standard for allowing mobile computers to roam from one network to another while

maintaining network connections and counteracting data transfer problems.

Mobile IP

allows you to retain your IP address

is scalable for the Internet

allows you to retain your IP address

Mobile IP allows you to stay connected and maintain ongoing applications when roaming between IP

networks, and there is no need to change your IP address.



is scalable for the Internet

Mobile IP is scalable for the Internet, and because it is based on IP, any media that can support IP can support

Mobile IP.

Quizi

Identify the advantages of Mobile IP technology.

Options:

1. Any IP compliant media can support Mobile IP

2. It alters the way in which IPv4 operates

3. Mobile IP allows the mobile node to maintain connectivity when switching networks without changing its IP

address

2. Mobile IP specifications

A mobile node should be able to

communicate with other nodes after changing its link layer point of attachment to the Internet while

maintaining its IP address

communicate with other nodes that do not implement these mobility functions

It is important that some devices are not interrupted when a mobile node roams across network boundaries.

Remote login

Remote printing

File transfer

Remote login

Remote login is one of the most popular Internet applications. Instead of having a hardwired terminal on each

host, you can log in to one host and then log in remotely across the network to any other network device on

which access is permitted. In this way, it is possible to manage network devices such as routers or switches.

Telnet is a remote login application.

If a mobile user was using remote login to manage their network, loss of connectivity could affect the integrity

of the network and leave it vulnerable to a session-stealing attack.

Remote printing



Although electronic mail is preferable as a means of third-party communication, in some cases it may be

necessary to print information in hard-copy form at a remote location. The remote output device may consist

of a standard line printer, a printer with multiple fonts and faces, a printer that can reproduce graphics, or a

facsimile device. Remote output may be accompanied by information that identifies the intended recipient.

If a mobile user loses their connection while printing to a remote location, the full document will not be

delivered. This leads to increased overheads, as the action will have to be repeated, and reduces productivity.

File transfer

File transfer is usually achieved using File Transfer Protocol (FTP). FTP is used to share files (computer

programs and/or data) and to shield a user from variations in file storage systems among hosts. It is also used

to transfer data reliably and efficiently. FTP, though usable directly by a user at a terminal, is designed mainly

for use by programs. This means that most of the time the user is unaware that the protocol is being used.

A drop in connectivity during file upload will lead to users not viewing the latest version of files and will cause

delays in transactions.

Other applications that require constant connectivity are multimedia applications using multicast addresses,

online collaboration, and file sharing.

When a mobile node moves to another network, it sends updates to other nodes - which must be

authenticated - declaring it's new location.

A Mobile IP solution works when you remain within the same network topology. For instance, if you begin

communicating from within a network and then move to another network, Mobile IP ensures that your data

connection is maintained.

Mobile IP also allows you to roam between different network types, such as moving from a wired Ethernet

network to a wireless WAN.

The Mobile IP solution is possible because the mobility functions are performed at the network layer rather

than at the physical layer.

Quizii

Identify the true statement in relation to Mobile IP specifications.

Options:

1. For Mobile IP to operate successfully, the mobile node must remain within a single network type

2. Mobile IP compliant software must be installed on all participating nodes to facilitate roaming

3. Mobile IP's mobility functions are performed at the physical layer

4. With Mobile IP, it is safe to roam between different networks when using remote login

3. The Mobile IP network

The Mobile IP infrastructure allows mobile nodes to roam from network to network.



The Mobile IP network has four main entities.

Mobile node

Correspondent node

Foreign agent

Home agent

Mobile node

The mobile node can be a cell phone, PDA, laptop, or router. A mobile node is administered a long-term IP

address in the same way that a stationary host is given a permanent IP address. This IP address, known as a

care-of address, allows the mobile node to continue to communicate with other Internet nodes at any

location.

Correspondent node

A correspondent node is a device on the Internet. It can be a workstation, server, router, or other network

device with which the mobile node is communicating. A correspondent node need only know the home

address of the mobile node and may be either mobile or stationary.

Foreign agent

The foreign agent is a router that acts as a conduit, delivering data between the mobile node and the home

agent, when the mobile node roams to a foreign network.

Home agent

The home agent is a router on the home network that acts as an anchor for communication with the mobile

node. It maintains the current location of the mobile node and tunnels information from the correspondent

node to the mobile node.

Quiziii

Match the network entities to their functions.

Options:

1. Correspondent node

2. Foreign agent

3. Home agent



4. Mobile node

Targets:

A. This device need not know the mobile nodes location

B. This device can communicate with other Internet nodes regardless of location

C. This device maintains the current location information of the mobile node

D. This device tunnels data to the mobile node when it is away from home

Summary

The increase in use of mobile devices has driven the demand for a technology that facilitates roaming and

supports data transfer between networks. Mobile computing technology aims to marry the reliability of

desktop connectivity with the rootless adaptability of the cell phone. IPv4 provided a limited solution to this

problem, but it was the development of mobile IP that finally enabled users to roam between networks and

continue to deliver and receive data.

Mobile IP meets the dual criteria for roaming – it allows a mobile node to change its link-layer point of

attachment to the Internet without changing its IP address and is backward compatible. Mobile IP allows the

mobile node to roam within homogeneous and heterogeneous networks, and it performs all its mobility

functions at the network layer.

The mobile IP infrastructure is based on four main entities – the mobile node, the correspondent node, and

the home and foreign agents. Each entity plays a role in ensuring that the mobile node can continue to send

and receive data while roaming between networks.



B. Mobile IP operation

1. The Mobile IP process 2. Acquiring a care-of address

1. The Mobile IP process

There are three phases in the Mobile IP process.

Agent discovery

Registration

Tunneling

Agent discovery

In the agent discovery stage, the mobile node establishes whether it is in a home or foreign network. The

mobile node establishes its location by listening to advertisements from home agents (HA) and foreign agents

(FA). Agent advertisements carry information such as the agent care-of address and services like reverse

tunneling or generic routing encapsulation (GRE) that are available on the network.

Description of network using Mobile IP follows.

There is a laptop in a foreign network receiving an agent advertisement from a foreign agent. The foreign

network is linked to the Internet, which is linked to the home network of the laptop which has an HA.

Description ends.

There are two modes of agent discovery:

Mobile nodes can listen to the advertisements sent by the mobility agents and discover their location in this

way.

Mobile nodes can send out agent solicitation messages. These messages force agents on the network to send

out agent advertisements and indicate the location of the mobile node.

A mobile node can determine whether it is located in its home network or a foreign network.

A mobile node can discover when it has returned to a home network. When this happens, the mobile node



sends a registration request message to an HA in order to deregister because it no longer requires an HA.

A mobile node can also discover that it has remained in a home network. In this case, it does not operate using

mobility services therefore does not initiate communication with either an HA or FA.

When a mobile node discovers it is in a foreign network, it acquires a care-of address (COA). It can acquire a

COA from the FA agent advertisement message.

Alternatively, the mobile node can acquire a co-located care-of address (CCOA) through external means.

Registration

The second phase of Mobile IP is registration. The mobile node uses the IP address and mobility security

association of its HA, its home IP address or another user identifier, and information gained from the agent

advertisement to form a Mobile IP registration request.

In the registration phase, mobile nodes notify the HA of their position. They do this by registering their COA or

CCOA through registration request and reply messages.

The mobile security association is a collection of security contexts between a pair of nodes that may be applied

to Mobile IP protocol exchanges and is used in home agent/mobile node authentication. The contexts define

the authentication algorithm to be used, the type of replay protection to be used and the secret key, either

shared or public/private.

Registration is completed directly or indirectly. If the mobile node has a COA, it must send its registration

request through the FA. The FA then forwards it to the HA. The HA then sends a registration reply to the FA,

which forwards this on to the mobile node.

Description of registration process using Mobile IP follows.

The graphic shows a person with a laptop moving between foreign networks. As the person moves to a new

network he is allocated a new COA and registers this with his home agent.

Description ends.

If the mobile node has a CCOA, it sends the registration request directly to the HA. The HA then sends the reply

to the registration request directly back to the mobile node.

Tunnelling

Once registration has taken place, packets addressed to the mobile node's home address are forwarded to the

mobile node in its new location.

Datagrams intended for the mobile node are intercepted by the HA and tunneled to the FA or sent directly to

the mobile nodes using its CCOA.

If data is traveling from the mobile node to corresponding nodes, standard IP routing mechanisms are used. In

this case, the datagrams do not always have to pass through the HA. Because this process is transparent to

corresponding nodes, the mobile node will always appear to be on its home network.



Quiziv

Suppose a mobile node has established that it is operating away from home, and it has already acquired a co-

located care-of address (CCOA).

What does the mobile node do next?

Options:

1. Continues to operate without mobility services

2. Registers its CCOA with the HA

3. Register its new care-of-address with the HA via the FA

2. Acquiring a care-of address

The following two modes are available to mobile nodes for acquiring care-of addresses:

foreign agent care-of address (COA)

co-located care-of address (CCOA)

The network administrator decides which address acquisition mode to use.

In the foreign agent care-of address mode, the mobile node acquires the COA through the agent

advertisement messages sent by the FA. The COA is an IP address of the FA on the foreign network.

Packets intended for the mobile node are intercepted by the HA and forwarded to the FA. The FA acts as the

endpoint for tunneled datagrams intended for the mobile host. The FA decapsulates the datagrams and

delivers the relevant data to the mobile node.

In CCOA mode, the mobile node acquires a CCOA externally. It is assigned to one of the mobile node's

interfaces, it represents the mobile node's current location, and it can only be used by one mobile node at a

time.

The CCOA may be temporarily acquired dynamically through the dynamic host configuration protocol (DHCP).

Alternatively, the mobile node may own a long-term address for its exclusive use when visiting particular

foreign networks.

When CCOA mode is used, datagrams intended for the mobile node are sent directly to the CCOA. The mobile

node acts as the endpoint of the tunnel and decapsulates the datagrams tunneled to it.



There is an advantage to each address acquisition mode. In COA mode, there is less pressure for IPv4

addresses than in CCOA mode. This is because FA interface IP addresses can be assigned to multiple mobile

nodes, rather than being assigned to single mobile nodes at any one time.

An FA is not essential to mobility in the CCOA method. This is because the mobile node does not use the FA's

interface as its care-of address. Instead it acquires an address from an external source, such as a DHCP server.

Quizv

A mobile node moves into a foreign network and registers its new address indirectly with its HA.

Where has it acquired its temporary address?

Options:

1. From the HA

2. From the FA

3. Through dynamic host configuration

4. It uses its own special IP address for operation in foreign networks

It is essential to note the difference between a care-of address (either COA or CCOA) and an FA. A care-of address is an endpoint for tunnelled datagrams to a mobile host. An FA is a mobility agent. The FA provides network services to mobile nodes on its network. It is possible to have more than one FA on a network. An FA is likely to be a router, but could be any network device capable of acting as a tunnel endpoint and sending agent advertisements.

Quizvi

What is the main advantage of using CCOA mode?

Options:

1. Low demand for IPv4 addresses

2. Mobile node can function without an FA

3. Registration with the HA is optional

There are different routing processes in

COA

CCOA

COA

In COA mode, the FA and mobile node must be on the same network link. The mobile node and FA route

packets to each other to their respective data-link layer addresses (usually their MAC addresses). Both nodes

bypass standard IP routing protocols.



CCOA

In CCOA mode. the mobile node must be on the same network link as that indicated in the network prefix of

the CCOA. If they are on different networks, packets will not be deliverable.

Suppose a commuter is using a laptop while traveling through a foreign network. First the laptop registers the

COA, acquired from the agent advertisement of the FA, with its own HA.

Once the laptop has registered its new address with the HA, datagrams intended for the laptop are

intercepted by the HA, and tunneled toward the FA. The FA decapsulates the data and forwards it to the

laptop in its new location.

Quizvii

Suppose you are using your laptop while traveling on a train. When you power on your laptop, it discovers that it

is in a foreign network through agent advertisement messages.

What happens next?

Options:

1. Data intended for the laptop is tunneled from the HA to the FA

2. The laptop acquires a COA

3. The laptop registers its new address with the HA

4. The laptop sends a registration request to the HA

Summary

There are three processes in Mobile IP. These are agent discovery, where a mobile node establishes its

location and acquires a care-of address if in a foreign network, registration, where the mobile node registers

its new location with the HA and tunneling, where data intended for the mobile node is tunneled from the HA

to the FA. At the FA, data is decapsulated and sent on to the mobile node.

There are two modes of acquiring a care-of address. First a foreign agent care-of address (COA) can be

acquired. In this case, the address is an interface address of the FA. Second, mobile nodes can acquire a co-

located care-of address (CCOA). In this mode, the mobile node acquires the address from an external

network source. There are different advantages associated with each mode



C. Agent discovery

1. The functions of agent discovery 2. Agent advertisements 3. Move detection

1. The functions of agent discovery

Agent discovery is the first phase of the Mobile IP process. In this phase, mobile nodes determine their

location. Mobile nodes use agent discovery to establish whether they are on a home or foreign network and

to identify that they have moved from one network to another.

In agent discovery, mobile nodes rely on agent advertisements from mobility agents (foreign or home agents)

to determine their location. They can also send agent solicitations, which force mobility agents to respond

with agent advertisements. Mobile nodes acquire a care-of address from the agent advertisement when

visiting a foreign network.

An agent advertisement is a message constructed by attaching a special extension to a Router Advertisement.

Mobility agents broadcast these messages.

Quizviii

Which of the following are functions of agent discovery?

Options:

1. Used by the mobile node to determine whether the node is in a home or foreign network

2. Used to determine whether a mobile node has moved from one network to another

3. Used to register location of mobile nodes

Mobile IP uses existing ICMP mechanisms by adapting ICMP router discovery for the operation of agent

discovery.

Router discovery was traditionally achieved by the host reading a list of one or more router addresses

contained in its configuration files when it was powered on.



Another traditional method for router discovery on multicast links is for the host to listen to routing protocol

traffic.

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

10.5.161.60 server1 #data repository 1


10.5.164.200 server3 #software depository

10.5.161.58 server4

10.5.161.56 server5

The two disadvantages of reading configuration files are the considerable resource time needed to keep the

configuration files updated and the inability of these files to dynamically track changes in router availability.

The disadvantage of listening in on router traffic is that hosts are required to recognize the various routing

protocols used from network to network.

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:



#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



10.5.164.200 server3 #software depository

10.5.161.58 server4

10.5.161.56 server5

Because of the disadvantages of traditional router discovery methods, Mobile IP has adapted ICMP router

discovery. In ICMP, there is no need to manually configure router address lists and ICMP is independent of

any routing protocol.

Mobile IP combines its agent advertisements with ICMP router discovery messages.

Note

Router discovery messages are not a protocol in themselves. They allow hosts to discover the existence of

neighbouring routers, but not which routers are best for reaching a particular destination.

The following ICMP router discovery messages are used by Mobile IP agent advertisement and solicitation

messages.

Router advertisements

Router solicitations

ICMP (Internet Control Message Protocol) is one of the main protocols of the Internet Protocol Suite. It is

used by network devices, like routers, to send error messages indicating, for example, that a requested

service is not available or that a host or router could not be reached. ICMP can also be used to relay query

messages. It is assigned protocol number 1. ICMP[3] differs from transport protocols such as TCP and UDP in

that it is not typically used to exchange data between systems, nor is it regularly employed by end-user

network applications (with the exception of some diagnostic tools like Ping and Traceroute).

Router advertisements

In Mobile IP, the agent advertisements are part of these ICMP router advertisements. The agent

advertisement is formed by adding a mobility agent advertisement extension into the ICMP router

advertisement message.

In ICMP, each router on a network broadcasts or multicasts router advertisements from each of its interfaces

at defined intervals to set all nodes on the same network link.

Router solicitations

In Mobile IP, agent solicitations are the same as ICMP router solicitations, except that IP TTL (time to live for

packets) must be set to 1. A router solicitation is where a mobile node multicasts a message to ask for

advertisements from neighboring routers on the same network link instead of waiting for periodic

advertisements to arrive.



If the mobile node does not receive any response, it can retransmit the router solicitation messages, but after

a set interval must stop. Once this happens, the mobile node will have to wait and discover the routers

through the periodic agent advertisements.

Each router advertisement contains a

preference level

lifetime field

preference level

Each router advertisement contains a preference level for all of its advertised addresses. When acquiring a

care-of address from an agent advertisement, the mobile node should choose an address of the highest

preference.

The network administrator configures the preference levels and can use this to discourage the use of certain

addresses.

lifetime field

Each router advertisement includes a lifetime field. The lifetime field specifies the amount of time a router is

considered valid by the mobile agent, assuming no further advertisements are received.

The lifetime field ensures that a mobile node will drop failed routers, uncontactable routers, or routers that

are no longer functioning as routers.

In the agent discovery phase, the default rate at which agent advertisements are issued is once every 7 to 10

minutes. The default lifetime of an advertisement is 30 minutes.

Because router advertisements may be unavailable, or disabled by an administrator, on any link or from any

router, they are not appropriate for black hole detection (that is, detecting when the first hop of a path fails).

Hosts should already have a system in place for detecting black holes. However, network administrators can

configure the default advertising rate to be suitable as an additional element of black hole detection.

Suppose a commuter is using her laptop while traveling to a client. When the commuter moves into a foreign

network, her laptop picks up one of the ICMP router advertisements from a local router. The agent

advertisement extension is contained in this message.

The commuter's laptop will then choose the highest preference-level interface address contained in the

agent advertisement extension and use this as its care-of address. The laptop is then ready to register and

use this temporary address.

Quizix

Which of the following are characteristics of agent discovery in Mobile IP?

Options:



1. An agent advertisement is part of an ICMP router advertisement

2. An agent solicitation message is identical to an ICMP router solicitation

3. Mobile IP extends ICMP router discovery

4. Mobile nodes discover neighboring router addresses by listening for advertisements

2. Agent advertisements

Agent advertisements are messages transmitted by mobility agents (foreign and home agents) to advertise

their services on a certain network link. Mobile nodes use these to determine where they are connected to

the Internet.

A mobile node also selects a router interface address from agent advertisements. The node then uses this

address as a care-of address. Information directed to the mobile node home address is redirected to the

care-of address for as long as the node is registered at this address.

Agent advertisements are sent at set intervals. The interval should normally be one-third of the router's

lifetime, which is specified in the ICMP header.

Note

A lifetime is the length of time a router should be considered valid by mobile nodes in the absence of further

agent advertisements.

By setting the lifetime to one-third of the router's lifetime, a mobile node can miss three successive

advertisements before removing the router from its list of available agents.

Home agents must always be prepared to provide services to mobile nodes for which they are the home agent.

This ensures mobility for all mobile nodes roaming between home and foreign networks.

Foreign agents (FAs) may have periods when they are too busy to serve any more mobile nodes. During this

time, they must continue to send agent advertisements. This keeps nodes that the FA is servicing up to date on

the FA's availability. Even though the FA cannot service any additional mobile nodes, it can continue to support

the mobile nodes on its current list.

An FA can indicate to nodes that it is too busy to service new ones. It does this by setting the busy bit in its

agent advertisement.

All mobility agents should adhere to the following rules:



if an agent is not detectable using a data-link layer protocol, it must send an agent advertisement

agents should send an agent advertisement even if they can be discovered by a data-link layer

protocol

agents should respond to agent advertisements

Quizx

Identify the characteristics of how home agents (HAs) and foreign agents (FAs) operate in relation to agent

advertisements?

Options:

1. FAs and HAs must always be prepared to serve mobile nodes

2. FAs can indicate that they are too busy to service additional mobile nodes

3. HAs are sometimes too busy to serve additional nodes

4. HAs must always be prepared to serve the mobile nodes for which they are Has

Mobile IP agent discovery operates in the same way as ICMP router discovery, except for the following areas:

broadcast rate

IP source address requirements

when to broadcast

broadcast rate

Mobility agents are required to set limits on their broadcast rate. This means they must cap the rate at which

they multicast agent advertisements. A recommended maximum broadcast rate is one agent advertisement

per second.

IP source address requirements

Mobility agents must not require that the IP source address in agent advertisements are from neighboring

nodes. This means the router can accept solicitations from nodes that are foreign to their network.

when to broadcast

Mobility agents have some choice in when to broadcast. They may be configured to send agent

advertisements only in response to agent solicitation messages.

Suppose a commuter is traveling by train to a meeting. He is using a laptop to access files on the company

home network. As the train crosses into a new network, the laptop continues to listen for agent

advertisements. These are sent by two routers, Router A and Router B, in the new network every 10 minutes.

The commuter's laptop registers with Router A as its foreign agent because its available interface addresses

are of the highest preference level. Router A then fails to send any further agent advertisements.

After 10 minutes (one-third of Router A's lifetime), the laptop deletes Router A as its foreign agent and

registers with Router B. The lifetime of Router B has not expired and it continues to broadcast agent

advertisements. The laptop keeps Router B as its foreign agent until moving into a different network.



3. Move detection

In move detection, it is recommended that a mobile node registers its new care-of address when it has

moved to a different network. It is essential that it does not register more than once per second on average.

A mobile node detects that it has moved to its home network when it receives an agent advertisement from

its home agent (HA). At this point, it should deregister with its HA and configure its routing table to home

network specifications.

Mobile nodes employ two methods to detect movement between networks.

Method 1

Method 2

Method 1

Method 1 is based on the lifetime field in the ICMP router advertisement part of the agent advertisement.

Mobile nodes should

record the lifetime of that addresses in the lifetime field of the agent advertisement

assume that the router has failed is they do not receive any subsequent agent advertisements from that router

after the lifetime has expired

attempt to discover a new mobility agent to register with is the lifetime of the current agent has expired and

they have received no further advertisements

If the lifetime of the current mobile agent has expired and the mobile node has previously received an

advertisement from an agent whose lifetime fields have not expired, they may immediately attempt to register

with that agent.

Method 2

In Method 2 the mobile node compares network prefixes contained in agent advertisements to establish

whether or not it has moved. The mobile node may compares prefix-lenghts in the new agent advertisement

with that in the agent advertisement of its current mobility agent. If the prefix-lenghts are different, the

mobile node may assume that it has moved.

When the lifetime of the current agent advertisement expires, the mobile node may choose to register with



the foreign agent who sent the new agent advertisement with the different prefix length.

This is on the condition that the lifetime of the new agent advertisement has not expired.

Quizxi

What are the characteristics of the move detection method that is based on the lifetime field?

Options:

1. Mobile nodes record the lifetime of all foreign agents

2. Uses comparisons in prefix-lengths extensions

3. Uses information in the lifetime field of the ICMP router advertisement section of the agent advertisement

4. When the lifetime of the foreign agent expires, mobile nodes must wait for a new agent advertisement

Summary

Agent discovery is where mobile nodes detect their current location through agent advertisements from

mobility agents. Mobile IP has adapted the ICMP router discovery mechanism for its agent discovery

processes. It utilizes ICMP router advertisements and ICMP router solicitations to send agent advertisements

and agent solicitations.

Agent advertisements are messages broadcast by mobility agents to advertise services. They are used by

mobile nodes for move detection and forward care-of address acquisition. There are different mobile service

requirements for home and foreign agents. On the whole, agent discovery operates in the same manner as

ICMP router discovery.

In move detection, mobile nodes should register their new care-of addresses with their HAs. A mobile node

discovers it has returned to its home network though agent advertisements from its HA. There are two

methods for movement detection. Method 1 is based on information in the lifetime field of the router

advertisement. Method 2 is based on comparing prefix-lengths extensions in agent advertisements.



Registration, routing, and security

Learning objectives:

identify how a mobile node requests services from a foreign network and communicates its location to the home agent.

identify the procedures that enable mobile nodes, foreign agents, and home agents to route data to and from a mobile node.

distinguish the types of security threats Mobile IP faces and what can be done to mitigate those threats.

D. Registration E. Routing considerations F. Security considerations

D. Registration

1. Registration purpose and procedures 2. Mobile IP registration considerations Summary

1. Registration purpose and procedures

Mobile IP enables mobile nodes roaming between IP networks to use the same IP address, ensuring the

mobile node is still reachable and that sessions or connections are not dropped because they are away from

the home network.

Mobile IP also enables the remote user to maintain on-going applications while roaming. These applications

include remote login and file transfer.

With Mobile IP, next-hop decisions are based on a mobile node's care-of address - current point of

attachment to the Internet - not on the IP address of the destination.

Registration messages exchange information between a mobile node and a home agent. This can be done

either directly or via a foreign agent.

Mobile IP registration enables a mobile node to:

inform its home agent of its care-of address



seek forwarding services from a foreign network

renew a registration

support several registrations at the same time

deregister specific care-of addresses

find the address of a home agent

deregister when it returns to its home network

inform its home agent of its care-of address

During registration, a mobile node can inform its home agent of its current care-of address. This can be a

foreign agent care-of address or a co-located care-of address.

seek forwarding services from a foreign network

A mobile node can request forwarding services from a foreign network, acquiring a temporary care-of address.

renew a registration

A mobile node can renew a registration that is due to expire.

support several registrations at the same time

A mobile node can support multiple registrations at the same time. This means that a copy of every datagram

can be tunnelled to each of the mobile node's care-of addresses.

deregister specific care-of addresses

A mobile node can deregister a specified care-of address and still retain its other mobility bindings.

find the address of a home agent

A mobile node can find the IP address of its home agent if it doesn't already have this information configured.

deregister when it returns to its home network

A mobile node can deregister when it returns to its home network. In fact, deregistering should take place only

after the mobile node has received an agent advertisement from its home agent indicating that it has returned

home and it has reconfigured its routing table for the home network.

In registration, a mobility binding is created at the home agent. This is when a mobile node's home address is

associated with its care-of address for a specified period of time. The mobile node keeps its own IP address.

Quizxii

What does Mobile IP registration allow a mobile node to do?

Options:

1. Deregister when it returns to its home network

2. Inform its home agent of the care-of address

3. Maintain multiple registrations simultaneously

4. Register a new home IP address

There are two registration procedures defined by Mobile IP - registering directly with a mobile node's home

agent or using a foreign agent to pass the registration to the mobile node's home.



Both procedures involve the exchange of registration request and registration reply messages.

A mobile node must register or deregister directly with its home agent when it returns to its home network.

A mobile node using a foreign agent care-of address must register via that foreign agent. The registration

process for using a foreign agent is as follows:

Step 1

Step 2

Step 3

Step 4

Step 1: The mobile node sends a registration request to the foreign agent.

Step 2: The foreign agent processes the registration request and passes it to the home agent.

Step 3: The home agent sends a registration reply to the foreign agent permitting or refusing the request.

Step 4: The outcome of the request is processed by the foreign agent and then forwarded to the mobile node.

A mobile node using a co-located care-of address must register directly with its home agent.

When registering directly with its home agent, a mobile node first sends a registration request to the home

agent. The home agent then sends a registration reply permitting or refusing the request.

Note

A mobile node using a co-located care-of address that receives an agent advertisement from a foreign agent

on the link used by the care-of address must register via that foreign agent if the 'R' bit is set in the received

agent advertisement message.

A mobile node uses a registration request message to register with its home agent, enabling the home agent

to create or modify a mobility binding for the mobile node.

The registration request can be sent directly to the home agent if the mobile node is registering a co-located

care-of address. Alternatively, the registration request can be sent via the foreign agent the mobile node is

registering with.

After it has sent the registration request message, the mobile node receives a registration reply from either

the home agent or the foreign agent.

If the mobile node requested service from a foreign agent, the foreign agent will receive a registration reply

from the home agent and forward it to the mobile node. This reply message informs the mobile node of the

status of its request and the lifetime permitted by the home agent. The lifetime permitted can be smaller

than the original request.



Quizxiii

Suppose a mobile node is registering its care-of address via a foreign agent. Rank the broadcast messages in the

order they are exchanged.

Option Description

A The registration request is passed on to the home agent

B The registration reply is sent to the foreign agent

C A registration request is sent to the foreign agent

D The registration reply is forwarded to the mobile node

Quizxiv

In which instances should you register a mobile node via a foreign agent?

Options:

1. If it is deregistering on its home network

2. If it is registering using a foreign care-of address

3. If it is using a co-located care-of address

4. If it is using a co-located care-of address and receives an advertisement with the R bit set

2. Mobile IP registration considerations

In Mobile IP registration, messages are exchanged directly between home agents and mobile nodes, or they

are exchanged via foreign agents.

Mobile node

Foreign agent

Home agent



Mobile node

A mobile node must be configured with its own home address, a mobility security association for each home

agent, and a network mask.

It can be configured with the IP address of one or more of its home agents. If the mobile node does not have

the IP address of the home agent, it must find a home agent.

The mobile node plays an active role in mobile registration, for instance, it initiates the registration requests

sent to home agents. It may also supply the care-of address when registering. If the mobile node supplies the

care-of address, it will also encapsulate and decapsulate all traffic to and from the home agent.

The mobile node is responsible for determining its location within the Internetwork and registering and

deregistering accordingly.

A mobile node should not attempt a new registration if its current registration has not expired and it is still

receiving agent advertisements from the foreign agent with which it is currently registered.

For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). A mobile node

must maintain the following information for each pending registration:

the link-layer address of the foreign agent to which the registration request was sent, in this case, 00-04-8A-03-

26-5E

the IP destination address of the registration request, in this case,172.16.8.1

the care-of address used in the registration, in this case, 172.16.8.1

the Identification value sent in the registration, in this example, 13

the originally requested lifetime, in this example,18000

the remaining lifetime of the pending registration, in this case,17521

The mobile node should register or reregister with a foreign agent if the mobile node detects that the foreign

agent has rebooted or that the current registration's lifetime is near expiration.

A mobile node can register with a different agent if transport layer protocols indicate excessive retransmission.

It should not register with a new foreign agent if it receives an ICMP redirect from a foreign agent that is

currently providing service to it.

Foreign agent

In Mobile IP registration, the foreign agent's role is a mostly passive one. Each foreign agent must be

configured with a care-of address. The foreign agent provides the care-of address and passes registration



requests between mobile nodes and home agents. When it provides the care-of address, the foreign agent

decapsulates datagrams that are delivered to the mobile node.

If the foreign agent is not detectable by link-layer means, it should occasionally send agent advertisement

messages to indicate that it is present.

The foreign agent keeps a visitor list entry for each pending or current registration. The information in the

visitor list is obtained from the mobile node's registration request.

For example, a mobile node (192.168.5.4) sends a request to the foreign agent (172.16.8.1). The FA's visitor list

entry contains the following information:

the link-layer source address of the mobile node, in this case, 00-07-8B-03-26-5E

the IP source address, in this case, 192.168.5.4

the IP destination address, in this case, 172.16.8.1

the UDP source port, in this case, 43

the home agent address, in this case, 192.168.5.1

the identification field, in this case, 13

the requested registration lifetime, in this case,18000

the remaining lifetime of the pending or current registration, in this case, 17521

Home agent

In registration, the home agent plays a reactive role, receiving registration requests directly from the mobile

node or a foreign agent. The home agent updates its record of the mobility bindings for the mobile node. It

then issues a registration reply accepting or rejecting each request.

A home agent should only transmit a registration reply when replying to a registration request received from a

mobile node. It must not generate a registration reply to indicate that the lifetime has expired.

The configuration requirements for a home agent include the following:

it must be configured with the IP address and prefix size of the home network

it must be configured with the home address and mobility security association of each mobile node it serves as a

home agent

The home agent must create - or modify - an entry in its mobility binding list for each of the authorized mobile

nodes. For example, a mobile node (192.168.5.4) has a foreign agent care-of address (172.16.8.1). The mobility

binding list entry must contain the mobile node's care-of address:172.16.8.1.

The mobility binding list entry must also contain the identification field from the registration reply, in this case

13, and the remaining lifetime of the registration, in this case, 17521.

Quizxv

Match each Mobile IP agent with the role it plays in IP registration.

Options:



1. It makes registration requests

2. It receives registration requests

3. It relays registration requests

Targets:

A. Foreign agent

B. Home agent

C. Mobile node

Quizxvi

Match each Mobile IP agent with its configuration requirements.

Options:

1. It must be configured with the IP address of the home network

2. It must be configured with its own IP address

3. It must be configured with a care-of address

Targets:

A. Foreign agent

B. Home agent

C. Mobile node

Quizxvii

Suppose a sales representative out on the road wants to download the latest product information from the home

network. The laptop is currently registered with a foreign agent (FA) with the IP address 10.5.4.3.

Identify the circumstances in which this mobile node should register with a new foreign agent.

Options:

1. When another foreign agent sends agent advertisement messages to it

2. When its current registration lifetime has expired

3. When it receives an ICMP redirect from the FA 10.5.4.3

4. When transport layer protocols indicate excessive transmissions

Summary

In Mobile IP registration, a mobile node's home address is associated, for a specified lifetime, with a care-of

address. This mobility binding can be created directly with the home agent by using a co-located care-of

address. Alternatively, a foreign agent can be used to relay the registration. Both procedures involve the

exchange of registration request and registration reply messages.

Also in Mobile IP registration, the mobile node plays an active role, initiating requests to home agents. The



foreign agent plays a passive role, relaying requests from mobile nodes and the home agent's replies. The

home agent plays a reactive role in the registration process. The registration requests are sent to the home

agent by a foreign agent, or are received directly from the mobile node. The home agent updates its mobility

bindings records accordingly and issues a registration reply accepting or rejecting the request.



E. Routing considerations

1. MN, FA, and HA considerations 2. Mobile routers Summary

1. Mobile Node, Foreign Agent, and Home Agent considerations

IGMP (Internet Group Management Protocol) is a communications protocol used by hosts and adjacent

routers on IP networks to establish multicast group memberships. IGMP is an integral part of IP multicast.

IGMP can be used for one-to-many networking applications such as online streaming video and gaming, and

allows more efficient use of resources when supporting these types of applications. IGMP is used on IPv4

networks. Multicast management on IPv6 networks is handled by Multicast Listener Discovery (MLD) which

uses ICMPv6 messaging in contrast to IGMP's bare IP encapsulation.

Proxy ARP (Address Resolution Protocol) is a technique by which a device on a given network answers the ARP

queries for a network address that is not on that network. The ARP Proxy is aware of the location of the

traffic's destination, and offers its own MAC address in reply, effectively saying, "send it to me, and I'll get it

to where it needs to go." Serving as an ARP Proxy for another host effectively directs LAN traffic to the Proxy.

The "captured" traffic is then typically routed by the Proxy to the intended destination via another interface

or via a tunnel.

The process which results in the node responding with its own MAC address to an ARP request for a different

IP address for proxying purposes is sometimes referred to as 'publishing'.

In Mobile IP registration, a mobile node (MN) informs its home agent (HA) of its current location by

registering – or deregistering – its care-of address. The mobile node can register via a foreign agent (FA) or

register directly with its home agent using a co-located care-of address.

Any datagrams addressed to a (registered) mobile node visiting a foreign network are routed first to its home

network. The home agent intercepts and sends back these datagrams to the mobile node's care-of address.

After a mobile node has informed its home agent of its current location, all packets sent to or from the

mobile node are routed by the foreign agent or home agent, maintaining the appearance that it is still on its

home network.

Mobile node

Foreign agent



Home agent

Mobile node

A mobile node connected to its home network does not use mobility services and operates as a fixed host or

router.

The rules a mobile node follows when selecting a default router on a foreign network depend on whether the

mobile node has registered directly with the home agent or via a foreign agent.

A mobile node registered using a co-located care-of address – registered directly with its home agent – should

select a default router from the list of router addresses advertised in any ICMP router advertisement message

that it receives. This should happen only if the externally obtained care-of address and the router address

match under the network prefix.

A mobile node registered using a foreign agent care-of address must select a default router from the router IP

addresses advertised in the ICMP router advertisement portion of the agent advertisement message.

The mobile node can also choose the IP source address of the agent advertisement as the address of the

default router, for example, if the list of router addresses in the ICMP router advertisement portion is empty.

The lowest preference for a default router is the IP source address.

If the network prefix of the mobile node's co-located care-of address and the IP source address of the agent

advertisement match, the mobile node can choose the IP source address as the IP address of the default

router. The IP source address must be considered as the lowest preference for the default router.

The network prefix – if present – can be obtained from the Prefix-Lengths Extension in the router

advertisement.

To receive multicasts, a mobile node must join a multicast group. The mobile node can join the group via a

local multicast router – if there is one present – on the visited subnet. A mobile node using a co-located care-

of address should use this address as the source address of its IGMP messages. Otherwise, it must use its

home address.

The mobile node can join a multicast group via a bidirectional tunnel to its home agent, provided the home

agent is a multicast router.

The mobile node sends IGMP messages to its home agent, and the home agent forwards the multicast

datagrams down the tunnel to the mobile node.

Foreign agent

When a foreign agent (FA) receives an encapsulated datagram that was sent to its advertised care-of address,

it compares the destination to the entries in its visitor list (a list of addresses of the currently registered mobile

nodes). If it finds a match, the FA decapsulates the datagram and forwards it to the mobile node.

For example, a correspondent node on the home network sends a datagram with the mobile node's address

(192.168.5.4) to the home agent (192.168.5.1). The home agent adds the foreign agent's address (172.16.8.1)

and sends the datagram on to the foreign agent. The foreign agent (172.16.8.1) compares the address

(192.168.5.4) to its visitor list and finds a match. It sends the datagram to the mobile node using layer 2



addressing.

If there is no matching entry in the visitor list, the FA should discard the datagram. An example of when this

might occur is when a mobile node leaves the foreign network and registers either with another foreign

network or returns to its own network.

When the FA is unable to forward an incoming tunneled datagram, it must not send ICMP destination

unreachable messages as this could prevent legitimate traffic from reaching its destination. The foreign agent

must not advertise the presence of a mobile router to other mobile nodes or to any other routers in its routing

domain.

The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram

from a registered mobile node, the FA must follow this procedure.

The foreign agent (FA) must route all datagrams received from a registered mobile node. To route a datagram

from a registered mobile node, the FA must follow the following procedure:

In the first step, it verifies the IP header checksum of the datagram.

In the second step, it decrements the IP time-to-live of the datagram.

In the third step, it recomputes the IP header checksum of the datagram.

In the fourth step, it sends the datagram to a default router.

In the fifth step, the FA should also send an ICMP redirect message back to the mobile node. This step is

optional, but it is recommended if the FA is not the default router.

Home agent

When the mobile node is away from home, the home agent (HA) must be able to intercept any datagrams

addressed to the mobile node – using gratuitous or proxy ARP to do this – on the home network. For example,

a sales representative when travelling can download any e-mail addressed to them from a file server.

With gratuitous ARP, an ARP packet – either an ARP request or an ARP reply packet – is sent by a node in order

to cause other nodes to update an entry in their ARP cache.

The ARP packet has to be transmitted as a local broadcast packet on the local link. Any node receiving the ARP

packet – and with an entry for that IP address already in its ARP cache – must update its local ARP cache with

the sender protocol and hardware addresses specified in the ARP packet.

With proxy ARP, a node that is either unable or unwilling to answer its own ARP requests can use another

node to send an ARP reply on its behalf.

The sender of a proxy ARP reverses the Sender and Target Protocol Address fields, typically supplying its own

configured link-layer address in the Sender Hardware Address field.

The node receiving the ARP reply associates this link-layer address with the IP address of the original target

node. It then transmits all future datagrams for the target node to the node with that link-layer address.



The IP addresses of all arriving datagrams must be examined by the HA and compared to the home addresses

of any of its mobile nodes that are currently registered away from home. Any matching datagrams are

tunneled to the mobile node's currently registered care-of address or addresses.

When a home agent supports multiple simultaneous mobility bindings (an optional facility), it tunnels a copy of

the datagram to each care-of address in the mobile node's mobility binding list.

The home agent assumes a mobile node is at home if it has no current mobility bindings and forwards the

datagram directly onto the home network.

A home agent must forward received broadcast datagrams to the mobile nodes in its mobility binding list that

have requested this facility.

It must not forward the datagram to any of the other mobile nodes in its mobility binding list.

Quizxviii

Suppose a mobile node is registered directly with its home agent and is using a co-located care-of address.

Identify the rules used to select a default router for this mobile node.

Options:

1. It can select an IP address from the list of router addresses given in the ICMP router advertisement portion of

the agent advertisement message

2. It can select the IP source address of the agent advertisement

3. It must select a default router from the addresses advertised in the ICMP router advertisement of the agent

advertisement message

Quizxix

Suppose a foreign agent receives a datagram and cannot find the IP address of the destination in its visitor list.

Identify the actions the foreign agent should take.

Options:

1. It should discard the datagram

2. It should forward the datagram to the mobile node

3. It should modify the IP header of the datagram

4. It should refrain from sending an ICMP "destination unreachable" message

Quizxx

A home agent processes datagrams addressed to a mobile node registered away from home on the home

network.



Identify the characteristics of how the home agent processes datagrams.

Options:

1. It can send to several FAs (multiple routers)

2. It checks its mobility bindings if the node is away from home

3. It never forwards broadcast datagrams

4. It sends gratuitous ARP to discover the location of the mobile node

Quizxxi

Suppose a mobile node is registered using a foreign agent care-of address (10.5.4.3). The mobile node receives an

ICMP router advertisement from 10.5.4.3 containing the router address 10.5.4.12. The mobile node then receives

an ICMP router advertisement from another router with the IP address 10.5.4.5.

What is the preferred default router IP address for this mobile node?

Options:

1. 10.5.4.12

2. 10.5.4.3

3. 10.5.4.5

2. Mobile routers

A mobile node can also be a router responsible for the mobility of a network or networks moving together,

for example, on an airplane or a train.

The nodes connected to a mobile network can be fixed nodes, mobile nodes, or routers. A mobile node can

also act as a foreign agent, providing a foreign agent care-of address to mobile nodes connected to the

mobile network.

For example, Helen, a teleworker, wants to connect to her home network to download her email. She

connects her laptop – mobile node – to a network port on a bus. The laptop registers on this foreign network

using a foreign agent care-of address (172.16.8.1).

The bus's foreign agent sends an agent advertisement enabling the care-of address to be picked up.



The network on the bus is also a mobile network. The foreign agent – router (172.16.8.1) – on the bus can

serve as a default router connecting the bus network to the rest of the Internet. This router's home agent

(172.16.8.15 ) is a node on the fixed network at the bus company's headquarters.

When the bus is in transit, the router (172.16.8.1) registers via a radio link to other foreign agents. When the

bus is at home, this router attaches to the bus' home network.

There are a number of steps involved in routing to a mobile node via a mobile router on a mobile network .

Suppose a correspondent node sends a datagram to Helen, using her laptop's home address (192.168.5.4).

On the home network, the laptop's home agent (192.168.5.1) intercepts and sends the datagram to the

laptop's care-of address (172.16.8.1). This is the IP address of the foreign agent – the router on the bus, in

this example.

The datagram is then sent using normal IP routing methods to the fixed network at the bus company's

headquarters.

The router in the bus company's headquarters (172.16.8.15) – that is also the foreign agent's home agent –

intercepts the datagram and sends it to the bus router's care-of address, for example, the foreign agent

(10.5.4.3) on the bus route.

This datagram has now been encapsulated by the laptop's home agent and by the bus' home agent.

The bus' foreign agent (10.5.4.3) decapsulates the datagram and sends it via a radio link to the bus. The

datagram is still encapsulated with the laptop's home agent (the destination address of the laptop's care-of

address).

Finally, the foreign agent (172.16.8.1) on the bus decapsulates the datagram. The datagram now has the

destination address of the datagram, that is, the laptop's home address (192.168.5.4).

The foreign agent on the bus then delivers the datagram over the bus network to the laptop's link-layer

address.

Quizxxii

A sales manager on a flight connects to the home network using the aircraft's network. A datagram is sent to a

laptop's home address (192.168.5.4). The laptop's foreign agent care-of address is the aircraft's router (10.5.4.3).

The aircraft's router also has a foreign agent care-of address (188.1.6.10).

Rank the steps involved in sending this datagram over the aircraft mobile network.

Options

Option Description



Options

Option Description

A The aircraft's foreign agent care-of address (188.1.6.10) sends the datagram to the

aircraft

B The aircraft's router (10.5.4.3) decapsulates and sends the datagram to the laptop

C The datagram is sent to the airline headquarters, where it is forwarded to the

aircraft's care-of address (188.1.6.10)

D The laptop's home agent sends the datagram to the laptop's care-of address (10.5.4.3)

Quizxxiii

Suppose a reporter on a cycling tour has a laptop (192.16.2.15). Router A, (192.16.2.1) advertises the address for

router B in a mobility agent advertisement.

If the laptop is using the Router A address of 192.16.2.1 as its default gateway, which can we assume?

Options:

1. All datagrams from the home agent are decapsulated by the foreign agent

2. All datagrams from the home agent are decapsulated by the mobile node

3. The advertised router was not on the same subnet

4. The mobile node is using a foreign agent's care-of address

If a fixed node has a mobile network as its home network, its home agent can be configured to have a

permanent registration for this fixed node, indicating the mobile router's address as the fixed host's care-of

address. Any datagrams sent to the fixed node will use recursive tunneling. The home agent – usually a

mobile router's home agent – is responsible for advertising connectivity using normal routing protocols to the

fixed node.

An alternative method – that avoids the need for recursive tunneling of datagrams – is when the mobile

router advertises the connectivity to the mobile network using normal IP routing protocols via a bidirectional

tunnel to its own home agent.

Summary

A mobile node can select a default router from the router IP addresses advertised in the ICMP router

advertisement portion of that agent's advertisement message. When a foreign agent receives an

encapsulated datagram, it compares the destination to the entries in its visitor list. If there is no matching



entry, the datagram must be discarded. When the mobile node is away from home, the home agent

intercepts any datagrams on the home network that are addressed to the mobile node and forwards them to

the mobile node's care-of address.

A mobile node can also be a router responsible for the mobility of a network. It can act as a foreign agent

providing a foreign agent care-of address to mobile nodes connected to this mobile network. The nodes

connected to this mobile network can be fixed nodes, mobile nodes, or routers



F. Security considerations

Introduction Threats to Mobile IP Mitigating the threats to Mobile IP Summary

Introduction

Mobile IP has become important for the average consumer and for businesses. Mobile IP standards are ever

improving, as are the services offered by service providers. Because of this, more efficient services and

applications are available to mobile users. In business, key employees can be kept up to date with critical

information, which results in improved customer service and, ultimately, in improved customer relations.

Mobile IP allows consumers to communicate and to avail of a variety of services, such as instant messaging

and SMS alerts to their cellular phones with, for instance, the latest traffic reports or sports results.

With the development of large open networks – networks with access to the Internet, and other private and

public networks – threats to security have increased and more security vulnerabilities have been discovered.

The technical knowledge required to hack a network has become more widely available and hacking tools are

more user friendly.

Because of the way Mobile IP operates, the transfer of information is vulnerable in terms of security. The

registration process in itself is vulnerable because, typically, mobile computers are connected to the network

via wireless links. When mobile nodes on foreign networks register with their home networks via wireless

links, they are vulnerable to attacks such as passive eavesdropping and active replay. This means that

authentication mechanisms in Mobile IP registration need to be particularly strong. For example, service

providers need to authenticate messages sent between foreign agents and home agents to ensure only

legitimate customers are provided with service and to enable billing.

Threats to Mobile IP

Specific threats to Mobile IP include the following:

denial-of-service attack

passive eavesdropping

session-stealing attack

replay attack

Denial-of-service attack

A denial-of-service (DoS) attack is specifically designed to disrupt the normal functioning of a system by

destroying or modifying data, or by overloading the system's servers. The organization (or user) is then

deprived of services such as e-mail or perhaps the temporary loss of all network connectivity and services.

One type of DoS is a nuisance packet attack (TCP SYN flooding). This type of attack can be quite difficult to

prevent because a sender can spoof the source address. However, the service provider can use ingress

filtering in routers to make sure the IP source address of a packet is authenticated before it is forwarded.



Another type of DoS attack precludes packets from flowing between two nodes. For example, an attacker –

who must be on the path between the two nodes – creates a bogus registration request, giving a personal IP

address as the care-of address for a mobile node. This means the mobile node's home agent will send all

packets to the attacker.

This type of attack can be prevented if there are cryptographically resilient authentication procedures

between a mobile node and its home agent. KEYED MD5 is the default algorithm used, drawing on RFC 1321

to provide secret-key authentication and integrity checking. Although all mobile nodes must sustain this

algorithm, Mobile IP does enable a mobile node to use different types of authentication.

Passive eavesdropping

Theft of information can occur when an attacker accesses network packets that come across the network to

which he is attached (man-in-the-middle attack), typically by using network packet sniffers and routing and

transport protocols. Encryption is a common way of preventing a passive eavesdropping (or theft-of-

information) attack, protecting the data from being accessed by unauthorized persons. Link-layer encryption

is commonly used between a mobile node and its foreign agent of a wireless link where all packets

exchanged over the link are encrypted. Because no physical connection is required, it can be easier to snoop

on a wireless link.

End-to-end encryption, where the data is encrypted and decrypted at the source and destination, is the most

thorough method of protecting the data. Secure Sockets Layer (SSL), Secure Copy (SCP), and Secure Shell

(SSH) are examples of Internet-based applications that provide end-to-end protection. Other application

programs that do not provide for encryption can use Encapsulating Security Payload RFC (1827) for end-to-

end encryption.

Session-stealing attack

A session-stealing attack is when an attacker pretends to be a legitimate node and captures a session. The

attacker waits for a valid node to authenticate itself and initiate an application session. The attacker then

transmits numerous nuisance packets to prevent the node from recognizing that the session has been

captured. Session-stealing attacks can be prevented by end-to-end and link-layer encryption.

Replay attack

A replay attack is when an attacker obtains and stores a copy of a legitimate registration request and replays

it later to create a forged care-of address for a mobile node. To prevent this, a mobile node produces a

unique value for the Identification field for each successive registration. The Identification field allows the

home agent to ascertain what the subsequent value should be. The attacker is therefore hampered because

the home agent will be able to identify the Identification field in the stored registration request as outdated.

Mitigating the threats to Mobile IP

The registration process of Mobile IP requires strong authentication procedures as it offers many

opportunities for malicious intervention. Any sensitive data that is transferred should be encrypted. If

location privacy is required, mobile nodes can connect to their home network via a tunnel. The home agent

forwards any packets sent to the mobile node to its care-of address and so the mobile node still appears to

be on the home network.



Cryptography

Cryptography is one of the main methods used to maintain confidentiality, that is, to ensure sensitive data is

viewed only by users who are authorized. Cryptography involves the use of cryptographic algorithms and the

exchange of either public or secret keys to ensure only authorized parties can decrypt information. There are

two main categories of cryptographic algorithms: secret-key algorithms – where both the sender and receiver

use the same key – and public-key algorithms. With public-key algorithms, a pair of related keys are used, one

by the sender and the other by the receiver. One of these keys is published publicly and the other is kept

private.

The information is authenticated using either private-key (secret-key) or public-key encryption. There are two

categories of private-key encryption, one utilizes a type of cryptographic algorithm called a message digest (a

fixed-length piece of data computed from a large piece of data), whereas the other category uses the same

algorithms used to execute private-key encryption.

There are also two categories of public-key authentication – one method uses a similar method to secret-key

authentication, except it uses public-key encryption. The other type of public-key authentication uses digital

signatures. A public-key conversion is performed on a plain-text message, using the private key, and the

resulting ciphertext is called a digital signature. Only the sender has the key, which means the sender cannot

later deny having sent this information (non-repudiation). If necessary, the message, the time stamp, and a

message digest confirming that the message has not been altered in transit (integrity checking) can be re-

sent.

Problems with ARP

In Mobile IP registration, a mobility binding is created at the home agent where a mobile node's home

address is associated with its care-of address for a specified lifetime. If registration was not authenticated

properly, this tunneling feature could prove to be a significant security vulnerability. It also means Address

Resolution Protocol (ARP) was not authenticated, and could potentially be used to steal another host's traffic.

If Gratuitous ARP is used, where an ARP packet sent by a node in order to spontaneously cause other nodes

to update an entry in their ARP cache, then all the risks associated with ARP will also need to be factored in.

For these reasons, it is imperative that home agents and mobile nodes perform authentication.

Authentication

Mobile nodes and home agents must be able to perform authentication. There are several factors that

determine the strength of an authentication mechanism. These include the strength and secrecy of the key

used, the strength of the authentication algorithm, and the quality of the implementation. The default

algorithm used by home agents and mobile nodes for message authentication is HMAC-MD5 with a key size

of 128 bits. The foreign agent must support authentication using HMAC-MD5 with manual key distribution of

key sizes of 128 bits or greater. It must also support keys with arbitrary binary values.

When producing and verifying the authentication data supplied with Mobile IP registration messages, new

implementations of Mobile IP should use MD5 as one of the additional authentication algorithms. This is

because the "prefix + suffix" use of MD5 to protect data is considered vulnerable to attack. However, the use

of keyed MD-5 does not mean other authentication algorithms and modes cannot be used. Keyed MD-5

authentication should use a 128-bit key that is both secret and pseudo-random.



Key distribution in a Mobile IP network can often be a difficult task due to the absence of a network key

management protocol. Because of this, some messages sent to the foreign agent do not require

authentication.

Firewalls

A Firewall is a device that protects the resources of a private network from an untrusted public network such

as the Internet. There are several different types of firewall. Firewalls use secure logon procedures and

authentication certificates to allow mobile users remote access to the private network.

Common security policies such as ingress filtering – where routers do not forward packets that appear to

have a topologically incorrect source address – can prove to be problematic in Mobile IP networks. For

example, a router running firewall software could block incoming packets from a mobile node trying to

contact a node on its home network. The firewall blocks this node as it is trying to enter the intranet using

the address of a machine inside the intranet. However this mobile node is trying to access the home network

using its own home address. To counteract this problem, a mobile node can use the foreign agent supplied

care-of address as the source address – this is called reverse tunneling. Reverse tunneled packets can pass

normally through routers that use ingress filtering, and the ingress filtering rules can still locate the true

source of the packet in the same way as packets from non-mobile nodes.

Replay protection

To prevent a replay attack, a mobile node produces a unique value for the Identification field for each

successive message. There are two methods used to interpret Identification fields – time stamps and nonces.

All mobile nodes and home agents must implement replay protection based on time stamps. Nonce-based

replay protection is optional.

With time stamp replay protection, the node generating a message inserts the current time of day. The node

receiving the message checks that this time stamp is sufficiently close to its own time of day. The value used

to limit the time difference should be greater than three seconds – the default value is seven seconds. These

nodes must have adequately synchronized time-of-day clocks.

With nonce replay protection, a node – node A – includes a new random number in every message it sends to

another node – node B. Node A then checks that node B returns that same number in its reply. Both

messages use an authentication code to protect against alteration by an attacker.

As part of the mobile security association, a mobile node and its home agent have to agree on the method of

replay protection that will be used. The low-order 32 bits of the identification has to be copied unchanged

from the registration request to the registration reply regardless of which method is used. The foreign agent

uses the mobile node's home address and the low-order 32 bits to match registration requests with

corresponding replies. The mobile node has to verify that the low-order 32 bits of any registration reply are

identical to the bits it sent in the registration request. The identification used in a new registration request

cannot be the same as the preceding request. Re-transmission is allowed, but a request shouldn't be

repeated while the same security context is being used between the mobile node and the home agent.



Summary

Security in Mobile IP networks needs to address a number of different issues to fixed networks. Specific

threats to Mobile IP include denial-of-service attacks, passive eavesdropping, replay attacks, and session-

stealing attacks. Confidentiality can be maintained by using cryptographic algorithms and the exchange of

either public or secret keys to ensure only authorized parties can decrypt information. There are two main

categories of cryptographic algorithms: secret-key algorithms and public-key algorithms.

Security methods such as end-to-end and link-layer encryption, enabling ingress filtering in routers, and the

use of time stamp-based replay protection and nonce-based replay protection are common protective

measures used in Mobile IP.



G. Conclusion

IP Mobility Requirements

The requirements for an IP mobility solution can be generalized to a few key aspects. To make a fair comparison of existing solutions and clearly understand the added benefit of the LISP Host Mobility solution, we will quickly touch on the different functional aspects that must be addressed in an IP mobility solution.

• Redirection The ultimate goal of IP mobility is to steer traffic to the valid location of the end-point. This aspect is generally addressed by providing some sort of re-direction mechanism to enhance the traffic steering already provided by basic routing. Redirection can be achieved by replacing the destination address with a surrogate address that is representative of the new location of the end-point. Different techniques will allow the redirection of traffic either by replacing the destination's address altogether or by leveraging a level of indirection in the addressing such as that achieved with tunnels and encapsulations. The different approaches impact applications to different degrees. The ultimate goal of IP mobility is to provide a solution that is totally transparent to the applications and allows for the preservation of established sessions, as end-points move around the IP infrastructure.

• Scalability Most techniques create a significant amount of granular state to re-direct traffic effectively. The state is necessary to correlate destination IP addresses to specific locations, either by means of mapping or translation. This additional state must be handled in a very efficient manner to attain a solution that can support a deployable scale at a reasonable cost in terms of memory and processing.

• Optimized Routing As end-points move around, it is key that traffic is routed to these end-points following the best possible path. Since mobility is based largely on re-direction of traffic, the ability to provide an optimal path is largely a function of the location of the re-directing element. Depending on the architecture, the solution may generate sub-optimal traffic patterns often referred to as traffic triangulation or hair-pinning in an attempt to describe the unnecessary detour traffic needs to take when the destination is mobile. A good mobility solution is one that can provide optimized paths regardless of the location of the end-point.

• Client Independent Solution It is important that the mobility solution does not depend on agents installed on the mobile end-points or on the clients communicating with these end-points. A network based solution is highly desirable and is key to the effective deployment of a mobility solution given the precedent of the large installed base of end-points that cannot be changed or managed at will to install client software.

• Address Family Agnostic Solution The solution provided must work independently of IPv4 or IPv6 end-points and networks. Since mobility relies on the manipulation of the mapping of identity to location, address families with lengthier addresses tend to provide alternatives not available with smaller address spaces. These address dependent solutions have limited application as they usually call for an end to end deployment of IPv6. To cover the broad installed base of IPv4 networking and end-points, the ideal solution should work for IPv4 or IPv6 independently.

Mobile IPv4

Mobile IP is defined for IPv4 in IETF RFC 3344. Basically mobile IPv4 provides a mechanism to redirect traffic to a mobile node whenever this node moves from its "Home Network" to a "Foreign Network." Every host will have a "Home Address" within a "Home Network" which is front-ended by a router that acts as a "Home Agent" and that advertises the "Home Network" into the routing protocol. Traffic destined to the "Home Address" will always be routed to the "Home Agent." If the mobile node is in its "Home Network" traffic will be forwarded directly in the data plane to the host as per regular routing. If the host has moved to a "Foreign Network", traffic will be IP tunnelled by the "Home Agent" to a "Care-of- Address" which is the address of the gateway router for the "Foreign Network."



With Mobile IPv4 there is always a triangular traffic pattern. Also, Mobile IPv4 does not offer a solution for multicast. Since the mobile node is usually sourcing traffic, if the Foreign Agent is not directly connected, there is the need for host route injection at the foreign site to get RPF to work. In addition, multicast traffic from the mobile node has to always hairpin through the home agent since the distribution tree is built and rooted at the "Home Agent."

Mobile IPv6

IETF RFC 3775 defines mobility support in IPv6. IPv6 takes a step beyond IPv4 mobility and provides optimal data paths between server and client. The process in IPv6 is similar to that of IPv4 with a few additions.

Rather than having the Home Agent always redirect the traffic to the Care-of-Address (CoA) for the server that has moved, the Home Agent is taken out of the data path by distributing the CoA to Home Address Binding information to the client itself. Once the client has the CoA information for a particular server, it can send traffic directly to the CoA rather than triangulating it through the Home Address. This provides a direct path from client to server.

Although Mobile IPv6 provides direct path routing for mobile nodes, it is limited to IPv6 enabled end-points, it requires that the entire data path be IPv6 enabled, and it also requires that the end-points have IPv6 mobility agents installed on them.



H. Glossary

Abstract Syntax Notation One

See ASN.1.

access router

An edge router equipped with and potentially connected to a range of base station technologies.

ACID

Acronym for atomicity, consistency, isolation, and durability – the four properties that all transactions should possess.

administrative relationship

The interaction between the different devices that use SNMP. For example, how the node interacts with the MIB and the

agent.

agent

A software program run by the remote monitoring device in an RMON configuration.

agent advertisement

An advertisement message constructed by attaching a special extension to a router advertisement message.

agent discovery

A process in Mobile IP where a mobile node discovers its foreign agent and home agent.

agent solicitation

The same as router solicitation, except that the IP TTL must be set to 1.

Application Protocol Data Unit

See APDU.

architecture

Structure that addresses how changes to the configuration of a device are effected, how management information is

transmitted, and how management information is written.

ASN.1

Abbreviation for Abstract Syntax Notation One, a notational standard governing the communication of multi-vendor

devices.

authentication

In network communication, the process of verifying that a sender or receiver of data is who they say they are.

base station

Cellular IP nodes that communicate with mobile hosts via a wireless interface.

Basic Encoding Rules

Encoding rules that use bit patterns (1s and 0s) to represent values, so that the receiving application can recognize them.

BER

See Basic Encoding Rules.

break

In EMA, when a mobile host severs a connection with an access router.

Card Validation Code/Card Verification Value

Three-digit or four-digit security code that is printed on the back of some cards, typically the last three digits in a row, on

the signature panel.

care-of address

An IP address acquired by a mobile node while operating in a foreign network.

Cellular IP

A protocol that provides mobility and handoff support for frequently moving hosts.

Cellular IP node

Interconnected nodes that make up Cellular IP Networks. They route IP packets and communicate with mobile hosts via a

wireless interface.

check digit

The algorithm used to detect keystroke errors when a charge card number is entered on a web site.



chip & PIN

A secure card payment system where a microchip on the cardholder's debit or credit card stores the user's card data. In a

transaction, the cardholder inserts her card into a special card reader, inputs the transaction details, and then inputs a

personal identification number (PIN) instead of signing a receipt.

CHIPS

Acronym for Clearing House Interbank Payment System, an example of a clearing house system where transactions

between members of a clearing channel are recorded.

client

The application that runs on the network management station and presents RMON information to the user.

co-located care-of address

An IP address acquired by a mobile node while operating in a foreign network from an external source or a permanent IP

address owned by the mobile node used only in foreign networks.

community profile

The association of an access mode with a MIB view.

CVC2

See Card Validation Code.

CVV2

See Card Verification Value.

CyberCash

An electronic payment system that enables credit cards to be used securely over the Internet. The customer registers their

credit card with CyberCash. The merchant receives an encrypted version of the customer's credit card number, and sends

this to CyberCash for verification.

DigiCash

An electronic payment system developed by Doctor David Chaum and based on a system of digital tokens called digital

coins.

DigiCash mint

An institution that mints and receives digital coins.

digital certificate

Certificate used to prove the identity of communicating parties (authentication) and ensures the sender and receiver

cannot later deny having sent or received a SET message (non-repudiation).

digital coins

Also known as e-cash, in a DigiCash transaction, digital coins (or digital tokens) are created by the user and digitally signed

by a DigiCash mint. The digital coins are cashed in a DigiCash mint or exchanged with other users. These digital coins are

backed by a currency that the digital mint has on deposit.

digital signature

Signature contained in a digital certificate and used by SSL to authenticate the client and server.

eBill

A paperless bill that is accessed on the Internet rather than delivered by traditional mail. Customers set up an eBill account

with a web site from which they can view, pay, and track the history of all bill payments. The system allows customers to

set up recurring payments and reminders and guarantees payment direct from the account of their selection.

eCheck

Electronic representations of paper checks that operate using the same principles, but are used over the Internet and

email.

e-commerce

Abbreviation for electronic commerce, the conducting of business communications and fund transfers over networks and

through computers.

Edge Mobility Architecture

See EMA.

EFT

Abbreviation for electronic funds transfer, an electronic commerce system now so pervasive that the net value of all

electronic transfers exceeds the total value of all physical cash used.



electronic funds transfer

See EFT.

EMA

Acronym for Edge Mobility Architecture. It is a combination of traditional intra-domain routing protocols and the MANET

protocol.

escrow

Money, property, deed, or bond put into the custody of a third party (an escrow service) for delivery to a grantee after the

specified conditions of the transaction have been fulfilled.

e-wallet

Abbreviation for electronic wallet, a plug-in application that stores SET digital certificates and information about the

customer's credit cards and contact details.

FA

Abbreviation for foreign agent, a router on the foreign network that the mobile node is visiting. The foreign agent provides

routing services to the mobile node while the mobile node is registered with it, that is, the foreign agent detunnels and

delivers datagrams to the mobile node that were tunneled by the mobile node's home agent.

fast handoff

An improved handoff process and action of maintaining active transmission when there is a change in the transmission

address of a mobile host. Fast handoff ensures reduced packet loss.

fault

An abnormality that may result in the failure of a device

foreign agent

See FA.

gateway foreign agent

See GFA.

Gator digital Wallet

A pre-packaged registration application, user details are stored encrypted on the user's PC in a Gator digital wallet. The

Gator digital wallet can simplify online registration by automatically filling out forms with these details.

GetNextRequest

A PDU used by managers to traverse arrays and MIB trees.

GetRequest

A PDU issued by an NMS application to an agent to retrieve a specific, single value from a MIB.

GetResponse

A PDU sent by agents in reply to GetRequest, GetNextRequest, or SetRequest PDU messages.

GFA

Acronym for gateway foreign router. A router that provides TeleMIP mobility services to mobile nodes on foreign

networks.

handoff

The process and action of maintaining active transmission when there is a change in the transmission address of a mobile

host.

Handoff Aware Wireless Access Internet Infrastructure

See HAWAII.

handshake

The beginning of an SSL session between a client and a server. The SSL handshake begins when the client sends its version

number, cipher settings, and other information to the server.

HAWAII

Acronym for Handoff Aware Wireless Access Internet Infrastructure. In IP mobility, it supports mobility by using a domain-

based approach.

hierarchical

This refers to the arrangement of the different agents in a mobile network.

Hierarchical Mobile IP



A protocol that supports movement of mobile nodes in foreign and networks.

home address

An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where

the node is attached to the Internet.

home agent

A router on a mobile node's home network that tunnels datagrams for delivery to the mobile node when it is away from

home. It also maintains current location information for the mobile node.

hybrid card

A type of smartcard that combines elements of contact and contactless smartcards.

ICMP

Internet Control Message Protocol, a network layer Internet protocol that reports errors and provides other information

relevant to IP packet processing. This protocol is defined in RFC 792.

IDMP

Acronym for Intra-domain Mobility Management Protocol, a protocol that supports routing of data to a mobile device

from outside its domain.

Internet Protocol Time to Live

See IP TTL.

intra-domain

Communication is maintained between domains.

Intra-domain Mobility Management Protocol

See IDMP.

IP TTL

Acronym for Internet Protocol Time to Live, a field in Internet Protocol (IP) that specifies how many more hops a packet

can travel before being discarded or returned.

link

A facility or medium over which nodes can communicate at the data-link layer. A link underlies the network layer.

link-layer address

An address, usually an interface's MAC address, used to identify an endpoint of communication over a physical link.

Luhn algorithm

Algorithm based on modulus 10, and on which the credit card check digit algorithm is based.

make

In EMA, when a mobile host establishes a connection with an access router.

managed object

A software abstraction of a resource that can be managed across an OSI network. It can be a logical or physical network

component, such as a hard drive, network router, database system, or operating system component.

Management Information Base

See MIB.

MANET

Acronym for Mobile Ad hoc NETwork, a protocol where mobile nodes have a permanent IP address and rapidly roam in an

ad hoc topology.

MasterCard PayPass

A dual interface card with built-in chip technology as well as a standard magnetic stripe. In PayPass-accepting retail

locations, the user can pay with one touch of the card. The user's payment card details are sent via short-range radio

waves to the specially equipped PayPass terminals. The card can also be used in the traditional manner (by swiping the

magnetic stripe).

MD5

Acronym for Message Digest 5, a hashing algorithm invented by Ronald Rivest. It produces a fixed output or message digest

of 128 bits and is used for message authentication in SNMPv2. It verifies the integrity of the communication, authenticates

the origin, and checks for timeliness.

MER



Acronym for Mobile Enhanced Routing, the provision of a modified intra-domain routing protocol providing prefix-based

routing in a domain, and host routes for movement away from the home domain.

MIB

Abbreviation for Management Information Base. A virtual information store that allows a network management system

(NMS) to query and configure all of the managed objects on a managed device, for example, a router or switch.

MIB tree

A structure that groups MIB objects in a hierarchy and uses an abstract syntax notation to define manageable objects.

MicroMint

An electronic payment system designed for unrelated low-value payments. MicroMint coins are generated by a broker and

sold to users who then exchange these coins with other users. The identity of the user is embedded in the hash key values

of the MicroMint coin.

micromobility

Protocols designed to overcome the limitation imposed by mobile IP.

Mobile Ad hoc NETwork

See MANET.

Mobile Enhanced Routing

See MER.

mobile host

A host connected to the Internet via a wireless interface that changes its position frequently.

Mobile IP

An open standard, defined by Internet Engineering Task Force (IETF) RFC 2002, that allows users to keep the same IP

address, stay connected, and maintain on-going applications while roaming between IP networks.

mobile node

A host or router that changes its point of attachment from one network or subnetwork to another. A mobile node can

change its location without changing its IP address. If link-layer connectivity to a point of attachment is available, the

mobile node can communicate with other Internet nodes at any location using its home IP address.

mobility agent

Either a foreign agent or home agent used in Mobile IP networks.

Mondex card

A contact smart card that holds the equivalent of cash. Cash is stored on an integrated circuit (IC) on the smart card and

can be securely transferred from one IC to another. Unlike other payment cards, a Mondex card requires no signature, PIN,

or transaction authorization.

NACHA

Acronym for National Automated Clearing House Association. Established in 1974, NACHA forms a link between regions for

the ACHs and provides a nationwide electronic payment and collection network among US financial institutions.

NMS

Abbreviation for network management station, a device that sends queries or requests to agents. Also an abbreviation for

network management system, a collection of devices and software used to monitor and manage network devices.

node

A station on a network that communicates with the network management station.

nonce replay protection

A method of replay protection. A random value is included in data exchanged between nodes to help detect and protect

against replay attacks.

notational system

A category of electronic commerce in which the electronic information transferred is an instruction to change the

accounting information in a ledger, such as a credit card company's records. The monetary value is in the ledger, not in the

instruction.

object

An instance of the data structure and behaviour defined by the object's class.

object group

A group used to define and categorize a managed object.



octet

A set of 8 bits, used instead of the term "byte".

paging

Paging areas consist of a collection of subnetworks or base stations. When a mobile device moves within a paging area, it

doesn't have to re-register with the network. It only registers when it changes paging area.

paging cache

A cache maintained by some Cellular IP nodes, used to route packets to mobile hosts.

participating site

A site that supports a Microsoft Passport service.

Path setup messages

Messages established in certain routers for a mobile host.

Path setup schemes

The organization of when, how, and which routers are updated by path setup messages.

PayPal

An electronic payment system commonly used to transfer money over the Internet. The sender and recipient must both be

PayPal members, have an email address, and a credit card or bank account. PayPal is commonly used to settle purchases

made on Internet auction sites such as eBay.

PDU

Acronym for Protocol Data Unit. See APDU.

private-key encryption

Encryption where both parties share an encryption key, which is used both to encrypt and to decrypt the message.

proximity payments

Transactions that are conducted without having to manually swipe a card through a point-of-sale device. The user must be

within a specified range of the wireless-reading device. A number of wireless technologies are used for proximity payment

including: Bluetooth, contactless smart cards, dual interface cards, infrared and RFID.

public-key encryption

Encryption method that uses two keys – one to encrypt, and one to decrypt. The sender asks the receiver for the

encryption key, encrypts the message, and sends the encrypted message to the receiver. Only the receiver can then

decrypt the message.

QoS

Acronym for Quality of Service, the reliability of a protocol to transmit information to and from mobile hosts accurately

and in a timely fashion.

Quality of Service

See QoS.

regional registration

A process in Hierarchical Mobile IP where a mobile node reregisters with a GFA when it has changed base stations but

stayed under the same GFA.

registration

In Mobile IP a mobile node registers its care-of address with its home agent.

Remote Network Monitoring

See RMON.

replay attack

An attacker obtains and stores a copy of a legitimate registration request and replays it later to create a forged care-of

address for a mobile node.

replay protection

Used to prevent replay attacks, a mobile node produces a unique value for the Identification field for each successive

message. There are two methods used to interpret Identification fields – time stamp replay protection and nonce replay

protection.

RFC 1156

Describes the MIB for network management of TCP/IP-based internets.

RFID



Acronym for radio frequency identification technology, a data collection technology that uses electronic tags to store

identification data and a wireless transmitter or reader to capture it. RFID is commonly used in road tolling applications.

RMON

Abbreviation for Remote Network Monitoring, a standard MIB that defines current and historical data-link layer statistics

and control objects. It enables the retrieval of real-time information across an entire network.

RMON2

The latest version of RMON. This version provides information on network and application layer traffic.

router advertisement

A message sent by routers from each router interface advertising the address of that interface.

router solicitation

A message issued by hosts to ask for immediate router advertisements.

routing

A process of moving data from its source to its destination.

routing cache

A cache maintained by all Cellular IP nodes, used to route packets to mobile hosts.

SA

Abbreviation for subnet agent, a router that provides the mobile device with a care-of address in a foreign domain.

Secure Electronic Transaction

Transaction protocol created by a group of organizations to tackle security concerns in the area of credit card transactions.

It is modeled as a card-present transaction.

Secure Sockets Layer

See SSL.

SET

Acronym for Secure Electronic Transaction.

SetRequest

A PDU sent by an NMS to an agent to set variable values within a MIB.

Simple Network Management Protocol

See <a href="#"><span class="crossref">SNMP</span></a>.

single sign-on

Users create a single set of credentials – their Microsoft Passport username and password – that enable them to log into

any participating site.

single-use card

A temporary credit card. When a user buys online with a single-use credit card service, a single-use card number is

generated. The user can use this number to pay online without sending his or her actual credit card details over the

Internet. When the transaction is complete, this number is mapped back to the user's credit card and the relevant account

is then debited.

single-use card number

A unique, disposable account number (CPN) generated by a registered user of a single-use credit card service for an online

transaction.

smart card

A card that is similar to a magnetic stripe card but contains a microprocessor chip. There are three smart card types –

contact smart card, contactless smart card, and a hybrid or combi card.

SNMP

Abbreviation for Simple Network Management Protocol, the protocol used by application and agent to communicate with

each other in an RMON configuration.

SNMPv1

Simple Network Management Protocol version one.

SNMPv2

Simple Network Management Protocol version two.

SNMPv3

Simple Network Management Protocol version three.

Soft-state

Refers to memory cache in network devices that needs to be refreshed on a regular basis.



SSL

Abbreviation for Secure Sockets Layer, the standard protocol for authenticated and encrypted communication between

clients and servers. It is used to secure the tunnel for transactions between merchants and their customers.

string

In a programming language, any set of consecutive characters.

subnet agent.

See SA

SWIFT

Acronym for Society for Worldwide Interbank Financial Telecommunications, a global telecommunications network that

provides a strict message format for the exchange of financial information between financial institutions. Messages

automatically pass through electronic links built between SWIFT and the local electronic clearing systems in different

countries.

syntax

The structure of strings in a programming (or other) language.

TeleMIP

Acronym for Telecommunications-Enhanced Mobile IP architecture, a protocol that uses IDMP for managing intra-domain

mobility and Mobile IP for supporting global mobility.

timestamp replay protection

A method of replay protection. The node generating a message inserts its system clock time. The node receiving the

message compares this time stamp to its own current time.

TLS

Abbreviation for Transport Layer Security protocol, a protocol designed to secure client/server application communications

over the Internet.

token system

A category of electronic commerce in which the electronic data transferred has an intrinsic legal value. For example, if you

transferred $60 from one account to another, the electronic data representing that $60 is legally worth $60 in itself.

Transport Layer Security protocol

See TLS.

Trap

A PDU sent by an agent to a manager when a specified event has occurred that requires the manager's attention.

tunnel

The path followed by an encapsulated datagram.

Virtual PIN

An electronic payment system created by First Virtual Holdings. Payments were authorized by e-mail and the customer

included their Virtual PIN and transaction details in an e-mail to the merchant. The merchant sent these details to First

Virtual, who verified the transaction.



I. Quizzes’ Answers

i Answer

Any IP compliant media can support Mobile IP, and Mobile IP allows the mobile user to maintain connectivity when switching networks without changing their IP address. Option 1 is correct. Mobile IP is based on IP, which means it is scalable and therefore reduces resource requirements and costs. Option 2 is incorrect. IPv4 takes an IP address literally – a node needs to be in the actual physical location of its IP address. This is not altered by Mobile IP. Option 3 is correct. Because Mobile IP can relocate data to virtual IP addresses, it allows a mobile node to traverse different networks while all the time maintaining connectivity.

ii Answer

With Mobile IP, it is safe to roam between different networks when using remote login. Option 1 is incorrect. Mobile IP facilitates roaming within a single network type, but it also enables mobile nodes to roam to different network types without affecting connectivity. Option 2 is incorrect. Mobile IP is backward compatible; it allows mobile nodes to communicate with other nodes that have not implemented mobility functions. Option 3 is incorrect. Mobile IP performs its mobility functions at the network layer. It operates independently of layer 1 and 2. This means that wherever TCP/IP is used Mobile IP can be implemented. Option 4 is correct. Mobile IP enables remote login to maintain connectivity when roaming between networks. A drop in connectivity, which would happen if the mobile node was using only IPv4, would make the home network susceptible to such network attacks as session stealing.

iii Answer

The correspondent node does not need to know the mobile nodes location, and a foreign agent maintains the current location information of the mobile node. A mobile node can communicate with other Internet nodes regardless of location, and a home agent tunnels data to the mobile node when it is away from home. The correspondent node is the device with which the mobile node is communicating. It can be any network device from a printer to a server and can be stationary or mobile. The foreign agent stands on the foreign network that the mobile node has moved to. It acts as the point of contact for the mobile node's home agent and delivers data to the mobile node. The home agent is a router on the mobile nodes home network that tunnels data received from correspondent nodes to the mobile node. The mobile node's care-of address allows it to communicate with peer nodes regardless of location. Mobile nodes must be enabled for roaming in order to maintain network mobility.

iv Answer

A mobile node registers its new CCOA directly with the HA when it has established that it is on a foreign network and has acquired a CCOA. Option 1 is incorrect. For a mobile node to operate in a foreign network using Mobile IP, it must register with its home agent. If the mobile node was not supported by mobility services, there would be no address available to forward intended packets. Option 2 is correct. Once a mobile node has discovered that it is operating in a foreign network and it has acquired a CCOA, it registers directly with its HA. It does this by sending a registration request to the HA, which then sends a registration reply back to the mobile node. Option 3 is incorrect. The mobile node will only register with the HA via the FA when it uses a COA. It must do this because the COA is an IP address of the FA - this address is the address that the home agent will forward traffic to.

v Answer

When a mobile node registers indirectly with its HA, it has acquired its care-of address from an FA on its current network.



Option 1 is incorrect. HAs do not issue care-of addresses to mobile nodes for which they are acting as HAs. They do allocate care-of addresses to mobile nodes for which they act as foreign agents. Option 2 is correct. When a mobile node registers indirectly with its HA, it does this via the FA. This is because the mobile node has acquired the care-of address from the FA, from which the registration request is sent. Option 3 is incorrect. If a mobile node has acquired a care-of address through dynamic host configuration, it has a co-located care-of address. In this situation, mobile nodes register directly with the HA. Option 4 is incorrect. Mobile nodes that use a special permanent IP address reserved for use on foreign networks register directly with their HA. They do not need to send registration request via any intermediaries.

It is essential to note the difference between a care-of address (either COA or CCOA) and an FA. A care-of address is an endpoint for tunnelled datagrams to a mobile host. An FA is a mobility agent. The FA provides network services to mobile nodes on its network. It is possible to have more than one FA on a network. An FA is likely to be a router, but could be any network device capable of acting as a tunnel endpoint and sending agent advertisements.

vi Answer

The main advantage of using the CCOA mode of address acquisition is that the mobile node can function on a foreign network without an FA. Option 1 is incorrect. In CCOA mode, the assigned IP address can be used by only one mobile node at a time. This means there is a high demand for IPv4 addresses. In COA mode, there is less demand for IPv4 addresses. Option 2 is correct. CCOA mode has the advantage that it allows a mobile node to function without an FA.This is because it acquires its temporary address from means external to the foreign network or it uses a unique address it has permanently for operating away from its home domain. Option 3 is incorrect. In CCOA mode, the mobile node must register with the HA. Mobile nodes on foreign networks must register with their HA in order to receive any information sent to their home address.

vii Answer

When the laptop has established that it is in a foreign network, it acquires a COA from the agent advertisement message. Option 1 is incorrect. In order for data intended for the laptop to be tunnelled to the FA, it must first have acquired a COA and registered this with the HA. The data will then be tunnelled to the FA and forwarded on to the laptop. Option 2 is correct. The next step is for the laptop to acquire its COA address from the agent advertisement. The COA is the interface address of the foreign agent. Option 3 is incorrect. The laptop must first acquire the new address (COA) before registering it with the HA. It will then register with the HA via the FA. Option 4 is incorrect. The laptop must have a COA before it can send the registration request to the HA. If it sends a registration request to the HA without a COA, the HA will not know the new location of the laptop.

viii Answer

Agent discovery is used to determine whether a mobile node has moved from one network to another and to determine whether the node is in a home or foreign network. Option 1 is correct. Agent discovery is used to establish the location of the mobile host. If a mobile node is in its home network, it discovers this through agent advertisements from the home agent. If the mobile node is in a foreign network, it discovers this through foreign agent advertisements. Option 2 is correct. Agent discovery enables mobile nodes to establish whether they have moved networks. The mobile node establishes this through agent advertisements broadcast by routers on each network. Option 3 is incorrect. Mobile nodes register their location in the registration phase. This comes after agent discovery has taken place.

ix Answer

Agent advertisements are part of ICMP router advertisements in Mobile IP agent discovery. Mobile IP extends ICMP router discovery, and mobile nodes discover neighboring router addresses by listening for advertisements.



Option 1 is correct. An agent advertisement is formed by including a mobility agent advertisement extension in an ICMP router advertisement message. The agent advertisement is then included in the periodic router advertisements. Option 2 is incorrect. An agent solicitation differs from an ICMP router solicitation in one way – the IP TTL (time to live) must be set to 1. Option 3 is correct. Mobile IP extends ICMP router advertisements by combining agent advertisements with ICMP router advertisements, and agent solicitations with ICMP router solicitations. Option 4 is correct. Once the mobile node receives an agent advertisement, it can acquire a care-of address from the advertisement.

x Answer

HAs must always be prepared to serve the mobile nodes for which they are HAs. FAs can indicate that they are too busy to service additional mobile nodes. Option 1 is incorrect. HAs must always be prepared to serve mobile nodes for which they are an HA. FAs do not always need to be available to mobile nodes, but must continue to issue agent advertisements, even when busy. Option 2 is correct. FAs can indicate in their agent advertisements that they are too busy to serve any extra mobile nodes. But the FA must continue to send agent advertisements to ensure the nodes it does service know that the FA is functional and within range. Option 3 is incorrect. HAs must always be prepared to serve the mobile nodes for which they are HAs. But FAs can sometimes be too busy to provide services to visiting mobile nodes. Option 4 is correct. HAs must always be available to provide network services to mobile nodes for which they are HAs. This is to ensure mobility of all nodes on the network.

xi Answer

In lifetime move detection, mobile nodes use the information in the lifetime field of the ICMP router advertisement section of the agent advertisement. They must also record the lifetime of all foreign agents from which they have received agent advertisements. Option 1 is correct. In lifetime move detection, mobile nodes must record the lifetime of all foreign agents from which it has received an advertisement until their lifetimes have expired. Option 2 is incorrect. The lifetime move detection method does not use prefix-lengths extensions. These are used in an alternative method of movement detection. Option 3 is correct. In lifetime move detection, mobile nodes use the information in the lifetime field in the main body of the ICMP router advertisement section to detect when they have moved networks. Option 4 is incorrect. When the lifetime of the mobile node's foreign agent expires, the mobile node should immediately attempt to register with an agent from which it has already received an advertisement. The lifetime field of the new agent must still be valid at the time the mobile node attempts registration.

xii Answer

Mobile IP registration enables a mobile node to deregister when it returns to its home network, to inform its home agent of its care-of address, and to maintain multiple registrations simultaneously. Option 1 is correct. A mobile node should deregister only after the mobile node has received an agent advertisement from its own home agent indicating that it has returned home and it has reconfigured its routing table for the home network. Option 2 is correct. This can be a foreign agent's care-of address or a co-located care-of address. Option 3 is correct. This means that a copy of every datagram is tunnelled to each of the mobile node's care-of addresses. Option 4 is incorrect. With Mobile IP, the mobile node must retain its own IP address. A temporary care-of address is associated with the mobile node's IP address, making it appear as if it is still on the home network.

xiii Answer

Correct ranking

Option Description



C A registration request is sent to the foreign agent The mobile node sends the request to the foreign agent.

A The registration request is passed on to the home agent The foreign agent processes the request and forwards it to the home agent.

B The registration reply is sent to the foreign agent Sent by the home agent, the reply message outlines the status of the request and the lifetime granted.

D The registration reply is forwarded to the mobile node The foreign agent processes the reply and then passes it on to the mobile node. The lifetime granted by the home agent can sometimes be smaller than the original request.

xiv Answer

A mobile node can register via a foreign agent if it is registering using a foreign care-of address and if it is using a co-located care-of address and receives an advertisement from a foreign agent on this link with the 'R' bit set. Option 1 is incorrect. The mobile node must register or deregister directly with its home agent when it turns to its home network. Option 2 is correct. After processing the request, the home agent sends a registration reply to the foreign agent. The foreign agent then forwards the reply to the mobile node. Option 3 is incorrect. If a mobile node is using a co-located care-of address, it must register directly with its home agent. Option 4 is correct. The mobile node should register if the 'R' bit is set in the agent advertisement but only if the advertised foreign agent is on the same link as the mobile node.

xv Answer

A mobile node makes the registration request, the foreign agent relays the request, and the home agent receives the request. The mobile node plays an active role in Mobile IP registration. It sends requests directly or via a foreign agent to a home agent. A home agent plays a reactive role in Mobile IP registration, receiving requests either directly from a mobile node or via a foreign agent and sending the appropriate response. A foreign agent plays a passive role in Mobile IP registration, relaying requests from the mobile node to the home agent and returning the home agent's responses to these requests.

xvi Answer

A foreign agent must be configured with a care-of address, a home agent must be configured with the IP address of the home network, and a mobile node must be configured with its own IP address. The home agent must be configured with the home address and mobility security association of any mobile node it serves as a home agent. A mobile node must also be configured with a network mask and the mobility security association for each home agent. A foreign agent must also maintain a visitor list entry for each pending or current registration.

xvii Answer

The mobile node should register with a new foreign agent when the current registration lifetime has expired and when transport layer protocols indicate excessive transmissions. Option 1 is incorrect. It should not register with a new FA as long as it is still receiving agent advertisements from the foreign agent with which it is currently registered. Option 2 is correct. Alternatively, the mobile node can reregister with its existing foreign agent just before the registration lifetime expires. Option 3 is incorrect. A mobile node should not register with another foreign agent if it receives an ICMP redirect message. Option 4 is correct. Link-layer indications of changes in the point of attachment can indicate that the mobile node should register with another foreign agent.



xviii Answer Mobile nodes that are registered directly with their home network using a co-located care-of address can select the default router IP address from the list of router addresses given in the ICMP router advertisement portion of the agent advertisement message. The default router can also be the IP source address of the agent advertisement. Option 1 is correct. The router addresses advertised each have a preference level associated with them. The mobile node should choose the default router with the highest preference and a network address that matches its co-located care-of address. Option 2 is correct. The IP source address of the agent advertisement is considered the worst choice for a default router. Option 3 is incorrect. It need not select an address from those in the router advertisement. The advertisement may not contain an address that matches the network portion of the mobile node's care-of address.

xix Answer

The foreign agent should discard the datagram and not send an ICMP "destination unreachable" message. Option 1 is correct. If the mobile node isn't in the visitor list, the foreign agent should discard the datagram. Option 2 is incorrect. If the mobile node is not registered in the domain the foreign agent should not forward the datagram, as to do so may cause routing loops. Option 3 is incorrect. A foreign agent will only modify the header if it can forward the datagram. When a foreign agent can forward the datagram, it verifies the IP header checksum, decrements the IP time-to-live, recomputes the IP header checksum, and sends the datagram to the default router. Option 4 is correct. If the mobile node is not in the visitor list it may have moved to another foreign agent. Sending a "destination unreachable" message could prevent legitimate traffic from reaching its destination.

xx Answer

When a home agent receives a broadcast to a mobile node, it checks the visitor list if the node is away from home, and it can send to several FAs (multiple routers). Option 1 is correct. If multiple mobility bindings are supported, the home agent sends a copy to each care-of address in the mobile node's mobility binding list. Option 2 is correct. If a mobile node has no mobility bindings, the home agent assumes it is at home and forwards datagrams directly on the home network. Option 3 is incorrect. The home agent forwards broadcast messages to any mobile nodes in its mobility list that have requested this facility. Option 4 is incorrect. A home agent has a mobility list with the list of mobile nodes that are registered away from home.

xxi Answer

The IP address of the default router selected by the mobile node is 10.5.4.12. Option 1 is correct. A mobile node registered using a foreign agent care-of address must select a default router from the router IP addresses advertised in the ICMP router advertisement portion of the agent advertisement message. Option 2 is incorrect. If the ICMP router advertisement portion is empty, the source address of the agent advertisement can be selected as the default router. It is the least preferred option. Option 3 is incorrect. The mobile node ignores the ICMP router advertisement from 10.5.4.5 as it arrived after the ICMP router advertisement from 10.5.4.3 – the mobile node's foreign agent care-of address.

xxii Answer

Correct ranking

Option Description



D The laptop's home agent sends the datagram to the laptop's care-of address (10.5.4.3) The laptop's foreign agent care-of address (10.5.4.3) is the IP address of the router on the airplane.

C The datagram is sent to the airline headquarters, where it is forwarded to the aircraft's care-of address (188.1.6.10) The router at the airline's HQ is the aircraft's home agent. It intercepts and sends the datagram to the aircraft router's care-of address (a foreign agent on the ground).

A The aircraft's foreign agent care-of address (188.1.6.10) sends the datagram to the aircraft Before the aircraft's foreign agent (188.1.6.10) sends the datagram to the aircraft, it decapsulates the datagram. The datagram is still encapsulated with the destination address of the laptop's care-of address.

B The aircraft's router (10.5.4.3) decapsulates and sends the datagram to the laptop The aircraft's router has to decapsulate the datagram to get the destination address of the laptop's home address.

xxiii Answer

In this scenario, all datagrams from the home agent are decapsulated by the mobile node. The advertised router was not on the same subnet. Option 1 is incorrect. The foreign agent will decapsulate the datagram only if the datagram is addressed to it. In this case, the home agent will send datagrams directly to the mobile node. Option 2 is correct. The mobile node is using a co-located care-of address and the home agent will forward all traffic to this address. The default router does not decapsulate the datagrams, it merely forwards them. Option 3 is correct. The laptop is registered directly with its home agent using a co-located care-of address. If the laptop receives an agent advertisement that matches the network prefix of its care-of address, it can consider having that IP source address as a default router. Option 4 is incorrect. The laptop address (192.16.2.15) is using an address in the same subnet as the local router (192.16.2.1), therefore, it can register directly with its home agent using a co-located care-of address.

ip mobility concepts - study notes

Technology

mobile ip operation

development of mobile

mobile ip specifications

mobile ip network

mobile ip process

functions of agent discovery

g e i p

agent advertisements