HA Overview

HA Overview
 
 
The Home Agent (HA) allows mobile nodes to be reached, or served, by their home network through its home address even when the mobile node is not attached to its home network. The HA performs this function through interaction with a Foreign Agent (FA) that the mobile node is communicating with using the Mobile IP (MIP) standard. Such transactions are performed through the use of virtual private networks that create MIP tunnels between the HA and FA.
 
When functioning as an HA, the system can either be located within the carrier’s 3G network or in an external enterprise or ISP network. Regardless, the FA terminates the mobile subscriber’s PPP session, and then routes data to and from the appropriate HA on behalf of the subscriber.
This chapter includes the following sections:
 
 
System Components
The following application and line cards are required to support CDMA2000 wireless data services on the system:
 
ASR 5000 Platform:
 
 
System Management Cards (SMCs): Provides full system control and management of all cards within the ASR 5000 platform. Up to two SMC can be installed; one active, one redundant.
Packet Processing Cards (PSC, PSC2, PPC): Within the ASR 5000 platform, packet processing cards provide high-speed, multi-threaded PPP processing capabilities to support HA services. Up to 14 packet processing cards can be installed, allowing for multiple active and/or redundant cards.
Switch Processor Input/Outputs (SPIO): Installed in the upper-rear chassis slots directly behind the SMCs, SPIOs provide connectivity for local and remote management, Central Office (CO) alarms. Up to two SPIOs can be installed; one active, one redundant.
Ethernet 10/100 and/or Ethernet 1000/Quad Ethernet 1000 Line Cards: Installed directly behind processing cards, these cards provide the RP, AAA, PDN, and Pi interfaces to elements in the data network. Up to 26 line cards should be installed for a fully loaded system with 13 active processing cards, 13 in the upper-rear slots and 13 in the lower-rear slots for redundancy. Redundant processing cards do no not require line cards.
Redundancy Crossbar Cards (RCCs): Installed in the lower-rear chassis slots directly behind the SMCs, RCCs utilize 5 Gbps serial links to ensure connectivity between Ethernet 10/100 or Ethernet 1000/Quad Ethernet 1000 line cards and every processing card in the system for redundancy. Two RCCs can be installed to provide redundancy for all line cards and processing cards.
Important: Additional information pertaining to each of the application and line cards required to support CDMA2000 wireless data services is located in the Product Overview Guide.
 
Supported Standards
 
The system supports the following industry standards for 1x/CDMA2000/EV-DO devices.
 
Requests for Comments (RFCs)
 
 
Network Deployment Configurations
This section provides examples of how the system can be deployed within a wireless carrier’s network. As noted previously in this chapter, the system can be deployed in standalone configurations, serving as a Home Agent (HA) and a Packet Data Serving Node/Foreign Agent (PDSN/FA), or in a combined PDSN/FA/HA configuration providing all services from a single chassis.
 
Standalone PDSN/FA and HA Deployments
 
The following figure depicts a sample network configuration wherein the HA and the PDSN/FA are separate systems.
PDSN/FA and HA Network Deployment Configuration Example
The HA allows mobile nodes to be reached, or served, by their home network through its home address even when the mobile node is not attached to its home network. The HA performs this function through interaction with an FA that the mobile node is communicating with using the Mobile IP protocol. Such transactions are performed through the use of virtual private networks that create Mobile IP tunnels between the HA and FA.
 
Interface Descriptions
 
This section describes the primary interfaces used in a CDMA2000 wireless data network deployment.
 
Pi Interfaces
 
The Pi interface provides connectivity between the HA and its corresponding FA. The Pi interface is used to establish a Mobile IP tunnels between the PDSN/FA and HA.
 
PDN Interfaces
 
PDN interface provide connectivity between the PDSN and/or HA to packet data networks such as the Internet or a corporate intranet.
 
AAA Interfaces
Using the LAN ports located on the Switch Processor I/O (SPIO) and Ethernet line cards, these interfaces carry AAA messages to and from RADIUS accounting and authentication servers. The SPIO supports RADIUS-capable management interfaces using either copper or fiber Ethernet connectivity through two auto-sensing 10/100/1000 Mbps Ethernet interfaces or two SFP optical gigabit Ethernet interfaces. User-based RADIUS messaging is transported using the Ethernet line cards.
 
While most carriers will configure separate AAA interfaces to allow for out-of-band RADIUS messaging for system administrative users and other operations personnel, it is possible to use a single AAA interface hosted on the Ethernet line cards to support a single RADIUS server that supports both management users and network users.
Important: Subscriber AAA interfaces should always be configured using Ethernet line card interfaces for the highest performance. The local context should not be used for service subscriber AAA functions.
 
Co-Located Deployments
An advantage of the system is its ability to support both high-density HA and PDSN/FA configurations within the same chassis. The economies of scale presented in this configuration example provide for both improved session handling and reduced cost in deploying a CDMA2000 data network.
The following figure depicts a sample co-located deployment.
Co-located PDSN/FA and HA Configuration Example.
It should be noted that all interfaces defined within the 3GPP2 standards for 1x deployments exist in this configuration as they are described in the two previous sections. This configuration can support communications to external, or standalone, HAs and/or PDSNs/FAs using all prescribed standards.
 
Mobile IP Tunneling Methods
Tunneling by itself is a technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within a packet, carried by the second network. Tunneling is also called encapsulation. Service providers typically use tunneling for two purposes; first, to transport otherwise un-routable packets across the IP network and second, to provide data separation for Virtual Private Networking (VPN) services. In Mobile IP, tunnels are used to transport data packets between the FA and HA.
The system supports the following tunneling protocols, as defined in the IS-835-A specification and the relevant Request For Comments (RFCs) for Mobile IP:
 
IP in IP tunnels
IP in IP tunnels basically encapsulate one IP packet within another using a simple encapsulation technique. To encapsulate an IP datagram using IP in IP encapsulation, an outer IP header is inserted before the datagram's existing IP header. Between them are other headers for the path, such as security headers specific to the tunnel configuration. Each header chains to the next using IP Protocol values. The outer IP header Source and Destination identify the “endpoints” of the tunnel. The inner IP header Source and Destination identify the original sender and recipient of the datagram, while the inner IP header is not changed by the encapsulator, except to decrement the TTL, and remains unchanged during its delivery to the tunnel exit point. No change to IP options in the inner header occurs during delivery of the encapsulated datagram through the tunnel. If needed, other protocol headers such as the IP Authentication header may be inserted between the outer IP header and the inner IP header.
The Mobile IP working group has specified the use of encapsulation as a way to deliver datagrams from an MN's HA to an FA, and conversely from an FA to an HA, that can deliver the data locally to the MN at its current location.
 
GRE tunnels
The Generic Routing Encapsulation (GRE) protocol performs encapsulation of IP packets for transport across disparate networks. One advantage of GRE over earlier tunneling protocols is that any transport protocol can be encapsulated in GRE. GRE is a simple, low overhead approach—the GRE protocol itself can be expressed in as few as eight octets as there is no authentication or tunnel configuration parameter negotiation. GRE is also known as IP Protocol 47.
Important: The chassis simultaneously supports GRE protocols with key in accordance with RFC-1701/RFC-2784 and “Legacy” GRE protocols without key in accordance to RFC-2002.
Another advantage of GRE tunneling over IP-in-IP tunneling is that GRE tunneling can be used even when conflicting addresses are in use across multiple contexts (for the tunneled data).
Communications between the FA and HA can be done in either the forward or reverse direction using the above protocols. Additionally, another method of routing information between the FA and various content servers used by the HA exists. This method is called Triangular Routing. Each of these methods is explained below.
 
Forward Tunneling
In the wireless IP world, forward tunneling is a tunnel that transports packets from the packet data network towards the MN. It starts at the HA and ends at the MN's care-of address. Tunnels can be as simple as IP-in-IP tunnels, GRE tunnels, or even IP Security (IPSec) tunnels with encryption. These tunnels can be started automatically, and are selected based on the subscriber's user profile.
 
 
Reverse Tunneling
A reverse tunnel starts at the MN's care-of address, which is the FA, and terminates at the HA.
When an MN arrives at a foreign network, it listens for agent advertisements and selects an FA that supports reverse tunnels. The MN requests this service when it registers through the selected FA. At this time, the MN may also specify a delivery technique such as Direct or the Encapsulating Delivery Style.
Using the Direct Delivery Style, which is the default mode for the system, the MN designates the FA as its default router and sends packets directly to the FA without encapsulation. The FA intercepts them, and tunnels them to the HA.
Using the Encapsulating Delivery Style, the MN encapsulates all its outgoing packets to the FA. The FA then de-encapsulates and re-tunnels them to the HA, using the FA's care-of address as the entry-point for this new tunnel.
Following are some of the advantages of reverse tunneling:
 
 
Triangular Routing
Triangular routing is the path followed by a packet from the MN to the Correspondent Node (CN) via the FA. In this routing scenario, the HA receives all the packets destined to the MN from the CN and redirects them to the MN's care-of-address by forward tunneling. In this case, the MN sends packets to the FA, which are transported using conventional IP routing methods.
 
A key advantage of triangular routing is that reverse tunneling is not required, eliminating the need to encapsulate and de-capsulate packets a second time during a Mobile IP session since only a forward tunnel exists between the HA and PDSN/FA.
A disadvantage of using triangular routing is that the HA is unaware of all user traffic for billing purposes. Also, both the HA and FA are required to be connected to a private network. This can be especially troublesome in large networks, serving numerous enterprise customers, as each FA would have to be connected to each private network.
The following figure shows an example of how triangular routing is performed.
Mobile IP, FA and HA Tunneling/Transport Methods.
 
How Mobile IP Works
As described earlier, Mobile IP uses three basic communications protocols; PPP, IP, and Tunneled IP in the form of IP-in-IP or GRE tunnels. The following figure depicts where each of these protocols are used in a basic Mobile IP call.
Mobile IP Protocol Usage.
As depicted above, PPP is used to establish a communications session between the MN and the FA. Once a PPP session is established, the MN can communicate with the HA, using the FA as a mediator or broker. Data transport between the FA and HA use tunneled IP, either IP-in-IP or GRE tunneling. Communication between the HA and End Host can be achieved using the Internet or a private IP network and can use any IP protocol.
The following figure provides a high-level view of the steps required to make a Mobile IP call that is initiated by the MN to a HA. The following table explains each step in detail. Users should keep in mind that steps in the call flow related to the Radio Access Node (RAN) functions are intended to show a high-level overview of radio communications iterations, and as such are outside the scope of packet-based communications presented here.
Mobile IP Call Flow
Mobile IP Call Flow Description
 
Understanding Mobile IP
Mobile IP provides a network-layer solution that allows Mobile Nodes (MNs, i.e. mobile phones, wireless PDAs, and other mobile devices) to receive routed IP packets from their home network while they are connected to any visitor network using their permanent or home IP address. Mobile IP allows mobility in a dynamic method that allows nodes to maintain ongoing communications while changing links as the user traverses the global Internet from various locations outside their home network.
In Mobile IP, the Mobile Node (MN) receives an IP address, either static or dynamic, called the “home address” assigned by its Home Agent (HA). A distinct advantage with Mobile IP is that MNs can hand off between different radio networks that are served by different PDSNs.
In this scenario, the Network Access Function (such as a PDSN) in the visitor network performs as a Foreign Agent (FA), establishing a virtual session with the MN's HA. Each time the MN registers with a different PDSN/FA, the FA assigns the MN a care-of-address. Packets are then encapsulated into IP tunnels and transported between FA, HA, and the MN.
 
Session Continuity Support for 3GPP2 and WiMAX Handoffs
HA provides this feature for seamless session mobility for WiMAX subscriber and other access technology subscribers as well. By implementation of this feature HA can be configured for:
 
The above configurations provide the session continuity capability that enables a dual mode device (a multi radio device) to continue its active data session as it changes its active network attachment from 3GPP2 to Wimax and vice versa with no perceived user impacts from a user experience perspective. This capability brings the following benefits:
 

Cisco Systems Inc.
Tel: 408-526-4000
Fax: 408-527-0883