Cisco IOS Mobile Wireless Home Agent Configuration Guide, Release 12.4T
Home Agent Redundancy
Downloads: This chapterpdf (PDF - 192.0KB) The complete bookPDF (PDF - 2.17MB) | Feedback

Home Agent Redundancy

Table Of Contents

Home Agent Redundancy

Overview of Home Agent Redundancy

Geographical Redundancy

Redundancy with Radius Downloaded Pool Names

HSRP Groups

How HA Redundancy Works

Physical Network Support

Virtual Networks

Support for Discontinuous IP Address Pools for the Same Realm

Configuring HA Redundancy

Enabling Mobile IP

Enabling HSRP

Configuring HSRP Group Attributes

Enabling HA Redundancy for a Physical Network

Configuring Geographical Redundancy

Enabling HA Redundancy for a Virtual Network Using One Physical Network

Configuring HA Load Balancing

Home Agent Redundancy Configuration Examples


Home Agent Redundancy


This chapter discusses several concepts related to Home Agent Redundancy, how Home Agent redundancy works, and how to configure redundancy on the Cisco Mobile Wireless Home Agent.

This chapter includes the following sections:

Overview of Home Agent Redundancy

Geographical Redundancy

Redundancy with Radius Downloaded Pool Names

HSRP Groups

How HA Redundancy Works

Physical Network Support

Virtual Networks

Support for Discontinuous IP Address Pools for the Same Realm

Configuring HA Redundancy

Home Agent Redundancy Configuration Examples

Overview of Home Agent Redundancy

Cisco Home Agents can be configured to provide 1:1 redundancy. Two Home Agents are configured in hot-standby mode, based on Cisco Hot Standby Routing Protocol (HSRP in RFC 2281). This enables the active Home Agent to continually copy mobile session-related information to the standby Home Agent, and maintains synchronized state information at both Home Agents. In case an active Home Agent fails, the standby Home Agent takes over without service disruption.


Note NAI support in Mobile IP HA Redundancy feature provides capabilities specific to CDMA2000 for Home Agent redundancy. The CDMA2000 framework requires address assignment based on NAI, and support of multiple static IP addresses per user NAI.


The Home Agent Redundancy feature is supported for Static IP Address assignment and IP Address assignment by AAA. Starting in Release 2.0, the Home Agent Redundancy feature is supported for Dynamic IP Address assignment using local IP address pools and Dynamic IP Address assignment using Proxy DHCP.

When Home Agent Redundancy is configured with Dynamic IP Address assignment using Proxy DHCP, the DHCP information is not synced with the standby while the bindings are brought up, even though the bindings are synced to the standby HA. However, when the standby HA becomes active, a DHCP request for each existing binding is sent out to the DHCP server in order to update the DHCP related information on this Home Agent.

The following features are not supported with HA redundancy:

Hot-lining support on HA

ODAP/DHCP and local pool addressing schemes are not supported with peer-peer redundancy

During the Mobile IP registration process, an HA creates a mobility binding table that maps the home IP address of an MN to the current care-of address of the MN. If the HA fails, the mobility binding table is lost and all MNs registered with the HA lose connectivity. To reduce the impact of an HA failure, Cisco IOS software supports the HA redundancy feature.


Note On configurations based on Cisco 7600 series or Catalyst 6500 series platforms, the backup Home Agent image is configured on a different MWAM card from the primary.


The functionality of HA Redundancy runs on top of the Hot Standby Router Protocol (HSRP). HSRP is a protocol developed by Cisco that provides network redundancy in a way that ensures that user traffic immediately and transparently recovers from failures.

Geographical Redundancy

Home Agents in a redundant pair can be placed at geographically separate locations using a VPN solution (such as one based on MPLS) instead of a LAN/VLAN between Home Agent pairs. Such a deployment needs to implement correct routing logic in the network to route traffic to one of the Home Agents in the pair. If there is a network failure, both of the HAs could transition to HSRP active state. The Home Agent Redundancy feature recovers from this type of failure gracefully with minimal loss of bindings. The following scenario describes the failure recovery process:

1. HA1 (high priority) and HA2 (low priority) are deployed in redundant mode over a WAN link. HSRP is running between the home agents over the WAN link.

2. HA1 is active and HA2 is standby.

3. WAN connectivity to HA1 is lost due to a network fault, so the HSRP link between HA1 and HA2 is lost.

4. HA2 does not receive hello packets, and transitions to active. HA1 remains active as well, for the same reason (the box itself is functional). If this feature is enabled, both HA1 and HA2 lower their priority.

5. Mobile traffic and signaling messages are routed to HA2. HA2 updates its binding table accordingly, and if the feature is enabled, increases its priority back to the original value. But, the changed home agent state information on HA2 does not get synched to HA1 (which is unreachable).

6. Network fault is corrected, and hello packets are exchanged between HA1 and HA2.

7. Without this feature, HA1 remains active and HA2 moves to become standby, leading to loss of latest state information as created on HA2 at Step #5. If this feature is enabled, HA1 moves to become standby and HA2 remains active, and the latest information on HA2 gets synched to HA1. Once state information is replicated, HA1 moves back to its normal priority. This allows HA1 to become active and HA2 to become the standby.


As described above, the latest state information is maintained after network fault is corrected. To enable this feature, issue the following commands on the HA:

track tracking object id application home-agent

This command creates a tracking object to track the home-agent state.

standby track tracking object id decrement priority

This command enables lowering priority as required by step #4 in the above failure scenario.


Note If preemption is configured, the priority value should be greater than the difference in priorities of the active and standby Home Agents.


Redundancy with Radius Downloaded Pool Names

The Cisco Mobile Wireless Home Agent supports AAA downloadable pool names for address allocation. The radius pool-name attributes returned in an access accept for address allocation are "ip-pool" for dynamic address allocation, and "static-ip-pool" for static address authorization. The pool name returned in an access accept to the Home Agent will be synched to standby Home Agent during normal and bulk sync operation. This enables address allocation from the same pool on the standby Home Agent as well.

HSRP Groups

Before configuring HA Redundancy, you must understand the concept of HSRP groups.

An HSRP group is composed of two or more routers that share an IP address and a MAC (Layer 2) address, and act as a single virtual router. For example, your Mobile IP topology can include one active HA and one or more standby HAs that the rest of the topology view as a single virtual HA.

You must define certain HSRP group attributes on the interfaces of the HAs so that Mobile IP can implement the redundancy. You can use the groups to provide redundancy for MNs with a home link on either the interface of the group (a physical network) or on virtual networks. Virtual networks are logical circuits that are programmed and share a common physical infrastructure.

How HA Redundancy Works

The HA Redundancy feature enables you to configure an active HA and one or more standby HAs. The HAs in a redundancy group may be configured in an active HA-standby HA role if the HAs are supporting physical networks, or in a Peer HA-Peer HA role if they are supporting virtual networks.

In the first case, the active HA assumes the lead HA role, and synchronizes the standby HA. In the case of virtual network support, peer HAs share the lead HA role and "update" each other. The peer HA configuration allows for load balancing of the incoming RRQs, as either HA may receive RRQs. In either scenario, the HAs participating in the redundancy group should be configured similarly. The current support structure is 1 to1 to provide the maximum robustness and transparency in failover.

HA functionality is a service provided by the router and is not interface specific. Therefore, the HA and the MN must agree on which HA interface the MN should send its registration requests and, conversely, on which HA interface the HA should receive the registration requests. This agreement must factor in the following two scenarios:

An MN that has an HA interface (HA IP address) that is not on the same subnet as the MN.

An MN that requires the HA interface to be on the same subnet as the MN; that is, the HA and the MN must be on the same home network.

For MNs on physical networks, an active HA accepts registration requests from the MN and sends binding updates to the standby HA. This process keeps the mobility binding tables on the active and standby HAs synchronized.

For MNs on virtual networks, the active and standby HAs are peers—either HA can handle registration requests from the MN and update the mobility binding table on the peer HA.

When a standby HA comes up, it must request all mobility binding information from the active HA. The active HA responds by downloading the mobility binding table to the standby HA. The standby HA acknowledges that it has received the requested binding information. Figure 5-1 illustrates an active HA downloading the mobility bindings to a standby HA. A main concern in this stage of the process is which HA IP interface the standby HA should use to retrieve the appropriate mobility binding table, and on which interface of the standby HA the binding request should be sent.

Figure 5-1 Overview of HA Redundancy and Mobility Binding Process


Note The active HA-standby HA can also be in peer HA-peer HA configuration.


Physical Network Support

For MNs on physical networks, the HAs are configured in the active HA-standby HA configurations as shown in Figure 5-2 and Figure 5-3. The MNs that are supported on this physical network are configured with the HSRP virtual group address as the HA address. Hence, only the active HA can accept RRQs from the MN because it is the owner of the HSRP virtual group address. Upon receipt of an authenticated RRQ, the active HA sends a binding update to the standby HA.

HA Redundancy for physical networks can support multiple HAs in the redundancy group, although only one HA can be in active state, and only one HA can be in standby state. For example, consider the scenario in which there are four HAs in the redundancy group (that is, one active HA, one standby HA, and two HAs in listen state). If the active HA fails, the standby HA becomes the active HA, and the HA in listen state with higher priority becomes the standby HA.

Figure 5-2 Virtual Network Support Using One Physical Network (Peer HA-Peer HA)

Figure 5-3 Virtual Network Support Using Multiple Physical Networks (Peer HA-Peer HA)

Virtual Networks

Mobile IP calls for each MN are associated with the home network from which the MN's home IP address is allocated. It is often assumed that this should be a physical network, but there are many cases in deployment where it does not make sense to have each MN attached to a physical network. IOS Mobile IP supports the creation of a software interface called a virtual network. A virtual network is very similar to a loopback interface, but it is owned by the Mobile IP process. Using virtual networks saves Interface Descriptor Blocks (IDBs), and allows Mobile IP specific control over how packets are dropped. When using virtual networks the mobile node is always considered roaming, it can never be attached to its home network. In real world deployments, this can cause some semantic problems. For example in cellular deployment a user may be in their home calling area, but will be roaming from a Mobile IP perspective.

Virtual networks are configured and referenced by a network number and mask pair. It is also possible to associate the virtual network with a Home Agent address for redundancy purposes. Here is an example:

ip mobile virtual-network 10.0.0.0 255.255.2550.0 address 192.168.100.1
ip mobile host 10.0.0.1 10.0.0.254 virtual-network 10.0.0.0 255.255.255.0

Virtual network routes are owned by the Mobile IP routing process and therefore must be redistributed into other routing protocols in order to be propagated. Here is an example:

router rip
  redistribute mobile

Support for Discontinuous IP Address Pools for the Same Realm

This feature allows you to specify discontinuous IP address pools for the same realm so that mobiles with NAI can have home addresses assigned from a pool of discontiguous IP address ranges. This will allow the Home Agent to accept Mobiles belonging to multiple virtual networks for the same host group.

To enable this support, configure a local pool on the HA covering the IP address ranges for multiple virtual-networks, and specify one of the virtual-networks as the home network for the given realm.

Use the following configuration to allow the HA to accept MNs belonging to multiple virtual networks for the same host group.

ip local pool pool1 10.1.1.1 1.1.1.250
ip local pool pool1 10.1.2.1 1.1.2.250

ip mobile home-agent
ip mobile virtual-network 10.1.1.0 255.255.255.0
ip mobile virtual-network 10.1.2.0 255.255.255.0
ip mobile host nai @xyz.com address pool local pool1 virtual-network 10.1.1.0 
255.255.255.0 aaa lifetime 65535

In the above configuration, two virtual networks are configured and the local pool ("pool1") is configured to include the IP addresses for both the virtual networks. By specifying one of the virtual networks and the local pool name in the ip mobile host command, the HA accepts MNs belonging to both the networks for the same realm.

Configuring HA Redundancy

Home Agent Redundancy Tasks (Required for Mobile IP)

To configure your routers for Mobile IP HA redundancy, perform the required tasks described in the following sections:

Enabling Mobile IP (Required)

Enabling HSRP (Required)

Configuring HSRP Group Attributes

Enabling HA Redundancy for a Physical Network (Required)

Configuring Geographical Redundancy

Enabling HA Redundancy for a Virtual Network Using One Physical Network

Configuring HA Load Balancing

Enabling Mobile IP

To enable Mobile IP on the router, use the following command in global configuration mode:

 
Command
Purpose

Step 1 

Router(config)#router mobile

Enables Mobile IP on the router.

Enabling HSRP

To enable HSRP on an interface, use the following command in interface configuration mode:

 
Command
Purpose

Step 1 

Router(config-if)#standby [group-number] ip ip-address


Enables HSRP.

Configuring HSRP Group Attributes

To configure HSRP group attributes that affect how the local router participates in HSRP, use either of the following commands in interface configuration mode:

 
Command
Purpose

Step 1 

Router(config-if)#standby [group-number] priority

priority [preempt [delay [minimum | sync] delay]]

or


Router(config-if)#standby [group-number] [priority

priority] preempt [delay [minimum | sync]

delay]

Sets the Hot Standby priority used in choosing the active router. By default, the router that comes up later becomes standby. When one router is designated as an active HA, the priority is set highest in the HSRP group and the preemption is set. Configure the preempt delay min command so that all bindings will be downloaded to the router before it takes the active role. The router becomes active when all bindings are downloaded, or when the timer expires, whichever comes first.

Step 2 

Router(config-if)# standby group-number follow group-name


Specifies the number of the follow group and the name of the primary group to follow and share status.

We recommend that the specified group number is the same as the primary group number.

Enabling HA Redundancy for a Physical Network

To enable HA redundancy for a physical network, use following commands beginning in interface configuration mode:

 
Command
Purpose

Step 1 

Router(config-if)#standby [group-number] ip ip-address

Enables HSRP.

Step 2 

Router(config-if)# standby name hsrp-group-name

Sets the name of the standby group.

Step 3 

Router(config)#ip mobile home-agent redundancy hsrp-group-name

Configures the Home Agent for redundancy using the HSRP group name.

Step 4 

Router(config)#ip mobile secure home-agent address spi spi key hex string

Sets up the Home Agent security association between peer routers. If configured on the active HA, the IP address argument is that of the standby HA. If configured on the standby HA, the IP address address argument is that of the active router. Note that a security association needs to be set up between all HAs in the standby group.

Configuring Geographical Redundancy

To enable geographical redundancy on the Home Agent, perform the following tasks:

 
Command
Purpose

Step 1 

Router(config)# track tracking object id application home-agent

Creates a tracking object to track the home-agent state.

Step 2 

Router(config)# standby track tracking object id decrement priority

Enables HAs to lower their priority as required in a failure scenario.

Enabling HA Redundancy for a Virtual Network Using One Physical Network

To enable HA redundancy for a virtual network and a physical network, use the following commands beginning in interface configuration mode:

 
Command
Purpose

Step 1 

Router (config-if)# standby [group-number] ip ip-address

Enables HSRP.

Step 2 

Router(config)#ip mobile home-agent address address


or





Router(config)#ip mobile home-agent

Defines a global Home Agent address. In this configuration, the address is the HSRP group address. Enter this command if the mobile node and Home Agent are on different subnets.

or

Enables and controls Home Agent services to the router. Enter this command if the mobile node and Home Agent are on the same subnet.

Step 3 

Router(config)#ip mobile virtual-network net mask [address address]

Defines the virtual network. If the mobile node and Home Agent are on the same subnet, use the [address address] option.

Step 4 

Router(config)# ip mobile home-agent redundancy hsrp-group-name [[virtual-network] address address]

Configures the Home Agent for redundancy using the HSRP group to support virtual networks.

Step 5 

Router(config)# ip mobile secure home-agent address spi spi key hex string

Sets up the Home Agent security association between peer routers. If configured on the active HA, the IP address address argument is that of the standby HA. If configured on the standby HA, the IP address address argument is that of the active router. Note that a security association needs to be set up between all HAs in the standby group.

Configuring HA Load Balancing

To enable the HA Load Balancing feature, perform these tasks:

 
Command
Purpose

Step 1 

Router(config)# ip mobile home-agent dynamic-address ip address

Sets the Home Agent Address field in the Registration Response packet. The Home Agent Address field will be set to ip address.

Home Agent Redundancy Configuration Examples

Active-HA configuration


version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname mwt10-7206b
!
aaa new-model
!
aaa authentication ppp default local group radius
aaa authorization config-commands
aaa authorization ipmobile default group radius
aaa authorization network default group radius
aaa session-id common
!
ip subnet-zero
ip cef
!
interface Ethernet2/0
 description to PDSN/FA
 ip address 10.0.0.2 255.0.0.0
 no ip route-cache
 no ip mroute-cache
 duplex half
 standby ip 10.0.0.4
 standby priority 110
 standby preempt delay min 100
 standby name cisco
!
interface Ethernet2/2
 description to AAA
 ip address 172.16.1.8 255.255.0.0
 no ip route-cache
 no ip mroute-cache
 duplex half
!
router mobile
!
ip local pool ha-pool 10.0.0.1 10.0.0.255
ip classless
no ip http server
ip pim bidir-enable
ip mobile home-agent
ip mobile home-agent redundancy cisco
ip mobile host nai mwts-mip-np-user1@ispxyz.com static-address 40.0.0.1 interface 
Ethernet2/0 aaa
ip mobile secure home-agent 7.0.0.3 spi 100 key ascii redundancy algorithm md5 mode 
prefix-suffix
!
radius-server host 172.16.0.2 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key cisco
call rsvp-sync
!
mgcp profile default
!
dial-peer cor custom
!
gatekeeper
 shutdown
!
line con 0
line aux 0
line vty 0 4
!
end


Standby-HA configuration

~~~~~~~~~~~~~~~~~~~~
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname mwt10-7206b
!
aaa new-model
!
aaa authentication ppp default local group radius
aaa authorization config-commands
aaa authorization ipmobile default group radius
aaa authorization network default group radius
aaa session-id common
!
ip subnet-zero
ip cef
!
interface Ethernet2/0
 description to PDSN/FA
 ip address 10.0.0.3 255.0.0.0
 no ip route-cache
 no ip mroute-cache
 duplex half
 standby ip 10.0.0.4
 standby name cisco
!
interface Ethernet2/2
 description to AAA
 ip address 172.16.1.7 255.255.0.0
 no ip route-cache
 no ip mroute-cache
 duplex half
!
router mobile
!
ip local pool ha-pool 10.0.0.1 10.0.0.255
ip classless
no ip http server
ip pim bidir-enable
ip mobile home-agent
ip mobile home-agent redundancy cisco
ip mobile host nai mwts-mip-np-user1@ispxyz.com static-address 40.0.0.1 interface 
Ethernet2/0 aaa
ip mobile secure home-agent 10.0.0.2 spi 100 key ascii redundancy algorithm md5 mode 
prefix-suffix
!
radius-server host 172.16.0.2 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key cisco
call rsvp-sync
!
mgcp profile default
!
dial-peer cor custom
!
gatekeeper
 shutdown
!
line con 0
line aux 0
line vty 0 4
!
end