Rather than distribute routing information to the entire network, Mobile IP builds single-hop logical links, or tunnels, to the edge of the Foreign Network, where the Mobile Node is attached. A tunnel, just like any other link, can carry any IP packet between its endpoints. In Mobile IP, the tunnel endpoint in the Foreign Network is either a FAbased CoA or a CCoA. When a Home Agent has several Mobile Nodes registered through the same FA, traffic to all nodes is delivered through a single-tunnel FA-CoA. A Home Agent can have several tunnels to the same CoA, but the encapsulation protocol must be different for each tunnel.
The default tunneling protocol in Mobile IP is IP-in-IP encapsulation, as defined in RFC 2003. Encapsulated packets are delivered as the payload of a new IP packet. The header of this new packet is referred to as the outer header. The destination of the outer header is the tunnel endpoint, and the source is the encapsulating device. For the forward Mobile IP tunnel, the destination is the CoA and the source is the Home Agent.
IP-in-IP is a simple protocol that requires little effort on the part of the Home and FAs. All field values in the outer header are chosen and set by the Home Agent with the exception of the type of service and don't fragment fields. Type of service values are copied from the inner packet to help preserve end-to-end quality of service of the packet. The "don't fragment bit" is set in the outer header if it is set in the header of the encapsulated packet, or if the Home Agent chooses to set it. This can enable tunnel path MTU discovery, as described in Chapter 6.
The Mobile Node can request an alternate encapsulation method for the tunnel. Both minimal encapsulation and GRE are available as options in the Mobile IP RRQ.
Minimal encapsulation, defined in RFC 2004, is an attempt to reduce the size of the inner header by eliminating the duplicate information found in IP-in-IP encapsulation. That is, the original packet header is compressed by removing the redundant information that is in the outer IP header. Minimal encapsulation is useful if the tunnel must traverse a low-bandwidth link, where every bit counts. In practice, the low-bandwidth link is usually the last link. Thus, in the case of registration through a FA, the increased processing overhead required by the tunnel endpoints does not justify the bandwidth savings.
GRE is an existing tunneling protocol that transports different network layer protocols across IP networks. GRE is defined in RFC 1701 and includes an extra 4-byte header between the outer and inner IP headers. GRE is used in some cases because of existing support for accelerated encapsulation on the Home Agent.
Mobile IP uses an asymmetric routing path referred to as triangle routing. Basically, traffic for the Mobile Node goes from the CN to the Home Agent to the Mobile Node, and return traffic goes directly from the Mobile Node to the CN, thus forming a triangular path, as shown in Figure 2-18. The main reason that the Mobile Node does not simply inform the CN of its new location and establish symmetrical routing can be summed up in one word: security.
Figure 2-18. Triangle Routing
A trust relationship must exist between the Mobile Node and CN to exchange such critical information during the Mobile IP registration process; otherwise, the communication between the nodes is subject to simple DoS attacks. For example, a rogue node can just send a bogus registration message to the CN conveying a false CoA and simply hijack the Mobile Node's traffic. Because a trust relationship between a Mobile Node and every possible CN is highly unlikely, Mobile IP falls back to secure and reliable communication through triangle routing and the trusted Home Agent.
IP routing, as it is defined, does not use the source address of a packet in the delivery process. Mobile IP takes advantage of this fact in an attempt to optimize traffic delivery. That is, packets from the Mobile Node are sent using the Mobile Node's Home Address as the source address, even while on the Foreign Network, and are delivered directly to their destination using a default gateway, the FA. The Mobile Node must forward traffic through one of the router addresses listed in the FA advertisement and must not send ARP requests when it is in a Foreign Network.
Return routing to the Mobile Node follows standard IP routing to the Mobile Node's Home Network prefix. When traffic arrives at the Home Network, the Home Agent intercepts that traffic using either routing, gratuitous ARP, or a similar technique. The Home Agent then forwards the Mobile Node's traffic through the tunnel to the CoA.
In Chapter 6, we discuss a feature called reverse tunneling, which allows data packets originated by the Mobile Node on the Foreign Network to be forwarded back to the Home Agent through a reverse tunnel. These packets then follow standard routing from the Home Agent to their destination. Reverse tunneling removes the notion of triangle routing and ensures that the packets from the Mobile Node are topologically correct. This is necessary to overcome security measures being deployed in the Internet today. A detailed discussion of reverse tunneling is given in Chapter 6.