Mobile IP is part of both IPv4 and IPv6 standards. Mobile IP allows a host device to be identified by a single IP address even though the device may move its physical point of attachment from one network to another. Regardless of movement between different networks, connectivity at the different points is achieved seamlessly without user intervention. Roaming from a wired network to a wireless or wide-area network is also done with ease. Mobile IP provides ubiquitous connectivity for users, whether they are within their enterprise networks or away from home.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see
Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About IPv6 ACL Extensions for Mobile IPv6
Mobile IPv4 provides an IPv4 node with the ability to retain the same IPv4 address and maintain uninterrupted network and application connectivity while traveling across networks. In Mobile IPv6, the IPv6 address space enables Mobile IP deployment in any kind of large environment. No foreign agent is needed to use Mobile IPv6.
System infrastructures do not need an upgrade to accept Mobile IPv6 nodes. IPv6 autoconfiguration simplifies mobile node (MN) Care of Address (CoA) assignment.
Mobile IPv6 benefits from the IPv6 protocol itself; for example, Mobile IPv6 uses IPv6 option headers (routing, destination, and mobility) and benefits from the use of neighbor discovery.
Mobile IPv6 provides optimized routing, which helps avoid triangular routing. Mobile IPv6 nodes work transparently even with nodes that do not support mobility (although these nodes do not have route optimization).
Mobile IPv6 is fully backward-compatible with existing IPv6 specifications. Therefore, any existing host that does not understand the new mobile messages will send an error message, and communications with the mobile node will be able to continue, albeit without the direct routing optimization.
How Mobile IPv6 Works
To implement Mobile IPv6, you need a home agent on the home subnet on which the mobile node’s home address resides. The IPv6 home address (HA) is assigned to the mobile node. The mobile node obtains a new IPv6 address (the CoA) on networks to which it connects. The home agent accepts BUs from the mobile node informing the agent of the mobile node’s location. The home agent then acts as proxy for the mobile node, intercepting traffic to the mobile node’s home address and tunneling it to the mobile node.
The mobile node informs a home agent on its original home network about its new address, and the correspondent node communicates with the mobile node about the CoA. Because of the use of ingress filtering, the mobile node reverses tunnel return traffic to the home agent, so that the mobile node source address (that is, its home address) will always be topographically correct.
Mobile IPv6 is the ability of a mobile node to bypass the home agent when sending IP packets to a correspondent node. Optional extensions make direct routing possible in Mobile IPv6, though the extensions might not be implemented in all deployments of Mobile IPv6.
Direct routing is built into Mobile IPv6, and the direct routing function uses the IPv6 routing header and the IPv6 destination options header. The routing header is used for sending packets to the mobile node using its current CoA, and the new home address destination option is used to include the mobile node’s home address, because the current CoA is the source address of the packet.
Packet Headers in Mobile IPv6
The basic IPv6 packet header has 8 fields with a total size of 40 octets (320 bits). Fields were removed from the IPv6 header compared with the IPv4 header because, in IPv6, fragmentation is not handled by routers and checksums at the network layer are not used. Instead, fragmentation in IPv6 is handled by the source of a packet and checksums at the data link layer and transport layer are used. Additionally, the basic IPv6 packet header and options field are aligned to 64 bits, which can facilitate the processing of IPv6 packets.
Mobile IPv6 uses the routing and destination option headers for communications between the mobile node and the correspondent node. The new mobility option header is used only for the BU process.
Several ICMP message types have been defined to support Mobile IPv6. IPv6 access lists can be configured to allow IPv6 access list entries matching Mobile-IPv6-specific ICMP messages to be configured and to allow the definition of entries to match packets containing Mobile IPv6 extension headers.
For further information on IPv6 packet headers, refer to the "Implementing IPv6 Addressing and Basic Connectivity" module.
How to Configure IPv6 ACL Extensions for Mobile IPv6
Displays local and discovered neighboring home agents.
Filtering Mobile IPv6 Protocol Headers and Options
IPv6 extension headers have been developed to support the use of option headers specific to Mobile IPv6. The IPv6 mobility header, the type 2 routing header, and the destination option header allow the configuration of IPv6 access list entries that match Mobile-IPv6-specific ICMPv6 messages and allow the definition of entries to match packets that contain the new and modified IPv6 extension headers. For more information on how to create, configure, and apply IPv6 access lists, refer to the
implementing Traffic Filters and Firewalls for IPv6 Security
Router(config-ipv6-acl)# permit icmp host 2001:DB8:0:4::32 any routing-type 2
Router(config-ipv6-acl)# deny icmp host 2001:DB8:0:4::32 any routing-type 2
Specifies permit or deny conditions for Mobile-IPv6-specific option headers in an IPv6 access list.
argument can be (but is not limited to) one of the following Mobile-IPv6-specific options:
dhaad-request—numeric value is 144
dhaad-reply—numeric value is 145
mpd-solicitation—numeric value is 146
mpd-advertisement—numeric value is 147
When the dest-option-type keyword with the doh-number or doh-type argument is used, IPv6 packets are matched against the destination option extension header within each IPv6 packet header.
When the mobility keyword is used, IPv6 packets are matched against the mobility extension header within each IPv6 packet header.
When the mobility-type keyword with the mh-number or mh-type argument is used, IPv6 packets are matched against the mobility-type option extension header within each IPv6 packet header.
When therouting-type keyword and routing-number argument are used, IPv6 packets are matched against the routing-type option extension header within each IPv6 packet header.
Controlling ICMP Unreachable Messages
When IPv6 is unable to route a packet, it generates an appropriate ICMP unreachable message directed toward the source of the packet. Perform this task to control ICMP unreachable messages for any packets arriving on a specified interface.
Command or Action
Enables privileged EXEC mode.
Enter your password if prompted.
Router# configure terminal
Enters global configuration mode.
Router(config)# interface ethernet 0/0
Specifies the interface type and number, and enters interface configuration mode.
Router(config-if)# ipv6 unreachables
Enables the generation of ICMPv6 unreachable messages for any packets arriving on the specified interface.
Configuration Examples for IPv6 ACL Extensions for Mobile IPv6
Example: Viewing IPv6 Mobile Information on an Interface
Device(config-if)# ipv6 nd ra-interval 100 60
Subsequent use of the show ipv6 interface then displays the interval as follows:
Router(config)# show ipv6 interface ethernet 1/0
Ethernet1/0 is administratively down, line protocol is down
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5A01 [TEN]
No Virtual link-local address(es):
No global unicast address is configured
Joined group address(es):
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 60 to 100 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for IPv6 ACL Extensions for Mobile IPv6
The following table
provides release information about the feature or features described in this
module. This table lists only the software release that introduced support for
a given feature in a given software release train. Unless noted otherwise,
subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform
support and Cisco software image support. To access Cisco Feature Navigator, go
An account on Cisco.com is not required.
Table 1 Feature Information for IPv6 ACL Extensions for Mobile IPv6
IPv6 ACL Extensions for Mobile IPv6
IPv6 access lists can be configured to allow IPv6 access list entries matching Mobile-IPv6-specific ICMP messages to be configured and to allow the definition of entries to match packets containing Mobile IPv6 extension headers.
The following commands were introduced or modified: