IP Mobility: Mobile Networks Configuration Guide, Cisco IOS Release 15M&T
Cisco Mobile Networks Priority HA Assignment
Downloads: This chapterpdf (PDF - 1.33MB) The complete bookPDF (PDF - 4.5MB) | The complete bookePub (ePub - 826.0KB) | Feedback

Cisco Mobile Networks Priority HA Assignment

Cisco Mobile Networks Priority HA Assignment

Before the introduction of the Cisco Mobile Networks--Priority HA Assignment feature, the mobile router preconfigured home agents (HAs) with different priorities, registering with only the highest priority home agent. However, a mobile router may roam to an area where registration with a closer home agent is more desirable. This feature allows a mobile router to register with the closer home agent using the combination of existing home agent priority configurations on the mobile router and care-of address access lists configured on the home agent.

Feature Specifications for the Cisco Mobile Networks-Priority HA Assignment Feature

Feature History

Release

Modification

12.2(15)T

This feature was introduced.

Supported Platforms

For information about platforms supported, refer to Cisco Feature Navigator.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About Cisco Mobile Networks Priority HA Assignment

Feature Design of Cisco Mobile Networks Priority HA Assignment

This feature changes the behavior of the HA priority configurations on the mobile router without adding any new commands. Each HA will have an access list containing all the foreign agent care-of addresses in its region. When a mobile router sends a registration request to the best HA, the HA will accept or deny the request depending on which care-of address is used in the registration request. If the HA denies the request because the care-of address is not in the access list of that particular HA, the mobile router will try to register with the next best HA, and so on. If HAs have the same priority, then the most recently configured HA takes precedence. If registration with even the lowest priority HA fails, the mobile router will wait for an advertisement and then try to register again starting with the highest priority HA. When the mobile router registers with a new HA, it will also attempt to deregister with the old HA using the old foreign agent care-of address.

Best HA Selection Process

If more than one HA is reachable from any care-of address that may be used by the mobile router, then the HAs need an access list (which is a foreign agent care-of address or collocated care-of address) configured to enforce the best HA selection process. This configuration enforces a region covered by a specific HA defined by the care-of addresses (configured as access lists) within the region. Registrations originating outside the region are administratively denied while registrations within the region are processed.

Benefits of Cisco Mobile Networks Priority HA Assignment

This feature allows a mobile router to register with a geographically closer HA, which improves latency on the network.

How to Configure Cisco Mobile Networks Priority HA Assignment

Configuring Care-of Address Access Lists on an HA

This task describes how to configure care-of address access lists on an HA.


Note


Without the distribute-list command configured, each HA will advertise a route to the same virtual network. This situation may cause routing conflicts and traffic destined to the home network of the mobile router to be dropped.

With the distribute-list command configured, you can suppress the advertisement of the virtual networks to the rest of the network. However, pings to the mobile router home address will fail but pings to an address with the mobile network served by the mobile router will succeed. Traffic destined to the mobile network would continue to reach the destination without problems.

If the home network consists of both mobile routers and mobile nodes, the distribute-list command will block only the addresses of the mobile routers and not the entire subnet.

Routes to the mobile router are not advertised when the mobile router is not registered. Pings to an address on the mobile network will return unreachable if the mobile router is not registered.

Mobile networks will only be advertised by one HA at a time as long as deregistration to the old HA is successful. After roaming to a new HA, pings to the mobile network may take some time depending on how fast the mobile network route is propagated throughout the network by the routing protocol.


SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip mobile home-agent care-of-access access-list

    4.    ip access-list standard access-list-name

    5.    permit coa-ip-address

    6.    permit mr-home-address

    7.    exit

    8.    router protocol

    9.    redistribute mobile subnets

    10.    distribute-list access-list out

    11.    exit

    12.    access-list access-list-number deny source

    13.    access-list access-list-number permit any

    14.    Repeat Steps 3 through 7 for each HA configured on the mobile router. Repeat Steps 8 through 13 for each HA if virtual networks are configured.


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip mobile home-agent care-of-access access-list


    Example:
    Router(config)# ip mobile home-agent care-of-access HA1-FA1
     

    Controls which care-of addresses in registration requests are permitted by the home agent.

    • By default, all care-of addresses are permitted. The access list can be a string or number from 1 to 99.
     
    Step 4 ip access-list standard access-list-name


    Example:
    Router(config)# ip access-list standard HA1-FA1
     

    Defines a standard access list and enters standard named access list configuration mode.

    • Use this command to configure access lists on each HA that is reachable by the mobile router.
     
    Step 5 permit coa-ip-address


    Example:
    Router(config-std-nacl)# permit 3.3.3.2
     

    Sets conditions for an access list.

    • The coa-ip-address can be a foreign agent care-of address or a collocated care-of address. This command informs the HA which care-of addresses can be accepted in a registration request.
     
    Step 6 permit mr-home-address


    Example:
    Router(config-std-nacl)# permit 5.5.5.3
     

    Sets conditions for an access list.

    • The mr-home-address is the home address for the mobile router. See the Troubleshooting Tips section below for an explanation as to why it is important to include the mobile router home address.
     
    Step 7 exit


    Example:
    Router(config-std-nacl)# exit
     

    Exits to global configuration mode.

     
    Step 8 router protocol


    Example:
    Router(config)# router ospf
     

    Configures a routing protocol.

     
    Step 9 redistribute mobile subnets


    Example:
    Router(config-router)# redistribute mobile subnets
     

    Enables redistribution of a virtual network into routing protocols.

     
    Step 10 distribute-list access-list out


    Example:
    Router(config-router)# distribute-list 1 out
     

    (Optional) Suppresses networks from being advertised in updates.

    • This command configured on each HA will prevent the advertisement of the virtual network for the mobile routers. See the "Restrictions" and Troubleshooting Tips sections for more information about using this command.
     
    Step 11 exit


    Example:
    Router(config-router)# exit
     

    Exits to global configuration mode.

     
    Step 12 access-list access-list-number deny source


    Example:
    Router(config)# access-list 1 deny 5.5.5.0
     

    Defines a standard IP access list.

    • Denies access if the conditions are matched.
    • In this example, the source value is the the virtual network configured on the HA. The distribute-list command in Step 10 prevents the advertisement of this virtual network.
     
    Step 13 access-list access-list-number permit any


    Example:
    Router(config)# access-list 1 permit any
     

    Defines a standard IP access list.

    • Permits access if the conditions are matched.
     
    Step 14 Repeat Steps 3 through 7 for each HA configured on the mobile router. Repeat Steps 8 through 13 for each HA if virtual networks are configured. 

    --

     

    Troubleshooting Tips

    Care-of Address List Operation

    Any time an HA has a care-of address access list configured, the access list should permit the mobile router home address (for deregistration) and the interesting list of care-of addresses (for registration).

    The care-of address lists are designed to allow registrations only of a select group of care-of addresses on an HA. For priority HA assignment to work, deregistrations need to be allowed as well. The deregistration is sent with the mobile router home address in the care-of address field of the deregistration. If the home address is not permitted, any deregistration will be dropped by the access list. Priority HA assignment does not work properly if the deregistrations are dropped.

    Virtual Network Advertisements

    In a network using mobile routers configured with priority HA assignment and multiple HAs, the HAs may be sharing routing information. If so, each HA will advertise a route to the same mobile virtual network through the redistribute mobile command. This situaton results in multiple routes to the same virtual network, which can cause routing conflicts and lost packets. The distribute-list command configured on each HA will prevent the advertisement of the virtual-network for the mobile routers. There is no dependency on registration for this to occur.

    Configuring HA Priorities on the Mobile Router

    This task describes how to configure HA priorities on the mobile router.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    ip mobile router

      4.    home-agent ip-address priority level

      5.    end

      6.    show ip mobile router


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 ip mobile router


      Example:
      Router(config)# ip mobile router
       

      Enables the mobile router and enters mobile router configuration mode.

       
      Step 4 home-agent ip-address priority level


      Example:
      Router(mobile-router)#
       
      home-agent 1.1.1.1 
      priority 101
       

      Specifies the home agent that the mobile router uses during registration.

      • The priority level prioritizes which home agent address is the best to use during registration. The range is from 0 to 255, where 0 denotes the lowest priority and 255 denotes the highest priority. The default is 100.
       
      Step 5 end


      Example:
      Router(mobile-router)# end
       

      Exits to privileged EXEC mode.

       
      Step 6 show ip mobile router


      Example:
      Router# show ip mobile router
       

      Displays configuration information and monitoring statistics about the mobile router.

      • This command displays the home agent that the mobile router is registered with. The qualifiers (best) (current) displayed after the home agent entry indicates that this home agent was chosen as the best home agent to register with.
       

      Examples

      This section provides the following output example for the show ip mobile router command:

      The following example shows that the mobile router is currently registered with the best home agent located at 200.200.200.1:

      Router# show ip mobile router
      Mobile Router 
        Enabled 01/01/02 10:01:34 
        Last redundancy state transition NEVER 
      Configuration:
        Home Address 5.5.5.3 Mask 255.255.255.0 
        Home Agent 200.200.200.1 Priority 102 (best) (current) 
              100.100.100.1 Priority 101 
        Registration lifetime 90 sec 
        Retransmit Init 1000, Max 5000 msec, Limit 3 
        Extend Expire 120, Retry 3, Interval 10 
      Monitor:
        Status -Registered- 
        Active foreign agent 3.3.3.2, Care-of 3.3.3.2 
        On interface Ethernet5/3 

      Configuration Examples for Cisco Mobile Networks Priority HA Assignment

      HA Priority Configuration Example

      In the following example, two home agents are configured with access lists that allow the mobile router to choose the best HA to register with:

      Home Agent1

      interface Loopback0 
       ip address 100.100.100.1 255.255.255.255 
      ! 
      interface Ethernet1 
       ip address 2.2.2.1 255.255.255.0 
      ! 
      router mobile 
      ! 
      router ospf 100 
       redistribute mobile subnets 
       network 2.0.0.0 0.255.255.255 area 0 
       network 100.100.100.0 0.255.255.255 area 0 
      ! Suppresses virtual network to be advertised in updates
       distribute-list 1 out 
      ! 
      ip mobile home-agent care-of-access HA1-FA1 
      ip mobile virtual-network 5.5.5.0 255.255.255.0 
      ip mobile host 5.5.5.3 virtual-network 5.5.5.0 255.255.255.0 lifetime 90 
      ip mobile mobile-networks 5.5.5.3 
       description Jet 
       network 6.6.6.0 255.255.255.0 
      ip mobile secure host 5.5.5.3 spi 100 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
      ! 
      ip access-list standard HA1-FA1 
      ! MR CCOA 
       permit 4.4.4.2 
      ! FA1 COA 
       permit 7.7.7.1 
      ! MR home address 
       permit 5.5.5.3 
      ! 
      ! Denies virtual network to 
      access-list 1 deny 5.5.5.0 0.0.0.255 
      access-list 1 permit any 

      Home Agent 2

      interface Loopback0 
       ip address 200.200.200.1 255.255.255.255 
      ! 
      interface Ethernet0 
       ip address 1.1.1.1 255.255.255.0 
      ! 
      router mobile 
      ! 
      router ospf 100 
       redistribute mobile subnets 
       network 1.0.0.0 0.255.255.255 area 0 
       network 200.200.200.0 0.255.255.255 area 0 
      ! Suppresses virtual network to be advertised in update
       distribute-list 1 out 
      ! 
      ip mobile home-agent care-of-access HA2-FA2 
      ip mobile virtual-network 5.5.5.0 255.255.255.0 
      ip mobile host 5.5.5.3 virtual-network 5.5.5.0 255.255.255.0 lifetime 90 
      ip mobile mobile-networks 5.5.5.3 
       description Jet 
       network 6.6.6.0 255.255.255.0 
      ip mobile secure host 5.5.5.3 spi 200 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
      ! 
      ip access-list standard HA2-FA2 
      ! FA COA 
       permit 3.3.3.2 
      ! MR home address 
       permit 5.5.5.3 
      ! 
      access-list 1 deny 5.5.5.0 0.0.0.255 
      access-list 1 permit any 

      Mobile Router

      interface Loopback0 
       ip address 5.5.5.3 255.255.255.255 
      ! 
      ! CCOA roaming interface registers with HA1 only 
      interface Ethernet5/1 
       ip address 4.4.4.3 255.255.255.0 
       ip mobile router-service roam priority 99 
       ip mobile router-service collocated gateway 4.4.4.2 
      ! 
      ! This roaming interface will use FA COA to register 
      interface Ethernet5/3 
       ip address 3.3.3.3 255.255.255.0 
       ip mobile router-service roam 
      ! 
      ! Mobile Network interface 
      interface Ethernet5/4 
       ip address 6.6.6.3 255.255.255.0 
      ! 
      router mobile 
      ! 
      ip mobile secure home-agent 100.100.100.1 spi 100 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
      ip mobile secure home-agent 200.200.200.1 spi 200 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
      ! 
      ip mobile router 
       address 5.5.5.3 255.255.255.0 
       home-agent 100.100.100.1 priority 101 
       home-agent 200.200.200.1 priority 102 
       register lifetime 90 

      Additional References

      For additional information related to the Cisco Mobile Networks--Priority HA Assignment feature, see to the following sections:

      Related Documents

      Related Topic

      Document Title

      Mobile IP configuration tasks

      "Configuring Mobile IP" chapter in the Cisco IOS IP Configuration Guide, Release 12.2

      Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples

      "Mobile IP Commands" chapter in theCisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 T

      Mobile IP commands related to Cisco mobile networks

      Cisco Mobile Networks feature document, Release 12.2(4)T and 12.2(13)T

      Access list commands

      "IP Services Commands" chapter in theCisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 T

      Standards

      Standards

      Title

      No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

      --

      MIBs

      MIBs

      MIBs Link

      No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

      To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

      http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

      RFCs

      RFCs

      Title

      No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

      --

      Technical Assistance

      Description

      Link

      Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

      http:/​/​www.cisco.com/​public/​support/​tac/​home.shtml

      Glossary

      care-of address --The termination point of the tunnel to a mobile node or mobile router. This can be a collocated care-of address, by which the mobile node or mobile router acquires a local address and detunnels its own packets, or a foreign agent care-of address, by which a foreign agent detunnels packets and forwards them to the mobile node or mobile router.

      home agent --A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding .

      foreign agent --A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.

      mobile network --A network that moves with the mobile router. A mobile network is a collection of hosts and routes that are fixed with respect to each other but are mobile, as a unit, with respect to the rest of the Internet.

      mobile router --A mobile node that is a router. It provides for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, or bicycle. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers.


      Note


      Refer to Internetworking Terms and Acronyms for terms not included in this glossary.