rfc3344.txt   draft-ietf-mip4-rfc3344bis-09.txt 
Network Working Group C. Perkins, Ed. MIP4 Working Group C. Perkins, Ed.
Request for Comments: 3344 Nokia Research Center Internet-Draft WiChorus Inc.
Obsoletes: 3220 August 2002 Obsoletes: 3344 (if approved) January 26, 2010
Category: Standards Track Intended status: Standards Track
Expires: July 30, 2010
IP Mobility Support for IPv4
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. IP Mobility Support for IPv4, revised
draft-ietf-mip4-rfc3344bis-09
Abstract Abstract
This document specifies protocol enhancements that allow transparent This document specifies protocol enhancements that allow transparent
routing of IP datagrams to mobile nodes in the Internet. Each mobile routing of IP datagrams to mobile nodes in the Internet. Each mobile
node is always identified by its home address, regardless of its node is always identified by its home address, regardless of its
current point of attachment to the Internet. While situated away current point of attachment to the Internet. While situated away
from its home, a mobile node is also associated with a care-of from its home, a mobile node is also associated with a care-of
address, which provides information about its current point of address, which provides information about its current point of
attachment to the Internet. The protocol provides for registering attachment to the Internet. The protocol provides for registering
the care-of address with a home agent. The home agent sends the care-of address with a home agent. The home agent sends
datagrams destined for the mobile node through a tunnel to the care- datagrams destined for the mobile node through a tunnel to the
of address. After arriving at the end of the tunnel, each datagram care-of address. After arriving at the end of the tunnel, each
is then delivered to the mobile node. datagram is then delivered to the mobile node.
Contents Status of this Memo
1. Introduction 3 This Internet-Draft is submitted to IETF in full conformance with the
1.1. Protocol Requirements . . . . . . . . . . . . . . . . . 4 provisions of BCP 78 and BCP 79.
1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . 5 Internet-Drafts are working documents of the Internet Engineering
1.4. Applicability . . . . . . . . . . . . . . . . . . . . . 5 Task Force (IETF), its areas, and its working groups. Note that
1.5. New Architectural Entities . . . . . . . . . . . . . . 5 other groups may also distribute working documents as Internet-
1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . 6 Drafts.
1.7. Protocol Overview . . . . . . . . . . . . . . . . . . . 9
1.8. Message Format and Protocol Extensibility . . . . . . . 13 Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on July 30, 2010.
Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1. Protocol Requirements . . . . . . . . . . . . . . . . . . 5
1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . . 6
1.4. Applicability . . . . . . . . . . . . . . . . . . . . . . 6
1.5. New Architectural Entities . . . . . . . . . . . . . . . 7
1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . . 7
1.7. Protocol Overview . . . . . . . . . . . . . . . . . . . . 10
1.8. Message Format and Protocol Extensibility . . . . . . . . 14
1.9. Type-Length-Value Extension Format for Mobile IP 1.9. Type-Length-Value Extension Format for Mobile IP
Extensions . . . . . . . . . . . . . . . . . . . . . 15 Extensions . . . . . . . . . . . . . . . . . . . . . . . 16
1.10. Long Extension Format . . . . . . . . . . . . . . . . . 16 1.10. Long Extension Format . . . . . . . . . . . . . . . . . . 17
1.11. Short Extension Format . . . . . . . . . . . . . . . . 16 1.11. Short Extension Format . . . . . . . . . . . . . . . . . 18
2. Agent Discovery 17 2. Agent Discovery . . . . . . . . . . . . . . . . . . . . . . . 19
2.1. Agent Advertisement . . . . . . . . . . . . . . . . . . 18 2.1. Agent Advertisement . . . . . . . . . . . . . . . . . . . 19
2.1.1. Mobility Agent Advertisement Extension . . . . 20 2.1.1. Mobility Agent Advertisement Extension . . . . . . . 21
2.1.2. Prefix-Lengths Extension . . . . . . . . . . . 22 2.1.2. Prefix-Lengths Extension . . . . . . . . . . . . . . 23
2.1.3. One-byte Padding Extension . . . . . . . . . . 22 2.1.3. One-byte Padding Extension . . . . . . . . . . . . . 24
2.2. Agent Solicitation . . . . . . . . . . . . . . . . . . 23 2.2. Agent Solicitation . . . . . . . . . . . . . . . . . . . 25
2.3. Foreign Agent and Home Agent Considerations . . . . . . 23 2.3. Foreign Agent and Home Agent Considerations . . . . . . . 25
2.3.1. Advertised Router Addresses . . . . . . . . . . 24 2.3.1. Advertised Router Addresses . . . . . . . . . . . . . 26
2.3.2. Sequence Numbers and Rollover Handling . . . . 24 2.3.2. Sequence Numbers and Rollover Handling . . . . . . . 26
2.4. Mobile Node Considerations . . . . . . . . . . . . . . 25 2.4. Mobile Node Considerations . . . . . . . . . . . . . . . 27
2.4.1. Registration Required . . . . . . . . . . . . . 26 2.4.1. Registration Required . . . . . . . . . . . . . . . . 28
2.4.2. Move Detection . . . . . . . . . . . . . . . . 26 2.4.2. Move Detection . . . . . . . . . . . . . . . . . . . 28
2.4.3. Returning Home . . . . . . . . . . . . . . . . 27 2.4.3. Returning Home . . . . . . . . . . . . . . . . . . . 29
2.4.4. Sequence Numbers and Rollover Handling . . . . 28 2.4.4. Sequence Numbers and Rollover Handling . . . . . . . 30
3. Registration 28 3. Registration . . . . . . . . . . . . . . . . . . . . . . . . 31
3.1. Registration Overview . . . . . . . . . . . . . . . . . 29 3.1. Registration Overview . . . . . . . . . . . . . . . . . . 31
3.2. Authentication . . . . . . . . . . . . . . . . . . . . 30 3.2. Authentication . . . . . . . . . . . . . . . . . . . . . 33
3.3. Registration Request . . . . . . . . . . . . . . . . . 30 3.3. Registration Request . . . . . . . . . . . . . . . . . . 33
3.4. Registration Reply . . . . . . . . . . . . . . . . . . 33 3.4. Registration Reply . . . . . . . . . . . . . . . . . . . 36
3.5. Registration Extensions . . . . . . . . . . . . . . . . 36 3.5. Registration Extensions . . . . . . . . . . . . . . . . . 39
3.5.1. Computing Authentication Extension Values . . . 36 3.5.1. Computing Authentication Extension Values . . . . . . 39
3.5.2. Mobile-Home Authentication Extension . . . . . 37 3.5.2. Mobile-Home Authentication Extension . . . . . . . . 40
3.5.3. Mobile-Foreign Authentication Extension . . . . 37 3.5.3. Mobile-Foreign Authentication Extension . . . . . . . 41
3.5.4. Foreign-Home Authentication Extension . . . . . 38 3.5.4. Foreign-Home Authentication Extension . . . . . . . . 42
3.6. Mobile Node Considerations . . . . . . . . . . . . . . 38 3.6. Mobile Node Considerations . . . . . . . . . . . . . . . 43
3.6.1. Sending Registration Requests . . . . . . . . . 40 3.6.1. Sending Registration Requests . . . . . . . . . . . . 44
3.6.2. Receiving Registration Replies . . . . . . . . 44 3.6.2. Receiving Registration Replies . . . . . . . . . . . 48
3.6.3. Registration Retransmission . . . . . . . . . . 47 3.6.3. Registration Retransmission . . . . . . . . . . . . . 51
3.7. Foreign Agent Considerations . . . . . . . . . . . . . 47 3.7. Foreign Agent Considerations . . . . . . . . . . . . . . 52
3.7.1. Configuration and Registration Tables . . . . . 48 3.7.1. Configuration and Registration Tables . . . . . . . . 52
3.7.2. Receiving Registration Requests . . . . . . . . 49 3.7.2. Receiving Registration Requests . . . . . . . . . . . 53
3.7.3. Receiving Registration Replies . . . . . . . . 52 3.7.3. Receiving Registration Replies . . . . . . . . . . . 56
3.8. Home Agent Considerations . . . . . . . . . . . . . . . 54 3.8. Home Agent Considerations . . . . . . . . . . . . . . . . 58
3.8.1. Configuration and Registration Tables . . . . . 55 3.8.1. Configuration and Registration Tables . . . . . . . . 59
3.8.2. Receiving Registration Requests . . . . . . . . 56 3.8.2. Receiving Registration Requests . . . . . . . . . . . 60
3.8.3. Sending Registration Replies . . . . . . . . . 59 3.8.3. Sending Registration Replies . . . . . . . . . . . . 64
4. Routing Considerations 62 4. Routing Considerations . . . . . . . . . . . . . . . . . . . 68
4.1. Encapsulation Types . . . . . . . . . . . . . . . . . . 62 4.1. Encapsulation Types . . . . . . . . . . . . . . . . . . . 68
4.2. Unicast Datagram Routing . . . . . . . . . . . . . . . 62 4.2. Unicast Datagram Routing . . . . . . . . . . . . . . . . 68
4.2.1. Mobile Node Considerations . . . . . . . . . . 62 4.2.1. Mobile Node Considerations . . . . . . . . . . . . . 68
4.2.2. Foreign Agent Considerations . . . . . . . . . 63 4.2.2. Foreign Agent Considerations . . . . . . . . . . . . 69
4.2.3. Home Agent Considerations . . . . . . . . . . . 64 4.2.3. Home Agent Considerations . . . . . . . . . . . . . . 70
4.3. Broadcast Datagrams . . . . . . . . . . . . . . . . . . 66 4.3. Broadcast Datagrams . . . . . . . . . . . . . . . . . . . 71
4.4. Multicast Datagram Routing . . . . . . . . . . . . . . 66 4.4. Multicast Datagram Routing . . . . . . . . . . . . . . . 72
4.5. Mobile Routers . . . . . . . . . . . . . . . . . . . . 67 4.5. Mobile Routers . . . . . . . . . . . . . . . . . . . . . 73
4.6. ARP, Proxy ARP, and Gratuitous ARP . . . . . . . . . . 69 4.6. ARP, Proxy ARP, and Gratuitous ARP . . . . . . . . . . . 75
5. Security Considerations 73 5. Security Considerations . . . . . . . . . . . . . . . . . . . 79
5.1. Message Authentication Codes . . . . . . . . . . . . . 73 5.1. Message Authentication Codes . . . . . . . . . . . . . . 79
5.2. Areas of Security Concern in this Protocol . . . . . . 73 5.2. Areas of Security Concern in this Protocol . . . . . . . 79
5.3. Key Management . . . . . . . . . . . . . . . . . . . . 74 5.3. Key Management . . . . . . . . . . . . . . . . . . . . . 79
5.4. Picking Good Random Numbers . . . . . . . . . . . . . . 74 5.4. Picking Good Random Numbers . . . . . . . . . . . . . . . 80
5.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . 74 5.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . . 80
5.6. Ingress Filtering . . . . . . . . . . . . . . . . . . . 75 5.6. Ingress Filtering . . . . . . . . . . . . . . . . . . . . 80
5.7. Replay Protection for Registration Requests . . . . . . 75 5.7. Replay Protection for Registration Requests . . . . . . . 81
5.7.1. Replay Protection using Timestamps . . . . . . 75 5.7.1. Replay Protection using Timestamps . . . . . . . . . 81
5.7.2. Replay Protection using Nonces . . . . . . . . 77 5.7.2. Replay Protection using Nonces . . . . . . . . . . . 82
6. IANA Considerations 77 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 84
6.1. Mobile IP Message Types . . . . . . . . . . . . . . . . 78 6.1. Mobile IP Message Types . . . . . . . . . . . . . . . . . 84
6.2. Extensions to RFC 1256 Router Advertisement . . . . . . 78 6.2. Extensions to RFC 1256 Router Advertisement . . . . . . . 85
6.3. Extensions to Mobile IP Registration Messages . . . . . 79 6.3. Extensions to Mobile IP Registration Messages . . . . . . 85
6.4. Code Values for Mobile IP Registration Reply 6.4. Code Values for Mobile IP Registration Reply Messages . . 85
Messages. . . . . . . . . . . . . . . . . . . . . . 79 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 87
7. Acknowledgments 80 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 89
A. Patent Issues 82 8.1. Normative References . . . . . . . . . . . . . . . . . . 89
B. Link-Layer Considerations 82 8.2. Informative References . . . . . . . . . . . . . . . . . 90
C. TCP Considerations 83 Appendix A. Pre-RFC5378 Disclaimer . . . . . . . . . . . . . . . 93
C.1. TCP Timers . . . . . . . . . . . . . . . . . . . . . . 83 Appendix B. Link-Layer Considerations . . . . . . . . . . . . . 94
C.2. TCP Congestion Management . . . . . . . . . . . . . . . 83 Appendix C. TCP Considerations . . . . . . . . . . . . . . . . . 95
D. Example Scenarios 84 C.1. TCP Timers . . . . . . . . . . . . . . . . . . . . . . . 95
D.1. Registering with a Foreign Agent Care-of Address . . . 84 C.2. TCP Congestion Management . . . . . . . . . . . . . . . . 95
D.2. Registering with a Co-Located Care-of Address . . . . . 84 Appendix D. Example Scenarios . . . . . . . . . . . . . . . . . 96
D.3. Deregistration . . . . . . . . . . . . . . . . . . . . 85 D.1. Registering with a Foreign Agent Care-of Address . . . . 96
E. Applicability of Prefix-Lengths Extension 86 D.2. Registering with a Co-Located Care-of Address . . . . . . 96
F. Interoperability Considerations 86 D.3. Deregistration . . . . . . . . . . . . . . . . . . . . . 97
G. Changes since RFC 2002 87 Appendix E. Applicability of Prefix-Lengths Extension . . . . . 98
G.1. Major Changes . . . . . . . . . . . . . . . . . . . . . 87 Appendix F. Interoperability Considerations . . . . . . . . . . 99
G.2. Minor Changes . . . . . . . . . . . . . . . . . . . . . 89 Appendix G. Changes since RFC 2002 . . . . . . . . . . . . . . . 100
G.3. Changes since revision 04 of RFC2002bis . . . . . . . . 91 G.1. Recent Changes . . . . . . . . . . . . . . . . . . . . . 100
H. Example Messages 92 G.2. Major Changes . . . . . . . . . . . . . . . . . . . . . . 101
H.1. Example ICMP Agent Advertisement Message Format . . . . 92 G.3. Minor Changes . . . . . . . . . . . . . . . . . . . . . . 103
H.2. Example Registration Request Message Format . . . . . . 93 G.4. Changes since RFC3344 . . . . . . . . . . . . . . . . . . 104
H.3. Example Registration Reply Message Format . . . . . . . 94 Appendix H. Example Messages . . . . . . . . . . . . . . . . . . 106
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 H.1. Example ICMP Agent Advertisement Message Format . . . . . 106
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98 H.2. Example Registration Request Message Format . . . . . . . 106
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 99 H.3. Example Registration Reply Message Format . . . . . . . . 107
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 109
1. Introduction 1. Introduction
IP version 4 assumes that a node's IP address uniquely identifies the IP version 4 assumes that a node's IP address uniquely identifies the
node's point of attachment to the Internet. Therefore, a node must node's point of attachment to the Internet. Therefore, a node must
be located on the network indicated by its IP address in order to be located on the network indicated by its IP address in order to
receive datagrams destined to it; otherwise, datagrams destined to receive datagrams destined to it; otherwise, datagrams destined to
the node would be undeliverable. For a node to change its point of the node would be undeliverable. For a node to change its point of
attachment without losing its ability to communicate, currently one attachment without losing its ability to communicate, currently one
of the two following mechanisms must typically be employed: of the two following mechanisms must typically be employed:
a) the node must change its IP address whenever it changes its o the node must change its IP address whenever it changes its point
point of attachment, or of attachment, or
b) host-specific routes must be propagated throughout much of the o host-specific routes must be propagated throughout much of the
Internet routing fabric. Internet routing fabric.
Both of these alternatives are often unacceptable. The first makes Both of these alternatives are often unacceptable. The first makes
it impossible for a node to maintain transport and higher-layer it impossible for a node to maintain transport and higher-layer
connections when the node changes location. The second has obvious connections when the node changes location. The second has obvious
and severe scaling problems, especially relevant considering the and severe scaling problems, especially relevant considering the
explosive growth in sales of notebook (mobile) computers. explosive growth in sales of notebook (mobile) computers.
A new, scalable, mechanism is required for accommodating node A new, scalable, mechanism is required for accommodating node
mobility within the Internet. This document defines such a mobility within the Internet. This document defines such a
mechanism, which enables nodes to change their point of attachment to mechanism, which enables nodes to change their point of attachment to
the Internet without changing their IP address. the Internet without changing their IP address.
Changes between this revised specification for Mobile IP and the Changes between this revised specification for Mobile IP and the
original specifications (see [33, 32, 34, 43, 8]) are detailed in the original specifications (see [40],[14],[15],[20],[4]) are detailed in
appendix section G. Appendix G.
1.1. Protocol Requirements 1.1. Protocol Requirements
A mobile node must be able to communicate with other nodes after A mobile node must be able to communicate with other nodes after
changing its link-layer point of attachment to the Internet, yet changing its link-layer point of attachment to the Internet, yet
without changing its IP address. without changing its IP address.
A mobile node must be able to communicate with other nodes that do A mobile node must be able to communicate with other nodes that do
not implement these mobility functions. No protocol enhancements are not implement these mobility functions. No protocol enhancements are
required in hosts or routers that are not acting as any of the new required in hosts or routers that are not acting as any of the new
skipping to change at page 5, line 35 skipping to change at page 6, line 47
Mobile IP facilitates node movement from one Ethernet segment to Mobile IP facilitates node movement from one Ethernet segment to
another as well as it accommodates node movement from an Ethernet another as well as it accommodates node movement from an Ethernet
segment to a wireless LAN, as long as the mobile node's IP address segment to a wireless LAN, as long as the mobile node's IP address
remains the same after such a movement. remains the same after such a movement.
One can think of Mobile IP as solving the "macro" mobility management One can think of Mobile IP as solving the "macro" mobility management
problem. It is less well suited for more "micro" mobility management problem. It is less well suited for more "micro" mobility management
applications -- for example, handoff amongst wireless transceivers, applications -- for example, handoff amongst wireless transceivers,
each of which covers only a very small geographic area. As long as each of which covers only a very small geographic area. As long as
node movement does not occur between points of attachment on node movement does not occur between points of attachment on
different IP subnets, link-layer mechanisms for mobility (i.e., different IP subnets, link-layer mechanisms for mobility (i.e., link-
link-layer handoff) may offer faster convergence and far less layer handoff) may offer faster convergence and far less overhead
overhead than Mobile IP. than Mobile IP.
1.5. New Architectural Entities 1.5. New Architectural Entities
Mobile IP introduces the following new functional entities: Mobile IP introduces the following new functional entities:
Mobile Node Mobile Node
A host or router that changes its point of attachment from one A host or router that changes its point of attachment from one
network or subnetwork to another. A mobile node may change its network or subnetwork to another. A mobile node may change its
location without changing its IP address; it may continue to location without changing its IP address; it may continue to
communicate with other Internet nodes at any location using its communicate with other Internet nodes at any location using its
(constant) IP address, assuming link-layer connectivity to a (constant) IP address, assuming link-layer connectivity to a point
point of attachment is available. of attachment is available.
Home Agent Home Agent
A router on a mobile node's home network which tunnels A router on a mobile node's home network which tunnels datagrams
datagrams for delivery to the mobile node when it is away from for delivery to the mobile node when it is away from home, and
home, and maintains current location information for the mobile maintains current location information for the mobile node.
node.
Foreign Agent Foreign Agent
A router on a mobile node's visited network which provides A router on a mobile node's visited network which provides routing
routing services to the mobile node while registered. The services to the mobile node while registered. The foreign agent
foreign agent detunnels and delivers datagrams to the mobile detunnels and delivers datagrams to the mobile node that were
node that were tunneled by the mobile node's home agent. For tunneled by the mobile node's home agent. For datagrams sent by a
datagrams sent by a mobile node, the foreign agent may serve as mobile node, the foreign agent may serve as a default router for
a default router for registered mobile nodes. registered mobile nodes.
A mobile node is given a long-term IP address on a home network. A mobile node is given a long-term IP address on a home network.
This home address is administered in the same way as a "permanent" IP This home address is administered in the same way as a "permanent" IP
address is provided to a stationary host. When away from its home address is provided to a stationary host. When away from its home
network, a "care-of address" is associated with the mobile node and network, a "care-of address" is associated with the mobile node and
reflects the mobile node's current point of attachment. The mobile reflects the mobile node's current point of attachment. The mobile
node uses its home address as the source address of all IP datagrams node uses its home address as the source address of all IP datagrams
that it sends, except where otherwise described in this document for that it sends, except where otherwise described in this document for
datagrams sent for certain mobility management functions (e.g., as in datagrams sent for certain mobility management functions (e.g., as in
Section 3.6.1.1). Section 3.6.1.1).
1.6. Terminology 1.6. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [4]. document are to be interpreted as described in RFC 2119 [1].
In addition, this document frequently uses the following terms: In addition, this document frequently uses the following terms:
Authorization-enabling extension Authorization-enabling extension
An authentication which makes a (registration) message An authentication which makes a (registration) message acceptable
acceptable to the ultimate recipient of the registration to the ultimate recipient of the registration message. An
message. An authorization-enabling extension MUST contain authorization-enabling extension MUST contain an SPI.
an SPI.
In this document, all uses of authorization-enabling In this document, all uses of authorization-enabling extension
extension refer to authentication extensions that enable the refer to authentication extensions that enable the Registration
Registration Request message to be acceptable to the home Request message to be acceptable to the home agent. Using
agent. Using additional protocol structures specified additional protocol structures specified outside of this document,
outside of this document, it may be possible for the mobile it may be possible for the mobile node to provide authentication
node to provide authentication of its registration to the of its registration to the home agent, by way of another
home agent, by way of another authenticating entity within authenticating entity within the network that is acceptable to the
the network that is acceptable to the home agent (for home agent (for example, see RFC 2794 [2]).
example, see RFC 2794 [6]).
Agent Advertisement Agent Advertisement
An advertisement message constructed by attaching a special An advertisement message constructed by attaching a special
Extension to a router advertisement [10] message. Extension to a router advertisement [5] message.
Authentication Authentication
The process of verifying (using cryptographic techniques, The process of verifying (using cryptographic techniques, for all
for all applications in this specification) the identity of applications in this specification) the identity of the originator
the originator of a message. of a message.
Care-of Address Care-of Address
The termination point of a tunnel toward a mobile node, for The termination point of a tunnel toward a mobile node, for
datagrams forwarded to the mobile node while it is away from datagrams forwarded to the mobile node while it is away from home.
home. The protocol can use two different types of care-of The protocol can use two different types of care-of address: a
address: a "foreign agent care-of address" is an address of "foreign agent care-of address" is an address of a foreign agent
a foreign agent with which the mobile node is registered, with which the mobile node is registered, and a "co-located
and a "co-located care-of address" is an externally obtained care-of address" is an externally obtained local address which the
local address which the mobile node has associated with one mobile node has associated with one of its own network interfaces.
of its own network interfaces.
Correspondent Node Correspondent Node
A peer with which a mobile node is communicating. A A peer with which a mobile node is communicating. A correspondent
correspondent node may be either mobile or stationary. node may be either mobile or stationary.
Foreign Network Foreign Network
Any network other than the mobile node's Home Network. Any network other than the mobile node's Home Network.
Gratuitous ARP Gratuitous ARP
An ARP packet sent by a node in order to spontaneously cause An ARP packet sent by a node in order to spontaneously cause other
other nodes to update an entry in their ARP cache [45]. See nodes to update an entry in their ARP cache [42]. See
section 4.6. Section 4.6.
Home Address Home Address
An IP address that is assigned for an extended period of An IP address that is assigned for an extended period of time to a
time to a mobile node. It remains unchanged regardless of mobile node. It remains unchanged regardless of where the node is
where the node is attached to the Internet. attached to the Internet.
Home Network Home Network
A network, possibly virtual, having a network prefix A network, possibly virtual, having a network prefix matching that
matching that of a mobile node's home address. Note that of a mobile node's home address. Note that standard IP routing
standard IP routing mechanisms will deliver datagrams mechanisms will deliver datagrams destined to a mobile node's Home
destined to a mobile node's Home Address to the mobile Address to the mobile node's Home Network.
node's Home Network.
Link Link
A facility or medium over which nodes can communicate at the A facility or medium over which nodes can communicate at the link
link layer. A link underlies the network layer. layer. A link underlies the network layer.
Link-Layer Address Link-Layer Address
The address used to identify an endpoint of some The address used to identify an endpoint of some communication
communication over a physical link. Typically, the Link- over a physical link. Typically, the Link-Layer address is an
Layer address is an interface's Media Access Control (MAC) interface's Media Access Control (MAC) address.
address.
Mobility Agent Mobility Agent
Either a home agent or a foreign agent. Either a home agent or a foreign agent.
Mobility Binding Mobility Binding
The association of a home address with a care-of address, The association of a home address with a care-of address, along
along with the remaining lifetime of that association. with the remaining lifetime of that association.
Mobility Security Association Mobility Security Association
A collection of security contexts, between a pair of nodes, A collection of security contexts, between a pair of nodes, which
which may be applied to Mobile IP protocol messages may be applied to Mobile IP protocol messages exchanged between
exchanged between them. Each context indicates an them. Each context indicates an authentication algorithm and mode
authentication algorithm and mode (Section 5.1), a secret (a (Section 5.1), a secret (a shared key, or appropriate public/
shared key, or appropriate public/private key pair), and a private key pair), and a style of replay protection in use
style of replay protection in use (Section 5.7). (Section 5.7).
Node Node
A host or a router. A host or a router.
Nonce Nonce
A randomly chosen value, different from previous choices, A randomly chosen value, different from previous choices, inserted
inserted in a message to protect against replays. in a message to protect against replays.
Security Parameter Index (SPI) Security Parameter Index (SPI)
An index identifying a security context between a pair of An index identifying a security context between a pair of nodes
nodes among the contexts available in the Mobility Security among the contexts available in the Mobility Security Association.
Association. SPI values 0 through 255 are reserved and MUST SPI values 0 through 255 are reserved and MUST NOT be used in any
NOT be used in any Mobility Security Association. Mobility Security Association.
Tunnel Tunnel
The path followed by a datagram while it is encapsulated. The path followed by a datagram while it is encapsulated. The
The model is that, while it is encapsulated, a datagram is model is that, while it is encapsulated, a datagram is routed to a
routed to a knowledgeable decapsulating agent, which knowledgeable decapsulating agent, which decapsulates the datagram
decapsulates the datagram and then correctly delivers it to and then correctly delivers it to its ultimate destination.
its ultimate destination.
Virtual Network Virtual Network
A network with no physical instantiation beyond a router A network with no physical instantiation beyond a router (with a
(with a physical network interface on another network). The physical network interface on another network). The router (e.g.,
router (e.g., a home agent) generally advertises a home agent) generally advertises reachability to the virtual
reachability to the virtual network using conventional network using conventional routing protocols.
routing protocols.
Visited Network Visited Network
A network other than a mobile node's Home Network, to which A network other than a mobile node's Home Network, to which the
the mobile node is currently connected. mobile node is currently connected.
Visitor List Visitor List
The list of mobile nodes visiting a foreign agent. The list of mobile nodes visiting a foreign agent.
1.7. Protocol Overview 1.7. Protocol Overview
The following support services are defined for Mobile IP: The following support services are defined for Mobile IP:
Agent Discovery Agent Discovery
Home agents and foreign agents may advertise their Home agents and foreign agents may advertise their availability on
availability on each link for which they provide service. A each link for which they provide service. A newly arrived mobile
newly arrived mobile node can send a solicitation on the node can send a solicitation on the link to learn if any
link to learn if any prospective agents are present. prospective agents are present.
Registration Registration
When the mobile node is away from home, it registers its When the mobile node is away from home, it registers its care-of
care-of address with its home agent. Depending on its address with its home agent. Depending on its method of
method of attachment, the mobile node will register either attachment, the mobile node will register either directly with its
directly with its home agent, or through a foreign agent home agent, or through a foreign agent which forwards the
which forwards the registration to the home agent. registration to the home agent.
silently discard silently discard
The implementation discards the datagram without further The implementation discards the datagram without further
processing, and without indicating an error to the sender. processing, and without indicating an error to the sender. The
The implementation SHOULD provide the capability of logging implementation SHOULD provide the capability of logging the error,
the error, including the contents of the discarded datagram, including the contents of the discarded datagram, and SHOULD
and SHOULD record the event in a statistics counter. record the event in a statistics counter.
The following steps provide a rough outline of operation of the The following steps provide a rough outline of operation of the
Mobile IP protocol: Mobile IP protocol:
- Mobility agents (i.e., foreign agents and home agents) o Mobility agents (i.e., foreign agents and home agents) advertise
advertise their presence via Agent Advertisement messages their presence via Agent Advertisement messages (Section 2). A
(Section 2). A mobile node may optionally solicit an Agent mobile node may optionally solicit an Agent Advertisement message
Advertisement message from any locally attached mobility agents from any locally attached mobility agents through an Agent
through an Agent Solicitation message. Solicitation message.
- A mobile node receives these Agent Advertisements and o A mobile node receives these Agent Advertisements and determines
determines whether it is on its home network or a foreign whether it is on its home network or a foreign network.
network.
- When the mobile node detects that it is located on its home o When the mobile node detects that it is located on its home
network, it operates without mobility services. If returning network, it operates without mobility services. If returning to
to its home network from being registered elsewhere, the mobile its home network from being registered elsewhere, the mobile node
node deregisters with its home agent, through exchange of a deregisters with its home agent, through exchange of a
Registration Request and Registration Reply message with it. Registration Request and Registration Reply message with it.
- When a mobile node detects that it has moved to a foreign o When a mobile node detects that it has moved to a foreign network,
network, it obtains a care-of address on the foreign network. it obtains a care-of address on the foreign network. The care-of
The care-of address can either be determined from a foreign address can either be determined from a foreign agent's
agent's advertisements (a foreign agent care-of address), or by advertisements (a foreign agent care-of address), or by some
some external assignment mechanism such as DHCP [13] (a co- external assignment mechanism such as DHCP [30] (a co-located
located care-of address). care-of address).
- The mobile node operating away from home then registers its new o The mobile node operating away from home then registers its new
care-of address with its home agent through exchange of a care-of address with its home agent through exchange of a
Registration Request and Registration Reply message with it, Registration Request and Registration Reply message with it,
possibly via a foreign agent (Section 3). possibly via a foreign agent (Section 3).
- Datagrams sent to the mobile node's home address are o Datagrams sent to the mobile node's home address are intercepted
intercepted by its home agent, tunneled by the home agent to by its home agent, tunneled by the home agent to the mobile node's
the mobile node's care-of address, received at the tunnel care-of address, received at the tunnel endpoint (either at a
endpoint (either at a foreign agent or at the mobile node foreign agent or at the mobile node itself), and finally delivered
itself), and finally delivered to the mobile node (Section to the mobile node (Section 4.2.3).
4.2.3).
- In the reverse direction, datagrams sent by the mobile node are o In the reverse direction, datagrams sent by the mobile node are
generally delivered to their destination using standard IP generally delivered to their destination using standard IP routing
routing mechanisms, not necessarily passing through the home mechanisms, not necessarily passing through the home agent.
agent.
When away from home, Mobile IP uses protocol tunneling to hide a When away from home, Mobile IP uses protocol tunneling to hide a
mobile node's home address from intervening routers between its home mobile node's home address from intervening routers between its home
network and its current location. The tunnel terminates at the network and its current location. The tunnel terminates at the
mobile node's care-of address. The care-of address must be an mobile node's care-of address. The care-of address must be an
address to which datagrams can be delivered via conventional IP address to which datagrams can be delivered via conventional IP
routing. At the care-of address, the original datagram is removed routing. At the care-of address, the original datagram is removed
from the tunnel and delivered to the mobile node. from the tunnel and delivered to the mobile node.
Mobile IP provides two alternative modes for the acquisition of a Mobile IP provides two alternative modes for the acquisition of a
care-of address: care-of address:
a) A "foreign agent care-of address" is a care-of address provided a. A "foreign agent care-of address" is a care-of address provided
by a foreign agent through its Agent Advertisement messages. by a foreign agent through its Agent Advertisement messages. In
In this case, the care-of address is an IP address of the this case, the care-of address is an IP address of the foreign
foreign agent. In this mode, the foreign agent is the endpoint agent. In this mode, the foreign agent is the endpoint of the
of the tunnel and, upon receiving tunneled datagrams, tunnel and, upon receiving tunneled datagrams, decapsulates them
decapsulates them and delivers the inner datagram to the mobile and delivers the inner datagram to the mobile node. This mode of
node. This mode of acquisition is preferred because it allows acquisition is preferred because it allows many mobile nodes to
many mobile nodes to share the same care-of address and share the same care-of address and therefore does not place
therefore does not place unnecessary demands on the already unnecessary demands on the already limited IPv4 address space.
limited IPv4 address space.
b) A "co-located care-of address" is a care-of address acquired by b. A "co-located care-of address" is a care-of address acquired by
the mobile node as a local IP address through some external the mobile node as a local IP address through some external
means, which the mobile node then associates with one of its means, which the mobile node then associates with one of its own
own network interfaces. The address may be dynamically network interfaces. The address may be dynamically acquired as a
acquired as a temporary address by the mobile node such as temporary address by the mobile node such as through DHCP [30],
through DHCP [13], or may be owned by the mobile node as a or may be owned by the mobile node as a long-term address for its
long-term address for its use only while visiting some foreign use only while visiting some foreign network. Specific external
network. Specific external methods of acquiring a local IP methods of acquiring a local IP address for use as a co-located
address for use as a co-located care-of address are beyond the care-of address are beyond the scope of this document. When
scope of this document. When using a co-located care-of using a co-located care-of address, the mobile node serves as the
address, the mobile node serves as the endpoint of the tunnel endpoint of the tunnel and itself performs decapsulation of the
and itself performs decapsulation of the datagrams tunneled to datagrams tunneled to it.
it.
The mode of using a co-located care-of address has the advantage that The mode of using a co-located care-of address has the advantage that
it allows a mobile node to function without a foreign agent, for it allows a mobile node to function without a foreign agent, for
example, in networks that have not yet deployed a foreign agent. It example, in networks that have not yet deployed a foreign agent. It
does, however, place additional burden on the IPv4 address space does, however, place additional burden on the IPv4 address space
because it requires a pool of addresses within the foreign network to because it requires a pool of addresses within the foreign network to
be made available to visiting mobile nodes. It is difficult to be made available to visiting mobile nodes. It is difficult to
efficiently maintain pools of addresses for each subnet that may efficiently maintain pools of addresses for each subnet that may
permit mobile nodes to visit. permit mobile nodes to visit.
It is important to understand the distinction between the care-of It is important to understand the distinction between the care-of
address and the foreign agent functions. The care-of address is address and the foreign agent functions. The care-of address is
simply the endpoint of the tunnel. It might indeed be an address of simply the endpoint of the tunnel. It might indeed be an address of
a foreign agent (a foreign agent care-of address), but it might a foreign agent (a foreign agent care-of address), but it might
instead be an address temporarily acquired by the mobile node (a co- instead be an address temporarily acquired by the mobile node (a co-
located care-of address). A foreign agent, on the other hand, is a located care-of address). A foreign agent, on the other hand, is a
mobility agent that provides services to mobile nodes. See Sections mobility agent that provides services to mobile nodes. See
3.7 and 4.2.2 for additional details. Section 3.7 and Section 4.2.2 for additional details.
For example, figure 1 illustrates the routing of datagrams to and
from a mobile node away from home, once the mobile node has
registered with its home agent. In figure 1, the mobile node is
using a foreign agent care-of address, not a co-located care-of
address.
2) Datagram is intercepted 3) Datagram is
by home agent and detunneled and
is tunneled to the delivered to the
care-of address. mobile node.
+-----+ +-------+ +------+
|home | =======> |foreign| ------> |mobile|
|agent| | agent | <------ | node |
+-----+ +-------+ +------+
1) Datagram to /|\ /
mobile node | / 4) For datagrams sent by the
arrives on | / mobile node, standard IP
home network | / routing delivers each to its
via standard | |_ destination. In this figure,
IP routing. +----+ the foreign agent is the
|host| mobile node's default router.
+----+
Figure 1: Operation of Mobile IPv4
A home agent MUST be able to attract and intercept datagrams that are A home agent MUST be able to attract and intercept datagrams that are
destined to the home address of any of its registered mobile nodes. destined to the home address of any of its registered mobile nodes.
Using the proxy and gratuitous ARP mechanisms described in Section Using the proxy and gratuitous ARP mechanisms described in
4.6, this requirement can be satisfied if the home agent has a Section 4.6, this requirement can be satisfied if the home agent has
network interface on the link indicated by the mobile node's home a network interface on the link indicated by the mobile node's home
address. Other placements of the home agent relative to the mobile address. Other placements of the home agent relative to the mobile
node's home location MAY also be possible using other mechanisms for node's home location MAY also be possible using other mechanisms for
intercepting datagrams destined to the mobile node's home address. intercepting datagrams destined to the mobile node's home address.
Such placements are beyond the scope of this document. Such placements are beyond the scope of this document.
Similarly, a mobile node and a prospective or current foreign agent Similarly, a mobile node and a prospective or current foreign agent
MUST be able to exchange datagrams without relying on standard IP MUST be able to exchange datagrams without relying on standard IP
routing mechanisms; that is, those mechanisms which make forwarding routing mechanisms; that is, those mechanisms which make forwarding
decisions based upon the network-prefix of the destination address in decisions based upon the network-prefix of the destination address in
the IP header. This requirement can be satisfied if the foreign the IP header. This requirement can be satisfied if the foreign
agent and the visiting mobile node have an interface on the same agent and the visiting mobile node have an interface on the same
link. In this case, the mobile node and foreign agent simply bypass link. In this case, the mobile node and foreign agent simply bypass
their normal IP routing mechanism when sending datagrams to each their normal IP routing mechanism when sending datagrams to each
other, addressing the underlying link-layer packets to their other, addressing the underlying link-layer packets to their
respective link-layer addresses. Other placements of the foreign respective link-layer addresses. Other placements of the foreign
agent relative to the mobile node MAY also be possible using other agent relative to the mobile node MAY also be possible using other
mechanisms to exchange datagrams between these nodes, but such mechanisms to exchange datagrams between these nodes, but such
placements are beyond the scope of this document. placements are beyond the scope of this document.
2) Datagram is intercepted 3) Datagram is
by home agent and detunneled and
is tunneled to the delivered to the
care-of address. mobile node.
+-----+ +-------+ +------+
|home | =======> |foreign| ------> |mobile|
|agent| | agent | <------ | node |
+-----+ +-------+ +------+
1) Datagram to /|\ /
mobile node | / 4) For datagrams sent by the
arrives on | / mobile node, standard IP
home network | / routing delivers each to its
via standard | |_ destination. In this figure,
IP routing. +----+ the foreign agent is the
|host| mobile node's default router.
+----+
Figure 1: Operation of Mobile IPv4
If a mobile node is using a co-located care-of address (as described If a mobile node is using a co-located care-of address (as described
in (b) above), the mobile node MUST be located on the link identified in (b) above), the mobile node MUST be located on the link identified
by the network prefix of this care-of address. Otherwise, datagrams by the network prefix of this care-of address. Otherwise, datagrams
destined to the care-of address would be undeliverable. destined to the care-of address would be undeliverable.
For example, Figure 1 illustrates the routing of datagrams to and
from a mobile node away from home, once the mobile node has
registered with its home agent. In figure 1, the mobile node is
using a foreign agent care-of address, not a co-located care-of
address.
1.8. Message Format and Protocol Extensibility 1.8. Message Format and Protocol Extensibility
Mobile IP defines a set of new control messages, sent with UDP [37] Mobile IP defines a set of new control messages, sent with UDP [17]
using well-known port number 434. The following two message types using well-known port number 434. The following two message types
are defined in this document: are defined in this document:
1 Registration Request 1 Registration Request
3 Registration Reply 3 Registration Reply
Up-to-date values for the message types for Mobile IP control Up-to-date values for the message types for Mobile IP control
messages are specified in the most recent "Assigned Numbers" [40]. messages are specified in the IANA online database [45].
In addition, for Agent Discovery, Mobile IP makes use of the In addition, for Agent Discovery, Mobile IP makes use of the existing
existing Router Advertisement and Router Solicitation messages Router Advertisement and Router Solicitation messages defined for
defined for ICMP Router Discovery [10]. ICMP Router Discovery [5].
Mobile IP defines a general Extension mechanism to allow optional Mobile IP defines a general Extension mechanism to allow optional
information to be carried by Mobile IP control messages or by ICMP information to be carried by Mobile IP control messages or by ICMP
Router Discovery messages. Some extensions have been specified to Router Discovery messages. Some extensions have been specified to be
be encoded in the simple Type-Length-Value format described in encoded in the simple Type-Length-Value format described in
Section 1.9. Section 1.9.
Extensions allow variable amounts of information to be carried Extensions allow variable amounts of information to be carried within
within each datagram. The end of the list of Extensions is each datagram. The end of the list of Extensions is indicated by the
indicated by the total length of the IP datagram. total length of the IP datagram.
Two separately maintained sets of numbering spaces, from which Two separately maintained sets of numbering spaces, from which
Extension Type values are allocated, are used in Mobile IP: Extension Type values are allocated, are used in Mobile IP:
- The first set consists of those Extensions which may appear o The first set consists of those Extensions which may appear only
only in Mobile IP control messages (those sent to and from UDP in Mobile IP control messages (those sent to and from UDP port
port number 434). In this document, the following Types are number 434). In this document, the following Types are defined
defined for Extensions appearing in Mobile IP control messages: for Extensions appearing in Mobile IP control messages:
32 Mobile-Home Authentication 32 Mobile-Home Authentication
33 Mobile-Foreign Authentication 33 Mobile-Foreign Authentication
34 Foreign-Home Authentication 34 Foreign-Home Authentication
- The second set consists of those extensions which may appear o The second set consists of those extensions which may appear only
only in ICMP Router Discovery messages [10]. In this document, in ICMP Router Discovery messages [5]. In this document, the
the following Types are defined for Extensions appearing in following Types are defined for Extensions appearing in ICMP
ICMP Router Discovery messages: Router Discovery messages:
0 One-byte Padding (encoded with no Length nor Data field) 0 One-byte Padding (encoded with no Length nor Data field)
16 Mobility Agent Advertisement 16 Mobility Agent Advertisement
19 Prefix-Lengths 19 Prefix-Lengths
Each individual Extension is described in detail in a separate Each individual Extension is described in detail in a separate
section later in this document. Up-to-date values for these section later in this document. Up-to-date values for these
Extension Type numbers are specified in the most recent "Assigned Extension Type numbers are specified in the IANA online database
Numbers" [40]. [45].
Due to the separation (orthogonality) of these sets, it is Due to the separation (orthogonality) of these sets, it is
conceivable that two Extensions that are defined at a later date conceivable that two Extensions that are defined at a later date
could have identical Type values, so long as one of the Extensions could have identical Type values, so long as one of the Extensions
may be used only in Mobile IP control messages and the other may be may be used only in Mobile IP control messages and the other may be
used only in ICMP Router Discovery messages. used only in ICMP Router Discovery messages.
The type field in the Mobile IP extension structure can support up to The type field in the Mobile IP extension structure can support up to
255 (skippable and not skippable) uniquely identifiable extensions. 255 (skippable and not skippable) uniquely identifiable extensions.
When an Extension numbered in either of these sets within the range 0 When an Extension numbered in either of these sets within the range 0
skipping to change at page 15, line 5 skipping to change at page 16, line 15
Extensions and message data MUST still be processed. The Length Extensions and message data MUST still be processed. The Length
field of the Extension is used to skip the Data field in searching field of the Extension is used to skip the Data field in searching
for the next Extension. for the next Extension.
Unless additional structure is utilized for the extension types, new Unless additional structure is utilized for the extension types, new
developments or additions to Mobile IP might require so many new developments or additions to Mobile IP might require so many new
extensions that the available space for extension types might run extensions that the available space for extension types might run
out. Two new extension structures are proposed to solve this out. Two new extension structures are proposed to solve this
problem. Certain types of extensions can be aggregated, using problem. Certain types of extensions can be aggregated, using
subtypes to identify the precise extension, for example as has been subtypes to identify the precise extension, for example as has been
done with the Generic Authentication Keys extensions [35]. In many done with the Generic Authentication Keys extensions [43]. In many
cases, this may reduce the rate of allocation for new values of the cases, this may reduce the rate of allocation for new values of the
type field. type field.
Since the new extension structures will cause an efficient usage of Since the new extension structures will cause an efficient usage of
the extension type space, it is recommended that new Mobile IP the extension type space, it is recommended that new Mobile IP
extensions follow one of the two new extension formats whenever there extensions follow one of the two new extension formats whenever there
may be the possibility to group related extensions together. may be the possibility to group related extensions together.
The following subsections provide details about three distinct The following subsections provide details about three distinct
structures for Mobile IP extensions: structures for Mobile IP extensions:
- The simple extension format o The simple extension format
- The long extension format o The long extension format
- The short extension format o The short extension format
1.9. Type-Length-Value Extension Format for Mobile IP Extensions 1.9. Type-Length-Value Extension Format for Mobile IP Extensions
The Type-Length-Value format illustrated in figure 2 is used for The Type-Length-Value format illustrated in Figure 2 is used for
extensions which are specified in this document. Since this simple extensions which are specified in this document. Since this simple
extension structure does not encourage the most efficient usage of extension structure does not encourage the most efficient usage of
the extension type space, it is recommended that new Mobile IP the extension type space, it is recommended that new Mobile IP
extensions follow one of the two new extension formats specified in extensions follow one of the two new extension formats specified in
sections 1.10 or 1.11 whenever there may be the possibility to group Section 1.10 or Section 1.11 whenever there may be the possibility to
related extensions together. group related extensions together.
0 1 2 0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| Type | Length | Data ... | Type | Length | Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 2: Type-Length-Value extension format for Mobile IPv4 Figure 2: Type-Length-Value extension format for Mobile IPv4
Type
Type Indicates the particular type of Extension. Indicates the particular type of Extension.
Length Indicates the length (in bytes) of the data field within Length
this Extension. The length does NOT include the Type and
Length bytes.
Data The particular data associated with this Extension. This Indicates the length (in bytes) of the data field within this
field may be zero or more bytes in length. The format Extension. The length does NOT include the Type and Length bytes.
and length of the data field is determined by the type
and length fields. Data
The particular data associated with this Extension. This field
may be zero or more bytes in length. The format and length of the
data field is determined by the type and length fields.
1.10. Long Extension Format 1.10. Long Extension Format
This format is applicable for non-skippable extensions which carry This format is applicable for non-skippable extensions which carry
information more than 256 bytes. information more than 256 bytes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Sub-Type | Length | | Type | Sub-Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data ..... | Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Long Extension format requires that the following fields be The Long Extension format requires that the following fields be
specified as the first fields of the extension. specified as the first fields of the extension.
Type is the type, which describes a collection of extensions Type
having a common data type.
Sub-Type is a unique number given to each member in the aggregated is the type, which describes a collection of extensions having a
type. common data type.
Length indicates the length (in bytes) of the data field within Sub-Type
this Extension. It does NOT include the Type, Length and
Sub-Type bytes.
Data is the data associated with the subtype of this is a unique number given to each member in the aggregated type.
extension. This specification does not place any
additional structure on the subtype data.
Since the length field is 16 bits wide, a the extension data can Length
exceed 256 bytes in length.
indicates the length (in bytes) of the data field within this
Extension. It does NOT include the Type, Length and Sub-Type
bytes.
Data
is the data associated with the subtype of this extension. This
specification does not place any additional structure on the
subtype data.
Since the length field is 16 bits wide, the extension data can exceed
256 bytes in length.
1.11. Short Extension Format 1.11. Short Extension Format
This format is compatible with the skippable extensions defined in This format is compatible with the skippable extensions defined in
section 1.9. It is not applicable for extensions which require more Section 1.9. It is not applicable for extensions which require more
than 256 bytes of data; for such extensions, use the format described than 256 bytes of data; for such extensions, use the format described
in section 1.10. in Section 1.10.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sub-Type | Data .... | Type | Length | Sub-Type | Data ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Short Extension format requires that the following fields be The Short Extension format requires that the following fields be
specified as the first fields of the extension: specified as the first fields of the extension:
Type is the type, which describes a collection of extensions Type
having a common data type.
Sub-Type is a unique number given to each member in the aggregated is the type, which describes a collection of extensions having a
type. common data type.
Length 8-bit unsigned integer. Length of the extension, in Sub-Type
bytes, excluding the extension Type and the extension
Length fields. This field MUST be set to 1 plus the
total length of the data field.
Data is the data associated with this extension. This is a unique number given to each member in the aggregated type.
specification does not place any additional structure on
the subtype data. Length
8-bit unsigned integer. Length of the extension, in bytes,
excluding the extension Type and the extension Length fields.
This field MUST be set to 1 plus the total length of the data
field.
Data
is the data associated with this extension. This specification
does not place any additional structure on the subtype data.
2. Agent Discovery 2. Agent Discovery
Agent Discovery is the method by which a mobile node determines Agent Discovery is the method by which a mobile node determines
whether it is currently connected to its home network or to a foreign whether it is currently connected to its home network or to a foreign
network, and by which a mobile node can detect when it has moved from network, and by which a mobile node can detect when it has moved from
one network to another. When connected to a foreign network, the one network to another. When connected to a foreign network, the
methods specified in this section also allow the mobile node to methods specified in this section also allow the mobile node to
determine the foreign agent care-of address being offered by each determine the foreign agent care-of address being offered by each
foreign agent on that network. foreign agent on that network.
Mobile IP extends ICMP Router Discovery [10] as its primary mechanism Mobile IP extends ICMP Router Discovery [5] as its primary mechanism
for Agent Discovery. An Agent Advertisement is formed by including a for Agent Discovery. An Agent Advertisement is formed by including a
Mobility Agent Advertisement Extension in an ICMP Router Mobility Agent Advertisement Extension in an ICMP Router
Advertisement message (Section 2.1). An Agent Solicitation message Advertisement message (Section 2.1). An Agent Solicitation message
is identical to an ICMP Router Solicitation, except that its IP TTL is identical to an ICMP Router Solicitation, except that its IP TTL
MUST be set to 1 (Section 2.2). This section describes the message MUST be set to 1 (Section 2.2). This section describes the message
formats and procedures by which mobile nodes, foreign agents, and formats and procedures by which mobile nodes, foreign agents, and
home agents cooperate to realize Agent Discovery. home agents cooperate to realize Agent Discovery.
Agent Advertisement and Agent Solicitation may not be necessary for Agent Advertisement and Agent Solicitation may not be necessary for
link layers that already provide this functionality. The method by link layers that already provide this functionality. The method by
which mobile nodes establish link-layer connections with prospective which mobile nodes establish link-layer connections with prospective
agents is outside the scope of this document (but see Appendix B). agents is outside the scope of this document (but see Appendix B).
The procedures described below assume that such link-layer The procedures described below assume that such link-layer
connectivity has already been established. connectivity has already been established.
No authentication is required for Agent Advertisement and Agent No authentication is required for Agent Advertisement and Agent
Solicitation messages. They MAY be authenticated using the IP Solicitation messages. They MAY be authenticated using the IP
Authentication Header [22], which is unrelated to the messages Authentication Header [9], which is unrelated to the messages
described in this document. Further specification of the way in described in this document. Further specification of the way in
which Advertisement and Solicitation messages may be authenticated is which Advertisement and Solicitation messages may be authenticated is
outside of the scope of this document. outside of the scope of this document.
2.1. Agent Advertisement 2.1. Agent Advertisement
Agent Advertisements are transmitted by a mobility agent to advertise Agent Advertisements are transmitted by a mobility agent to advertise
its services on a link. Mobile nodes use these advertisements to its services on a link. Mobile nodes use these advertisements to
determine their current point of attachment to the Internet. An determine their current point of attachment to the Internet. An
Agent Advertisement is an ICMP Router Advertisement that has been Agent Advertisement is an ICMP Router Advertisement that has been
extended to also carry an Mobility Agent Advertisement Extension extended to also carry an Mobility Agent Advertisement Extension
(Section 2.1.1) and, optionally, a Prefix-Lengths Extension (Section (Section 2.1.1) and, optionally, a Prefix-Lengths Extension
2.1.2), One-byte Padding Extension (Section 2.1.3), or other (Section 2.1.2), One-byte Padding Extension (Section 2.1.3, or other
Extensions that might be defined in the future. Extensions that might be defined in the future.
Within an Agent Advertisement message, ICMP Router Advertisement Within an Agent Advertisement message, ICMP Router Advertisement
fields of the message are required to conform to the following fields of the message are required to conform to the following
additional specifications: additional specifications:
- Link-Layer Fields Link-Layer Fields
Destination Address Destination Address
The link-layer destination address of a unicast Agent The link-layer destination address of a unicast Agent
Advertisement MUST be the same as the source link-layer Advertisement MUST be the same as the source link-layer address
address of the Agent Solicitation which prompted the of the Agent Solicitation which prompted the Advertisement.
Advertisement.
- IP Fields IP Fields
TTL The TTL for all Agent Advertisements MUST be set TTL
to 1.
The TTL for all Agent Advertisements MUST be set to 1.
Destination Address Destination Address
As specified for ICMP Router Discovery [10], the IP As specified for ICMP Router Discovery [5], the IP destination
destination address of an multicast Agent Advertisement address of an multicast Agent Advertisement MUST be either the
MUST be either the "all systems on this link" multicast "all systems on this link" multicast address (224.0.0.1) [6] or
address (224.0.0.1) [11] or the "limited broadcast" the "limited broadcast" address (255.255.255.255). The subnet-
address (255.255.255.255). The subnet-directed broadcast directed broadcast address of the form <prefix>.<-1> cannot be
address of the form <prefix>.<-1> cannot be used since used since mobile nodes will not generally know the prefix of
mobile nodes will not generally know the prefix of the the foreign network. When the Agent Advertisement is unicast
foreign network. When the Agent Advertisement is unicast to a mobile node, the IP home address of the mobile node SHOULD
to a mobile node, the IP home address of the mobile node be used as the Destination Address.
SHOULD be used as the Destination Address.
- ICMP Fields ICMP Fields
Code The Code field of the agent advertisement is Code
interpreted as follows:
The Code field of the agent advertisement is interpreted as
follows:
0 The mobility agent handles common traffic -- that is, it
acts as a router for IP datagrams not necessarily related to
mobile nodes.
0 The mobility agent handles common traffic -- that
is, it acts as a router for IP datagrams not
necessarily related to mobile nodes.
16 The mobility agent does not route common traffic. 16 The mobility agent does not route common traffic.
However, all foreign agents MUST (minimally) However, all foreign agents MUST (minimally) forward to a
forward to a default router any datagrams received default router any datagrams received from a registered
from a registered mobile node (Section 4.2.2). mobile node (Section 4.2.2).
Lifetime Lifetime
The maximum length of time that the Advertisement is The maximum length of time that the Advertisement is considered
considered valid in the absence of further valid in the absence of further Advertisements.
Advertisements.
Router Address(es) Router Address(es)
See Section 2.3.1 for a discussion of the addresses that See Section 2.3.1 for a discussion of the addresses that may
may appear in this portion of the Agent Advertisement. appear in this portion of the Agent Advertisement.
Num Addrs Num Addrs
The number of Router Addresses advertised in this The number of Router Addresses advertised in this message.
message. Note that in an Agent Advertisement message, Note that in an Agent Advertisement message, the number of
the number of router addresses specified in the ICMP router addresses specified in the ICMP Router Advertisement
Router Advertisement portion of the message MAY be set to portion of the message MAY be set to 0. See Section 2.3.1 for
0. See Section 2.3.1 for details. details.
If sent periodically, the nominal interval at which Agent If sent periodically, the nominal interval at which Agent
Advertisements are sent SHOULD be no longer than 1/3 of the Advertisements are sent SHOULD be no longer than 1/3 of the
advertisement Lifetime given in the ICMP header. This interval MAY advertisement Lifetime given in the ICMP header. This interval MAY
be shorter than 1/3 the advertised Lifetime. This allows a mobile be shorter than 1/3 the advertised Lifetime. This allows a mobile
node to miss three successive advertisements before deleting the node to miss three successive advertisements before deleting the
agent from its list of valid agents. The actual transmission time agent from its list of valid agents. The actual transmission time
for each advertisement SHOULD be slightly randomized [10] in order to for each advertisement SHOULD be slightly randomized [5] in order to
avoid synchronization and subsequent collisions with other Agent avoid synchronization and subsequent collisions with other Agent
Advertisements that may be sent by other agents (or with other Router Advertisements that may be sent by other agents (or with other Router
Advertisements sent by other routers). Note that this field has no Advertisements sent by other routers). Note that this field has no
relation to the "Registration Lifetime" field within the Mobility relation to the "Registration Lifetime" field within the Mobility
Agent Advertisement Extension defined below. Agent Advertisement Extension defined below.
2.1.1. Mobility Agent Advertisement Extension 2.1.1. Mobility Agent Advertisement Extension
The Mobility Agent Advertisement Extension follows the ICMP Router The Mobility Agent Advertisement Extension follows the ICMP Router
Advertisement fields. It is used to indicate that an ICMP Router Advertisement fields. It is used to indicate that an ICMP Router
Advertisement message is also an Agent Advertisement being sent by a Advertisement message is also an Agent Advertisement being sent by a
skipping to change at page 20, line 22 skipping to change at page 22, line 4
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sequence Number | | Type | Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Registration Lifetime |R|B|H|F|M|G|r|T| reserved | | Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero or more Care-of Addresses | | zero or more Care-of Addresses |
| ... | | ... |
Type
Type 16 16
Length (6 + 4*N), where 6 accounts for the number of bytes in Length
the Sequence Number, Registration Lifetime, flags, and
reserved fields, and N is the number of care-of addresses (6 + 4*N), where 6 accounts for the number of bytes in the
advertised. Sequence Number, Registration Lifetime, flags, and reserved
fields, and N is the number of care-of addresses advertised.
Sequence Number Sequence Number
The count of Agent Advertisement messages sent since the The count of Agent Advertisement messages sent since the agent was
agent was initialized (Section 2.3.2). initialized (Section 2.3.2).
Registration Lifetime Registration Lifetime
The longest lifetime (measured in seconds) that this The longest lifetime (measured in seconds) that this agent is
agent is willing to accept in any Registration Request. willing to accept in any Registration Request. A value of 0xffff
A value of 0xffff indicates infinity. This field has no indicates infinity. This field has no relation to the "Lifetime"
relation to the "Lifetime" field within the ICMP Router field within the ICMP Router Advertisement portion of the Agent
Advertisement portion of the Agent Advertisement. Advertisement.
R Registration required. Registration with this foreign R
agent (or another foreign agent on this link) is required
even when using a co-located care-of address.
B Busy. The foreign agent will not accept registrations Registration required. Registration with this foreign agent (or
from additional mobile nodes. another foreign agent on this link) is required even when using a
co-located care-of address.
H Home agent. This agent offers service as a home agent on B
the link on which this Agent Advertisement message is
sent.
F Foreign agent. This agent offers service as a foreign Busy. The foreign agent will not accept registrations from
agent on the link on which this Agent Advertisement additional mobile nodes.
message is sent.
M Minimal encapsulation. This agent implements receiving H
tunneled datagrams that use minimal encapsulation [34].
G GRE encapsulation. This agent implements receiving Home agent. This agent offers service as a home agent on the link
tunneled datagrams that use GRE encapsulation [16]. on which this Agent Advertisement message is sent.
r Sent as zero; ignored on reception. SHOULD NOT be F
allocated for any other uses.
T Foreign agent supports reverse tunneling [27]. Foreign agent. This agent offers service as a foreign agent on
the link on which this Agent Advertisement message is sent.
M
Minimal encapsulation. This agent implements receiving tunneled
datagrams that use minimal encapsulation [15].
G
GRE encapsulation. This agent implements receiving tunneled
datagrams that use GRE encapsulation [13].
r
Sent as zero; ignored on reception. SHOULD NOT be allocated for
any other uses.
T
Foreign agent supports reverse tunneling [12].
reserved reserved
Sent as zero; ignored on reception. Sent as zero; ignored on reception.
Care-of Address(es) Care-of Address(es)
The advertised foreign agent care-of address(es) provided The advertised foreign agent care-of address(es) provided by this
by this foreign agent. An Agent Advertisement MUST foreign agent. An Agent Advertisement MUST include at least one
include at least one care-of address if the 'F' bit is care-of address if the 'F' bit is set. The number of care-of
set. The number of care-of addresses present is addresses present is determined by the Length field in the
determined by the Length field in the Extension. Extension.
A home agent MUST always be prepared to serve the mobile nodes for A home agent MUST always be prepared to serve the mobile nodes for
which it is the home agent. A foreign agent may at times be too busy which it is the home agent. A foreign agent may at times be too busy
to serve additional mobile nodes; even so, it must continue to send to serve additional mobile nodes; even so, it must continue to send
Agent Advertisements, so that any mobile nodes already registered Agent Advertisements, so that any mobile nodes already registered
with it will know that they have not moved out of range of the with it will know that they have not moved out of range of the
foreign agent and that the foreign agent has not failed. A foreign foreign agent and that the foreign agent has not failed. A foreign
agent may indicate that it is "too busy" to allow new mobile nodes to agent may indicate that it is "too busy" to allow new mobile nodes to
register with it, by setting the 'B' bit in its Agent Advertisements. register with it, by setting the 'B' bit in its Agent Advertisements.
An Agent Advertisement message MUST NOT have the 'B' bit set if the An Agent Advertisement message MUST NOT have the 'B' bit set if the
skipping to change at page 22, line 21 skipping to change at page 24, line 16
that the prefix lengths given DO NOT apply to care-of address(es) that the prefix lengths given DO NOT apply to care-of address(es)
listed in the Mobility Agent Advertisement Extension. The Prefix- listed in the Mobility Agent Advertisement Extension. The Prefix-
Lengths Extension is defined as follows: Lengths Extension is defined as follows:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Prefix Length | .... | Type | Length | Prefix Length | ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 19 (Prefix-Lengths Extension) Type
Length N, where N is the value (possibly zero) of the Num Addrs 19 (Prefix-Lengths Extension)
field in the ICMP Router Advertisement portion of the
Agent Advertisement. Length
N, where N is the value (possibly zero) of the Num Addrs field in
the ICMP Router Advertisement portion of the Agent Advertisement.
Prefix Length(s) Prefix Length(s)
The number of leading bits that define the network number The number of leading bits that define the network number of the
of the corresponding Router Address listed in the ICMP corresponding Router Address listed in the ICMP Router
Router Advertisement portion of the message. The prefix Advertisement portion of the message. The prefix length for each
length for each Router Address is encoded as a separate Router Address is encoded as a separate byte, in the order that
byte, in the order that the Router Addresses are listed the Router Addresses are listed in the ICMP Router Advertisement
in the ICMP Router Advertisement portion of the message. portion of the message.
See Section 2.4.2 for information about how the Prefix-Lengths See Section 2.4.2 for information about how the Prefix-Lengths
Extension MAY be used by a mobile node when determining whether it Extension MAY be used by a mobile node when determining whether it
has moved. See Appendix E for implementation details about the use has moved. See Appendix E for implementation details about the use
of this Extension. of this Extension.
2.1.3. One-byte Padding Extension 2.1.3. One-byte Padding Extension
Some IP protocol implementations insist upon padding ICMP messages to Some IP protocol implementations insist upon padding ICMP messages to
an even number of bytes. If the ICMP length of an Agent an even number of bytes. If the ICMP length of an Agent
Advertisement is odd, this Extension MAY be included in order to make Advertisement is odd, this Extension MAY be included in order to make
the ICMP length even. Note that this Extension is NOT intended to be the ICMP length even. Note that this Extension is NOT intended to be
a general-purpose Extension to be included in order to word- or a general-purpose Extension to be included in order to word- or long-
long-align the various fields of the Agent Advertisement. An Agent align the various fields of the Agent Advertisement. An Agent
Advertisement SHOULD NOT include more than one One-byte Padding Advertisement SHOULD NOT include more than one One-byte Padding
Extension and if present, this Extension SHOULD be the last Extension Extension and if present, this Extension SHOULD be the last Extension
in the Agent Advertisement. in the Agent Advertisement.
Note that unlike other Extensions used in Mobile IP, the One-byte Note that unlike other Extensions used in Mobile IP, the One-byte
Padding Extension is encoded as a single byte, with no "Length" nor Padding Extension is encoded as a single byte, with no "Length" nor
"Data" field present. The One-byte Padding Extension is defined as "Data" field present. The One-byte Padding Extension is defined as
follows: follows:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
skipping to change at page 23, line 38 skipping to change at page 25, line 36
when the site policy requires registration with the agent (i.e., when when the site policy requires registration with the agent (i.e., when
the 'R' bit is set), or as a response to a specific Agent the 'R' bit is set), or as a response to a specific Agent
Solicitation. All mobility agents MUST process packets that they Solicitation. All mobility agents MUST process packets that they
receive addressed to the Mobile-Agents multicast group, at address receive addressed to the Mobile-Agents multicast group, at address
224.0.0.11. A mobile node MAY send an Agent Solicitation to 224.0.0.11. A mobile node MAY send an Agent Solicitation to
224.0.0.11. All mobility agents SHOULD respond to Agent 224.0.0.11. All mobility agents SHOULD respond to Agent
Solicitations. Solicitations.
The same procedures, defaults, and constants are used in Agent The same procedures, defaults, and constants are used in Agent
Advertisement messages and Agent Solicitation messages as specified Advertisement messages and Agent Solicitation messages as specified
for ICMP Router Discovery [10], except that: for ICMP Router Discovery [5], except that:
- a mobility agent MUST limit the rate at which it sends broadcast o a mobility agent MUST limit the rate at which it sends broadcast
or multicast Agent Advertisements; the maximum rate SHOULD be or multicast Agent Advertisements; the maximum rate SHOULD be
chosen so that the Advertisements do not consume a significant chosen so that the Advertisements do not consume a significant
amount of network bandwidth, AND amount of network bandwidth, AND
- a mobility agent that receives a Router Solicitation MUST NOT o a mobility agent that receives a Router Solicitation MUST NOT
require that the IP Source Address is the address of a neighbor require that the IP Source Address is the address of a neighbor
(i.e., an address that matches one of the router's own addresses (i.e., an address that matches one of the router's own addresses
on the arrival interface, under the subnet mask associated with on the arrival interface, under the subnet mask associated with
that address of the router). that address of the router).
- a mobility agent MAY be configured to send Agent Advertisements o a mobility agent MAY be configured to send Agent Advertisements
only in response to an Agent Solicitation message. only in response to an Agent Solicitation message.
If the home network is not a virtual network, then the home agent for If the home network is not a virtual network, then the home agent for
any mobile node SHOULD be located on the link identified by the any mobile node SHOULD be located on the link identified by the
mobile node's home address, and Agent Advertisement messages sent by mobile node's home address, and Agent Advertisement messages sent by
the home agent on this link MUST have the 'H' bit set. In this way, the home agent on this link MUST have the 'H' bit set. In this way,
mobile nodes on their own home network will be able to determine that mobile nodes on their own home network will be able to determine that
they are indeed at home. Any Agent Advertisement messages sent by they are indeed at home. Any Agent Advertisement messages sent by
the home agent on another link to which it may be attached (if it is the home agent on another link to which it may be attached (if it is
a mobility agent serving more than one link), MUST NOT have the 'H' a mobility agent serving more than one link), MUST NOT have the 'H'
bit set, unless the home agent also serves as a home agent (to other bit set unless the home agent also serves as a home agent (to other
mobile nodes) on that other link. A mobility agent MAY use different mobile nodes) on that other link. A mobility agent MAY use different
settings for each of the 'R', 'H', and 'F' bits on different network settings for each of the 'R', 'H', and 'F' bits on different network
interfaces. interfaces.
If the home network is a virtual network, the home network has no If the home network is a virtual network, the home network has no
physical realization external to the home agent itself. In this physical realization external to the home agent itself. In this
case, there is no physical network link on which to send Agent case, there is no physical network link on which to send Agent
Advertisement messages advertising the home agent. Mobile nodes for Advertisement messages advertising the home agent. Mobile nodes for
which this is the home network are always treated as being away from which this is the home network are always treated as being away from
home. home.
skipping to change at page 24, line 38 skipping to change at page 26, line 38
subnet to include the Extension but for others not to include it. subnet to include the Extension but for others not to include it.
Otherwise, one of the move detection algorithms designed for mobile Otherwise, one of the move detection algorithms designed for mobile
nodes will not function properly (Section 2.4.2). nodes will not function properly (Section 2.4.2).
2.3.1. Advertised Router Addresses 2.3.1. Advertised Router Addresses
The ICMP Router Advertisement portion of the Agent Advertisement MAY The ICMP Router Advertisement portion of the Agent Advertisement MAY
contain one or more router addresses. An agent SHOULD only put its contain one or more router addresses. An agent SHOULD only put its
own addresses, if any, in the advertisement. Whether or not its own own addresses, if any, in the advertisement. Whether or not its own
address appears in the Router Addresses, a foreign agent MUST route address appears in the Router Addresses, a foreign agent MUST route
datagrams it receives from registered mobile nodes (Section 4.2.2). datagrams it receives from registered mobile nodes (Section 3.7).
2.3.2. Sequence Numbers and Rollover Handling 2.3.2. Sequence Numbers and Rollover Handling
The sequence number in Agent Advertisements ranges from 0 to 0xffff. The sequence number in Agent Advertisements ranges from 0 to 0xffff.
After booting, an agent MUST use the number 0 for its first After booting, an agent MUST use the number 0 for its first
advertisement. Each subsequent advertisement MUST use the sequence advertisement. Each subsequent advertisement MUST use the sequence
number one greater, with the exception that the sequence number number one greater, with the exception that the sequence number
0xffff MUST be followed by sequence number 256. In this way, mobile 0xffff MUST be followed by sequence number 256. In this way, mobile
nodes can distinguish a reduction in the sequence number that occurs nodes can distinguish a reduction in the sequence number that occurs
after a reboot from a reduction that results in rollover of the after a reboot from a reduction that results in rollover of the
sequence number after it attains the value 0xffff. sequence number after it attains the value 0xffff.
2.4. Mobile Node Considerations 2.4. Mobile Node Considerations
Every mobile node MUST implement Agent Solicitation. Solicitations Every mobile node MUST implement Agent Solicitation. Solicitations
SHOULD only be sent in the absence of Agent Advertisements and when a SHOULD only be sent in the absence of Agent Advertisements and when a
care-of address has not been determined through a link-layer protocol care-of address has not been determined through a link-layer protocol
or other means. The mobile node uses the same procedures, defaults, or other means. The mobile node uses the same procedures, defaults,
and constants for Agent Solicitation as specified for ICMP Router and constants for Agent Solicitation as specified for ICMP Router
Solicitation messages [10], except that the mobile node MAY solicit Solicitation messages [5], except that the mobile node MAY solicit
more often than once every three seconds, and that a mobile node that more often than once every three seconds, and that a mobile node that
is currently not connected to any foreign agent MAY solicit more is currently not connected to any foreign agent MAY solicit more
times than MAX_SOLICITATIONS. times than MAX_SOLICITATIONS.
The rate at which a mobile node sends Solicitations MUST be limited The rate at which a mobile node sends Solicitations MUST be limited
by the mobile node. The mobile node MAY send three initial by the mobile node. The mobile node MAY send three initial
Solicitations at a maximum rate of one per second while searching for Solicitations at a maximum rate of one per second while searching for
an agent. After this, the rate at which Solicitations are sent MUST an agent. After this, the rate at which Solicitations are sent MUST
be reduced so as to limit the overhead on the local link. Subsequent be reduced so as to limit the overhead on the local link. Subsequent
Solicitations MUST be sent using a binary exponential backoff Solicitations MUST be sent using a binary exponential backoff
skipping to change at page 25, line 39 skipping to change at page 27, line 39
While still searching for an agent, the mobile node MUST NOT increase While still searching for an agent, the mobile node MUST NOT increase
the rate at which it sends Solicitations unless it has received a the rate at which it sends Solicitations unless it has received a
positive indication that it has moved to a new link. After positive indication that it has moved to a new link. After
successfully registering with an agent, the mobile node SHOULD also successfully registering with an agent, the mobile node SHOULD also
increase the rate at which it will send Solicitations when it next increase the rate at which it will send Solicitations when it next
begins searching for a new agent with which to register. The begins searching for a new agent with which to register. The
increased solicitation rate MAY revert to the maximum rate, but then increased solicitation rate MAY revert to the maximum rate, but then
MUST be limited in the manner described above. In all cases, the MUST be limited in the manner described above. In all cases, the
recommended solicitation intervals are nominal values. Mobile nodes recommended solicitation intervals are nominal values. Mobile nodes
MUST randomize their solicitation times around these nominal values MUST randomize their solicitation times around these nominal values
as specified for ICMP Router Discovery [10]. as specified for ICMP Router Discovery [5].
Mobile nodes MUST process received Agent Advertisements. A mobile Mobile nodes MUST process received Agent Advertisements. A mobile
node can distinguish an Agent Advertisement message from other uses node can distinguish an Agent Advertisement message from other uses
of the ICMP Router Advertisement message by examining the number of of the ICMP Router Advertisement message by examining the number of
advertised addresses and the IP Total Length field. When the IP advertised addresses and the IP Total Length field. When the IP
total length indicates that the ICMP message is longer than needed total length indicates that the ICMP message is longer than needed
for the number of advertised addresses, the remaining data is for the number of advertised addresses, the remaining data is
interpreted as one or more Extensions. The presence of a Mobility interpreted as one or more Extensions. The presence of a Mobility
Agent Advertisement Extension identifies the advertisement as an Agent Advertisement Extension identifies the advertisement as an
Agent Advertisement. Agent Advertisement.
skipping to change at page 26, line 47 skipping to change at page 28, line 44
the foreign agent, so the foreign agent could then monitor/enforce the foreign agent, so the foreign agent could then monitor/enforce
the policy. the policy.
2.4.2. Move Detection 2.4.2. Move Detection
Two primary mechanisms are provided for mobile nodes to detect when Two primary mechanisms are provided for mobile nodes to detect when
they have moved from one subnet to another. Other mechanisms MAY they have moved from one subnet to another. Other mechanisms MAY
also be used. When the mobile node detects that it has moved, it also be used. When the mobile node detects that it has moved, it
SHOULD register (Section 3) with a suitable care-of address on the SHOULD register (Section 3) with a suitable care-of address on the
new foreign network. However, the mobile node MUST NOT register more new foreign network. However, the mobile node MUST NOT register more
frequently than once per second on average, as specified in Section frequently than once per second on average, as specified in
3.6.3. Section 3.6.3.
2.4.2.1. Algorithm 1 2.4.2.1. Algorithm 1
The first method of move detection is based upon the Lifetime field The first method of move detection is based upon the Lifetime field
within the main body of the ICMP Router Advertisement portion of the within the main body of the ICMP Router Advertisement portion of the
Agent Advertisement. A mobile node SHOULD record the Lifetime Agent Advertisement. A mobile node SHOULD record the Lifetime
received in any Agent Advertisements, until that Lifetime expires. received in any Agent Advertisements, until that Lifetime expires.
If the mobile node fails to receive another advertisement from the If the mobile node fails to receive another advertisement from the
same agent within the specified Lifetime, it SHOULD assume that it same agent within the specified Lifetime, it SHOULD assume that it
has lost contact with that agent. If the mobile node has previously has lost contact with that agent. If the mobile node has previously
skipping to change at page 27, line 32 skipping to change at page 29, line 26
Extension MAY be used in some cases by a mobile node to determine Extension MAY be used in some cases by a mobile node to determine
whether or not a newly received Agent Advertisement was received on whether or not a newly received Agent Advertisement was received on
the same subnet as the mobile node's current care-of address. If the the same subnet as the mobile node's current care-of address. If the
prefixes differ, the mobile node MAY assume that it has moved. If a prefixes differ, the mobile node MAY assume that it has moved. If a
mobile node is currently using a foreign agent care-of address, the mobile node is currently using a foreign agent care-of address, the
mobile node SHOULD NOT use this method of move detection unless both mobile node SHOULD NOT use this method of move detection unless both
the current agent and the new agent include the Prefix-Lengths the current agent and the new agent include the Prefix-Lengths
Extension in their respective Agent Advertisements; if this Extension Extension in their respective Agent Advertisements; if this Extension
is missing from one or both of the advertisements, this method of is missing from one or both of the advertisements, this method of
move detection SHOULD NOT be used. Similarly, if a mobile node is move detection SHOULD NOT be used. Similarly, if a mobile node is
using a co-located care-of address, it SHOULD not use this method of using a co-located care-of address, it SHOULD NOT use this method of
move detection unless the new agent includes the Prefix-Lengths move detection unless the new agent includes the Prefix-Lengths
Extension in its Advertisement and the mobile node knows the network Extension in its Advertisement and the mobile node knows the network
prefix of its current co-located care-of address. On the expiration prefix of its current co-located care-of address. On the expiration
of its current registration, if this method indicates that the mobile of its current registration, if this method indicates that the mobile
node has moved, rather than re-registering with its current care-of node has moved, rather than re-registering with its current care-of
address, a mobile node MAY choose instead to register with a the address, a mobile node MAY choose instead to register with a the
foreign agent sending the new Advertisement with the different foreign agent sending the new Advertisement with the different
network prefix. The Agent Advertisement on which the new network prefix. The Agent Advertisement on which the new
registration is based MUST NOT have expired according to its Lifetime registration is based MUST NOT have expired according to its Lifetime
field. field.
2.4.3. Returning Home 2.4.3. Returning Home
A mobile node can detect that it has returned to its home network A mobile node can detect that it has returned to its home network
when it receives an Agent Advertisement from its own home agent. If when it receives an Agent Advertisement from its own home agent. If
so, it SHOULD deregister with its home agent (Section 3). Before so, it SHOULD deregister with its home agent (Section 3). Before
attempting to deregister, the mobile node SHOULD configure its attempting to deregister, the mobile node SHOULD configure its
routing table appropriately for its home network (Section 4.2.1). In routing table appropriately for its home network (Section 4.2.1). In
addition, if the home network is using ARP [36], the mobile node MUST addition, if the home network is using ARP [16], the mobile node MUST
follow the procedures described in Section 4.6 with regard to ARP, follow the procedures described in Section 4.6 with regard to ARP,
proxy ARP, and gratuitous ARP. proxy ARP, and gratuitous ARP.
2.4.4. Sequence Numbers and Rollover Handling 2.4.4. Sequence Numbers and Rollover Handling
If a mobile node detects two successive values of the sequence number If a mobile node detects two successive values of the sequence number
in the Agent Advertisements from the foreign agent with which it is in the Agent Advertisements from the foreign agent with which it is
registered, the second of which is less than the first and inside the registered, the second of which is less than the first and inside the
range 0 to 255, the mobile node SHOULD register again. If the second range 0 to 255, the mobile node SHOULD register again. If the second
value is less than the first but is greater than or equal to 256, the value is less than the first but is greater than or equal to 256, the
mobile node SHOULD assume that the sequence number has rolled over mobile node SHOULD assume that the sequence number has rolled over
past its maximum value (0xffff), and that reregistration is not past its maximum value (0xffff), and that reregistration is not
necessary (Section 2.3). necessary (Section 2.3).
3. Registration 3. Registration
Mobile IP registration provides a flexible mechanism for mobile nodes Mobile IP registration provides a flexible mechanism for mobile nodes
to communicate their current reachability information to their home to communicate their current reachability information to their home
agent. It is the method by which mobile nodes: agent. It is the method by which mobile nodes:
- request forwarding services when visiting a foreign network, o request forwarding services when visiting a foreign network,
- inform their home agent of their current care-of address, o inform their home agent of their current care-of address,
- renew a registration which is due to expire, and/or o renew a registration which is due to expire, and/or
- deregister when they return home. o deregister when they return home.
Registration messages exchange information between a mobile node, Registration messages exchange information between a mobile node,
(optionally) a foreign agent, and the home agent. Registration (optionally) a foreign agent, and the home agent. Registration
creates or modifies a mobility binding at the home agent, associating creates or modifies a mobility binding at the home agent, associating
the mobile node's home address with its care-of address for the the mobile node's home address with its care-of address for the
specified Lifetime. specified Lifetime.
Several other (optional) capabilities are available through the Several other (optional) capabilities are available through the
registration procedure, which enable a mobile node to: registration procedure, which enable a mobile node to:
- discover its home address, if the mobile node is not configured o discover its home address, if the mobile node is not configured
with this information. with this information.
- maintain multiple simultaneous registrations, so that a copy of o maintain multiple simultaneous registrations, so that a copy of
each datagram will be tunneled to each active care-of address each datagram will be tunneled to each active care-of address
- deregister specific care-of addresses while retaining other o deregister specific care-of addresses while retaining other
mobility bindings, and mobility bindings, and
- discover the address of a home agent if the mobile node is not
o discover the address of a home agent if the mobile node is not
configured with this information. configured with this information.
3.1. Registration Overview 3.1. Registration Overview
Mobile IP defines two different registration procedures, one via a Mobile IP defines two different registration procedures, one via a
foreign agent that relays the registration to the mobile node's home foreign agent that relays the registration to the mobile node's home
agent, and one directly with the mobile node's home agent. The agent, and one directly with the mobile node's home agent. The
following rules determine which of these two registration procedures following rules determine which of these two registration procedures
to use in any particular circumstance: to use in any particular circumstance:
- If a mobile node is registering a foreign agent care-of o If a mobile node is registering a foreign agent care-of address,
address, the mobile node MUST register via that foreign agent. the mobile node MUST register via that foreign agent.
- If a mobile node is using a co-located care-of address, and o If a mobile node is using a co-located care-of address, and
receives an Agent Advertisement from a foreign agent on the receives an Agent Advertisement from a foreign agent on the link
link on which it is using this care-of address, the mobile node on which it is using this care-of address, the mobile node SHOULD
SHOULD register via that foreign agent (or via another foreign register via that foreign agent (or via another foreign agent on
agent on this link) if the 'R' bit is set in the received Agent this link) if the 'R' bit is set in the received Agent
Advertisement message. Advertisement message.
- If a mobile node is otherwise using a co-located care-of o If a mobile node is otherwise using a co-located care-of address,
address, the mobile node MUST register directly with its home the mobile node MUST register directly with its home agent.
agent.
- If a mobile node has returned to its home network and is o If a mobile node has returned to its home network and is
(de)registering with its home agent, the mobile node MUST (de)registering with its home agent, the mobile node MUST register
register directly with its home agent. directly with its home agent.
Both registration procedures involve the exchange of Registration Both registration procedures involve the exchange of Registration
Request and Registration Reply messages (Sections 3.3 and 3.4). When Request and Registration Reply messages (Section 3.3 and
registering via a foreign agent, the registration procedure requires Section 3.4). When registering via a foreign agent, the registration
the following four messages: procedure requires the following four messages:
a) The mobile node sends a Registration Request to the prospective a. The mobile node sends a Registration Request to the prospective
foreign agent to begin the registration process. foreign agent to begin the registration process.
b) The foreign agent processes the Registration Request and then b. The foreign agent processes the Registration Request and then
relays it to the home agent. relays it to the home agent.
c) The home agent sends a Registration Reply to the foreign agent c. The home agent sends a Registration Reply to the foreign agent to
to grant or deny the Request. grant or deny the Request.
d) The foreign agent processes the Registration Reply and then d. The foreign agent processes the Registration Reply and then
relays it to the mobile node to inform it of the disposition of relays it to the mobile node to inform it of the disposition of
its Request. its Request.
When the mobile node instead registers directly with its home agent, When the mobile node instead registers directly with its home agent,
the registration procedure requires only the following two messages: the registration procedure requires only the following two messages:
a) The mobile node sends a Registration Request to the home agent. a. The mobile node sends a Registration Request to the home agent.
b) The home agent sends a Registration Reply to the mobile node, b. The home agent sends a Registration Reply to the mobile node,
granting or denying the Request. granting or denying the Request.
The registration messages defined in Sections 3.3 and 3.4 use the The registration messages defined in Section 3.3 and Section 3.4 use
User Datagram Protocol (UDP) [37]. A nonzero UDP checksum SHOULD be the User Datagram Protocol (UDP) [17]. A nonzero UDP checksum SHOULD
included in the header, and MUST be checked by the recipient. A zero be included in the header, and MUST be checked by the recipient. A
UDP checksum SHOULD be accepted by the recipient. The behavior of zero UDP checksum SHOULD be accepted by the recipient. The behavior
the mobile node and the home agent with respect to their mutual of the mobile node and the home agent with respect to their mutual
acceptance of packets with zero UDP checksums SHOULD be defined as acceptance of packets with zero UDP checksums SHOULD be defined as
part of the mobility security association which exists between them. part of the mobility security association which exists between them.
3.2. Authentication 3.2. Authentication
Each mobile node, foreign agent, and home agent MUST be able to Each mobile node, foreign agent, and home agent MUST be able to
support a mobility security association for mobile entities, indexed support a mobility security association for mobile entities, indexed
by their SPI and IP address. In the case of the mobile node, this by their SPI and IP address. In the case of the mobile node, this
must be its Home Address. See Section 5.1 for requirements for must be its Home Address. See Section 5.1 for requirements for
support of authentication algorithms. Registration messages between support of authentication algorithms. Registration messages between
skipping to change at page 30, line 47 skipping to change at page 33, line 31
A mobile node registers with its home agent using a Registration A mobile node registers with its home agent using a Registration
Request message so that its home agent can create or modify a Request message so that its home agent can create or modify a
mobility binding for that mobile node (e.g., with a new lifetime). mobility binding for that mobile node (e.g., with a new lifetime).
The Request may be relayed to the home agent by the foreign agent The Request may be relayed to the home agent by the foreign agent
through which the mobile node is registering, or it may be sent through which the mobile node is registering, or it may be sent
directly to the home agent in the case in which the mobile node is directly to the home agent in the case in which the mobile node is
registering a co-located care-of address. registering a co-located care-of address.
IP fields: IP fields:
Source Address Typically the interface address from which the Source Address
message is sent.
Destination Address Typically that of the foreign agent or the Typically the interface address from which the message is sent.
home agent.
See Sections 3.6.1.1 and 3.7.2.2 for details. UDP fields: Destination Address
Source Port variable Typically that of the foreign agent or the home agent.
Destination Port 434 See Section 3.6.1.1 and Section 3.7.2.2 for details.
UDP fields:
Source Port
variable
Destination Port
434
The UDP header is followed by the Mobile IP fields shown below: The UDP header is followed by the Mobile IP fields shown below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type |S|B|D|M|G|r|T|x| Lifetime | | Type |S|B|D|M|G|r|T|x| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address | | Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 31, line 31 skipping to change at page 34, line 23
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address | | Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Identification + + Identification +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ... | Extensions ...
+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-
Type 1 (Registration Request) Type
S Simultaneous bindings. If the 'S' bit is set, the mobile 1 (Registration Request)
node is requesting that the home agent retain its prior
mobility bindings, as described in Section 3.6.1.2.
B Broadcast datagrams. If the 'B' bit is set, the mobile S
node requests that the home agent tunnel to it any
broadcast datagrams that it receives on the home network,
as described in Section 4.3.
D Decapsulation by mobile node. If the 'D' bit is set, the Simultaneous bindings. If the 'S' bit is set, the mobile node is
mobile node will itself decapsulate datagrams which are requesting that the home agent retain its prior mobility bindings,
sent to the care-of address. That is, the mobile node is as described in Section 3.6.1.2.
using a co-located care-of address.
M Minimal encapsulation. If the 'M' bit is set, the mobile B
node requests that its home agent use minimal
encapsulation [34] for datagrams tunneled to the mobile
node.
G GRE encapsulation. If the 'G' bit is set, the mobile Broadcast datagrams. If the 'B' bit is set, the mobile node
node requests that its home agent use GRE encapsulation requests that the home agent tunnel to it any broadcast datagrams
[16] for datagrams tunneled to the mobile node. that it receives on the home network, as described in Section 4.3.
r Sent as zero; ignored on reception. SHOULD NOT be D
allocated for any other uses.
T Reverse Tunneling requested; see [27]. Decapsulation by mobile node. If the 'D' bit is set, the mobile
node will itself decapsulate datagrams which are sent to the
care-of address. That is, the mobile node is using a co-located
care-of address.
x Sent as zero; ignored on reception. M
Minimal encapsulation. If the 'M' bit is set, the mobile node
requests that its home agent use minimal encapsulation [16] for
datagrams tunneled to the mobile node.
G
GRE encapsulation. If the 'G' bit is set, the mobile node
requests that its home agent use GRE encapsulation [13] for
datagrams tunneled to the mobile node.
r
Sent as zero; ignored on reception. SHOULD NOT be allocated for
any other uses.
T
Reverse Tunneling requested; see [12].
x
Sent as zero; ignored on reception.
Lifetime Lifetime
The number of seconds remaining before the registration The number of seconds remaining before the registration is
is considered expired. A value of zero indicates a considered expired. A value of zero indicates a request for
request for deregistration. A value of 0xffff indicates deregistration. A value of 0xffff indicates infinity.
infinity.
Home Address Home Address
The IP address of the mobile node. The IP address of the mobile node.
Home Agent Home Agent
The IP address of the mobile node's home agent. The IP address of the mobile node's home agent.
Care-of Address Care-of Address
The IP address for the end of the tunnel. The IP address for the end of the tunnel.
Identification Identification
A 64-bit number, constructed by the mobile node, used for A 64-bit number, constructed by the mobile node, used for matching
matching Registration Requests with Registration Replies, Registration Requests with Registration Replies, and for
and for protecting against replay attacks of registration protecting against replay attacks of registration messages. See
messages. See Sections 5.4 and 5.7. Section 5.4 and Section 5.7.
Extensions Extensions
The fixed portion of the Registration Request is followed The fixed portion of the Registration Request is followed by one
by one or more of the Extensions listed in Section 3.5. or more of the Extensions listed in Section 3.5. An
An authorization-enabling extension MUST be included in authorization-enabling extension MUST be included in all
all Registration Requests. See Sections 3.6.1.3 and Registration Requests. See Section 3.6.1.3 and Section 3.7.2.2
3.7.2.2 for information on the relative order in which for information on the relative order in which different
different extensions, when present, MUST be placed in a extensions, when present, MUST be placed in a Registration Request
Registration Request message. message.
3.4. Registration Reply 3.4. Registration Reply
A mobility agent returns a Registration Reply message to a mobile A mobility agent typically returns a Registration Reply message to a
node which has sent a Registration Request (Section 3.3) message. If mobile node which has sent a Registration Request message. If the
the mobile node is requesting service from a foreign agent, that mobile node is requesting service from a foreign agent, that foreign
foreign agent will receive the Reply from the home agent and agent will typically receive the Reply from the home agent and
subsequently relay it to the mobile node. The Reply message contains subsequently relay it to the mobile node. Reply messages contain the
the necessary codes to inform the mobile node about the status of its necessary codes to inform the mobile node about the status of its
Request, along with the lifetime granted by the home agent, which MAY Request, along with the lifetime granted by the home agent, which MAY
be smaller than the original Request. be smaller than the original Request.
The foreign agent MUST NOT increase the Lifetime selected by the The foreign agent MUST NOT increase the Lifetime selected by the
mobile node in the Registration Request, since the Lifetime is mobile node in the Registration Request, since the Lifetime is
covered by an authentication extension which enables authorization by covered by an authentication extension which enables authorization by
the home agent. Such an extension contains authentication data which the home agent. Such an extension contains authentication data which
cannot be correctly (re)computed by the foreign agent. The home cannot be correctly (re)computed by the foreign agent. The home
agent MUST NOT increase the Lifetime selected by the mobile node in agent MUST NOT increase the Lifetime selected by the mobile node in
the Registration Request, since doing so could increase it beyond the the Registration Request, since doing so could increase it beyond the
maximum Registration Lifetime allowed by the foreign agent. If the maximum Registration Lifetime allowed by the foreign agent. If the
Lifetime received in the Registration Reply is greater than that in Lifetime received in the Registration Reply is greater than that in
the Registration Request, the Lifetime in the Request MUST be used. the Registration Request, the Lifetime in the Request MUST be used.
When the Lifetime received in the Registration Reply is less than When the Lifetime received in the Registration Reply is less than
that in the Registration Request, the Lifetime in the Reply MUST be that in the Registration Request, the Lifetime in the Reply MUST be
used. used.
IP fields: IP fields:
Source Address Typically copied from the destination address Source Address
of the Registration Request to which the
agent is replying. See Sections 3.7.2.3 and
3.8.3.1 for complete details.
Destination Address Copied from the source address of the Typically copied from the destination address of the
Registration Request to which the agent is Registration Request to which the agent is replying. See
replying Section 3.7.2.3 and Section 3.8.3.2 for complete details.
Destination Address
Copied from the source address of the Registration Request to
which the agent is replying
UDP fields: UDP fields:
Source Port <variable> Source Port
Destination Port Copied from the source port of the Copied from the UDP destination port of the corresponding
corresponding Registration Request (Section Registration Request.
3.7.1).
Destination Port
Copied from the source port of the corresponding Registration
Request (Section 3.7.1).
The UDP header is followed by the Mobile IP fields shown below: The UDP header is followed by the Mobile IP fields shown below:
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Lifetime | | Type | Code | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address | | Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent | | Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| | | |
+ Identification + + Identification +
| | | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ... | Extensions ...
+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-
Type 3 (Registration Reply) Type
Code A value indicating the result of the Registration 3 (Registration Reply)
Request. See below for a list of currently defined Code
values. Code
A value indicating the result of the Registration Request. See
below for a list of currently defined Code values.
Lifetime Lifetime
If the Code field indicates that the registration was If the Code field indicates that the registration was accepted,
accepted, the Lifetime field is set to the number of the Lifetime field is set to the number of seconds remaining
seconds remaining before the registration is considered before the registration is considered expired. A value of zero
expired. A value of zero indicates that the mobile node indicates that the mobile node has been deregistered. A value of
has been deregistered. A value of 0xffff indicates 0xffff indicates infinity. If the Code field indicates that the
infinity. If the Code field indicates that the registration was denied, the contents of the Lifetime field are
registration was denied, the contents of the Lifetime unspecified and MUST be ignored on reception.
field are unspecified and MUST be ignored on reception.
Home Address Home Address
The IP address of the mobile node. The IP address of the mobile node.
Home Agent Home Agent
The IP address of the mobile node's home agent. The IP address of the mobile node's home agent.
Identification Identification
A 64-bit number used for matching Registration Requests A 64-bit number used for matching Registration Requests with
with Registration Replies, and for protecting against Registration Replies, and for protecting against replay attacks of
replay attacks of registration messages. The value is registration messages. The value is based on the Identification
based on the Identification field from the Registration field from the Registration Request message from the mobile node,
Request message from the mobile node, and on the style of and on the style of replay protection used in the security context
replay protection used in the security context between between the mobile node and its home agent (defined by the
the mobile node and its home agent (defined by the mobility security association between them, and SPI value in the
mobility security association between them, and SPI value authorization-enabling extension). See Section 5.4 and
in the authorization-enabling extension). See Sections Section 5.7.
5.4 and 5.7.
Extensions Extensions
The fixed portion of the Registration Reply is followed The fixed portion of the Registration Reply is followed by one or
by one or more of the Extensions listed in Section 3.5. more of the Extensions listed in Section 3.5. An authorization-
An authorization-enabling extension MUST be included in enabling extension MUST be included in all Registration Replies
all Registration Replies returned by the home agent. See returned by the home agent. See Section 3.7.2.2 and
Sections 3.7.2.2 and 3.8.3.3 for rules on placement of Section 3.8.3.3 for rules on placement of extensions to Reply
extensions to Reply messages. messages.
The following values are defined for use within the Code field. The following values are defined for use within the Code field.
Registration successful: Registration successful:
0 registration accepted 0 registration accepted
1 registration accepted, but simultaneous mobility 1 registration accepted, but simultaneous mobility bindings
bindings unsupported unsupported
Registration denied by the foreign agent: Registration denied by the foreign agent:
64 reason unspecified 64 reason unspecified
65 administratively prohibited 65 administratively prohibited
66 insufficient resources 66 insufficient resources
67 mobile node failed authentication 67 mobile node failed authentication
68 home agent failed authentication 68 home agent failed authentication
69 requested Lifetime too long 69 requested Lifetime too long
70 poorly formed Request 70 poorly formed Request
71 poorly formed Reply 71 poorly formed Reply
72 requested encapsulation unavailable 72 requested encapsulation unavailable
73 reserved and unavailable 73 reserved and unavailable
TBD-IANA Invalid Home Agent address
77 invalid care-of address 77 invalid care-of address
78 registration timeout 78 registration timeout
80 home network unreachable (ICMP error received) 80 home network unreachable (ICMP error received)
81 home agent host unreachable (ICMP error received) 81 home agent host unreachable (ICMP error received)
82 home agent port unreachable (ICMP error received) 82 home agent port unreachable (ICMP error received)
88 home agent unreachable (other ICMP error received) 88 home agent unreachable (other ICMP error received)
Registration denied by the home agent: Registration denied by the home agent:
128 reason unspecified 128 reason unspecified
129 administratively prohibited 129 administratively prohibited
130 insufficient resources 130 insufficient resources
131 mobile node failed authentication 131 mobile node failed authentication
132 foreign agent failed authentication 132 foreign agent failed authentication
133 registration Identification mismatch 133 registration Identification mismatch
134 poorly formed Request 134 poorly formed Request
135 too many simultaneous mobility bindings 135 too many simultaneous mobility bindings
skipping to change at page 36, line 16 skipping to change at page 39, line 26
128 reason unspecified 128 reason unspecified
129 administratively prohibited 129 administratively prohibited
130 insufficient resources 130 insufficient resources
131 mobile node failed authentication 131 mobile node failed authentication
132 foreign agent failed authentication 132 foreign agent failed authentication
133 registration Identification mismatch 133 registration Identification mismatch
134 poorly formed Request 134 poorly formed Request
135 too many simultaneous mobility bindings 135 too many simultaneous mobility bindings
136 unknown home agent address 136 unknown home agent address
Up-to-date values of the Code field are specified in the most recent Up-to-date values of the Code field are specified in the IANA online
"Assigned Numbers" [40]. database [45].
3.5. Registration Extensions 3.5. Registration Extensions
3.5.1. Computing Authentication Extension Values 3.5.1. Computing Authentication Extension Values
The Authenticator value computed for each authentication Extension The Authenticator value computed for each authentication Extension
MUST protect the following fields from the registration message: MUST protect the following fields from the registration message:
- the UDP payload (that is, the Registration Request or o the UDP payload (that is, the Registration Request or Registration
Registration Reply data), Reply data),
- all prior Extensions in their entirety, and o all prior Extensions in their entirety, and
- the Type, Length, and SPI of this Extension. o the Type, Length, and SPI of this Extension.
The default authentication algorithm uses HMAC-MD5 [23] to compute a The default authentication algorithm uses HMAC-MD5 [10] to compute a
128-bit "message digest" of the registration message. The data over 128-bit "message digest" of the registration message. The data over
which the HMAC is computed is defined as: which the HMAC is computed is defined as:
- the UDP payload (that is, the Registration Request or o the UDP payload (that is, the Registration Request or Registration
Registration Reply data), Reply data),
- all prior Extensions in their entirety, and
- the Type, Length, and SPI of this Extension. o all prior Extensions in their entirety, and
o the Type, Length, and SPI of this Extension.
Note that the Authenticator field itself and the UDP header are NOT Note that the Authenticator field itself and the UDP header are NOT
included in the computation of the default Authenticator value. See included in the computation of the default Authenticator value. See
Section 5.1 for information about support requirements for message Section 5.1 for information about support requirements for message
authentication codes, which are to be used with the various authentication codes, which are to be used with the various
authentication Extensions. authentication Extensions.
The Security Parameter Index (SPI) within any of the authentication The Security Parameter Index (SPI) within any of the authentication
Extensions defines the security context which is used to compute the Extensions defines the security context which is used to compute the
Authenticator value and which MUST be used by the receiver to check Authenticator value and which MUST be used by the receiver to check
skipping to change at page 37, line 20 skipping to change at page 40, line 27
appropriate public/private key pair) used in computing the appropriate public/private key pair) used in computing the
Authenticator. In order to ensure interoperability between different Authenticator. In order to ensure interoperability between different
implementations of the Mobile IP protocol, an implementation MUST be implementations of the Mobile IP protocol, an implementation MUST be
able to associate any SPI value with any authentication algorithm and able to associate any SPI value with any authentication algorithm and
mode which it implements. In addition, all implementations of Mobile mode which it implements. In addition, all implementations of Mobile
IP MUST implement the default authentication algorithm (HMAC-MD5) IP MUST implement the default authentication algorithm (HMAC-MD5)
specified above. specified above.
3.5.2. Mobile-Home Authentication Extension 3.5.2. Mobile-Home Authentication Extension
Exactly one authorization-enabling extension MUST be present in all At least one authorization-enabling extension MUST be present in all
Registration Requests, and also in all Registration Replies generated Registration Requests, and also in all Registration Replies generated
by the Home Agent. The Mobile-Home Authentication Extension is by the Home Agent. The Mobile-Home Authentication Extension is
always an authorization-enabling for registration messages specified always an authorization-enabling for registration messages specified
in this document. This requirement is intended to eliminate problems in this document. This requirement is intended to eliminate problems
[2] which result from the uncontrolled propagation of remote [26] which result from the uncontrolled propagation of remote
redirects in the Internet. The location of the extension marks the redirects in the Internet. The location of the authorization-
end of the authenticated data. enabling extension marks the end of the data to be authenticated by
the authorizatizing agent interpreting that authorization-enabling
extension.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI .... | Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ... ... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 32 Type
Length 4 plus the number of bytes in the Authenticator. 32
Length
SPI Security Parameter Index (4 bytes). An opaque 4 plus the number of bytes in the Authenticator.
identifier (see Section 1.6).
Authenticator (variable length) (See Section 3.5.1.) SPI
Security Parameter Index (4 bytes). An opaque identifier (see
Section 1.6).
Authenticator
(variable length) (See Section 3.5.1)
3.5.3. Mobile-Foreign Authentication Extension 3.5.3. Mobile-Foreign Authentication Extension
This Extension MAY be included in Registration Requests and Replies This Extension MAY be included in Registration Requests and Replies
in cases in which a mobility security association exists between the in cases in which a mobility security association exists between the
mobile node and the foreign agent. See Section 5.1 for information mobile node and the foreign agent. See Section 5.1 for information
about support requirements for message authentication codes. about support requirements for message authentication codes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI .... | Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ... ... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 33 Type
Length 4 plus the number of bytes in the Authenticator. 33
SPI Security Parameter Index (4 bytes). An opaque Length
identifier (see Section 1.6).
Authenticator (variable length) (See Section 3.5.1.) 4 plus the number of bytes in the Authenticator.
SPI
Security Parameter Index (4 bytes). An opaque identifier (see
Section 1.6).
Authenticator
(variable length) (See Section 3.5.1)
3.5.4. Foreign-Home Authentication Extension 3.5.4. Foreign-Home Authentication Extension
This Extension MAY be included in Registration Requests and Replies This Extension MAY be included in Registration Requests and Replies
in cases in which a mobility security association exists between the in cases in which a mobility security association exists between the
foreign agent and the home agent. See Section 5.1 for information foreign agent and the home agent, as long as the Registration Request
about support requirements for message authentication codes. is not a deregistration (i.e., the mobile node requested a nonzero
lifetime and the home address is different than the care-of address).
The Foreign-Home Authentication extension MUST NOT be applied to
deregistration messages. See Section 5.1 for information about
support requirements for message authentication codes.
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI .... | Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ... ... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 34 Type
Length 4 plus the number of bytes in the Authenticator. 34
SPI Security Parameter Index (4 bytes). An opaque Length
identifier (see Section 1.6).
Authenticator (variable length) (See Section 3.5.1.) 4 plus the number of bytes in the Authenticator.
SPI
Security Parameter Index (4 bytes). An opaque identifier (see
Section 1.6).
Authenticator
(variable length) (See Section 3.5.1)
In order to perform the authentication, the Home Agent and the
Foreign Agent are configured with a mobility security association
that is indexed by the SPI (in the appended Foreign-Home
Authentication Extension) and the IP Source Address of the
Registration Request. When the extension is used with a Registration
Reply message, the foreign agent address MUST be used as the
Destination IP address in the IP header.
When this extension is applied to a Registration Request message, the
mobility security association for verifying the correctness of the
authentication data is selected by the Home Agent based on the value
of the Source IP Address field of the Registration Request and the
SPI of the Authentication extension. The Source IP Address will be
the same as the Care-of Address field of the Registration Request
(see Section 3.7.2.2)
When this extension is applied to a Registration Reply message, the
mobility security association for verifying the correctness of the
authentication data is selected by the foreign agent based on the
value of the Home Agent Address field of the Registration Reply.
If the Care-of Address in the Registration Request is not in the
Agent Advertisement, then the foreign agent MUST NOT append the
Foreign-Home Authentication Extension when relaying the message to
the home agent. Moreover, for a deregistration message (i.e.,
lifetime = 0), the foreign agent MUST NOT append the Foreign-Home
Authentication Extension when relaying the message to the home agent.
Consequently, when the HA receives a deregistration request that does
not contain a Foreign-Home Authentication Extension it MUST NOT for
this reason discard the request as part of security association
processing.
3.6. Mobile Node Considerations 3.6. Mobile Node Considerations
A mobile node MUST be configured with a netmask and a mobility A mobile node MUST be configured (statically or dynamically) with a
security association for each of its home agents. In addition, a netmask and a mobility security association for each of its home
mobile node MAY be configured with its home address, and the IP agents. In addition, a mobile node MAY be configured with its home
address of one or more of its home agents; otherwise, the mobile node address, and the IP address of one or more of its home agents;
MAY discover a home agent using the procedures described in Section otherwise, the mobile node MAY discover a home agent using the
3.6.1.2. procedures described in Section 3.6.1.2.
If the mobile node is not configured with a home address, it MAY use If the mobile node is not configured with a home address, it MAY use
the Mobile Node NAI extension [6] to identify itself, and set the the Mobile Node NAI extension [2] to identify itself, and set the
Home Address field of the Registration Request to 0.0.0.0. In this Home Address field of the Registration Request to 0.0.0.0. In this
case, the mobile node MUST be able to assign its home address after case, the mobile node MUST be able to assign its home address after
extracting this information from the Registration Reply from the home extracting this information from the Registration Reply from the home
agent. agent.
For each pending registration, the mobile node maintains the For each pending registration, the mobile node maintains the
following information: following information:
- the link-layer address of the foreign agent to which the o the link-layer address of the foreign agent to which the
Registration Request was sent, if applicable, Registration Request was sent, if applicable,
- the IP destination address of the Registration Request, o the IP destination address of the Registration Request,
- the care-of address used in the registration, o the care-of address used in the registration,
- the Identification value sent in the registration, o the Identification value sent in the registration,
- the originally requested Lifetime, and o the originally requested Lifetime, and
- the remaining Lifetime of the pending registration. o the remaining Lifetime of the pending registration.
A mobile node SHOULD initiate a registration whenever it detects a A mobile node SHOULD initiate a registration whenever it detects a
change in its network connectivity. See Section 2.4.2 for methods by change in its network connectivity. See Section 2.4.2 for methods by
which mobile nodes MAY make such a determination. When it is away which mobile nodes MAY make such a determination. When it is away
from home, the mobile node's Registration Request allows its home from home, the mobile node's Registration Request allows its home
agent to create or modify a mobility binding for it. When it is at agent to create or modify a mobility binding for it. When it is at
home, the mobile node's (de)Registration Request allows its home home, the mobile node's (de)Registration Request allows its home
agent to delete any previous mobility binding(s) for it. A mobile agent to delete any previous mobility binding(s) for it. A mobile
node operates without the support of mobility functions when it is at node operates without the support of mobility functions when it is at
home. home.
There are other conditions under which the mobile node SHOULD There are other conditions under which the mobile node SHOULD
(re)register with its foreign agent, such as when the mobile node (re)register with its foreign agent, such as when the mobile node
detects that the foreign agent has rebooted (as specified in Section detects that the foreign agent has rebooted (as specified in
2.4.4) and when the current registration's Lifetime is near Section 2.4.4) and when the current registration's Lifetime is near
expiration. expiration.
In the absence of link-layer indications of changes in point of In the absence of link-layer indications of changes in point of
attachment, Agent Advertisements from new agents SHOULD NOT cause a attachment, Agent Advertisements from new agents SHOULD NOT cause a
mobile node to attempt a new registration, if its current mobile node to attempt a new registration, if its current
registration has not expired and it is still also receiving Agent registration has not expired and it is still also receiving Agent
Advertisements from the foreign agent with which it is currently Advertisements from the foreign agent with which it is currently
registered. In the absence of link-layer indications, a mobile node registered. In the absence of link-layer indications, a mobile node
MUST NOT attempt to register more often than once per second. MUST NOT attempt to register more often than once per second.
skipping to change at page 40, line 27 skipping to change at page 44, line 49
The following sections specify details for the values the mobile node The following sections specify details for the values the mobile node
MUST supply in the fields of Registration Request messages. MUST supply in the fields of Registration Request messages.
3.6.1.1. IP Fields 3.6.1.1. IP Fields
This section provides the specific rules by which mobile nodes pick This section provides the specific rules by which mobile nodes pick
values for the IP header fields of a Registration Request. values for the IP header fields of a Registration Request.
IP Source Address: IP Source Address:
- When registering on a foreign network with a co-located care-of o When registering on a foreign network with a co-located care-of
address, the IP source address MUST be the care-of address. address, the IP source address MUST be the care-of address.
- Otherwise, if the mobile node does not have a home address, the o Otherwise, if the mobile node does not have a home address, the IP
IP source address MUST be 0.0.0.0. source address MUST be 0.0.0.0.
- In all other circumstances, the IP source address MUST be the o In all other circumstances, the IP source address MUST be the
mobile node's home address. mobile node's home address.
IP Destination Address: IP Destination Address:
- When the mobile node has discovered the agent with which it is o When the mobile node has discovered the agent with which it is
registering, through some means (e.g., link-layer) that does registering, through some means (e.g., link-layer) that does not
not provide the IP address of the agent (the IP address of the provide the IP address of the agent (the IP address of the agent
agent is unknown to the mobile node), then the "All Mobility is unknown to the mobile node), then the "All Mobility Agents"
Agents" multicast address (224.0.0.11) MUST be used. In this multicast address (224.0.0.11) MUST be used. In this case, the
case, the mobile node MUST use the agent's link-layer unicast mobile node MUST use the agent's link-layer unicast address in
address in order to deliver the datagram to the correct agent. order to deliver the datagram to the correct agent.
- When registering with a foreign agent, the address of the agent o When registering with a foreign agent, the address of the agent as
as learned from the IP source address of the corresponding learned from the IP source address of the corresponding Agent
Agent Advertisement MUST be used. This MAY be an address which Advertisement MUST be used. This MAY be an address which does not
does not appear as an advertised care-of address in the Agent appear as an advertised care-of address in the Agent
Advertisement. In addition, when transmitting this Advertisement. In addition, when transmitting this Registration
Registration Request message, the mobile node MUST use a link- Request message, the mobile node MUST use a link-layer destination
layer destination address copied from the link-layer source address copied from the link-layer source address of the Agent
address of the Agent Advertisement message in which it learned Advertisement message in which it learned this foreign agent's IP
this foreign agent's IP address. address.
- When the mobile node is registering directly with its home o When the mobile node is registering directly with its home agent
agent and knows the (unicast) IP address of its home agent, the and knows the (unicast) IP address of its home agent, the
destination address MUST be set to this address. destination address MUST be set to this address.
- If the mobile node is registering directly with its home agent, o If the mobile node is registering directly with its home agent,
but does not know the IP address of its home agent, the mobile but does not know the IP address of its home agent, the mobile
node may use dynamic home agent address resolution to node may use dynamic home agent address resolution to
automatically determine the IP address of its home agent automatically determine the IP address of its home agent
(Section 3.6.1.2). In this case, the IP destination address is (Section 3.6.1.2). In this case, the IP destination address is
set to the subnet-directed broadcast address of the mobile set to the subnet-directed broadcast address of the mobile node's
node's home network. This address MUST NOT be used as the home network. This address MUST NOT be used as the destination IP
destination IP address if the mobile node is registering via a address if the mobile node is registering via a foreign agent,
foreign agent, although it MAY be used as the Home Agent although it MAY be used as the Home Agent address in the body of
address in the body of the Registration Request when the Registration Request when registering via a foreign agent.
registering via a foreign agent.
IP Time to Live: IP Time to Live:
- The IP TTL field MUST be set to 1 if the IP destination address o The IP TTL field MUST be set to 1 if the IP destination address is
is set to the "All Mobility Agents" multicast address as set to the "All Mobility Agents" multicast address as described
described above. Otherwise a suitable value should be chosen above. Otherwise a suitable value should be chosen in accordance
in accordance with standard IP practice [38]. with standard IP practice [18].
3.6.1.2. Registration Request Fields 3.6.1.2. Registration Request Fields
This section provides specific rules by which mobile nodes pick This section provides specific rules by which mobile nodes pick
values for the fields within the fixed portion of a Registration values for the fields within the fixed portion of a Registration
Request. Request.
A mobile node MAY set the 'S' bit in order to request that the home A mobile node MAY set the 'S' bit in order to request that the home
agent maintain prior mobility binding(s). Otherwise, the home agent agent maintain prior mobility binding(s). Otherwise, the home agent
deletes any previous binding(s) and replaces them with the new deletes any previous binding(s) and replaces them with the new
skipping to change at page 42, line 12 skipping to change at page 46, line 33
The mobile node SHOULD set the 'D' bit if it is registering with a The mobile node SHOULD set the 'D' bit if it is registering with a
co-located care-of address. Otherwise, the 'D' bit MUST NOT be set. co-located care-of address. Otherwise, the 'D' bit MUST NOT be set.
A mobile node MAY set the 'B' bit to request its home agent to A mobile node MAY set the 'B' bit to request its home agent to
forward to it, a copy of broadcast datagrams received by its home forward to it, a copy of broadcast datagrams received by its home
agent from the home network. The method used by the home agent to agent from the home network. The method used by the home agent to
forward broadcast datagrams depends on the type of care-of address forward broadcast datagrams depends on the type of care-of address
registered by the mobile node, as determined by the 'D' bit in the registered by the mobile node, as determined by the 'D' bit in the
mobile node's Registration Request: mobile node's Registration Request:
- If the 'D' bit is set, then the mobile node has indicated that o If the 'D' bit is set, then the mobile node has indicated that it
it will decapsulate any datagrams tunneled to this care-of will decapsulate any datagrams tunneled to this care-of address
address itself (the mobile node is using a co-located care-of itself (the mobile node is using a co-located care-of address).
address). In this case, to forward such a received broadcast In this case, to forward such a received broadcast datagram to the
datagram to the mobile node, the home agent MUST tunnel it to mobile node, the home agent MUST tunnel it to this care-of
this care-of address. The mobile node de-tunnels the received address. The mobile node de-tunnels the received datagram in the
datagram in the same way as any other datagram tunneled same way as any other datagram tunneled directly to it.
directly to it.
- If the 'D' bit is NOT set, then the mobile node has indicated o If the 'D' bit is NOT set, then the mobile node has indicated that
that it is using a foreign agent care-of address, and that the it is using a foreign agent care-of address, and that the foreign
foreign agent will thus decapsulate arriving datagrams before agent will thus decapsulate arriving datagrams before forwarding
forwarding them to the mobile node. In this case, to forward them to the mobile node. In this case, to forward such a received
such a received broadcast datagram to the mobile node, the home broadcast datagram to the mobile node, the home agent MUST first
agent MUST first encapsulate the broadcast datagram in a encapsulate the broadcast datagram in a unicast datagram addressed
unicast datagram addressed to the mobile node's home address, to the mobile node's home address, and then MUST tunnel this
and then MUST tunnel this resulting datagram to the mobile resulting datagram to the mobile node's care-of address.
node's care-of address.
When decapsulated by the foreign agent, the inner datagram will When decapsulated by the foreign agent, the inner datagram will
thus be a unicast IP datagram addressed to the mobile node, thus be a unicast IP datagram addressed to the mobile node,
identifying to the foreign agent the intended destination of identifying to the foreign agent the intended destination of the
the encapsulated broadcast datagram, and will be delivered to encapsulated broadcast datagram, and will be delivered to the
the mobile node in the same way as any tunneled datagram mobile node in the same way as any tunneled datagram arriving for
arriving for the mobile node. The foreign agent MUST NOT the mobile node. The foreign agent MUST NOT decapsulate the
decapsulate the encapsulated broadcast datagram and MUST NOT encapsulated broadcast datagram and MUST NOT use a local network
use a local network broadcast to transmit it to the mobile broadcast to transmit it to the mobile node. The mobile node thus
node. The mobile node thus MUST decapsulate the encapsulated MUST decapsulate the encapsulated broadcast datagram itself, and
broadcast datagram itself, and thus MUST NOT set the 'B' bit in thus MUST NOT set the 'B' bit in its Registration Request in this
its Registration Request in this case unless it is capable of case unless it is capable of decapsulating datagrams.
decapsulating datagrams.
The mobile node MAY request alternative forms of encapsulation by The mobile node MAY request alternative forms of encapsulation by
setting the 'M' bit and/or the 'G' bit, but only if the mobile node setting the 'M' bit and/or the 'G' bit, but only if the mobile node
is decapsulating its own datagrams (the mobile node is using a co- is decapsulating its own datagrams (the mobile node is using a co-
located care-of address) or if its foreign agent has indicated located care-of address) or if its foreign agent has indicated
support for these forms of encapsulation by setting the corresponding support for these forms of encapsulation by setting the corresponding
bits in the Mobility Agent Advertisement Extension of an Agent bits in the Mobility Agent Advertisement Extension of an Agent
Advertisement received by the mobile node. Otherwise, the mobile Advertisement received by the mobile node. Otherwise, the mobile
node MUST NOT set these bits. node MUST NOT set these bits.
The Lifetime field is chosen as follows: The Lifetime field is chosen as follows:
- If the mobile node is registering with a foreign agent, the o If the mobile node is registering with a foreign agent, the
Lifetime SHOULD NOT exceed the value in the Registration Lifetime SHOULD NOT exceed the value in the Registration Lifetime
Lifetime field of the Agent Advertisement message received from field of the Agent Advertisement message received from the foreign
the foreign agent. agent. When the method by which the care-of address is learned
When the method by which the care-of address is learned does does not include a Lifetime, the default ICMP Router Advertisement
not include a Lifetime, the default ICMP Router Advertisement
Lifetime (1800 seconds) MAY be used. Lifetime (1800 seconds) MAY be used.
- The mobile node MAY ask a home agent to delete a particular o The mobile node MAY ask a home agent to delete a particular
mobility binding, by sending a Registration Request with the mobility binding, by sending a Registration Request with the
care-of address for this binding, with the Lifetime field set care-of address for this binding, with the Lifetime field set to
to zero (Section 3.8.2). zero (Section 3.8.2).
- Similarly, a Lifetime of zero is used when the mobile node o Similarly, a Lifetime of zero is used when the mobile node
deregisters all care-of addresses, such as upon returning home. deregisters all care-of addresses, such as upon returning home.
The Home Address field MUST be set to the mobile node's home address, The Home Address field MUST be set to the mobile node's home address,
if this information is known. Otherwise, the Home Address MUST be if this information is known. Otherwise, the Home Address MUST be
set to zeroes. set to zeroes.
The Home Agent field MUST be set to the address of the mobile node's The Home Agent field MUST be set to the address of the mobile node's
home agent, if the mobile node knows this address. Otherwise, the home agent, if the mobile node knows this address. Otherwise, the
mobile node MAY use dynamic home agent address resolution to learn mobile node MAY use dynamic home agent address resolution to learn
the address of its home agent. In this case, the mobile node MUST the address of its home agent. In this case, the mobile node MUST
skipping to change at page 44, line 9 skipping to change at page 48, line 21
The mobile node chooses the Identification field in accordance with The mobile node chooses the Identification field in accordance with
the style of replay protection it uses with its home agent. This is the style of replay protection it uses with its home agent. This is
part of the mobility security association the mobile node shares with part of the mobility security association the mobile node shares with
its home agent. See Section 5.7 for the method by which the mobile its home agent. See Section 5.7 for the method by which the mobile
node computes the Identification field. node computes the Identification field.
3.6.1.3. Extensions 3.6.1.3. Extensions
This section describes the ordering of any mandatory and any optional This section describes the ordering of any mandatory and any optional
Extensions that a mobile node appends to a Registration Request. Extensions that a mobile node appends to a Registration Request.
This following ordering MUST be followed: This ordering is REQUIRED:
a) The IP header, followed by the UDP header, followed by the a. The IP header, followed by the UDP header, followed by the fixed-
fixed-length portion of the Registration Request, followed by length portion of the Registration Request, followed by
b) If present, any non-authentication Extensions expected to be b. If present, any non-authentication Extensions expected to be used
used by the home agent (which may or may not also be useful to by the home agent or other authorizing agent (which may or may
the foreign agent), followed by not also be useful to the foreign agent), followed by
c) An authorization-enabling extension, followed by c. All authorization-enabling extensions (see Section 1.6), followed
by
d) If present, any non-authentication Extensions used only by the d. If present, any non-authentication Extensions used only by the
foreign agent, followed by foreign agent, followed by
e) The Mobile-Foreign Authentication Extension, if present. e. The Mobile-Foreign Authentication Extension, if present.
Note that items (a) and (c) MUST appear in every Registration Request Note that items (a) and (c) MUST appear in every Registration Request
sent by the mobile node. Items (b), (d), and (e) are optional. sent by the mobile node. Items (b), (d), and (e) are optional.
However, item (e) MUST be included when the mobile node and the However, item (e) MUST be included when the mobile node and the
foreign agent share a mobility security association. foreign agent share a mobility security association.
3.6.2. Receiving Registration Replies 3.6.2. Receiving Registration Replies
Registration Replies will be received by the mobile node in response Registration Replies will be received by the mobile node in response
to its Registration Requests. Registration Replies generally fall to its Registration Requests. Registration Replies generally fall
into three categories: into three categories:
- the registration was accepted, o the registration was accepted,
- the registration was denied by the foreign agent, or o the registration was denied by the foreign agent, or
- the registration was denied by the home agent. o the registration was denied by the home agent.
The remainder of this section describes the Registration Reply The remainder of this section describes the Registration Reply
handling by a mobile node in each of these three categories. handling by a mobile node in each of these three categories.
3.6.2.1. Validity Checks 3.6.2.1. Validity Checks
Registration Replies with an invalid, non-zero UDP checksum MUST be Registration Replies with an invalid, non-zero UDP checksum MUST be
silently discarded. silently discarded.
In addition, the low-order 32 bits of the Identification field in the In addition, the low-order 32 bits of the Identification field in the
skipping to change at page 45, line 12 skipping to change at page 49, line 28
the replying agent. If they do not match, the Reply MUST be silently the replying agent. If they do not match, the Reply MUST be silently
discarded. discarded.
Also, the Registration Reply MUST be checked for presence of an Also, the Registration Reply MUST be checked for presence of an
authorization-enabling extension. For all Registration Reply authorization-enabling extension. For all Registration Reply
messages containing a Status Code indicating status from the Home messages containing a Status Code indicating status from the Home
Agent, the mobile node MUST check for the presence of an Agent, the mobile node MUST check for the presence of an
authorization-enabling extension, acting in accordance with the Code authorization-enabling extension, acting in accordance with the Code
field in the Reply. The rules are as follows: field in the Reply. The rules are as follows:
a) If the mobile node and the foreign agent share a mobility a. If the mobile node and the foreign agent share a mobility
security association, exactly one Mobile-Foreign Authentication security association, exactly one Mobile-Foreign Authentication
Extension MUST be present in the Registration Reply, and the Extension MUST be present in the Registration Reply, and the
mobile node MUST check the Authenticator value in the mobile node MUST check the Authenticator value in the Extension.
Extension. If no Mobile-Foreign Authentication Extension is If no Mobile-Foreign Authentication Extension is found, or if
found, or if more than one Mobile-Foreign Authentication more than one Mobile-Foreign Authentication Extension is found,
Extension is found, or if the Authenticator is invalid, the or if the Authenticator is invalid, the mobile node MUST silently
mobile node MUST silently discard the Reply and SHOULD log the discard the Reply and SHOULD log the event as a security
event as a security exception. exception.
b) If the Code field indicates that service is denied by the home b. If the Code field indicates that service is denied by the home
agent, or if the Code field indicates that the registration was agent, or if the Code field indicates that the registration was
accepted by the home agent, exactly one Mobile-Home accepted by the home agent, exactly one Mobile-Home
Authentication Extension MUST be present in the Registration Authentication Extension MUST be present in the Registration
Reply, and the mobile node MUST check the Authenticator value Reply, and the mobile node MUST check the Authenticator value in
in the Extension. If the Registration Reply was generated by the Extension. If the Registration Reply was generated by the
the home agent but no Mobile-Home Authentication Extension is home agent but no Mobile-Home Authentication Extension is found,
found, or if more than one Mobile-Home Authentication Extension or if more than one Mobile-Home Authentication Extension is
is found, or if the Authenticator is invalid, the mobile node found, or if the Authenticator is invalid, the mobile node MUST
MUST silently discard the Reply and SHOULD log the event as a silently discard the Reply and SHOULD log the event as a security
security exception. exception.
If the Code field indicates an authentication failure, either at the If the Code field indicates an authentication failure, either at the
foreign agent or the home agent, then it is quite possible that any foreign agent or the home agent, then it is quite possible that any
authenticators in the Registration Reply will also be in error. This authenticators in the Registration Reply will also be in error. This
could happen, for example, if the shared secret between the mobile could happen, for example, if the shared secret between the mobile
node and home agent was erroneously configured. The mobile node node and home agent was erroneously configured. The mobile node
SHOULD log such errors as security exceptions. SHOULD log such errors as security exceptions.
3.6.2.2. Registration Request Accepted 3.6.2.2. Registration Request Accepted
If the Code field indicates that the request has been accepted, the If the Code field indicates that the request has been accepted, the
mobile node SHOULD configure its routing table appropriately for its mobile node SHOULD configure its routing table appropriately for its
current point of attachment (Section 4.2.1). current point of attachment (Section 4.2.1).
If the mobile node is returning to its home network and that network If the mobile node is returning to its home network and that network
is one which implements ARP, the mobile node MUST follow the is one which implements ARP, the mobile node MUST follow the
procedures described in Section 4.6 with regard to ARP, proxy ARP, procedures described in Section 4.6 with regard to ARP, proxy ARP,
and gratuitous ARP. and gratuitous ARP.
If the mobile node has registered on a foreign network, it SHOULD If the mobile node has registered on a foreign network, it SHOULD re-
re-register before the expiration of the Lifetime of its register before the expiration of the Lifetime of its registration.
registration. As described in Section 3.6, for each pending As described in Section 3.6, for each pending Registration Request,
Registration Request, the mobile node MUST maintain the remaining the mobile node MUST maintain the remaining lifetime of this pending
lifetime of this pending registration, as well as the original registration, as well as the original Lifetime from the Registration
Lifetime from the Registration Request. When the mobile node Request. When the mobile node receives a valid Registration Reply,
receives a valid Registration Reply, the mobile node MUST decrease the mobile node MUST decrease its view of the remaining lifetime of
its view of the remaining lifetime of the registration by the amount the registration by the amount by which the home agent decreased the
by which the home agent decreased the originally requested Lifetime. originally requested Lifetime. This procedure is equivalent to the
This procedure is equivalent to the mobile node starting a timer for mobile node starting a timer for the granted Lifetime at the time it
the granted Lifetime at the time it sent the Registration Request, sent the Registration Request, even though the granted Lifetime is
even though the granted Lifetime is not known to the mobile node not known to the mobile node until the Registration Reply is
until the Registration Reply is received. Since the Registration received. Since the Registration Request is certainly sent before
Request is certainly sent before the home agent begins timing the the home agent begins timing the registration Lifetime (also based on
registration Lifetime (also based on the granted Lifetime), this the granted Lifetime), this procedure ensures that the mobile node
procedure ensures that the mobile node will re-register before the will re-register before the home agent expires and deletes the
home agent expires and deletes the registration, in spite of possibly registration, in spite of possibly non-negligible transmission delays
non-negligible transmission delays for the original Registration for the original Registration Request and Reply that started the
Request and Reply that started the timing of the Lifetime at the timing of the Lifetime at the mobile node and its home agent.
mobile node and its home agent.
3.6.2.3. Registration Request Denied 3.6.2.3. Registration Request Denied
If the Code field indicates that service is being denied, the mobile If the Code field indicates that service is being denied, the mobile
node SHOULD log the error. In certain cases the mobile node may be node SHOULD log the error. In certain cases the mobile node may be
able to "repair" the error. These include: able to "repair" the error. These include:
Code 69: (Denied by foreign agent, Lifetime too long) Code 69: (Denied by foreign agent, Lifetime too long)
In this case, the Lifetime field in the Registration Reply will In this case, the Lifetime field in the Registration Reply will
contain the maximum Lifetime value which that foreign agent is contain the maximum Lifetime value which that foreign agent is
willing to accept in any Registration Request. The mobile node willing to accept in any Registration Request. The mobile node
MAY attempt to register with this same agent, using a Lifetime MAY attempt to register with this same agent, using a Lifetime in
in the Registration Request that MUST be less than or equal to the Registration Request that MUST be less than or equal to the
the value specified in the Reply. value specified in the Reply.
Code 133: (Denied by home agent, Identification mismatch) Code 133: (Denied by home agent, Identification mismatch)
In this case, the Identification field in the Registration In this case, the Identification field in the Registration Reply
Reply will contain a value that allows the mobile node to will contain a value that allows the mobile node to synchronize
synchronize with the home agent, based upon the style of replay with the home agent, based upon the style of replay protection in
protection in effect (Section 5.7). The mobile node MUST effect (Section 5.7). The mobile node MUST adjust the parameters
adjust the parameters it uses to compute the Identification it uses to compute the Identification field based upon the
field based upon the information in the Registration Reply, information in the Registration Reply, before issuing any future
before issuing any future Registration Requests. Registration Requests.
Code 136: (Denied by home agent, Unknown home agent address) Code 136: (Denied by home agent, Unknown home agent address)
This code is returned by a home agent when the mobile node is This code is returned by a home agent when the mobile node is
performing dynamic home agent address resolution as described performing dynamic home agent address resolution as described in
in Sections 3.6.1.1 and 3.6.1.2. In this case, the Home Agent Section 3.6.1.1 and Section 3.6.1.2. In this case, the Home Agent
field within the Reply will contain the unicast IP address of field within the Reply will contain the unicast IP address of the
the home agent returning the Reply. The mobile node MAY then home agent returning the Reply. The mobile node MAY then attempt
attempt to register with this home agent in future Registration to register with this home agent in future Registration Requests.
Requests. In addition, the mobile node SHOULD adjust the In addition, the mobile node SHOULD adjust the parameters it uses
parameters it uses to compute the Identification field based to compute the Identification field based upon the corresponding
upon the corresponding field in the Registration Reply, before field in the Registration Reply, before issuing any future
issuing any future Registration Requests. Registration Requests.
3.6.3. Registration Retransmission 3.6.3. Registration Retransmission
When no Registration Reply has been received within a reasonable When no Registration Reply has been received within a reasonable
time, another Registration Request MAY be transmitted. When time, another Registration Request MAY be transmitted. When
timestamps are used, a new registration Identification is chosen for timestamps are used, a new registration Identification is chosen for
each retransmission; thus it counts as a new registration. When each retransmission; thus it counts as a new registration. When
nonces are used, the unanswered Request is retransmitted unchanged; nonces are used, the unanswered Request is retransmitted unchanged;
thus the retransmission does not count as a new registration (Section thus the retransmission does not count as a new registration
5.7). In this way a retransmission will not require the home agent (Section 5.7). In this way a retransmission will not require the
to resynchronize with the mobile node by issuing another nonce in the home agent to resynchronize with the mobile node by issuing another
case in which the original Registration Request (rather than its nonce in the case in which the original Registration Request (rather
Registration Reply) was lost by the network. than its Registration Reply) was lost by the network.
The maximum time until a new Registration Request is sent SHOULD be The maximum time until a new Registration Request is sent SHOULD be
no greater than the requested Lifetime of the Registration Request. no greater than the requested Lifetime of the Registration Request.
The minimum value SHOULD be large enough to account for the size of The minimum value SHOULD be large enough to account for the size of
the messages, twice the round trip time for transmission to the home the messages, twice the round trip time for transmission to the home
agent, and at least an additional 100 milliseconds to allow for agent, and at least an additional 100 milliseconds to allow for
processing the messages before responding. The round trip time for processing the messages before responding. The round trip time for
transmission to the home agent will be at least as large as the time transmission to the home agent will be at least as large as the time
required to transmit the messages at the link speed of the mobile required to transmit the messages at the link speed of the mobile
node's current point of attachment. Some circuits add another 200 node's current point of attachment. Some circuits add another 200
skipping to change at page 48, line 18 skipping to change at page 52, line 31
relaying a Registration Request received from a mobile node, to the relaying a Registration Request received from a mobile node, to the
mobile node's home agent. A foreign agent MUST NOT transmit a mobile node's home agent. A foreign agent MUST NOT transmit a
Registration Reply except when relaying a Registration Reply received Registration Reply except when relaying a Registration Reply received
from a mobile node's home agent, or when replying to a Registration from a mobile node's home agent, or when replying to a Registration
Request received from a mobile node in the case in which the foreign Request received from a mobile node in the case in which the foreign
agent is denying service to the mobile node. In particular, a agent is denying service to the mobile node. In particular, a
foreign agent MUST NOT generate a Registration Request or Reply foreign agent MUST NOT generate a Registration Request or Reply
because a mobile node's registration Lifetime has expired. A foreign because a mobile node's registration Lifetime has expired. A foreign
agent also MUST NOT originate a Registration Request message that agent also MUST NOT originate a Registration Request message that
asks for deregistration of a mobile node; however, it MUST relay asks for deregistration of a mobile node; however, it MUST relay
valid (de)Registration Requests originated by a mobile node. well-formed (de)Registration Requests originated by a mobile node.
3.7.1. Configuration and Registration Tables 3.7.1. Configuration and Registration Tables
Each foreign agent MUST be configured with a care-of address. In Each foreign agent MUST be configured with a care-of address. In
addition, for each pending or current registration the foreign agent addition, for each pending or current registration the foreign agent
MUST maintain a visitor list entry containing the following MUST maintain a visitor list entry containing the following
information obtained from the mobile node's Registration Request: information obtained from the mobile node's Registration Request:
- the link-layer source address of the mobile node o the link-layer source address of the mobile node
- the IP Source Address (the mobile node's Home Address) or its o the IP Source Address (the mobile node's Home Address) or its co-
co-located care-of address (see description of the 'R' bit in located care-of address (see description of the 'R' bit in
section 2.1.1) Section 2.1.1)
- the IP Destination Address (as specified in 3.6.1.1) o the IP Destination Address (as specified in Section 3.6.1.1
- the UDP Source Port o the UDP Source Port
- the Home Agent address o the Home Agent address
- the Identification field o the Identification field
- the requested registration Lifetime, and o the requested registration Lifetime, and
- the remaining Lifetime of the pending or current registration. o the remaining Lifetime of the pending or current registration.
If the mobile node's Home Address is zero in the Registration Request If there is an NAI extension in the Registration Request message
message, then the foreign agent MUST follow the procedures specified (often, for example, when the mobile node's Home Address is zero),
in RFC 2794 [6]. In particular, if the foreign agent cannot manage then the foreign agent MUST follow the procedures specified in RFC
pending registration request records with such a zero Home Address 2794 [2]. In particular, if the foreign agent cannot manage pending
for the mobile node, the foreign agent MUST return a Registration registration request records with such a zero Home Address for the
Reply with Code indicating NONZERO_HOMEADDR_REQD (see [6]). mobile node, the foreign agent MUST return a Registration Reply with
Code indicating NONZERO_HOMEADDR_REQD (see [2]).
The foreign agent MAY configure a maximum number of pending The foreign agent MAY configure a maximum number of pending
registrations that it is willing to maintain (typically 5). registrations that it is willing to maintain (typically 5).
Additional registrations SHOULD then be rejected by the foreign agent Additional registrations SHOULD then be rejected by the foreign agent
with code 66. The foreign agent MAY delete any pending Registration with code 66. The foreign agent MAY delete any pending Registration
Request after the request has been pending for more than 7 seconds; Request after the request has been pending for more than 7 seconds;
in this case, the foreign agent SHOULD reject the Request with code in this case, the foreign agent SHOULD reject the Request with code
78 (registration timeout). 78 (registration timeout).
As with any node on the Internet, a foreign agent MAY also share As with any node on the Internet, a foreign agent MAY also share
mobility security associations with any other nodes. When relaying a mobility security associations with any other nodes. When relaying a
Registration Request from a mobile node to its home agent, if the Registration Request from a mobile node to its home agent, if the
foreign agent shares a mobility security association with the home foreign agent shares a mobility security association with the home
agent, it MUST add a Foreign-Home Authentication Extension to the agent, it MUST add a Foreign-Home Authentication Extension to the
Request and MUST check the required Foreign-Home Authentication Request. In this case, when the Registration Reply has nonzero
Extension in the Registration Reply from the home agent (Sections 3.3 lifetime, the foreign agent MUST check the required Foreign-Home
and 3.4). Similarly, when receiving a Registration Request from a Authentication Extension in the Registration Reply from the home
mobile node, if the foreign agent shares a mobility security agent (Section 3.3 and Section 3.4). Similarly, when receiving a
association with the mobile node, it MUST check the required Mobile- Registration Request from a mobile node, if the foreign agent shares
Foreign Authentication Extension in the Request and MUST add a a mobility security association with the mobile node, it MUST check
Mobile-Foreign Authentication Extension to the Registration Reply to the required Mobile-Foreign Authentication Extension in the Request
the mobile node. and MUST add a Mobile-Foreign Authentication Extension to the
Registration Reply to the mobile node.
3.7.2. Receiving Registration Requests 3.7.2. Receiving Registration Requests
If the foreign agent accepts a Registration Request from a mobile If the foreign agent accepts a Registration Request from a mobile
node, it checks to make sure that the indicated home agent address node, it checks to make sure that the indicated home agent address
does not belong to any network interface of the foreign agent. If does not belong to any network interface of the foreign agent. If
not, the foreign agent then MUST relay the Request to the indicated not, the foreign agent then MUST relay the Request to the indicated
home agent. Otherwise, if the foreign agent denies the Request, it home agent. Otherwise, if the foreign agent denies the Request, it
MUST send a Registration Reply to the mobile node with an appropriate MUST send a Registration Reply to the mobile node with an appropriate
denial Code, except in cases where the foreign agent would be denial Code, except in cases where the foreign agent would be
required to send out more than one such denial per second to the same required to send out more than one such denial per second to the same
mobile node. The following sections describe this behavior in more mobile node. The following sections describe this behavior in more
detail. detail.
If the foreign agent has configured one of its network interfaces If the foreign agent has configured one of its network interfaces
with the IP address specified by the mobile node as its home agent with the IP address specified by the mobile node as its home agent
address, the foreign agent MUST NOT forward the request again. If address, the foreign agent MUST NOT forward the request again. If
the foreign agent serves the mobile node as a home agent, the foreign the foreign agent serves the mobile node as a home agent, the foreign
agent follows the procedures specified in section 3.8.2. Otherwise, agent follows the procedures specified in Section 3.8.2. Otherwise,
if the foreign agent does not serve the mobile node as a home agent, if the foreign agent does not serve the mobile node as a home agent,
the foreign agent rejects the Registration Request with code 136 the foreign agent rejects the Registration Request with code TBD-IANA
(unknown home agent address). (Invalid Home Agent Address).
If a foreign agent receives a Registration Request from a mobile node If a foreign agent receives a Registration Request from a mobile node
in its visitor list, the existing visitor list entry for the mobile in its visitor list, the existing visitor list entry for the mobile
node SHOULD NOT be deleted or modified until the foreign agent node SHOULD NOT be deleted or modified until the foreign agent
receives a valid Registration Reply from the home agent with a Code receives a valid Registration Reply from the home agent with a Code
indicating success. The foreign agent MUST record the new pending indicating success. The foreign agent MUST record the new pending
Request as a separate part of the existing visitor list entry for the Request as a separate part of the existing visitor list entry for the
mobile node. If the Registration Request requests deregistration, mobile node. If the Registration Request requests deregistration,
the existing visitor list entry for the mobile node SHOULD NOT be the existing visitor list entry for the mobile node SHOULD NOT be
deleted until the foreign agent has received a successful deleted until the foreign agent has received a successful
Registration Reply. If the Registration Reply indicates that the Registration Reply. If the Registration Reply indicates that the
Request (for registration or deregistration) was denied by the home Request (for registration or deregistration) was denied by the home
agent, the existing visitor list entry for the mobile node MUST NOT agent, the existing visitor list entry for the mobile node MUST NOT
be modified as a result of receiving the Registration Reply. be modified as a result of receiving the Registration Reply.
3.7.2.1. Validity Checks 3.7.2.1. Validity Checks
Registration Requests with an invalid, non-zero UDP checksum MUST be Registration Requests with an invalid, non-zero UDP checksum MUST be
silently discarded. Requests with non-zero bits in reserved fields silently discarded. Requests with non-zero bits in reserved fields
MUST be rejected with code 70 (poorly formed request). Requests with MUST be rejected with code 70 (poorly formed request). Requests with
the 'D' bit set to 0, and specifying a care-of address not offered by the 'D' bit set to 0, nonzero lifetime, and specifying a care-of
the foreign agent, MUST be rejected with code 77 (invalid care-of address not offered by the foreign agent, MUST be rejected with code
address). 77 (invalid care-of address).
Also, the authentication in the Registration Request MUST be checked. Also, the authentication in the Registration Request MUST be checked.
If the foreign agent and the mobile node share a mobility security If the foreign agent and the mobile node share a mobility security
association, exactly one Mobile-Foreign Authentication Extension MUST association, exactly one Mobile-Foreign Authentication Extension MUST
be present in the Registration Request, and the foreign agent MUST be present in the Registration Request, and the foreign agent MUST
check the Authenticator value in the Extension. If no Mobile-Foreign check the Authenticator value in the Extension. If no Mobile-Foreign
Authentication Extension is found, or if more than one Mobile-Foreign Authentication Extension is found, or if more than one Mobile-Foreign
Authentication Extension is found, or if the Authenticator is Authentication Extension is found, or if the Authenticator is
invalid, the foreign agent MUST silently discard the Request and invalid, the foreign agent MUST silently discard the Request and
SHOULD log the event as a security exception. The foreign agent also SHOULD log the event as a security exception. The foreign agent also
skipping to change at page 50, line 41 skipping to change at page 55, line 7
it MUST relay the Request to the mobile node's home agent as it MUST relay the Request to the mobile node's home agent as
specified in the Home Agent field of the Registration Request. The specified in the Home Agent field of the Registration Request. The
foreign agent MUST NOT modify any of the fields beginning with the foreign agent MUST NOT modify any of the fields beginning with the
fixed portion of the Registration Request up through and including fixed portion of the Registration Request up through and including
the Mobile-Home Authentication Extension or other authentication the Mobile-Home Authentication Extension or other authentication
extension supplied by the mobile node as an authorization-enabling extension supplied by the mobile node as an authorization-enabling
extension for the home agent. Otherwise, an authentication failure extension for the home agent. Otherwise, an authentication failure
is very likely to occur at the home agent. In addition, the foreign is very likely to occur at the home agent. In addition, the foreign
agent proceeds as follows: agent proceeds as follows:
- It MUST process and remove any Extensions following the o It MUST process and remove any extensions which do not precede any
Mobile-Home Authentication Extension, authorization-enabling extension.
- It MAY append any of its own non-authentication Extensions of o It MAY append any of its own non-authentication Extensions of
relevance to the home agent, if applicable, and relevance to the home agent, if applicable, and
- It MUST append the Foreign-Home Authentication Extension, if o If the foreign agent shares a mobility security association with
the foreign agent shares a mobility security association with the home agent, and the Request has lifetime != 0, then it MUST
the home agent. append the Foreign-Home Authentication Extension,
Specific fields within the IP header and the UDP header of the Specific fields within the IP header and the UDP header of the
relayed Registration Request MUST be set as follows: relayed Registration Request MUST be set as follows:
IP Source Address IP Source Address
The foreign agent's address on the interface from which The care-of address offered by the foreign agent for the mobile
the message will be sent. node sending the Registration Request.
IP Destination Address IP Destination Address
Copied from the Home Agent field within the Registration Copied from the Home Agent field within the Registration Request.
Request.
UDP Source Port UDP Source Port
<variable> variable
UDP Destination Port UDP Destination Port
434 434
After forwarding a valid Registration Request to the home agent, the After forwarding a valid Registration Request to the home agent, the
foreign agent MUST begin timing the remaining lifetime of the pending foreign agent MUST begin timing the remaining lifetime of the pending
registration based on the Lifetime in the Registration Request. If registration based on the Lifetime in the Registration Request. If
this lifetime expires before receiving a valid Registration Reply, this lifetime expires before receiving a valid Registration Reply,
the foreign agent MUST delete its visitor list entry for this pending the foreign agent MUST delete its visitor list entry for this pending
skipping to change at page 52, line 10 skipping to change at page 56, line 15
requested Lifetime is too long, the foreign agent sets the Lifetime requested Lifetime is too long, the foreign agent sets the Lifetime
in the Reply to the maximum Lifetime value it is willing to accept in in the Reply to the maximum Lifetime value it is willing to accept in
any Registration Request, and sets the Code field to 69. Otherwise, any Registration Request, and sets the Code field to 69. Otherwise,
the Lifetime SHOULD be copied from the Lifetime field in the Request. the Lifetime SHOULD be copied from the Lifetime field in the Request.
Specific fields within the IP header and the UDP header of the Specific fields within the IP header and the UDP header of the
Registration Reply MUST be set as follows: Registration Reply MUST be set as follows:
IP Source Address IP Source Address
Copied from the IP Destination Address of Registration Copied from the IP Destination Address of Registration Request,
Request, unless the "All Agents Multicast" address was unless the "All Agents Multicast" address was used. In this case,
used. In this case, the foreign agent's address (on the the foreign agent's address (on the interface from which the
interface from which the message will be sent) MUST be message will be sent) MUST be used.
used.
IP Destination Address IP Destination Address
If the Registration Reply is generated by the Foreign If the Registration Reply is generated by the Foreign Agent in
Agent in order to reject a mobile node's Registration order to reject a mobile node's Registration Request, and the
Request, and the Registration Request contains a Home Registration Request contains a Home Address which is not 0.0.0.0,
Address which is not 0.0.0.0, then the IP Destination then the IP Destination Address is copied from the Home Address
Address is copied from the Home Address field of the field of the Registration Request. Otherwise, if the Registration
Registration Request. Otherwise, if the Registration Reply is received from the Home Agent, and contains a Home Address
Reply is received from the Home Agent, and contains a which is not 0.0.0.0, then the IP Destination Address is copied
Home Address which is not 0.0.0.0, then the IP from the Home Address field of the Registration Reply. Otherwise,
Destination Address is copied from the Home Address field the IP Destination Address of the Registration Reply is set to be
of the Registration Reply. Otherwise, the IP Destination
Address of the Registration Reply is set to be
255.255.255.255. 255.255.255.255.
UDP Source Port UDP Source Port
434 434
UDP Destination Port UDP Destination Port
Copied from the UDP Source Port of the Registration Copied from the UDP Source Port of the Registration Request.
Request.
3.7.3. Receiving Registration Replies 3.7.3. Receiving Registration Replies
The foreign agent updates its visitor list when it receives a valid The foreign agent updates its visitor list when it receives a valid
Registration Reply from a home agent. It then relays the Registration Reply from a home agent. It then relays the
Registration Reply to the mobile node. The following sections Registration Reply to the mobile node. The following sections
describe this behavior in more detail. describe this behavior in more detail.
If upon relaying a Registration Request to a home agent, the foreign If upon relaying a Registration Request to a home agent, the foreign
agent receives an ICMP error message instead of a Registration Reply, agent receives an ICMP error message instead of a Registration Reply,
skipping to change at page 53, line 12 skipping to change at page 57, line 14
(within the range 80-95, inclusive). See Section 3.7.2.3 for details (within the range 80-95, inclusive). See Section 3.7.2.3 for details
on building the Registration Reply. on building the Registration Reply.
3.7.3.1. Validity Checks 3.7.3.1. Validity Checks
Registration Replies with an invalid, non-zero UDP checksum MUST be Registration Replies with an invalid, non-zero UDP checksum MUST be
silently discarded. silently discarded.
When a foreign agent receives a Registration Reply message, it MUST When a foreign agent receives a Registration Reply message, it MUST
search its visitor list for a pending Registration Request with the search its visitor list for a pending Registration Request with the
same mobile node home address as indicated in the Reply. If no such same mobile node home address as indicated in the Reply. If there
pending Request is found, and if the Registration Reply does not are multiple entries with the same home address, and if the
correspond with any pending Registration Request with a zero mobile Registration Reply has the Mobile Node NAI extension [2], the foreign
node home address (see section 3.7.1), the foreign agent MUST agent MUST use the NAI to disambiguate the pending Registration
silently discard the Reply. The foreign agent MUST also silently Requests with the same home address. If no matching pending Request
discard the Reply if the low-order 32 bits of the Identification is found, and if the Registration Reply does not correspond with any
field in the Reply do not match those in the Request. pending Registration Request with a zero mobile node home address
(see Section 3.7.1), the foreign agent MUST silently discard the
Reply. The foreign agent MUST also silently discard the Reply if the
low-order 32 bits of the Identification field in the Reply do not
match those in the Request.
Also, the authentication in the Registration Reply MUST be checked. Also, the authentication in the Registration Reply MUST be checked.
If the foreign agent and the home agent share a mobility security If the foreign agent and the home agent share a mobility security
association, exactly one Foreign-Home Authentication Extension MUST association, exactly one Foreign-Home Authentication Extension MUST
be present in the Registration Reply, and the foreign agent MUST be present in the Registration Reply, and the foreign agent MUST
check the Authenticator value in the Extension. If no Foreign-Home check the Authenticator value in the Extension. If no Foreign-Home
Authentication Extension is found, or if more than one Foreign-Home Authentication Extension is found, or if more than one Foreign-Home
Authentication Extension is found, or if the Authenticator is Authentication Extension is found, or if the Authenticator is
invalid, the foreign agent MUST silently discard the Reply and SHOULD invalid, the foreign agent MUST silently discard the Reply and SHOULD
log the event as a security exception. The foreign agent also MUST log the event as a security exception. The foreign agent also MUST
reject the mobile node's registration and SHOULD send a Registration reject the mobile node's registration and SHOULD send a Registration
Reply to the mobile node with Code 68. Reply to the mobile node with Code 68.
3.7.3.2. Forwarding Replies to the Mobile Node 3.7.3.2. Forwarding Replies to the Mobile Node
A Registration Reply which satisfies the validity checks of Section A Registration Reply which satisfies the validity checks of
3.8.2.1 is relayed to the mobile node. The foreign agent MUST also Section 3.8.2.1 is relayed to the mobile node. The foreign agent
update its visitor list entry for the mobile node to reflect the MUST also update its visitor list entry for the mobile node to
results of the Registration Request, as indicated by the Code field reflect the results of the Registration Request, as indicated by the
in the Reply. If the Code indicates that the home agent has accepted Code field in the Reply. If the Code indicates that the home agent
the registration and the Lifetime field is nonzero, the foreign agent has accepted the registration and the Lifetime field is nonzero, the
SHOULD set the Lifetime in the visitor list entry to the minimum of foreign agent SHOULD set the Lifetime in the visitor list entry to
the following two values: the minimum of the following two values:
- the value specified in the Lifetime field of the Registration o the value specified in the Lifetime field of the Registration
Reply, and Reply, and
o the foreign agent's own maximum value for allowable registration
- the foreign agent's own maximum value for allowable lifetime.
registration lifetime.
If, instead, the Code indicates that the Lifetime field is zero, the If, instead, the Code indicates that the Lifetime field is zero, the
foreign agent MUST delete its visitor list entry for the mobile node. foreign agent MUST delete its visitor list entry for the mobile node.
Finally, if the Code indicates that the registration was denied by Finally, if the Code indicates that the registration was denied by
the home agent, the foreign agent MUST delete its pending the home agent, the foreign agent MUST delete its pending
registration list entry, but not its visitor list entry, for the registration list entry, but not its visitor list entry, for the
mobile node. mobile node.
The foreign agent MUST NOT modify any of the fields beginning with The foreign agent MUST NOT modify any of the fields beginning with
the fixed portion of the Registration Reply up through and including the fixed portion of the Registration Reply up through and including
skipping to change at page 54, line 12 skipping to change at page 58, line 18
foreign agent MUST delete its visitor list entry for the mobile node. foreign agent MUST delete its visitor list entry for the mobile node.
Finally, if the Code indicates that the registration was denied by Finally, if the Code indicates that the registration was denied by
the home agent, the foreign agent MUST delete its pending the home agent, the foreign agent MUST delete its pending
registration list entry, but not its visitor list entry, for the registration list entry, but not its visitor list entry, for the
mobile node. mobile node.
The foreign agent MUST NOT modify any of the fields beginning with The foreign agent MUST NOT modify any of the fields beginning with
the fixed portion of the Registration Reply up through and including the fixed portion of the Registration Reply up through and including
the Mobile-Home Authentication Extension. Otherwise, an the Mobile-Home Authentication Extension. Otherwise, an
authentication failure is very likely to occur at the mobile node. authentication failure is very likely to occur at the mobile node.
In addition, the foreign agent SHOULD perform the following In addition, the foreign agent SHOULD perform the following
additional procedures: additional procedures:
- It MUST process and remove any Extensions following the o It MUST process and remove any Extensions which are not covered by
Mobile-Home Authentication Extension, any authorization-enabling extension.
- It MAY append its own non-authentication Extensions of o It MAY append its own non-authentication Extensions that supply
relevance to the mobile node, if applicable, and information to the mobile node, if applicable, and
- It MUST append the Mobile-Foreign Authentication Extension, if o It MUST append the Mobile-Foreign Authentication Extension, if the
the foreign agent shares a mobility security association with foreign agent shares a mobility security association with the
the mobile node. mobile node.
Specific fields within the IP header and the UDP header of the Specific fields within the IP header and the UDP header of the
relayed Registration Reply are set according to the same rules relayed Registration Reply are set according to the same rules
specified in Section 3.7.2.3. specified in Section 3.7.2.3.
After forwarding a valid Registration Reply to the mobile node, the After forwarding a valid Registration Reply to the mobile node, the
foreign agent MUST update its visitor list entry for this foreign agent MUST update its visitor list entry for this
registration as follows. If the Registration Reply indicates that registration as follows. If the Registration Reply indicates that
the registration was accepted by the home agent, the foreign agent the registration was accepted by the home agent, the foreign agent
resets its timer of the lifetime of the registration to the Lifetime resets its timer of the lifetime of the registration to the Lifetime
skipping to change at page 55, line 22 skipping to change at page 59, line 24
Each home agent MUST be configured with an IP address and with the Each home agent MUST be configured with an IP address and with the
prefix size for the home network. The home agent MUST be configured prefix size for the home network. The home agent MUST be configured
with the mobility security association of each authorized mobile node with the mobility security association of each authorized mobile node
that it is serving as a home agent. that it is serving as a home agent.
When the home agent accepts a valid Registration Request from a When the home agent accepts a valid Registration Request from a
mobile node that it serves as a home agent, the home agent MUST mobile node that it serves as a home agent, the home agent MUST
create or modify the entry for this mobile node in its mobility create or modify the entry for this mobile node in its mobility
binding list containing: binding list containing:
- the mobile node's home address o the mobile node's home address
- the mobile node's care-of address o the mobile node's care-of address
- the Identification field from the Registration Reply o the Identification field from the Registration Reply
- the remaining Lifetime of the registration o the remaining Lifetime of the registration
The home agent MAY optionally offer the capability to dynamically The home agent MAY optionally offer the capability to dynamically
associate a home address to a mobile node upon receiving a associate a home address to a mobile node upon receiving a
Registration Request from that mobile node. The method by which a Registration Request from that mobile node. The method by which a
home address is allocated to the mobile node is beyond the scope of home address is allocated to the mobile node is beyond the scope of
this document, but see [6]. After the home agent makes the this document, but see [2]. After the home agent makes the
association of the home address to the mobile node, the home agent association of the home address to the mobile node, the home agent
MUST put that home address into the Home Address field of the MUST put that home address into the Home Address field of the
Registration Reply. Registration Reply.
The home agent MAY also maintain mobility security associations with The home agent MAY also maintain mobility security associations with
various foreign agents. When receiving a Registration Request from a various foreign agents. When receiving a Registration Request from a
foreign agent, if the home agent shares a mobility security foreign agent, if the home agent shares a mobility security
association with the foreign agent, the home agent MUST check the association with the foreign agent, the home agent MUST check the
Authenticator in the required Foreign-Home Authentication Extension Authenticator in the required Foreign-Home Authentication Extension
in the message, based on this mobility security association. in the message, based on this mobility security association, unless
Similarly, when sending a Registration Reply to a foreign agent, if the Lifetime field equals 0. When processing a Registration Request
the home agent shares a mobility security association with the with Lifetime=0, the HA MAY skip checking for the presence and
foreign agent, the home agent MUST include a Foreign-Home validity of a Foreign-Home Authentication Extension. Similarly, when
Authentication Extension in the message, based on this mobility sending a Registration Reply to a foreign agent, if the home agent
security association. shares a mobility security association with the foreign agent, the
home agent MUST include a Foreign-Home Authentication Extension in
the message, based on this mobility security association.
3.8.2. Receiving Registration Requests 3.8.2. Receiving Registration Requests
If the home agent accepts an incoming Registration Request, it MUST If the home agent accepts an incoming Registration Request, it MUST
update its record of the the mobile node's mobility binding(s) and update its record of the the mobile node's mobility binding(s) and
SHOULD send a Registration Reply with a suitable Code. Otherwise SHOULD send a Registration Reply with a suitable Code. Otherwise
(the home agent denies the Request), it SHOULD send a Registration (the home agent has denied the Request), it SHOULD in most cases send
Reply with an appropriate Code specifying the reason the Request was a Registration Reply with an appropriate Code specifying the reason
denied. The following sections describe this behavior in more the Request was denied. The following sections describe this
detail. If the home agent does not support broadcasts (see section behavior in more detail. If the home agent does not support
4.3), it MUST ignore the 'B' bit (as opposed to rejecting the broadcasts (see Section 4.3), it MUST ignore the 'B' bit (as opposed
Registration Request). to rejecting the Registration Request).
3.8.2.1. Validity Checks 3.8.2.1. Validity Checks
Registration Requests with an invalid, non-zero UDP checksum MUST be Registration Requests with an invalid, non-zero UDP checksum MUST be
silently discarded by the home agent. silently discarded by the home agent.
The authentication in the Registration Request MUST be checked. This The authentication in the Registration Request MUST be checked. This
involves the following operations: involves the following operations:
a) The home agent MUST check for the presence of an a. The home agent MUST check for the presence of at least one
authorization-enabling extension, and perform the indicated authorization-enabling extension, and ensure that all indicated
authentication. Exactly one authorization-enabling extension authentications are carried out. At least one authorization-
MUST be present in the Registration Request; and the home agent enabling extension MUST be present in the Registration Request;
MUST either check the Authenticator value in the extension or and the home agent MUST either check the Authenticator value in
verify that the authenticator value has been checked by another the extension or verify that the authenticator value has been
agent with which it has a security association. If no checked by another agent with which it has a security
authorization-enabling extension is found, or if more than one association.
authorization-enabling extension is found, or if the
Authenticator is invalid, the home agent MUST reject the mobile
node's registration and SHOULD send a Registration Reply to the
mobile node with Code 131. The home agent MUST then discard
the Request and SHOULD log the error as a security exception.
b) The home agent MUST check that the registration Identification If the home agent receives a Registration Request from a Mobile
field is correct using the context selected by the SPI within Node with which it does not have any security association, the
the authorization-enabling extension. See Section 5.7 for a home agent MUST silently discard the Registration Request.
description of how this is performed. If incorrect, the home
agent MUST reject the Request and SHOULD send a Registration If the home agent receives a Registration Request without any
Reply to the mobile node with Code 133, including an authorization-enabling extension, the home agent MUST silently
Identification field computed in accordance with the rules discard the Registration Request.
If the Authenticator is invalid, the home agent MUST reject the
mobile node's registration. Further action to be taken in this
case depends upon whether the Request has a valid Foreign-Home
authentication extension (as follows):
* If there is a valid Foreign-Home authentication extension, the
home agent MUST send a Registration Reply with Code 131.
* Otherwise, if there is no Foreign-Home security association,
the home agent MAY send a Registration Reply with Code 131.
If the home agent sends a Registration Reply, it MUST contain
a valid Mobile-Home Authentication Extension. In constructing
the Reply, the home agent SHOULD choose a security association
that is likely to exist in the mobile node; for example, this
may be an older security association or one with a longer
lifetime than the one that was attempted to be used by the
mobile node in its Request. Deployments should take care when
updating security associations to ensure that there is at
least one common security association shared between the
mobile node and home agent. In any case of a failed
Authenticator, the home agent MUST then discard the Request
without further processing and SHOULD log the error as a
security exception.
b. The home agent MUST check that the registration Identification
field is correct using the context selected by the SPI within the
authorization-enabling extension that the home agent used to
authenticate the Mobile Node's Registration Request. See
Section 5.7 for a description of how this is performed. If
incorrect, the home agent MUST reject the Request and SHOULD send
a Registration Reply to the mobile node with Code 133, including
an Identification field computed in accordance with the rules
specified in Section 5.7. The home agent MUST do no further specified in Section 5.7. The home agent MUST do no further
processing with such a Request, though it SHOULD log the error processing with such a Request, though it SHOULD log the error as
as a security exception. a security exception.
c) If the home agent shares a mobility security association with c. If the home agent shares a mobility security association with the
the foreign agent, the home agent MUST check for the presence foreign agent, and this is a registration request (has non-zero
of a valid Foreign-Home Authentication Extension. Exactly one lifetime), the home agent MUST check for the presence of a valid
Foreign-Home Authentication Extension MUST be present in the Foreign-Home Authentication Extension. Exactly one Foreign-Home
Registration Request in this case, and the home agent MUST Authentication Extension MUST be present in the Registration
check the Authenticator value in the Extension. If no Request in this case, and the home agent MUST check the
Foreign-Home Authentication Extension is found, or if more than Authenticator value in the Extension. If no Foreign-Home
one Foreign-Home Authentication Extension is found, or if the Authentication Extension is found, or if more than one Foreign-
Authenticator is invalid, the home agent MUST reject the mobile Home Authentication Extension is found, or if the Authenticator
node's registration and SHOULD send a Registration Reply to the is invalid, the home agent MUST reject the mobile node's
mobile node with Code 132. The home agent MUST then discard registration and SHOULD send a Registration Reply to the mobile
the Request and SHOULD log the error as a security exception. node with Code 132. The home agent MUST then discard the Request
and SHOULD log the error as a security exception.
d. If the home agent and the foreign agent do not share a mobility
security association, and the Registration contains a Foreign-
Home Authentication Extension, the home agent MUST discard the
Request and SHOULD log the error as a security exception.
In addition to checking the authentication in the Registration In addition to checking the authentication in the Registration
Request, home agents MUST deny Registration Requests that are sent to Request, home agents MUST deny Registration Requests that are sent to
the subnet-directed broadcast address of the home network (as opposed the subnet-directed broadcast address of the home network (as opposed
to being unicast to the home agent). The home agent MUST discard the to being unicast to the home agent). The home agent MUST discard the
Request and SHOULD returning a Registration Reply with a Code of 136. Request and SHOULD returning a Registration Reply with a Code of 136.
In this case, the Registration Reply will contain the home agent's In this case, the Registration Reply will contain the home agent's
unicast address, so that the mobile node can re-issue the unicast address, so that the mobile node can re-issue the
Registration Request with the correct home agent address. Registration Request with the correct home agent address.
skipping to change at page 57, line 34 skipping to change at page 62, line 20
datagram from a subnet-directed broadcast address to 255.255.255.255 datagram from a subnet-directed broadcast address to 255.255.255.255
before injecting it into the destination subnet. In this case, home before injecting it into the destination subnet. In this case, home
agents that attempt to pick up dynamic home agent discovery requests agents that attempt to pick up dynamic home agent discovery requests
by binding a socket explicitly to the subnet-directed broadcast by binding a socket explicitly to the subnet-directed broadcast
address will not see such packets. Home agent implementors should be address will not see such packets. Home agent implementors should be
prepared for both the subnet-directed broadcast address and prepared for both the subnet-directed broadcast address and
255.255.255.255 if they wish to support dynamic home agent discovery. 255.255.255.255 if they wish to support dynamic home agent discovery.
3.8.2.2. Accepting a Valid Request 3.8.2.2. Accepting a Valid Request
If the Registration Request satisfies the validity checks in Section If the Registration Request satisfies the validity checks in
3.8.2.1, and the home agent is able to accommodate the Request, the Section 3.8.2.1, and the home agent is able to accommodate the
home agent MUST update its mobility binding list for the requesting Request, the home agent MUST update its mobility binding list for the
mobile node and MUST return a Registration Reply to the mobile node. requesting mobile node and MUST return a Registration Reply to the
mobile node. In this case, the Reply Code will be either 0 if the
In this case, the Reply Code will be either 0 if the home agent home agent supports simultaneous mobility bindings, or 1 if it does
supports simultaneous mobility bindings, or 1 if it does not. See not. See Section 3.8.3 for details on building the Registration
Section 3.8.3 for details on building the Registration Reply message. Reply message.
The home agent updates its record of the mobile node's mobility The home agent updates its record of the mobile node's mobility
bindings as follows, based on the fields in the Registration Request: bindings as follows, based on the fields in the Registration Request:
- If the Lifetime is zero and the Care-of Address equals the o If the Lifetime is zero and the Care-of Address equals the mobile
mobile node's home address, the home agent deletes all of the node's home address, the home agent deletes all of the entries in
entries in the mobility binding list for the requesting mobile the mobility binding list for the requesting mobile node. This is
node. This is how a mobile node requests that its home agent how a mobile node requests that its home agent cease providing
cease providing mobility services. mobility services.
- If the Lifetime is zero and the Care-of Address does not equal o If the Lifetime is zero and the Care-of Address does not equal the
the mobile node's home address, the home agent deletes only the mobile node's home address, the home agent deletes only the entry
entry containing the specified Care-of Address from the containing the specified Care-of Address from the mobility binding
mobility binding list for the requesting mobile node. Any list for the requesting mobile node. Any other active entries
other active entries containing other care-of addresses will containing other care-of addresses will remain active.
remain active.
- If the Lifetime is nonzero, the home agent adds an entry o If the Lifetime is nonzero, the home agent adds an entry
containing the requested Care-of Address to the mobility containing the requested Care-of Address to the mobility binding
binding list for the mobile node. If the 'S' bit is set and list for the mobile node. If the 'S' bit is set and the home
the home agent supports simultaneous mobility bindings, the agent supports simultaneous mobility bindings, the previous
previous mobility binding entries are retained. Otherwise, the mobility binding entries are retained. Otherwise, the home agent
home agent removes all previous entries in the mobility binding removes all previous entries in the mobility binding list for the
list for the mobile node. mobile node.
In all cases, the home agent MUST send a Registration Reply to the In all cases, the home agent MUST send a Registration Reply to the
source of the Registration Request, which might indeed be a different source of the Registration Request, which might indeed be a different
foreign agent than that whose care-of address is being foreign agent than that whose care-of address is being
(de)registered. If the home agent shares a mobility security (de)registered. If the home agent shares a mobility security
association with the foreign agent whose care-of address is being association with the foreign agent whose care-of address is being
deregistered, and that foreign agent is different from the one which deregistered, and that foreign agent is different from the one which
relayed the Registration Request, the home agent MAY additionally relayed the Registration Request, the home agent MAY additionally
send a Registration Reply to the foreign agent whose care-of address send a Registration Reply to the foreign agent whose care-of address
is being deregistered. The home agent MUST NOT send such a Reply if is being deregistered. The home agent MUST NOT send such a Reply if
it does not share a mobility security association with the foreign it does not share a mobility security association with the foreign
agent. If no Reply is sent, the foreign agent's visitor list will agent. If no Reply is sent, the foreign agent's visitor list will
expire naturally when the original Lifetime expires. expire naturally when the original Lifetime expires.
When a foreign agent relays a deregistration message containing a
care-of address that it does not own, it MUST NOT add a Foreign-Home
Authentication Extension to that deregistration. See Section 3.5.4
for more details.
The home agent MUST NOT increase the Lifetime above that specified by The home agent MUST NOT increase the Lifetime above that specified by
the mobile node in the Registration Request. However, it is not an the mobile node in the Registration Request. However, it is not an
error for the mobile node to request a Lifetime longer than the home error for the mobile node to request a Lifetime longer than the home
agent is willing to accept. In this case, the home agent simply agent is willing to accept. In this case, the home agent simply
reduces the Lifetime to a permissible value and returns this value in reduces the Lifetime to a permissible value and returns this value in
the Registration Reply. The Lifetime value in the Registration Reply the Registration Reply. The Lifetime value in the Registration Reply
informs the mobile node of the granted lifetime of the registration, informs the mobile node of the granted lifetime of the registration,
indicating when it SHOULD re-register in order to maintain continued indicating when it SHOULD re-register in order to maintain continued
service. After the expiration of this registration lifetime, the service. After the expiration of this registration lifetime, the
home agent MUST delete its entry for this registration in its home agent MUST delete its entry for this registration in its
mobility binding list. mobility binding list.
If the Registration Request duplicates an accepted current If the Registration Request duplicates an accepted current
Registration Request, the new Lifetime MUST NOT extend beyond the Registration Request, the new Lifetime MUST NOT extend beyond the
Lifetime originally granted. A Registration Request is a duplicate Lifetime originally granted. A Registration Request is a duplicate
if the home address, care-of address, and Identification fields all if the home address, care-of address, and Identification fields all
equal those of an accepted current registration. equal those of an accepted current registration.
In addition, if the home network implements ARP [36], and the In addition, if the home network implements ARP [16], and the
Registration Request asks the home agent to create a mobility binding Registration Request asks the home agent to create a mobility binding
for a mobile node which previously had no binding (the mobile node for a mobile node which previously had no binding (the mobile node
was previously assumed to be at home), then the home agent MUST was previously assumed to be at home), then the home agent MUST
follow the procedures described in Section 4.6 with regard to ARP, follow the procedures described in Section 4.6 with regard to ARP,
proxy ARP, and gratuitous ARP. If the mobile node already had a proxy ARP, and gratuitous ARP. If the mobile node already had a
previous mobility binding, the home agent MUST continue to follow the previous mobility binding, the home agent MUST continue to follow the
rules for proxy ARP described in Section 4.6. rules for proxy ARP described in Section 4.6.
3.8.2.3. Denying an Invalid Request 3.8.2.3. Denying an Invalid Request
If the Registration Reply does not satisfy all of the validity checks If the Registration Request does not satisfy all of the validity
in Section 3.8.2.1, or the home agent is unable to accommodate the checks in Section 3.8.2.1, or the home agent is unable to accommodate
Request, the home agent SHOULD return a Registration Reply to the the Request, the home agent SHOULD return a Registration Reply to the
mobile node with a Code that indicates the reason for the error. If mobile node with a Code that indicates the reason for the error. If
a foreign agent was involved in relaying the Request, this allows the a foreign agent was involved in relaying the Request, this allows the
foreign agent to delete its pending visitor list entry. Also, this foreign agent to delete its pending visitor list entry. Also, this
informs the mobile node of the reason for the error such that it may informs the mobile node of the reason for the error such that it may
attempt to fix the error and issue another Request. attempt to fix the error and issue another Request.
This section lists a number of reasons the home agent might reject a This section lists a number of reasons the home agent might reject a
Request, and provides the Code value it should use in each instance. Request, and provides the Code value it should use in each instance.
See Section 3.8.3 for additional details on building the Registration See Section 3.8.3 for additional details on building the Registration
Reply message. Reply message.
skipping to change at page 59, line 47 skipping to change at page 64, line 38
with a Code of 129. with a Code of 129.
Requests with non-zero bits in reserved fields MUST be rejected with Requests with non-zero bits in reserved fields MUST be rejected with
code 134 (poorly formed request). code 134 (poorly formed request).
3.8.3. Sending Registration Replies 3.8.3. Sending Registration Replies
If the home agent accepts a Registration Request, it then MUST update If the home agent accepts a Registration Request, it then MUST update
its record of the mobile node's mobility binding(s) and SHOULD send a its record of the mobile node's mobility binding(s) and SHOULD send a
Registration Reply with a suitable Code. Otherwise (the home agent Registration Reply with a suitable Code. Otherwise (the home agent
has denied the Request), it SHOULD send a Registration Reply with an has denied the Request), it it SHOULD in most cases send a
appropriate Code specifying the reason the Request was denied. The Registration Reply with an appropriate Code specifying the reason the
following sections provide additional detail for the values the home Request was denied. The following sections provide additional detail
agent MUST supply in the fields of Registration Reply messages. for the values the home agent MUST supply in the fields of
Registration Reply messages.
3.8.3.1. IP/UDP Fields 3.8.3.1. IP/UDP Fields
This section provides the specific rules by which home agents pick This section provides the specific rules by which home agents pick
values for the IP and UDP header fields of a Registration Reply. values for the IP and UDP header fields of a Registration Reply.
IP Source Address IP Source Address
Copied from the IP Destination Address of Registration
Request, unless a multicast or broadcast address was Copied from the IP Destination Address of Registration Request,
used. If the IP Destination Address of the Registration unless a multicast or broadcast address was used. If the IP
Request was a broadcast or multicast address, the IP Destination Address of the Registration Request was a broadcast or
Source Address of the Registration Reply MUST be set to multicast address, the IP Source Address of the Registration Reply
the home agent's (unicast) IP address. MUST be set to the home agent's (unicast) IP address.
IP Destination Address IP Destination Address
Copied from the IP Source Address of the Registration
Request. Copied from the IP Source Address of the Registration Request.
UDP Source Port UDP Source Port
Copied from the UDP Destination Port of the Registration
Request. Copied from the UDP Destination Port of the Registration Request.
UDP Destination Port UDP Destination Port
Copied from the UDP Source Port of the Registration
Request. Copied from the UDP Source Port of the Registration Request.
When sending a Registration Reply in response to a Registration When sending a Registration Reply in response to a Registration
Request that requested deregistration of the mobile node (the Request that requested deregistration of the mobile node (the
Lifetime is zero and the Care-of Address equals the mobile node's Lifetime is zero and the Care-of Address equals the mobile node's
home address) and in which the IP Source Address was also set to the home address) and in which the IP Source Address was also set to the
mobile node's home address (this is the normal method used by a mobile node's home address (this is the normal method used by a
mobile node to deregister when it returns to its home network), the mobile node to deregister when it returns to its home network), the
IP Destination Address in the Registration Reply will be set to the IP Destination Address in the Registration Reply will be set to the
mobile node's home address, as copied from the IP Source Address of mobile node's home address, as copied from the IP Source Address of
the Request. the Request.
skipping to change at page 61, line 26 skipping to change at page 66, line 21
The Lifetime field MUST be copied from the corresponding field in the The Lifetime field MUST be copied from the corresponding field in the
Registration Request, unless the requested value is greater than the Registration Request, unless the requested value is greater than the
maximum length of time the home agent is willing to provide the maximum length of time the home agent is willing to provide the
requested service. In such a case, the Lifetime MUST be set to the requested service. In such a case, the Lifetime MUST be set to the
length of time that service will actually be provided by the home length of time that service will actually be provided by the home
agent. This reduced Lifetime SHOULD be the maximum Lifetime allowed agent. This reduced Lifetime SHOULD be the maximum Lifetime allowed
by the home agent (for this mobile node and care-of address). by the home agent (for this mobile node and care-of address).
If the Home Address field of the Registration Request is nonzero, it If the Home Address field of the Registration Request is nonzero, it
MUST be copied into the Home Address field of the Registration Reply MUST be copied into the Home Address field of the Registration Reply
message. Otherwise, if the Home Address field of the Registration message. If the Home Agent cannot support the specified nonzero
Request is zero as specified in section 3.6, the home agent SHOULD unicast address in the Home Address field of the Registration
arrange for the selection of a home address for the mobile node, and Request, then the Home Agent MUST reject the Registration Request
insert the selected address into the Home Address field of the with an error code of 129.
Registration Reply message. See [6] for further relevant details in
the case where mobile nodes identify themselves using an NAI instead Otherwise, if the Home Address field of the Registration Request is
of their IP home address. zero as specified in Section 3.6, the home agent SHOULD arrange for
the selection of a home address for the mobile node, and insert the
selected address into the Home Address field of the Registration
Reply message. See [2] for further relevant details in the case
where mobile nodes identify themselves using an NAI instead of their
IP home address.
If the Home Agent field in the Registration Request contains a If the Home Agent field in the Registration Request contains a
unicast address of this home agent, then that field MUST be copied unicast address of this home agent, then that field MUST be copied
into the Home Agent field of the Registration Reply. Otherwise, the into the Home Agent field of the Registration Reply. Otherwise, the
home agent MUST set the Home Agent field in the Registration Reply to home agent MUST set the Home Agent field in the Registration Reply to
its unicast address. In this latter case, the home agent MUST reject its unicast address. In this latter case, the home agent MUST reject
the registration with a suitable code (e.g., Code 136) to prevent the the registration with a suitable code (e.g., Code 136) to prevent the
mobile node from possibly being simultaneously registered with two or mobile node from possibly being simultaneously registered with two or
more home agents. more home agents.
3.8.3.3. Extensions 3.8.3.3. Extensions
This section describes the ordering of any required and any optional This section describes the ordering of any required and any optional
Mobile IP Extensions that a home agent appends to a Registration Mobile IP Extensions that a home agent appends to a Registration
Reply. The following ordering MUST be followed: Reply. The following ordering MUST be followed:
a) The IP header, followed by the UDP header, followed by the a. The IP header, followed by the UDP header, followed by the fixed-
fixed-length portion of the Registration Reply, length portion of the Registration Reply,
b) If present, any non-authentication Extensions used by the b. If present, any non-authentication Extensions used by the mobile
mobile node (which may or may not also be used by the foreign node (which may or may not also be used by the foreign agent),
agent),
c) The Mobile-Home Authentication Extension, c. The Mobile-Home Authentication Extension,
d) If present, any non-authentication Extensions used only by the d. If present, any non-authentication Extensions used only by the
foreign agent, and foreign agent, and
e) The Foreign-Home Authentication Extension, if present. e. The Foreign-Home Authentication Extension, if present.
Note that items (a) and (c) MUST appear in every Registration Reply Note that items (a) and (c) MUST appear in every Registration Reply
sent by the home agent. Items (b), (d), and (e) are optional. sent by the home agent. Items (b), (d), and (e) are optional.
However, item (e) MUST be included when the home agent and the However, item (e) MUST be included when the home agent and the
foreign agent share a mobility security association. foreign agent share a mobility security association.
4. Routing Considerations 4. Routing Considerations
This section describes how mobile nodes, home agents, and (possibly) This section describes how mobile nodes, home agents, and (possibly)
foreign agents cooperate to route datagrams to/from mobile nodes that foreign agents cooperate to route datagrams to/from mobile nodes that
are connected to a foreign network. The mobile node informs its home are connected to a foreign network. The mobile node informs its home
agent of its current location using the registration procedure agent of its current location using the registration procedure
described in Section 3. See the protocol overview in Section 1.7 for described in Section 3. See the protocol overview in Section 1.7 for
the relative locations of the mobile node's home address with respect the relative locations of the mobile node's home address with respect
to its home agent, and the mobile node itself with respect to any to its home agent, and the mobile node itself with respect to any
foreign agent with which it might attempt to register. foreign agent with which it might attempt to register.
4.1. Encapsulation Types 4.1. Encapsulation Types
Home agents and foreign agents MUST support tunneling datagrams using Home agents and foreign agents MUST support tunneling datagrams using
IP in IP encapsulation [32]. Any mobile node that uses a co-located IP in IP encapsulation [14]. Any mobile node that uses a co-located
care-of address MUST support receiving datagrams tunneled using IP in care-of address MUST support receiving datagrams tunneled using IP in
IP encapsulation. Minimal encapsulation [34] and GRE encapsulation IP encapsulation. Minimal encapsulation [15] and GRE encapsulation
[16] are alternate encapsulation methods which MAY optionally be [13] are alternate encapsulation methods which MAY optionally be
supported by mobility agents and mobile nodes. The use of these supported by mobility agents and mobile nodes. The use of these
alternative forms of encapsulation, when requested by the mobile alternative forms of encapsulation, when requested by the mobile
node, is otherwise at the discretion of the home agent. node, is otherwise at the discretion of the home agent.
4.2. Unicast Datagram Routing 4.2. Unicast Datagram Routing
4.2.1. Mobile Node Considerations 4.2.1. Mobile Node Considerations
When connected to its home network, a mobile node operates without When connected to its home network, a mobile node operates without
the support of mobility services. That is, it operates in the same the support of mobility services. That is, it operates in the same
way as any other (fixed) host or router. The method by which a way as any other (fixed) host or router. The method by which a
mobile node selects a default router when connected to its home mobile node selects a default router when connected to its home
network, or when away from home and using a co-located care-of network, or when away from home and using a co-located care-of
address, is outside the scope of this document. ICMP Router address, is outside the scope of this document. ICMP Router
Advertisement [10] is one such method. Advertisement [5] is one such method.
When registered on a foreign network, the mobile node chooses a When registered on a foreign network, the mobile node chooses a
default router by the following rules: default router by the following rules:
- If the mobile node is registered using a foreign agent care-of o If the mobile node is registered using a foreign agent care-of
address, it MAY use its foreign agent as a first-hop router. address, it MAY use its foreign agent as a first-hop router. The
The foreign agent's MAC address can be learned from Agent foreign agent's MAC address can be learned from Agent
Advertisement. Otherwise, the mobile node MUST choose its Advertisement. Otherwise, the mobile node MUST choose its default
default router from among the Router Addresses advertised in router from among the Router Addresses advertised in the ICMP
the ICMP Router Advertisement portion of that Agent Router Advertisement portion of that Agent Advertisement message.
Advertisement message.
- If the mobile node is registered directly with its home agent o If the mobile node is registered directly with its home agent
using a co-located care-of address, then the mobile node SHOULD using a co-located care-of address, then the mobile node SHOULD
choose its default router from among those advertised in any choose its default router from among those advertised in any ICMP
ICMP Router Advertisement message that it receives for which Router Advertisement message that it receives for which its
its externally obtained care-of address and the Router Address externally obtained care-of address and the Router Address match
match under the network prefix. If the mobile node's under the network prefix. If the mobile node's externally
externally obtained care-of address matches the IP source obtained care-of address matches the IP source address of the
address of the Agent Advertisement under the network prefix, Agent Advertisement under the network prefix, the mobile node MAY
the mobile node MAY also consider that IP source address as also consider that IP source address as another possible choice
another possible choice for the IP address of a default router. for the IP address of a default router. The network prefix MAY be
The network prefix MAY be obtained from the Prefix-Lengths obtained from the Prefix-Lengths Extension in the Router
Extension in the Router Advertisement, if present. The prefix Advertisement, if present. The prefix MAY also be obtained
MAY also be obtained through other mechanisms beyond the scope through other mechanisms beyond the scope of this document.
of this document.
While they are away from the home network, mobile nodes MUST NOT While they are away from the home network, mobile nodes MUST NOT
broadcast ARP packets to find the MAC address of another Internet broadcast ARP packets to find the MAC address of another Internet
node. Thus, the (possibly empty) list of Router Addresses from the node. Thus, the (possibly empty) list of Router Addresses from the
ICMP Router Advertisement portion of the message is not useful for ICMP Router Advertisement portion of the message is not useful for
selecting a default router, unless the mobile node has some means not selecting a default router, unless the mobile node has some means not
involving broadcast ARP and not specified within this document for involving broadcast ARP and not specified within this document for
obtaining the MAC address of one of the routers in the list. obtaining the MAC address of one of the routers in the list.
Similarly, in the absence of unspecified mechanisms for obtaining MAC Similarly, in the absence of unspecified mechanisms for obtaining MAC
addresses on foreign networks, the mobile node MUST ignore redirects addresses on foreign networks, the mobile node MUST ignore redirects
skipping to change at page 64, line 30 skipping to change at page 70, line 10
A foreign agent MUST NOT use broadcast ARP for a mobile node's MAC A foreign agent MUST NOT use broadcast ARP for a mobile node's MAC
address on a foreign network. It may obtain the MAC address by address on a foreign network. It may obtain the MAC address by
copying the information from an Agent Solicitation or a Registration copying the information from an Agent Solicitation or a Registration
Request transmitted from a mobile node. A foreign agent's ARP cache Request transmitted from a mobile node. A foreign agent's ARP cache
for the mobile node's IP address MUST NOT be allowed to expire before for the mobile node's IP address MUST NOT be allowed to expire before
the mobile node's visitor list entry expires, unless the foreign the mobile node's visitor list entry expires, unless the foreign
agent has some way other than broadcast ARP to refresh its MAC agent has some way other than broadcast ARP to refresh its MAC
address associated with the mobile node's IP address. address associated with the mobile node's IP address.
Each foreign agent SHOULD support the mandatory features for reverse Each foreign agent SHOULD support the mandatory features for reverse
tunneling [27]. tunneling [12].
4.2.3. Home Agent Considerations 4.2.3. Home Agent Considerations
The home agent MUST be able to intercept any datagrams on the home The home agent MUST be able to intercept any datagrams on the home
network addressed to the mobile node while the mobile node is network addressed to the mobile node while the mobile node is
registered away from home. Proxy and gratuitous ARP MAY be used in registered away from home. Proxy and gratuitous ARP MAY be used in
enabling this interception, as specified in Section 4.6. enabling this interception, as specified in Section 4.6.
The home agent must examine the IP Destination Address of all The home agent must examine the IP Destination Address of all
arriving datagrams to see if it is equal to the home address of any arriving datagrams to see if it is equal to the home address of any
of its mobile nodes registered away from home. If so, the home agent of its mobile nodes registered away from home. If so, the home agent
tunnels the datagram to the mobile node's currently registered care- tunnels the datagram to the mobile node's currently registered
of address or addresses. If the home agent supports the optional care-of address or addresses. If the home agent supports the
capability of multiple simultaneous mobility bindings, it tunnels a optional capability of multiple simultaneous mobility bindings, it
copy to each care-of address in the mobile node's mobility binding tunnels a copy to each care-of address in the mobile node's mobility
list. If the mobile node has no current mobility bindings, the home binding list. If the mobile node has no current mobility bindings,
agent MUST NOT attempt to intercept datagrams destined for the mobile the home agent MUST NOT attempt to intercept datagrams destined for
node, and thus will not in general receive such datagrams. However, the mobile node, and thus will not in general receive such datagrams.
if the home agent is also a router handling common IP traffic, it is However, if the home agent is also a router handling common IP
possible that it will receive such datagrams for forwarding onto the traffic, it is possible that it will receive such datagrams for
home network. In this case, the home agent MUST assume the mobile forwarding onto the home network. In this case, the home agent MUST
node is at home and simply forward the datagram directly onto the assume the mobile node is at home and simply forward the datagram
home network. directly onto the home network.
For multihomed home agents, the source address in the outer IP header For multihomed home agents, the source address in the outer IP header
of the encapsulated datagram MUST be the address sent to the mobile of the encapsulated datagram MUST be the address sent to the mobile
node in the home agent field of the registration reply. That is, the node in the home agent field of the registration reply. That is, the
home agent cannot use the the address of some other network interface home agent cannot use the the address of some other network interface
as the source address. as the source address.
See Section 4.1 regarding methods of encapsulation that may be used See Section 4.1 regarding methods of encapsulation that may be used
for tunneling. Nodes implementing tunneling SHOULD also implement for tunneling. Nodes implementing tunneling SHOULD also implement
the "tunnel soft state" mechanism [32], which allows ICMP error the "tunnel soft state" mechanism [14], which allows ICMP error
messages returned from the tunnel to correctly be reflected back to messages returned from the tunnel to correctly be reflected back to
the original senders of the tunneled datagrams. the original senders of the tunneled datagrams.
Home agents MUST decapsulate packets addressed to themselves, sent by Home agents MUST decapsulate packets addressed to themselves, sent by
a mobile node for the purpose of maintaining location privacy, as a mobile node for the purpose of maintaining location privacy, as
described in Section 5.5. This feature is also required for support described in Section 5.5. This feature is also required for support
of reverse tunneling [27]. of reverse tunneling [12].
If the Lifetime for a given mobility binding expires before the home If the Lifetime for a given mobility binding expires before the home
agent has received another valid Registration Request for that mobile agent has received another valid Registration Request for that mobile
node, then that binding is deleted from the mobility binding list. node, then that binding is deleted from the mobility binding list.
The home agent MUST NOT send any Registration Reply message simply The home agent MUST NOT send any Registration Reply message simply
because the mobile node's binding has expired. The entry in the because the mobile node's binding has expired. The entry in the
visitor list of the mobile node's current foreign agent will expire visitor list of the mobile node's current foreign agent will expire
naturally, probably at the same time as the binding expired at the naturally, probably at the same time as the binding expired at the
home agent. When a mobility binding's lifetime expires, the home home agent. When a mobility binding's lifetime expires, the home
agent MUST delete the binding, but it MUST retain any other (non- agent MUST delete the binding, but it MUST retain any other (non-
expired) simultaneous mobility bindings that it holds for the mobile expired) simultaneous mobility bindings that it holds for the mobile
node. node.
When a home agent receives a datagram, intercepted for one of its When a home agent receives a datagram, intercepted for one of its
mobile nodes registered away from home, the home agent MUST examine mobile nodes registered away from home, the home agent MUST examine
the datagram to check if it is already encapsulated. If so, special the datagram to check if it is already encapsulated. If so, special
rules apply in the forwarding of that datagram to the mobile node: rules apply in the forwarding of that datagram to the mobile node:
- If the inner (encapsulated) Destination Address is the same as o If the inner (encapsulated) Destination Address is the same as the
the outer Destination Address (the mobile node), then the home outer Destination Address (the mobile node), then the home agent
agent MUST also examine the outer Source Address of the MUST also examine the outer Source Address of the encapsulated
encapsulated datagram (the source address of the tunnel). If datagram (the source address of the tunnel). If this outer Source
this outer Source Address is the same as the mobile node's Address is the same as the mobile node's current care-of address,
current care-of address, the home agent MUST silently discard the home agent MUST silently discard that datagram in order to
that datagram in order to prevent a likely routing loop. If, prevent a likely routing loop. If, instead, the outer Source
instead, the outer Source Address is NOT the same as the mobile Address is NOT the same as the mobile node's current care-of
node's current care-of address, then the home agent SHOULD address, then the home agent SHOULD forward the datagram to the
forward the datagram to the mobile node. In order to forward mobile node. In order to forward the datagram in this case, the
the datagram in this case, the home agent MAY simply alter the home agent MAY simply alter the outer Destination Address to the
outer Destination Address to the care-of address, rather than care-of address, rather than re-encapsulating the datagram.
re-encapsulating the datagram.
- Otherwise (the inner Destination Address is NOT the same as the o Otherwise (the inner Destination Address is NOT the same as the
outer Destination Address), the home agent SHOULD encapsulate outer Destination Address), the home agent SHOULD encapsulate the
the datagram again (nested encapsulation), with the new outer datagram again (nested encapsulation), with the new outer
Destination Address set equal to the mobile node's care-of Destination Address set equal to the mobile node's care-of
address. That is, the home agent forwards the entire datagram address. That is, the home agent forwards the entire datagram to
to the mobile node in the same way as any other datagram the mobile node in the same way as any other datagram
(encapsulated already or not). (encapsulated already or not).
4.3. Broadcast Datagrams 4.3. Broadcast Datagrams
When a home agent receives a broadcast datagram, it MUST NOT forward When a home agent receives a broadcast datagram, it MUST NOT forward
the datagram to any mobile nodes in its mobility binding list other the datagram to any mobile nodes in its mobility binding list other
than those that have requested forwarding of broadcast datagrams. A than those that have requested forwarding of broadcast datagrams. A
mobile node MAY request forwarding of broadcast datagrams by setting mobile node MAY request forwarding of broadcast datagrams by setting
the 'B' bit in its Registration Request message (Section 3.3). For the 'B' bit in its Registration Request message (Section 3.3). For
each such registered mobile node, the home agent SHOULD forward each such registered mobile node, the home agent SHOULD forward
received broadcast datagrams to the mobile node, although it is a received broadcast datagrams to the mobile node, although it is a
matter of configuration at the home agent as to which specific matter of configuration at the home agent as to which specific
categories of broadcast datagrams will be forwarded to such mobile categories of broadcast datagrams will be forwarded to such mobile
nodes. nodes.
If the 'D' bit was set in the mobile node's Registration Request If the 'D' bit was set in the mobile node's Registration Request
message, indicating that the mobile node is using a co-located care- message, indicating that the mobile node is using a co-located
of address, the home agent simply tunnels appropriate broadcast IP care-of address, the home agent simply tunnels appropriate broadcast
datagrams to the mobile node's care-of address. Otherwise (the 'D' IP datagrams to the mobile node's care-of address. Otherwise (the
bit was NOT set), the home agent first encapsulates the broadcast 'D' bit was NOT set), the home agent first encapsulates the broadcast
datagram in a unicast datagram addressed to the mobile node's home datagram in a unicast datagram addressed to the mobile node's home
address, and then tunnels this encapsulated datagram to the foreign address, and then tunnels this encapsulated datagram to the foreign
agent. This extra level of encapsulation is required so that the agent. This extra level of encapsulation is required so that the
foreign agent can determine which mobile node should receive the foreign agent can determine which mobile node should receive the
datagram after it is decapsulated. When received by the foreign datagram after it is decapsulated. When received by the foreign
agent, the unicast encapsulated datagram is detunneled and delivered agent, the unicast encapsulated datagram is detunneled and delivered
to the mobile node in the same way as any other datagram. In either to the mobile node in the same way as any other datagram. In either
case, the mobile node must decapsulate the datagram it receives in case, the mobile node must decapsulate the datagram it receives in
order to recover the original broadcast datagram. order to recover the original broadcast datagram.
skipping to change at page 67, line 10 skipping to change at page 72, line 36
router. Thus, when it is at home, a mobile node functions router. Thus, when it is at home, a mobile node functions
identically to other multicast senders and receivers. This section identically to other multicast senders and receivers. This section
therefore describes the behavior of a mobile node that is visiting a therefore describes the behavior of a mobile node that is visiting a
foreign network. foreign network.
In order to receive multicasts, a mobile node MUST join the multicast In order to receive multicasts, a mobile node MUST join the multicast
group in one of two ways. First, a mobile node MAY join the group group in one of two ways. First, a mobile node MAY join the group
via a (local) multicast router on the visited subnet. This option via a (local) multicast router on the visited subnet. This option
assumes that there is a multicast router present on the visited assumes that there is a multicast router present on the visited
subnet. If the mobile node is using a co-located care-of address, it subnet. If the mobile node is using a co-located care-of address, it
SHOULD use this address as the source IP address of its IGMP [11] SHOULD use this address as the source IP address of its IGMP [6]
messages. Otherwise, it MAY use its home address. messages. Otherwise, it MAY use its home address.
Alternatively, a mobile node which wishes to receive multicasts MAY Alternatively, a mobile node which wishes to receive multicasts MAY
join groups via a bi-directional tunnel to its home agent, assuming join groups via a bi-directional tunnel to its home agent, assuming
that its home agent is a multicast router. The mobile node tunnels that its home agent is a multicast router. The mobile node tunnels
IGMP messages to its home agent and the home agent forwards multicast IGMP messages to its home agent and the home agent forwards multicast
datagrams down the tunnel to the mobile node. For packets tunneled datagrams down the tunnel to the mobile node. For packets tunneled
to the home agent, the source address in the IP header SHOULD be the to the home agent, the source address in the IP header SHOULD be the
mobile node's home address. mobile node's home address.
skipping to change at page 68, line 10 skipping to change at page 73, line 36
a ship, a train, an automobile, a bicycle, or a kayak. The nodes a ship, a train, an automobile, a bicycle, or a kayak. The nodes
connected to a network served by the mobile router may themselves be connected to a network served by the mobile router may themselves be
fixed nodes or mobile nodes or routers. In this document, such fixed nodes or mobile nodes or routers. In this document, such
networks are called "mobile networks". networks are called "mobile networks".
A mobile router MAY act as a foreign agent and provide a foreign A mobile router MAY act as a foreign agent and provide a foreign
agent care-of address to mobile nodes connected to the mobile agent care-of address to mobile nodes connected to the mobile
network. Typical routing to a mobile node via a mobile router in network. Typical routing to a mobile node via a mobile router in
this case is illustrated by the following example: this case is illustrated by the following example:
a) A laptop computer is disconnected from its home network and a. A laptop computer is disconnected from its home network and later
later attached to a network port in the seat back of an attached to a network port in the seat back of an aircraft. The
aircraft. The laptop computer uses Mobile IP to register on laptop computer uses Mobile IP to register on this foreign
this foreign network, using a foreign agent care-of address network, using a foreign agent care-of address discovered through
discovered through an Agent Advertisement from the aircraft's an Agent Advertisement from the aircraft's foreign agent.
foreign agent.
b) The aircraft network is itself mobile. Suppose the node b. The aircraft network is itself mobile. Suppose the node serving
serving as the foreign agent on the aircraft also serves as the as the foreign agent on the aircraft also serves as the default
default router that connects the aircraft network to the rest router that connects the aircraft network to the rest of the
of the Internet. When the aircraft is at home, this router is Internet. When the aircraft is at home, this router is attached
attached to some fixed network at the airline's headquarters, to some fixed network at the airline's headquarters, which is the
which is the router's home network. While the aircraft is in router's home network. While the aircraft is in flight, this
flight, this router registers from time to time over its radio router registers from time to time over its radio link with a
link with a series of foreign agents below it on the ground. series of foreign agents below it on the ground. This router's
This router's home agent is a node on the fixed network at the home agent is a node on the fixed network at the airline's
airline's headquarters. headquarters.
c) Some correspondent node sends a datagram to the laptop c. Some correspondent node sends a datagram to the laptop computer,
computer, addressing the datagram to the laptop's home address. addressing the datagram to the laptop's home address. This
This datagram is initially routed to the laptop's home network. datagram is initially routed to the laptop's home network.
d) The laptop's home agent intercepts the datagram on the home d. The laptop's home agent intercepts the datagram on the home
network and tunnels it to the laptop's care-of address, which network and tunnels it to the laptop's care-of address, which in
in this example is an address of the node serving as router and this example is an address of the node serving as router and
foreign agent on the aircraft. Normal IP routing will route foreign agent on the aircraft. Normal IP routing will route the
the datagram to the fixed network at the airline's datagram to the fixed network at the airline's headquarters.
headquarters.
e) The aircraft router and foreign agent's home agent there e. The aircraft router and foreign agent's home agent there
intercepts the datagram and tunnels it to its current care-of intercepts the datagram and tunnels it to its current care-of
address, which in this example is some foreign agent on the address, which in this example is some foreign agent on the
ground below the aircraft. The original datagram from the ground below the aircraft. The original datagram from the
correspondent node has now been encapsulated twice: once by correspondent node has now been encapsulated twice: once by the
the laptop's home agent and again by the aircraft's home agent. laptop's home agent and again by the aircraft's home agent.
f) The foreign agent on the ground decapsulates the datagram, f. The foreign agent on the ground decapsulates the datagram,
yielding a datagram still encapsulated by the laptop's home yielding a datagram still encapsulated by the laptop's home
agent, with a destination address of the laptop's care-of agent, with a destination address of the laptop's care-of
address. The ground foreign agent sends the resulting datagram address. The ground foreign agent sends the resulting datagram
over its radio link to the aircraft. over its radio link to the aircraft.
g) The foreign agent on the aircraft decapsulates the datagram, g. The foreign agent on the aircraft decapsulates the datagram,
yielding the original datagram from the correspondent node, yielding the original datagram from the correspondent node, with
with a destination address of the laptop's home address. The a destination address of the laptop's home address. The aircraft
aircraft foreign agent delivers the datagram over the aircraft foreign agent delivers the datagram over the aircraft network to
network to the laptop's link-layer address. the laptop's link-layer address.
This example illustrated the case in which a mobile node is attached This example illustrated the case in which a mobile node is attached
to a mobile network. That is, the mobile node is mobile with respect to a mobile network. That is, the mobile node is mobile with respect
to the network, which itself is also mobile (here with respect to the to the network, which itself is also mobile (here with respect to the
ground). If, instead, the node is fixed with respect to the mobile ground). If, instead, the node is fixed with respect to the mobile
network (the mobile network is the fixed node's home network), then network (the mobile network is the fixed node's home network), then
either of two methods may be used to cause datagrams from either of two methods may be used to cause datagrams from
correspondent nodes to be routed to the fixed node. correspondent nodes to be routed to the fixed node.
A home agent MAY be configured to have a permanent registration for A home agent MAY be configured to have a permanent registration for
the fixed node, that indicates the mobile router's address as the the fixed node, that indicates the mobile router's address as the
fixed host's care-of address. The mobile router's home agent will fixed host's care-of address. The mobile router's home agent will
usually be used for this purpose. The home agent is then responsible usually be used for this purpose. The home agent is then responsible
for advertising connectivity using normal routing protocols to the for advertising connectivity using normal routing protocols to the
fixed node. Any datagrams sent to the fixed node will thus use fixed node. Any datagrams sent to the fixed node will thus use
nested tunneling as described above. nested tunneling as described above.
Alternatively, the mobile router MAY advertise connectivity to the Alternatively, the mobile router MAY advertise connectivity to the
entire mobile network using normal IP routing protocols through a entire mobile network using normal IP routing protocols through a bi-
bi-directional tunnel to its own home agent. This method avoids the directional tunnel to its own home agent. This method avoids the
need for nested tunneling of datagrams. need for nested tunneling of datagrams.
4.6. ARP, Proxy ARP, and Gratuitous ARP 4.6. ARP, Proxy ARP, and Gratuitous ARP
The use of ARP [36] requires special rules for correct operation when The use of ARP [16] requires special rules for correct operation when
wireless or mobile nodes are involved. The requirements specified in wireless or mobile nodes are involved. The requirements specified in
this section apply to all home networks in which ARP is used for this section apply to all home networks in which ARP is used for
address resolution. address resolution.
In addition to the normal use of ARP for resolving a target node's In addition to the normal use of ARP for resolving a target node's
link-layer address from its IP address, this document distinguishes link-layer address from its IP address, this document distinguishes
two special uses of ARP: two special uses of ARP:
- A Proxy ARP [39] is an ARP Reply sent by one node on behalf of o A Proxy ARP [46] is an ARP Reply sent by one node on behalf of
another node which is either unable or unwilling to answer its another node which is either unable or unwilling to answer its own
own ARP Requests. The sender of a Proxy ARP reverses the ARP Requests. The sender of a Proxy ARP reverses the Sender and
Sender and Target Protocol Address fields as described in [36], Target Protocol Address fields as described in [16], but supplies
but supplies some configured link-layer address (generally, its some configured link-layer address (generally, its own) in the
own) in the Sender Hardware Address field. The node receiving Sender Hardware Address field. The node receiving the Reply will
the Reply will then associate this link-layer address with the then associate this link-layer address with the IP address of the
IP address of the original target node, causing it to transmit original target node, causing it to transmit future datagrams for
future datagrams for this target node to the node with that this target node to the node with that link-layer address.
link-layer address.
- A Gratuitous ARP [45] is an ARP packet sent by a node in order o A Gratuitous ARP [42] is an ARP packet sent by a node in order to
to spontaneously cause other nodes to update an entry in their spontaneously cause other nodes to update an entry in their ARP
ARP cache. A gratuitous ARP MAY use either an ARP Request or cache. A gratuitous ARP MAY use either an ARP Request or an ARP
an ARP Reply packet. In either case, the ARP Sender Protocol Reply packet. In either case, the ARP Sender Protocol Address and
Address and ARP Target Protocol Address are both set to the IP ARP Target Protocol Address are both set to the IP address of the
address of the cache entry to be updated, and the ARP Sender cache entry to be updated, and the ARP Sender Hardware Address is
Hardware Address is set to the link-layer address to which this set to the link-layer address to which this cache entry should be
cache entry should be updated. When using an ARP Reply packet, updated. When using an ARP Reply packet, the Target Hardware
the Target Hardware Address is also set to the link-layer Address is also set to the link-layer address to which this cache
address to which this cache entry should be updated (this field entry should be updated (this field is not used in an ARP Request
is not used in an ARP Request packet). packet).
In either case, for a gratuitous ARP, the ARP packet MUST be In either case, for a gratuitous ARP, the ARP packet MUST be
transmitted as a local broadcast packet on the local link. As transmitted as a local broadcast packet on the local link. As
specified in [36], any node receiving any ARP packet (Request specified in [16], any node receiving any ARP packet (Request or
or Reply) MUST update its local ARP cache with the Sender Reply) MUST update its local ARP cache with the Sender Protocol
Protocol and Hardware Addresses in the ARP packet, if the and Hardware Addresses in the ARP packet, if the receiving node
receiving node has an entry for that IP address already in its has an entry for that IP address already in its ARP cache. This
ARP cache. This requirement in the ARP protocol applies even requirement in the ARP protocol applies even for ARP Request
for ARP Request packets, and for ARP Reply packets that do not packets, and for ARP Reply packets that do not match any ARP
match any ARP Request transmitted by the receiving node [36]. Request transmitted by the receiving node [16].
While a mobile node is registered on a foreign network, its home While a mobile node is registered on a foreign network, its home
agent uses proxy ARP [39] to reply to ARP Requests it receives that agent uses proxy ARP [46] to reply to ARP Requests it receives that
seek the mobile node's link-layer address. When receiving an ARP seek the mobile node's link-layer address. When receiving an ARP
Request, the home agent MUST examine the target IP address of the Request, the home agent MUST examine the target IP address of the
Request, and if this IP address matches the home address of any Request, and if this IP address matches the home address of any
mobile node for which it has a registered mobility binding, the home mobile node for which it has a registered mobility binding, the home
agent MUST transmit an ARP Reply on behalf of the mobile node. After agent MUST transmit an ARP Reply on behalf of the mobile node. After
exchanging the sender and target addresses in the packet [39], the exchanging the sender and target addresses in the packet [46], the
home agent MUST set the sender link-layer address in the packet to home agent MUST set the sender link-layer address in the packet to
the link-layer address of its own interface over which the Reply will the link-layer address of its own interface over which the Reply will
be sent. be sent.
When a mobile node leaves its home network and registers a binding on When a mobile node leaves its home network and registers a binding on
a foreign network, its home agent uses gratuitous ARP to update the a foreign network, its home agent uses gratuitous ARP to update the
ARP caches of nodes on the home network. This causes such nodes to ARP caches of nodes on the home network. This causes such nodes to
associate the link-layer address of the home agent with the mobile associate the link-layer address of the home agent with the mobile
node's home (IP) address. When registering a binding for a mobile node's home (IP) address. When registering a binding for a mobile
node for which the home agent previously had no binding (the mobile node for which the home agent previously had no binding (the mobile
skipping to change at page 71, line 35 skipping to change at page 77, line 9
its home agent. The ARP packet from the home agent MUST be its home agent. The ARP packet from the home agent MUST be
transmitted as a local broadcast on the mobile node's home link, and transmitted as a local broadcast on the mobile node's home link, and
SHOULD be retransmitted a small number of times to increase its SHOULD be retransmitted a small number of times to increase its
reliability; these retransmissions, however, SHOULD proceed in reliability; these retransmissions, however, SHOULD proceed in
parallel with the transmission and processing of its (de)Registration parallel with the transmission and processing of its (de)Registration
Reply. Reply.
While the mobile node is away from home, it MUST NOT transmit any While the mobile node is away from home, it MUST NOT transmit any
broadcast ARP Request or ARP Reply messages. Finally, while the broadcast ARP Request or ARP Reply messages. Finally, while the
mobile node is away from home, it MUST NOT reply to ARP Requests in mobile node is away from home, it MUST NOT reply to ARP Requests in
which the target IP address is its own home address, unless the ARP which the target IP address is its own home address unless the ARP
Request is unicast by a foreign agent with which the mobile node is Request is unicast by a foreign agent with which the mobile node is
attempting to register or a foreign agent with which the mobile node attempting to register or a foreign agent with which the mobile node
has an unexpired registration. In the latter case, the mobile node has an unexpired registration. In the latter case, the mobile node
MUST use a unicast ARP Reply to respond to the foreign agent. Note MUST use a unicast ARP Reply to respond to the foreign agent. Note
that if the mobile node is using a co-located care-of address and that if the mobile node is using a co-located care-of address and
receives an ARP Request in which the target IP address is this care- receives an ARP Request in which the target IP address is this
of address, then the mobile node SHOULD reply to this ARP Request. care-of address, then the mobile node SHOULD reply to this ARP
Note also that, when transmitting a Registration Request on a foreign Request. Note also that, when transmitting a Registration Request on
network, a mobile node may discover the link-layer address of a a foreign network, a mobile node may discover the link-layer address
foreign agent by storing the address as it is received from the Agent of a foreign agent by storing the address as it is received from the
Advertisement from that foreign agent, but not by transmitting a Agent Advertisement from that foreign agent, but not by transmitting
broadcast ARP Request message. a broadcast ARP Request message.
The specific order in which each of the above requirements for the The specific order in which each of the above requirements for the
use of ARP, proxy ARP, and gratuitous ARP are applied, relative to use of ARP, proxy ARP, and gratuitous ARP are applied, relative to
the transmission and processing of the mobile node's Registration the transmission and processing of the mobile node's Registration
Request and Registration Reply messages when leaving home or Request and Registration Reply messages when leaving home or
returning home, are important to the correct operation of the returning home, are important to the correct operation of the
protocol. protocol.
To summarize the above requirements, when a mobile node leaves its To summarize the above requirements, when a mobile node leaves its
home network, the following steps, in this order, MUST be performed: home network, the following steps, in this order, MUST be performed:
- The mobile node decides to register away from home, perhaps o The mobile node decides to register away from home, perhaps
because it has received an Agent Advertisement from a foreign because it has received an Agent Advertisement from a foreign
agent and has not recently received one from its home agent. agent and has not recently received one from its home agent.
- Before transmitting the Registration Request, the mobile node o Before transmitting the Registration Request, the mobile node
disables its own future processing of any ARP Requests it may disables its own future processing of any ARP Requests it may
subsequently receive requesting the link-layer address subsequently receive requesting the link-layer address
corresponding to its home address, except insofar as necessary corresponding to its home address, except insofar as necessary to
to communicate with foreign agents on visited networks. communicate with foreign agents on visited networks.
- The mobile node transmits its Registration Request. o The mobile node transmits its Registration Request.
- When the mobile node's home agent receives and accepts the o When the mobile node's home agent receives and accepts the
Registration Request, it performs a gratuitous ARP on behalf of Registration Request, it performs a gratuitous ARP on behalf of
the mobile node, and begins using proxy ARP to reply to ARP the mobile node, and begins using proxy ARP to reply to ARP
Requests that it receives requesting the mobile node's link- Requests that it receives requesting the mobile node's link-layer
layer address. In the gratuitous ARP, the ARP Sender Hardware address. In the gratuitous ARP, the ARP Sender Hardware Address
Address is set to the link-layer address of the home agent. is set to the link-layer address of the home agent. If, instead,
If, instead, the home agent rejects the Registration Request, the home agent rejects the Registration Request, no ARP processing
no ARP processing (gratuitous nor proxy) is performed by the (gratuitous nor proxy) is performed by the home agent.
home agent.
When a mobile node later returns to its home network, the following When a mobile node later returns to its home network, the following
steps, in this order, MUST be performed: steps, in this order, MUST be performed:
- The mobile node decides to register at home, perhaps because it o The mobile node decides to register at home, perhaps because it
has received an Agent Advertisement from its home agent. has received an Agent Advertisement from its home agent.
- Before transmitting the Registration Request, the mobile node o Before transmitting the Registration Request, the mobile node re-
re-enables its own future processing of any ARP Requests it may enables its own future processing of any ARP Requests it may
subsequently receive requesting its link-layer address. subsequently receive requesting its link-layer address.
- The mobile node performs a gratuitous ARP for itself. In this o The mobile node performs a gratuitous ARP for itself. In this
gratuitous ARP, the ARP Sender Hardware Address is set to the gratuitous ARP, the ARP Sender Hardware Address is set to the
link-layer address of the mobile node. link-layer address of the mobile node.
- The mobile node transmits its Registration Request. o The mobile node transmits its Registration Request.
- When the mobile node's home agent receives and accepts the o When the mobile node's home agent receives and accepts the
Registration Request, it stops using proxy ARP to reply to ARP Registration Request, it stops using proxy ARP to reply to ARP
Requests that it receives requesting the mobile node's link- Requests that it receives requesting the mobile node's link-layer
layer address, and then performs a gratuitous ARP on behalf of address, and then performs a gratuitous ARP on behalf of the
the mobile node. In this gratuitous ARP, the ARP Sender mobile node. In this gratuitous ARP, the ARP Sender Hardware
Hardware Address is set to the link-layer address of the mobile Address is set to the link-layer address of the mobile node. If,
node. If, instead, the home agent rejects the Registration instead, the home agent rejects the Registration Request, the home
Request, the home agent MUST NOT make any change to the way it agent MUST NOT make any change to the way it performs ARP
performs ARP processing (gratuitous nor proxy) for the mobile processing (gratuitous nor proxy) for the mobile node. In this
node. In this latter case, the home agent should operate as if latter case, the home agent should operate as if the mobile node
the mobile node has not returned home, and continue to perform has not returned home, and continue to perform proxy ARP on behalf
proxy ARP on behalf of the mobile node. of the mobile node.
5. Security Considerations 5. Security Considerations
The mobile computing environment is potentially very different from The mobile computing environment is potentially very different from
the ordinary computing environment. In many cases, mobile computers the ordinary computing environment. In many cases, mobile computers
will be connected to the network via wireless links. Such links are will be connected to the network via wireless links. Such links are
particularly vulnerable to passive eavesdropping, active replay particularly vulnerable to passive eavesdropping, active replay
attacks, and other active attacks. attacks, and other active attacks.
5.1. Message Authentication Codes 5.1. Message Authentication Codes
Home agents and mobile nodes MUST be able to perform authentication. Home agents and mobile nodes MUST be able to perform authentication.
The default algorithm is HMAC-MD5 [23], with a key size of 128 bits. The default algorithm is HMAC-MD5 [10], with a key size of 128 bits.
The foreign agent MUST also support authentication using HMAC-MD5 and The foreign agent MUST also support authentication using HMAC-MD5 and
key sizes of 128 bits or greater, with manual key distribution. Keys key sizes of 128 bits or greater, with manual key distribution. Keys
with arbitrary binary values MUST be supported. with arbitrary binary values MUST be supported.
The "prefix+suffix" use of MD5 to protect data and a shared secret is The "prefix+suffix" use of MD5 to protect data and a shared secret is
considered vulnerable to attack by the cryptographic community. considered vulnerable to attack by the cryptographic community.
Where backward compatibility with existing Mobile IP implementations Where backward compatibility with existing Mobile IP implementations
that use this mode is needed, new implementations SHOULD include that use this mode is needed, new implementations SHOULD include
keyed MD5 [41] as one of the additional authentication algorithms for keyed MD5 [19] as one of the additional authentication algorithms for
use when producing and verifying the authentication data that is use when producing and verifying the authentication data that is
supplied with Mobile IP registration messages, for instance in the supplied with Mobile IP registration messages, for instance in the
extensions specified in sections 3.5.2, 3.5.3, and 3.5.4. extensions specified in Section 3.5.2, Section 3.5.3, and
Section 3.5.4.
More authentication algorithms, algorithm modes, key distribution More authentication algorithms, algorithm modes, key distribution
methods, and key sizes MAY also be supported for all of these methods, and key sizes MAY also be supported for all of these
extensions. extensions.
5.2. Areas of Security Concern in this Protocol 5.2. Areas of Security Concern in this Protocol
The registration protocol described in this document will result in a The registration protocol described in this document will result in a
mobile node's traffic being tunneled to its care-of address. This mobile node's traffic being tunneled to its care-of address. This
tunneling feature could be a significant vulnerability if the tunneling feature could be a significant vulnerability if the
registration were not authenticated. Such remote redirection, for registration were not authenticated. Such remote redirection, for
instance as performed by the mobile registration protocol, is widely instance as performed by the mobile registration protocol, is widely
understood to be a security problem in the current Internet if not understood to be a security problem in the current Internet if not
authenticated [2]. Moreover, the Address Resolution Protocol (ARP) authenticated [26]. Moreover, the Address Resolution Protocol (ARP)
is not authenticated, and can potentially be used to steal another is not authenticated, and can potentially be used to steal another
host's traffic. The use of "Gratuitous ARP" (Section 4.6) brings host's traffic. The use of "Gratuitous ARP" (Section 4.6) brings
with it all of the risks associated with the use of ARP. with it all of the risks associated with the use of ARP.
5.3. Key Management 5.3. Key Management
This specification requires a strong authentication mechanism (keyed This specification requires a strong authentication mechanism (keyed
MD5) which precludes many potential attacks based on the Mobile IP MD5) which precludes many potential attacks based on the Mobile IP
registration protocol. However, because key distribution is registration protocol. However, because key distribution is
difficult in the absence of a network key management protocol, difficult in the absence of a network key management protocol,
skipping to change at page 74, line 35 skipping to change at page 80, line 23
The strength of any authentication mechanism depends on several The strength of any authentication mechanism depends on several
factors, including the innate strength of the authentication factors, including the innate strength of the authentication
algorithm, the secrecy of the key used, the strength of the key used, algorithm, the secrecy of the key used, the strength of the key used,
and the quality of the particular implementation. This specification and the quality of the particular implementation. This specification
requires implementation of keyed MD5 for authentication, but does not requires implementation of keyed MD5 for authentication, but does not
preclude the use of other authentication algorithms and modes. For preclude the use of other authentication algorithms and modes. For
keyed MD5 authentication to be useful, the 128-bit key must be both keyed MD5 authentication to be useful, the 128-bit key must be both
secret (that is, known only to authorized parties) and pseudo-random. secret (that is, known only to authorized parties) and pseudo-random.
If nonces are used in connection with replay protection, they must If nonces are used in connection with replay protection, they must
also be selected carefully. Eastlake, et al. [14] provides more also be selected carefully. Eastlake, et al. [8] provides more
information on generating pseudo-random numbers. information on generating pseudo-random numbers.
5.5. Privacy 5.5. Privacy
Users who have sensitive data that they do not wish others to see Users who have sensitive data that they do not wish others to see
should use mechanisms outside the scope of this document (such as should use mechanisms outside the scope of this document (such as
encryption) to provide appropriate protection. Users concerned about encryption) to provide appropriate protection. Users concerned about
traffic analysis should consider appropriate use of link encryption. traffic analysis should consider appropriate use of link encryption.
If absolute location privacy is desired, the mobile node can create a If absolute location privacy is desired, the mobile node can create a
tunnel to its home agent. Then, datagrams destined for correspondent tunnel to its home agent. Then, datagrams destined for correspondent
nodes will appear to emanate from the home network, and it may be nodes will appear to emanate from the home network, and it may be
more difficult to pinpoint the location of the mobile node. Such more difficult to pinpoint the location of the mobile node. Such
mechanisms are all beyond the scope of this document. mechanisms are all beyond the scope of this document.
5.6. Ingress Filtering 5.6. Ingress Filtering
Many routers implement security policies such as "ingress filtering" Many routers implement security policies such as "ingress filtering"
[15] that do not allow forwarding of packets that have a Source [31] that do not allow forwarding of packets that have a Source
Address which appears topologically incorrect. In environments where Address which appears topologically incorrect. In environments where
this is a problem, mobile nodes may use reverse tunneling [27] with this is a problem, mobile nodes may use reverse tunneling [12] with
the foreign agent supplied care-of address as the Source Address. the foreign agent supplied care-of address as the Source Address.
Reverse tunneled packets will be able to pass normally through such Reverse tunneled packets will be able to pass normally through such
routers, while ingress filtering rules will still be able to locate routers, while ingress filtering rules will still be able to locate
the true topological source of the packet in the same way as packets the true topological source of the packet in the same way as packets
from non-mobile nodes. from non-mobile nodes.
5.7. Replay Protection for Registration Requests 5.7. Replay Protection for Registration Requests
The Identification field is used to let the home agent verify that a The Identification field is used to let the home agent verify that a
registration message has been freshly generated by the mobile node, registration message has been freshly generated by the mobile node,
not replayed by an attacker from some previous registration. Two not replayed by an attacker from some previous registration. Two
methods are described in this section: timestamps (mandatory) and methods are described in this section: timestamps (mandatory) and
"nonces" (optional). All mobile nodes and home agents MUST implement "nonces" (optional). All mobile nodes and home agents MUST implement
timestamp-based replay protection. These nodes MAY also implement timestamp-based replay protection. These nodes MAY also implement
nonce-based replay protection (but see Appendix A). nonce-based replay protection.
The style of replay protection in effect between a mobile node and The style of replay protection in effect between a mobile node and
its home agent is part of the mobile security association. A mobile its home agent is part of the mobile security association. A mobile
node and its home agent MUST agree on which method of replay node and its home agent MUST agree on which method of replay
protection will be used. The interpretation of the Identification protection will be used. The interpretation of the Identification
field depends on the method of replay protection as described in the field depends on the method of replay protection as described in the
subsequent subsections. subsequent subsections.
Whatever method is used, the low-order 32 bits of the Identification Whatever method is used, the low-order 32 bits of the Identification
MUST be copied unchanged from the Registration Request to the Reply. MUST be copied unchanged from the Registration Request to the Reply.
skipping to change at page 76, line 14 skipping to change at page 81, line 51
security association between the nodes, a default value of 7 seconds security association between the nodes, a default value of 7 seconds
MAY be used to limit the time difference. This value SHOULD be MAY be used to limit the time difference. This value SHOULD be
greater than 3 seconds. Obviously the two nodes must have adequately greater than 3 seconds. Obviously the two nodes must have adequately
synchronized time-of-day clocks. As with any messages, time synchronized time-of-day clocks. As with any messages, time
synchronization messages may be protected against tampering by an synchronization messages may be protected against tampering by an
authentication mechanism determined by the security context between authentication mechanism determined by the security context between
the two nodes. the two nodes.
If timestamps are used, the mobile node MUST set the Identification If timestamps are used, the mobile node MUST set the Identification
field to a 64-bit value formatted as specified by the Network Time field to a 64-bit value formatted as specified by the Network Time
Protocol [26]. The low-order 32 bits of the NTP format represent Protocol [11]. The low-order 32 bits of the NTP format represent
fractional seconds, and those bits which are not available from a fractional seconds, and those bits which are not available from a
time source SHOULD be generated from a good source of randomness. time source SHOULD be generated from a good source of randomness.
Note, however, that when using timestamps, the 64-bit Identification Note, however, that when using timestamps, the 64-bit Identification
used in a Registration Request from the mobile node MUST be greater used in a Registration Request from the mobile node MUST be greater
than that used in any previous Registration Request, as the home than that used in any previous Registration Request, as the home
agent uses this field also as a sequence number. Without such a agent uses this field also as a sequence number. Without such a
sequence number, it would be possible for a delayed duplicate of an sequence number, it would be possible for a delayed duplicate of an
earlier Registration Request to arrive at the home agent (within the earlier Registration Request to arrive at the home agent (within the
clock synchronization required by the home agent), and thus be clock synchronization required by the home agent), and thus be
applied out of order, mistakenly altering the mobile node's current applied out of order, mistakenly altering the mobile node's current
skipping to change at page 77, line 16 skipping to change at page 82, line 48
The basic principle of nonce replay protection is that node A The basic principle of nonce replay protection is that node A
includes a new random number in every message to node B, and checks includes a new random number in every message to node B, and checks
that node B returns that same number in its next message to node A. that node B returns that same number in its next message to node A.
Both messages use an authentication code to protect against Both messages use an authentication code to protect against
alteration by an attacker. At the same time node B can send its own alteration by an attacker. At the same time node B can send its own
nonces in all messages to node A (to be echoed by node A), so that it nonces in all messages to node A (to be echoed by node A), so that it
too can verify that it is receiving fresh messages. too can verify that it is receiving fresh messages.
The home agent may be expected to have resources for computing The home agent may be expected to have resources for computing
pseudo-random numbers useful as nonces [14]. It inserts a new nonce pseudo-random numbers useful as nonces [8]. It inserts a new nonce
as the high-order 32 bits of the identification field of every as the high-order 32 bits of the identification field of every
Registration Reply. The home agent copies the low-order 32 bits of Registration Reply. The home agent copies the low-order 32 bits of
the Identification from the Registration Request message into the the Identification from the Registration Request message into the
low-order 32 bits of the Identification in the Registration Reply. low-order 32 bits of the Identification in the Registration Reply.
When the mobile node receives an authenticated Registration Reply When the mobile node receives an authenticated Registration Reply
from the home agent, it saves the high-order 32 bits of the from the home agent, it saves the high-order 32 bits of the
identification for use as the high-order 32 bits of its next identification for use as the high-order 32 bits of its next
Registration Request. Registration Request.
The mobile node is responsible for generating the low-order 32 bits The mobile node is responsible for generating the low-order 32 bits
of the Identification in each Registration Request. Ideally it of the Identification in each Registration Request. Ideally it
should generate its own random nonces. However it may use any should generate its own random nonces. However it may use any
expedient method, including duplication of the random value sent by expedient method, including duplication of the random value sent by
the home agent. The method chosen is of concern only to the mobile the home agent. The method chosen is of concern only to the mobile
node, because it is the node that checks for valid values in the node, because it is the node that checks for valid values in the
Registration Reply. The high-order and low-order 32 bits of the Registration Reply. The high-order and low-order 32 bits of the
identification chosen SHOULD both differ from their previous values. identification chosen SHOULD both differ from their previous values.
The home agent uses a new high-order value and the mobile node uses a The home agent uses a new high-order value and the mobile node uses a
new low-order value for each registration message. The foreign agent new low-order value for each registration message. The foreign agent
uses the low-order value (and the mobile host's home address) to uses the low-order value (and the mobile host's home address) to
correctly match registration replies with pending Requests (Section correctly match registration replies with pending Requests
3.7.1). (Section 3.7.1).
If a registration message is rejected because of an invalid nonce, If a registration message is rejected because of an invalid nonce,
the Reply always provides the mobile node with a new nonce to be used the Reply always provides the mobile node with a new nonce to be used
in the next registration. Thus the nonce protocol is self- in the next registration. Thus the nonce protocol is self-
synchronizing. synchronizing.
6. IANA Considerations 6. IANA Considerations
Mobile IP specifies several new number spaces for values to be used Mobile IP specifies several new number spaces for values to be used
in various message fields. These number spaces include the in various message fields. These number spaces include the
following: following:
- Mobile IP message types sent to UDP port 434, as defined in o Mobile IP message types sent to UDP port 434, as defined in
section 1.8. Section 1.8.
- types of extensions to Registration Request and Registration o types of extensions to Registration Request and Registration Reply
Reply messages (see sections 3.3 and 3.4, and also consult [27, messages (see Section 3.3 and Section 3.4, and also consult
29, 6, 7, 12]) ([12],[39],[2],[3],[7]).
- values for the Code in the Registration Reply message (see o values for the Code in the Registration Reply message (see
section 3.4, and also consult [27, 29, 6, 7, 12]) Section 3.4, and also consult ([12],[39],[2],[3],[7]).
- Mobile IP defines so-called Agent Solicitation and Agent o Mobile IP defines so-called Agent Solicitation and Agent
Advertisement messages. These messages are in fact Router Advertisement messages. These messages are in fact Router
Discovery messages [10] augmented with mobile-IP specific Discovery messages [5] augmented with mobile-IP specific
extensions. Thus, they do not define a new name space, but do extensions. Thus, they do not define a new name space, but do
define additional Router Discovery extensions as described define additional Router Discovery extensions as described below
below in Section 6.2. Also see Section 2.1 and consult [7, in Section 6.2. Also see Section 2.1 and consult ([3], [7]).
12].
There are additional Mobile IP numbering spaces specified in [7]. There are additional Mobile IP numbering spaces specified in [3].
Information about assignment of mobile-ip numbers derived from Information about assignment of mobile-ip numbers derived from
specifications external to this document is given by IANA at specifications external to this document is given by IANA at
http://www.iana.org/numbers.html. From that URL, follow the http://www.iana.org/numbers.html. From that URL, follow the
hyperlinks to [M] within the "Directory of General Assigned Numbers", hyperlinks to "M" within the "Directory of General Assigned Numbers",
and subsequently to the specific section for "Mobile IP Numbers". and subsequently to the specific section for "Mobile IP Numbers".
In this revised specification, a new Code value (for the field in the
Registration Reply message) is needed within the range typically used
for Foreign Agent messages. This error code is needed to indicate
the status "Invalid Home Agent Address". See Section 3.7.2 for
details.
6.1. Mobile IP Message Types 6.1. Mobile IP Message Types
Mobile IP messages are defined to be those that are sent to a message Mobile IP messages are defined to be those that are sent to a message
recipient at port 434 (UDP or TCP). The number space for Mobile IP recipient at port 434 (UDP or TCP). The number space for Mobile IP
messages is specified in Section 1.8. Approval of new extension messages is specified in Section 1.8. Approval of new extension
numbers is subject to Expert Review, and a specification is required numbers is subject to Expert Review, and a specification is required
[30]. The currently standardized message types have the following [21]. The currently standardized message types have the following
numbers, and are specified in the indicated sections. numbers, and are specified in the indicated sections.
Type Name Section Type Name Section
---- -------------------------------------------- --------- ---- -------------------------------------------- ---------
1 Registration Request 3.3 1 Registration Request 3.3
3 Registration Reply 3.4 3 Registration Reply 3.4
6.2. Extensions to RFC 1256 Router Advertisement 6.2. Extensions to RFC 1256 Router Advertisement
RFC 1256 defines two ICMP message types, Router Advertisement and RFC 1256 defines two ICMP message types, Router Advertisement and
skipping to change at page 79, line 12 skipping to change at page 85, line 25
Mobile IP. The extension types currently standardized for use with Mobile IP. The extension types currently standardized for use with
Mobile IP have the following numbers. Mobile IP have the following numbers.
Type Name Reference Type Name Reference
---- -------------------------------------------- --------- ---- -------------------------------------------- ---------
0 One-byte Padding 2.1.3 0 One-byte Padding 2.1.3
16 Mobility Agent Advertisement 2.1.1 16 Mobility Agent Advertisement 2.1.1
19 Prefix-Lengths 2.1.2 19 Prefix-Lengths 2.1.2
Approval of new extension numbers for use with Mobile IP is subject Approval of new extension numbers for use with Mobile IP is subject
to Expert Review, and a specification is required [30]. to Expert Review, and a specification is required [21].
6.3. Extensions to Mobile IP Registration Messages 6.3. Extensions to Mobile IP Registration Messages
The Mobile IP messages, specified within this document, and listed in The Mobile IP messages, specified within this document, and listed in
sections 1.8 and 6.1, may have extensions. Mobile IP message Section 1.8 and Section 6.1, may have extensions. Mobile IP message
extensions all share the same number space, even if they are to be extensions all share the same number space, even if they are to be
applied to different Mobile IP messages. The number space for Mobile applied to different Mobile IP messages. The number space for Mobile
IP message extensions is specified within this document. Approval of IP message extensions is specified within this document. Approval of
new extension numbers is subject to Expert Review, and a new extension numbers is subject to Expert Review, and a
specification is required [30]. specification is required [21].
Type Name Reference Type Name Reference
---- -------------------------------------------- --------- ---- -------------------------------------------- ---------
0 One-byte Padding 0 One-byte Padding
32 Mobile-Home Authentication 3.5.2 32 Mobile-Home Authentication 3.5.2
33 Mobile-Foreign Authentication 3.5.3 33 Mobile-Foreign Authentication 3.5.3
34 Foreign-Home Authentication 3.5.4 34 Foreign-Home Authentication 3.5.4
6.4. Code Values for Mobile IP Registration Reply Messages 6.4. Code Values for Mobile IP Registration Reply Messages
The Mobile IP Registration Reply message, specified in section 3.4, The Mobile IP Registration Reply message, specified in Section 3.4,
has a Code field. The number space for the Code field values is also has a Code field. The number space for the Code field values is also
specified in Section 3.4. The Code number space is structured specified in Section 3.4. The Code number space is structured
according to whether the registration was successful, or whether the according to whether the registration was successful, or whether the
foreign agent denied the registration request, or lastly whether the foreign agent denied the registration request, or lastly whether the
home agent denied the registration request, as follows: home agent denied the registration request, as follows:
0-8 Success Codes 0-8 Success Codes
9-63 No allocation guidelines currently exist 9-63 No allocation guidelines currently exist
64-127 Error Codes from the Foreign Agent 64-127 Error Codes from the Foreign Agent
128-192 Error Codes from the Home Agent 128-192 Error Codes from the Home Agent
193-255 No allocation guidelines currently exist 193-255 No allocation guidelines currently exist
Approval of new Code values requires Expert Review [30]. Approval of new Code values requires Expert Review [21].
7. Acknowledgments 7. Acknowledgments
Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp
and John Ioannidis (JI) (Columbia University), for forming the and John Ioannidis (JI) (Columbia University), for forming the
working group, chairing it, and putting so much effort into its early working group, chairing it, and putting so much effort into its early
development. Columbia's early Mobile IP work can be found in [18, development. Columbia's early Mobile IP work can be found in
19, 17]. [33],[34],[35].
Thanks also to Kannan Alaggapan, Greg Minshall, Tony Li, Jim Solomon, Thanks also to Kannan Alaggapan, Greg Minshall, Tony Li, Jim Solomon,
Erik Nordmark, Basavaraj Patil, and Phil Roberts for their Erik Nordmark, Basavaraj Patil, and Phil Roberts for their
contributions to the group while performing the duties of contributions to the group while performing the duties of
chairperson, as well as for their many useful comments. chairperson, as well as for their many useful comments.
Thanks to the active members of the Mobile IP Working Group, Thanks to the active members of the Mobile IP Working Group,
particularly those who contributed text, including (in alphabetical particularly those who contributed text, including (in alphabetical
order) order)
- Ran Atkinson (Naval Research Lab), Ran Atkinson (Naval Research Lab),
- Samita Chakrabarti (Sun Microsystems) Samita Chakrabarti (Sun Microsystems)
- Ken Imboden (Candlestick Networks, Inc.) Ken Imboden (Candlestick Networks, Inc.)
- Dave Johnson (Carnegie Mellon University), Dave Johnson (Carnegie Mellon University),
- Frank Kastenholz (FTP Software), Frank Kastenholz (FTP Software),
- Anders Klemets (KTH), Anders Klemets (KTH),
- Chip Maguire (KTH), Chip Maguire (KTH),
- Alison Mankin (ISI) Alison Mankin (ISI)
- Andrew Myles (Macquarie University), Andrew Myles (Macquarie University),
- Thomas Narten (IBM) Thomas Narten (IBM),
- Al Quirt (Bell Northern Research), Al Quirt (Bell Northern Research),
- Yakov Rekhter (IBM), and Yakov Rekhter (IBM),
- Fumio Teraoka (Sony). Fumio Teraoka (Sony), and
- Alper Yegin (NTT DoCoMo) Alper Yegin (NTT DoCoMo)
Thanks to Charlie Kunzinger and to Bill Simpson, the editors who Thanks to Charlie Kunzinger and to Bill Simpson, the editors who
produced the first drafts for of this document, reflecting the produced the first drafts for of this document, reflecting the
discussions of the Working Group. Much of the new text in the later discussions of the Working Group. Much of the new text in the later
revisions preceding RFC 2002 is due to Jim Solomon and Dave Johnson. revisions preceding RFC 2002 is due to Jim Solomon and Dave Johnson.
Thanks to Greg Minshall (Novell), Phil Karn (Qualcomm), Frank Thanks to Greg Minshall (Novell), Phil Karn (Qualcomm), Frank
Kastenholz (FTP Software), and Pat Calhoun (Sun Microsystems) for Kastenholz (FTP Software), and Pat Calhoun (Sun Microsystems) for
their generous support in hosting interim Working Group meetings. their generous support in hosting interim Working Group meetings.
Sections 1.10 and 1.11, which specify new extension formats to be Section 1.10 and Section 1.11, which specify new extension formats to
used with aggregatable extension types, were included from a be used with aggregatable extension types, were included from a
specification document (entitled "Mobile IP Extensions specification document (entitled "Mobile IP Extensions
Rationalization (MIER)", which was written by Rationalization (MIER)", which was written by
- Mohamed M.Khalil, Nortel Networks Mohamed M.Khalil, Nortel Networks
- Raja Narayanan, nVisible Networks Raja Narayanan, nVisible Networks
- Haseeb Akhtar, Nortel Networks Haseeb Akhtar, Nortel Networks
- Emad Qaddoura, Nortel Networks Emad Qaddoura, Nortel Networks
Thanks to these authors, and also for the additional work on Thanks to these authors, and also for the additional work on MIER,
MIER, which was contributed by Basavaraj Patil, Pat Calhoun, Neil which was contributed by Basavaraj Patil, Pat Calhoun, Neil
Justusson, N. Asokan, and Jouni Malinen. Justusson, N. Asokan, and Jouni Malinen.
A. Patent Issues Thanks to Vijay Devarapalli, who put in many hours to convert the
source for this text document into XML format.
The IETF has been notified of intellectual property rights claimed 8. References
in regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
The IETF takes no position regarding the validity or scope of any 8.1. Normative References
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on
the IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances
of licenses to be made available, or the result of an attempt
made to obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any [1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
copyrights, patents or patent applications, or other proprietary Levels", BCP 14, RFC 2119, March 1997.
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
B. Link-Layer Considerations [2] Calhoun, P. and C. Perkins, "Mobile IP Network Access
Identifier Extension for IPv4", RFC 2794, March 2000.
[3] Perkins, C., Calhoun, P., and J. Bharatia, "Mobile IPv4
Challenge/Response Extensions (Revised)", RFC 4721,
January 2007.
[4] Cong, D., Hamlen, M., and C. Perkins, "The Definitions of
Managed Objects for IP Mobility Support using SMIv2", RFC 2006,
October 1996.
[5] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.
[6] Deering, S., "Host extensions for IP multicasting", STD 5,
RFC 1112, August 1989.
[7] Dommety, G. and K. Leung, "Mobile IP Vendor/
Organization-Specific Extensions", RFC 3115, April 2001.
[8] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
Requirements for Security", BCP 106, RFC 4086, June 2005.
[9] Kent, S., "IP Authentication Header", RFC 4302, December 2005.
[10] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[11] Mills, D., "Network Time Protocol (Version 3) Specification,
Implementation", RFC 1305, March 1992.
[12] Montenegro, G., "Reverse Tunneling for Mobile IP, revised",
RFC 3024, January 2001.
[13] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina,
"Generic Routing Encapsulation (GRE)", RFC 2784, March 2000.
[14] Perkins, C., "IP Encapsulation within IP", RFC 2003,
October 1996.
[15] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
October 1996.
[16] Plummer, D., "Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet
address for transmission on Ethernet hardware", STD 37,
RFC 826, November 1982.
[17] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
August 1980.
[18] Postel, J., "Internet Protocol", STD 5, RFC 791,
September 1981.
[19] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
April 1992.
[20] Solomon, J., "Applicability Statement for IP Mobility Support",
RFC 2005, October 1996.
[21] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.
8.2. Informative References
[22] Solomon, J. and S. Glass, "Mobile-IPv4 Configuration Option for
PPP IPCP", RFC 2290, February 1998.
[23] Montenegro, G., Dawkins, S., Kojo, M., Magret, V., and N.
Vaidya, "Long Thin Networks", RFC 2757, January 2000.
[24] Allman, M., Glover, D., and L. Sanchez, "Enhancing TCP Over
Satellite Channels using Standard Mechanisms", BCP 28,
RFC 2488, January 1999.
[25] Paxson, V. and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000.
[26] Bellovin, S., "Security Problems in the TCP/IP Protocol Suite",
ACM Computer Communications Review, 19(2), March 1989.
[27] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z.
Shelby, "Performance Enhancing Proxies Intended to Mitigate
Link-Related Degradations", RFC 3135, June 2001.
[28] Caceres, R. and L. Iftode, "Improving the Performance of
Reliable Transport Protocols in Mobile Computing Environments",
IEEE Journal on Selected Areas in Communication, 13(5):850--
857, June 1995.
[29] Dawkins, S., Montenegro, G., Kojo, M., Magret, V., and N.
Vaidya, "End-to-end Performance Implications of Links with
Errors", BCP 50, RFC 3155, August 2001.
[30] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997.
[31] Ferguson, P. and D. Senie, "Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP Source
Address Spoofing", BCP 38, RFC 2827, May 2000.
[32] Jacobson, V., "Compressing TCP/IP headers for low-speed serial
links", RFC 1144, February 1990.
[33] Ioannidis, J., Duchamp, D., and G. Maguire, "IP-Based Protocols
for Mobile Interworking", In Proceedings of the SIGCOMM '01
Conference: Communications Architectures and Protocols, Pages
235--245, September 1991.
[34] Ioannidis, J. and G. Maguire, "The Design and Implementation of
a Mobile Internetworking Architecture", In Proceedings of the
Winter USENIX Technical Conference, Pages 489--500,
January 1993.
[35] Ioannidis, J., "Protocols for Mobile Interworking", PhD
Dissertation - Columbia University in the City of New York ,
July 1993.
[36] Jacobson, V., "Congestion Avoidance and Control", In
Proceedings of the SIGCOMM '88 Workshop, ACM SIGCOMM, ACM
Press, Pages 314--329, August 1998.
[37] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB",
RFC 2863, June 2000.
[38] McGregor, G., "The PPP Internet Protocol Control Protocol
(IPCP)", RFC 1332, May 1992.
[39] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for
Mobile IP", RFC 2356, June 1998.
[40] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[41] Perkins, C., "IP Mobility Support for IPv4", RFC 3344,
August 2002.
[42] Stevens, R., "TCP/IP Illustrated, Volume 1: The Protocols",
Addison-Wesley, Reading, Massachussets, 1994.
[43] Perkins, C. and P. Calhoun, "Authentication, Authorization, and
Accounting (AAA) Registration Keys for Mobile IPv4", RFC 3957,
March 2005.
[44] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51,
RFC 1661, July 1994.
[45] IANA Assigned Numbers Online Database, "Mobile IPv4 Numbers",
http://www.iana.org/assignments/mobileip-numbers .
[46] Postel, J., "Multi-LAN address resolution", RFC 925,
October 1984.
Appendix A. Pre-RFC5378 Disclaimer
"This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English."
Appendix B. Link-Layer Considerations
The mobile node MAY use link-layer mechanisms to decide that its The mobile node MAY use link-layer mechanisms to decide that its
point of attachment has changed. Such indications include the point of attachment has changed. Such indications include the Down/
Down/Testing/Up interface status [24], and changes in cell or Testing/Up interface status [37], and changes in cell or
administration. The mechanisms will be specific to the particular administration. The mechanisms will be specific to the particular
link-layer technology, and are outside the scope of this document. link-layer technology, and are outside the scope of this document.
The Point-to-Point-Protocol (PPP) [42] and its Internet Protocol The Point-to-Point-Protocol (PPP) [44] and its Internet Protocol
Control Protocol (IPCP) [25], negotiates the use of IP addresses. Control Protocol (IPCP) [38], negotiates the use of IP addresses.
The mobile node SHOULD first attempt to specify its home address,
so that if the mobile node is attaching to its home network, the The mobile node SHOULD first attempt to specify its home address, so
unrouted link will function correctly. When the home address is that if the mobile node is attaching to its home network, the
not accepted by the peer, but a transient IP address is dynamically unrouted link will function correctly. When the home address is not
accepted by the peer, but a transient IP address is dynamically
assigned to the mobile node, and the mobile node is capable of assigned to the mobile node, and the mobile node is capable of
supporting a co-located care-of address, the mobile node MAY supporting a co-located care-of address, the mobile node MAY register
register that address as a co-located care-of address. When the peer that address as a co-located care-of address. When the peer
specifies its own IP address, that address MUST NOT be assumed to be specifies its own IP address, that address MUST NOT be assumed to be
a foreign agent care-of address or the IP address of a home agent. a foreign agent care-of address or the IP address of a home agent.
PPP extensions for Mobile IP have been specified in RFC 2290 [22].
PPP extensions for Mobile IP have been specified in RFC 2290 [44].
Please consult that document for additional details for how to handle Please consult that document for additional details for how to handle
care-of address assignment from PPP in a more efficient manner. care-of address assignment from PPP in a more efficient manner.
C. TCP Considerations Appendix C. TCP Considerations
C.1. TCP Timers C.1. TCP Timers
When high-delay (e.g. SATCOM) or low-bandwidth (e.g. High-Frequency When high-delay (e.g. SATCOM) or low-bandwidth (e.g. High-Frequency
Radio) links are in use, some TCP stacks may have insufficiently Radio) links are in use, some TCP stacks may have insufficiently
adaptive (non-standard) retransmission timeouts. There may be adaptive (non-standard) retransmission timeouts. There may be
spurious retransmission timeouts, even when the link and network spurious retransmission timeouts, even when the link and network are
are actually operating properly, but just with a high delay because actually operating properly, but just with a high delay because of
of the medium in use. This can cause an inability to create or the medium in use. This can cause an inability to create or maintain
maintain TCP connections over such links, and can also cause unneeded TCP connections over such links, and can also cause unneeded
retransmissions which consume already scarce bandwidth. Vendors retransmissions which consume already scarce bandwidth. Vendors are
are encouraged to follow the algorithms in RFC 2988 [31] when encouraged to follow the algorithms in RFC 2988 [25] when
implementing TCP retransmission timers. Vendors of systems designed implementing TCP retransmission timers. Vendors of systems designed
for low-bandwidth, high-delay links should consult RFCs 2757 and for low-bandwidth, high-delay links should consult RFCs 2757 and 2488
2488 [28, 1]. Designers of applications targeted to operate on [23], [24]. Designers of applications targeted to operate on mobile
mobile nodes should be sensitive to the possibility of timer-related nodes should be sensitive to the possibility of timer-related
difficulties. difficulties.
C.2. TCP Congestion Management C.2. TCP Congestion Management
Mobile nodes often use media which are more likely to introduce Mobile nodes often use media which are more likely to introduce
errors, effectively causing more packets to be dropped. This errors, effectively causing more packets to be dropped. This
introduces a conflict with the mechanisms for congestion management introduces a conflict with the mechanisms for congestion management
found in modern versions of TCP [21]. Now, when a packet is dropped, found in modern versions of TCP [36]. Now, when a packet is dropped,
the correspondent node's TCP implementation is likely to react as the correspondent node's TCP implementation is likely to react as if
if there were a source of network congestion, and initiate the there were a source of network congestion, and initiate the slow-
slow-start mechanisms [21] designed for controlling that problem. start mechanisms [36] designed for controlling that problem.
However, those mechanisms are inappropriate for overcoming errors However, those mechanisms are inappropriate for overcoming errors
introduced by the links themselves, and have the effect of magnifying introduced by the links themselves, and have the effect of magnifying
the discontinuity introduced by the dropped packet. This problem has the discontinuity introduced by the dropped packet. This problem has
been analyzed by Caceres, et al. [5]. TCP approaches to the problem been analyzed by Caceres, et al. [28]. TCP approaches to the problem
of handling errors that might interfere with congestion management of handling errors that might interfere with congestion management
are discussed in documents from the [pilc] working group [3, 9]. are discussed in documents from the [pilc] working group [27] [29].
While such approaches are beyond the scope of this document, While such approaches are beyond the scope of this document, they
they illustrate that providing performance transparency to mobile illustrate that providing performance transparency to mobile nodes
nodes involves understanding mechanisms outside the network layer. involves understanding mechanisms outside the network layer.
Problems introduced by higher media error rates also indicate the Problems introduced by higher media error rates also indicate the
need to avoid designs which systematically drop packets; such designs need to avoid designs which systematically drop packets; such designs
might otherwise be considered favorably when making engineering might otherwise be considered favorably when making engineering
tradeoffs. tradeoffs.
D. Example Scenarios Appendix D. Example Scenarios
This section shows example Registration Requests for several common This section shows example Registration Requests for several common
scenarios. scenarios.
D.1. Registering with a Foreign Agent Care-of Address D.1. Registering with a Foreign Agent Care-of Address
The mobile node receives an Agent Advertisement from a foreign The mobile node receives an Agent Advertisement from a foreign agent
agent and wishes to register with that agent using the advertised and wishes to register with that agent using the advertised foreign
foreign agent care-of address. The mobile node wishes only agent care-of address. The mobile node wishes only IP-in-IP
IP-in-IP encapsulation, does not want broadcasts, and does not want encapsulation, does not want broadcasts, and does not want
simultaneous mobility bindings: simultaneous mobility bindings:
IP fields: IP fields:
Source Address = mobile node's home address Source Address = mobile node's home address
Destination Address = copied from the IP source address of the Destination Address = copied from the IP source address of the
Agent Advertisement Agent Advertisement
Time to Live = 1 Time to Live = 1
UDP fields: UDP fields:
Source Port = <any> Source Port = <any>
Destination Port = 434 Destination Port = 434
skipping to change at page 84, line 39 skipping to change at page 96, line 39
Lifetime = the Registration Lifetime copied from the Lifetime = the Registration Lifetime copied from the
Mobility Agent Advertisement Extension of the Mobility Agent Advertisement Extension of the
Router Advertisement message Router Advertisement message
Home Address = the mobile node's home address Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent Home Agent = IP address of mobile node's home agent
Care-of Address = the Care-of Address copied from the Care-of Address = the Care-of Address copied from the
Mobility Agent Advertisement Extension of the Mobility Agent Advertisement Extension of the
Router Advertisement message Router Advertisement message
Identification = Network Time Protocol timestamp or Nonce Identification = Network Time Protocol timestamp or Nonce
Extensions: Extensions:
An authorization-enabling extension (e.g., the An authorization-enabling extension (e.g., the Mobile-Home
Mobile-Home Authentication Extension) Authentication Extension)
D.2. Registering with a Co-Located Care-of Address D.2. Registering with a Co-Located Care-of Address
The mobile node enters a foreign network that contains no foreign The mobile node enters a foreign network that contains no foreign
agents. The mobile node obtains an address from a DHCP server [13] agents. The mobile node obtains an address from a DHCP server [30]
for use as a co-located care-of address. The mobile node supports for use as a co-located care-of address. The mobile node supports
all forms of encapsulation (IP-in-IP, minimal encapsulation, and all forms of encapsulation (IP-in-IP, minimal encapsulation, and
GRE), desires a copy of broadcast datagrams on the home network, and GRE), desires a copy of broadcast datagrams on the home network, and
does not want simultaneous mobility bindings: does not want simultaneous mobility bindings:
IP fields: IP fields:
Source Address = care-of address obtained from DHCP server Source Address = care-of address obtained from DHCP server
Destination Address = IP address of home agent Destination Address = IP address of home agent
Time to Live = 64 Time to Live = 64
UDP fields: UDP fields:
skipping to change at page 85, line 43 skipping to change at page 97, line 43
Source Port = <any> Source Port = <any>
Destination Port = 434 Destination Port = 434
Registration Request fields: Registration Request fields:
Type = 1 Type = 1
S=0,B=0,D=0,M=0,G=0 S=0,B=0,D=0,M=0,G=0
Lifetime = 0 Lifetime = 0
Home Address = the mobile node's home address Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent Home Agent = IP address of mobile node's home agent
Care-of Address = the mobile node's home address Care-of Address = the mobile node's home address
Identification = Network Time Protocol timestamp or Nonce Identification = Network Time Protocol timestamp or Nonce
Extensions: Extensions:
An authorization-enabling extension (e.g., the An authorization-enabling extension (e.g., the Mobile-Home
Mobile-Home Authentication Extension) Authentication Extension)
E. Applicability of Prefix-Lengths Extension Appendix E. Applicability of Prefix-Lengths Extension
Caution is indicated with the use of the Prefix-Lengths Extension Caution is indicated with the use of the Prefix-Lengths Extension
over wireless links, due to the irregular coverage areas provided by over wireless links, due to the irregular coverage areas provided by
wireless transmitters. As a result, it is possible that two foreign wireless transmitters. As a result, it is possible that two foreign
agents advertising the same prefix might indeed provide different agents advertising the same prefix might indeed provide different
connectivity to prospective mobile nodes. The Prefix-Lengths connectivity to prospective mobile nodes. The Prefix-Lengths
Extension SHOULD NOT be included in the advertisements sent by agents Extension SHOULD NOT be included in the advertisements sent by agents
in such a configuration. in such a configuration.
Foreign agents using different wireless interfaces would have to Foreign agents using different wireless interfaces would have to
skipping to change at page 86, line 32 skipping to change at page 99, line 5
recorded advertisement. And, finally, in areas with dense recorded advertisement. And, finally, in areas with dense
populations of foreign agents it would seem unwise to require the populations of foreign agents it would seem unwise to require the
propagation via routing protocols of the subnet prefixes associated propagation via routing protocols of the subnet prefixes associated
with each individual wireless foreign agent; such a strategy could with each individual wireless foreign agent; such a strategy could
lead to quick depletion of available space for routing tables, lead to quick depletion of available space for routing tables,
unwarranted increases in the time required for processing routing unwarranted increases in the time required for processing routing
updates, and longer decision times for route selection if routes updates, and longer decision times for route selection if routes
(which are almost always unnecessary) are stored for wireless (which are almost always unnecessary) are stored for wireless
"subnets". "subnets".
F. Interoperability Considerations Appendix F. Interoperability Considerations
This document specifies revisions to RFC 2002 that are intended to This document specifies revisions to RFC 2002 that are intended to
improve interoperability by resolving ambiguities contained in the improve interoperability by resolving ambiguities contained in the
earlier text. Implementations that perform authentication according earlier text. Implementations that perform authentication according
to the new more precisely specified algorithm would be interoperable to the new more precisely specified algorithm would be interoperable
with earlier implementations that did what was originally expected with earlier implementations that did what was originally expected
for producing authentication data. That was a major source of non- for producing authentication data. That was a major source of non-
interoperability before. interoperability before.
However, this specification does have new features that, if used, However, this specification does have new features that, if used,
would cause interoperability problems with older implementations. would cause interoperability problems with older implementations.
All features specified in RFC 2002 will work with the new All features specified in RFC 2002 will work with the new
implementations, except for V-J compression [20]. The following list implementations, except for V-J compression [32]. The following list
details some of the possible areas of compatibility problems that may details some of the possible areas of compatibility problems that may
be experienced by nodes conforming to this revised specification, be experienced by nodes conforming to this revised specification,
when attempting to interoperate with nodes obeying RFC 2002. when attempting to interoperate with nodes obeying RFC 2002.
- A client that expects some of the newly mandatory features o A client that expects some of the newly mandatory features (like
(like reverse tunneling) from a foreign agent would still be reverse tunneling) from a foreign agent would still be
interoperable as long as it pays attention to the `T' bit. interoperable as long as it pays attention to the `T' bit.
- Mobile nodes that use the NAI extension to identify themselves o Mobile nodes that use the NAI extension to identify themselves
would not work with old mobility agents. would not work with old mobility agents.
- Mobile nodes that use a zero home address and expect to receive o Mobile nodes that use a zero home address and expect to receive
their home address in the Registration Reply would not work their home address in the Registration Reply would not work with
with old mobility agents. old mobility agents.
- Mobile nodes that attempt to authenticate themselves without o Mobile nodes that attempt to authenticate themselves without using
using the Mobile-Home authentication extension will be unable the Mobile-Home authentication extension will be unable to
to successful register with their home agent. successful register with their home agent.
In all of these cases, a robust and well-configured mobile node is In all of these cases, a robust and well-configured mobile node is
very likely to be able to recover if it takes reasonable actions upon very likely to be able to recover if it takes reasonable actions upon
receipt of a Registration Reply with an error code indicating the receipt of a Registration Reply with an error code indicating the
cause for rejection. For instance, if a mobile node sends a cause for rejection. For instance, if a mobile node sends a
registration request that is rejected because it contains the wrong registration request that is rejected because it contains the wrong
kind of authentication extension, then the mobile node could retry kind of authentication extension, then the mobile node could retry
the registration with a mobile-home authentication extension, since the registration with a mobile-home authentication extension, since
the foreign agent and/or home agent in this case will not be the foreign agent and/or home agent in this case will not be
configured to demand the alternative authentication data. configured to demand the alternative authentication data.
G. Changes since RFC 2002 Appendix G. Changes since RFC 2002
This section details differences between the original Mobile IP base G.1. Recent Changes
specification (RFC 2002 and ff.) that have been made as part of this
revised protocol specification for Mobile IP.
G.1. Major Changes The following changes have been made since RFC 3344 was published.
For items marked with issue numbers, more information is available by
consulting the MIP4 issues web page,
http://www.mip4.org/issues/tracker/mip4/
- Specification for Destination IP address of Registration Reply o (Issue 6) The behavior of the home agent was changed to avoid
transmitted from Foreign Agent, to avoid any possible mandating error replies to Registration Requests that were
transmission to IP address 0.0.0.0. invalidated because the foreign agent failed authentication. The
intention is to make the home agent more robust against Denial of
Service attacks in which the malicious device has no intention of
providing a valid registration request but only wants to congest
traffic on the home network. See section Section 3.8.2.1.
- Specification of two new formats for Mobile IP extensions, o Due to non-unique assignment of IPv4 addresses in many domains, it
is possible for different mobile nodes to have the same home
address. If they use the NAI, the foreign agent can still
distinguish them. Language was added to Section 3.7.1 and
Section 3.7.3.1 to specify that the foreign agent MUST use the NAI
to distinguish mobile nodes with the same home address.
o (Issue 45) Specified that a foreign agent MUST NOT apply a
Foreign-Home Authentication extension to a mobile node's
deregistration request. Also, the foreign agent MUST NOT apply a
Foreign-Home Authentication extension unless Care-of Address in
the Registration Request matches an address advertised by the
foreign agent.
o Specified that the mobility security association to be used by the
Foreign Agent and Home Agent depends upon values contained in the
message data, not the IP headers.
o (Issues 9, 18) Created a new error code for use by the foreign
agent, for the case when the foreign agent does not serve the
mobile node as a home agent. Formerly, the foreign agent could
use error code 136 for this case.
o (Issue 17) Specified that, if the Home Agent cannot support the
requested nonzero unicast address in the Home Address field of the
Registration Request, then the it MUST reject the registration
with an error code of 129. See section Section 3.8.3.2.
o (Issue 19) Specified that multiple authorization-enabling
extensions may be present in the Registration Request message, but
that the home agent has to (somehow) ensure that all have been
checked (see section Section 3.8.3.1).
o (Issue 20) Specified that the foreign agent SHOULD NOT modify any
of the fields of the Registration Reply message that are covered
by the Mobile-Home Authentication Extension, when it relays the
packet to the mobile node.
o (Issue 21) Clarified that the foreign agent removes extensions
that do not precede any authorization-enabling extension, not just
the Mobile-Home Authentication extension (section 3.7.3.2).
o (Issue 44) Specified that the address advertised by the foreign
agent in Agent Advertisements is the care-of address offered on
that network interface, not necessarily the address of the network
interface (section 3.7.2.2).
o (Issue 45) Clarification in section 3.7.2.1 that code 77 can only
apply to a Registration Request with nonzero lifetime.
G.2. Major Changes
o Specification for Destination IP address of Registration Reply
transmitted from Foreign Agent, to avoid any possible transmission
to IP address 0.0.0.0.
o Specification of two new formats for Mobile IP extensions,
according to the ideas contained in MIER. according to the ideas contained in MIER.
- Specification that the SPI of the MN-HA authentication o Specification that the SPI of the MN-HA authentication extension
extension is to be used as part of the data over which the is to be used as part of the data over which the authentication
authentication algorithm must be computed. algorithm must be computed.
- Eliminated Van-Jacobson Compression feature o Eliminated Van-Jacobson Compression feature
- Specification that foreign agents MAY send advertisements at a o Specification that foreign agents MAY send advertisements at a
rate faster than once per second, but chosen so that the rate faster than once per second, but chosen so that the
advertisements do not burden the capacity of the local link. advertisements do not burden the capacity of the local link. For
For simplicity, the foreign agent now MAY send advertisements simplicity, the foreign agent now MAY send advertisements at an
at an interval less than 1/3 the advertised ICMP Lifetime. interval less than 1/3 the advertised ICMP Lifetime.
- Specification that foreign agents SHOULD support reverse o Specification that foreign agents SHOULD support reverse
tunneling, and home agents MUST support decapsulation of tunneling, and home agents MUST support decapsulation of reverse
reverse tunnels. tunnels.
- Changed the preconfiguration requirements in section 3.6 for o Changed the preconfiguration requirements in section 3.6 for the
the mobile node to reflect the capability, specified in RFC mobile node to reflect the capability, specified in RFC 2794 [2],
2794 [6], for the mobile node to identify itself by using its for the mobile node to identify itself by using its NAI, and then
NAI, and then getting a home address from the Registration getting a home address from the Registration Reply.
Reply.
- Changed section 3.7.3.1 so that a foreign agent is not required o Changed section 3.7.3.1 so that a foreign agent is not required to
to discard Registration Replies that have a Home Address field discard Registration Replies that have a Home Address field that
that does not match any pending Registration Request. does not match any pending Registration Request.
- Allowed registrations to be authenticated by use of a security o Allowed registrations to be authenticated by use of a security
association between the mobile node and a suitable association between the mobile node and a suitable authentication
authentication entity acceptable to the home agent. Defined entity acceptable to the home agent. Defined "Authorization-
"Authorization-enabling Extension" to be an authentication enabling Extension" to be an authentication extension that makes a
extension that makes a registration message acceptable to the registration message acceptable to the recipient. This is needed
recipient. This is needed according to specification in [6]. according to specification in [2].
- Mandated that HMAC-MD5 be used instead of the "prefix+suffix" o Mandated that HMAC-MD5 be used instead of the "prefix+suffix" mode
mode of MD5 as originally mandated in RFC 2002. of MD5 as originally mandated in RFC 2002.
- Specified that the mobile node SHOULD take the first care-of o Specified that the mobile node SHOULD take the first care-of
address in a list offered by a foreign agent, and MAY try each address in a list offered by a foreign agent, and MAY try each
subsequent advertised address in turn if the attempted subsequent advertised address in turn if the attempted
registrations are rejected by the foreign agent registrations are rejected by the foreign agent
- Clarification that a mobility agent SHOULD only put its own o Clarification that a mobility agent SHOULD only put its own
addresses into the initial (i.e., not mobility-related) list of addresses into the initial (i.e., not mobility-related) list of
routers in the mobility advertisement. RFC 2002 suggests that routers in the mobility advertisement. RFC 2002 suggests that a
a mobility agent might advertise other default routers. mobility agent might advertise other default routers.
- Specification that a mobile node MUST ignore reserved bits in o Specification that a mobile node MUST ignore reserved bits in
Agent Advertisements, as opposed to discarding such Agent Advertisements, as opposed to discarding such
advertisements. In this way, new bits can be defined later, advertisements. In this way, new bits can be defined later,
without affecting the ability for mobile nodes to use the without affecting the ability for mobile nodes to use the
advertisements even when the newly defined bits are not advertisements even when the newly defined bits are not
understood. Furthermore, foreign agents can set the `R' bit to understood. Furthermore, foreign agents can set the `R' bit to
make sure that new bits are handled by themselves instead of make sure that new bits are handled by themselves instead of some
some legacy mobility agent. legacy mobility agent.
- Specification that the foreign agent checks to make sure that o Specification that the foreign agent checks to make sure that the
the indicated home agent address does not belong to any of its indicated home agent address does not belong to any of its network
network interfaces before relaying a Registration Request. If interfaces before relaying a Registration Request. If the check
the check fails, and the foreign agent is not the mobile node's fails, and the foreign agent is not the mobile node's home agent,
home agent, then the foreign agent rejects the request with then the foreign agent rejects the request with code 136 (unknown
code 136 (unknown home agent address). home agent address).
- Specification that, while they are away from the home network, o Specification that, while they are away from the home network,
mobile nodes MUST NOT broadcast ARP packets to find the MAC mobile nodes MUST NOT broadcast ARP packets to find the MAC
address of another Internet node. Thus, the (possibly empty) address of another Internet node. Thus, the (possibly empty) list
list of Router Addresses from the ICMP Router Advertisement of Router Addresses from the ICMP Router Advertisement portion of
portion of the message is not useful for selecting a default the message is not useful for selecting a default router, unless
router, unless the mobile node has some means not involving the mobile node has some means not involving broadcast ARP and not
broadcast ARP and not specified within this document for specified within this document for obtaining the MAC address of
obtaining the MAC address of one of the routers in the list. one of the routers in the list. Similarly, in the absence of
Similarly, in the absence of unspecified mechanisms for unspecified mechanisms for obtaining MAC addresses on foreign
obtaining MAC addresses on foreign networks, the mobile node networks, the mobile node MUST ignore redirects to other routers
MUST ignore redirects to other routers on foreign networks. on foreign networks.
- Specification that a foreign agent MUST NOT use broadcast ARP
for a mobile node's MAC address on a foreign network. It may
obtain the MAC address by copying the information from an Agent
Solicitation or a Registration Request transmitted from a
mobile node.
- Specification that a foreign agent's ARP cache for the mobile o Specification that a foreign agent MUST NOT use broadcast ARP for
node's IP address MUST NOT be allowed to expire before the a mobile node's MAC address on a foreign network. It may obtain
mobile node's visitor list entry expires, unless the foreign the MAC address by copying the information from an Agent
agent has some way other than broadcast ARP to refresh its MAC Solicitation or a Registration Request transmitted from a mobile
address associated to the mobile node's IP address. node.
- At the end of section 4.6, clarified that a home agent MUST NOT o Specification that a foreign agent's ARP cache for the mobile
make any changes to the way it performs proxy ARP after it node's IP address MUST NOT be allowed to expire before the mobile
rejects an invalid deregistration request. node's visitor list entry expires, unless the foreign agent has
some way other than broadcast ARP to refresh its MAC address
associated to the mobile node's IP address.
- In section 4.2.3, specification that multihomed home agents o At the end of section 4.6, clarified that a home agent MUST NOT
MUST use the the address sent to the mobile node in the home make any changes to the way it performs proxy ARP after it rejects
agent field of the registration reply as the source address in an invalid deregistration request.
the outer IP header of the encapsulated datagram.
- Inserted 'T' bit into its proper place in the Registration o In section 4.2.3, specification that multihomed home agents MUST
Request message format (section 3.3). use the the address sent to the mobile node in the home agent
field of the registration reply as the source address in the outer
IP header of the encapsulated datagram.
G.2. Minor Changes o Inserted 'T' bit into its proper place in the Registration Request
message format (section 3.3).
- Allowed registration replies to be processed by the mobile G.3. Minor Changes
node, even in the absence of any Mobile-Home Authentication
extension, when containing rejection code by the foreign agent.
- Specification that the foreign agent MAY configure a maximum o Allowed registration replies to be processed by the mobile node,
even in the absence of any Mobile-Home Authentication extension,
when containing rejection code by the foreign agent.
o Specification that the foreign agent MAY configure a maximum
number of pending registrations that it is willing to maintain number of pending registrations that it is willing to maintain
(typically 5). Additional registrations SHOULD then be (typically 5). Additional registrations SHOULD then be rejected
rejected by the foreign agent with code 66. The foreign agent by the foreign agent with code 66. The foreign agent MAY delete
MAY delete any pending Registration Request after the request any pending Registration Request after the request has been
has been pending for more than 7 seconds; in this case, the pending for more than 7 seconds; in this case, the foreign agent
foreign agent SHOULD reject the Request with code 78 SHOULD reject the Request with code 78 (registration timeout).
(registration timeout). o Relaxation of the requirement that, when a mobile node has joined
a multicast group at the router on the foreign network, the mobile
- Relaxation of the requirement that, when a mobile node has node MUST use its home address as the source IP address for
joined a multicast group at the router on the foreign network, multicast packets.
the mobile node MUST use its home address as the source IP o Clarification that a mobility agent MAY use different settings for
address for multicast packets, each of the 'R', 'H', and 'F' bits on different network
- Clarification that a mobility agent MAY use different settings
for each of the 'R', 'H', and 'F' bits on different network
interfaces. interfaces.
- Replacement of the terminology "recursive tunneling" by the o Replacement of the terminology "recursive tunneling" by the
terminology "nested tunneling". terminology "nested tunneling".
o Specification that the mobile node MAY use the IP source address
- Specification that the mobile node MAY use the IP source of an agent advertisement as its default router address.
address of an agent advertisement as its default router o Clarification that keys with arbitrary binary values MUST be
address.
- Clarification that keys with arbitrary binary values MUST be
supported as part of mobility security associations. supported as part of mobility security associations.
o Specification that the default value may be chosen as 7 seconds,
- Specification that the default value may be chosen as 7 for allowable time skews between a home agent and mobile node
seconds, for allowable time skews between a home agent and using timestamps for replay protection. Further specification
mobile node using timestamps for replay protection. Further that this value SHOULD be greater than 3 seconds.
specification that this value SHOULD be greater than 3 seconds. o Specification that Registration Requests with the 'D' bit set to
0, and specifying a care-of address not offered by the foreign
- Specification that Registration Requests with the 'D' bit set agent, MUST be rejected with code 77 (invalid care-of address).
to 0, and specifying a care-of address not offered by the o Clarification that the foreign agent SHOULD consider its own
foreign agent, MUST be rejected with code 77 (invalid care-of maximum value when handling the Lifetime field of the Registration
address). Reply.
o Clarification that the home agent MUST ignore the 'B' bit (as
- Clarification that the foreign agent SHOULD consider its own
maximum value when handling the Lifetime field of the
Registration Reply.
- Clarification that the home agent MUST ignore the 'B' bit (as
opposed to rejecting the Registration Request) if it does not opposed to rejecting the Registration Request) if it does not
support broadcasts. support broadcasts.
o Advice about the impossibility of using dynamic home agent
- Advice about the impossibility of using dynamic home agent
discovery in the case when routers change the IP destination discovery in the case when routers change the IP destination
address of a datagram from a subnet-directed broadcast address address of a datagram from a subnet-directed broadcast address to
to 255.255.255.255 before injecting it into the destination 255.255.255.255 before injecting it into the destination subnet.
subnet. o Clarified that when an Agent Advertisement is unicast to a mobile
node, the specific IP home address of a mobile node MAY be used as
- Clarified that when an Agent Advertisement is unicast to a the destination IP address.
mobile node, the specific IP home address of a mobile node MAY o Included a reference to RFC 2290 within appendix B, which deals
be used as the destination IP address.
- Included a reference to RFC 2290 within appendix B, which deals
with PPP operation. with PPP operation.
o Created IANA Considerations section
- Created IANA Considerations section o In section 3.8.3, clarified that a home agent SHOULD arrange the
selection of a home address for a mobile node when the
- In section 3.8.3, clarified that a home agent SHOULD arrange
the selection of a home address for a mobile node when the
Registration Reply contains a zero Home Address. Registration Reply contains a zero Home Address.
G.3. Changes since revision 04 of RFC2002bis G.4. Changes since RFC3344
This section lists the changes between this version (...-06.txt) and
the previous version (...-04.txt) of the document. This section can
be deleted by the RFC editor.
- Noted that HMAC-MD5 should be considered for use in place of
the "prefix+suffix" mode of MD5 as originally mandated in RFC
2002.
- Included a reference to RFC 2290 within appendix B, which deals
with PPP operation.
- Revamped IANA Considerations section
- Revamped Changes section This section lists the changes between this document and the previous
version of the Mobile IPv4 Proposed Standard, RFC 3344 [41].
- Replaced Patents section with wording mandated from RFC 2026. o Created a new error code for use when a Foreign Agent can detect
that the Home Agent address field is incorrect.
o Prohibited the use of the Foreign-Home Authorization Extension on
deregistration messages.
o Cleaned up some more wording having to do with authorization-
enabling extensions.
o For consistency, changed some wording about copying UDP ports.
o Added wording to clearly not disallow dynamically configuring
netmask and security information at the mobile node.
- Updated citations. o Revamped Changes section
o Updated citations.
H. Example Messages Appendix H. Example Messages
H.1. Example ICMP Agent Advertisement Message Format H.1. Example ICMP Agent Advertisement Message Format
0 1 2 3 0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum | | Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num Addrs |Addr Entry Size| Lifetime | | Num Addrs |Addr Entry Size| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 94, line 34 skipping to change at page 109, line 5
| Type =32 | Length | SPI | | Type =32 | Length | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI (cont...) | | | SPI (cont...) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
: MN-HA Authenticator ( variable length ) : : MN-HA Authenticator ( variable length ) :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Extensions used by FA......... : Optional Extensions used by FA.........
: Optional MN-FA Authentication Extension... : Optional MN-FA Authentication Extension...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
References Author's Address
[1] Allman, M., Glover, D. and L. Sanchez, "Enhancing TCP Over
Satellite Channels using Standard Mechanisms", BCP 28, RFC
2488, January 1999.
[2] S. M. Bellovin. Security Problems in the TCP/IP Protocol
Suite. ACM Computer Communications Review, 19(2), March 1989.
[3] Border, J., Kojo, M., Griner, J., Montenegro, G. and Z. Shelby,
"Performance Enhancing Proxies", RFC 3135, June 2001.
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[5] Ramon Caceres and Liviu Iftode. Improving the Performance of
Reliable Transport Protocols in Mobile Computing Environments.
IEEE Journal on Selected Areas in Communications, 13(5):850--
857, June 1995.
[6] Calhoun P. and C. Perkins, "Mobile IP Network Access Identifier
Extension for IPv4", RFC 2794, January 2000.
[7] Calhoun, P. and C. Perkins, "Mobile IP Foreign Agent
Challenge/Response Extension", RFC 3012, December 2000.
[8] Cong, D., Hamlen, M. and C. Perkins, "The Definitions of
Managed Objects for IP Mobility Support using SMIv2", RFC 2006,
October 1996.
[9] Dawkins, S., Montenegro, G., Kojo, M., Magret, V. and N.
Vaidya, "End-to-end Performance Implications of Links with
Errors", BCP 50, RFC 3155, August 2001.
[10] Deering, S., "ICMP Router Discovery Messages", RFC 1256,
September 1991.
[11] Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC
1112, August 1989.
[12] Dommety, G. and K. Leung, "Mobile IP Vendor/Organization-
Specific Extensions", RFC 3115, April 2001.
[13] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
March 1997.
[14] Eastlake, D., Crocker, S. and J. Schiller, "Randomness
Recommendations for Security", RFC 1750, December 1994.
[15] Ferguson P. and D. Senie, "Network Ingress Filtering: Defeating
Denial of Service Attacks which employ IP Source Address
Spoofing", BCP 38, RFC 2827, May 2000.
[16] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic
Routing Encapsulation (GRE)", RFC 1701, October 1994.
[17] J. Ioannidis. Protocols for Mobile Internetworking. PhD
Dissertation - Columbia University in the City of New York,
July 1993.
[18] John Ioannidis, Dan Duchamp, and Gerald Q. Maguire Jr. IP-
Based Protocols for Mobile Internetworking. In Proceedings of
the SIGCOMM '91 Conference: Communications Architectures &
Protocols, pages 235--245, September 1991.
[19] John Ioannidis and Gerald Q. Maguire Jr. The Design and
Implementation of a Mobile Internetworking Architecture. In
Proceedings of the Winter USENIX Technical Conference, pages
489--500, January 1993.
[20] Jacobson, V., "Compressing TCP/IP headers for low-speed serial
links", RFC 1144, February 1990.
[21] Jacobson, V., "Congestion Avoidance and Control. In
Proceedings, SIGCOMM '88 Workshop, pages 314--329. ACM Press,
August 1988. Stanford, CA.
[22] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402,
November 1998.
[23] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing
for Message Authentication", RFC 2104, February 1997.
[24] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB",
RFC 2863, June 2000.
[25] McGregor, G., "The PPP Internet Protocol Control Protocol
(IPCP)", RFC 1332, May 1992.
[26] Mills, D., "Network Time Protocol (Version 3) Specification,
Implementation", RFC 1305, March 1992.
[27] Montenegro, G., "Reverse Tunneling for Mobile IP (revised)",
RFC 3024, January 2001.
[28] Montenegro, G., Dawkins, S., Kojo, M., Magret, V. and N.
Vaidya, "Long Thin Networks", RFC 2757, January 2000.
[29] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for
Mobile IP", RFC 2356, June 1998.
[30] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", RFC 2434, October 1998.
[31] Paxson, V. and M. Allman, "Computing TCP's Retransmission
Timer", RFC 2988, November 2000.
[32] Perkins, C., "IP Encapsulation within IP", RFC 2003, October
1996.
[33] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[34] Perkins, C., "Minimal Encapsulation within IP", RFC 2004,
October 1996.
[35] Perkins, C. and P. Calhoun, "AAA Registration Keys for Mobile
IP", Work in Progress, July 2001.
[36] Plummer, D., "Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit Ethernet
address for transmission on Ethernet hardware", STD 37, RFC
826, November 1982.
[37] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August
1980.
[38] Postel, J., "Internet Protocol", STD 5, RFC 791, September
1981.
[39] Postel, J., "Multi-LAN Address Resolution", RFC 925, October
1984.
[40] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC
1700, October 1994.
[41] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April
1992.
[42] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC
1661, July 1994.
[43] Solomon, J., "Applicability Statement for IP Mobility Support"
RFC 2005, October 1996.
[44] Solomon J. and S. Glass, "Mobile-IPv4 Configuration Option for
PPP IPCP", RFC 2290, February 1998.
[45] Stevens, W., "TCP/IP Illustrated, Volume 1: The Protocols"
Addison-Wesley, Reading, Massachusetts, 1994.
Authors' Addresses
The working group can be contacted via the current chairs:
Basavaraj Patil
Nokia
6000 Connection Dr.
Irving, TX. 75039
USA
Phone: +1 972-894-6709
EMail: Basavaraj.Patil@nokia.com
Phil Roberts
Megisto Corp. Suite 120
20251 Century Blvd
Germantown MD 20874
USA
Phone: +1 847-202-9314
EMail: PRoberts@MEGISTO.com
Questions about this memo can also be directed to the editor:
Charles E. Perkins Charles E. Perkins
Communications Systems Lab WiChorus Inc.
Nokia Research Center 3590 N. 1st Street, Suite 300
313 Fairchild Drive San Jose, CA 95134
Mountain View, California 94043
USA USA
Phone: +1-650 625-2986 Email: charliep@computer.org
EMail: charliep@iprg.nokia.com
Fax: +1 650 625-2502
Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
 End of changes. 427 change blocks. 
1611 lines changed or deleted 1806 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/