Foreign Agent Details
The FA does not need to be enhanced to support network mobility per se. However, a few minor enhancements can be made to the FA to provide more efficient communication.
Agent DiscoveryTuning IRDP Options
Mobile routers discover FAs using the same agent discovery process as described in Chapter 2. Recall that the Mobile IP agent discovery and move detection process is through ICMP Router Discover Protocol (IRDP). The IRDP parameters determine how often a FA sends out Mobile IP agent advertisements, and impact the behavior and efficiency of the network. Thus, you should tune the IRDP advertisement interval and holdtime to allow the expected behavior. The advertisement interval is configured by setting the minimum amount of time and maximum amount of time between a FA's advertisements.
If the desired behavior is to send agent advertisements only in response to a solicitation by a mobile router, set the advertisement interval and holdtime to 0 seconds. In contrast, the IRDP parameters can be
The FA should be configured as described in Chapter 4. The IRDP parameters on an interface can then be tuned using the following interface-level subcommands:
A basic mobile router example showing most of the features discussed thus far, as well as basic troubleshooting techniques, can be found in Chapter 4.
Local Routing to Mobile Networks
In standard Mobile IP, traffic from a CN to a Mobile Node must traverse the Home Agent, as described in Chapter 2, as triangle routing . Said another way, a CN cannot communicate directly with the Mobile Node in its visiting location. Translated further to network mobility, it means that a CN cannot communicate directly with a mobile router or any of the nodes on the mobile networks even if the CN is directly connected to the FA.
An example clarifies our point. Consider the video surveillance camera of a bank that is being robbed. Police
Figure 7-12. Police Headquarters Communicating with a Bank
By using the Cisco FA Optimized Routing for Mobile Networks, the FA can directly send traffic from a CN that is directly connected to it to a node on a mobile network of one of its visiting mobile routers. Going back to the previous example, this means that because the video camera is directly connected to the FA, the FA could simply forward the video feed to the police officers, saving valuable time! Essentially, this feature is useful in scenarios in which the bandwidth between the Home Agent and the FA is limited, or in scenarios in which the mobile router receives high-bandwidth or time-sensitive traffic from a device on the Local Area Network (LAN) of the FA.
So, what does this need to work? It requires the FA to have knowledge of the mobile networks that are associated with a visiting mobile router. How is this accomplished? The FA eavesdrops as the mobile router registers its mobile networks, paying particular attention to a successful RRP from the Home Agent. This has the following implications:
Trust is easily obtained by the FA and Home Agent sharing a security association. Then, in addition to the Mobile NodeHome Agent Authentication Extension (MHAE), the Home Agent also secures such a RRP with the FHAE. When the FA receives the RRP, it can confidently trust information that it
To this end, the FA needs to be enhanced to understand the Mobile Network NVSEs that are appended by the mobile router and Home Agent during the registration process. Specifically, the FA must parse the Mobile Router Static Mobile Network NVSE and Mobile Router Dynamic Mobile Network NVSE in a successful RRP to extract the network prefix and mask of the mobile networks associated with the visiting mobile router. After the FA gains knowledge of the mobile networks, it injects the mobile network routes into its forwarding table. Upon receiving a deregistration message, the FA can remove the routes from the forwarding table and any local data structures. The FA must associate the local routes (through local data structures) to the visitor entry for the mobile router. Moreover, because the FA is injecting the routes to the mobile networks into its forwarding table, the mobile networks must
Figure 7-13. Foreign Agent Local Routing Message Flow
Configuration for Local Routing to Mobile Networks
The FA must first be configured to provide FA services, as described in Chapter 4. The FA can then be configured for the local route optimization as
ip mobile foreign-agent inject-mobile-networks [ mobnetacl access-list-identifier ]
This command enables the local route optimization on the FA. The mobnetacl optional parameter allows an access control list (ACL) (simple or named) to be specified for controlling the mobile networks that the FA provides to the route optimization. Without an ACL, all learned mobile networks are injected into the local forwarding table.
Note that the FA and Home Agent must also be configured to share a security association, as described in Chapter 3, "Mobile IP Security."