What does the term metro mobility mean?
Answer: Metro mobility means mobility across multiple public and private networks.
What are the challenges or concerns for Mobile IP in the metro mobility model?
Answer: Many of the challenges stem from the security implications of Internet routing. When crossing AS boundaries and traversing public networks, as in the metro mobility model, traffic from the Mobile Node is difficult to distinguish from spoofed traffic.
What feature is necessary for a network to overcome ingress filtering?
Mobile AgentFA security association
Firewall on the home network
Answer: b. Reverse tunneling also allows multicast support and private addressing.
Draw a diagram showing how packets travel when using reverse tunneling.
What is tunnel path MTU, and why is it sometimes an issue when using Mobile IP?
Answer: Tunnel path MTU is the upper limit on the size of a packet that can be sent over a tunnel. It represents the largest amount of data that can be sent along the entire path without having to be fragmented. Because Mobile IP adds another IP header to a packet, it increases the size of the packet. This is especially significant in the metro mobility model, because the tunnel path can traverse multiple autonomous systems with varying MTU capabilities.
Describe the Path MTU Discovery mechanism.
Answer: The Path MTU Discovery mechanism works as follows:
The sender sets the DF (don't fragment) bit in the IP header for all IP packets to a destination, and initially assumes the path MTU to be the outgoing link MTU.
Any router along the path that cannot forward the packet on the next outgoing link, because the link MTU is less than the total length of the packet, instead sends an ICMP destination unreachable message with code conveying that "fragmentation is needed, but the DF bit is set" back to the sender. This message usually includes an extension specifying the MTU of the link requiring fragmentation. The packet is then dropped.
Upon receipt of such an ICMP destination unreachable message, the sender decreases the path MTU estimate to the destination and sends smaller IP packets along the path.
Discovery is complete when the sender receives no more such ICMP destination unreachable messages.
When using tunnel encapsulation, the DF bit must be copied onto the outer tunnel header. This ensures that the path MTU discovery can still be used.
What is NAT and why is it a challenge when using Mobile IP?
Answer: NAT is Network Address Translation. An NAT box translates the address used by the node in the private network to an address that is valid in the global network. When the Care-of Address tunnel endpoint is behind an NAT, the IP-in-IP tunneling cannot pass through the NAT gateway. The IP layer encapsulations do not carry transport layer (TCP/UDP) port numbers to permit unique translation of the private Care-of Address into the public address.
How is the coexistence of NAT with Mobile IP achieved?
Answer: Coexistence of NAT with Mobile IP is achieved through a UDP tunneling protocol. The IETF Mobile IP Working Group standardized RFC 3519, which defines a UDP tunneling protocol to be used for both the forward and reverse Mobile IP tunnels. The new protocol defines extensions to the registration and agent advertisement portions of the Mobile IP protocol. A key feature of this NATMobile IP solution is that data packets are now also sent to the UDP ports that set up the Mobile IP registration, that is, UDP port 434 on the Home Agent and the UDP source port used for the RRQ on the Mobile Node.
How does the Home Agent infer that a Mobile Nodes is roaming behind an NAT gateway?
Answer: The Home Agent evaluates the RRQ and compares the source IP address of the packet to the Care-of Address inside the request. If the two addresses differ, the Home Agent deduces that an NAT gateway exists in the middle and enables the use of UDP tunneling.
Mobile IP and IPSec can coexist with proper configuration and placement of the devices. Draw a diagram that shows Mobile IP over IPSec and IPSec over Mobile IP.
In the previous question, a particular protocol tunnel is contained within the other, that is, Mobile IP over IPSec or IPSec over Mobile IP. In these cases, in what order is the encapsulation removed?
Answer: Encapsulation is always removed in the opposite order in which it was added.
What are the advantages and disadvantages of IPSec over Mobile IP?
Answer: Running IPSec over Mobile IP allows the user to roam without needing to reestablish the VPN after each access-link change. However, this configuration only allows the Mobile Node to roam outside the private network. This solution works well for users that never roam into the private network.
What are the advantages and disadvantages of Mobile IP over IPSec?
Answer: For users that need to roam into the private network, running Mobile IP over IPSec can allow sessions to be maintained within the private network. Unfortunately, with Mobile IP over IPSec, the IPSec session must be reestablished every time the access link changes. This can be acceptable in configurations where the Mobile Node has only one single public network connection and the IP address does not change, such as with a cellular network.
Registration Revocation allows for which of the following?
Timely release of Mobile IP resources
Early adoption of domain policy changes with regard to services offered/required of a Mobile IP binding
Timely notification to a Mobile Nodes that it is no longer receiving mobility services, thereby significantly shortening any black-hole periods to facilitate a more robust recovery.
Accurate Mobile IP and resource accounting
All of the above
What are the four main components of resource revocation?
The Mobility Agents advertise support for the revocation feature by setting a newly defined X bit in the Mobile IP agent advertisement.
The Mobility Agents convey to one another that they are interested in receiving revocation messages by appending the Revocation Support Extension to registration messages. In this extension, the mobility agent can also express whether it wants the Mobile Node to be notified upon revocation (or early termination) of the binding through the I bit in the extension.
After negotiating and establishing use of the revocation mechanism for mobility binding(s), the Mobility Agents send reliable revocation messages to one another upon revocation (or early termination) of a mobility binding.
If it is determined that the Mobile Node should be notified that its binding has been revoked, the Foreign Agent simply unicasts an agent advertisement to the Mobile Node with a [re]set sequence number of 0. The Mobile Node understands that its mobility binding has been reset and that it must reregister.