Today's networking environment offers a mix of different access technologies: a Wi-Fi hotspot at the local coffee shop, a Global System for Mobile Communications (GSM) or Code Division Multiple Access (CDMA) cellular phone, a LAN connection at work, or a cable or DSL modem at home. Mobile IP delivers a way to transparently provide a constant connection as a user moves from one access network to the next with Cisco® Mobile Wireless Home Agent (MWHA) as the anchor point. Cisco MWHA is one of three components required for Mobile IP, the other two being the foreign agent and the mobile node.
HOME AGENT SERVER LOAD BALANCING
Home Agent Server Load Balancing (HA-SLB), a feature of Cisco MWHA, is built over the Server Load Balancing (SLB) feature of Cisco IOS
® Software. SLB allows users to represent a group of network servers (a server farm) as a single-server instance. It also allows network managers to balance the traffic to the servers and limit traffic to individual servers. The single-server instance is referred to as a virtual server, and the individual servers that it represents are referred to as real servers.
SLB can distribute the traffic to real servers through mechanisms like Round Robin. It can monitor the health of each real server using the Dynamic Feedback Protocol (DFP), choosing servers that are less loaded and bypassing servers that are malfunctioning.
The HA-SLB feature is available on Cisco Catalyst
® 6500 and Cisco 7600 Series platforms. This feature allows a set of real home agents, each running on the Cisco Multiprocessor WAN Application Module (MWAM), to be identified by a single virtual server IP address residing on the Cisco Catalyst 6500 Series and Cisco 7600 Series Supervisor Engine.
Packet data serving nodes (PDSNs), or foreign agents, send the initial registration request for a user to the virtual server IP address. HA-SLB running on the supervisor engine intercepts the packets and forwards the registration request (RRQ) to one of the real home agents.
Figure 1 depicts a possible HA-SLB deployment and Figure 2 shows the typical call flow involving a mobile node; a foreign agent; the authentication, authorization, and accounting (AAA) server, the Cisco MWHA load balancer (home agent load balancer); and the home agent. Figure 2 shows the movement of an initial mobile IP RRQ and the registration reply (RRP) generated by the home agent.
Network with HA-SLB
HA-SLB Call Flow
The sequence of events and message exchanges in the call flow of Figure 2 is as follows:
PDSN/foreign agent forwards a Mobile IP RRQ to a virtual server IP address (HA-SLB). The AAA server returns the home agent address to PDSN/foreign agent. The AAA server must be configured to return the HA-SLB virtual server IP address.
HA-SLB picks one of the real home agents from its server farm and delivers the RRQ to it.
The real home agent responds to the RRQ with a reply directly to the PDSN/foreign agent. HA-SLB does not intercept this packet. The real home agent creates binding and local tunnel endpoint.
The PDSN/foreign agent creates a visitor table entry and local tunnel endpoint. It sends and receives traffic through the tunnel directly from the real home agent.
The PDSN/foreign agent sends a Mobile IP RRQ with a lifetime of zero to the real home agent to close the binding. This packet is not sent to the virtual IP address (HA-SLB).
The real home agent sends the Mobile IP RRP to the PDSN/foreign agent. HA-SLB does not intercept this packet. The real home agent closes the binding.
RRQs destined to the HA-SLB virtual IP address are forwarded to the actual home agent using a Weighted Round Robin load-balancing algorithm. The SLB mechanism supports Dynamic Feedback Protocol (DFP), giving real servers the ability to communicate real server health to the load balancer, thereby adjusting the weight of the real server in the load-balancing algorithms.
Because the mobile node can send multiple RRQs before it hears an RRP from the home agent (this happens if the mobile node power cycles after sending an initial RRQ or is misconfigured to send multiple initial registrations, or if RRPs are dropped by the network), it is important to keep track of registrations coming from the same mobile node. This avoids the case where the same mobile node is registered more than once and thus wastes IP addresses and other resources. To solve this problem, HA-SLB parses the RRQ and creates a session object indexed by the node's network access identifier (NAI). This session object stores the real home agent IP address where the RRQ was forwarded. Subsequent registrations from the same mobile node are forwarded to this same home agent. The session object is stored for a configurable period of time (the default is 10 seconds). If HA-SLB does not see an RRQ from the mobile node within this period of time, the session object expires. If HA-SLB sees an RRQ, the session object's timer is reset.
A retry counter associated with each session object is incremented for each retransmitted RRQ seen by the load balancer. If the number of retries seen exceeds a given threshold, the session is reassigned to another real home agent and a connection failure is recorded for the original agent. Real servers are assumed to be down and no more RRQs are redirected to them when connection failures exceed a threshold. HA-SLB resumes directing sessions to that real server either after a configurable time interval or after the server sends a DFP message to HA-SLB.
HOME AGENT REDUNDANCY
Cisco MWHA offers additional built-in redundancy. Because the home agent specification has no keepalive mechanism between the home agent and registered mobile nodes, the failure of a home agent could interrupt data flow to the mobile node. If a home agent fails, the mobile node has no way of knowing whether there is simply no traffic destined for it, the home agent has failed, or the binding table is lost. To avoid this situation, Cisco IOS Software implements home agent redundancy through Cisco Hot Standby Router Protocol (HSRP). This feature allows for home agents to back one another up in the event of a failure. The active home agent sends binding updates to the backup home agent every time a new registration is entered into the binding table, which keeps the binding tables synchronized. If a new home agent boots up on the LAN, it can have the entire binding table loaded into its memory and be ready in the event of a network failure (Figure 3).
HSRP Group for Home Agents
The home agent redundancy feature has several benefits:
• Based on the Cisco IOS Software HSRP feature
• Facilitates backup in the case of a failure
• Keeps mobility bindings synchronized by being replicated on the standby home agent
• Balances loads
Generic Call Flow
Cisco MWHA home agents can be configured to provide 1:1 redundancy. Two home agents are configured in hot-standby mode sharing a virtual IP address. This allows the active agent to continually copy mobile session information to the standby agent, thereby synchronizing their state information. If the active agent fails, the standby agent takes over without service disruption (Figure 4).
HSRP Group Flow Mechanism for Home Agent
The sequence of events in Figure 4 is as follows:
Mobile node discovers a foreign agent and they agree on services.
Mobile node obtains care-of address (COA).
Mobile node registers with active home agent.
Active home agent duplicates each mobility binding to the standby home agent.
Mobile node connects to a destination IP host (corresponding node).
Corresponding node sends packets to mobile node.
Home agent (active or standby) tunnels packets from corresponding node to mobile node.
A Layer 3 tunnel may be set up using generic routing encapsulation (GRE) or IP-in-IP tunneling. Foreign agent forwards packets from mobile node to corresponding node.
During the Mobile IP registration process, a home agent creates a mobility-binding table that maps the home IP address of a mobile node to the current care-of address of the mobile node. If the home agent fails, the mobility-binding table is lost and all mobile nodes registered with the agent lose their connectivity. To reduce the impact of a home agent failure, Cisco IOS Software supports the home agent redundancy feature.
Home agent redundancy runs on top of HSRP, a protocol developed by Cisco Systems
® that provides network redundancy to help ensure that user traffic immediately and transparently recovers from failures. An HSRP group (see Figure 4) is composed of two or more routers that share an IP address and act as a single virtual router. A home agent within an HSRP group is referred as an agent. The standby agent is installed on the same LAN and with the same configuration as the primary (active) home agent. Agents share a common group IP address, which is used by mobile nodes to send RRQ messages. Agents advertise their respective states and configured priority.
The main rules of this mechanism are as follows:
• Initialization phase of standby home agent:
– New home agent identifies any existing home agent (active) on same LAN.
– Requests and downloads complete and current binding table from active home agent.
• When mobile node registers, using common group address:
– Active home agent updates standby home agent synchronizing binding table at standby home agent.
• Both home agents share a secret key for secure communication.
• If active home agent fails, standby agent detects failure and takes over the position of active home agent.
• For corresponding nodes on the network, this change in home agent's state is transparent as RRQs are sent to a common group address.
• All the control and data traffic of mobile nodes is managed by the new active home agent.
The state of an agent is determined by keepalive advertisement:
• Control messaging between agents is built on HSRP
• Each agent sends periodic HSRP advertisements with:
– IP address of interface offering HSRP service
– State of interface (Init/Speak/Listen/Standby/Active)
– IP address of HSRP group
– Configured priority on the agents
The agent's state is decided by the information exchanged in HSRP messages. Table 1 lists the different possible states.
Table 1. Home Agent Interface States
Agent with highest priority on home agent LAN and open HSRP interface. Bindings in sync.
Agent with second highest priority on home agent LAN and open HSRP interface. Bindings in sync.
HSRP interface is closed. Agent is not part of redundancy group. Bindings out of sync.
HSRP interface is changed from CLOSE to OPEN. Agent's state is between INIT and ACTIVE/STANDBY.
The binding record database information is updated, downloaded, and synchronized by using the following messages:
• Binding Update
• Binding Update Acknowledgment
• Binding Information Request
• Binding Information Reply
• Binding Information Reply Acknowledgment
Each message is protected by Home Agent Authentication Extension (HHAE). See Figure 5.
Example of Binding Record Synchronization
Part (a) of Figure 5 shows an update of the standby home agent with changes in the binding table:
• Possible reasons:
– Mobile node registered for first time.
– Mobile node reregistered.
– Mobile node unregistered.
– Active home agent sends BindInfoUpdate message.
– Standby home agent acknowledges with BindUpdateAck message.
Part (b) shows a new home agent downloading a complete and current binding table:
• Possible reasons:
– Initialization of new home agent.
– Manual synchronization on one home agent.
– New (standby) home agent requests download with BindInfoRequest message.
– Active home agent transfers complete binding table with BindInfoReply message.
– Standby home agent acknowledges the download with BindInfoAck message.
Cisco Home Agent load-balancing features further enhance the dynamic home agent address assignment that makes Mobile IP work. Intelligent processing of access requests allows virtual server IP addresses to be assigned according to geographical location. Use of home agent redundancy through HSRP, in combination with HA-SLB, helps ensure a mobile network's geographical availability, resiliency, and local redundancy.
With home agent redundancy, mobile nodes do not need to have a specific home agent address. Real home agents, locally grouped or distributed across a WAN behind the load-balancing function, can behave as part of a server farm that can grow transparently when a network operator adds more capacity and can minimize provisioning impact on the Mobile IP network.