What does mobile IP do? It allows a mobile router to keep the same IP address while traveling from one network to another and provides IP connectivity to the IP hosts connecting through the mobile router. The hosts behind the mobile router are unaware of this mobility.
Mobile IP has three components:
1. Home agent (HA) - An HA is a router on the home network that maintains an association between the home IP address of the MR and the current care-of address of the MR on the foreign network. HA redirects packets by tunneling them to the MR while it is away from home (in the foreign network).
2. Foreign agent (FA) - An FA is a router on a foreign network that provides a care-of address to the MR. It also detunnels and delivers packets to the MR that were tunneled by the HA.
3. Mobile router (MR) - A mobile router, moves from one network or subnet to another, "hides" the IP roaming from the IP hosts connecting through this mobile router so that the local hosts appear to be directly attached to the home network.
Let's go through a quick example:
The HA R1 is advertising (“redistribute mobile”) reachability to the mobile network 140.80.1.0/24 (on the MR R3) to the internet, thereby attracting packets that are destined for this subnet. MR R3 will keep the same IP address 150.1.1.1 while roaming between its home network 150.1.1.0/24 and foreign networks 200.2.2.0/24, 200.6.6.0/24. So When MR R3 is in foreign network 200.2.2.0/24, it will acquire a care-of address 2.2.2.2 from the FA R2. After receiving the care-of address, the MR R3 will register this address with its HA R1. The HA R1 will create a mobility binding table that maps the home IP address 150.1.1.1 of the MR R3 to the current care-of address 2.2.2.2 of the MR R3.
Now when any device on the Internet, called a corresponding node (CN), sends a packet to the mobile network (more specifically to 140.80.1.1), the packet is routed to the HA R1. Then the HA R1 will double tunnel it (outer tunnel to FA R2 care-of address 2.2.2.2 and inner tunnel to MR R3 itself). The FA R2 removes the outer tunnel header and delivers the inner tunneled packet to the connected MR R3. MR R3 performs another decapsulation to deliver the packet to the destination node 140.80.1.1 on the mobile network.
However, packets sent from the mobile network 140.80.1.0/24 are routed directly to the CN unless a reverse tunnel is configured.
Let's check the configuration on those routers for IP mobility:
Rack1R1 (HA)! interface Loopback0 description HA address ip address 1.1.1.1 255.255.255.0 ! interface FastEthernet0/0 description home network ip address 150.1.1.254 255.255.255.0 ! interface FastEthernet0/1 description connected to internet ip address 180.1.17.1 255.255.255.0 ! ! Enables Mobile IP router mobile ! router ospf 1 ! Redistributes the virtual network into the routing protocol redistribute mobile subnets ! ! Enables home agent service ip mobile home-agent address 1.1.1.1 ! Defines mobile router's home network as virtual network ip mobile virtual-network 150.1.1.0 255.255.255.0 ! Specifies mobile router on the virtual network ip mobile host 150.1.1.1 virtual-network 150.1.1.0 255.255.255.0 ! Specifies all the networks behind mobile router ip mobile mobile-networks 150.1.1.1 description network behind the mobile router network 140.80.1.0 255.255.255.0 ! Enables security association between HA and MR ip mobile secure host 150.1.1.1 spi 100 key ascii CISCO algorithm md5 mode prefix-suffix
Rack1R2 (FA)! interface Loopback0 description care-of-address ip address 2.2.2.2 255.255.255.0 ! interface FastEthernet0/0 description foreign network ip address 200.2.2.254 255.255.255.0 ! Enables foreign agent service on an interface ip mobile foreign-service ip mobile registration-lifetime 60 ! Enables IRDP ip irdp ip irdp maxadvertinterval 4 ip irdp minadvertinterval 3 ! interface FastEthernet0/1 description connected to internet ip address 180.1.27.2 255.255.255.0 ! ! Enables Mobile IP router mobile ! ! Enables foreign agent service globally with the care-of-address ip mobile foreign-agent care-of Loopback0
Rack1R3 (MR)! interface Loopback0 description mobile network ip address 140.80.1.1 255.255.255.0 ! interface Ethernet0/0 description the roaming interface ip address 150.1.1.1 255.255.255.0 ! Enables roaming on an interface ip mobile router-service roam ! ! Enables Mobile IP router mobile ! ! Enables security association between MR and HA ip mobile secure home-agent 1.1.1.1 spi 100 key ascii CISCO algorithm md5 mode prefix-suffix ! Enables the mobile router ip mobile router address 150.1.1.1 255.255.255.0 home-agent 1.1.1.1
We will do some testing and verification when mobile router R3 is in the foreign network 200.2.2.0/24 on R2.
Rack1R1#show ip route | inc ^M M 140.80.1.0 [3/1] via 0.0.0.0, 00:15:18, Tunnel0 M 150.1.1.1/32 [3/1] via 2.2.2.2, 00:15:18, Tunnel1Rack1R1#show ip mobile binding Mobility Binding List: Total 1 150.1.1.1: Care-of Addr 2.2.2.2, Src Addr 2.2.2.2 Lifetime granted 00:01:00 (60), remaining 00:00:55 Flags sbdmg-t-, Identification CE22A5D5.F4C99770 Tunnel1 src 1.1.1.1 dest 2.2.2.2 reverse-allowed MR Tunnel0 src 1.1.1.1 dest 150.1.1.1 reverse-allowed Routing Options - Mobile Networks: 140.80.1.0/255.255.255.0 (S)Rack1R1#sh ip mobile tunnel Mobile Tunnels:Total mobile ip tunnels 0 Tunnel0: src 1.1.1.1, dest 2.2.2.2 encap IP/IP, mode reverse-allowed, tunnel-users 1 Input ACL users 0, Output ACL users 0 IP MTU 1480 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface FastEthernet0/1 HA created, fast switching enabled, ICMP unreachable enabled 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 20 packets output, 23125 bytes Tunnel1: src 1.1.1.1, dest 150.1.1.1 encap IP/IP, mode reverse-allowed, tunnel-users 1 Input ACL users 0, Output ACL users 0 IP MTU 1460 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface Tunnel0 HA created, fast switching enabled, ICMP unreachable enabled Mobile Tunnels:5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 drops 20 packets output, 22725 bytesRack1R1#show ip mobile mobile-networks Mobile Networks: MR 150.1.1.1 [network behind the mobile router]: Configured: 140.80.1.0/255.255.255.0 Registered:Rack1R2#sh ip route | be Gateway Gateway of last resort is not set1.0.0.0/24 is subnetted, 1 subnets O 1.1.1.0 [110/3] via 180.1.27.7, 15:28:38, FastEthernet0/1 O 222.22.2.0/24 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 O 200.6.6.0/24 [110/3] via 180.1.27.7, 15:28:48, FastEthernet0/1 140.80.0.0/24 is subnetted, 1 subnets O E2 140.80.1.0 [110/20] via 180.1.27.7, 00:29:32, FastEthernet0/1 6.0.0.0/24 is subnetted, 1 subnets O 6.6.6.0 [110/3] via 180.1.27.7, 15:28:48, FastEthernet0/1 C 200.2.2.0/24 is directly connected, FastEthernet0/0 180.1.0.0/24 is subnetted, 3 subnets O 180.1.17.0 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1 C 180.1.27.0 is directly connected, FastEthernet0/1 O 180.1.67.0 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1 150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks O 150.1.1.0/24 [110/3] via 180.1.27.7, 00:29:32, FastEthernet0/1 M 150.1.1.1/32 [3/1] via 150.1.1.1, 00:30:09, FastEthernet0/0 [3/1] via 150.1.1.1, 00:00:08, FastEthernet0/0Rack1R2#sh ip mobile tunnel Mobile Tunnels:Total mobile ip tunnels 0 Tunnel0: src 2.2.2.2, dest 1.1.1.1 encap IP/IP, mode reverse-allowed, tunnel-users 1 Input ACL users 0, Output ACL users 0 IP MTU 1480 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface FastEthernet0/1 FA created, fast switching enabled, ICMP unreachable enabled 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 20 packets input, 23125 bytes, 0 drops 0 packets output, 0 bytesRack1R2#show ip mobile globals IP Mobility global information: Home Agent is not enabledForeign AgentPending registrations expire after 7 secs Care-of addresses advertised Mobile network route injection disabledLoopback0 (2.2.2.2) - up1 interface providing service Encapsulations supported: IPIP and GRE Tunnel fast switching enabled, cef switching enabled Tunnel path MTU discovery aged out after 10 min NAT UDP Tunneling support enabled UDP Tunnel Keepalive 110 Forced UDP Tunneling disabledRack1R2#show ip mobile visitor Mobile Visitor List: Total 1 150.1.1.1: Interface FastEthernet0/0, MAC addr 0006.533a.2581 IP src 150.1.1.1, dest 200.2.2.254, UDP src port 434 HA addr 1.1.1.1, Identification CE22AC48.A0CA5400 Lifetime 00:01:00 (60) Remaining 00:00:32 Tunnel0 src 2.2.2.2, dest 1.1.1.1, reverse-allowed Routing Options -Rack1R2#show ip mobile interface IP Mobility interface information: Interface FastEthernet0/0: IRDP (includes agent advertisement) enabled Prefix Length not advertised Lifetime is 60 seconds Foreign Agent service provided Foreign Agent challenge disabled Reverse tunnel not supported No registration required Not busy Home Agent access list: Registration revocation disabled Current number of visitors: 1Rack1R3#sh ip route | be Gateway Gateway of last resort is 200.2.2.254 to network 0.0.0.01.0.0.0/32 is subnetted, 1 subnets M 1.1.1.1 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0 140.80.0.0/24 is subnetted, 1 subnets C 140.80.1.0 is directly connected, Loopback0 200.2.2.0/32 is subnetted, 1 subnets M 200.2.2.254 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0 150.1.0.0/24 is subnetted, 1 subnets C 150.1.1.0 is directly connected, Ethernet0/0 M* 0.0.0.0/0 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0Rack1R3#sh ip mobile tunnel Mobile Tunnels:Total mobile ip tunnels 1 Tunnel0: src 150.1.1.1, dest 1.1.1.1 encap IP/IP, mode reverse-allowed, tunnel-users 1 IP MTU 1480 bytes Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never outbound interface Ethernet0/0 MR created, fast switching enabled, ICMP unreachable enabled 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 20 packets input, 22725 bytes, 0 drops 0 packets output, 0 bytesRack1R3#show ip mobile routerMobile Router Enabled 08/03/09 21:04:42 Last redundancy state transition NEVERConfiguration: Home Address 150.1.1.1 Mask 255.255.255.0 Home Agent 1.1.1.1 Priority 100 (best) (current) Registration lifetime 65534 sec Retransmit Init 1000, Max 5000 msec, Limit 3 Extend Expire 120, Retry 3, Interval 10Monitor: Status -Registered- Active foreign agent 200.2.2.254, Care-of 2.2.2.2 On interface Ethernet0/0 Tunnel0 mode IP/IPRack1R6#ping 140.80.1.1 size 1460 df-bitType escape sequence to abort. Sending 5, 1460-byte ICMP Echos to 140.80.1.1, timeout is 2 seconds: Packet sent with the DF bit set !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 msRack1R6#ping 140.80.1.1 size 1461 df-bitType escape sequence to abort. Sending 5, 1461-byte ICMP Echos to 140.80.1.1, timeout is 2 seconds: Packet sent with the DF bit set M.M.M Success rate is 0 percent (0/5)Rack1R6#trace 140.80.1.1Type escape sequence to abort. Tracing the route to 140.80.1.11 180.1.67.7 4 msec 4 msec 0 msec 2 180.1.17.1 4 msec 0 msec 0 msec 3 150.1.1.1 4 msec * 0 msec
Thanks a lot for sharing your thoughts on this matter. It is very essential to determine the necessary details when buying routers. This can greatly help when there are several users connecting to the Internet. industrial cellular router
ReplyDelete