Академический Документы
Профессиональный Документы
Культура Документы
Technology
The benefit of Mobile IP
“
“Mobile IP provides an IP node the ability to
retain the same IP address and maintain
uninterrupted network and application
connectivity while traveling across
networks ”
”
Which Applications
The objective
Mobile Routers
Internet
IETF Proposed Standard
Associated RFCs
RFC1701 GRE – Generic Routing Encapsulation
RFC3024 - Reverse Tunneling for Mobile IP
The Problem with Mobility
“Connect to
Where is 171.68.69.0??? 171.68.69.24”
Gateway A
?
171.68.0.0 Host B
Internet Gateway C
140.31.0.0
Mobile Router
171.68.69.0
171.68.70.0 Mobile Router
X
171.68.69.0 SEND
171.68.70.0
• Gateway A replies to Host B with an ICMP unreachable
• Gateway C blocks router from joining network
• Routing Protocol rejects duplicate network advertisements
Mobile IP Solution
Mobility Binding Table:
MR CoA
171.68.69.0 140.31.2.1
Host B
Internet Foreign Agent
Home Agent COA 140.31.2.1
Mobile Router 171.68.60.1
171.68.69.0
171.68.70.0 Mobile Router
171.68.69.0
171.68.70.0
• Mobile Router sends Registration Request [RRQ] to Home Agent (HA)
• Home Agent forwards packets to Mobile Router via Care of Address
[CoA]
Mobile IP
Operator Benefits
decapsulation occurs
Mobile IP Activities Example
Home Agent
171.68.69.1 Host B
Host A
MN learns about FA and registers CoA 171.68.69.24
HA maintains MN location database and tunnels traffic to
FA
Mobile IP Terminology
CN
Internet
HA FA
FA HA
MR 1.1.1.7
1.1.1.7
Foreign Agent
• FA sees MR is Home Agent
authenticated HA authenticates MR
Sends RRP
• Forwards RRP to Proxy ARPs for MR
MR Brings up tunnel and adds host
• Brings up tunnel route
MR States
Foreign
Agent
Mobile
Router
Mobile Router
Foreign Agent
Internet
Mobile
Networks
appear to
Correspondent Node Edited slide from original
Mobile Router
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
to be here Home Agent
Mobile Network Routing – Packet
Flow
Mobile
Networks
Nodes on MR
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
to be here Home Agent
Mobile Network Routing – Packet
Flow
Mobile
Networks
Node on MR
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
to be here Home Agent
Mobile Network Routing – Return
Packet Flow
Mobile
Networks
Node on MR
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
Correspondent Node
to be here Home Agent
Tunneling
HA double encapsulates the packets, creating two
tunnels:
HA to FA
HA to MR
MR redundancy
MR Asymmetric Links
MR Dynamic Networks
Identification mismatch adjustment
Sequence number detection
Co-located Care-of Address
Support
MR HA
Care-of Address resides on Mobile Router itself
Rather than on the Foreign Agent
Does away with the need for Foreign Agents
Two IP-in-IP tunnels are created: HA-Co-located
address, HA-MR
HA-Co-located address tunnel is only used for routing
Tunnel “Interfaces” added in Routing table
Co-located Care-of Address
cont.
MR HA
© 2002, Cisco Systems, Inc. All rights reserved. Cisco Mobile Access Router—Module 2 -38
Co-located Care-of Address
cont.
MR HA
Node on MR
HA-MR Tunnel
Mobile Router
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears
to be here Home Agent Correspondent Node
Reverse Tunneling
Mobile Network
Node on MR
Roaming
Interface
FA WAN
HA-FA Tunnel
Foreign Agent
Internet
Mobile
Network
appears Edited slide from original
BTS
AP
Gateway
GPRS
Support Node
Home Agent (GGSN) Foreign Agent function can be
added to GGSN and WLAN
Access Router, though Mobile IP
works without FA as well.
3GPP WLAN
Interworking Scenarios
6 Scenarios identified which corresponds to incremental steps in terms of services and
operational features
1. Common billing and Customer care
no impact on 3GPP specs as such; access to Open internet
• 3GPP system based access control and charging with access to
UMTS/GSM authentication (based on EAP-SIM/AKA methods)
4. Access to 3GPP system PS based services (e.g. IMS, Streaming, MMS, etc.)
bearer path to the home domain (current GPRS model)
6. Service Continuity
L3 Mobility introduction (e.g. Mobile IP technology)
• Seamless service provision
• Access to 3GPP CS Services (no use case so far)
UMTS R6 includes scenario 2 & 3
UMTS R7 will consider scenario 4 (mobility)
WLAN/GPRS Seamless Mobility
Scenario 4 (Tentative)
Applications
RNC
Reiterate Benefit
Mobile IP operates at network layer, independent of
link layer access technologies, allowing migration
and coexistence of various access networks while
providing seamless mobility transparently to the user
Proven mobility across satellite, WLAN, GPRS,
CDMA2000 1xRTT, Flash OFDM, iDEN, CDPD, etc.
Differences between Mobile
IPv4 and Mobile IPv6
Mobile IPv6 leverages enormous IPv6 address space
Mobile IPv6 is integrated into base IPv6 protocol
MNv6 automatically obtain CoA after Router Advertisement
received
No Foreign Agent in Mobile IPv6
Registrations are protected by IPSec in Mobile IPv6
Built in route optimization between MNv6 and CNv6
Security implications of
Mobile IP
Access authentication independent of Mobile
IP
PPP CHAP for dial up
802.1x for WLAN
Service authorization
Mobile IP security association for registrations
QOS Implications of Mobile IP
Cellphone Support
Motorola iDEN (Integrated Digital Enhanced Network) Motorola iDEN handsets Nextel is the Service Provider
Mobile IPv4 Clients
PC/Workstation
IP Operating Systems Name License Comments
4 Cisco IOS Cisco Mobile IP commercial
4 FreeBSD 2.2.2 Monarch BSD style 1998 - Rice University
4 FreeBSD 2.2.8, 4.6, 4.8, 4.9, 5.2 Secure Mobile Net BSD style 2003 - Portland State University, actively updated
4 HP-UX 11.11 HP commercial Mobile IPv4 HA/CN, Reverse Tunneling, Route Optimization and AAA support
Cisco Mobile
Exchange L2TP
GGSN
Internet Wireless
3G 802.11
GRE
ASP
IPSec
WiMAX
MPLS
VPN
IPV4
Other
WLAN IPV6
Streaming Localization
WLAN 802.11
Access
Session control (FA) Network
(SIP) Mobility
(HA)
IP Core Visited
AAA
CMX GPRS/UMTS/
GGSN(FA)/ CDMA
PDSN SGSN
RAN
V
RNC
Market Leaders
Early Field Trial since 1997, General Availability January 1999
Applications
Foreign Agent, Home Agent, Proxy Mobile Node, Mobile Router
Platforms Support
2600 through 7200, Cat5K RSM, Cat6K MSFC, 7600
Cisco IOS
Tightly integrated with Cisco IOS functionality
GGSN Mobile IP support
Configurations
• 6500 Family : 03/06/09/13 slots
• I/O Modules:
– 100BaseT (Fast Ethernet)
– 1000BaseT (Gigabit Ethernet)
HA Key Features: 76xx/65xx Key Platform Features : 76xx/65xx Key Platform Features : PDSN/HA Key Features:
Firewall & IDS Module Support Sup720 Capacity/Performance Improvements
Proxy MoIP
HA Redundancy (1:1) Broadcast/Multicast
HA Binding Update HA Key Features: Standards Compliance
7206 Key Platform Features :
HA Accounting NPE-G1 with 1GB DRAM Capacity/Performance Improvements Continuous MIB Enhancement
3DES Encryption Support SA-VAM2 Mobile IPv6 Diameter
MoIP MIB Enhancements IP Reachability per 835B (DNS update by PSD
HA)
HA Key Features : HA Accounting per 835C
HA Load Balancer (HA-SLB) (MWAM Continuous MIB Enhancement
Dynamic IPSec per 835B NOTE: PRICING TBD.
Solution Notes: only)
Standards Compliance
Features consistent on all platforms HA Redundancy Enhancements
ODAP
3DES Encryption Support (h/w Static IPSec per 835B
required) Resource Revocation per 835C
Packet of Disconnect (PoD) per 835C Solution Notes:
Conditional Debugs for MoIP L2TPv3
VRF (overlapping IP addresses) MPLS
Hotlining MWAM – Sibyte with 1GHz Processor and
(rebuild) QoS 1G of memory
Solution Notes:
NOTE: Pricing Available SSHv2 NOTE: PRICING TBD.
WLAN Interworking
NOTE: Pricing Available
Sep Oct Nov Dec Jan Feb Mar Apr May Jun CQ03 CQ04 CQ01 CQ02 CQ03 CQ04
2002 2002 2002 2002 2003 2003 2003 2003 2003 2003 2003 2003 2004 2004 2004 2004
GA = Generally Available FCS = First Customer Ship EFT = Early Field Trials EC = Execute Committed CC = Concept Committed NC = Not Committed
Note: There is an associated cost for each release. Some features may have additional cost in addition to the base.
R1.2 HA Feature Highlights
HA Redundancy
HA Binding Update
Wireless LAN Interworking
Feature set is the same on 7206VXR and
6500/7600.
Home Agent Redundancy
HA 1
1.1.1.3
10.31.1.1
FA
1.1.1.7
HA 2
Mobility Binding Table:
MN COA
1.1.1.8 1.1.1.3 10.31.1.1
10.31.2.1
1.1.1.7 10.31.1.1
1.1.1.8 10.31.2.1
HSRP Group 1.1.1.5 10.31.3.1
Real HA 1
(MWAM)
HA SLB Standalone HA
PDSN/FA HA HSRP pair
On sup
Real HA replies
to MN
Real HA 2
(MWAM)
Hot Lining
• IP packet level re-direction supported in the
upstream path
• Supports IS-835C CoA messages to change user
session profiles at start of and in mid-session.
• Supports "web steering" statically configured by
realm and dynamically configured per user within the
realm.
Hot Lining
Mobile Node PDSN/FA Home Agent
Server 1
Home Agent
Corporate 1
Corporate 2
S2 VRF2
IPsec VPN
A VRF is associated with the following elements:
•IP routing table
•Derived forwarding table, based on the Cisco
Express Forwarding (CEF) technology Identification of “subscriber community”
•A set of interfaces that use the derived forwarding Can be downloaded from AAA
table • Criteria such as user-name, user-
•A set of routing protocols and routing peers that domain etc. may be used to identify
inject information into the VRF “subscriber community”
R1.2 HA Performance
HA xx13 HA
Users 7206 HA per Chassis
MWAM 10 MWAMs
Total Bindings 235K 1.175M 11.75M
Throughput - NDR
160 Mbps 2.5 Gbps 25 Gbps
(512 bytes/pkt)
xx13 PDSN
7’Rack
Chassis
2-7613 Chassis
10 MWAMs
Total
Bindings 11.75M 23.5M
Throughput 25 Gbps 50 Gbps
Feature Rich
• Highly Compliant to Specifications and Customer Requirements
• Value added service support such as VRF, Hot Lining, QoS
• Service enablement via Cisco Mobile Exchange Framework components
Fault Tolerance
• HA Redundancy, HA-SLB
• Geographic Resiliency
Product Maturity
• Real life deployment; deployed since 2001
Capacity and Performance Scalability
• Small to very large deployment options
Management
• Provisioning, Fault Mediation, Performance Mediation, Troubleshooting &
Security
Cisco 3200
Mobile Access Router
Product Overview
Agenda
More Specific
information at
www.PC104.org
Including definition of
our level of compliance
ISA Bus
Connector
104 pin, Stack
through, ISA Bus
Connector (no
Cables and key)
Connectors on I/O
No Cisco signals
side provided by SI over ISA Bus
Complete Solution Requires
Integration
Cisco 3200 Series MARC + FESMIC+SMIC
Aironet 350 Access Points
System
Integration
Mobile Access Router Card
(MARC)
MPC8250, running at 200MHz CPU core,
133MHz CPM core and 66MHz Motorola 60x
Bus.
32-bit PCI bus version 2.1 running at 25MHz,
connects to Cisco MICs.
128Mbyte 64 bit, Unbuffered, Synchronous
DRAM,
32Mbyte 16 bit of Flash memory,
Single 10/100 Fast Ethernet, full-duplex 100
Base-T, with auto negotiation.
Single Console, with modem flow control.
Single Asynchronous, RS-232 serial, for
GPS/AUX devices.
Integrated host-to-PCI bridge (PCI bus version
2.1), with built-in PCI arbiter that supports three
external bus masters/PCI agents.
Mobile Access Router Card
PCI Bus Connector
120 pin, stack
through, PCI BUS
Connector (no key)
ISA Bus
Connector
104 pin, Stack
through, ISA Bus
34 pin, locking header Connector (no
Aux key)
Console No Cisco signals
over ISA Bus
LED’s 10 pin, locking header, for
5V power MARC Fast Ethernet
Serial Mobile Interface Card
(Cisco3201SMIC)
PCI Bus ISA Bus
• Type of Mobile Interface Card (MIC)
• Typically used for a WAN (modem)
interface to a wireless / satellite network
• Asynch/Synch
Supports up to 2Mbps
• 4 Cisco 12-in-1 Serial Interfaces
• All existing 12-in-1 signals supported
• Signals thru 2 60-pin multifunction headers
• PCI Bus
• Up to 3 per stack
Set rotary switch to unique number
Rotary Switch
ISA Bus
LED Header PCI Bus
Presentation_ID © 2001, Cisco Systems, Inc. 111
Cisco 3200
Mobile Access Router
IOS Configuration
Agenda
Configuration Outline
Configuration Commands
Example Configurations
Troubleshooting
Reference:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/1
22tcr/122tip1r/p1ftmobi.htm
Configuring Mobile IP
An Outline
FA(config)#router mobile
FA(config)#ip mobile foreign-agent care-of Faste 0/0
FA(config)#ip mobile foreign-agent care-of Faste 0/1
FA(config)#interface Faste 0/0
FA(config-if)#ip mobile foreign-service
FA(config-if)#ip mobile registration-lifetime 65535
FA(config)#interface Faste 0/1
FA(config-if)#ip mobile foreign-service
Configure Mobile Access
Router
C3200_(config)# interface loopback number Configure loopback address
C3200_(config-if)# ip address <IP address Specifies IP address for loopback
subnet mask> interface
C3200_(config)# router mobile Enable Mobile IP on the router
C3200_(config-router)#ip mobile router Configure the mobile router
C3200_(mobile-router)# address IP address of mobile router (using
<IP address><SN mask> loopback address)
C3200_(mobile-router# home-agent Specify Home Agent and priority
<IP address> [priority priority]
C3200_(config)# ip mobile secure home-agent Set up authentication key
<IP add> spi spi key [ hex/ascii ] string
C3200_(config)# interface interface Configure roaming interface
C3200_(config-if)# ip mobile router-service roam [priority priority level ]
C3200_(config-if)# ip mobile router-service solicit [interval seconds] [retransmit
initital interval maximum interval retry number of retries ]
Configure Mobile Access
Router (example)
C3200_# interface loopback
C3200_(Interface)# ip address 10.0.11.77 255.255.255.252
C3200_# router mobile
C3200_# ip mobile router
C3200_# address 10.0.11.77 255.255.255.252
C3200_# home-agent 10.0.10.77
C3200_# ip mobile secure home-agent 10.0.10.77 spi 300 key hex
12345678123456781234567812345678
C3200_# interface Faste 0/0
C3200_(interface)# ip mobile router-service roam
C3200_(interface)# ip mobile router-service solicit
Configure HA Advertisements
(Optional)
HA(config)#interface name Interface providing the service
HA(config-if)#ip irdp Turn on the advertisements on the interface
HA(config-if)#ip irdp maxadvertinterval [4-1800]
HA(config-if)#ip irdp minadvertinterval [3-1800]
HA(config)#interface e5/0/2
HA(config-if)#ip irdp
HA(config-if)#ip irdp maxadvertinterval 10
HA(config-if)#ip irdp minadvertinterval 4
Configure FA Advertisements
(Optional)
FA(config)#interface name Interface providing the service
FA(config-if)#ip irdp Turn on the advertisements on the interface
FA(config-if)#ip irdp maxadvertinterval [4-1800]
FA(config-if)#ip irdp minadvertinterval [3-1800]
FA(config)#interface e3/1
FA(config-if)#ip irdp
FA(config-if)#ip irdp maxadvertinterval 10
FA(config-if)#ip irdp minadvertinterval 4
FA(config)#interface e3/2
FA(config-if)#ip irdp
Troubleshooting Mobile IP
Home Agent
Foreign Agent
Foreign_Agent_2_#
02:30:02: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2984, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:02: Care-of address: 10.10.10.97
02:30:05: MobileIP: Agent advertisement sent out FastEthernet0/1:
type=16, len=10, seq=2985, lifetime=36000, flags=0x1400(rbhFmGv-rsv-),
02:30:05: Care-of address: 10.10.10.97
Troubleshooting Mobile IP -
Outline
1.
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
SHOW IP MOBILE GLOBALS
DEBUG IP MOBILE ADVERTISEMENTS
4. What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
5. What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
DEBUG IP MOBILE
7. Who are router’s neighbors?
SHOW IP ROUTE
SHOW ARP
MR: Advertisements
MR#debug ip icmp
*Mar 1 04:09:27.938: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
*Mar 1 04:09:31.938: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
*Mar 1 04:09:34.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
*Mar 1 04:09:37.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
*Mar 1 04:09:39.934: ICMP: rdp advert rcvd type 9, code 0, from 10.10.10.97
Home_Agent_#
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D8742C end 7D87442
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87442 end 7D87442
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Identification field has timestamp 146 secs greater than our
current time 03/01/93 00:14:18 (> allowed 7 secs) for MN 10.4.1.1
00:14:18: %IPMOBILE-6-SECURE: Security violation on HA from MN 10.4.1.1 - errcod
e registration id mismatch (133), reason Bad identifier (3)
00:14:18: MobileIP: HA rejects registration for MN 10.4.1.1 - registration id mi
smatch (133)
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
Debugs on HA – Registration
Accepted
Home_Agent_# debug ip mobile
00:14:18: MobileIP: HA 114 received registration for MN 10.4.1.1 on FastEthernet
0/1 using COA 10.3.1.1 HA 10.1.4.1 lifetime 36000 options sbdmgvt
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D877EC end 7D87802
00:14:18: MobileIP: Skip2TLV look for type 32, addr start 7D87802 end 7D87802
00:14:18: MobileIP: MN 10.4.1.1 - authenticating MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: MN 10.4.1.1 - authenticated MN 10.4.1.1 using SPI 100
00:14:18: MobileIP: Mobility binding for MN 10.4.1.1 created
00:14:18: MobileIP: 15 ifs in use
00:14:18: MobileIP: Tunnel0 (IP/IP) created with src 10.1.4.1 dst 10.3.1.1
00:14:18: MobileIP: 16 ifs in use
00:14:18: MobileIP: Tunnel1 (IP/IP) created with src 10.1.4.1 dst 10.4.1.1
00:14:18: MobileIP: Roam timer started for MN 10.4.1.1, lifetime 36000
00:14:18: MobileIP: MN 10.4.1.1 is now roaming
00:14:18: MobileIP: Insert route 10.4.1.1/255.255.255.255 via gateway 10.3.1.1 on Tunnel0
00:14:18: MobileIP: Insert route 10.5.2.0/255.255.255.0 via gateway 10.4.1.1 on Tunnel1
00:14:18: MobileIP: HA accepts registration from MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - MH auth ext added (SPI 100) to MN 10.4.1.1
00:14:18: MobileIP: MN 10.4.1.1 - HA sent reply to 10.1.3.2
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
00:14:19: MobileIP: swif coming up Tunnel0
00:14:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
00:14:19: MobileIP: swif coming up Tunnel1
Home_Agent_#
Debugs on FA - Registration
FA#debug ip mobile
1d02h: MobileIP: FA received registration for MN 20.0.197.84 on Ethernet3/1 using COA 40.0.197.19 HA 20.0.197.82
lifetime 990 options sBdmgvt
1d02h: MobileIP: Ethernet3/1 glean 20.0.197.84 accepted
1d02h: MobileIP: FA queued MN 20.0.197.84 in register table
1d02h: MobileIP: Visitor registration timer started for MN 20.0.197.84, lifetime 15
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200210AC end 200210C2
1d02h: MobileIP: FA forwarded registration for MN 20.0.197.84 to HA 20.0.197.82
1d02h: MobileIP: FA received accept (0) reply for MN 20.0.197.84 on Ethernet3/5 using HA 20.0.197.82 lifetime 990
1d02h: MobileIP: Reply in for MN 20.0.197.84, accepted
1d02h: MobileIP: Update visitor table for MN 20.0.197.84
1d02h: MobileIP: Tunnel2 (IP/IP) created with src 40.0.197.19 dst 20.0.197.82
1d02h: MobileIP: ARP entry for MN 20.0.197.84 inserted
1d02h: MobileIP: Visitor timer started for MN 20.0.197.84, lifetime 990
1d02h: MobileIP: FA dequeued MN 20.0.197.84 from register table
1d02h: MobileIP: MN 20.0.197.84 visiting on Ethernet3/1
1d02h: MobileIP: Skip2TLV look for type 32, addr start 200215A8 end 200215BE
1d02h: MobileIP: FA forwarding reply to MN 20.0.197.84 using src 20.0.197.84 mac 0030.8538.1c90
1d02h: MobileIP: swif coming up Tunnel2
Debugs on MR - Registration
FA#debug ip mobile
*Mar 1 04:21:53.778: MobileIP: ParseRegExt type MHAE(32) addr 6002A08 end 6002A
1E
*Mar 1 04:21:53.778: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:53.778: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:53.782: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:53.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.762: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:57.782: MobileIP: ParseRegExt type MHAE(32) addr 61BF1A8 end 61BF1
BE
*Mar 1 04:21:57.782: MobileIP: ParseRegExt skipping 20 to next
*Mar 1 04:21:57.782: MobileIP: Authenticating HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Authentication algorithm MD5
*Mar 1 04:21:57.782: MobileIP: Authenticated HA 10.10.10.77 using SPI 3003
*Mar 1 04:21:57.782: MobileIP: Tunnel0 (IP/IP) created with src 110.10.11.217 d
st 10.10.10.77
*Mar 1 04:21:58.782: MobileIP: swif coming up Tunnel0
Troubleshooting Mobile IP -
1.
Outline
What is router’s configuration?
Verify Agent, Operation
Is it sending Advertisements?
SHOW IP MOBILE GLOBALS
DEBUG IP MOBILE ADVERTISEMENTS
4. What is Mobile Router seeing?
Is Wireless associated?
Is Mobile Router receiving Advertisements?
DEBUG IP ICMP
5. What is router doing?
Is Mobile Router trying to register?
Are FA and HA accepting registrations?
DEBUG IP MOBILE
7. Who are router’s neighbors?
SHOW IP ROUTE
SHOW ARP
HA Binding Table
ha_#show ip mobile binding ?
A.B.C.D IP address
home-agent Mobility bindings for specific home agent
summary Summary of binding table
| Output modifiers
<cr>
ha_#show ip mobile binding
Mobility Binding List:
Total 9
110.10.11.237:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.D8F21340
Tunnel2 src 10.10.10.77 dest 10.10.10.97 reverse-allowed
MR Tunnel1 src 10.10.10.77 dest 110.10.11.237 reverse-allowed mobile-network
110.10.11.237
Routing Options -
110.10.11.233:
Care-of Addr 10.10.10.97, Src Addr 10.10.10.70
Lifetime granted 10:00:00 (36000), remaining 06:59:10
Flags sbdmgvt, Identification AF3BF344.5F153F64
………… etc.
HA State – Routing Table
Home_Agent_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
M 110.10.11.0/24 is directly connected, Mobile0 Virtual Network
M 110.10.11.237/32 [3/1] via 10.10.10.97, 00:57:28, Tunnel2
M 110.10.11.245/32 [3/1] via 10.10.10.129, 03:01:54, Tunnel0
10.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
C 10.10.10.32/27 is directly connected, FastEthernet0/0
C 10.10.10.72/30 is directly connected, FastEthernet0/1
C 10.10.10.76/30 is directly connected, Loopback0
O IA 10.10.10.96/27 [110/11] via 10.10.10.36, 00:57:35, FastEthernet0/0
M 10.10.11.112/28 [3/1] via 110.10.11.237, 03:55:57, Tunnel1
O IA 10.10.10.128/27 [110/2] via 10.10.10.74, 00:57:35, FastEthernet0/1
M 10.10.11.144/28 [3/1] via 110.10.11.245, 03:55:57, Tunnel5
FA State – Visiting Mobile
Routers
Foreign_Agent_2_#show ip mobile visitor
Mobile Visitor List:
Total 5
110.10.11.229:
Interface FastEthernet0/1, MAC addr 0001.6441.87ba
IP src 110.10.11.229, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C1098.B402FE18
Lifetime 10:00:00 (36000) Remaining 08:56:25
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options -
110.10.11.245:
Interface FastEthernet0/1, MAC addr 0001.6441.87a2
IP src 110.10.11.245, dest 10.10.10.97, UDP src port 434
HA addr 10.10.10.77, Identification AF3C114E.911E78F8
Lifetime 10:00:00 (36000) Remaining 08:59:27
Tunnel0 src 10.10.10.97, dest 10.10.10.77, reverse-allowed
Routing Options -
……… etc.
Foreign Agent Routing Table
Foreign_Agent_2_#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
110.0.0.0/24 is subnetted, 1 subnets
O E2 110.10.11.0 [110/20] via 10.10.10.33, 00:58:44, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 14 subnets, 4 masks
C 10.10.10.32/27 is directly connected, FastEthernet0/0
O 10.10.10.72/30 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
O 10.10.10.77/32 [110/2] via 10.10.10.33, 00:58:44, FastEthernet0/0
C 10.10.10.96/27 is directly connected, FastEthernet0/1
O E2 10.10.11.112/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
O IA 10.10.10.128/27 [110/3] via 10.10.10.33, 00:58:47, FastEthernet0/0
O E2 10.10.11.144/28 [110/20] via 10.10.10.33, 00:58:47, FastEthernet0/0
Foreign_Agent_2_#
FA State – ARP Table
Foreign_Agent_2_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.73 8 000a.8a7d.0f41 ARPA FastEthernet0/0
Internet 10.10.10.129 - 000a.8a83.0d81 ARPA FastEthernet0/1
Internet 10.10.10.130 7 0040.9657.cc93 ARPA FastEthernet0/1
Internet 10.10.10.74 - 000a.8a83.0d80 ARPA FastEthernet0/0
Internet 110.10.11.237 2 00ff.ff40.00aa ARPA FastEthernet0/1
Foreign_Agent_2_#
What FA is MR Visiting? Part 1
mar_demo_1_#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.3.1.1 12 000a.8a83.0d81 ARPA Vlan1
Internet 10.5.2.1 - 00ff.ff40.00aa ARPA FastEthernet0/0
Internet 10.5.3.1 - 00ff.ff40.00ab ARPA Vlan1
Internet 10.5.3.2 137 0040.9657.2624 ARPA Vlan1
Internet 10.5.3.34 4 0010.a49f.57d9 ARPA Vlan1
mar_demo_1_#
What FA is MR Visiting? Part 2
mar_demo_1_#sh ip rout
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Home_Agent_#sh ip cache
IP routing cache 8 entries, 1324 bytes
92 adds, 84 invalidates, 0 refcounts
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last second, 0 in last 3 seconds
Last full cache invalidation occurred 05:41:46 ago
FA#debug tunnel
02:39:07: Tunnel0: to decaps IP/IP packet 20.0.197.82->40.0.197.19 (len=120, ttl=254)
02:39:07: Tunnel0: decapsulated IP/IP packet 20.0.1.50->20.0.197.84 (len=100 ttl=253)
Show IP Mobile Traffic (Home
Agent)
Home_Agent_#show ip mobile traffic
IP Mobility traffic:
Advertisements:
Solicitations received 0
Advertisements sent 0, response to solicitation 0
Home Agent Registrations:
Register 2622, Deregister 2 requests
Register 1302, Deregister 2 replied
Accepted 87, No simultaneous bindings 0
Denied 1215, Ignored 1322 , Dropped 0
Unspecified 1198, Unknown HA 0
Administrative prohibited 0, No resource 0
Authentication failed MN 0, FA 0, active HA 0
Bad identification 17, Bad request form 0
Unavailable encap 0, reverse tunnel 0
Binding updates received 0, sent 0 total 0 fail 0
Binding update acks received 0, sent 0
Binding info request received 0, sent 0 total 0 fail 0
Binding info reply received 0 drop 0, sent 0 total 0 fail 0
Binding info reply acks received 0 drop 0, sent 0
Gratuitous 0, Proxy 0 ARPs sent CONTINUED >>>
Show IP Mobile Traffic (Home
Agent) cont.
Home_Agent_#show ip mobile traffic
CONTINUED…..
Foreign Agent Registrations:
Request in 0,
Forwarded 0, Denied 0, Ignored 0
Unspecified 0, HA unreachable 0
Administrative prohibited 0, No resource 0
Bad lifetime 0, Bad request form 0
Unavailable encapsulation 0, Compression 0
Unavailable reverse tunnel 0
Replies in 0
Forwarded 0, Bad 0, Ignored 0
Authentication failed MN 0, HA 0
Home_Agent_#
Show IP Mobile Tunnels
Home_Agent_#show ip mob tunnel
Mobile Tunnels:
Tunnel1:
src 10.10.10.77, dest 110.10.11.237
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel2
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
10508 packets output, 1237820 bytes
Tunnel5:
src 10.10.10.77, dest 110.10.11.245
encap IP/IP, mode reverse-allowed, tunnel-users 1
IP MTU 1460 bytes
Path MTU Discovery, mtu: 0, ager: 10 mins, expires: never
outbound interface Tunnel0
HA created, fast switching enabled, ICMP unreachable enabled
0 packets input, 0 bytes, 0 drops
0 packets output, 0 bytes
Show IP Mobile Secure Hosts
Home_Agent_# show ip mob secure host
Security Associations (algorithm,mode,replay protection,key):
10.10.11.77:
SPI 300, MD5, Prefix-suffix, Timestamp +/- 7,
Key 12345678123456781234567812345678
110.10.11.213:
SPI 200, MD5, Prefix-suffix, Timestamp +/- 7,
Key 23456781234567812345678123456781
110.10.11.217:
SPI 3003, MD5, Prefix-suffix, Timestamp +/- 7,
Key 45678123456781234567812345678102
110.10.11.221:
SPI 4004, MD5, Prefix-suffix, Timestamp +/- 7,
Key 56781234567812345678123456781203
110.10.11.225:
SPI 5005, MD5, Prefix-suffix, Timestamp +/- 7,
Key 67812345678123456781234567812304
……. etc.
Show IP Mobile Host
HA#show ip mobile host 20.0.197.84
20.0.197.84:
Allowed lifetime INFINITE/default)
Roam status -Registered-, Home link on interface Ethernet5/0/2
Accepted 8, Last time 03/26/01 10:40:30
Overall service time 00:28:39
Denied 1, Last time 04/24/02 18:13:22
Last code 'registration id mismatch (133)'
Total violations 1
Tunnel to MN - pkts 1, bytes 100
Reverse tunnel from MN - pkts 0, bytes 0
Show IP Mobile Interface
Foreign_Agent_2_#sh ip mobile interface
IP Mobility interface information:
Interface FastEthernet0/1:
IRDP (includes agent advertisement) enabled
Prefix Length not advertised
Lifetime is 36000 seconds
Foreign Agent service provided
No registration required
Not busy
Home Agent access list:
Current number of visitors: 5
Foreign_Agent_2_#
Clear Commands
MobileIP: Skip2TLV look for type 32, addr start 61D8EBE4 end 61D8EBFA
MobileIP: Skip2TLV look for type 32, addr start 61D8EBFA end 61D8EBFA
Total violations 1
Mobile Hosts:
20.0.197.84:
Violations: 1, Last time: 02/11/02 10:49:11
SPI: 100, Identification: C0122026.6D841504
Error Code: MN failed authentication (131), Reason: Bad authenticator (2)
Timestamp Mismatch
MobileIP: HA 32 received registration for MN 20.0.197.84 on
Ethernet5/0/2 using COA 40.0.197.19 HA 20.0.197.82 lifetime
1000 options sBdmgvt
MobileIP: Skip2TLV look for type 32, addr start 616B4100 end
616B4116
MobileIP: Skip2TLV look for type 32, addr start 616B4116 end
616B4116
MobileIP: MN 20.0.197.84 - authenticating MN 20.0.197.84 using
SPI 100
MobileIP: MN 20.0.197.84 - authenticated MN 20.0.197.84 using
SPI 100
MobileIP: Identification field 2939948267 has timestamp
288712535 secs less than our current time 04/24/02 18:13:22
3228660802 (< allowed 7 secs) for MN 20.0.197.84
MobileIP: HA rejects registration for MN 20.0.197.84 - registration
id mismatch (133)
MobileIP: MN 20.0.197.84 - MH auth ext added (SPI 100) to MN
20.0.197.84
MobileIP: MN 20.0.197.84 - HA sent reply to 20.0.197.81
MN Not Configured