Home Agent Redundancy


The Home Agent is an important entity in the successful operation of the Mobile IP process. Recall that upon receiving a successful RRQ from the Mobile Node, the Home Agent creates a mobility binding entry that tracks the association of the Mobile Node's home address with its current CoA. The Home Agent maintains all associations in a mobility binding table, which is essentially the heart of the Mobile IP process. If the Home Agent fails for any reason, the mobility binding table is lost, and all Mobile Nodes registered with the Home Agent lose connectivity. The Mobile Nodes usually experience a noticeable lapse in service during outage, which can lead to some unhappy customers.

The Cisco Mobile IP Home Agent Redundancy feature is designed to provide scalable high availability with near-instantaneous failover support. When a Home Agent fails, another Home Agent takes over immediately to maintain all sessions to the Mobile Nodes. With this mechanism, the mobility binding table is fully replicated on each Home Agent in the redundancy group, and thus, no downtime occurs for any Mobile Node. The high availability not only ensures that all mobility bindings survive a Home Agent failure but also ensures minimal packet loss, which leads to happy customers!

The Home Agent Redundancy mechanism leverages the Hot Standby Router Protocol (HSRP) (described in RFC 2281), which designates one router as active and another as standby. HSRP determines redundancy peers and is used as a first-hop routing protocol for the Home Agent address. HSRP can be defined as follows:

NOTE

HSRP is a router redundancy protocol developed by Cisco that provides network resilience in a way that ensures that user traffic will immediately and transparently recover from "first hop" failures in network edge devices and access circuits. By sharing a virtual IP address and a MAC (Layer 2) address, two or more routers can act as a single "virtual" router or default gateway to the hosts on a LAN. The members of the router group continually exchange status messages to detect when a peer goes down. This router group is referred to as the HSRP group, and the virtual IP address is known as the HSRP group address.


The Cisco Home Agent Redundancy functionality then specifies the behavior of these routers in the HSRP group to provide backup Home Agent service in Mobile IP. The preemption and priority capabilities of HSRP can be configured to prefer one Home Agent to another, that is, one Home Agent can be given preference to become the main Home Agent by configuring these options appropriately.

The main idea in this mechanism is that the Home Agents in the redundancy group all have the necessary information to provide Mobile IP service to the Mobile Nodes, and can seamlessly take over for one another. However, to the Mobile Node, the redundancy group looks like one Home Agent. The Cisco Home Agent Redundancy feature supports two main configurations: an active-standby configuration and a peer-peer configuration. Active-standby and peer-peer only refer to how Mobile IP signaling is handled. Actual forwarding of data traffic to Mobile Nodes is handled by integration with routing. Both Home Agents in the redundancy group bring up the Mobile IP tunnels and have a full copy of the mobility binding table. Thus, either one can forward data traffic to the Mobile Node based on which one receives the Mobile Node's traffic via the IGP routing protocol. When virtual networks are redistributed into dynamic routing, all data traffic, and as such tunneling, is load balanced. (This is because both Home Agents can advertise equal cost reachability to the virtual networks to their neighbors. This can be disabled by tweaking redistribution metrics.)

A particular Home Agent Redundancy group can either support Mobile Nodes residing on a physical network or Mobile Nodes residing on a virtual network (see Chapter 4, "IOS Mobile IP in the Lab"), but not both. In the case of virtual networks, if the Home Agent address is the HSRP virtual address, the active-standby configuration is used. If the Home Agent address is configured on a loopback interface and the same address is configured on both Home Agents, peer-peer mode is used.

Regardless of the formation, the following two main functions are accomplished with the Mobile IP Home Agent Redundancy mechanism, as shown in Figure 5-5:

  • Updating/creating a mobility binding When an RRQ is accepted by the active/peer Home Agent, the binding is updated or created on the standby/peer Home Agent. This process keeps the mobility binding table synchronized between the Home Agents. Note that this also includes updating a mobility binding by deleting the binding upon a deregistration. If a mobility binding expires on the active/peer Home Agent, it also expires on the standby/peer Home Agent, and as such, no messaging is needed.

    Note that an active Home Agent assumes the lead Home Agent role and receives all the RRQs from Mobile Nodes. It then updates the standby Home Agent with the necessary binding information. (A particular Home Agent in the redundancy group can be preferred as the active Home Agent by appropriately configuring the priority option in HSRP. More information on HSRP can be found on Cisco.com.)

    In the case of the peer configuration model, the peer Home Agents share the lead Home Agent role and either of them can receive the RRQs from the Mobile Nodes. They update each other accordingly. The peer Home Agent configuration allows load balancing of the incoming RRQs because either Home Agent can receive the RRQs.

  • Downloading the mobility binding table A Home Agent downloads the mobility binding table from the active/peer Home Agent immediately upon assuming the standby/peer Home Agent role. The standby/peer Home Agent ensures that it has downloaded the entire mobility binding table through a reliability mechanism. This process ensures that the standby/peer Home Agent has a copy of the current mobility binding table before providing backup Home Agent service.

Figure 5-5. Overview of Home Agent Redundancy Mechanism


The Home Agents participating in the redundancy group should be configured similarly, with the exact configuration depending on the formation model, as outlined in the next section. Because the Home Agents are sharing their mobility binding table with one another, a trust relationship must exist between the agents. The Home Agents, therefore, must be configured with a security association, and all redundancy-related messages must be secured by this security association.

Configuration Commands

Home Agent redundancy is a critical component of a high-availability network and, as such, is not a configuration to be taken lightly. The redundancy mechanism supports numerous complex options and configurations, many of which are designed for use in specific topologies. Often times, configuration options that can seem beneficial do not benefit users in their particular environment. Home Agent redundancy is a perfect example of a "less is more" configuration. If you don't need it, don't use it. If you need it, make sure that you understand what you are doing and validate the expected outcome.

Configuration for Home Agent Redundancy must be identical on all Home Agents within the redundancy group, as follows:

Step 1.

Configure HSRP on the Home Agents using the following commands (see Cisco.com for more details on HSRP):

  • standby [group-number] ip ip-addressThis command enables HSRP on the router and sets the HSRP group address.

  • standby [group-number] name hsrp-group-nameThis command sets the name of the standby group. A group name must be used because it is used by the Home Agent process to identify the standby group.

  • standby [group-number] priority priority [preempt [delay [minimum | sync] delay]]This command sets the hot standby priority used in choosing the active router.

    By default, the router that comes up later becomes standby. When one router is designated as an active Home Agent, the priority is set highest in the HSRP group and the preemption is set. Configure the preempt delay sync command so that all mobility bindings are downloaded to the router before it takes the active role. The router becomes active when all bindings are downloaded or when the timer expires, whichever comes first. You should generally use the maximum value of 3600 seconds for the sync timer.

Step 2.

Configure the Home Agent process to support redundancy using the specified HSRP group, which is accomplished with the following command:

 ip mobile home-agent redundancy hsrp-group-name [virtual-network] 

The hsrp-group-name is the same HSRP group that is configured during HSRP configuration on the interface in Step 1. The virtual-network option is used if the redundancy group is supporting virtual networks.

Step 3.

Configure the security association between the Home Agents using the following command:

 ip mobile secure home-agent address spi spi key [hex | ascii] string 

This command sets up the security association between the Home Agents. Each Home Agent in the redundancy group must have a security association with every potential peer.

Active-Standby Home Agent Configuration

The most common Home Agent Redundancy configuration is the active-standby model because of its effectiveness and simplicity. The active-standby Home Agent configuration specifies one Home Agent in the lead role, and is the implicit formation. That is, no extra configuration is needed to specify this formation other than that presented in the previous section.

The Home Agent Redundancy formation is best illustrated by reviewing Figure 5-6. In this figure, you find two Home Agents (Home Agent1 is 1.0.0.1 and Home Agent2 is 1.0.0.2) in the redundancy group. They are supporting Mobile Nodes on a physical home network and are in the active Home Agentstandby Home Agent configuration. The HSRP group name is SanJoseHome Agent, and the HSRP group address is 1.0.0.10. Example 5-4 shows simple configurations of the Home Agents for this redundancy network. Note that the two Home Agents are configured to share a mandatory security association.

Example 5-4. Home Agent Redundancy Configuration of Active-Standby Formation
 HA1 Configuration interface ethernet0  ip address 1.0.0.1 255.0.0.0  standby ip 1.0.0.10  standby name SanJoseHA  standby preempt delay sync 3600  standby priority 110 ip mobile home-agent redundancy SanJoseHA ip mobile host 1.0.0.10 1.0.0.20 interface ethernet0 ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 HA2 Configuration interface ethernet0  ip address 1.0.0.2 255.0.0.0  standby ip 1.0.0.10  standby name SanJoseHA ip mobile home-agent redundancy SanJoseHA ip mobile host 1.0.0.10 1.0.0.20 interface ethernet0 ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455 

Figure 5-6. Home Agent Redundancy Supporting Mobile Nodes on Physical Networks


Peer-Peer Home Agent Configuration

In the peer-peer formation, the Home Agents share the lead role and update one another accordingly. This behavior is achieved by configuring a loopback interface on both Home Agents with the same Home Agent address(es). (Reachability of the loopback interface on the Home Agents must be achieved.) Thus, RRQs destined to an address on the loopback interface can then be received by either Home Agent, as shown in Figure 5-7.

Figure 5-7. Virtual Network Support Using One Physical Network (Peer Home AgentPeer Home Agent Configuration)


Before we look more closely at the peer-peer formation, it seems our duty to issue a slight health warning: This formation can seem purposefully confusing and designed to induce headaches. It is not purposeful, but it is indeed confusing! To help mitigate the confusion, we first explain a particular configuration concept, and then we present the configuration command(s).

The peer-peer Home Agent configuration is beneficial when using virtual networks (refer to Figure 5-7). With physical home networks, the Home Agent cannot accept bindings if the home network is down. (This can also be accomplished with the active-standby Home Agent configuration.)

Multiple virtual networks can be supported by the same Home Agent redundancy group. For example, a Home Agent redundancy group can support virtual networks 20.0.0.0/24, 30.0.0.0/24, and 40.0.0.0/24.

A main concern when supporting virtual networks is the proper configuration of the Home Agent address that a Mobile Node should use to register with its home network. Essentially, the following two scenarios are possible:

  • Scenario I Mobile Node and Home Agent must reside on the same network subnet.

  • Scenario II Mobile Node and Home Agent can reside on different network subnets.

The category into which a Mobile Node falls is usually based on home network and roaming policy. To satisfy Mobile Nodes falling under Scenario I, an Home Agent address is configured on the particular virtual network, for example, virtual network 40.0.0.0/24 supported with Home Agent address = 40.0.0.1. For all Mobile Nodes that fall under Scenario II, a global Home Agent address is configured on the Home Agents, for example, virtual networks 20.0.0.0/24 and 30.0.0.0/24 supported with a single Home Agent address = 10.0.0.1. All the Home Agent addresses are then configured identically on the loopback interface of each of the Home Agents. Thus, because the RRQ is received on the loopback interface of the Home Agents, either Home Agent can end up receiving the message. (Note that which Home Agent is to receive the RRQ is determined by the underlying routing protocol.) Upon receipt of an authenticated RRQ, the receiving peer Home Agent updates the other peer Home Agent.

Hopefully, you don't have a migraine now and are ready to continue with the Home Agent Redundancy configuration steps needed to achieve the peer-peer formation. We continue with the steps presented in the previous section, as follows:

Step 4.

Configure the virtual networks that are to be supported by the redundancy group using the ip mobile virtual-network command introduced in Chapter 4. If a Home Agent address is required on a particular virtual network, use the address option of this command as follows:

 ip mobile virtual-network address mask address HA-address 

The Home Agent-address value is the Home Agent address on the same subnet as the virtual network being configured.

Step 5.

Configure a global Home Agent address, if needed, using the address option of the ip mobile home-agent command, as follows:

 ip mobile home-agent address HA-address 

The Home Agent-address value is the global Home Agent address that can be used by any roaming nodes that do not require a Home Agent address on their particular subnet.

Step 6.

Configure all Home Agent addresses from Step 4 and Step 5 on the loopback interface as follows:

 interface Loopback interface-number    ip address address mask [secondary] 

In this case, interface-number is the name of a loopback interface. There are as many ip address subinterface commands as there are Home Agent addresses, with the secondary option specified for any addresses configured after the first.

It will probably be the most helpful to see how these commands materialize into a configuration. Example 5-5 shows the configuration added to Example 5-4 to make the Home Agents support virtual networks in the peer-peer Home Agent formation. In this example, RRQs from Mobile Nodes residing on virtual network 40.0.0.0/24 are sent to Home Agent address 40.0.0.1, while RRQs from all other Mobile Nodes are sent to the global Home Agent address 10.0.0.1.

Example 5-5. Home Agent Redundancy Additional Configuration for Peer-Peer Formation
 HA1 Configuration ! Configure loopback to receive RRQ from Mobile Nodes interface loopback0   ip address 10.0.0.1 255.255.255.255   ip address 40.0.0.1 255.255.255.255 secondary ! Configure global Home Agent address ip mobile home-agent address 10.0.0.1 ! Configure virtual-networks and Home Agent address for 40.0.0.0/24 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 HA2 Configuration ! Configure loopback to receive RRQ from Mobile Nodes interface loopback0   ip address 10.0.0.1 255.255.255.255   ip address 40.0.0.1 255.255.255.255 secondary ! Configure global Home Agent address ip mobile home-agent address 10.0.0.1 ! Configure virtual-networks and Home Agent address for 40.0.0.0/24 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 

Just in case you are still headache-free, we have more configurations to add to the mix. The virtual networks configured in Step 4 can be supported by one or more physical connections between the Home Agents (see Figure 5-8). Each physical network connection is configured as a separate HSRP group, for example, HSRP-group1 and HSRP-group2, and Home Agent Redundancy is tied to each of the HSRP groups. With multiple physical connections, even if one network connection fails, the Home Agents can still communicate through the other physical net-work, that is, the other HSRP group. This provides another level of redundancy against network failures and leads to the next step.

Figure 5-8. Virtual Network Support Using Multiple Physical Networks (Peer Home AgentPeer Home Agent Configuration)


Step 7.

If you are using multiple physical connections between the Home Agents, configure the other HSRP group as defined in Step 1. Configure the HSRP group to support Mobile IP and Home Agent Redundancy as defined in Step 2.

Example 5-6 shows the final configuration for two peer Home Agents using all the configuration steps outlined. In this example, Home Agent Redundancy is provided by two HSRP Groups: SanJoseHANet1 and SanJoseHANet2. Mobile Nodes are configured on virtual networks 20.0.0.0/24, 30.0.0.0/24, and 40.0.0.0/24. Mobile Nodes on virtual network 40.0.0.0/24 must register with a Home Agent address on the virtual network (that is, 40.0.0.1), while the Mobile Nodes on the other two virtual networks can use the global Home Agent address 10.0.0.1.

Example 5-6. Home Agent Redundancy in Peer-Peer Formation Using Multiple Physical Networks (Continued) (Continued)
 HA1 Configuration interface ethernet0  ip address 1.0.0.1 255.0.0.0  standby ip 1.0.0.10  standby name SanJoseHANet1 interface ethernet1  ip address 2.0.0.1 255.0.0.0  standby ip 2.0.0.10  standby name SanJoseHANet2 ! Configure loopback to receive RRQ from Mobile Nodes interface loopback0  ip address 10.0.0.1 255.255.255.255  ip address 40.0.0.1 255.255.255.255 secondary ! Configure global Home Agent address ip mobile home-agent address 10.0.0.1 ! Configure virtual-networks and Home Agent address for 40.0.0.0/24 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 ! Used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2 ip mobile home-agent redundancy SanJoseHANet1 virtual-network ip mobile home-agent redundancy SanJoseHANet2 virtual-network ! Configure security association with Peer Home Agent ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455 HA2 Configuration interface ethernet0  ip address 1.0.0.2 255.0.0.0  standby ip 1.0.0.10  standby name SanJoseHANet1 interface ethernet1  ip address 2.0.0.2 255.0.0.0  standby ip 2.0.0.10  standby name SanJoseHANet2 ! Configure loopback to receive RRQ from Mobile Nodes interface loopback0  ip address 10.0.0.1 255.255.255.255  ip address 40.0.0.1 255.255.255.255 secondary ! Configure global Home Agent address ip mobile home-agent address 10.0.0.1 ! Configure virtual networks and Home Agent address for 40.0.0.0/24  ip mobile virtual-network 20.0.0.0 255.0.0.0  ip mobile virtual-network 30.0.0.0 255.0.0.0  ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 ! Used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2  ip mobile home-agent redundancy SanJoseHANet1 virtual-network  ip mobile home-agent redundancy SanJoseHANet2 virtual-network ! Configure security association with Peer Home Agent  ip mobile secure home-agent 1.0.0.1 spi 100 key hex   00112233445566778899001122334455  ip mobile secure home-agent 2.0.0.1 spi 100 key hex   00112233445566778899001122334455 

When to Use Peer-Peer Home Agent Redundancy

On the surface, peer-peer configuration looks like an ideal way to improve network capacity and performance. When you look closer, however, you can see that this might not be the case. First, it does not afford extra capacity; the memory used by each Home Agent is the same because the binding table is replicated. Second, minimal gains are found in signaling capacity because the processing necessary to add a binding on the active Home Agent is only slightly more than that for adding a binding on a standby Home Agent.

Peer-peer redundancy adds value in two deployment scenarios. In networks where AAA server latency is high, peer-peer redundancy can provide added capacity because processing a binding on just the active Home Agent takes far longer than sharing the responsibility. The second case is in networks where Home Agents must use more than one interface for redundancy. This can mitigate some failure scenarios in networks where both Home Agents could be up and accepting bindings when a single link is down.



    Mobile IP Technology and Applications
    Mobile IP Technology and Applications
    ISBN: 158705132X
    EAN: 2147483647
    Year: 2005
    Pages: 124

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net