Bringing It All Together Through an Example

Figure 6-1 presents a basic topology for metro mobility, and the subsequent sections of this chapter present individual components that play a roll in the overall solution. Figure 6-7 pulls the pieces together into an example. The goal here is to allow a user to establish and maintain sessions while roaming within and between multiple networks with no interruption. Reverse tunneling and UDP NAT traversal are used on the Home Agent. Finally, Registration Revocation allows efficient communication between the various Mobile IP entities as the Mobile Nodes roams across different autonomous systems. The configurations for these devices are shown in Example 6-1.

Example 6-1. Configurations for a Metro Mobility Solution

[View full width]

 Home Agent Configuration ! hostname Home Agent ! interface Ethernet0/0  ip address 192.168.1.2 255.255.255.0 ! router mobile ! router ospf 1  redistribute mobile subnets  network 192.168.0.0 0.0.255.255 area 1 ! ip mobile home-agent nat traversal keepalive 20 ip mobile home-agent revocation ip mobile virtual-network 192.168.100.0 255.255.255.0 ip mobile host 192.168.100.10 192.168.100.20 virtual-network 192.168.100.0 255.255.255.0 ip mobile secure host 192.168.100.10 spi 100 key hex 1234567890abcdef1234567890abcdef  algorithm md5 mode prefix-suffix ip mobile secure foreign-agent 192.168.5.1 spi 100 key ascii bindupdatekey algorithm md5  mode prefix-suffix ! end ________________________________________________________________ Foreign Agent Configuration with reverse tunnel and revocation hostname FA1 ! interface Ethernet0/0  ip address 192.168.3.2 255.255.255.0 ! interface Ethernet1/0  ip address 192.168.5.1 255.255.255.0  ip irdp  ip irdp maxadvertinterval 4  ip irdp minadvertinterval 3  ip irdp holdtime 9  ip mobile foreign-service reverse-tunnel mandatory ! router mobile ! router ospf 1 network 192.168.0.0 0.0.255.255 area 1 ! ip mobile foreign-agent care-of Ethernet1/0 ip mobile secure home-agent 192.168.1.2 spi 100 key ascii bindupdatekey algorithm md5 mode  prefix-suffix ! end ________________________________________________________________ Foreign Agent Configuration with UDP Tunneling hostname FA2 ! ! interface Ethernet0/0  ip address 192.168.4.2 255.255.255.0  ip mobile foreign-service ! interface Ethernet1/0  ip address 192.168.6.1 255.255.255.0  ip irdp  ip irdp maxadvertinterval 4  ip irdp minadvertinterval 3  ip irdp holdtime 9  ip mobile foreign-service reverse-tunnel ! router mobile ! router ospf 1  network 192.168.0.0 0.0.255.255 area 1 ! ip mobile foreign-agent care-of Ethernet1/0 ip mobile foreign-agent nat traversal keepalive 20 ! end 

Figure 6-7. Metro Mobility Example

Evaluating the Metro Mobility Example

A Mobile Nodes operating in the environment shown in Example 6-1 can have many different states than those seen in Chapter 4, "IOS Mobile IP in the Lab." Cisco IOS show commands can determine the states for the feature presented in the chapter.

To determine whether a Mobile Nodes is using reverse tunneling, look under the routing options section of the show ip mobile binding command, as follows. If "(T)Reverse-tunnel" is listed, the Mobile Nodes is using reverse tunneling.

 HA#show ip mobile binding Mobility Binding List: Total 1 192.168.100.10:     Care-of Addr 192.168.5.1, Src Addr 192.168.5.1     Lifetime granted 10:00:00 (36000), remaining 09:40:54     Flags sbdmg-T-, Identification C5C75C51.A5787D48     Tunnel1 src 192.168.1.2 dest 192.168.5.1 reverse-allowed     Routing Options - (T)Reverse-tunnel 

The path MTU supported by a tunnel is listed in the output of the show ip mobile tunnel command, as follows. The configured MTU of the tunnel is listed as "IP MTU." The discovered MTU is listed under "Path MTU Discovery"; if this value is 0, the configured value can transit the path.

 HA#show ip mobile tunnel Mobile Tunnels: Total mobile ip tunnels 1 Tunnel1:     src 192.168.1.2, dest 192.168.5.1     encap IP/IP, mode reverse-allowed, tunnel-users 1     IP MTU 1480 bytes     Path MTU Discovery, mtu: 980, ager: 10 mins, expires: 00:08:52     outbound interface Ethernet0/0     HA created, fast switching enabled, ICMP unreachable enabled     10 packets input, 7700 bytes, 0 drops     20 packets output, 9723 bytes 

UDP tunneling can be seen in the output of the show ip mobile tunnel command under "encap." A value of "MIPUDP/IP" indicates UDP tunneling. To determine which tunnel a Mobile Nodes is using, look at the output of the show ip mobile binding command, as follows. You can also see that "NAT detect" is in effect for this Mobile Nodes.

 HA#show ip mobile binding Mobility Binding List: Total 1 192.168.100.10:     Care-of Addr 192.168.6.1, Src Addr 192.168.60.1     Lifetime granted 02:00:00 (7200), remaining 01:42:49     Flags sbdmg-T-, Identification C5C7702D.E9FD2C7C     Tunnel0 src 192.168.1.2 dest 192.168.60.1 reverse-allowed     Routing Options - (T)Reverse-tunnel     Service Options:         NAT detect HA#show ip mobile tunnel Mobile Tunnels: Total mobile ip tunnels 1 Tunnel0:     src 192.168.1.2, dest 192.168.60.1     src port 434, dest port 434     encap MIPUDP/IP, mode reverse-allowed, tunnel-users 1     IP MTU 1468 bytes     Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never     outbound interface Ethernet0/0     HA created, fast switching disabled, ICMP unreachable enabled     0 packets input, 0 bytes, 0 drops     52 packets output, 3120 bytes 

Summary

In this chapter, we looked at mobility in the metro mobility environment. To this end, we examined real-world tunneling issues that arise and Mobile IP solutions that overcome these challenges. We saw how reverse tunneling overcomes ingress filtering and uRPF checks in the network. We discussed NAT and VPN (IPSec) traversal, and finally, we showed how Registration Revocation can improve the efficiency of communication between the Mobile IP entities.

In the next chapter, the PC-based client is replaced with a router, allowing many IP devices to share a single set of links without regard to mobility. The features and configurations build on the Home Agent/FA topologies shown in this and previous chapters and focus on the specifics of the mobile router.