Tuesday, May 7, 2013

Understanding Mobile Router/Mobile Network


What does mobile IP do? It allows a mobile router to keep the same IP address while traveling from one network to another and provides IP connectivity to the IP hosts connecting through the mobile router. The hosts behind the mobile router are unaware of this mobility.

Mobile IP has three components:

1. Home agent (HA) - An HA is a router on the home network that maintains an association between the home IP address of the MR and the current care-of address of the MR on the foreign network. HA redirects packets by tunneling them to the MR while it is away from home (in the foreign network).

2. Foreign agent (FA) - An FA is a router on a foreign network that provides a care-of address to the MR. It also detunnels and delivers packets to the MR that were tunneled by the HA.

3. Mobile router (MR) - A mobile router, moves from one network or subnet to another, "hides" the IP roaming from the IP hosts connecting through this mobile router so that the local hosts appear to be directly attached to the home network.

Let's go through a quick example:


 

The HA R1 is advertising (“redistribute mobile”) reachability to the mobile network 140.80.1.0/24 (on the MR R3) to the internet, thereby attracting packets that are destined for this subnet. MR R3 will keep the same IP address 150.1.1.1 while roaming between its home network 150.1.1.0/24 and foreign networks 200.2.2.0/24, 200.6.6.0/24. So When MR R3 is in foreign network 200.2.2.0/24, it will acquire a care-of address 2.2.2.2 from the FA R2. After receiving the care-of address, the MR R3 will register this address with its HA R1. The HA R1 will create a mobility binding table that maps the home IP address 150.1.1.1 of the MR R3 to the current care-of address 2.2.2.2 of the MR R3.

Now when any device on the Internet, called a corresponding node (CN), sends a packet to the mobile network (more specifically to 140.80.1.1), the packet is routed to the HA R1. Then the HA R1 will double tunnel it (outer tunnel to FA R2 care-of address 2.2.2.2 and inner tunnel to MR R3 itself). The FA R2 removes the outer tunnel header and delivers the inner tunneled packet to the connected MR R3. MR R3 performs another decapsulation to deliver the packet to the destination node 140.80.1.1 on the mobile network.

However, packets sent from the mobile network 140.80.1.0/24 are routed directly to the CN unless a reverse tunnel is configured.

Let's check the configuration on those routers for IP mobility:
Rack1R1 (HA)
!
interface Loopback0
 description HA address
 ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
 description home network
 ip address 150.1.1.254 255.255.255.0
!
interface FastEthernet0/1
 description connected to internet
 ip address 180.1.17.1 255.255.255.0
!
! Enables Mobile IP
router mobile
!
router ospf 1
! Redistributes the virtual network into the routing protocol
 redistribute mobile subnets
!
! Enables home agent service
ip mobile home-agent address 1.1.1.1
! Defines mobile router's home network as virtual network
ip mobile virtual-network 150.1.1.0 255.255.255.0
! Specifies mobile router on the virtual network
ip mobile host 150.1.1.1 virtual-network 150.1.1.0 255.255.255.0
! Specifies all the networks behind mobile router
ip mobile mobile-networks 150.1.1.1
 description network behind the mobile router
 network 140.80.1.0 255.255.255.0
! Enables security association between HA and MR
ip mobile secure host 150.1.1.1 spi 100 key ascii CISCO algorithm md5 mode prefix-suffix

Rack1R2 (FA)
!
interface Loopback0
 description care-of-address
 ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
 description foreign network
 ip address 200.2.2.254 255.255.255.0
! Enables foreign agent service on an interface
 ip mobile foreign-service
 ip mobile registration-lifetime 60
! Enables IRDP
 ip irdp
 ip irdp maxadvertinterval 4
 ip irdp minadvertinterval 3
!
interface FastEthernet0/1
 description connected to internet
 ip address 180.1.27.2 255.255.255.0
!
! Enables Mobile IP
router mobile
!
! Enables foreign agent service globally with the care-of-address
ip mobile foreign-agent care-of Loopback0

Rack1R3 (MR)
!
interface Loopback0
 description mobile network
 ip address 140.80.1.1 255.255.255.0
!
interface Ethernet0/0
 description the roaming interface
 ip address 150.1.1.1 255.255.255.0
! Enables roaming on an interface
 ip mobile router-service roam
!
! Enables Mobile IP
router mobile
!
! Enables security association between MR and HA
ip mobile secure home-agent 1.1.1.1 spi 100 key ascii CISCO algorithm md5 mode prefix-suffix
! Enables the mobile router 
ip mobile router
 address 150.1.1.1 255.255.255.0
 home-agent 1.1.1.1

We will do some testing and verification when mobile router R3 is in the foreign network 200.2.2.0/24 on R2.
Rack1R1#show ip route | inc ^M
M       140.80.1.0 [3/1] via 0.0.0.0, 00:15:18, Tunnel0
M       150.1.1.1/32 [3/1] via 2.2.2.2, 00:15:18, Tunnel1
Rack1R1#show ip mobile binding 
Mobility Binding List:
Total 1
150.1.1.1: 
    Care-of Addr 2.2.2.2, Src Addr 2.2.2.2
    Lifetime granted 00:01:00 (60), remaining 00:00:55
    Flags sbdmg-t-, Identification CE22A5D5.F4C99770
    Tunnel1 src 1.1.1.1 dest 2.2.2.2 reverse-allowed
    MR Tunnel0 src 1.1.1.1 dest 150.1.1.1 reverse-allowed
    Routing Options - 
    Mobile Networks: 140.80.1.0/255.255.255.0 (S)
Rack1R1#sh ip mobile tunnel
Mobile Tunnels:
Total mobile ip tunnels 0
Tunnel0:
    src 1.1.1.1, dest 2.2.2.2
    encap IP/IP, mode reverse-allowed, tunnel-users 1
    Input ACL users 0, Output ACL users 0
    IP MTU 1480 bytes
    Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
    outbound interface FastEthernet0/1
    HA created, fast switching enabled, ICMP unreachable enabled
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    0 packets input, 0 bytes, 0 drops
    20 packets output, 23125 bytes
Tunnel1:
    src 1.1.1.1, dest 150.1.1.1
    encap IP/IP, mode reverse-allowed, tunnel-users 1
    Input ACL users 0, Output ACL users 0
    IP MTU 1460 bytes
    Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
    outbound interface Tunnel0
    HA created, fast switching enabled, ICMP unreachable enabled
Mobile Tunnels:
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    0 packets input, 0 bytes, 0 drops
    20 packets output, 22725 bytes
Rack1R1#show ip mobile mobile-networks
Mobile Networks:
MR 150.1.1.1 [network behind the mobile router]:
    Configured: 140.80.1.0/255.255.255.0
    Registered:
Rack1R2#sh ip route | be Gateway
Gateway of last resort is not set
     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/3] via 180.1.27.7, 15:28:38, FastEthernet0/1
O    222.22.2.0/24 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1
     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, Loopback0
O    200.6.6.0/24 [110/3] via 180.1.27.7, 15:28:48, FastEthernet0/1
     140.80.0.0/24 is subnetted, 1 subnets
O E2    140.80.1.0 [110/20] via 180.1.27.7, 00:29:32, FastEthernet0/1
     6.0.0.0/24 is subnetted, 1 subnets
O       6.6.6.0 [110/3] via 180.1.27.7, 15:28:48, FastEthernet0/1
C    200.2.2.0/24 is directly connected, FastEthernet0/0
     180.1.0.0/24 is subnetted, 3 subnets
O       180.1.17.0 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1
C       180.1.27.0 is directly connected, FastEthernet0/1
O       180.1.67.0 [110/2] via 180.1.27.7, 15:28:48, FastEthernet0/1
     150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
O       150.1.1.0/24 [110/3] via 180.1.27.7, 00:29:32, FastEthernet0/1
M       150.1.1.1/32 [3/1] via 150.1.1.1, 00:30:09, FastEthernet0/0
                     [3/1] via 150.1.1.1, 00:00:08, FastEthernet0/0
Rack1R2#sh ip mobile tunnel
Mobile Tunnels:
Total mobile ip tunnels 0
Tunnel0:
    src 2.2.2.2, dest 1.1.1.1
    encap IP/IP, mode reverse-allowed, tunnel-users 1
    Input ACL users 0, Output ACL users 0
    IP MTU 1480 bytes
    Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
    outbound interface FastEthernet0/1
    FA created, fast switching enabled, ICMP unreachable enabled
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    20 packets input, 23125 bytes, 0 drops
    0 packets output, 0 bytes
Rack1R2#show ip mobile globals
IP Mobility global information:
Home Agent is not enabled
Foreign Agent
    Pending registrations expire after 7 secs
    Care-of addresses advertised
    Mobile network route injection disabled
        Loopback0 (2.2.2.2) - up
1 interface providing service
Encapsulations supported: IPIP and GRE
Tunnel fast switching enabled, cef switching enabled
Tunnel path MTU discovery aged out after 10 min
NAT UDP Tunneling support enabled
UDP Tunnel Keepalive 110
Forced UDP Tunneling disabled
Rack1R2#show ip mobile visitor 
Mobile Visitor List:
Total 1
150.1.1.1:
    Interface FastEthernet0/0, MAC addr 0006.533a.2581
    IP src 150.1.1.1, dest 200.2.2.254, UDP src port 434
    HA addr 1.1.1.1, Identification CE22AC48.A0CA5400
    Lifetime 00:01:00 (60) Remaining 00:00:32
    Tunnel0 src 2.2.2.2, dest 1.1.1.1, reverse-allowed
    Routing Options - 
Rack1R2#show ip mobile interface
IP Mobility interface information:
Interface FastEthernet0/0:
    IRDP (includes agent advertisement) enabled
    Prefix Length not advertised
    Lifetime is 60 seconds
    Foreign Agent service provided
    Foreign Agent challenge disabled
    Reverse tunnel not supported
    No registration required
    Not busy
    Home Agent access list:
    Registration revocation disabled
         Current number of visitors: 1
Rack1R3#sh ip route | be Gateway
Gateway of last resort is 200.2.2.254 to network 0.0.0.0
     1.0.0.0/32 is subnetted, 1 subnets
M       1.1.1.1 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0
     140.80.0.0/24 is subnetted, 1 subnets
C       140.80.1.0 is directly connected, Loopback0
     200.2.2.0/32 is subnetted, 1 subnets
M       200.2.2.254 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0
     150.1.0.0/24 is subnetted, 1 subnets
C       150.1.1.0 is directly connected, Ethernet0/0
M*   0.0.0.0/0 [3/1] via 200.2.2.254, 00:50:11, Ethernet0/0
Rack1R3#sh ip mobile tunnel
Mobile Tunnels:
Total mobile ip tunnels 1
Tunnel0:
    src 150.1.1.1, dest 1.1.1.1
    encap IP/IP, mode reverse-allowed, tunnel-users 1
    IP MTU 1480 bytes
    Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
    outbound interface Ethernet0/0
    MR created, fast switching enabled, ICMP unreachable enabled
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    20 packets input, 22725 bytes, 0 drops
    0 packets output, 0 bytes
Rack1R3#show ip mobile router
Mobile Router
    Enabled 08/03/09 21:04:42
    Last redundancy state transition NEVER
Configuration:
    Home Address 150.1.1.1 Mask 255.255.255.0
    Home Agent 1.1.1.1 Priority 100 (best) (current)
    Registration lifetime 65534 sec
    Retransmit Init 1000, Max 5000 msec, Limit 3
    Extend Expire 120, Retry 3, Interval 10
Monitor:
    Status -Registered-
    Active foreign agent 200.2.2.254, Care-of 2.2.2.2
    On interface Ethernet0/0
    Tunnel0 mode IP/IP
Rack1R6#ping 140.80.1.1 size 1460 df-bit 
Type escape sequence to abort.
Sending 5, 1460-byte ICMP Echos to 140.80.1.1, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
Rack1R6#ping 140.80.1.1 size 1461 df-bit 
Type escape sequence to abort.
Sending 5, 1461-byte ICMP Echos to 140.80.1.1, timeout is 2 seconds:
Packet sent with the DF bit set
M.M.M
Success rate is 0 percent (0/5)
Rack1R6#trace 140.80.1.1                 
Type escape sequence to abort.
Tracing the route to 140.80.1.1
  1 180.1.67.7 4 msec 4 msec 0 msec
  2 180.1.17.1 4 msec 0 msec 0 msec
  3 150.1.1.1 4 msec *  0 msec
 

1 comment:

  1. Thanks a lot for sharing your thoughts on this matter. It is very essential to determine the necessary details when buying routers. This can greatly help when there are several users connecting to the Internet. industrial cellular router

    ReplyDelete