summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3344.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc3344.txt')
-rw-r--r--doc/rfc/rfc3344.txt5547
1 files changed, 5547 insertions, 0 deletions
diff --git a/doc/rfc/rfc3344.txt b/doc/rfc/rfc3344.txt
new file mode 100644
index 0000000..43ebac9
--- /dev/null
+++ b/doc/rfc/rfc3344.txt
@@ -0,0 +1,5547 @@
+
+
+
+
+
+
+Network Working Group C. Perkins, Ed.
+Request for Comments: 3344 Nokia Research Center
+Obsoletes: 3220 August 2002
+Category: Standards Track
+
+
+ IP Mobility Support for IPv4
+
+Status of this Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
+
+Abstract
+
+ This document specifies protocol enhancements that allow transparent
+ routing of IP datagrams to mobile nodes in the Internet. Each mobile
+ node is always identified by its home address, regardless of its
+ current point of attachment to the Internet. While situated away
+ from its home, a mobile node is also associated with a care-of
+ address, which provides information about its current point of
+ attachment to the Internet. The protocol provides for registering
+ the care-of address with a home agent. The home agent sends
+ datagrams destined for the mobile node through a tunnel to the care-
+ of address. After arriving at the end of the tunnel, each datagram
+ is then delivered to the mobile node.
+
+Contents
+
+ 1. Introduction 3
+ 1.1. Protocol Requirements . . . . . . . . . . . . . . . . . 4
+ 1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . 4
+ 1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . 5
+ 1.4. Applicability . . . . . . . . . . . . . . . . . . . . . 5
+ 1.5. New Architectural Entities . . . . . . . . . . . . . . 5
+ 1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . 6
+ 1.7. Protocol Overview . . . . . . . . . . . . . . . . . . . 9
+ 1.8. Message Format and Protocol Extensibility . . . . . . . 13
+ 1.9. Type-Length-Value Extension Format for Mobile IP
+ Extensions . . . . . . . . . . . . . . . . . . . . . 15
+ 1.10. Long Extension Format . . . . . . . . . . . . . . . . . 16
+
+
+
+Perkins Standards Track [Page 1]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ 1.11. Short Extension Format . . . . . . . . . . . . . . . . 16
+ 2. Agent Discovery 17
+ 2.1. Agent Advertisement . . . . . . . . . . . . . . . . . . 18
+ 2.1.1. Mobility Agent Advertisement Extension . . . . 20
+ 2.1.2. Prefix-Lengths Extension . . . . . . . . . . . 22
+ 2.1.3. One-byte Padding Extension . . . . . . . . . . 22
+ 2.2. Agent Solicitation . . . . . . . . . . . . . . . . . . 23
+ 2.3. Foreign Agent and Home Agent Considerations . . . . . . 23
+ 2.3.1. Advertised Router Addresses . . . . . . . . . . 24
+ 2.3.2. Sequence Numbers and Rollover Handling . . . . 24
+ 2.4. Mobile Node Considerations . . . . . . . . . . . . . . 25
+ 2.4.1. Registration Required . . . . . . . . . . . . . 26
+ 2.4.2. Move Detection . . . . . . . . . . . . . . . . 26
+ 2.4.3. Returning Home . . . . . . . . . . . . . . . . 27
+ 2.4.4. Sequence Numbers and Rollover Handling . . . . 28
+ 3. Registration 28
+ 3.1. Registration Overview . . . . . . . . . . . . . . . . . 29
+ 3.2. Authentication . . . . . . . . . . . . . . . . . . . . 30
+ 3.3. Registration Request . . . . . . . . . . . . . . . . . 30
+ 3.4. Registration Reply . . . . . . . . . . . . . . . . . . 33
+ 3.5. Registration Extensions . . . . . . . . . . . . . . . . 36
+ 3.5.1. Computing Authentication Extension Values . . . 36
+ 3.5.2. Mobile-Home Authentication Extension . . . . . 37
+ 3.5.3. Mobile-Foreign Authentication Extension . . . . 37
+ 3.5.4. Foreign-Home Authentication Extension . . . . . 38
+ 3.6. Mobile Node Considerations . . . . . . . . . . . . . . 38
+ 3.6.1. Sending Registration Requests . . . . . . . . . 40
+ 3.6.2. Receiving Registration Replies . . . . . . . . 44
+ 3.6.3. Registration Retransmission . . . . . . . . . . 47
+ 3.7. Foreign Agent Considerations . . . . . . . . . . . . . 47
+ 3.7.1. Configuration and Registration Tables . . . . . 48
+ 3.7.2. Receiving Registration Requests . . . . . . . . 49
+ 3.7.3. Receiving Registration Replies . . . . . . . . 52
+ 3.8. Home Agent Considerations . . . . . . . . . . . . . . . 54
+ 3.8.1. Configuration and Registration Tables . . . . . 55
+ 3.8.2. Receiving Registration Requests . . . . . . . . 56
+ 3.8.3. Sending Registration Replies . . . . . . . . . 59
+ 4. Routing Considerations 62
+ 4.1. Encapsulation Types . . . . . . . . . . . . . . . . . . 62
+ 4.2. Unicast Datagram Routing . . . . . . . . . . . . . . . 62
+ 4.2.1. Mobile Node Considerations . . . . . . . . . . 62
+ 4.2.2. Foreign Agent Considerations . . . . . . . . . 63
+ 4.2.3. Home Agent Considerations . . . . . . . . . . . 64
+ 4.3. Broadcast Datagrams . . . . . . . . . . . . . . . . . . 66
+ 4.4. Multicast Datagram Routing . . . . . . . . . . . . . . 66
+ 4.5. Mobile Routers . . . . . . . . . . . . . . . . . . . . 67
+ 4.6. ARP, Proxy ARP, and Gratuitous ARP . . . . . . . . . . 69
+ 5. Security Considerations 73
+
+
+
+Perkins Standards Track [Page 2]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ 5.1. Message Authentication Codes . . . . . . . . . . . . . 73
+ 5.2. Areas of Security Concern in this Protocol . . . . . . 73
+ 5.3. Key Management . . . . . . . . . . . . . . . . . . . . 74
+ 5.4. Picking Good Random Numbers . . . . . . . . . . . . . . 74
+ 5.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . 74
+ 5.6. Ingress Filtering . . . . . . . . . . . . . . . . . . . 75
+ 5.7. Replay Protection for Registration Requests . . . . . . 75
+ 5.7.1. Replay Protection using Timestamps . . . . . . 75
+ 5.7.2. Replay Protection using Nonces . . . . . . . . 77
+ 6. IANA Considerations 77
+ 6.1. Mobile IP Message Types . . . . . . . . . . . . . . . . 78
+ 6.2. Extensions to RFC 1256 Router Advertisement . . . . . . 78
+ 6.3. Extensions to Mobile IP Registration Messages . . . . . 79
+ 6.4. Code Values for Mobile IP Registration Reply
+ Messages. . . . . . . . . . . . . . . . . . . . . . 79
+ 7. Acknowledgments 80
+ A. Patent Issues 82
+ B. Link-Layer Considerations 82
+ C. TCP Considerations 83
+ C.1. TCP Timers . . . . . . . . . . . . . . . . . . . . . . 83
+ C.2. TCP Congestion Management . . . . . . . . . . . . . . . 83
+ D. Example Scenarios 84
+ D.1. Registering with a Foreign Agent Care-of Address . . . 84
+ D.2. Registering with a Co-Located Care-of Address . . . . . 84
+ D.3. Deregistration . . . . . . . . . . . . . . . . . . . . 85
+ E. Applicability of Prefix-Lengths Extension 86
+ F. Interoperability Considerations 86
+ G. Changes since RFC 2002 87
+ G.1. Major Changes . . . . . . . . . . . . . . . . . . . . . 87
+ G.2. Minor Changes . . . . . . . . . . . . . . . . . . . . . 89
+ G.3. Changes since revision 04 of RFC2002bis . . . . . . . . 91
+ H. Example Messages 92
+ H.1. Example ICMP Agent Advertisement Message Format . . . . 92
+ H.2. Example Registration Request Message Format . . . . . . 93
+ H.3. Example Registration Reply Message Format . . . . . . . 94
+ References . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98
+ Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 99
+
+1. Introduction
+
+ IP version 4 assumes that a node's IP address uniquely identifies the
+ node's point of attachment to the Internet. Therefore, a node must
+ be located on the network indicated by its IP address in order to
+ receive datagrams destined to it; otherwise, datagrams destined to
+ the node would be undeliverable. For a node to change its point of
+ attachment without losing its ability to communicate, currently one
+ of the two following mechanisms must typically be employed:
+
+
+
+Perkins Standards Track [Page 3]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ a) the node must change its IP address whenever it changes its
+ point of attachment, or
+
+ b) host-specific routes must be propagated throughout much of the
+ Internet routing fabric.
+
+ Both of these alternatives are often unacceptable. The first makes
+ it impossible for a node to maintain transport and higher-layer
+ connections when the node changes location. The second has obvious
+ and severe scaling problems, especially relevant considering the
+ explosive growth in sales of notebook (mobile) computers.
+
+ A new, scalable, mechanism is required for accommodating node
+ mobility within the Internet. This document defines such a
+ mechanism, which enables nodes to change their point of attachment to
+ the Internet without changing their IP address.
+
+ Changes between this revised specification for Mobile IP and the
+ original specifications (see [33, 32, 34, 43, 8]) are detailed in the
+ appendix section G.
+
+1.1. Protocol Requirements
+
+ A mobile node must be able to communicate with other nodes after
+ changing its link-layer point of attachment to the Internet, yet
+ without changing its IP address.
+
+ A mobile node must be able to communicate with other nodes that do
+ not implement these mobility functions. No protocol enhancements are
+ required in hosts or routers that are not acting as any of the new
+ architectural entities introduced in Section 1.5.
+
+ All messages used to update another node as to the location of a
+ mobile node must be authenticated in order to protect against remote
+ redirection attacks.
+
+1.2. Goals
+
+ The link by which a mobile node is directly attached to the Internet
+ may often be a wireless link. This link may thus have a
+ substantially lower bandwidth and higher error rate than traditional
+ wired networks. Moreover, mobile nodes are likely to be battery
+ powered, and minimizing power consumption is important. Therefore,
+ the number of administrative messages sent over the link by which a
+ mobile node is directly attached to the Internet should be minimized,
+ and the size of these messages should be kept as small as is
+ reasonably possible.
+
+
+
+
+Perkins Standards Track [Page 4]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+1.3. Assumptions
+
+ The protocols defined in this document place no additional
+ constraints on the assignment of IP addresses. That is, a mobile
+ node can be assigned an IP address by the organization that owns the
+ machine.
+
+ This protocol assumes that mobile nodes will generally not change
+ their point of attachment to the Internet more frequently than once
+ per second.
+
+ This protocol assumes that IP unicast datagrams are routed based on
+ the destination address in the datagram header (and not, for example,
+ by source address).
+
+1.4. Applicability
+
+ Mobile IP is intended to enable nodes to move from one IP subnet to
+ another. It is just as suitable for mobility across homogeneous
+ media as it is for mobility across heterogeneous media. That is,
+ Mobile IP facilitates node movement from one Ethernet segment to
+ another as well as it accommodates node movement from an Ethernet
+ segment to a wireless LAN, as long as the mobile node's IP address
+ remains the same after such a movement.
+
+ One can think of Mobile IP as solving the "macro" mobility management
+ problem. It is less well suited for more "micro" mobility management
+ applications -- for example, handoff amongst wireless transceivers,
+ each of which covers only a very small geographic area. As long as
+ node movement does not occur between points of attachment on
+ different IP subnets, link-layer mechanisms for mobility (i.e.,
+ link-layer handoff) may offer faster convergence and far less
+ overhead than Mobile IP.
+
+1.5. New Architectural Entities
+
+ Mobile IP introduces the following new functional entities:
+
+ Mobile Node
+
+ A host or router that changes its point of attachment from one
+ network or subnetwork to another. A mobile node may change its
+ location without changing its IP address; it may continue to
+ communicate with other Internet nodes at any location using its
+ (constant) IP address, assuming link-layer connectivity to a
+ point of attachment is available.
+
+
+
+
+
+Perkins Standards Track [Page 5]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Home Agent
+
+ A router on a mobile node's home network which tunnels
+ datagrams for delivery to the mobile node when it is away from
+ home, and maintains current location information for the mobile
+ node.
+
+ Foreign Agent
+
+ A router on a mobile node's visited network which provides
+ routing services to the mobile node while registered. The
+ foreign agent detunnels and delivers datagrams to the mobile
+ node that were tunneled by the mobile node's home agent. For
+ datagrams sent by a mobile node, the foreign agent may serve as
+ a default router for registered mobile nodes.
+
+ A mobile node is given a long-term IP address on a home network.
+ This home address is administered in the same way as a "permanent" IP
+ address is provided to a stationary host. When away from its home
+ network, a "care-of address" is associated with the mobile node and
+ reflects the mobile node's current point of attachment. The mobile
+ node uses its home address as the source address of all IP datagrams
+ that it sends, except where otherwise described in this document for
+ datagrams sent for certain mobility management functions (e.g., as in
+ Section 3.6.1.1).
+
+1.6. Terminology
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC 2119 [4].
+
+ In addition, this document frequently uses the following terms:
+
+ Authorization-enabling extension
+
+ An authentication which makes a (registration) message
+ acceptable to the ultimate recipient of the registration
+ message. An authorization-enabling extension MUST contain
+ an SPI.
+
+ In this document, all uses of authorization-enabling
+ extension refer to authentication extensions that enable the
+ Registration Request message to be acceptable to the home
+ agent. Using additional protocol structures specified
+ outside of this document, it may be possible for the mobile
+ node to provide authentication of its registration to the
+
+
+
+
+Perkins Standards Track [Page 6]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ home agent, by way of another authenticating entity within
+ the network that is acceptable to the home agent (for
+ example, see RFC 2794 [6]).
+
+ Agent Advertisement
+
+ An advertisement message constructed by attaching a special
+ Extension to a router advertisement [10] message.
+
+ Authentication
+
+ The process of verifying (using cryptographic techniques,
+ for all applications in this specification) the identity of
+ the originator of a message.
+
+ Care-of Address
+
+ The termination point of a tunnel toward a mobile node, for
+ datagrams forwarded to the mobile node while it is away from
+ home. The protocol can use two different types of care-of
+ address: a "foreign agent care-of address" is an address of
+ a foreign agent with which the mobile node is registered,
+ and a "co-located care-of address" is an externally obtained
+ local address which the mobile node has associated with one
+ of its own network interfaces.
+
+ Correspondent Node
+
+ A peer with which a mobile node is communicating. A
+ correspondent node may be either mobile or stationary.
+
+ Foreign Network
+
+ Any network other than the mobile node's Home Network.
+
+ Gratuitous ARP
+
+ An ARP packet sent by a node in order to spontaneously cause
+ other nodes to update an entry in their ARP cache [45]. See
+ section 4.6.
+
+ Home Address
+
+ An IP address that is assigned for an extended period of
+ time to a mobile node. It remains unchanged regardless of
+ where the node is attached to the Internet.
+
+
+
+
+
+Perkins Standards Track [Page 7]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Home Network
+
+ A network, possibly virtual, having a network prefix
+ matching that of a mobile node's home address. Note that
+ standard IP routing mechanisms will deliver datagrams
+ destined to a mobile node's Home Address to the mobile
+ node's Home Network.
+
+ Link
+
+ A facility or medium over which nodes can communicate at the
+ link layer. A link underlies the network layer.
+
+ Link-Layer Address
+
+ The address used to identify an endpoint of some
+ communication over a physical link. Typically, the Link-
+ Layer address is an interface's Media Access Control (MAC)
+ address.
+
+ Mobility Agent
+
+ Either a home agent or a foreign agent.
+
+ Mobility Binding
+
+ The association of a home address with a care-of address,
+ along with the remaining lifetime of that association.
+
+ Mobility Security Association
+
+ A collection of security contexts, between a pair of nodes,
+ which may be applied to Mobile IP protocol messages
+ exchanged between them. Each context indicates an
+ authentication algorithm and mode (Section 5.1), a secret (a
+ shared key, or appropriate public/private key pair), and a
+ style of replay protection in use (Section 5.7).
+
+ Node
+
+ A host or a router.
+
+ Nonce
+
+ A randomly chosen value, different from previous choices,
+ inserted in a message to protect against replays.
+
+
+
+
+
+Perkins Standards Track [Page 8]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Security Parameter Index (SPI)
+
+ An index identifying a security context between a pair of
+ nodes among the contexts available in the Mobility Security
+ Association. SPI values 0 through 255 are reserved and MUST
+ NOT be used in any Mobility Security Association.
+
+ Tunnel
+
+ The path followed by a datagram while it is encapsulated.
+ The model is that, while it is encapsulated, a datagram is
+ routed to a knowledgeable decapsulating agent, which
+ decapsulates the datagram and then correctly delivers it to
+ its ultimate destination.
+
+ Virtual Network
+
+ A network with no physical instantiation beyond a router
+ (with a physical network interface on another network). The
+ router (e.g., a home agent) generally advertises
+ reachability to the virtual network using conventional
+ routing protocols.
+
+ Visited Network
+
+ A network other than a mobile node's Home Network, to which
+ the mobile node is currently connected.
+
+ Visitor List
+
+ The list of mobile nodes visiting a foreign agent.
+
+1.7. Protocol Overview
+
+ The following support services are defined for Mobile IP:
+
+ Agent Discovery
+
+ Home agents and foreign agents may advertise their
+ availability on each link for which they provide service. A
+ newly arrived mobile node can send a solicitation on the
+ link to learn if any prospective agents are present.
+
+ Registration
+
+ When the mobile node is away from home, it registers its
+ care-of address with its home agent. Depending on its
+ method of attachment, the mobile node will register either
+
+
+
+Perkins Standards Track [Page 9]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ directly with its home agent, or through a foreign agent
+ which forwards the registration to the home agent.
+
+ silently discard
+
+ The implementation discards the datagram without further
+ processing, and without indicating an error to the sender.
+ The implementation SHOULD provide the capability of logging
+ the error, including the contents of the discarded datagram,
+ and SHOULD record the event in a statistics counter.
+
+ The following steps provide a rough outline of operation of the
+ Mobile IP protocol:
+
+ - Mobility agents (i.e., foreign agents and home agents)
+ advertise their presence via Agent Advertisement messages
+ (Section 2). A mobile node may optionally solicit an Agent
+ Advertisement message from any locally attached mobility agents
+ through an Agent Solicitation message.
+
+ - A mobile node receives these Agent Advertisements and
+ determines whether it is on its home network or a foreign
+ network.
+
+ - When the mobile node detects that it is located on its home
+ network, it operates without mobility services. If returning
+ to its home network from being registered elsewhere, the mobile
+ node deregisters with its home agent, through exchange of a
+ Registration Request and Registration Reply message with it.
+
+ - When a mobile node detects that it has moved to a foreign
+ network, it obtains a care-of address on the foreign network.
+ The care-of address can either be determined from a foreign
+ agent's advertisements (a foreign agent care-of address), or by
+ some external assignment mechanism such as DHCP [13] (a co-
+ located care-of address).
+
+ - The mobile node operating away from home then registers its new
+ care-of address with its home agent through exchange of a
+ Registration Request and Registration Reply message with it,
+ possibly via a foreign agent (Section 3).
+
+ - Datagrams sent to the mobile node's home address are
+ intercepted by its home agent, tunneled by the home agent to
+ the mobile node's care-of address, received at the tunnel
+ endpoint (either at a foreign agent or at the mobile node
+ itself), and finally delivered to the mobile node (Section
+ 4.2.3).
+
+
+
+Perkins Standards Track [Page 10]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - In the reverse direction, datagrams sent by the mobile node are
+ generally delivered to their destination using standard IP
+ routing mechanisms, not necessarily passing through the home
+ agent.
+
+ When away from home, Mobile IP uses protocol tunneling to hide a
+ mobile node's home address from intervening routers between its home
+ network and its current location. The tunnel terminates at the
+ mobile node's care-of address. The care-of address must be an
+ address to which datagrams can be delivered via conventional IP
+ routing. At the care-of address, the original datagram is removed
+ from the tunnel and delivered to the mobile node.
+
+ Mobile IP provides two alternative modes for the acquisition of a
+ care-of address:
+
+ a) A "foreign agent care-of address" is a care-of address provided
+ by a foreign agent through its Agent Advertisement messages.
+ In this case, the care-of address is an IP address of the
+ foreign agent. In this mode, the foreign agent is the endpoint
+ of the tunnel and, upon receiving tunneled datagrams,
+ decapsulates them and delivers the inner datagram to the mobile
+ node. This mode of acquisition is preferred because it allows
+ many mobile nodes to share the same care-of address and
+ therefore does not place unnecessary demands on the already
+ limited IPv4 address space.
+
+ b) A "co-located care-of address" is a care-of address acquired by
+ the mobile node as a local IP address through some external
+ means, which the mobile node then associates with one of its
+ own network interfaces. The address may be dynamically
+ acquired as a temporary address by the mobile node such as
+ through DHCP [13], or may be owned by the mobile node as a
+ long-term address for its use only while visiting some foreign
+ network. Specific external methods of acquiring a local IP
+ address for use as a co-located care-of address are beyond the
+ scope of this document. When using a co-located care-of
+ address, the mobile node serves as the endpoint of the tunnel
+ and itself performs decapsulation of the datagrams tunneled to
+ it.
+
+ The mode of using a co-located care-of address has the advantage that
+ it allows a mobile node to function without a foreign agent, for
+ example, in networks that have not yet deployed a foreign agent. It
+ does, however, place additional burden on the IPv4 address space
+ because it requires a pool of addresses within the foreign network to
+
+
+
+
+
+Perkins Standards Track [Page 11]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ be made available to visiting mobile nodes. It is difficult to
+ efficiently maintain pools of addresses for each subnet that may
+ permit mobile nodes to visit.
+
+ It is important to understand the distinction between the care-of
+ address and the foreign agent functions. The care-of address is
+ simply the endpoint of the tunnel. It might indeed be an address of
+ a foreign agent (a foreign agent care-of address), but it might
+ instead be an address temporarily acquired by the mobile node (a co-
+ located care-of address). A foreign agent, on the other hand, is a
+ mobility agent that provides services to mobile nodes. See Sections
+ 3.7 and 4.2.2 for additional details.
+
+ For example, figure 1 illustrates the routing of datagrams to and
+ from a mobile node away from home, once the mobile node has
+ registered with its home agent. In figure 1, the mobile node is
+ using a foreign agent care-of address, not a co-located care-of
+ address.
+
+ 2) Datagram is intercepted 3) Datagram is
+ by home agent and detunneled and
+ is tunneled to the delivered to the
+ care-of address. mobile node.
+
+ +-----+ +-------+ +------+
+ |home | =======> |foreign| ------> |mobile|
+ |agent| | agent | <------ | node |
+ +-----+ +-------+ +------+
+ 1) Datagram to /|\ /
+ mobile node | / 4) For datagrams sent by the
+ arrives on | / mobile node, standard IP
+ home network | / routing delivers each to its
+ via standard | |_ destination. In this figure,
+ IP routing. +----+ the foreign agent is the
+ |host| mobile node's default router.
+ +----+
+
+ Figure 1: Operation of Mobile IPv4
+
+ A home agent MUST be able to attract and intercept datagrams that are
+ destined to the home address of any of its registered mobile nodes.
+ Using the proxy and gratuitous ARP mechanisms described in Section
+ 4.6, this requirement can be satisfied if the home agent has a
+ network interface on the link indicated by the mobile node's home
+ address. Other placements of the home agent relative to the mobile
+ node's home location MAY also be possible using other mechanisms for
+ intercepting datagrams destined to the mobile node's home address.
+ Such placements are beyond the scope of this document.
+
+
+
+Perkins Standards Track [Page 12]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Similarly, a mobile node and a prospective or current foreign agent
+ MUST be able to exchange datagrams without relying on standard IP
+ routing mechanisms; that is, those mechanisms which make forwarding
+ decisions based upon the network-prefix of the destination address in
+ the IP header. This requirement can be satisfied if the foreign
+ agent and the visiting mobile node have an interface on the same
+ link. In this case, the mobile node and foreign agent simply bypass
+ their normal IP routing mechanism when sending datagrams to each
+ other, addressing the underlying link-layer packets to their
+ respective link-layer addresses. Other placements of the foreign
+ agent relative to the mobile node MAY also be possible using other
+ mechanisms to exchange datagrams between these nodes, but such
+ placements are beyond the scope of this document.
+
+ If a mobile node is using a co-located care-of address (as described
+ in (b) above), the mobile node MUST be located on the link identified
+ by the network prefix of this care-of address. Otherwise, datagrams
+ destined to the care-of address would be undeliverable.
+
+1.8. Message Format and Protocol Extensibility
+
+ Mobile IP defines a set of new control messages, sent with UDP [37]
+ using well-known port number 434. The following two message types
+ are defined in this document:
+
+ 1 Registration Request
+ 3 Registration Reply
+
+ Up-to-date values for the message types for Mobile IP control
+ messages are specified in the most recent "Assigned Numbers" [40].
+
+ In addition, for Agent Discovery, Mobile IP makes use of the
+ existing Router Advertisement and Router Solicitation messages
+ defined for ICMP Router Discovery [10].
+
+ Mobile IP defines a general Extension mechanism to allow optional
+ information to be carried by Mobile IP control messages or by ICMP
+ Router Discovery messages. Some extensions have been specified to
+ be encoded in the simple Type-Length-Value format described in
+ Section 1.9.
+
+ Extensions allow variable amounts of information to be carried
+ within each datagram. The end of the list of Extensions is
+ indicated by the total length of the IP datagram.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 13]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Two separately maintained sets of numbering spaces, from which
+ Extension Type values are allocated, are used in Mobile IP:
+
+ - The first set consists of those Extensions which may appear
+ only in Mobile IP control messages (those sent to and from UDP
+ port number 434). In this document, the following Types are
+ defined for Extensions appearing in Mobile IP control messages:
+
+ 32 Mobile-Home Authentication
+ 33 Mobile-Foreign Authentication
+ 34 Foreign-Home Authentication
+
+ - The second set consists of those extensions which may appear
+ only in ICMP Router Discovery messages [10]. In this document,
+ the following Types are defined for Extensions appearing in
+ ICMP Router Discovery messages:
+
+ 0 One-byte Padding (encoded with no Length nor Data field)
+ 16 Mobility Agent Advertisement
+ 19 Prefix-Lengths
+
+ Each individual Extension is described in detail in a separate
+ section later in this document. Up-to-date values for these
+ Extension Type numbers are specified in the most recent "Assigned
+ Numbers" [40].
+
+ Due to the separation (orthogonality) of these sets, it is
+ conceivable that two Extensions that are defined at a later date
+ could have identical Type values, so long as one of the Extensions
+ may be used only in Mobile IP control messages and the other may be
+ used only in ICMP Router Discovery messages.
+
+ The type field in the Mobile IP extension structure can support up to
+ 255 (skippable and not skippable) uniquely identifiable extensions.
+ When an Extension numbered in either of these sets within the range 0
+ through 127 is encountered but not recognized, the message containing
+ that Extension MUST be silently discarded. When an Extension
+ numbered in the range 128 through 255 is encountered which is not
+ recognized, that particular Extension is ignored, but the rest of the
+ Extensions and message data MUST still be processed. The Length
+ field of the Extension is used to skip the Data field in searching
+ for the next Extension.
+
+ Unless additional structure is utilized for the extension types, new
+ developments or additions to Mobile IP might require so many new
+ extensions that the available space for extension types might run
+ out. Two new extension structures are proposed to solve this
+ problem. Certain types of extensions can be aggregated, using
+
+
+
+Perkins Standards Track [Page 14]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ subtypes to identify the precise extension, for example as has been
+ done with the Generic Authentication Keys extensions [35]. In many
+ cases, this may reduce the rate of allocation for new values of the
+ type field.
+
+ Since the new extension structures will cause an efficient usage of
+ the extension type space, it is recommended that new Mobile IP
+ extensions follow one of the two new extension formats whenever there
+ may be the possibility to group related extensions together.
+
+ The following subsections provide details about three distinct
+ structures for Mobile IP extensions:
+
+ - The simple extension format
+ - The long extension format
+ - The short extension format
+
+1.9. Type-Length-Value Extension Format for Mobile IP Extensions
+
+ The Type-Length-Value format illustrated in figure 2 is used for
+ extensions which are specified in this document. Since this simple
+ extension structure does not encourage the most efficient usage of
+ the extension type space, it is recommended that new Mobile IP
+ extensions follow one of the two new extension formats specified in
+ sections 1.10 or 1.11 whenever there may be the possibility to group
+ related extensions together.
+
+ 0 1 2
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+ | Type | Length | Data ...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+
+ Figure 2: Type-Length-Value extension format for Mobile IPv4
+
+ Type Indicates the particular type of Extension.
+
+ Length Indicates the length (in bytes) of the data field within
+ this Extension. The length does NOT include the Type and
+ Length bytes.
+
+ Data The particular data associated with this Extension. This
+ field may be zero or more bytes in length. The format
+ and length of the data field is determined by the type
+ and length fields.
+
+
+
+
+
+
+Perkins Standards Track [Page 15]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+1.10. Long Extension Format
+
+ This format is applicable for non-skippable extensions which carry
+ information more than 256 bytes.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Sub-Type | Length |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Data .....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ The Long Extension format requires that the following fields be
+ specified as the first fields of the extension.
+
+ Type is the type, which describes a collection of extensions
+ having a common data type.
+
+ Sub-Type is a unique number given to each member in the aggregated
+ type.
+
+ Length indicates the length (in bytes) of the data field within
+ this Extension. It does NOT include the Type, Length and
+ Sub-Type bytes.
+
+ Data is the data associated with the subtype of this
+ extension. This specification does not place any
+ additional structure on the subtype data.
+
+ Since the length field is 16 bits wide, a the extension data can
+ exceed 256 bytes in length.
+
+1.11. Short Extension Format
+
+ This format is compatible with the skippable extensions defined in
+ section 1.9. It is not applicable for extensions which require more
+ than 256 bytes of data; for such extensions, use the format described
+ in section 1.10.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Sub-Type | Data ....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ The Short Extension format requires that the following fields be
+ specified as the first fields of the extension:
+
+
+
+Perkins Standards Track [Page 16]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Type is the type, which describes a collection of extensions
+ having a common data type.
+
+ Sub-Type is a unique number given to each member in the aggregated
+ type.
+
+ Length 8-bit unsigned integer. Length of the extension, in
+ bytes, excluding the extension Type and the extension
+ Length fields. This field MUST be set to 1 plus the
+ total length of the data field.
+
+ Data is the data associated with this extension. This
+ specification does not place any additional structure on
+ the subtype data.
+
+2. Agent Discovery
+
+ Agent Discovery is the method by which a mobile node determines
+ whether it is currently connected to its home network or to a foreign
+ network, and by which a mobile node can detect when it has moved from
+ one network to another. When connected to a foreign network, the
+ methods specified in this section also allow the mobile node to
+ determine the foreign agent care-of address being offered by each
+ foreign agent on that network.
+
+ Mobile IP extends ICMP Router Discovery [10] as its primary mechanism
+ for Agent Discovery. An Agent Advertisement is formed by including a
+ Mobility Agent Advertisement Extension in an ICMP Router
+ Advertisement message (Section 2.1). An Agent Solicitation message
+ is identical to an ICMP Router Solicitation, except that its IP TTL
+ MUST be set to 1 (Section 2.2). This section describes the message
+ formats and procedures by which mobile nodes, foreign agents, and
+ home agents cooperate to realize Agent Discovery.
+
+ Agent Advertisement and Agent Solicitation may not be necessary for
+ link layers that already provide this functionality. The method by
+ which mobile nodes establish link-layer connections with prospective
+ agents is outside the scope of this document (but see Appendix B).
+ The procedures described below assume that such link-layer
+ connectivity has already been established.
+
+ No authentication is required for Agent Advertisement and Agent
+ Solicitation messages. They MAY be authenticated using the IP
+ Authentication Header [22], which is unrelated to the messages
+ described in this document. Further specification of the way in
+ which Advertisement and Solicitation messages may be authenticated is
+ outside of the scope of this document.
+
+
+
+
+Perkins Standards Track [Page 17]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+2.1. Agent Advertisement
+
+ Agent Advertisements are transmitted by a mobility agent to advertise
+ its services on a link. Mobile nodes use these advertisements to
+ determine their current point of attachment to the Internet. An
+ Agent Advertisement is an ICMP Router Advertisement that has been
+ extended to also carry an Mobility Agent Advertisement Extension
+ (Section 2.1.1) and, optionally, a Prefix-Lengths Extension (Section
+ 2.1.2), One-byte Padding Extension (Section 2.1.3), or other
+ Extensions that might be defined in the future.
+
+ Within an Agent Advertisement message, ICMP Router Advertisement
+ fields of the message are required to conform to the following
+ additional specifications:
+
+ - Link-Layer Fields
+
+ Destination Address
+
+ The link-layer destination address of a unicast Agent
+ Advertisement MUST be the same as the source link-layer
+ address of the Agent Solicitation which prompted the
+ Advertisement.
+
+ - IP Fields
+
+ TTL The TTL for all Agent Advertisements MUST be set
+ to 1.
+
+ Destination Address
+
+ As specified for ICMP Router Discovery [10], the IP
+ destination address of an multicast Agent Advertisement
+ MUST be either the "all systems on this link" multicast
+ address (224.0.0.1) [11] or the "limited broadcast"
+ address (255.255.255.255). The subnet-directed broadcast
+ address of the form <prefix>.<-1> cannot be used since
+ mobile nodes will not generally know the prefix of the
+ foreign network. When the Agent Advertisement is unicast
+ to a mobile node, the IP home address of the mobile node
+ SHOULD be used as the Destination Address.
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 18]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - ICMP Fields
+
+ Code The Code field of the agent advertisement is
+ interpreted as follows:
+
+ 0 The mobility agent handles common traffic -- that
+ is, it acts as a router for IP datagrams not
+ necessarily related to mobile nodes.
+ 16 The mobility agent does not route common traffic.
+ However, all foreign agents MUST (minimally)
+ forward to a default router any datagrams received
+ from a registered mobile node (Section 4.2.2).
+
+ Lifetime
+
+ The maximum length of time that the Advertisement is
+ considered valid in the absence of further
+ Advertisements.
+
+ Router Address(es)
+
+ See Section 2.3.1 for a discussion of the addresses that
+ may appear in this portion of the Agent Advertisement.
+
+ Num Addrs
+
+ The number of Router Addresses advertised in this
+ message. Note that in an Agent Advertisement message,
+ the number of router addresses specified in the ICMP
+ Router Advertisement portion of the message MAY be set to
+ 0. See Section 2.3.1 for details.
+
+ If sent periodically, the nominal interval at which Agent
+ Advertisements are sent SHOULD be no longer than 1/3 of the
+ advertisement Lifetime given in the ICMP header. This interval MAY
+ be shorter than 1/3 the advertised Lifetime. This allows a mobile
+ node to miss three successive advertisements before deleting the
+ agent from its list of valid agents. The actual transmission time
+ for each advertisement SHOULD be slightly randomized [10] in order to
+ avoid synchronization and subsequent collisions with other Agent
+
+ Advertisements that may be sent by other agents (or with other Router
+ Advertisements sent by other routers). Note that this field has no
+ relation to the "Registration Lifetime" field within the Mobility
+ Agent Advertisement Extension defined below.
+
+
+
+
+
+
+Perkins Standards Track [Page 19]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+2.1.1. Mobility Agent Advertisement Extension
+
+ The Mobility Agent Advertisement Extension follows the ICMP Router
+ Advertisement fields. It is used to indicate that an ICMP Router
+ Advertisement message is also an Agent Advertisement being sent by a
+ mobility agent. The Mobility Agent Advertisement Extension is
+ defined as follows:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Sequence Number |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | zero or more Care-of Addresses |
+ | ... |
+
+ Type 16
+
+ Length (6 + 4*N), where 6 accounts for the number of bytes in
+ the Sequence Number, Registration Lifetime, flags, and
+ reserved fields, and N is the number of care-of addresses
+ advertised.
+
+ Sequence Number
+
+ The count of Agent Advertisement messages sent since the
+ agent was initialized (Section 2.3.2).
+
+ Registration Lifetime
+
+ The longest lifetime (measured in seconds) that this
+ agent is willing to accept in any Registration Request.
+ A value of 0xffff indicates infinity. This field has no
+ relation to the "Lifetime" field within the ICMP Router
+ Advertisement portion of the Agent Advertisement.
+
+ R Registration required. Registration with this foreign
+ agent (or another foreign agent on this link) is required
+ even when using a co-located care-of address.
+
+ B Busy. The foreign agent will not accept registrations
+ from additional mobile nodes.
+
+ H Home agent. This agent offers service as a home agent on
+ the link on which this Agent Advertisement message is
+ sent.
+
+
+
+Perkins Standards Track [Page 20]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ F Foreign agent. This agent offers service as a foreign
+ agent on the link on which this Agent Advertisement
+ message is sent.
+
+ M Minimal encapsulation. This agent implements receiving
+ tunneled datagrams that use minimal encapsulation [34].
+
+ G GRE encapsulation. This agent implements receiving
+ tunneled datagrams that use GRE encapsulation [16].
+
+ r Sent as zero; ignored on reception. SHOULD NOT be
+ allocated for any other uses.
+
+ T Foreign agent supports reverse tunneling [27].
+
+ reserved
+ Sent as zero; ignored on reception.
+
+ Care-of Address(es)
+
+ The advertised foreign agent care-of address(es) provided
+ by this foreign agent. An Agent Advertisement MUST
+ include at least one care-of address if the 'F' bit is
+ set. The number of care-of addresses present is
+ determined by the Length field in the Extension.
+
+ A home agent MUST always be prepared to serve the mobile nodes for
+ which it is the home agent. A foreign agent may at times be too busy
+ to serve additional mobile nodes; even so, it must continue to send
+ Agent Advertisements, so that any mobile nodes already registered
+ with it will know that they have not moved out of range of the
+ foreign agent and that the foreign agent has not failed. A foreign
+ agent may indicate that it is "too busy" to allow new mobile nodes to
+ register with it, by setting the 'B' bit in its Agent Advertisements.
+ An Agent Advertisement message MUST NOT have the 'B' bit set if the
+ 'F' bit is not also set. Furthermore, at least one of the 'F' bit
+ and the 'H' bit MUST be set in any Agent Advertisement message sent.
+
+ When a foreign agent wishes to require registration even from those
+ mobile nodes which have acquired a co-located care-of address, it
+ sets the 'R' bit to one. Because this bit applies only to foreign
+ agents, an agent MUST NOT set the 'R' bit to one unless the 'F' bit
+ is also set to one.
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 21]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+2.1.2. Prefix-Lengths Extension
+
+ The Prefix-Lengths Extension MAY follow the Mobility Agent
+ Advertisement Extension. It is used to indicate the number of bits
+ of network prefix that applies to each Router Address listed in the
+ ICMP Router Advertisement portion of the Agent Advertisement. Note
+ that the prefix lengths given DO NOT apply to care-of address(es)
+ listed in the Mobility Agent Advertisement Extension. The Prefix-
+ Lengths Extension is defined as follows:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | Prefix Length | ....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type 19 (Prefix-Lengths Extension)
+
+ Length N, where N is the value (possibly zero) of the Num Addrs
+ field in the ICMP Router Advertisement portion of the
+ Agent Advertisement.
+
+ Prefix Length(s)
+
+ The number of leading bits that define the network number
+ of the corresponding Router Address listed in the ICMP
+ Router Advertisement portion of the message. The prefix
+ length for each Router Address is encoded as a separate
+ byte, in the order that the Router Addresses are listed
+ in the ICMP Router Advertisement portion of the message.
+
+ See Section 2.4.2 for information about how the Prefix-Lengths
+ Extension MAY be used by a mobile node when determining whether it
+ has moved. See Appendix E for implementation details about the use
+ of this Extension.
+
+2.1.3. One-byte Padding Extension
+
+ Some IP protocol implementations insist upon padding ICMP messages to
+ an even number of bytes. If the ICMP length of an Agent
+ Advertisement is odd, this Extension MAY be included in order to make
+ the ICMP length even. Note that this Extension is NOT intended to be
+ a general-purpose Extension to be included in order to word- or
+ long-align the various fields of the Agent Advertisement. An Agent
+ Advertisement SHOULD NOT include more than one One-byte Padding
+ Extension and if present, this Extension SHOULD be the last Extension
+ in the Agent Advertisement.
+
+
+
+
+Perkins Standards Track [Page 22]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Note that unlike other Extensions used in Mobile IP, the One-byte
+ Padding Extension is encoded as a single byte, with no "Length" nor
+ "Data" field present. The One-byte Padding Extension is defined as
+ follows:
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ | Type |
+ +-+-+-+-+-+-+-+-+
+
+ Type 0 (One-byte Padding Extension)
+
+2.2. Agent Solicitation
+
+ An Agent Solicitation is identical to an ICMP Router Solicitation
+ with the further restriction that the IP TTL Field MUST be set to 1.
+
+2.3. Foreign Agent and Home Agent Considerations
+
+ Any mobility agent which cannot be discovered by a link-layer
+ protocol MUST send Agent Advertisements. An agent which can be
+ discovered by a link-layer protocol SHOULD also implement Agent
+ Advertisements. However, the Advertisements need not be sent, except
+ when the site policy requires registration with the agent (i.e., when
+ the 'R' bit is set), or as a response to a specific Agent
+ Solicitation. All mobility agents MUST process packets that they
+ receive addressed to the Mobile-Agents multicast group, at address
+ 224.0.0.11. A mobile node MAY send an Agent Solicitation to
+ 224.0.0.11. All mobility agents SHOULD respond to Agent
+ Solicitations.
+
+ The same procedures, defaults, and constants are used in Agent
+ Advertisement messages and Agent Solicitation messages as specified
+ for ICMP Router Discovery [10], except that:
+
+ - a mobility agent MUST limit the rate at which it sends broadcast
+ or multicast Agent Advertisements; the maximum rate SHOULD be
+ chosen so that the Advertisements do not consume a significant
+ amount of network bandwidth, AND
+
+ - a mobility agent that receives a Router Solicitation MUST NOT
+ require that the IP Source Address is the address of a neighbor
+ (i.e., an address that matches one of the router's own addresses
+ on the arrival interface, under the subnet mask associated with
+ that address of the router).
+
+ - a mobility agent MAY be configured to send Agent Advertisements
+ only in response to an Agent Solicitation message.
+
+
+
+Perkins Standards Track [Page 23]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ If the home network is not a virtual network, then the home agent for
+ any mobile node SHOULD be located on the link identified by the
+ mobile node's home address, and Agent Advertisement messages sent by
+ the home agent on this link MUST have the 'H' bit set. In this way,
+ mobile nodes on their own home network will be able to determine that
+ they are indeed at home. Any Agent Advertisement messages sent by
+ the home agent on another link to which it may be attached (if it is
+ a mobility agent serving more than one link), MUST NOT have the 'H'
+ bit set, unless the home agent also serves as a home agent (to other
+ mobile nodes) on that other link. A mobility agent MAY use different
+ settings for each of the 'R', 'H', and 'F' bits on different network
+ interfaces.
+
+ If the home network is a virtual network, the home network has no
+ physical realization external to the home agent itself. In this
+ case, there is no physical network link on which to send Agent
+ Advertisement messages advertising the home agent. Mobile nodes for
+ which this is the home network are always treated as being away from
+ home.
+
+ On a particular subnet, either all mobility agents MUST include the
+ Prefix-Lengths Extension or all of them MUST NOT include this
+ Extension. Equivalently, it is prohibited for some agents on a given
+ subnet to include the Extension but for others not to include it.
+ Otherwise, one of the move detection algorithms designed for mobile
+ nodes will not function properly (Section 2.4.2).
+
+2.3.1. Advertised Router Addresses
+
+ The ICMP Router Advertisement portion of the Agent Advertisement MAY
+ contain one or more router addresses. An agent SHOULD only put its
+ own addresses, if any, in the advertisement. Whether or not its own
+ address appears in the Router Addresses, a foreign agent MUST route
+ datagrams it receives from registered mobile nodes (Section 4.2.2).
+
+2.3.2. Sequence Numbers and Rollover Handling
+
+ The sequence number in Agent Advertisements ranges from 0 to 0xffff.
+ After booting, an agent MUST use the number 0 for its first
+ advertisement. Each subsequent advertisement MUST use the sequence
+ number one greater, with the exception that the sequence number
+ 0xffff MUST be followed by sequence number 256. In this way, mobile
+ nodes can distinguish a reduction in the sequence number that occurs
+ after a reboot from a reduction that results in rollover of the
+ sequence number after it attains the value 0xffff.
+
+
+
+
+
+
+Perkins Standards Track [Page 24]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+2.4. Mobile Node Considerations
+
+ Every mobile node MUST implement Agent Solicitation. Solicitations
+ SHOULD only be sent in the absence of Agent Advertisements and when a
+ care-of address has not been determined through a link-layer protocol
+ or other means. The mobile node uses the same procedures, defaults,
+ and constants for Agent Solicitation as specified for ICMP Router
+ Solicitation messages [10], except that the mobile node MAY solicit
+ more often than once every three seconds, and that a mobile node that
+ is currently not connected to any foreign agent MAY solicit more
+ times than MAX_SOLICITATIONS.
+
+ The rate at which a mobile node sends Solicitations MUST be limited
+ by the mobile node. The mobile node MAY send three initial
+ Solicitations at a maximum rate of one per second while searching for
+ an agent. After this, the rate at which Solicitations are sent MUST
+ be reduced so as to limit the overhead on the local link. Subsequent
+ Solicitations MUST be sent using a binary exponential backoff
+ mechanism, doubling the interval between consecutive Solicitations,
+ up to a maximum interval. The maximum interval SHOULD be chosen
+ appropriately based upon the characteristics of the media over which
+ the mobile node is soliciting. This maximum interval SHOULD be at
+ least one minute between Solicitations.
+
+ While still searching for an agent, the mobile node MUST NOT increase
+ the rate at which it sends Solicitations unless it has received a
+ positive indication that it has moved to a new link. After
+ successfully registering with an agent, the mobile node SHOULD also
+ increase the rate at which it will send Solicitations when it next
+ begins searching for a new agent with which to register. The
+ increased solicitation rate MAY revert to the maximum rate, but then
+ MUST be limited in the manner described above. In all cases, the
+ recommended solicitation intervals are nominal values. Mobile nodes
+ MUST randomize their solicitation times around these nominal values
+ as specified for ICMP Router Discovery [10].
+
+ Mobile nodes MUST process received Agent Advertisements. A mobile
+ node can distinguish an Agent Advertisement message from other uses
+ of the ICMP Router Advertisement message by examining the number of
+ advertised addresses and the IP Total Length field. When the IP
+ total length indicates that the ICMP message is longer than needed
+ for the number of advertised addresses, the remaining data is
+ interpreted as one or more Extensions. The presence of a Mobility
+ Agent Advertisement Extension identifies the advertisement as an
+ Agent Advertisement.
+
+
+
+
+
+
+Perkins Standards Track [Page 25]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ If there is more than one advertised address, the mobile node SHOULD
+ pick the first address for its initial registration attempt. If the
+ registration attempt fails with a status Code indicating rejection by
+ the foreign agent, the mobile node MAY retry the attempt with each
+ subsequent advertised address in turn.
+
+ When multiple methods of agent discovery are in use, the mobile node
+ SHOULD first attempt registration with agents including Mobility
+ Agent Advertisement Extensions in their advertisements, in preference
+ to those discovered by other means. This preference maximizes the
+ likelihood that the registration will be recognized, thereby
+ minimizing the number of registration attempts.
+
+ A mobile node MUST ignore reserved bits in Agent Advertisements, as
+ opposed to discarding such advertisements. In this way, new bits can
+ be defined later, without affecting the ability for mobile nodes to
+ use the advertisements even when the newly defined bits are not
+ understood.
+
+2.4.1. Registration Required
+
+ When the mobile node receives an Agent Advertisement with the 'R' bit
+ set, the mobile node SHOULD register through the foreign agent, even
+ when the mobile node might be able to acquire its own co-located
+ care-of address. This feature is intended to allow sites to enforce
+ visiting policies (such as accounting) which require exchanges of
+ authorization.
+
+ If formerly reserved bits require some kind of monitoring/enforcement
+ at the foreign link, foreign agents implementing the new
+ specification for the formerly reserved bits can set the 'R' bit.
+ This has the effect of forcing the mobile node to register through
+ the foreign agent, so the foreign agent could then monitor/enforce
+ the policy.
+
+2.4.2. Move Detection
+
+ Two primary mechanisms are provided for mobile nodes to detect when
+ they have moved from one subnet to another. Other mechanisms MAY
+ also be used. When the mobile node detects that it has moved, it
+ SHOULD register (Section 3) with a suitable care-of address on the
+ new foreign network. However, the mobile node MUST NOT register more
+ frequently than once per second on average, as specified in Section
+ 3.6.3.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 26]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+2.4.2.1. Algorithm 1
+
+ The first method of move detection is based upon the Lifetime field
+ within the main body of the ICMP Router Advertisement portion of the
+ Agent Advertisement. A mobile node SHOULD record the Lifetime
+ received in any Agent Advertisements, until that Lifetime expires.
+ If the mobile node fails to receive another advertisement from the
+ same agent within the specified Lifetime, it SHOULD assume that it
+ has lost contact with that agent. If the mobile node has previously
+ received an Agent Advertisement from another agent for which the
+ Lifetime field has not yet expired, the mobile node MAY immediately
+ attempt registration with that other agent. Otherwise, the mobile
+ node SHOULD attempt to discover a new agent with which to register.
+
+2.4.2.2. Algorithm 2
+
+ The second method uses network prefixes. The Prefix-Lengths
+ Extension MAY be used in some cases by a mobile node to determine
+ whether or not a newly received Agent Advertisement was received on
+ the same subnet as the mobile node's current care-of address. If the
+ prefixes differ, the mobile node MAY assume that it has moved. If a
+ mobile node is currently using a foreign agent care-of address, the
+ mobile node SHOULD NOT use this method of move detection unless both
+ the current agent and the new agent include the Prefix-Lengths
+ Extension in their respective Agent Advertisements; if this Extension
+ is missing from one or both of the advertisements, this method of
+ move detection SHOULD NOT be used. Similarly, if a mobile node is
+ using a co-located care-of address, it SHOULD not use this method of
+ move detection unless the new agent includes the Prefix-Lengths
+ Extension in its Advertisement and the mobile node knows the network
+ prefix of its current co-located care-of address. On the expiration
+ of its current registration, if this method indicates that the mobile
+ node has moved, rather than re-registering with its current care-of
+ address, a mobile node MAY choose instead to register with a the
+ foreign agent sending the new Advertisement with the different
+ network prefix. The Agent Advertisement on which the new
+ registration is based MUST NOT have expired according to its Lifetime
+ field.
+
+2.4.3. Returning Home
+
+ A mobile node can detect that it has returned to its home network
+ when it receives an Agent Advertisement from its own home agent. If
+ so, it SHOULD deregister with its home agent (Section 3). Before
+ attempting to deregister, the mobile node SHOULD configure its
+ routing table appropriately for its home network (Section 4.2.1). In
+
+
+
+
+
+Perkins Standards Track [Page 27]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ addition, if the home network is using ARP [36], the mobile node MUST
+ follow the procedures described in Section 4.6 with regard to ARP,
+ proxy ARP, and gratuitous ARP.
+
+2.4.4. Sequence Numbers and Rollover Handling
+
+ If a mobile node detects two successive values of the sequence number
+ in the Agent Advertisements from the foreign agent with which it is
+ registered, the second of which is less than the first and inside the
+ range 0 to 255, the mobile node SHOULD register again. If the second
+ value is less than the first but is greater than or equal to 256, the
+ mobile node SHOULD assume that the sequence number has rolled over
+ past its maximum value (0xffff), and that reregistration is not
+ necessary (Section 2.3).
+
+3. Registration
+
+ Mobile IP registration provides a flexible mechanism for mobile nodes
+ to communicate their current reachability information to their home
+ agent. It is the method by which mobile nodes:
+
+ - request forwarding services when visiting a foreign network,
+
+ - inform their home agent of their current care-of address,
+
+ - renew a registration which is due to expire, and/or
+
+ - deregister when they return home.
+
+ Registration messages exchange information between a mobile node,
+ (optionally) a foreign agent, and the home agent. Registration
+ creates or modifies a mobility binding at the home agent, associating
+ the mobile node's home address with its care-of address for the
+ specified Lifetime.
+
+ Several other (optional) capabilities are available through the
+ registration procedure, which enable a mobile node to:
+
+ - discover its home address, if the mobile node is not configured
+ with this information.
+
+ - maintain multiple simultaneous registrations, so that a copy of
+ each datagram will be tunneled to each active care-of address
+
+ - deregister specific care-of addresses while retaining other
+ mobility bindings, and
+
+
+
+
+
+Perkins Standards Track [Page 28]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - discover the address of a home agent if the mobile node is not
+ configured with this information.
+
+3.1. Registration Overview
+
+ Mobile IP defines two different registration procedures, one via a
+ foreign agent that relays the registration to the mobile node's home
+ agent, and one directly with the mobile node's home agent. The
+ following rules determine which of these two registration procedures
+ to use in any particular circumstance:
+
+ - If a mobile node is registering a foreign agent care-of
+ address, the mobile node MUST register via that foreign agent.
+
+ - If a mobile node is using a co-located care-of address, and
+ receives an Agent Advertisement from a foreign agent on the
+ link on which it is using this care-of address, the mobile node
+ SHOULD register via that foreign agent (or via another foreign
+ agent on this link) if the 'R' bit is set in the received Agent
+ Advertisement message.
+
+ - If a mobile node is otherwise using a co-located care-of
+ address, the mobile node MUST register directly with its home
+ agent.
+
+ - If a mobile node has returned to its home network and is
+ (de)registering with its home agent, the mobile node MUST
+ register directly with its home agent.
+
+ Both registration procedures involve the exchange of Registration
+ Request and Registration Reply messages (Sections 3.3 and 3.4). When
+ registering via a foreign agent, the registration procedure requires
+ the following four messages:
+
+ a) The mobile node sends a Registration Request to the prospective
+ foreign agent to begin the registration process.
+
+ b) The foreign agent processes the Registration Request and then
+ relays it to the home agent.
+
+ c) The home agent sends a Registration Reply to the foreign agent
+ to grant or deny the Request.
+
+ d) The foreign agent processes the Registration Reply and then
+ relays it to the mobile node to inform it of the disposition of
+ its Request.
+
+
+
+
+
+Perkins Standards Track [Page 29]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ When the mobile node instead registers directly with its home agent,
+ the registration procedure requires only the following two messages:
+
+ a) The mobile node sends a Registration Request to the home agent.
+
+ b) The home agent sends a Registration Reply to the mobile node,
+ granting or denying the Request.
+
+ The registration messages defined in Sections 3.3 and 3.4 use the
+ User Datagram Protocol (UDP) [37]. A nonzero UDP checksum SHOULD be
+ included in the header, and MUST be checked by the recipient. A zero
+ UDP checksum SHOULD be accepted by the recipient. The behavior of
+ the mobile node and the home agent with respect to their mutual
+ acceptance of packets with zero UDP checksums SHOULD be defined as
+ part of the mobility security association which exists between them.
+
+3.2. Authentication
+
+ Each mobile node, foreign agent, and home agent MUST be able to
+ support a mobility security association for mobile entities, indexed
+ by their SPI and IP address. In the case of the mobile node, this
+ must be its Home Address. See Section 5.1 for requirements for
+ support of authentication algorithms. Registration messages between
+ a mobile node and its home agent MUST be authenticated with an
+ authorization-enabling extension, e.g. the Mobile-Home Authentication
+ Extension (Section 3.5.2). This extension MUST be the first
+ authentication extension; other foreign agent-specific extensions MAY
+ be added to the message after the mobile node computes the
+ authentication.
+
+3.3. Registration Request
+
+ A mobile node registers with its home agent using a Registration
+ Request message so that its home agent can create or modify a
+ mobility binding for that mobile node (e.g., with a new lifetime).
+ The Request may be relayed to the home agent by the foreign agent
+ through which the mobile node is registering, or it may be sent
+ directly to the home agent in the case in which the mobile node is
+ registering a co-located care-of address.
+
+ IP fields:
+
+ Source Address Typically the interface address from which the
+ message is sent.
+
+ Destination Address Typically that of the foreign agent or the
+ home agent.
+
+
+
+
+Perkins Standards Track [Page 30]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ See Sections 3.6.1.1 and 3.7.2.2 for details. UDP fields:
+
+ Source Port variable
+
+ Destination Port 434
+
+ The UDP header is followed by the Mobile IP fields shown below:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type |S|B|D|M|G|r|T|x| Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |
+ + Identification +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Extensions ...
+ +-+-+-+-+-+-+-+-
+
+ Type 1 (Registration Request)
+
+ S Simultaneous bindings. If the 'S' bit is set, the mobile
+ node is requesting that the home agent retain its prior
+ mobility bindings, as described in Section 3.6.1.2.
+
+ B Broadcast datagrams. If the 'B' bit is set, the mobile
+ node requests that the home agent tunnel to it any
+ broadcast datagrams that it receives on the home network,
+ as described in Section 4.3.
+
+ D Decapsulation by mobile node. If the 'D' bit is set, the
+ mobile node will itself decapsulate datagrams which are
+ sent to the care-of address. That is, the mobile node is
+ using a co-located care-of address.
+
+ M Minimal encapsulation. If the 'M' bit is set, the mobile
+ node requests that its home agent use minimal
+ encapsulation [34] for datagrams tunneled to the mobile
+ node.
+
+
+
+
+
+Perkins Standards Track [Page 31]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ G GRE encapsulation. If the 'G' bit is set, the mobile
+ node requests that its home agent use GRE encapsulation
+ [16] for datagrams tunneled to the mobile node.
+
+ r Sent as zero; ignored on reception. SHOULD NOT be
+ allocated for any other uses.
+
+ T Reverse Tunneling requested; see [27].
+
+ x Sent as zero; ignored on reception.
+
+ Lifetime
+
+ The number of seconds remaining before the registration
+ is considered expired. A value of zero indicates a
+ request for deregistration. A value of 0xffff indicates
+ infinity.
+
+ Home Address
+
+ The IP address of the mobile node.
+
+ Home Agent
+
+ The IP address of the mobile node's home agent.
+
+ Care-of Address
+
+ The IP address for the end of the tunnel.
+
+ Identification
+
+ A 64-bit number, constructed by the mobile node, used for
+ matching Registration Requests with Registration Replies,
+ and for protecting against replay attacks of registration
+ messages. See Sections 5.4 and 5.7.
+
+ Extensions
+
+ The fixed portion of the Registration Request is followed
+ by one or more of the Extensions listed in Section 3.5.
+ An authorization-enabling extension MUST be included in
+ all Registration Requests. See Sections 3.6.1.3 and
+ 3.7.2.2 for information on the relative order in which
+ different extensions, when present, MUST be placed in a
+ Registration Request message.
+
+
+
+
+
+Perkins Standards Track [Page 32]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.4. Registration Reply
+
+ A mobility agent returns a Registration Reply message to a mobile
+ node which has sent a Registration Request (Section 3.3) message. If
+ the mobile node is requesting service from a foreign agent, that
+ foreign agent will receive the Reply from the home agent and
+ subsequently relay it to the mobile node. The Reply message contains
+ the necessary codes to inform the mobile node about the status of its
+ Request, along with the lifetime granted by the home agent, which MAY
+ be smaller than the original Request.
+
+ The foreign agent MUST NOT increase the Lifetime selected by the
+ mobile node in the Registration Request, since the Lifetime is
+ covered by an authentication extension which enables authorization by
+ the home agent. Such an extension contains authentication data which
+ cannot be correctly (re)computed by the foreign agent. The home
+ agent MUST NOT increase the Lifetime selected by the mobile node in
+ the Registration Request, since doing so could increase it beyond the
+ maximum Registration Lifetime allowed by the foreign agent. If the
+ Lifetime received in the Registration Reply is greater than that in
+ the Registration Request, the Lifetime in the Request MUST be used.
+ When the Lifetime received in the Registration Reply is less than
+ that in the Registration Request, the Lifetime in the Reply MUST be
+ used.
+
+ IP fields:
+
+ Source Address Typically copied from the destination address
+ of the Registration Request to which the
+ agent is replying. See Sections 3.7.2.3 and
+ 3.8.3.1 for complete details.
+
+ Destination Address Copied from the source address of the
+ Registration Request to which the agent is
+ replying
+
+ UDP fields:
+
+ Source Port <variable>
+
+ Destination Port Copied from the source port of the
+ corresponding Registration Request (Section
+ 3.7.1).
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 33]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ The UDP header is followed by the Mobile IP fields shown below:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Code | Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |
+ + Identification +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Extensions ...
+ +-+-+-+-+-+-+-+-
+
+ Type 3 (Registration Reply)
+
+ Code A value indicating the result of the Registration
+ Request. See below for a list of currently defined Code
+ values.
+
+ Lifetime
+
+ If the Code field indicates that the registration was
+ accepted, the Lifetime field is set to the number of
+ seconds remaining before the registration is considered
+ expired. A value of zero indicates that the mobile node
+ has been deregistered. A value of 0xffff indicates
+ infinity. If the Code field indicates that the
+ registration was denied, the contents of the Lifetime
+ field are unspecified and MUST be ignored on reception.
+
+ Home Address
+
+ The IP address of the mobile node.
+
+ Home Agent
+
+ The IP address of the mobile node's home agent.
+
+ Identification
+
+ A 64-bit number used for matching Registration Requests
+ with Registration Replies, and for protecting against
+ replay attacks of registration messages. The value is
+
+
+
+Perkins Standards Track [Page 34]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ based on the Identification field from the Registration
+ Request message from the mobile node, and on the style of
+ replay protection used in the security context between
+ the mobile node and its home agent (defined by the
+ mobility security association between them, and SPI value
+ in the authorization-enabling extension). See Sections
+ 5.4 and 5.7.
+
+ Extensions
+
+ The fixed portion of the Registration Reply is followed
+ by one or more of the Extensions listed in Section 3.5.
+ An authorization-enabling extension MUST be included in
+ all Registration Replies returned by the home agent. See
+ Sections 3.7.2.2 and 3.8.3.3 for rules on placement of
+ extensions to Reply messages.
+
+ The following values are defined for use within the Code field.
+ Registration successful:
+
+ 0 registration accepted
+ 1 registration accepted, but simultaneous mobility
+ bindings unsupported
+
+ Registration denied by the foreign agent:
+
+ 64 reason unspecified
+ 65 administratively prohibited
+ 66 insufficient resources
+ 67 mobile node failed authentication
+ 68 home agent failed authentication
+ 69 requested Lifetime too long
+ 70 poorly formed Request
+ 71 poorly formed Reply
+ 72 requested encapsulation unavailable
+ 73 reserved and unavailable
+ 77 invalid care-of address
+ 78 registration timeout
+ 80 home network unreachable (ICMP error received)
+ 81 home agent host unreachable (ICMP error received)
+ 82 home agent port unreachable (ICMP error received)
+ 88 home agent unreachable (other ICMP error received)
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 35]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Registration denied by the home agent:
+
+ 128 reason unspecified
+ 129 administratively prohibited
+ 130 insufficient resources
+ 131 mobile node failed authentication
+ 132 foreign agent failed authentication
+ 133 registration Identification mismatch
+ 134 poorly formed Request
+ 135 too many simultaneous mobility bindings
+ 136 unknown home agent address
+
+ Up-to-date values of the Code field are specified in the most recent
+ "Assigned Numbers" [40].
+
+3.5. Registration Extensions
+
+3.5.1. Computing Authentication Extension Values
+
+ The Authenticator value computed for each authentication Extension
+ MUST protect the following fields from the registration message:
+
+ - the UDP payload (that is, the Registration Request or
+ Registration Reply data),
+
+ - all prior Extensions in their entirety, and
+
+ - the Type, Length, and SPI of this Extension.
+
+ The default authentication algorithm uses HMAC-MD5 [23] to compute a
+ 128-bit "message digest" of the registration message. The data over
+ which the HMAC is computed is defined as:
+
+ - the UDP payload (that is, the Registration Request or
+ Registration Reply data),
+
+ - all prior Extensions in their entirety, and
+
+ - the Type, Length, and SPI of this Extension.
+
+ Note that the Authenticator field itself and the UDP header are NOT
+ included in the computation of the default Authenticator value. See
+ Section 5.1 for information about support requirements for message
+ authentication codes, which are to be used with the various
+ authentication Extensions.
+
+
+
+
+
+
+Perkins Standards Track [Page 36]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ The Security Parameter Index (SPI) within any of the authentication
+ Extensions defines the security context which is used to compute the
+ Authenticator value and which MUST be used by the receiver to check
+ that value. In particular, the SPI selects the authentication
+ algorithm and mode (Section 5.1) and secret (a shared key, or
+ appropriate public/private key pair) used in computing the
+ Authenticator. In order to ensure interoperability between different
+ implementations of the Mobile IP protocol, an implementation MUST be
+ able to associate any SPI value with any authentication algorithm and
+ mode which it implements. In addition, all implementations of Mobile
+ IP MUST implement the default authentication algorithm (HMAC-MD5)
+ specified above.
+
+3.5.2. Mobile-Home Authentication Extension
+
+ Exactly one authorization-enabling extension MUST be present in all
+ Registration Requests, and also in all Registration Replies generated
+ by the Home Agent. The Mobile-Home Authentication Extension is
+ always an authorization-enabling for registration messages specified
+ in this document. This requirement is intended to eliminate problems
+ [2] which result from the uncontrolled propagation of remote
+ redirects in the Internet. The location of the extension marks the
+ end of the authenticated data.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | SPI ....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ... SPI (cont.) | Authenticator ...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type 32
+
+ Length 4 plus the number of bytes in the Authenticator.
+
+ SPI Security Parameter Index (4 bytes). An opaque
+ identifier (see Section 1.6).
+
+ Authenticator (variable length) (See Section 3.5.1.)
+
+3.5.3. Mobile-Foreign Authentication Extension
+
+ This Extension MAY be included in Registration Requests and Replies
+ in cases in which a mobility security association exists between the
+ mobile node and the foreign agent. See Section 5.1 for information
+ about support requirements for message authentication codes.
+
+
+
+
+Perkins Standards Track [Page 37]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | SPI ....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ... SPI (cont.) | Authenticator ...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type 33
+
+ Length 4 plus the number of bytes in the Authenticator.
+
+ SPI Security Parameter Index (4 bytes). An opaque
+ identifier (see Section 1.6).
+
+ Authenticator (variable length) (See Section 3.5.1.)
+
+3.5.4. Foreign-Home Authentication Extension
+
+ This Extension MAY be included in Registration Requests and Replies
+ in cases in which a mobility security association exists between the
+ foreign agent and the home agent. See Section 5.1 for information
+ about support requirements for message authentication codes.
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Length | SPI ....
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ ... SPI (cont.) | Authenticator ...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+ Type 34
+
+ Length 4 plus the number of bytes in the Authenticator.
+
+ SPI Security Parameter Index (4 bytes). An opaque
+ identifier (see Section 1.6).
+
+ Authenticator (variable length) (See Section 3.5.1.)
+
+3.6. Mobile Node Considerations
+
+ A mobile node MUST be configured with a netmask and a mobility
+ security association for each of its home agents. In addition, a
+ mobile node MAY be configured with its home address, and the IP
+
+
+
+
+
+Perkins Standards Track [Page 38]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ address of one or more of its home agents; otherwise, the mobile node
+ MAY discover a home agent using the procedures described in Section
+ 3.6.1.2.
+
+ If the mobile node is not configured with a home address, it MAY use
+ the Mobile Node NAI extension [6] to identify itself, and set the
+ Home Address field of the Registration Request to 0.0.0.0. In this
+ case, the mobile node MUST be able to assign its home address after
+ extracting this information from the Registration Reply from the home
+ agent.
+
+ For each pending registration, the mobile node maintains the
+ following information:
+
+ - the link-layer address of the foreign agent to which the
+ Registration Request was sent, if applicable,
+ - the IP destination address of the Registration Request,
+ - the care-of address used in the registration,
+ - the Identification value sent in the registration,
+ - the originally requested Lifetime, and
+ - the remaining Lifetime of the pending registration.
+
+ A mobile node SHOULD initiate a registration whenever it detects a
+ change in its network connectivity. See Section 2.4.2 for methods by
+ which mobile nodes MAY make such a determination. When it is away
+ from home, the mobile node's Registration Request allows its home
+ agent to create or modify a mobility binding for it. When it is at
+ home, the mobile node's (de)Registration Request allows its home
+ agent to delete any previous mobility binding(s) for it. A mobile
+ node operates without the support of mobility functions when it is at
+ home.
+
+ There are other conditions under which the mobile node SHOULD
+ (re)register with its foreign agent, such as when the mobile node
+ detects that the foreign agent has rebooted (as specified in Section
+ 2.4.4) and when the current registration's Lifetime is near
+ expiration.
+
+ In the absence of link-layer indications of changes in point of
+ attachment, Agent Advertisements from new agents SHOULD NOT cause a
+ mobile node to attempt a new registration, if its current
+ registration has not expired and it is still also receiving Agent
+ Advertisements from the foreign agent with which it is currently
+ registered. In the absence of link-layer indications, a mobile node
+ MUST NOT attempt to register more often than once per second.
+
+
+
+
+
+
+Perkins Standards Track [Page 39]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ A mobile node MAY register with a different agent when transport-
+ layer protocols indicate excessive retransmissions. A mobile node
+ MUST NOT consider reception of an ICMP Redirect from a foreign agent
+ that is currently providing service to it as reason to register with
+ a new foreign agent. Within these constraints, the mobile node MAY
+ register again at any time.
+
+ Appendix D shows some examples of how the fields in registration
+ messages would be set up in some typical registration scenarios.
+
+3.6.1. Sending Registration Requests
+
+ The following sections specify details for the values the mobile node
+ MUST supply in the fields of Registration Request messages.
+
+3.6.1.1. IP Fields
+
+ This section provides the specific rules by which mobile nodes pick
+ values for the IP header fields of a Registration Request.
+
+ IP Source Address:
+
+ - When registering on a foreign network with a co-located care-of
+ address, the IP source address MUST be the care-of address.
+
+ - Otherwise, if the mobile node does not have a home address, the
+ IP source address MUST be 0.0.0.0.
+
+ - In all other circumstances, the IP source address MUST be the
+ mobile node's home address.
+
+ IP Destination Address:
+
+ - When the mobile node has discovered the agent with which it is
+ registering, through some means (e.g., link-layer) that does
+ not provide the IP address of the agent (the IP address of the
+ agent is unknown to the mobile node), then the "All Mobility
+ Agents" multicast address (224.0.0.11) MUST be used. In this
+ case, the mobile node MUST use the agent's link-layer unicast
+ address in order to deliver the datagram to the correct agent.
+
+ - When registering with a foreign agent, the address of the agent
+ as learned from the IP source address of the corresponding
+ Agent Advertisement MUST be used. This MAY be an address which
+ does not appear as an advertised care-of address in the Agent
+ Advertisement. In addition, when transmitting this
+ Registration Request message, the mobile node MUST use a link-
+
+
+
+
+Perkins Standards Track [Page 40]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ layer destination address copied from the link-layer source
+ address of the Agent Advertisement message in which it learned
+ this foreign agent's IP address.
+
+ - When the mobile node is registering directly with its home
+ agent and knows the (unicast) IP address of its home agent, the
+ destination address MUST be set to this address.
+
+ - If the mobile node is registering directly with its home agent,
+ but does not know the IP address of its home agent, the mobile
+ node may use dynamic home agent address resolution to
+ automatically determine the IP address of its home agent
+ (Section 3.6.1.2). In this case, the IP destination address is
+ set to the subnet-directed broadcast address of the mobile
+ node's home network. This address MUST NOT be used as the
+ destination IP address if the mobile node is registering via a
+ foreign agent, although it MAY be used as the Home Agent
+ address in the body of the Registration Request when
+ registering via a foreign agent.
+
+ IP Time to Live:
+
+ - The IP TTL field MUST be set to 1 if the IP destination address
+ is set to the "All Mobility Agents" multicast address as
+ described above. Otherwise a suitable value should be chosen
+ in accordance with standard IP practice [38].
+
+3.6.1.2. Registration Request Fields
+
+ This section provides specific rules by which mobile nodes pick
+ values for the fields within the fixed portion of a Registration
+ Request.
+
+ A mobile node MAY set the 'S' bit in order to request that the home
+ agent maintain prior mobility binding(s). Otherwise, the home agent
+ deletes any previous binding(s) and replaces them with the new
+ binding specified in the Registration Request. Multiple simultaneous
+ mobility bindings are likely to be useful when a mobile node using at
+ least one wireless network interface moves within wireless
+ transmission range of more than one foreign agent. IP explicitly
+ allows duplication of datagrams. When the home agent allows
+ simultaneous bindings, it will tunnel a separate copy of each
+ arriving datagram to each care-of address, and the mobile node will
+ receive multiple copies of datagrams destined to it.
+
+ The mobile node SHOULD set the 'D' bit if it is registering with a
+ co-located care-of address. Otherwise, the 'D' bit MUST NOT be set.
+
+
+
+
+Perkins Standards Track [Page 41]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ A mobile node MAY set the 'B' bit to request its home agent to
+ forward to it, a copy of broadcast datagrams received by its home
+ agent from the home network. The method used by the home agent to
+ forward broadcast datagrams depends on the type of care-of address
+ registered by the mobile node, as determined by the 'D' bit in the
+ mobile node's Registration Request:
+
+ - If the 'D' bit is set, then the mobile node has indicated that
+ it will decapsulate any datagrams tunneled to this care-of
+ address itself (the mobile node is using a co-located care-of
+ address). In this case, to forward such a received broadcast
+ datagram to the mobile node, the home agent MUST tunnel it to
+ this care-of address. The mobile node de-tunnels the received
+ datagram in the same way as any other datagram tunneled
+ directly to it.
+
+ - If the 'D' bit is NOT set, then the mobile node has indicated
+ that it is using a foreign agent care-of address, and that the
+ foreign agent will thus decapsulate arriving datagrams before
+ forwarding them to the mobile node. In this case, to forward
+ such a received broadcast datagram to the mobile node, the home
+ agent MUST first encapsulate the broadcast datagram in a
+ unicast datagram addressed to the mobile node's home address,
+ and then MUST tunnel this resulting datagram to the mobile
+ node's care-of address.
+
+ When decapsulated by the foreign agent, the inner datagram will
+ thus be a unicast IP datagram addressed to the mobile node,
+ identifying to the foreign agent the intended destination of
+ the encapsulated broadcast datagram, and will be delivered to
+ the mobile node in the same way as any tunneled datagram
+ arriving for the mobile node. The foreign agent MUST NOT
+ decapsulate the encapsulated broadcast datagram and MUST NOT
+ use a local network broadcast to transmit it to the mobile
+ node. The mobile node thus MUST decapsulate the encapsulated
+ broadcast datagram itself, and thus MUST NOT set the 'B' bit in
+ its Registration Request in this case unless it is capable of
+ decapsulating datagrams.
+
+ The mobile node MAY request alternative forms of encapsulation by
+ setting the 'M' bit and/or the 'G' bit, but only if the mobile node
+ is decapsulating its own datagrams (the mobile node is using a co-
+ located care-of address) or if its foreign agent has indicated
+ support for these forms of encapsulation by setting the corresponding
+ bits in the Mobility Agent Advertisement Extension of an Agent
+ Advertisement received by the mobile node. Otherwise, the mobile
+ node MUST NOT set these bits.
+
+
+
+
+Perkins Standards Track [Page 42]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ The Lifetime field is chosen as follows:
+
+ - If the mobile node is registering with a foreign agent, the
+ Lifetime SHOULD NOT exceed the value in the Registration
+ Lifetime field of the Agent Advertisement message received from
+ the foreign agent.
+ When the method by which the care-of address is learned does
+ not include a Lifetime, the default ICMP Router Advertisement
+ Lifetime (1800 seconds) MAY be used.
+
+ - The mobile node MAY ask a home agent to delete a particular
+ mobility binding, by sending a Registration Request with the
+ care-of address for this binding, with the Lifetime field set
+ to zero (Section 3.8.2).
+
+ - Similarly, a Lifetime of zero is used when the mobile node
+ deregisters all care-of addresses, such as upon returning home.
+
+ The Home Address field MUST be set to the mobile node's home address,
+ if this information is known. Otherwise, the Home Address MUST be
+ set to zeroes.
+
+ The Home Agent field MUST be set to the address of the mobile node's
+ home agent, if the mobile node knows this address. Otherwise, the
+ mobile node MAY use dynamic home agent address resolution to learn
+ the address of its home agent. In this case, the mobile node MUST
+ set the Home Agent field to the subnet-directed broadcast address of
+ the mobile node's home network. Each home agent receiving such a
+ Registration Request with a broadcast destination address MUST reject
+ the mobile node's registration and SHOULD return a rejection
+ Registration Reply indicating its unicast IP address for use by the
+ mobile node in a future registration attempt.
+
+ The Care-of Address field MUST be set to the value of the particular
+ care-of address that the mobile node wishes to (de)register. In the
+ special case in which a mobile node wishes to deregister all care-of
+ addresses, it MUST set this field to its home address.
+
+ The mobile node chooses the Identification field in accordance with
+ the style of replay protection it uses with its home agent. This is
+ part of the mobility security association the mobile node shares with
+ its home agent. See Section 5.7 for the method by which the mobile
+ node computes the Identification field.
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 43]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.6.1.3. Extensions
+
+ This section describes the ordering of any mandatory and any optional
+ Extensions that a mobile node appends to a Registration Request.
+ This following ordering MUST be followed:
+
+ a) The IP header, followed by the UDP header, followed by the
+ fixed-length portion of the Registration Request, followed by
+
+ b) If present, any non-authentication Extensions expected to be
+ used by the home agent (which may or may not also be useful to
+ the foreign agent), followed by
+
+ c) An authorization-enabling extension, followed by
+
+ d) If present, any non-authentication Extensions used only by the
+ foreign agent, followed by
+
+ e) The Mobile-Foreign Authentication Extension, if present.
+
+ Note that items (a) and (c) MUST appear in every Registration Request
+ sent by the mobile node. Items (b), (d), and (e) are optional.
+ However, item (e) MUST be included when the mobile node and the
+ foreign agent share a mobility security association.
+
+3.6.2. Receiving Registration Replies
+
+ Registration Replies will be received by the mobile node in response
+ to its Registration Requests. Registration Replies generally fall
+ into three categories:
+
+ - the registration was accepted,
+ - the registration was denied by the foreign agent, or
+ - the registration was denied by the home agent.
+
+ The remainder of this section describes the Registration Reply
+ handling by a mobile node in each of these three categories.
+
+3.6.2.1. Validity Checks
+
+ Registration Replies with an invalid, non-zero UDP checksum MUST be
+ silently discarded.
+
+ In addition, the low-order 32 bits of the Identification field in the
+ Registration Reply MUST be compared to the low-order 32 bits of the
+ Identification field in the most recent Registration Request sent to
+ the replying agent. If they do not match, the Reply MUST be silently
+ discarded.
+
+
+
+Perkins Standards Track [Page 44]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Also, the Registration Reply MUST be checked for presence of an
+ authorization-enabling extension. For all Registration Reply
+ messages containing a Status Code indicating status from the Home
+ Agent, the mobile node MUST check for the presence of an
+ authorization-enabling extension, acting in accordance with the Code
+ field in the Reply. The rules are as follows:
+
+ a) If the mobile node and the foreign agent share a mobility
+ security association, exactly one Mobile-Foreign Authentication
+ Extension MUST be present in the Registration Reply, and the
+ mobile node MUST check the Authenticator value in the
+ Extension. If no Mobile-Foreign Authentication Extension is
+ found, or if more than one Mobile-Foreign Authentication
+ Extension is found, or if the Authenticator is invalid, the
+ mobile node MUST silently discard the Reply and SHOULD log the
+ event as a security exception.
+
+ b) If the Code field indicates that service is denied by the home
+ agent, or if the Code field indicates that the registration was
+ accepted by the home agent, exactly one Mobile-Home
+ Authentication Extension MUST be present in the Registration
+ Reply, and the mobile node MUST check the Authenticator value
+ in the Extension. If the Registration Reply was generated by
+ the home agent but no Mobile-Home Authentication Extension is
+ found, or if more than one Mobile-Home Authentication Extension
+ is found, or if the Authenticator is invalid, the mobile node
+ MUST silently discard the Reply and SHOULD log the event as a
+ security exception.
+
+ If the Code field indicates an authentication failure, either at the
+ foreign agent or the home agent, then it is quite possible that any
+ authenticators in the Registration Reply will also be in error. This
+ could happen, for example, if the shared secret between the mobile
+ node and home agent was erroneously configured. The mobile node
+ SHOULD log such errors as security exceptions.
+
+3.6.2.2. Registration Request Accepted
+
+ If the Code field indicates that the request has been accepted, the
+ mobile node SHOULD configure its routing table appropriately for its
+ current point of attachment (Section 4.2.1).
+
+ If the mobile node is returning to its home network and that network
+ is one which implements ARP, the mobile node MUST follow the
+ procedures described in Section 4.6 with regard to ARP, proxy ARP,
+ and gratuitous ARP.
+
+
+
+
+
+Perkins Standards Track [Page 45]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ If the mobile node has registered on a foreign network, it SHOULD
+ re-register before the expiration of the Lifetime of its
+ registration. As described in Section 3.6, for each pending
+ Registration Request, the mobile node MUST maintain the remaining
+ lifetime of this pending registration, as well as the original
+ Lifetime from the Registration Request. When the mobile node
+ receives a valid Registration Reply, the mobile node MUST decrease
+ its view of the remaining lifetime of the registration by the amount
+ by which the home agent decreased the originally requested Lifetime.
+ This procedure is equivalent to the mobile node starting a timer for
+ the granted Lifetime at the time it sent the Registration Request,
+ even though the granted Lifetime is not known to the mobile node
+ until the Registration Reply is received. Since the Registration
+ Request is certainly sent before the home agent begins timing the
+ registration Lifetime (also based on the granted Lifetime), this
+ procedure ensures that the mobile node will re-register before the
+ home agent expires and deletes the registration, in spite of possibly
+ non-negligible transmission delays for the original Registration
+ Request and Reply that started the timing of the Lifetime at the
+ mobile node and its home agent.
+
+3.6.2.3. Registration Request Denied
+
+ If the Code field indicates that service is being denied, the mobile
+ node SHOULD log the error. In certain cases the mobile node may be
+ able to "repair" the error. These include:
+
+ Code 69: (Denied by foreign agent, Lifetime too long)
+
+ In this case, the Lifetime field in the Registration Reply will
+ contain the maximum Lifetime value which that foreign agent is
+ willing to accept in any Registration Request. The mobile node
+ MAY attempt to register with this same agent, using a Lifetime
+ in the Registration Request that MUST be less than or equal to
+ the value specified in the Reply.
+
+ Code 133: (Denied by home agent, Identification mismatch)
+
+ In this case, the Identification field in the Registration
+ Reply will contain a value that allows the mobile node to
+ synchronize with the home agent, based upon the style of replay
+ protection in effect (Section 5.7). The mobile node MUST
+ adjust the parameters it uses to compute the Identification
+ field based upon the information in the Registration Reply,
+ before issuing any future Registration Requests.
+
+
+
+
+
+
+Perkins Standards Track [Page 46]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Code 136: (Denied by home agent, Unknown home agent address)
+
+ This code is returned by a home agent when the mobile node is
+ performing dynamic home agent address resolution as described
+ in Sections 3.6.1.1 and 3.6.1.2. In this case, the Home Agent
+ field within the Reply will contain the unicast IP address of
+ the home agent returning the Reply. The mobile node MAY then
+ attempt to register with this home agent in future Registration
+ Requests. In addition, the mobile node SHOULD adjust the
+ parameters it uses to compute the Identification field based
+ upon the corresponding field in the Registration Reply, before
+ issuing any future Registration Requests.
+
+3.6.3. Registration Retransmission
+
+ When no Registration Reply has been received within a reasonable
+ time, another Registration Request MAY be transmitted. When
+ timestamps are used, a new registration Identification is chosen for
+ each retransmission; thus it counts as a new registration. When
+ nonces are used, the unanswered Request is retransmitted unchanged;
+ thus the retransmission does not count as a new registration (Section
+ 5.7). In this way a retransmission will not require the home agent
+ to resynchronize with the mobile node by issuing another nonce in the
+ case in which the original Registration Request (rather than its
+ Registration Reply) was lost by the network.
+
+ The maximum time until a new Registration Request is sent SHOULD be
+ no greater than the requested Lifetime of the Registration Request.
+ The minimum value SHOULD be large enough to account for the size of
+ the messages, twice the round trip time for transmission to the home
+ agent, and at least an additional 100 milliseconds to allow for
+ processing the messages before responding. The round trip time for
+ transmission to the home agent will be at least as large as the time
+ required to transmit the messages at the link speed of the mobile
+ node's current point of attachment. Some circuits add another 200
+ milliseconds of satellite delay in the total round trip time to the
+ home agent. The minimum time between Registration Requests MUST NOT
+ be less than 1 second. Each successive retransmission timeout period
+ SHOULD be at least twice the previous period, as long as that is less
+ than the maximum as specified above.
+
+3.7. Foreign Agent Considerations
+
+ The foreign agent plays a mostly passive role in Mobile IP
+ registration. It relays Registration Requests between mobile nodes
+ and home agents, and, when it provides the care-of address,
+ decapsulates datagrams for delivery to the mobile node. It SHOULD
+ also send periodic Agent Advertisement messages to advertise its
+
+
+
+Perkins Standards Track [Page 47]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ presence as described in Section 2.3, if not detectable by link-layer
+ means.
+
+ A foreign agent MUST NOT transmit a Registration Request except when
+ relaying a Registration Request received from a mobile node, to the
+ mobile node's home agent. A foreign agent MUST NOT transmit a
+ Registration Reply except when relaying a Registration Reply received
+ from a mobile node's home agent, or when replying to a Registration
+ Request received from a mobile node in the case in which the foreign
+ agent is denying service to the mobile node. In particular, a
+ foreign agent MUST NOT generate a Registration Request or Reply
+ because a mobile node's registration Lifetime has expired. A foreign
+ agent also MUST NOT originate a Registration Request message that
+ asks for deregistration of a mobile node; however, it MUST relay
+ valid (de)Registration Requests originated by a mobile node.
+
+3.7.1. Configuration and Registration Tables
+
+ Each foreign agent MUST be configured with a care-of address. In
+ addition, for each pending or current registration the foreign agent
+ MUST maintain a visitor list entry containing the following
+ information obtained from the mobile node's Registration Request:
+
+ - the link-layer source address of the mobile node
+ - the IP Source Address (the mobile node's Home Address) or its
+ co-located care-of address (see description of the 'R' bit in
+ section 2.1.1)
+ - the IP Destination Address (as specified in 3.6.1.1)
+ - the UDP Source Port
+ - the Home Agent address
+ - the Identification field
+ - the requested registration Lifetime, and
+ - the remaining Lifetime of the pending or current registration.
+
+ If the mobile node's Home Address is zero in the Registration Request
+ message, then the foreign agent MUST follow the procedures specified
+ in RFC 2794 [6]. In particular, if the foreign agent cannot manage
+ pending registration request records with such a zero Home Address
+ for the mobile node, the foreign agent MUST return a Registration
+ Reply with Code indicating NONZERO_HOMEADDR_REQD (see [6]).
+
+ The foreign agent MAY configure a maximum number of pending
+ registrations that it is willing to maintain (typically 5).
+ Additional registrations SHOULD then be rejected by the foreign agent
+ with code 66. The foreign agent MAY delete any pending Registration
+ Request after the request has been pending for more than 7 seconds;
+ in this case, the foreign agent SHOULD reject the Request with code
+ 78 (registration timeout).
+
+
+
+Perkins Standards Track [Page 48]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ As with any node on the Internet, a foreign agent MAY also share
+ mobility security associations with any other nodes. When relaying a
+ Registration Request from a mobile node to its home agent, if the
+ foreign agent shares a mobility security association with the home
+ agent, it MUST add a Foreign-Home Authentication Extension to the
+ Request and MUST check the required Foreign-Home Authentication
+ Extension in the Registration Reply from the home agent (Sections 3.3
+ and 3.4). Similarly, when receiving a Registration Request from a
+ mobile node, if the foreign agent shares a mobility security
+ association with the mobile node, it MUST check the required Mobile-
+ Foreign Authentication Extension in the Request and MUST add a
+ Mobile-Foreign Authentication Extension to the Registration Reply to
+ the mobile node.
+
+3.7.2. Receiving Registration Requests
+
+ If the foreign agent accepts a Registration Request from a mobile
+ node, it checks to make sure that the indicated home agent address
+ does not belong to any network interface of the foreign agent. If
+ not, the foreign agent then MUST relay the Request to the indicated
+ home agent. Otherwise, if the foreign agent denies the Request, it
+ MUST send a Registration Reply to the mobile node with an appropriate
+ denial Code, except in cases where the foreign agent would be
+ required to send out more than one such denial per second to the same
+ mobile node. The following sections describe this behavior in more
+ detail.
+
+ If the foreign agent has configured one of its network interfaces
+ with the IP address specified by the mobile node as its home agent
+ address, the foreign agent MUST NOT forward the request again. If
+ the foreign agent serves the mobile node as a home agent, the foreign
+ agent follows the procedures specified in section 3.8.2. Otherwise,
+ if the foreign agent does not serve the mobile node as a home agent,
+ the foreign agent rejects the Registration Request with code 136
+ (unknown home agent address).
+
+ If a foreign agent receives a Registration Request from a mobile node
+ in its visitor list, the existing visitor list entry for the mobile
+ node SHOULD NOT be deleted or modified until the foreign agent
+ receives a valid Registration Reply from the home agent with a Code
+ indicating success. The foreign agent MUST record the new pending
+ Request as a separate part of the existing visitor list entry for the
+ mobile node. If the Registration Request requests deregistration,
+ the existing visitor list entry for the mobile node SHOULD NOT be
+ deleted until the foreign agent has received a successful
+ Registration Reply. If the Registration Reply indicates that the
+
+
+
+
+
+Perkins Standards Track [Page 49]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Request (for registration or deregistration) was denied by the home
+ agent, the existing visitor list entry for the mobile node MUST NOT
+ be modified as a result of receiving the Registration Reply.
+
+3.7.2.1. Validity Checks
+
+ Registration Requests with an invalid, non-zero UDP checksum MUST be
+ silently discarded. Requests with non-zero bits in reserved fields
+ MUST be rejected with code 70 (poorly formed request). Requests with
+ the 'D' bit set to 0, and specifying a care-of address not offered by
+ the foreign agent, MUST be rejected with code 77 (invalid care-of
+ address).
+
+ Also, the authentication in the Registration Request MUST be checked.
+ If the foreign agent and the mobile node share a mobility security
+ association, exactly one Mobile-Foreign Authentication Extension MUST
+ be present in the Registration Request, and the foreign agent MUST
+ check the Authenticator value in the Extension. If no Mobile-Foreign
+ Authentication Extension is found, or if more than one Mobile-Foreign
+ Authentication Extension is found, or if the Authenticator is
+ invalid, the foreign agent MUST silently discard the Request and
+ SHOULD log the event as a security exception. The foreign agent also
+ SHOULD send a Registration Reply to the mobile node with Code 67.
+
+3.7.2.2. Forwarding a Valid Request to the Home Agent
+
+ If the foreign agent accepts the mobile node's Registration Request,
+ it MUST relay the Request to the mobile node's home agent as
+ specified in the Home Agent field of the Registration Request. The
+ foreign agent MUST NOT modify any of the fields beginning with the
+ fixed portion of the Registration Request up through and including
+ the Mobile-Home Authentication Extension or other authentication
+ extension supplied by the mobile node as an authorization-enabling
+ extension for the home agent. Otherwise, an authentication failure
+ is very likely to occur at the home agent. In addition, the foreign
+ agent proceeds as follows:
+
+ - It MUST process and remove any Extensions following the
+ Mobile-Home Authentication Extension,
+ - It MAY append any of its own non-authentication Extensions of
+ relevance to the home agent, if applicable, and
+ - It MUST append the Foreign-Home Authentication Extension, if
+ the foreign agent shares a mobility security association with
+ the home agent.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 50]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Specific fields within the IP header and the UDP header of the
+ relayed Registration Request MUST be set as follows:
+
+ IP Source Address
+
+ The foreign agent's address on the interface from which
+ the message will be sent.
+
+ IP Destination Address
+
+ Copied from the Home Agent field within the Registration
+ Request.
+
+ UDP Source Port
+
+ <variable>
+
+ UDP Destination Port
+
+ 434
+
+ After forwarding a valid Registration Request to the home agent, the
+ foreign agent MUST begin timing the remaining lifetime of the pending
+ registration based on the Lifetime in the Registration Request. If
+ this lifetime expires before receiving a valid Registration Reply,
+ the foreign agent MUST delete its visitor list entry for this pending
+ registration.
+
+3.7.2.3. Denying Invalid Requests
+
+ If the foreign agent denies the mobile node's Registration Request
+ for any reason, it SHOULD send the mobile node a Registration Reply
+ with a suitable denial Code. In such a case, the Home Address, Home
+ Agent, and Identification fields within the Registration Reply are
+ copied from the corresponding fields of the Registration Request.
+
+ If the Reserved field is nonzero, the foreign agent MUST deny the
+ Request and SHOULD return a Registration Reply with status code 70 to
+ the mobile node. If the Request is being denied because the
+ requested Lifetime is too long, the foreign agent sets the Lifetime
+ in the Reply to the maximum Lifetime value it is willing to accept in
+ any Registration Request, and sets the Code field to 69. Otherwise,
+ the Lifetime SHOULD be copied from the Lifetime field in the Request.
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 51]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Specific fields within the IP header and the UDP header of the
+ Registration Reply MUST be set as follows:
+
+ IP Source Address
+
+ Copied from the IP Destination Address of Registration
+ Request, unless the "All Agents Multicast" address was
+ used. In this case, the foreign agent's address (on the
+ interface from which the message will be sent) MUST be
+ used.
+
+ IP Destination Address
+
+ If the Registration Reply is generated by the Foreign
+ Agent in order to reject a mobile node's Registration
+ Request, and the Registration Request contains a Home
+ Address which is not 0.0.0.0, then the IP Destination
+ Address is copied from the Home Address field of the
+ Registration Request. Otherwise, if the Registration
+ Reply is received from the Home Agent, and contains a
+ Home Address which is not 0.0.0.0, then the IP
+ Destination Address is copied from the Home Address field
+ of the Registration Reply. Otherwise, the IP Destination
+ Address of the Registration Reply is set to be
+ 255.255.255.255.
+
+ UDP Source Port
+
+ 434
+
+ UDP Destination Port
+
+ Copied from the UDP Source Port of the Registration
+ Request.
+
+3.7.3. Receiving Registration Replies
+
+ The foreign agent updates its visitor list when it receives a valid
+ Registration Reply from a home agent. It then relays the
+ Registration Reply to the mobile node. The following sections
+ describe this behavior in more detail.
+
+ If upon relaying a Registration Request to a home agent, the foreign
+ agent receives an ICMP error message instead of a Registration Reply,
+ then the foreign agent SHOULD send to the mobile node a Registration
+ Reply with an appropriate "Home Agent Unreachable" failure Code
+ (within the range 80-95, inclusive). See Section 3.7.2.3 for details
+ on building the Registration Reply.
+
+
+
+Perkins Standards Track [Page 52]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.7.3.1. Validity Checks
+
+ Registration Replies with an invalid, non-zero UDP checksum MUST be
+ silently discarded.
+
+ When a foreign agent receives a Registration Reply message, it MUST
+ search its visitor list for a pending Registration Request with the
+ same mobile node home address as indicated in the Reply. If no such
+ pending Request is found, and if the Registration Reply does not
+ correspond with any pending Registration Request with a zero mobile
+ node home address (see section 3.7.1), the foreign agent MUST
+ silently discard the Reply. The foreign agent MUST also silently
+ discard the Reply if the low-order 32 bits of the Identification
+ field in the Reply do not match those in the Request.
+
+ Also, the authentication in the Registration Reply MUST be checked.
+ If the foreign agent and the home agent share a mobility security
+ association, exactly one Foreign-Home Authentication Extension MUST
+ be present in the Registration Reply, and the foreign agent MUST
+ check the Authenticator value in the Extension. If no Foreign-Home
+ Authentication Extension is found, or if more than one Foreign-Home
+ Authentication Extension is found, or if the Authenticator is
+ invalid, the foreign agent MUST silently discard the Reply and SHOULD
+ log the event as a security exception. The foreign agent also MUST
+ reject the mobile node's registration and SHOULD send a Registration
+ Reply to the mobile node with Code 68.
+
+3.7.3.2. Forwarding Replies to the Mobile Node
+
+ A Registration Reply which satisfies the validity checks of Section
+ 3.8.2.1 is relayed to the mobile node. The foreign agent MUST also
+ update its visitor list entry for the mobile node to reflect the
+ results of the Registration Request, as indicated by the Code field
+ in the Reply. If the Code indicates that the home agent has accepted
+ the registration and the Lifetime field is nonzero, the foreign agent
+ SHOULD set the Lifetime in the visitor list entry to the minimum of
+ the following two values:
+
+ - the value specified in the Lifetime field of the Registration
+ Reply, and
+
+ - the foreign agent's own maximum value for allowable
+ registration lifetime.
+
+ If, instead, the Code indicates that the Lifetime field is zero, the
+ foreign agent MUST delete its visitor list entry for the mobile node.
+ Finally, if the Code indicates that the registration was denied by
+
+
+
+
+Perkins Standards Track [Page 53]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ the home agent, the foreign agent MUST delete its pending
+ registration list entry, but not its visitor list entry, for the
+ mobile node.
+
+ The foreign agent MUST NOT modify any of the fields beginning with
+ the fixed portion of the Registration Reply up through and including
+ the Mobile-Home Authentication Extension. Otherwise, an
+ authentication failure is very likely to occur at the mobile node.
+
+ In addition, the foreign agent SHOULD perform the following
+ additional procedures:
+
+ - It MUST process and remove any Extensions following the
+ Mobile-Home Authentication Extension,
+ - It MAY append its own non-authentication Extensions of
+ relevance to the mobile node, if applicable, and
+ - It MUST append the Mobile-Foreign Authentication Extension, if
+ the foreign agent shares a mobility security association with
+ the mobile node.
+
+ Specific fields within the IP header and the UDP header of the
+ relayed Registration Reply are set according to the same rules
+ specified in Section 3.7.2.3.
+
+ After forwarding a valid Registration Reply to the mobile node, the
+ foreign agent MUST update its visitor list entry for this
+ registration as follows. If the Registration Reply indicates that
+ the registration was accepted by the home agent, the foreign agent
+ resets its timer of the lifetime of the registration to the Lifetime
+ granted in the Registration Reply; unlike the mobile node's timing of
+ the registration lifetime as described in Section 3.6.2.2, the
+ foreign agent considers this lifetime to begin when it forwards the
+ Registration Reply message, ensuring that the foreign agent will not
+ expire the registration before the mobile node does. On the other
+ hand, if the Registration Reply indicates that the registration was
+ rejected by the home agent, the foreign agent deletes its visitor
+ list entry for this attempted registration.
+
+3.8. Home Agent Considerations
+
+ Home agents play a reactive role in the registration process. The
+ home agent receives Registration Requests from the mobile node
+ (perhaps relayed by a foreign agent), updates its record of the
+ mobility bindings for this mobile node, and issues a suitable
+ Registration Reply in response to each.
+
+
+
+
+
+
+Perkins Standards Track [Page 54]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ A home agent MUST NOT transmit a Registration Reply except when
+ replying to a Registration Request received from a mobile node. In
+ particular, the home agent MUST NOT generate a Registration Reply to
+ indicate that the Lifetime has expired.
+
+3.8.1. Configuration and Registration Tables
+
+ Each home agent MUST be configured with an IP address and with the
+ prefix size for the home network. The home agent MUST be configured
+ with the mobility security association of each authorized mobile node
+ that it is serving as a home agent.
+
+ When the home agent accepts a valid Registration Request from a
+ mobile node that it serves as a home agent, the home agent MUST
+ create or modify the entry for this mobile node in its mobility
+ binding list containing:
+
+ - the mobile node's home address
+ - the mobile node's care-of address
+ - the Identification field from the Registration Reply
+ - the remaining Lifetime of the registration
+
+ The home agent MAY optionally offer the capability to dynamically
+ associate a home address to a mobile node upon receiving a
+ Registration Request from that mobile node. The method by which a
+ home address is allocated to the mobile node is beyond the scope of
+ this document, but see [6]. After the home agent makes the
+ association of the home address to the mobile node, the home agent
+ MUST put that home address into the Home Address field of the
+ Registration Reply.
+
+ The home agent MAY also maintain mobility security associations with
+ various foreign agents. When receiving a Registration Request from a
+ foreign agent, if the home agent shares a mobility security
+ association with the foreign agent, the home agent MUST check the
+ Authenticator in the required Foreign-Home Authentication Extension
+ in the message, based on this mobility security association.
+ Similarly, when sending a Registration Reply to a foreign agent, if
+ the home agent shares a mobility security association with the
+ foreign agent, the home agent MUST include a Foreign-Home
+ Authentication Extension in the message, based on this mobility
+ security association.
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 55]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.8.2. Receiving Registration Requests
+
+ If the home agent accepts an incoming Registration Request, it MUST
+ update its record of the the mobile node's mobility binding(s) and
+ SHOULD send a Registration Reply with a suitable Code. Otherwise
+ (the home agent denies the Request), it SHOULD send a Registration
+ Reply with an appropriate Code specifying the reason the Request was
+ denied. The following sections describe this behavior in more
+ detail. If the home agent does not support broadcasts (see section
+ 4.3), it MUST ignore the 'B' bit (as opposed to rejecting the
+ Registration Request).
+
+3.8.2.1. Validity Checks
+
+ Registration Requests with an invalid, non-zero UDP checksum MUST be
+ silently discarded by the home agent.
+
+ The authentication in the Registration Request MUST be checked. This
+ involves the following operations:
+
+ a) The home agent MUST check for the presence of an
+ authorization-enabling extension, and perform the indicated
+ authentication. Exactly one authorization-enabling extension
+ MUST be present in the Registration Request; and the home agent
+ MUST either check the Authenticator value in the extension or
+ verify that the authenticator value has been checked by another
+ agent with which it has a security association. If no
+ authorization-enabling extension is found, or if more than one
+ authorization-enabling extension is found, or if the
+ Authenticator is invalid, the home agent MUST reject the mobile
+ node's registration and SHOULD send a Registration Reply to the
+ mobile node with Code 131. The home agent MUST then discard
+ the Request and SHOULD log the error as a security exception.
+
+ b) The home agent MUST check that the registration Identification
+ field is correct using the context selected by the SPI within
+ the authorization-enabling extension. See Section 5.7 for a
+ description of how this is performed. If incorrect, the home
+ agent MUST reject the Request and SHOULD send a Registration
+ Reply to the mobile node with Code 133, including an
+ Identification field computed in accordance with the rules
+ specified in Section 5.7. The home agent MUST do no further
+ processing with such a Request, though it SHOULD log the error
+ as a security exception.
+
+ c) If the home agent shares a mobility security association with
+ the foreign agent, the home agent MUST check for the presence
+ of a valid Foreign-Home Authentication Extension. Exactly one
+
+
+
+Perkins Standards Track [Page 56]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Foreign-Home Authentication Extension MUST be present in the
+ Registration Request in this case, and the home agent MUST
+ check the Authenticator value in the Extension. If no
+ Foreign-Home Authentication Extension is found, or if more than
+ one Foreign-Home Authentication Extension is found, or if the
+ Authenticator is invalid, the home agent MUST reject the mobile
+ node's registration and SHOULD send a Registration Reply to the
+ mobile node with Code 132. The home agent MUST then discard
+ the Request and SHOULD log the error as a security exception.
+
+ In addition to checking the authentication in the Registration
+ Request, home agents MUST deny Registration Requests that are sent to
+ the subnet-directed broadcast address of the home network (as opposed
+ to being unicast to the home agent). The home agent MUST discard the
+ Request and SHOULD returning a Registration Reply with a Code of 136.
+ In this case, the Registration Reply will contain the home agent's
+ unicast address, so that the mobile node can re-issue the
+ Registration Request with the correct home agent address.
+
+ Note that some routers change the IP destination address of a
+ datagram from a subnet-directed broadcast address to 255.255.255.255
+ before injecting it into the destination subnet. In this case, home
+ agents that attempt to pick up dynamic home agent discovery requests
+ by binding a socket explicitly to the subnet-directed broadcast
+ address will not see such packets. Home agent implementors should be
+ prepared for both the subnet-directed broadcast address and
+ 255.255.255.255 if they wish to support dynamic home agent discovery.
+
+3.8.2.2. Accepting a Valid Request
+
+ If the Registration Request satisfies the validity checks in Section
+ 3.8.2.1, and the home agent is able to accommodate the Request, the
+ home agent MUST update its mobility binding list for the requesting
+ mobile node and MUST return a Registration Reply to the mobile node.
+
+ In this case, the Reply Code will be either 0 if the home agent
+ supports simultaneous mobility bindings, or 1 if it does not. See
+ Section 3.8.3 for details on building the Registration Reply message.
+
+ The home agent updates its record of the mobile node's mobility
+ bindings as follows, based on the fields in the Registration Request:
+
+ - If the Lifetime is zero and the Care-of Address equals the
+ mobile node's home address, the home agent deletes all of the
+ entries in the mobility binding list for the requesting mobile
+ node. This is how a mobile node requests that its home agent
+ cease providing mobility services.
+
+
+
+
+Perkins Standards Track [Page 57]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - If the Lifetime is zero and the Care-of Address does not equal
+ the mobile node's home address, the home agent deletes only the
+ entry containing the specified Care-of Address from the
+ mobility binding list for the requesting mobile node. Any
+ other active entries containing other care-of addresses will
+ remain active.
+
+ - If the Lifetime is nonzero, the home agent adds an entry
+ containing the requested Care-of Address to the mobility
+ binding list for the mobile node. If the 'S' bit is set and
+ the home agent supports simultaneous mobility bindings, the
+ previous mobility binding entries are retained. Otherwise, the
+ home agent removes all previous entries in the mobility binding
+ list for the mobile node.
+
+ In all cases, the home agent MUST send a Registration Reply to the
+ source of the Registration Request, which might indeed be a different
+ foreign agent than that whose care-of address is being
+ (de)registered. If the home agent shares a mobility security
+ association with the foreign agent whose care-of address is being
+ deregistered, and that foreign agent is different from the one which
+ relayed the Registration Request, the home agent MAY additionally
+ send a Registration Reply to the foreign agent whose care-of address
+ is being deregistered. The home agent MUST NOT send such a Reply if
+ it does not share a mobility security association with the foreign
+ agent. If no Reply is sent, the foreign agent's visitor list will
+ expire naturally when the original Lifetime expires.
+
+ The home agent MUST NOT increase the Lifetime above that specified by
+ the mobile node in the Registration Request. However, it is not an
+ error for the mobile node to request a Lifetime longer than the home
+ agent is willing to accept. In this case, the home agent simply
+ reduces the Lifetime to a permissible value and returns this value in
+ the Registration Reply. The Lifetime value in the Registration Reply
+ informs the mobile node of the granted lifetime of the registration,
+ indicating when it SHOULD re-register in order to maintain continued
+ service. After the expiration of this registration lifetime, the
+ home agent MUST delete its entry for this registration in its
+ mobility binding list.
+
+ If the Registration Request duplicates an accepted current
+ Registration Request, the new Lifetime MUST NOT extend beyond the
+ Lifetime originally granted. A Registration Request is a duplicate
+ if the home address, care-of address, and Identification fields all
+ equal those of an accepted current registration.
+
+
+
+
+
+
+Perkins Standards Track [Page 58]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ In addition, if the home network implements ARP [36], and the
+ Registration Request asks the home agent to create a mobility binding
+ for a mobile node which previously had no binding (the mobile node
+ was previously assumed to be at home), then the home agent MUST
+ follow the procedures described in Section 4.6 with regard to ARP,
+ proxy ARP, and gratuitous ARP. If the mobile node already had a
+ previous mobility binding, the home agent MUST continue to follow the
+ rules for proxy ARP described in Section 4.6.
+
+3.8.2.3. Denying an Invalid Request
+
+ If the Registration Reply does not satisfy all of the validity checks
+ in Section 3.8.2.1, or the home agent is unable to accommodate the
+ Request, the home agent SHOULD return a Registration Reply to the
+ mobile node with a Code that indicates the reason for the error. If
+ a foreign agent was involved in relaying the Request, this allows the
+ foreign agent to delete its pending visitor list entry. Also, this
+ informs the mobile node of the reason for the error such that it may
+ attempt to fix the error and issue another Request.
+
+ This section lists a number of reasons the home agent might reject a
+ Request, and provides the Code value it should use in each instance.
+ See Section 3.8.3 for additional details on building the Registration
+ Reply message.
+
+ Many reasons for rejecting a registration are administrative in
+ nature. For example, a home agent can limit the number of
+ simultaneous registrations for a mobile node, by rejecting any
+ registrations that would cause its limit to be exceeded, and
+ returning a Registration Reply with error code 135. Similarly, a
+ home agent may refuse to grant service to mobile nodes which have
+ entered unauthorized service areas by returning a Registration Reply
+ with a Code of 129.
+
+ Requests with non-zero bits in reserved fields MUST be rejected with
+ code 134 (poorly formed request).
+
+3.8.3. Sending Registration Replies
+
+ If the home agent accepts a Registration Request, it then MUST update
+ its record of the mobile node's mobility binding(s) and SHOULD send a
+ Registration Reply with a suitable Code. Otherwise (the home agent
+ has denied the Request), it SHOULD send a Registration Reply with an
+ appropriate Code specifying the reason the Request was denied. The
+ following sections provide additional detail for the values the home
+ agent MUST supply in the fields of Registration Reply messages.
+
+
+
+
+
+Perkins Standards Track [Page 59]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.8.3.1. IP/UDP Fields
+
+ This section provides the specific rules by which home agents pick
+ values for the IP and UDP header fields of a Registration Reply.
+
+ IP Source Address
+ Copied from the IP Destination Address of Registration
+ Request, unless a multicast or broadcast address was
+ used. If the IP Destination Address of the Registration
+ Request was a broadcast or multicast address, the IP
+ Source Address of the Registration Reply MUST be set to
+ the home agent's (unicast) IP address.
+
+ IP Destination Address
+ Copied from the IP Source Address of the Registration
+ Request.
+
+ UDP Source Port
+ Copied from the UDP Destination Port of the Registration
+ Request.
+
+ UDP Destination Port
+ Copied from the UDP Source Port of the Registration
+ Request.
+
+ When sending a Registration Reply in response to a Registration
+ Request that requested deregistration of the mobile node (the
+ Lifetime is zero and the Care-of Address equals the mobile node's
+ home address) and in which the IP Source Address was also set to the
+ mobile node's home address (this is the normal method used by a
+ mobile node to deregister when it returns to its home network), the
+ IP Destination Address in the Registration Reply will be set to the
+ mobile node's home address, as copied from the IP Source Address of
+ the Request.
+
+ In this case, when transmitting the Registration Reply, the home
+ agent MUST transmit the Reply directly onto the home network as if
+ the mobile node were at home, bypassing any mobility binding list
+ entry that may still exist at the home agent for the destination
+ mobile node. In particular, for a mobile node returning home after
+ being registered with a care-of address, if the mobile node's new
+ Registration Request is not accepted by the home agent, the mobility
+ binding list entry for the mobile node will still indicate that
+ datagrams addressed to the mobile node should be tunneled to the
+ mobile node's registered care-of address; when sending the
+ Registration Reply indicating the rejection of this Request, this
+ existing binding list entry MUST be ignored, and the home agent MUST
+ transmit this Reply as if the mobile node were at home.
+
+
+
+Perkins Standards Track [Page 60]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+3.8.3.2. Registration Reply Fields
+
+ This section provides the specific rules by which home agents pick
+ values for the fields within the fixed portion of a Registration
+ Reply.
+
+ The Code field of the Registration Reply is chosen in accordance with
+ the rules specified in the previous sections. When replying to an
+ accepted registration, a home agent SHOULD respond with Code 1 if it
+ does not support simultaneous registrations.
+
+ The Lifetime field MUST be copied from the corresponding field in the
+ Registration Request, unless the requested value is greater than the
+ maximum length of time the home agent is willing to provide the
+ requested service. In such a case, the Lifetime MUST be set to the
+ length of time that service will actually be provided by the home
+ agent. This reduced Lifetime SHOULD be the maximum Lifetime allowed
+ by the home agent (for this mobile node and care-of address).
+
+ If the Home Address field of the Registration Request is nonzero, it
+ MUST be copied into the Home Address field of the Registration Reply
+ message. Otherwise, if the Home Address field of the Registration
+ Request is zero as specified in section 3.6, the home agent SHOULD
+ arrange for the selection of a home address for the mobile node, and
+ insert the selected address into the Home Address field of the
+ Registration Reply message. See [6] for further relevant details in
+ the case where mobile nodes identify themselves using an NAI instead
+ of their IP home address.
+
+ If the Home Agent field in the Registration Request contains a
+ unicast address of this home agent, then that field MUST be copied
+ into the Home Agent field of the Registration Reply. Otherwise, the
+ home agent MUST set the Home Agent field in the Registration Reply to
+ its unicast address. In this latter case, the home agent MUST reject
+ the registration with a suitable code (e.g., Code 136) to prevent the
+ mobile node from possibly being simultaneously registered with two or
+ more home agents.
+
+3.8.3.3. Extensions
+
+ This section describes the ordering of any required and any optional
+ Mobile IP Extensions that a home agent appends to a Registration
+ Reply. The following ordering MUST be followed:
+
+ a) The IP header, followed by the UDP header, followed by the
+ fixed-length portion of the Registration Reply,
+
+
+
+
+
+Perkins Standards Track [Page 61]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ b) If present, any non-authentication Extensions used by the
+ mobile node (which may or may not also be used by the foreign
+ agent),
+
+ c) The Mobile-Home Authentication Extension,
+
+ d) If present, any non-authentication Extensions used only by the
+ foreign agent, and
+
+ e) The Foreign-Home Authentication Extension, if present.
+
+ Note that items (a) and (c) MUST appear in every Registration Reply
+ sent by the home agent. Items (b), (d), and (e) are optional.
+ However, item (e) MUST be included when the home agent and the
+ foreign agent share a mobility security association.
+
+4. Routing Considerations
+
+ This section describes how mobile nodes, home agents, and (possibly)
+ foreign agents cooperate to route datagrams to/from mobile nodes that
+ are connected to a foreign network. The mobile node informs its home
+ agent of its current location using the registration procedure
+ described in Section 3. See the protocol overview in Section 1.7 for
+ the relative locations of the mobile node's home address with respect
+ to its home agent, and the mobile node itself with respect to any
+ foreign agent with which it might attempt to register.
+
+4.1. Encapsulation Types
+
+ Home agents and foreign agents MUST support tunneling datagrams using
+ IP in IP encapsulation [32]. Any mobile node that uses a co-located
+ care-of address MUST support receiving datagrams tunneled using IP in
+ IP encapsulation. Minimal encapsulation [34] and GRE encapsulation
+ [16] are alternate encapsulation methods which MAY optionally be
+ supported by mobility agents and mobile nodes. The use of these
+ alternative forms of encapsulation, when requested by the mobile
+ node, is otherwise at the discretion of the home agent.
+
+4.2. Unicast Datagram Routing
+
+4.2.1. Mobile Node Considerations
+
+ When connected to its home network, a mobile node operates without
+ the support of mobility services. That is, it operates in the same
+ way as any other (fixed) host or router. The method by which a
+ mobile node selects a default router when connected to its home
+
+
+
+
+
+Perkins Standards Track [Page 62]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ network, or when away from home and using a co-located care-of
+ address, is outside the scope of this document. ICMP Router
+ Advertisement [10] is one such method.
+
+ When registered on a foreign network, the mobile node chooses a
+ default router by the following rules:
+
+ - If the mobile node is registered using a foreign agent care-of
+ address, it MAY use its foreign agent as a first-hop router.
+ The foreign agent's MAC address can be learned from Agent
+ Advertisement. Otherwise, the mobile node MUST choose its
+ default router from among the Router Addresses advertised in
+ the ICMP Router Advertisement portion of that Agent
+ Advertisement message.
+
+ - If the mobile node is registered directly with its home agent
+ using a co-located care-of address, then the mobile node SHOULD
+ choose its default router from among those advertised in any
+ ICMP Router Advertisement message that it receives for which
+ its externally obtained care-of address and the Router Address
+ match under the network prefix. If the mobile node's
+ externally obtained care-of address matches the IP source
+ address of the Agent Advertisement under the network prefix,
+ the mobile node MAY also consider that IP source address as
+ another possible choice for the IP address of a default router.
+ The network prefix MAY be obtained from the Prefix-Lengths
+ Extension in the Router Advertisement, if present. The prefix
+ MAY also be obtained through other mechanisms beyond the scope
+ of this document.
+
+ While they are away from the home network, mobile nodes MUST NOT
+ broadcast ARP packets to find the MAC address of another Internet
+ node. Thus, the (possibly empty) list of Router Addresses from the
+ ICMP Router Advertisement portion of the message is not useful for
+ selecting a default router, unless the mobile node has some means not
+ involving broadcast ARP and not specified within this document for
+ obtaining the MAC address of one of the routers in the list.
+ Similarly, in the absence of unspecified mechanisms for obtaining MAC
+ addresses on foreign networks, the mobile node MUST ignore redirects
+ to other routers on foreign networks.
+
+4.2.2. Foreign Agent Considerations
+
+ Upon receipt of an encapsulated datagram sent to its advertised
+ care-of address, a foreign agent MUST compare the inner destination
+ address to those entries in its visitor list. When the destination
+ does not match the address of any mobile node currently in the
+ visitor list, the foreign agent MUST NOT forward the datagram without
+
+
+
+Perkins Standards Track [Page 63]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ modifications to the original IP header, because otherwise a routing
+ loop is likely to result. The datagram SHOULD be silently discarded.
+ ICMP Destination Unreachable MUST NOT be sent when a foreign agent is
+ unable to forward an incoming tunneled datagram. Otherwise, the
+ foreign agent forwards the decapsulated datagram to the mobile node.
+
+ The foreign agent MUST NOT advertise to other routers in its routing
+ domain, nor to any other mobile node, the presence of a mobile router
+ (Section 4.5) or mobile node in its visitor list.
+
+ The foreign agent MUST route datagrams it receives from registered
+ mobile nodes. At a minimum, this means that the foreign agent must
+ verify the IP Header Checksum, decrement the IP Time To Live,
+ recompute the IP Header Checksum, and forward such datagrams to a
+ default router.
+
+ A foreign agent MUST NOT use broadcast ARP for a mobile node's MAC
+ address on a foreign network. It may obtain the MAC address by
+ copying the information from an Agent Solicitation or a Registration
+ Request transmitted from a mobile node. A foreign agent's ARP cache
+ for the mobile node's IP address MUST NOT be allowed to expire before
+ the mobile node's visitor list entry expires, unless the foreign
+ agent has some way other than broadcast ARP to refresh its MAC
+ address associated with the mobile node's IP address.
+
+ Each foreign agent SHOULD support the mandatory features for reverse
+ tunneling [27].
+
+4.2.3. Home Agent Considerations
+
+ The home agent MUST be able to intercept any datagrams on the home
+ network addressed to the mobile node while the mobile node is
+ registered away from home. Proxy and gratuitous ARP MAY be used in
+ enabling this interception, as specified in Section 4.6.
+
+ The home agent must examine the IP Destination Address of all
+ arriving datagrams to see if it is equal to the home address of any
+ of its mobile nodes registered away from home. If so, the home agent
+ tunnels the datagram to the mobile node's currently registered care-
+ of address or addresses. If the home agent supports the optional
+ capability of multiple simultaneous mobility bindings, it tunnels a
+ copy to each care-of address in the mobile node's mobility binding
+ list. If the mobile node has no current mobility bindings, the home
+ agent MUST NOT attempt to intercept datagrams destined for the mobile
+ node, and thus will not in general receive such datagrams. However,
+ if the home agent is also a router handling common IP traffic, it is
+ possible that it will receive such datagrams for forwarding onto the
+
+
+
+
+Perkins Standards Track [Page 64]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ home network. In this case, the home agent MUST assume the mobile
+ node is at home and simply forward the datagram directly onto the
+ home network.
+
+ For multihomed home agents, the source address in the outer IP header
+ of the encapsulated datagram MUST be the address sent to the mobile
+ node in the home agent field of the registration reply. That is, the
+ home agent cannot use the the address of some other network interface
+ as the source address.
+
+ See Section 4.1 regarding methods of encapsulation that may be used
+ for tunneling. Nodes implementing tunneling SHOULD also implement
+ the "tunnel soft state" mechanism [32], which allows ICMP error
+ messages returned from the tunnel to correctly be reflected back to
+ the original senders of the tunneled datagrams.
+
+ Home agents MUST decapsulate packets addressed to themselves, sent by
+ a mobile node for the purpose of maintaining location privacy, as
+ described in Section 5.5. This feature is also required for support
+ of reverse tunneling [27].
+
+ If the Lifetime for a given mobility binding expires before the home
+ agent has received another valid Registration Request for that mobile
+ node, then that binding is deleted from the mobility binding list.
+ The home agent MUST NOT send any Registration Reply message simply
+ because the mobile node's binding has expired. The entry in the
+ visitor list of the mobile node's current foreign agent will expire
+ naturally, probably at the same time as the binding expired at the
+ home agent. When a mobility binding's lifetime expires, the home
+ agent MUST delete the binding, but it MUST retain any other (non-
+ expired) simultaneous mobility bindings that it holds for the mobile
+ node.
+
+ When a home agent receives a datagram, intercepted for one of its
+ mobile nodes registered away from home, the home agent MUST examine
+ the datagram to check if it is already encapsulated. If so, special
+ rules apply in the forwarding of that datagram to the mobile node:
+
+ - If the inner (encapsulated) Destination Address is the same as
+ the outer Destination Address (the mobile node), then the home
+ agent MUST also examine the outer Source Address of the
+ encapsulated datagram (the source address of the tunnel). If
+ this outer Source Address is the same as the mobile node's
+ current care-of address, the home agent MUST silently discard
+ that datagram in order to prevent a likely routing loop. If,
+ instead, the outer Source Address is NOT the same as the mobile
+ node's current care-of address, then the home agent SHOULD
+ forward the datagram to the mobile node. In order to forward
+
+
+
+Perkins Standards Track [Page 65]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ the datagram in this case, the home agent MAY simply alter the
+ outer Destination Address to the care-of address, rather than
+ re-encapsulating the datagram.
+
+ - Otherwise (the inner Destination Address is NOT the same as the
+ outer Destination Address), the home agent SHOULD encapsulate
+ the datagram again (nested encapsulation), with the new outer
+ Destination Address set equal to the mobile node's care-of
+ address. That is, the home agent forwards the entire datagram
+ to the mobile node in the same way as any other datagram
+ (encapsulated already or not).
+
+4.3. Broadcast Datagrams
+
+ When a home agent receives a broadcast datagram, it MUST NOT forward
+ the datagram to any mobile nodes in its mobility binding list other
+ than those that have requested forwarding of broadcast datagrams. A
+ mobile node MAY request forwarding of broadcast datagrams by setting
+ the 'B' bit in its Registration Request message (Section 3.3). For
+ each such registered mobile node, the home agent SHOULD forward
+ received broadcast datagrams to the mobile node, although it is a
+ matter of configuration at the home agent as to which specific
+ categories of broadcast datagrams will be forwarded to such mobile
+ nodes.
+
+ If the 'D' bit was set in the mobile node's Registration Request
+ message, indicating that the mobile node is using a co-located care-
+ of address, the home agent simply tunnels appropriate broadcast IP
+ datagrams to the mobile node's care-of address. Otherwise (the 'D'
+ bit was NOT set), the home agent first encapsulates the broadcast
+ datagram in a unicast datagram addressed to the mobile node's home
+ address, and then tunnels this encapsulated datagram to the foreign
+ agent. This extra level of encapsulation is required so that the
+ foreign agent can determine which mobile node should receive the
+ datagram after it is decapsulated. When received by the foreign
+ agent, the unicast encapsulated datagram is detunneled and delivered
+ to the mobile node in the same way as any other datagram. In either
+ case, the mobile node must decapsulate the datagram it receives in
+ order to recover the original broadcast datagram.
+
+4.4. Multicast Datagram Routing
+
+ As mentioned previously, a mobile node that is connected to its home
+ network functions in the same way as any other (fixed) host or
+ router. Thus, when it is at home, a mobile node functions
+ identically to other multicast senders and receivers. This section
+ therefore describes the behavior of a mobile node that is visiting a
+ foreign network.
+
+
+
+Perkins Standards Track [Page 66]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ In order to receive multicasts, a mobile node MUST join the multicast
+ group in one of two ways. First, a mobile node MAY join the group
+ via a (local) multicast router on the visited subnet. This option
+ assumes that there is a multicast router present on the visited
+ subnet. If the mobile node is using a co-located care-of address, it
+ SHOULD use this address as the source IP address of its IGMP [11]
+ messages. Otherwise, it MAY use its home address.
+
+ Alternatively, a mobile node which wishes to receive multicasts MAY
+ join groups via a bi-directional tunnel to its home agent, assuming
+ that its home agent is a multicast router. The mobile node tunnels
+ IGMP messages to its home agent and the home agent forwards multicast
+ datagrams down the tunnel to the mobile node. For packets tunneled
+ to the home agent, the source address in the IP header SHOULD be the
+ mobile node's home address.
+
+ The rules for multicast datagram delivery to mobile nodes in this
+ case are identical to those for broadcast datagrams (Section 4.3).
+ Namely, if the mobile node is using a co-located care-of address (the
+ 'D' bit was set in the mobile node's Registration Request), then the
+ home agent SHOULD tunnel the datagram to this care-of address;
+ otherwise, the home agent MUST first encapsulate the datagram in a
+ unicast datagram addressed to the mobile node's home address and then
+ MUST tunnel the resulting datagram (nested tunneling) to the mobile
+ node's care-of address. For this reason, the mobile node MUST be
+ capable of decapsulating packets sent to its home address in order to
+ receive multicast datagrams using this method.
+
+ A mobile node that wishes to send datagrams to a multicast group also
+ has two options: (1) send directly on the visited network; or (2)
+ send via a tunnel to its home agent. Because multicast routing in
+ general depends upon the IP source address, a mobile node which sends
+ multicast datagrams directly on the visited network MUST use a co-
+ located care-of address as the IP source address. Similarly, a
+ mobile node which tunnels a multicast datagram to its home agent MUST
+ use its home address as the IP source address of both the (inner)
+ multicast datagram and the (outer) encapsulating datagram. This
+ second option assumes that the home agent is a multicast router.
+
+4.5. Mobile Routers
+
+ A mobile node can be a router that is responsible for the mobility of
+ one or more entire networks moving together, perhaps on an airplane,
+ a ship, a train, an automobile, a bicycle, or a kayak. The nodes
+ connected to a network served by the mobile router may themselves be
+ fixed nodes or mobile nodes or routers. In this document, such
+ networks are called "mobile networks".
+
+
+
+
+Perkins Standards Track [Page 67]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ A mobile router MAY act as a foreign agent and provide a foreign
+ agent care-of address to mobile nodes connected to the mobile
+ network. Typical routing to a mobile node via a mobile router in
+ this case is illustrated by the following example:
+
+ a) A laptop computer is disconnected from its home network and
+ later attached to a network port in the seat back of an
+ aircraft. The laptop computer uses Mobile IP to register on
+ this foreign network, using a foreign agent care-of address
+ discovered through an Agent Advertisement from the aircraft's
+ foreign agent.
+
+ b) The aircraft network is itself mobile. Suppose the node
+ serving as the foreign agent on the aircraft also serves as the
+ default router that connects the aircraft network to the rest
+ of the Internet. When the aircraft is at home, this router is
+ attached to some fixed network at the airline's headquarters,
+ which is the router's home network. While the aircraft is in
+ flight, this router registers from time to time over its radio
+ link with a series of foreign agents below it on the ground.
+ This router's home agent is a node on the fixed network at the
+ airline's headquarters.
+
+ c) Some correspondent node sends a datagram to the laptop
+ computer, addressing the datagram to the laptop's home address.
+ This datagram is initially routed to the laptop's home network.
+
+ d) The laptop's home agent intercepts the datagram on the home
+ network and tunnels it to the laptop's care-of address, which
+ in this example is an address of the node serving as router and
+ foreign agent on the aircraft. Normal IP routing will route
+ the datagram to the fixed network at the airline's
+ headquarters.
+
+ e) The aircraft router and foreign agent's home agent there
+ intercepts the datagram and tunnels it to its current care-of
+ address, which in this example is some foreign agent on the
+ ground below the aircraft. The original datagram from the
+ correspondent node has now been encapsulated twice: once by
+ the laptop's home agent and again by the aircraft's home agent.
+
+ f) The foreign agent on the ground decapsulates the datagram,
+ yielding a datagram still encapsulated by the laptop's home
+ agent, with a destination address of the laptop's care-of
+ address. The ground foreign agent sends the resulting datagram
+ over its radio link to the aircraft.
+
+
+
+
+
+Perkins Standards Track [Page 68]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ g) The foreign agent on the aircraft decapsulates the datagram,
+ yielding the original datagram from the correspondent node,
+ with a destination address of the laptop's home address. The
+ aircraft foreign agent delivers the datagram over the aircraft
+ network to the laptop's link-layer address.
+
+ This example illustrated the case in which a mobile node is attached
+ to a mobile network. That is, the mobile node is mobile with respect
+ to the network, which itself is also mobile (here with respect to the
+ ground). If, instead, the node is fixed with respect to the mobile
+ network (the mobile network is the fixed node's home network), then
+ either of two methods may be used to cause datagrams from
+ correspondent nodes to be routed to the fixed node.
+
+ A home agent MAY be configured to have a permanent registration for
+ the fixed node, that indicates the mobile router's address as the
+ fixed host's care-of address. The mobile router's home agent will
+ usually be used for this purpose. The home agent is then responsible
+ for advertising connectivity using normal routing protocols to the
+ fixed node. Any datagrams sent to the fixed node will thus use
+ nested tunneling as described above.
+
+ Alternatively, the mobile router MAY advertise connectivity to the
+ entire mobile network using normal IP routing protocols through a
+ bi-directional tunnel to its own home agent. This method avoids the
+ need for nested tunneling of datagrams.
+
+4.6. ARP, Proxy ARP, and Gratuitous ARP
+
+ The use of ARP [36] requires special rules for correct operation when
+ wireless or mobile nodes are involved. The requirements specified in
+ this section apply to all home networks in which ARP is used for
+ address resolution.
+
+ In addition to the normal use of ARP for resolving a target node's
+ link-layer address from its IP address, this document distinguishes
+ two special uses of ARP:
+
+ - A Proxy ARP [39] is an ARP Reply sent by one node on behalf of
+ another node which is either unable or unwilling to answer its
+ own ARP Requests. The sender of a Proxy ARP reverses the
+ Sender and Target Protocol Address fields as described in [36],
+ but supplies some configured link-layer address (generally, its
+ own) in the Sender Hardware Address field. The node receiving
+ the Reply will then associate this link-layer address with the
+ IP address of the original target node, causing it to transmit
+ future datagrams for this target node to the node with that
+ link-layer address.
+
+
+
+Perkins Standards Track [Page 69]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - A Gratuitous ARP [45] is an ARP packet sent by a node in order
+ to spontaneously cause other nodes to update an entry in their
+ ARP cache. A gratuitous ARP MAY use either an ARP Request or
+ an ARP Reply packet. In either case, the ARP Sender Protocol
+ Address and ARP Target Protocol Address are both set to the IP
+ address of the cache entry to be updated, and the ARP Sender
+ Hardware Address is set to the link-layer address to which this
+ cache entry should be updated. When using an ARP Reply packet,
+ the Target Hardware Address is also set to the link-layer
+ address to which this cache entry should be updated (this field
+ is not used in an ARP Request packet).
+
+ In either case, for a gratuitous ARP, the ARP packet MUST be
+ transmitted as a local broadcast packet on the local link. As
+ specified in [36], any node receiving any ARP packet (Request
+ or Reply) MUST update its local ARP cache with the Sender
+ Protocol and Hardware Addresses in the ARP packet, if the
+ receiving node has an entry for that IP address already in its
+ ARP cache. This requirement in the ARP protocol applies even
+ for ARP Request packets, and for ARP Reply packets that do not
+ match any ARP Request transmitted by the receiving node [36].
+
+ While a mobile node is registered on a foreign network, its home
+ agent uses proxy ARP [39] to reply to ARP Requests it receives that
+ seek the mobile node's link-layer address. When receiving an ARP
+ Request, the home agent MUST examine the target IP address of the
+ Request, and if this IP address matches the home address of any
+ mobile node for which it has a registered mobility binding, the home
+ agent MUST transmit an ARP Reply on behalf of the mobile node. After
+ exchanging the sender and target addresses in the packet [39], the
+ home agent MUST set the sender link-layer address in the packet to
+ the link-layer address of its own interface over which the Reply will
+ be sent.
+
+ When a mobile node leaves its home network and registers a binding on
+ a foreign network, its home agent uses gratuitous ARP to update the
+ ARP caches of nodes on the home network. This causes such nodes to
+ associate the link-layer address of the home agent with the mobile
+ node's home (IP) address. When registering a binding for a mobile
+ node for which the home agent previously had no binding (the mobile
+ node was assumed to be at home), the home agent MUST transmit a
+ gratuitous ARP on behalf of the mobile node. This gratuitous ARP
+ packet MUST be transmitted as a broadcast packet on the link on which
+ the mobile node's home address is located. Since broadcasts on the
+ local link (such as Ethernet) are typically not guaranteed to be
+ reliable, the gratuitous ARP packet SHOULD be retransmitted a small
+ number of times to increase its reliability.
+
+
+
+
+Perkins Standards Track [Page 70]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ When a mobile node returns to its home network, the mobile node and
+ its home agent use gratuitous ARP to cause all nodes on the mobile
+ node's home network to update their ARP caches to once again
+ associate the mobile node's own link-layer address with the mobile
+ node's home (IP) address. Before transmitting the (de)Registration
+ Request message to its home agent, the mobile node MUST transmit this
+ gratuitous ARP on its home network as a local broadcast on this link.
+ The gratuitous ARP packet SHOULD be retransmitted a small number of
+ times to increase its reliability, but these retransmissions SHOULD
+ proceed in parallel with the transmission and processing of its
+ (de)Registration Request.
+
+ When the mobile node's home agent receives and accepts this
+ (de)Registration Request, the home agent MUST also transmit a
+ gratuitous ARP on the mobile node's home network. This gratuitous
+ ARP also is used to associate the mobile node's home address with the
+ mobile node's own link-layer address. A gratuitous ARP is
+ transmitted by both the mobile node and its home agent, since in the
+ case of wireless network interfaces, the area within transmission
+ range of the mobile node will likely differ from that within range of
+ its home agent. The ARP packet from the home agent MUST be
+ transmitted as a local broadcast on the mobile node's home link, and
+ SHOULD be retransmitted a small number of times to increase its
+ reliability; these retransmissions, however, SHOULD proceed in
+ parallel with the transmission and processing of its (de)Registration
+ Reply.
+
+ While the mobile node is away from home, it MUST NOT transmit any
+ broadcast ARP Request or ARP Reply messages. Finally, while the
+ mobile node is away from home, it MUST NOT reply to ARP Requests in
+ which the target IP address is its own home address, unless the ARP
+ Request is unicast by a foreign agent with which the mobile node is
+ attempting to register or a foreign agent with which the mobile node
+ has an unexpired registration. In the latter case, the mobile node
+ MUST use a unicast ARP Reply to respond to the foreign agent. Note
+ that if the mobile node is using a co-located care-of address and
+ receives an ARP Request in which the target IP address is this care-
+ of address, then the mobile node SHOULD reply to this ARP Request.
+ Note also that, when transmitting a Registration Request on a foreign
+ network, a mobile node may discover the link-layer address of a
+ foreign agent by storing the address as it is received from the Agent
+ Advertisement from that foreign agent, but not by transmitting a
+ broadcast ARP Request message.
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 71]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ The specific order in which each of the above requirements for the
+ use of ARP, proxy ARP, and gratuitous ARP are applied, relative to
+ the transmission and processing of the mobile node's Registration
+ Request and Registration Reply messages when leaving home or
+ returning home, are important to the correct operation of the
+ protocol.
+
+ To summarize the above requirements, when a mobile node leaves its
+ home network, the following steps, in this order, MUST be performed:
+
+ - The mobile node decides to register away from home, perhaps
+ because it has received an Agent Advertisement from a foreign
+ agent and has not recently received one from its home agent.
+
+ - Before transmitting the Registration Request, the mobile node
+ disables its own future processing of any ARP Requests it may
+ subsequently receive requesting the link-layer address
+ corresponding to its home address, except insofar as necessary
+ to communicate with foreign agents on visited networks.
+
+ - The mobile node transmits its Registration Request.
+
+ - When the mobile node's home agent receives and accepts the
+ Registration Request, it performs a gratuitous ARP on behalf of
+ the mobile node, and begins using proxy ARP to reply to ARP
+ Requests that it receives requesting the mobile node's link-
+ layer address. In the gratuitous ARP, the ARP Sender Hardware
+ Address is set to the link-layer address of the home agent.
+ If, instead, the home agent rejects the Registration Request,
+ no ARP processing (gratuitous nor proxy) is performed by the
+ home agent.
+
+ When a mobile node later returns to its home network, the following
+ steps, in this order, MUST be performed:
+
+ - The mobile node decides to register at home, perhaps because it
+ has received an Agent Advertisement from its home agent.
+
+ - Before transmitting the Registration Request, the mobile node
+ re-enables its own future processing of any ARP Requests it may
+ subsequently receive requesting its link-layer address.
+
+ - The mobile node performs a gratuitous ARP for itself. In this
+ gratuitous ARP, the ARP Sender Hardware Address is set to the
+ link-layer address of the mobile node.
+
+ - The mobile node transmits its Registration Request.
+
+
+
+
+Perkins Standards Track [Page 72]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - When the mobile node's home agent receives and accepts the
+ Registration Request, it stops using proxy ARP to reply to ARP
+ Requests that it receives requesting the mobile node's link-
+ layer address, and then performs a gratuitous ARP on behalf of
+ the mobile node. In this gratuitous ARP, the ARP Sender
+ Hardware Address is set to the link-layer address of the mobile
+ node. If, instead, the home agent rejects the Registration
+ Request, the home agent MUST NOT make any change to the way it
+ performs ARP processing (gratuitous nor proxy) for the mobile
+ node. In this latter case, the home agent should operate as if
+ the mobile node has not returned home, and continue to perform
+ proxy ARP on behalf of the mobile node.
+
+5. Security Considerations
+
+ The mobile computing environment is potentially very different from
+ the ordinary computing environment. In many cases, mobile computers
+ will be connected to the network via wireless links. Such links are
+ particularly vulnerable to passive eavesdropping, active replay
+ attacks, and other active attacks.
+
+5.1. Message Authentication Codes
+
+ Home agents and mobile nodes MUST be able to perform authentication.
+ The default algorithm is HMAC-MD5 [23], with a key size of 128 bits.
+ The foreign agent MUST also support authentication using HMAC-MD5 and
+ key sizes of 128 bits or greater, with manual key distribution. Keys
+ with arbitrary binary values MUST be supported.
+
+ The "prefix+suffix" use of MD5 to protect data and a shared secret is
+ considered vulnerable to attack by the cryptographic community.
+ Where backward compatibility with existing Mobile IP implementations
+ that use this mode is needed, new implementations SHOULD include
+ keyed MD5 [41] as one of the additional authentication algorithms for
+ use when producing and verifying the authentication data that is
+ supplied with Mobile IP registration messages, for instance in the
+ extensions specified in sections 3.5.2, 3.5.3, and 3.5.4.
+
+ More authentication algorithms, algorithm modes, key distribution
+ methods, and key sizes MAY also be supported for all of these
+ extensions.
+
+5.2. Areas of Security Concern in this Protocol
+
+ The registration protocol described in this document will result in a
+ mobile node's traffic being tunneled to its care-of address. This
+ tunneling feature could be a significant vulnerability if the
+ registration were not authenticated. Such remote redirection, for
+
+
+
+Perkins Standards Track [Page 73]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ instance as performed by the mobile registration protocol, is widely
+ understood to be a security problem in the current Internet if not
+ authenticated [2]. Moreover, the Address Resolution Protocol (ARP)
+ is not authenticated, and can potentially be used to steal another
+ host's traffic. The use of "Gratuitous ARP" (Section 4.6) brings
+ with it all of the risks associated with the use of ARP.
+
+5.3. Key Management
+
+ This specification requires a strong authentication mechanism (keyed
+ MD5) which precludes many potential attacks based on the Mobile IP
+ registration protocol. However, because key distribution is
+ difficult in the absence of a network key management protocol,
+ messages with the foreign agent are not all required to be
+ authenticated. In a commercial environment it might be important to
+ authenticate all messages between the foreign agent and the home
+ agent, so that billing is possible, and service providers do not
+ provide service to users that are not legitimate customers of that
+ service provider.
+
+5.4. Picking Good Random Numbers
+
+ The strength of any authentication mechanism depends on several
+ factors, including the innate strength of the authentication
+ algorithm, the secrecy of the key used, the strength of the key used,
+ and the quality of the particular implementation. This specification
+ requires implementation of keyed MD5 for authentication, but does not
+ preclude the use of other authentication algorithms and modes. For
+ keyed MD5 authentication to be useful, the 128-bit key must be both
+ secret (that is, known only to authorized parties) and pseudo-random.
+ If nonces are used in connection with replay protection, they must
+ also be selected carefully. Eastlake, et al. [14] provides more
+ information on generating pseudo-random numbers.
+
+5.5. Privacy
+
+ Users who have sensitive data that they do not wish others to see
+ should use mechanisms outside the scope of this document (such as
+ encryption) to provide appropriate protection. Users concerned about
+ traffic analysis should consider appropriate use of link encryption.
+ If absolute location privacy is desired, the mobile node can create a
+ tunnel to its home agent. Then, datagrams destined for correspondent
+ nodes will appear to emanate from the home network, and it may be
+ more difficult to pinpoint the location of the mobile node. Such
+ mechanisms are all beyond the scope of this document.
+
+
+
+
+
+
+Perkins Standards Track [Page 74]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+5.6. Ingress Filtering
+
+ Many routers implement security policies such as "ingress filtering"
+ [15] that do not allow forwarding of packets that have a Source
+ Address which appears topologically incorrect. In environments where
+ this is a problem, mobile nodes may use reverse tunneling [27] with
+ the foreign agent supplied care-of address as the Source Address.
+ Reverse tunneled packets will be able to pass normally through such
+ routers, while ingress filtering rules will still be able to locate
+ the true topological source of the packet in the same way as packets
+ from non-mobile nodes.
+
+5.7. Replay Protection for Registration Requests
+
+ The Identification field is used to let the home agent verify that a
+ registration message has been freshly generated by the mobile node,
+ not replayed by an attacker from some previous registration. Two
+ methods are described in this section: timestamps (mandatory) and
+ "nonces" (optional). All mobile nodes and home agents MUST implement
+ timestamp-based replay protection. These nodes MAY also implement
+ nonce-based replay protection (but see Appendix A).
+
+ The style of replay protection in effect between a mobile node and
+ its home agent is part of the mobile security association. A mobile
+ node and its home agent MUST agree on which method of replay
+ protection will be used. The interpretation of the Identification
+ field depends on the method of replay protection as described in the
+ subsequent subsections.
+
+ Whatever method is used, the low-order 32 bits of the Identification
+ MUST be copied unchanged from the Registration Request to the Reply.
+ The foreign agent uses those bits (and the mobile node's home
+ address) to match Registration Requests with corresponding replies.
+ The mobile node MUST verify that the low-order 32 bits of any
+ Registration Reply are identical to the bits it sent in the
+ Registration Request.
+
+ The Identification in a new Registration Request MUST NOT be the same
+ as in an immediately preceding Request, and SHOULD NOT repeat while
+ the same security context is being used between the mobile node and
+ the home agent. Retransmission as in Section 3.6.3 is allowed.
+
+5.7.1. Replay Protection using Timestamps
+
+ The basic principle of timestamp replay protection is that the node
+ generating a message inserts the current time of day, and the node
+ receiving the message checks that this timestamp is sufficiently
+ close to its own time of day. Unless specified differently in the
+
+
+
+Perkins Standards Track [Page 75]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ security association between the nodes, a default value of 7 seconds
+ MAY be used to limit the time difference. This value SHOULD be
+ greater than 3 seconds. Obviously the two nodes must have adequately
+ synchronized time-of-day clocks. As with any messages, time
+ synchronization messages may be protected against tampering by an
+ authentication mechanism determined by the security context between
+ the two nodes.
+
+ If timestamps are used, the mobile node MUST set the Identification
+ field to a 64-bit value formatted as specified by the Network Time
+ Protocol [26]. The low-order 32 bits of the NTP format represent
+ fractional seconds, and those bits which are not available from a
+ time source SHOULD be generated from a good source of randomness.
+ Note, however, that when using timestamps, the 64-bit Identification
+ used in a Registration Request from the mobile node MUST be greater
+ than that used in any previous Registration Request, as the home
+ agent uses this field also as a sequence number. Without such a
+ sequence number, it would be possible for a delayed duplicate of an
+ earlier Registration Request to arrive at the home agent (within the
+ clock synchronization required by the home agent), and thus be
+ applied out of order, mistakenly altering the mobile node's current
+ registered care-of address.
+
+ Upon receipt of a Registration Request with an authorization-enabling
+ extension, the home agent MUST check the Identification field for
+ validity. In order to be valid, the timestamp contained in the
+ Identification field MUST be close enough to the home agent's time of
+ day clock and the timestamp MUST be greater than all previously
+ accepted timestamps for the requesting mobile node. Time tolerances
+ and resynchronization details are specific to a particular mobility
+ security association.
+
+ If the timestamp is valid, the home agent copies the entire
+ Identification field into the Registration Reply it returns the Reply
+ to the mobile node. If the timestamp is not valid, the home agent
+ copies only the low-order 32 bits into the Registration Reply, and
+ supplies the high-order 32 bits from its own time of day. In this
+ latter case, the home agent MUST reject the registration by returning
+ Code 133 (identification mismatch) in the Registration Reply.
+
+ As described in Section 3.6.2.1, the mobile node MUST verify that the
+ low-order 32 bits of the Identification in the Registration Reply are
+ identical to those in the rejected registration attempt, before using
+ the high-order bits for clock resynchronization.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 76]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+5.7.2. Replay Protection using Nonces
+
+ The basic principle of nonce replay protection is that node A
+ includes a new random number in every message to node B, and checks
+ that node B returns that same number in its next message to node A.
+ Both messages use an authentication code to protect against
+ alteration by an attacker. At the same time node B can send its own
+ nonces in all messages to node A (to be echoed by node A), so that it
+ too can verify that it is receiving fresh messages.
+
+ The home agent may be expected to have resources for computing
+ pseudo-random numbers useful as nonces [14]. It inserts a new nonce
+ as the high-order 32 bits of the identification field of every
+ Registration Reply. The home agent copies the low-order 32 bits of
+ the Identification from the Registration Request message into the
+ low-order 32 bits of the Identification in the Registration Reply.
+ When the mobile node receives an authenticated Registration Reply
+ from the home agent, it saves the high-order 32 bits of the
+ identification for use as the high-order 32 bits of its next
+ Registration Request.
+
+ The mobile node is responsible for generating the low-order 32 bits
+ of the Identification in each Registration Request. Ideally it
+ should generate its own random nonces. However it may use any
+ expedient method, including duplication of the random value sent by
+ the home agent. The method chosen is of concern only to the mobile
+ node, because it is the node that checks for valid values in the
+ Registration Reply. The high-order and low-order 32 bits of the
+ identification chosen SHOULD both differ from their previous values.
+ The home agent uses a new high-order value and the mobile node uses a
+ new low-order value for each registration message. The foreign agent
+ uses the low-order value (and the mobile host's home address) to
+ correctly match registration replies with pending Requests (Section
+ 3.7.1).
+
+ If a registration message is rejected because of an invalid nonce,
+ the Reply always provides the mobile node with a new nonce to be used
+ in the next registration. Thus the nonce protocol is self-
+ synchronizing.
+
+6. IANA Considerations
+
+ Mobile IP specifies several new number spaces for values to be used
+ in various message fields. These number spaces include the
+ following:
+
+ - Mobile IP message types sent to UDP port 434, as defined in
+ section 1.8.
+
+
+
+Perkins Standards Track [Page 77]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - types of extensions to Registration Request and Registration
+ Reply messages (see sections 3.3 and 3.4, and also consult [27,
+ 29, 6, 7, 12])
+
+ - values for the Code in the Registration Reply message (see
+ section 3.4, and also consult [27, 29, 6, 7, 12])
+
+ - Mobile IP defines so-called Agent Solicitation and Agent
+ Advertisement messages. These messages are in fact Router
+ Discovery messages [10] augmented with mobile-IP specific
+ extensions. Thus, they do not define a new name space, but do
+ define additional Router Discovery extensions as described
+ below in Section 6.2. Also see Section 2.1 and consult [7,
+ 12].
+
+ There are additional Mobile IP numbering spaces specified in [7].
+
+ Information about assignment of mobile-ip numbers derived from
+ specifications external to this document is given by IANA at
+ http://www.iana.org/numbers.html. From that URL, follow the
+ hyperlinks to [M] within the "Directory of General Assigned Numbers",
+ and subsequently to the specific section for "Mobile IP Numbers".
+
+6.1. Mobile IP Message Types
+
+ Mobile IP messages are defined to be those that are sent to a message
+ recipient at port 434 (UDP or TCP). The number space for Mobile IP
+ messages is specified in Section 1.8. Approval of new extension
+ numbers is subject to Expert Review, and a specification is required
+ [30]. The currently standardized message types have the following
+ numbers, and are specified in the indicated sections.
+
+ Type Name Section
+ ---- -------------------------------------------- ---------
+ 1 Registration Request 3.3
+ 3 Registration Reply 3.4
+
+6.2. Extensions to RFC 1256 Router Advertisement
+
+ RFC 1256 defines two ICMP message types, Router Advertisement and
+ Router Solicitation. Mobile IP defines a number space for extensions
+ to Router Advertisement, which could be used by protocols other than
+ Mobile IP. The extension types currently standardized for use with
+ Mobile IP have the following numbers.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 78]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ Type Name Reference
+ ---- -------------------------------------------- ---------
+ 0 One-byte Padding 2.1.3
+ 16 Mobility Agent Advertisement 2.1.1
+ 19 Prefix-Lengths 2.1.2
+
+ Approval of new extension numbers for use with Mobile IP is subject
+ to Expert Review, and a specification is required [30].
+
+6.3. Extensions to Mobile IP Registration Messages
+
+ The Mobile IP messages, specified within this document, and listed in
+ sections 1.8 and 6.1, may have extensions. Mobile IP message
+ extensions all share the same number space, even if they are to be
+ applied to different Mobile IP messages. The number space for Mobile
+ IP message extensions is specified within this document. Approval of
+ new extension numbers is subject to Expert Review, and a
+ specification is required [30].
+
+ Type Name Reference
+ ---- -------------------------------------------- ---------
+ 0 One-byte Padding
+ 32 Mobile-Home Authentication 3.5.2
+ 33 Mobile-Foreign Authentication 3.5.3
+ 34 Foreign-Home Authentication 3.5.4
+
+6.4. Code Values for Mobile IP Registration Reply Messages
+
+ The Mobile IP Registration Reply message, specified in section 3.4,
+ has a Code field. The number space for the Code field values is also
+ specified in Section 3.4. The Code number space is structured
+ according to whether the registration was successful, or whether the
+ foreign agent denied the registration request, or lastly whether the
+ home agent denied the registration request, as follows:
+
+ 0-8 Success Codes
+ 9-63 No allocation guidelines currently exist
+ 64-127 Error Codes from the Foreign Agent
+ 128-192 Error Codes from the Home Agent
+ 193-255 No allocation guidelines currently exist
+
+ Approval of new Code values requires Expert Review [30].
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 79]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+7. Acknowledgments
+
+ Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp
+ and John Ioannidis (JI) (Columbia University), for forming the
+ working group, chairing it, and putting so much effort into its early
+ development. Columbia's early Mobile IP work can be found in [18,
+ 19, 17].
+
+ Thanks also to Kannan Alaggapan, Greg Minshall, Tony Li, Jim Solomon,
+ Erik Nordmark, Basavaraj Patil, and Phil Roberts for their
+ contributions to the group while performing the duties of
+ chairperson, as well as for their many useful comments.
+
+ Thanks to the active members of the Mobile IP Working Group,
+ particularly those who contributed text, including (in alphabetical
+ order)
+
+ - Ran Atkinson (Naval Research Lab),
+ - Samita Chakrabarti (Sun Microsystems)
+ - Ken Imboden (Candlestick Networks, Inc.)
+ - Dave Johnson (Carnegie Mellon University),
+ - Frank Kastenholz (FTP Software),
+ - Anders Klemets (KTH),
+ - Chip Maguire (KTH),
+ - Alison Mankin (ISI)
+ - Andrew Myles (Macquarie University),
+ - Thomas Narten (IBM)
+ - Al Quirt (Bell Northern Research),
+ - Yakov Rekhter (IBM), and
+ - Fumio Teraoka (Sony).
+ - Alper Yegin (NTT DoCoMo)
+
+ Thanks to Charlie Kunzinger and to Bill Simpson, the editors who
+ produced the first drafts for of this document, reflecting the
+ discussions of the Working Group. Much of the new text in the later
+ revisions preceding RFC 2002 is due to Jim Solomon and Dave Johnson.
+
+ Thanks to Greg Minshall (Novell), Phil Karn (Qualcomm), Frank
+ Kastenholz (FTP Software), and Pat Calhoun (Sun Microsystems) for
+ their generous support in hosting interim Working Group meetings.
+
+ Sections 1.10 and 1.11, which specify new extension formats to be
+ used with aggregatable extension types, were included from a
+ specification document (entitled "Mobile IP Extensions
+ Rationalization (MIER)", which was written by
+
+
+
+
+
+
+Perkins Standards Track [Page 80]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - Mohamed M.Khalil, Nortel Networks
+ - Raja Narayanan, nVisible Networks
+ - Haseeb Akhtar, Nortel Networks
+ - Emad Qaddoura, Nortel Networks
+
+ Thanks to these authors, and also for the additional work on
+ MIER, which was contributed by Basavaraj Patil, Pat Calhoun, Neil
+ Justusson, N. Asokan, and Jouni Malinen.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 81]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+A. Patent Issues
+
+ The IETF has been notified of intellectual property rights claimed
+ in regard to some or all of the specification contained in this
+ document. For more information consult the online list of claimed
+ rights.
+
+ The IETF takes no position regarding the validity or scope of any
+ intellectual property or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; neither does it represent that it
+ has made any effort to identify any such rights. Information on
+ the IETF's procedures with respect to rights in standards-track and
+ standards-related documentation can be found in BCP-11. Copies of
+ claims of rights made available for publication and any assurances
+ of licenses to be made available, or the result of an attempt
+ made to obtain a general license or permission for the use of such
+ proprietary rights by implementors or users of this specification can
+ be obtained from the IETF Secretariat.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights which may cover technology that may be required to practice
+ this standard. Please address the information to the IETF Executive
+ Director.
+
+B. Link-Layer Considerations
+
+ The mobile node MAY use link-layer mechanisms to decide that its
+ point of attachment has changed. Such indications include the
+ Down/Testing/Up interface status [24], and changes in cell or
+ administration. The mechanisms will be specific to the particular
+ link-layer technology, and are outside the scope of this document.
+
+ The Point-to-Point-Protocol (PPP) [42] and its Internet Protocol
+ Control Protocol (IPCP) [25], negotiates the use of IP addresses.
+ The mobile node SHOULD first attempt to specify its home address,
+ so that if the mobile node is attaching to its home network, the
+ unrouted link will function correctly. When the home address is
+ not accepted by the peer, but a transient IP address is dynamically
+ assigned to the mobile node, and the mobile node is capable of
+ supporting a co-located care-of address, the mobile node MAY
+ register that address as a co-located care-of address. When the peer
+ specifies its own IP address, that address MUST NOT be assumed to be
+ a foreign agent care-of address or the IP address of a home agent.
+
+
+
+
+
+Perkins Standards Track [Page 82]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ PPP extensions for Mobile IP have been specified in RFC 2290 [44].
+ Please consult that document for additional details for how to handle
+ care-of address assignment from PPP in a more efficient manner.
+
+C. TCP Considerations
+
+C.1. TCP Timers
+
+ When high-delay (e.g. SATCOM) or low-bandwidth (e.g. High-Frequency
+ Radio) links are in use, some TCP stacks may have insufficiently
+ adaptive (non-standard) retransmission timeouts. There may be
+ spurious retransmission timeouts, even when the link and network
+ are actually operating properly, but just with a high delay because
+ of the medium in use. This can cause an inability to create or
+ maintain TCP connections over such links, and can also cause unneeded
+ retransmissions which consume already scarce bandwidth. Vendors
+ are encouraged to follow the algorithms in RFC 2988 [31] when
+ implementing TCP retransmission timers. Vendors of systems designed
+ for low-bandwidth, high-delay links should consult RFCs 2757 and
+ 2488 [28, 1]. Designers of applications targeted to operate on
+ mobile nodes should be sensitive to the possibility of timer-related
+ difficulties.
+
+C.2. TCP Congestion Management
+
+ Mobile nodes often use media which are more likely to introduce
+ errors, effectively causing more packets to be dropped. This
+ introduces a conflict with the mechanisms for congestion management
+ found in modern versions of TCP [21]. Now, when a packet is dropped,
+ the correspondent node's TCP implementation is likely to react as
+ if there were a source of network congestion, and initiate the
+ slow-start mechanisms [21] designed for controlling that problem.
+ However, those mechanisms are inappropriate for overcoming errors
+ introduced by the links themselves, and have the effect of magnifying
+ the discontinuity introduced by the dropped packet. This problem has
+ been analyzed by Caceres, et al. [5]. TCP approaches to the problem
+ of handling errors that might interfere with congestion management
+ are discussed in documents from the [pilc] working group [3, 9].
+ While such approaches are beyond the scope of this document,
+ they illustrate that providing performance transparency to mobile
+ nodes involves understanding mechanisms outside the network layer.
+ Problems introduced by higher media error rates also indicate the
+ need to avoid designs which systematically drop packets; such designs
+ might otherwise be considered favorably when making engineering
+ tradeoffs.
+
+
+
+
+
+
+Perkins Standards Track [Page 83]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+D. Example Scenarios
+
+ This section shows example Registration Requests for several common
+ scenarios.
+
+D.1. Registering with a Foreign Agent Care-of Address
+
+ The mobile node receives an Agent Advertisement from a foreign
+ agent and wishes to register with that agent using the advertised
+ foreign agent care-of address. The mobile node wishes only
+ IP-in-IP encapsulation, does not want broadcasts, and does not want
+ simultaneous mobility bindings:
+
+ IP fields:
+ Source Address = mobile node's home address
+ Destination Address = copied from the IP source address of the
+ Agent Advertisement
+ Time to Live = 1
+ UDP fields:
+ Source Port = <any>
+ Destination Port = 434
+ Registration Request fields:
+ Type = 1
+ S=0,B=0,D=0,M=0,G=0
+ Lifetime = the Registration Lifetime copied from the
+ Mobility Agent Advertisement Extension of the
+ Router Advertisement message
+ Home Address = the mobile node's home address
+ Home Agent = IP address of mobile node's home agent
+ Care-of Address = the Care-of Address copied from the
+ Mobility Agent Advertisement Extension of the
+ Router Advertisement message
+ Identification = Network Time Protocol timestamp or Nonce
+ Extensions:
+ An authorization-enabling extension (e.g., the
+ Mobile-Home Authentication Extension)
+
+D.2. Registering with a Co-Located Care-of Address
+
+ The mobile node enters a foreign network that contains no foreign
+ agents. The mobile node obtains an address from a DHCP server [13]
+ for use as a co-located care-of address. The mobile node supports
+ all forms of encapsulation (IP-in-IP, minimal encapsulation, and
+ GRE), desires a copy of broadcast datagrams on the home network, and
+ does not want simultaneous mobility bindings:
+
+
+
+
+
+
+Perkins Standards Track [Page 84]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ IP fields:
+ Source Address = care-of address obtained from DHCP server
+ Destination Address = IP address of home agent
+ Time to Live = 64
+ UDP fields:
+ Source Port = <any>
+ Destination Port = 434
+ Registration Request fields:
+ Type = 1
+ S=0,B=1,D=1,M=1,G=1
+ Lifetime = 1800 (seconds)
+ Home Address = the mobile node's home address
+ Home Agent = IP address of mobile node's home agent
+ Care-of Address = care-of address obtained from DHCP server
+ Identification = Network Time Protocol timestamp or Nonce
+ Extensions:
+ The Mobile-Home Authentication Extension
+
+D.3. Deregistration
+
+ The mobile node returns home and wishes to deregister all care-of
+ addresses with its home agent.
+
+ IP fields:
+ Source Address = mobile node's home address
+ Destination Address = IP address of home agent
+ Time to Live = 1
+ UDP fields:
+ Source Port = <any>
+ Destination Port = 434
+ Registration Request fields:
+ Type = 1
+ S=0,B=0,D=0,M=0,G=0
+ Lifetime = 0
+ Home Address = the mobile node's home address
+ Home Agent = IP address of mobile node's home agent
+ Care-of Address = the mobile node's home address
+ Identification = Network Time Protocol timestamp or Nonce
+
+ Extensions:
+ An authorization-enabling extension (e.g., the
+ Mobile-Home Authentication Extension)
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 85]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+E. Applicability of Prefix-Lengths Extension
+
+ Caution is indicated with the use of the Prefix-Lengths Extension
+ over wireless links, due to the irregular coverage areas provided by
+ wireless transmitters. As a result, it is possible that two foreign
+ agents advertising the same prefix might indeed provide different
+ connectivity to prospective mobile nodes. The Prefix-Lengths
+ Extension SHOULD NOT be included in the advertisements sent by agents
+ in such a configuration.
+
+ Foreign agents using different wireless interfaces would have to
+ cooperate using special protocols to provide identical coverage in
+ space, and thus be able to claim to have wireless interfaces situated
+ on the same subnetwork. In the case of wired interfaces, a mobile
+ node disconnecting and subsequently connecting to a new point of
+ attachment, may well send in a new Registration Request no matter
+ whether the new advertisement is on the same medium as the last
+ recorded advertisement. And, finally, in areas with dense
+ populations of foreign agents it would seem unwise to require the
+ propagation via routing protocols of the subnet prefixes associated
+ with each individual wireless foreign agent; such a strategy could
+ lead to quick depletion of available space for routing tables,
+ unwarranted increases in the time required for processing routing
+ updates, and longer decision times for route selection if routes
+ (which are almost always unnecessary) are stored for wireless
+ "subnets".
+
+F. Interoperability Considerations
+
+ This document specifies revisions to RFC 2002 that are intended to
+ improve interoperability by resolving ambiguities contained in the
+ earlier text. Implementations that perform authentication according
+ to the new more precisely specified algorithm would be interoperable
+ with earlier implementations that did what was originally expected
+ for producing authentication data. That was a major source of non-
+ interoperability before.
+
+ However, this specification does have new features that, if used,
+ would cause interoperability problems with older implementations.
+ All features specified in RFC 2002 will work with the new
+ implementations, except for V-J compression [20]. The following list
+ details some of the possible areas of compatibility problems that may
+ be experienced by nodes conforming to this revised specification,
+ when attempting to interoperate with nodes obeying RFC 2002.
+
+ - A client that expects some of the newly mandatory features
+ (like reverse tunneling) from a foreign agent would still be
+ interoperable as long as it pays attention to the `T' bit.
+
+
+
+Perkins Standards Track [Page 86]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - Mobile nodes that use the NAI extension to identify themselves
+ would not work with old mobility agents.
+
+ - Mobile nodes that use a zero home address and expect to receive
+ their home address in the Registration Reply would not work
+ with old mobility agents.
+
+ - Mobile nodes that attempt to authenticate themselves without
+ using the Mobile-Home authentication extension will be unable
+ to successful register with their home agent.
+
+ In all of these cases, a robust and well-configured mobile node is
+ very likely to be able to recover if it takes reasonable actions upon
+ receipt of a Registration Reply with an error code indicating the
+ cause for rejection. For instance, if a mobile node sends a
+ registration request that is rejected because it contains the wrong
+ kind of authentication extension, then the mobile node could retry
+ the registration with a mobile-home authentication extension, since
+ the foreign agent and/or home agent in this case will not be
+ configured to demand the alternative authentication data.
+
+G. Changes since RFC 2002
+
+ This section details differences between the original Mobile IP base
+ specification (RFC 2002 and ff.) that have been made as part of this
+ revised protocol specification for Mobile IP.
+
+G.1. Major Changes
+
+ - Specification for Destination IP address of Registration Reply
+ transmitted from Foreign Agent, to avoid any possible
+ transmission to IP address 0.0.0.0.
+
+ - Specification of two new formats for Mobile IP extensions,
+ according to the ideas contained in MIER.
+
+ - Specification that the SPI of the MN-HA authentication
+ extension is to be used as part of the data over which the
+ authentication algorithm must be computed.
+
+ - Eliminated Van-Jacobson Compression feature
+
+ - Specification that foreign agents MAY send advertisements at a
+ rate faster than once per second, but chosen so that the
+ advertisements do not burden the capacity of the local link.
+ For simplicity, the foreign agent now MAY send advertisements
+ at an interval less than 1/3 the advertised ICMP Lifetime.
+
+
+
+
+Perkins Standards Track [Page 87]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - Specification that foreign agents SHOULD support reverse
+ tunneling, and home agents MUST support decapsulation of
+ reverse tunnels.
+
+ - Changed the preconfiguration requirements in section 3.6 for
+ the mobile node to reflect the capability, specified in RFC
+ 2794 [6], for the mobile node to identify itself by using its
+ NAI, and then getting a home address from the Registration
+ Reply.
+
+ - Changed section 3.7.3.1 so that a foreign agent is not required
+ to discard Registration Replies that have a Home Address field
+ that does not match any pending Registration Request.
+
+ - Allowed registrations to be authenticated by use of a security
+ association between the mobile node and a suitable
+ authentication entity acceptable to the home agent. Defined
+ "Authorization-enabling Extension" to be an authentication
+ extension that makes a registration message acceptable to the
+ recipient. This is needed according to specification in [6].
+
+ - Mandated that HMAC-MD5 be used instead of the "prefix+suffix"
+ mode of MD5 as originally mandated in RFC 2002.
+
+ - Specified that the mobile node SHOULD take the first care-of
+ address in a list offered by a foreign agent, and MAY try each
+ subsequent advertised address in turn if the attempted
+ registrations are rejected by the foreign agent
+
+ - Clarification that a mobility agent SHOULD only put its own
+ addresses into the initial (i.e., not mobility-related) list of
+ routers in the mobility advertisement. RFC 2002 suggests that
+ a mobility agent might advertise other default routers.
+
+ - Specification that a mobile node MUST ignore reserved bits in
+ Agent Advertisements, as opposed to discarding such
+ advertisements. In this way, new bits can be defined later,
+ without affecting the ability for mobile nodes to use the
+ advertisements even when the newly defined bits are not
+ understood. Furthermore, foreign agents can set the `R' bit to
+ make sure that new bits are handled by themselves instead of
+ some legacy mobility agent.
+
+ - Specification that the foreign agent checks to make sure that
+ the indicated home agent address does not belong to any of its
+ network interfaces before relaying a Registration Request. If
+
+
+
+
+
+Perkins Standards Track [Page 88]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ the check fails, and the foreign agent is not the mobile node's
+ home agent, then the foreign agent rejects the request with
+ code 136 (unknown home agent address).
+
+ - Specification that, while they are away from the home network,
+ mobile nodes MUST NOT broadcast ARP packets to find the MAC
+ address of another Internet node. Thus, the (possibly empty)
+ list of Router Addresses from the ICMP Router Advertisement
+ portion of the message is not useful for selecting a default
+ router, unless the mobile node has some means not involving
+ broadcast ARP and not specified within this document for
+ obtaining the MAC address of one of the routers in the list.
+ Similarly, in the absence of unspecified mechanisms for
+ obtaining MAC addresses on foreign networks, the mobile node
+ MUST ignore redirects to other routers on foreign networks.
+
+ - Specification that a foreign agent MUST NOT use broadcast ARP
+ for a mobile node's MAC address on a foreign network. It may
+ obtain the MAC address by copying the information from an Agent
+ Solicitation or a Registration Request transmitted from a
+ mobile node.
+
+ - Specification that a foreign agent's ARP cache for the mobile
+ node's IP address MUST NOT be allowed to expire before the
+ mobile node's visitor list entry expires, unless the foreign
+ agent has some way other than broadcast ARP to refresh its MAC
+ address associated to the mobile node's IP address.
+
+ - At the end of section 4.6, clarified that a home agent MUST NOT
+ make any changes to the way it performs proxy ARP after it
+ rejects an invalid deregistration request.
+
+ - In section 4.2.3, specification that multihomed home agents
+ MUST use the the address sent to the mobile node in the home
+ agent field of the registration reply as the source address in
+ the outer IP header of the encapsulated datagram.
+
+ - Inserted 'T' bit into its proper place in the Registration
+ Request message format (section 3.3).
+
+G.2. Minor Changes
+
+ - Allowed registration replies to be processed by the mobile
+ node, even in the absence of any Mobile-Home Authentication
+ extension, when containing rejection code by the foreign agent.
+
+
+
+
+
+
+Perkins Standards Track [Page 89]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - Specification that the foreign agent MAY configure a maximum
+ number of pending registrations that it is willing to maintain
+ (typically 5). Additional registrations SHOULD then be
+ rejected by the foreign agent with code 66. The foreign agent
+ MAY delete any pending Registration Request after the request
+ has been pending for more than 7 seconds; in this case, the
+ foreign agent SHOULD reject the Request with code 78
+ (registration timeout).
+
+ - Relaxation of the requirement that, when a mobile node has
+ joined a multicast group at the router on the foreign network,
+ the mobile node MUST use its home address as the source IP
+ address for multicast packets,
+
+ - Clarification that a mobility agent MAY use different settings
+ for each of the 'R', 'H', and 'F' bits on different network
+ interfaces.
+
+ - Replacement of the terminology "recursive tunneling" by the
+ terminology "nested tunneling".
+
+ - Specification that the mobile node MAY use the IP source
+ address of an agent advertisement as its default router
+ address.
+
+ - Clarification that keys with arbitrary binary values MUST be
+ supported as part of mobility security associations.
+
+ - Specification that the default value may be chosen as 7
+ seconds, for allowable time skews between a home agent and
+ mobile node using timestamps for replay protection. Further
+ specification that this value SHOULD be greater than 3 seconds.
+
+ - Specification that Registration Requests with the 'D' bit set
+ to 0, and specifying a care-of address not offered by the
+ foreign agent, MUST be rejected with code 77 (invalid care-of
+ address).
+
+ - Clarification that the foreign agent SHOULD consider its own
+ maximum value when handling the Lifetime field of the
+ Registration Reply.
+
+ - Clarification that the home agent MUST ignore the 'B' bit (as
+ opposed to rejecting the Registration Request) if it does not
+ support broadcasts.
+
+
+
+
+
+
+Perkins Standards Track [Page 90]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ - Advice about the impossibility of using dynamic home agent
+ discovery in the case when routers change the IP destination
+ address of a datagram from a subnet-directed broadcast address
+ to 255.255.255.255 before injecting it into the destination
+ subnet.
+
+ - Clarified that when an Agent Advertisement is unicast to a
+ mobile node, the specific IP home address of a mobile node MAY
+ be used as the destination IP address.
+
+ - Included a reference to RFC 2290 within appendix B, which deals
+ with PPP operation.
+
+ - Created IANA Considerations section
+
+ - In section 3.8.3, clarified that a home agent SHOULD arrange
+ the selection of a home address for a mobile node when the
+ Registration Reply contains a zero Home Address.
+
+G.3. Changes since revision 04 of RFC2002bis
+
+ This section lists the changes between this version (...-06.txt) and
+ the previous version (...-04.txt) of the document. This section can
+ be deleted by the RFC editor.
+
+ - Noted that HMAC-MD5 should be considered for use in place of
+ the "prefix+suffix" mode of MD5 as originally mandated in RFC
+ 2002.
+
+ - Included a reference to RFC 2290 within appendix B, which deals
+ with PPP operation.
+
+ - Revamped IANA Considerations section
+
+ - Revamped Changes section
+
+ - Replaced Patents section with wording mandated from RFC 2026.
+
+ - Updated citations.
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 91]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+H. Example Messages
+
+H.1. Example ICMP Agent Advertisement Message Format
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type | Code | Checksum |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Num Addrs |Addr Entry Size| Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Router Address[1] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Preference Level[1] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Router Address[2] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Preference Level[2] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | .... |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type = 16 | Length | Sequence Number |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address[1] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address[2] |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | .... |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ : Optional Extensions :
+ : .... ...... ...... :
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 92]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+H.2. Example Registration Request Message Format
+
+ The UDP header is followed by the Mobile IP fields shown below:
+
+ 0 1 2 3
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type = 1 |S|B|D|M|G|r|T|x| Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Care-of Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |
+ + Identification +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Optional Non-Auth Extensions for HA ... |
+ | ( variable length ) |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type =32 | Length | SPI |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SPI (cont..) | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ : MN-HA Authenticator ( variable length ) :
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ : Optional Non-Auth Extensions for FA .........
+ : Optional MN-FA Authentication Extension...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 93]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+H.3. Example Registration Reply Message Format
+
+ The UDP header is followed by the Mobile IP fields shown below:
+
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type = 3 | Code | Lifetime |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Address |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Home Agent |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | |
+ + Identification +
+ | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Optional HA Non-Auth Extensions ... |
+ | ( variable length ) |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | Type =32 | Length | SPI |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | SPI (cont...) | |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ : MN-HA Authenticator ( variable length ) :
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ : Optional Extensions used by FA.........
+ : Optional MN-FA Authentication Extension...
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+References
+
+ [1] Allman, M., Glover, D. and L. Sanchez, "Enhancing TCP Over
+ Satellite Channels using Standard Mechanisms", BCP 28, RFC
+ 2488, January 1999.
+
+ [2] S. M. Bellovin. Security Problems in the TCP/IP Protocol
+ Suite. ACM Computer Communications Review, 19(2), March 1989.
+
+ [3] Border, J., Kojo, M., Griner, J., Montenegro, G. and Z. Shelby,
+ "Performance Enhancing Proxies", RFC 3135, June 2001.
+
+ [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
+ Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 94]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ [5] Ramon Caceres and Liviu Iftode. Improving the Performance of
+ Reliable Transport Protocols in Mobile Computing Environments.
+ IEEE Journal on Selected Areas in Communications, 13(5):850--
+ 857, June 1995.
+
+ [6] Calhoun P. and C. Perkins, "Mobile IP Network Access Identifier
+ Extension for IPv4", RFC 2794, January 2000.
+
+ [7] Calhoun, P. and C. Perkins, "Mobile IP Foreign Agent
+ Challenge/Response Extension", RFC 3012, December 2000.
+
+ [8] Cong, D., Hamlen, M. and C. Perkins, "The Definitions of
+ Managed Objects for IP Mobility Support using SMIv2", RFC 2006,
+ October 1996.
+
+ [9] Dawkins, S., Montenegro, G., Kojo, M., Magret, V. and N.
+ Vaidya, "End-to-end Performance Implications of Links with
+ Errors", BCP 50, RFC 3155, August 2001.
+
+ [10] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
+ September 1991.
+
+ [11] Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC
+ 1112, August 1989.
+
+ [12] Dommety, G. and K. Leung, "Mobile IP Vendor/Organization-
+ Specific Extensions", RFC 3115, April 2001.
+
+ [13] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
+ March 1997.
+
+ [14] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
+ Recommendations for Security", RFC 1750, December 1994.
+
+ [15] Ferguson P. and D. Senie, "Network Ingress Filtering: Defeating
+ Denial of Service Attacks which employ IP Source Address
+ Spoofing", BCP 38, RFC 2827, May 2000.
+
+ [16] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic
+ Routing Encapsulation (GRE)", RFC 1701, October 1994.
+
+ [17] J. Ioannidis. Protocols for Mobile Internetworking. PhD
+ Dissertation - Columbia University in the City of New York,
+ July 1993.
+
+
+
+
+
+
+
+Perkins Standards Track [Page 95]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ [18] John Ioannidis, Dan Duchamp, and Gerald Q. Maguire Jr. IP-
+ Based Protocols for Mobile Internetworking. In Proceedings of
+ the SIGCOMM '91 Conference: Communications Architectures &
+ Protocols, pages 235--245, September 1991.
+
+ [19] John Ioannidis and Gerald Q. Maguire Jr. The Design and
+ Implementation of a Mobile Internetworking Architecture. In
+ Proceedings of the Winter USENIX Technical Conference, pages
+ 489--500, January 1993.
+
+ [20] Jacobson, V., "Compressing TCP/IP headers for low-speed serial
+ links", RFC 1144, February 1990.
+
+ [21] Jacobson, V., "Congestion Avoidance and Control. In
+ Proceedings, SIGCOMM '88 Workshop, pages 314--329. ACM Press,
+ August 1988. Stanford, CA.
+
+ [22] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
+ November 1998.
+
+ [23] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
+ for Message Authentication", RFC 2104, February 1997.
+
+ [24] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB",
+ RFC 2863, June 2000.
+
+ [25] McGregor, G., "The PPP Internet Protocol Control Protocol
+ (IPCP)", RFC 1332, May 1992.
+
+ [26] Mills, D., "Network Time Protocol (Version 3) Specification,
+ Implementation", RFC 1305, March 1992.
+
+ [27] Montenegro, G., "Reverse Tunneling for Mobile IP (revised)",
+ RFC 3024, January 2001.
+
+ [28] Montenegro, G., Dawkins, S., Kojo, M., Magret, V. and N.
+ Vaidya, "Long Thin Networks", RFC 2757, January 2000.
+
+ [29] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for
+ Mobile IP", RFC 2356, June 1998.
+
+ [30] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
+ Considerations Section in RFCs", RFC 2434, October 1998.
+
+ [31] Paxson, V. and M. Allman, "Computing TCP's Retransmission
+ Timer", RFC 2988, November 2000.
+
+
+
+
+
+Perkins Standards Track [Page 96]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+ [32] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
+ 1996.
+
+ [33] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
+
+ [34] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
+ October 1996.
+
+ [35] Perkins, C. and P. Calhoun, "AAA Registration Keys for Mobile
+ IP", Work in Progress, July 2001.
+
+ [36] Plummer, D., "Ethernet Address Resolution Protocol: Or
+ converting network protocol addresses to 48.bit Ethernet
+ address for transmission on Ethernet hardware", STD 37, RFC
+ 826, November 1982.
+
+ [37] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
+ 1980.
+
+ [38] Postel, J., "Internet Protocol", STD 5, RFC 791, September
+ 1981.
+
+ [39] Postel, J., "Multi-LAN Address Resolution", RFC 925, October
+ 1984.
+
+ [40] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC
+ 1700, October 1994.
+
+ [41] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
+ 1992.
+
+ [42] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC
+ 1661, July 1994.
+
+ [43] Solomon, J., "Applicability Statement for IP Mobility Support"
+ RFC 2005, October 1996.
+
+ [44] Solomon J. and S. Glass, "Mobile-IPv4 Configuration Option for
+ PPP IPCP", RFC 2290, February 1998.
+
+ [45] Stevens, W., "TCP/IP Illustrated, Volume 1: The Protocols"
+ Addison-Wesley, Reading, Massachusetts, 1994.
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 97]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+Authors' Addresses
+
+ The working group can be contacted via the current chairs:
+
+ Basavaraj Patil
+ Nokia
+ 6000 Connection Dr.
+ Irving, TX. 75039
+ USA
+
+ Phone: +1 972-894-6709
+ EMail: Basavaraj.Patil@nokia.com
+
+ Phil Roberts
+ Megisto Corp. Suite 120
+ 20251 Century Blvd
+ Germantown MD 20874
+ USA
+
+ Phone: +1 847-202-9314
+ EMail: PRoberts@MEGISTO.com
+
+ Questions about this memo can also be directed to the editor:
+
+ Charles E. Perkins
+ Communications Systems Lab
+ Nokia Research Center
+ 313 Fairchild Drive
+ Mountain View, California 94043
+ USA
+
+ Phone: +1-650 625-2986
+ EMail: charliep@iprg.nokia.com
+ Fax: +1 650 625-2502
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 98]
+
+RFC 3344 IP Mobility Support for IPv4 August 2002
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2002). All Rights Reserved.
+
+ This document and translations of it may be copied and furnished to
+ others, and derivative works that comment on or otherwise explain it
+ or assist in its implementation may be prepared, copied, published
+ and distributed, in whole or in part, without restriction of any
+ kind, provided that the above copyright notice and this paragraph are
+ included on all such copies and derivative works. However, this
+ document itself may not be modified in any way, such as by removing
+ the copyright notice or references to the Internet Society or other
+ Internet organizations, except as needed for the purpose of
+ developing Internet standards in which case the procedures for
+ copyrights defined in the Internet Standards process must be
+ followed, or as required to translate it into languages other than
+ English.
+
+ The limited permissions granted above are perpetual and will not be
+ revoked by the Internet Society or its successors or assigns.
+
+ This document and the information contained herein is provided on an
+ "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+ TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+ BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+ HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+ MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Perkins Standards Track [Page 99]
+