Overview
IMPORTANT:
Proxy Mobile IP in 3GPP2 Service
Proxy Mobile IP in 3GPP Service
Proxy Mobile IP in WiMAX Service
How Proxy Mobile IP Works in 3GPP2 Network
Scenario 1: AAA server and PDSN/FA Allocate IP Address
Step | Description |
---|---|
1
|
Mobile Node (MN) secures
a traffic channel over the airlink with the RAN through the BSC/PCF.
|
2
|
The PCF and PDSN/FA
establish the R-P interface for the session.
|
3
|
The PDSN/FA
and MN negotiate Link Control Protocol (LCP).
|
4
|
Upon successful LCP
negotiation, the MN sends a PPP Authentication Request message to
the PDSN/FA.
|
5
|
The PDSN/FA
sends an Access Request message to the RADIUS AAA server.
|
6
|
The RADIUS AAA server
successfully authenticates the subscriber and returns an Access
Accept message to the PDSN/FA. The Accept message may contain
various attributes to be assigned to the MN including the MN’s
Home Address (IP address) and the IP address of the HA to use.
|
7
|
The PDSN/FA
sends a PPP Authentication Response message to the MN.
|
8
|
The MN sends an Internet
Protocol Control Protocol (IPCP) Configuration Request message to
the PDSN/FA with an MN address of 0.0.0.0.
|
9
|
The PDSN/FA
forwards a Proxy Mobile IP Registration Request message to the HA.
The message includes fields such as the MN’s home address,
the IP address of the FA (the care-of-address), and the FA-HA extension (security
parameter index (SPI)).
|
10
|
While the FA is communicating
with the HA, the MN may send additional IPCP Configuration Request messages.
|
11
|
The HA responds with
a Proxy Mobile IP Registration Response after validating the home
address against it’s pool. The HA also creates a mobile
binding record (MBR) for the subscriber session.
|
12
|
The MN and the PDSN/FA
negotiate IPCP. The result is that the MN is assigned the home address
originally specified by the AAA server.
|
13
|
While the MN and PDSN/FA
are negotiating IPCP, the HA and AAA server initiate accounting.
|
14
|
Upon completion of
the IPCP negotiation, the PDSN/FA and AAA server initiate
accounting fully establishing the session allowing the MN to send/receive
data to/from the PDN.
|
15
|
Upon completion of
the session, the MN sends an LCP Terminate Request message to the
PDSN to end the PPP session.
|
16
|
The PDSN/FA
sends a Proxy Mobile IP De-registration Request message to the HA.
|
17
|
The PDSN/FA
send an LCP Terminate Acknowledge message to the MN ending the PPP
session.
|
18
|
The HA sends a Proxy
Mobile IP De-Registration Response message to the FA terminating
the Pi interface
|
19
|
The PDSN/FA
and the PCF terminate the R-P session.
|
20
|
The HA and the AAA
server stop accounting for the session.
|
21
|
The PDSN and the AAA
server stop accounting for the session.
|
Scenario 2: HA Allocates IP Address
Step | Description |
---|---|
1
|
Mobile Node (MN) secures
a traffic channel over the airlink with the RAN through the BSC/PCF.
|
2
|
The PCF and PDSN/FA
establish the R-P interface for the session.
|
3
|
The PDSN/FA
and MN negotiate Link Control Protocol (LCP).
|
4
|
Upon successful LCP
negotiation, the MN sends a PPP Authentication Request message to
the PDSN/FA.
|
5
|
The PDSN/FA
sends an Access Request message to the RADIUS AAA server.
|
6
|
The RADIUS AAA server
successfully authenticates the subscriber and returns an Access
Accept message to the PDSN/FA. The Accept message may contain
various attributes to be assigned to the MN including the IP address
of the HA to use.
|
7
|
The PDSN/FA
sends a PPP Authentication Response message to the MN.
|
8
|
The MN sends an Internet
Protocol Control Protocol (IPCP) Configuration Request message to
the PDSN/FA with an MN address of 0.0.0.0.
|
9
|
The PDSN/FA
forwards a Proxy Mobile IP Registration Request message to the HA.
The message includes fields such as a Home Address indicator of
0.0.0.0, the IP address of the FA (the care-of-address), the IP
address of the FA (the care-of-address), and the FA-HA extension
(security parameter index (SPI)).
|
10
|
While the FA is communicating
with the HA, the MN may send additional IPCP Configuration Request messages.
|
11
|
The HA responds with
a Proxy Mobile IP Registration Response. The response includes an
IP address from one of its locally configured pools to assign to
the MN (its Home Address). The HA also creates a mobile binding record
(MBR) for the subscriber session.
|
12
|
The MN and the PDSN/FA
negotiate IPCP. The result is that the MN is assigned the home address
originally specified by the AAA server.
|
13
|
While the MN and PDSN/FA
are negotiating IPCP, the HA and AAA server initiate accounting.
|
14
|
Upon completion of
the IPCP negotiation, the PDSN/FA and AAA server initiate
accounting fully establishing the session allowing the MN to send/receive
data to/from the PDN.
|
15
|
Upon completion of
the session, the MN sends an LCP Terminate Request message to the
PDSN to end the PPP session.
|
16
|
The PDSN/FA
sends a Proxy Mobile IP De-registration Request message to the HA.
|
17
|
The PDSN/FA
send an LCP Terminate Acknowledge message to the MN ending the PPP
session.
|
18
|
The HA sends a Proxy
Mobile IP De-Registration Response message to the FA terminating
the Pi interface
|
19
|
The PDSN/FA
and the PCF terminate the R-P session.
|
20
|
The HA and the AAA
server stop accounting for the session.
|
21
|
The PDSN and the AAA
server stop accounting for the session.
|
Step | Description |
---|---|
1
|
The mobile station
(MS) goes through the process of attaching itself to the GPRS/UMTS
network.
|
2
|
The terminal equipment
(TE) aspect of the MS sends AT commands to the mobile terminal (MT)
aspect of the MS to place it into PPP mode.
The Link Control Protocol
(LCP is then used to configure the Maximum-Receive Unit size and
the authentication protocol (Challenge-Handshake Authentication
Protocol (CHAP), Password Authentication Protocol (PAP), or none).
If CHAP or PAP is used, the TE will authenticate itself to the MT,
which, in turn, stores the authentication information.
Upon successful authentication,
the TE sends an Internet Protocol Control Protocol (IPCP) Configure-Request
message to the MT. The message will either contain a static IP address
to use or request that one be dynamically assigned.
|
3
|
The MS sends an Activate
PDP Context Request message that is received by an SGSN. The message contains
information about the subscriber such as the Network layer Service
Access Point Identifier (NSAPI), PDP Type, PDP Address, Access Point
Name (APN), quality of service (QoS) requested, and PDP configuration options.
|
4
|
The SGSN authenticates
the request message and sends a Create PDP Context Request message
to a GGSN using the GPRS Tunneling Protocol (GTPC, “C” indicates
the control signalling aspect of the protocol). The recipient GGSN
is selected based on either the request of the MS or is automatically
selected by the SGSN. The message consists of various information
elements including: PDP Type, PDP Address, APN, charging characteristics,
and tunnel endpoint identifier (TEID, if the PDP Address was static).
|
5
|
The GGSN determines
if it can facilitate the session (in terms of memory or CPU resources,
configuration, etc.) and creates a new entry in its PDP context
list and provides a Charging ID for the session.
From the APN specified
in the message, the GGSN determines whether or not the subscriber
is to be authenticated, if Proxy Mobile IP is to be supported for
the subscriber, and if so, the IP address of the HA to contact.
Note that Proxy Mobile
IP support can also be determined by attributes in the user’s
profile. Attributes in the user’s profile supersede APN
settings.
If authentication is
required, the GGSN attempts to authenticate the subscriber locally
against profiles stored in memory or send a RADIUS Access-Request
message to a AAA server.
|
6
|
If the GGSN authenticated
the subscriber to a AAA server, the AAA server responds with a RADIUS Access-Accept
message indicating successful authentication and any attributes
for handling the subscriber PDP context.
|
7
|
If Proxy Mobile IP
support was either enabled in the APN or in the subscriber’s
profile, the GGSN/FA forwards a Proxy Mobile IP Registration
Request message to the specified HA. The message includes such things as
the MS’s home address, the IP address of the FA (the care-of-address),
and the FA-HA extension (security parameter index (SPI)).
|
8
|
The HA responds with
a Proxy Mobile IP Registration Response. The response includes an
IP address from one of its locally configured pools to assign to
the MS (its Home Address). The HA also creates a mobile binding record
(MBR) for the subscriber session.
|
9
|
The HA sends an RADIUS
Accounting Start request to the AAA server which the AAA server
responds to.
|
10
|
The GGSN replies with
an affirmative Create PDP Context Response using GTPC. The response
will contain information elements such as the PDP Address representing
either the static address requested by the MS or the address assigned
by the GGSN, the TEID used to reference PDP Address, and PDP configuration
options specified by the GGSN.
|
11
|
The SGSN returns an
Activate PDP Context Accept message to the MS. The message includes
response to the configuration parameters sent in the initial request.
|
12
|
The MT, will respond
to the TE’s IPCP Config-request with an IPCP Config-Ack
message.
The MS can now send
and receive data to or from the PDN until the session is closed
or times out. Note that for Mobile IP, only one PDP context is supported
for the MS.
|
13
|
The FA periodically
sends Proxy Mobile IP Registration Request Renewal messages to the
HA. The HA sends responses for each request.
|
14
|
The MS can terminate
the data session at any time. To terminate the session, the MS sends
a Deactivate PDP Context Request message that is received by the
SGSN.
|
15
|
The SGSN sends a Delete
PDP Context Request message to the GGSN facilitating the data session.
The message includes the information elements necessary to identify
the PDP context (i.e., TEID, and NSAPI).
|
16
|
The GGSN removes the
PDP context from memory and the FA sends a Proxy Mobile IP Deregistration Request
message to the HA.
|
17
|
The GGSN returns a
Delete PDP Context Response message to the SGSN.
|
18
|
The HA replies to the
FA with a Proxy Mobile IP Deregistration Request Response.
|
19
|
The HA sends an RADIUS
Accounting Stop request to the AAA server which the AAA server responds to.
|
20
|
The SGSN returns a
Deactivate PDP Context Accept message to the MS.
|
21
|
The GGSN delivers the
GGSN Charging Detail Records (G-CDRs) to a charging gateway (CG)
using GTP Prime (GTPP). Note that, though not shown in this example,
the GGSN could optionally be configured to send partial CDRs while
the PDP context is active.
|
22 |
For each accounting
message received from the GGSN, the CG responds with an acknowledgement.
|
How Proxy Mobile IP Works in WiMAX Network
Scenario 1: AAA server and ASN GW/FA Allocate IP Address
Step | Description |
---|---|
1
|
Mobile Node (MN) secures
a traffic channel over the airlink with the BS.
|
2
|
The BS and ASN GW/FA
establish the R6 interface for the session.
|
3
|
The ASN GW/FA
and MN negotiate Link Control Protocol (LCP).
|
4
|
Upon successful LCP
negotiation, the MN sends a PPP Authentication Request message to
the ASN GW/FA.
|
5
|
The ASN GW/FA
sends an Access Request message to the RADIUS AAA server.
|
6
|
The RADIUS AAA server
successfully authenticates the subscriber and returns an Access
Accept message to the ASN GW/FA. The Accept message may
contain various attributes to be assigned to the MN including the MN’s
Home Address (IP address) and the IP address of the HA to use.
|
7
|
The ASN GW/FA
sends a EAP Authentication Response message to the MN.
|
8
|
The MN sends an Internet
Protocol Control Protocol (IPCP) Configuration Request message to
the ASN GW/FA with an MN address of 0.0.0.0.
|
9
|
The ASN GW/FA
forwards a Proxy Mobile IP Registration Request message to the HA.
The message includes fields such as the MN’s home address,
the IP address of the FA (the care-of-address), and the FA-HA extension
(security parameter index (SPI)).
|
10
|
While the FA is communicating
with the HA, the MN may send additional IPCP Configuration Request messages.
|
11
|
The HA responds with
a Proxy Mobile IP Registration Response after validating the home
address against it’s pool. The HA also creates a mobile
binding record (MBR) for the subscriber session.
|
12
|
The MN and the ASN
GW/FA negotiate IPCP. The result is that the MN is assigned
the home address originally specified by the AAA server.
|
13
|
While the MN and ASN
GW/FA are negotiating IPCP, the HA and AAA server initiate
accounting.
|
14
|
Upon completion of
the IPCP negotiation, the ASN GW/FA and AAA server initiate
accounting fully establishing the session allowing the MN to send/receive
data to/from the PDN.
|
15
|
Upon completion of
the session, the MN sends an LCP Terminate Request message to the
ASN GW to end the subscriber session.
|
16
|
The PDSN/FA
sends a Proxy Mobile IP De-registration Request message to the HA.
|
17
|
The ASN GW/FA
send an LCP Terminate Acknowledge message to the MN ending the subscriber session.
|
18
|
The HA sends a Proxy
Mobile IP De-Registration Response message to the FA terminating
the R3 interface
|
19
|
The ASN GW/FA
and the BS terminate the R6 session.
|
20
|
The HA and the AAA
server stop accounting for the session.
|
21
|
The ASN GW and the
AAA server stop accounting for the session.
|
Scenario 2: HA Allocates IP Address
Step | Description |
---|---|
1
|
Mobile Node (MN) secures
a traffic channel over the airlink with the BS.
|
2
|
The BS and ASN GW/FA
establish the R6 interface for the session.
|
3
|
The ASN GW/FA
and MN negotiate Link Control Protocol (LCP).
|
4
|
Upon successful LCP
negotiation, the MN sends an EAP Authentication Request message
to the ASN GW/FA.
|
5
|
The ASN GW/FA
sends an Access Request message to the RADIUS AAA server.
|
6
|
The RADIUS AAA server
successfully authenticates the subscriber and returns an Access
Accept message to the ASN GW/FA. The Accept message may
contain various attributes to be assigned to the MN including the IP
address of the HA to use.
|
7
|
The ASN GW/FA
sends an EAP Authentication Response message to the MN.
|
8
|
The MN sends an Internet
Protocol Control Protocol (IPCP) Configuration Request message to
the ASN GW/FA with an MN address of 0.0.0.0.
|
9
|
The ASN GW/FA
forwards a Proxy Mobile IP Registration Request message to the HA.
The message includes fields such as a Home Address indicator of
0.0.0.0, the IP address of the FA (the care-of-address), the IP address
of the FA (the care-of-address), and the FA-HA extension (security
parameter index (SPI)).
|
10
|
While the FA is communicating
with the HA, the MN may send additional IPCP Configuration Request messages.
|
11
|
The HA responds with
a Proxy Mobile IP Registration Response. The response includes an
IP address from one of its locally configured pools to assign to
the MN (its Home Address). The HA also creates a mobile binding record
(MBR) for the subscriber session.
|
12
|
The MN and the ASN
GW/FA negotiate IPCP. The result is that the MN is assigned
the home address originally specified by the AAA server.
|
13
|
While the MN and ASN
GW/FA are negotiating IPCP, the HA and AAA server initiate
accounting.
|
14
|
Upon completion of
the IPCP negotiation, the ASN GW/FA and AAA server initiate
accounting fully establishing the session allowing the MN to send/receive
data to/from the PDN.
|
15
|
Upon completion of
the session, the MN sends an LCP Terminate Request message to the
ASN GW to end the subscriber session.
|
16
|
The ASN GW/FA
sends a Proxy Mobile IP De-registration Request message to the HA.
|
17
|
The ASN GW/FA
send an LCP Terminate Acknowledge message to the MN ending the PPP
session.
|
18
|
The HA sends a Proxy
Mobile IP De-Registration Response message to the FA terminating
the R3 interface
|
19
|
The ASN GW/FA
and the BS terminate the R6 session.
|
20
|
The HA and the AAA
server stop accounting for the session.
|
21
|
The ASN GW and the
AAA server stop accounting for the session.
|
How Proxy Mobile IP Works in a WiFi Network with Multiple Authentication
Step | Description |
---|---|
15
|
MS is not capable of
CHAP authentication but PAP authentication, and the MS returns the
EAP payload to indicate that it needs EAP-GTC authentication.
|
16
|
PDIF then initiates
EAP-GTC procedure, and requests a password from MS.
|
17
|
MS includes an authentication
password in the EAP payload to PDIF.
|
18
|
Upon receipt of the
password, PDIF sends a RADIUS Access Request which includes NAI
in the User-Name attribute and PAP-password.
|
19
|
Upon successful authentication,
the AAA server returns a RADIUS Access Accept message, which may include
Framed-IP-Address attribute.
|
20
|
The attribute content
in the Access Accept message is encoded as EAP payload with EAP
success when PDIF sends the IKE_AUTH Response to the MS.
|
21
|
The MS and PDIF now
have a secure IPSec tunnel for communication.
|
22
|
Pdif sends an Accounting
START message.
|
Configuring Proxy Mobile-IP Support
IMPORTANT:
Configuring FA Services
configure
context <context_name>
fa-service <fa_service_name>
proxy-mip allow
proxy-mip max-retransmissions <integer>
proxy-mip retransmission-timeout <seconds>
proxy-mip renew-percent-time percentage
fa-ha-spi remote-address { ha_ip_address | ip_addr_mask_combo } spi-number number { encrypted secret enc_secret | secret secret } [ description string ][ hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } | replay-protection { timestamp | nonce } | timestamp-tolerance tolerance ]
authentication mn-ha
allow-noauth
end
Example
Example
IMPORTANT:
Verify the FA Service Configuration
show fa-service name <fa_service_name>
Configuring Proxy MIP HA Failover
IMPORTANT:
configure
context <context_name>
fa-service <fa_service_name>
proxy-mip ha-failover [ max-attempts <max_attempts> | num-attempts-before-switching <num_attempts> | timeout <seconds> ]
Configuring HA Services
configure
context <context_name>
ha-service <ha_service_name>
IMPORTANT:
fa-ha-spi remote-address <fa_ip_address> spi-number <number> { encrypted secret <enc_secret> | secret <secret> } [ description <string> ] [ hash-algorithm { hmac-md5 | md5 | rfc2002-md5 } ] replay-protection { timestamp | nonce } | timestamp-tolerance <tolerance> ]
authentication mn-ha
allow-noauth
authentication mn-aaa
allow-noauth
end
Configuring Subscriber Profile RADIUS Attributes
RADIUS Attributes Required for Proxy Mobile IP
Attribute | Description | Values |
---|---|---|
SN-Subscriber- Permission
OR
SN1-Subscriber- Permission
|
Indicates the services
allowed to be delivered to the subscriber.
For Proxy Mobile IP,
this attribute must be set
to Simple IP.
|
|
SN-Proxy-MIP
OR
SN1-Proxy-MIP
|
Specifies if the configured
service will perform compulsory Proxy-MIP tunneling for a Simple-IP subscriber.
This attribute must be enabled
to support Proxy Mobile IP.
|
|
SN-Simultaneous- SIP-MIP
OR
SN1-Simultaneous- SIP-MIP
|
Indicates whether or
not a subscriber can simultaneously access both Simple IP and Mobile
IP services.
|
|
SN-PDSN-Handoff- Req-IP-Addr
OR
SN1-PDSN-Handoff- Req-IP-Addr
|
Specifies whether or
not the system should reject and terminate the subscriber session
when the proposed address in IPCP by the mobile does not match the
existing address that was granted by the chassis during an Inter-chassis
handoff.
This can be used to
disable the acceptance of 0.0.0.0 as the IP address proposed by
the MN during the IPCP negotiation that occurs during an Inter-chassis handoff.
This attribute is disabled
(do not reject) by default.
|
|
3GPP2-MIP-HA-Address
|
This attribute sent
in an Access-Accept message specifies the IP Address of the HA.
Multiple attributes
can be sent in Access Accept. However, only the first two are considered
for processing. The first one is the primary HA and the second one
is the secondary (alternate) HA used for HA Failover.
|
IPv4 Address
|
Configuring Local Subscriber Profiles for Proxy-MIP on a PDSN
configure
context <context_name>
subscriber name <subscriber_name>
permission pdsn-simple-ip
proxy-mip allow
inter-pdsn-handoff
require ip-address
mobile-ip home-agent <ha_address>
<optional> mobile-ip
home-agent <ha_address> alternate
ip context-name <context_name>
end
show subscribers configuration username <subscriber_name>
Configuring Local Subscriber Profiles for Proxy-MIP on a PDIF
Configuring Default Subscriber Parameters in Home Agent Context
configure
context <context_name>
ip context-name <context_name>
end
IMPORTANT:
configure
The
following prompt appears:
[local]host_name(config)#
context <context_name>
context_name is
the name of the system destination context designated for APN configuration.
The name must be from 1 to 79 alpha and/or numeric characters
and is case sensitive.The following prompt appears:
[<context_name>]host_name(config-ctx)#
apn <apn_name>
apn_name is
the name of the APN that is being configured. The name must be from
1 to 62 alpha and/or numeric characters and is not case
sensitive. It may also contain dots (.) and/or dashes (-).The
following prompt appears:
[<context_name>]host_name(config-apn)#
proxy-mip required
This
command causes proxy Mobile IP to be supported for all IP PDP contexts
facilitated by the APN.
proxy-mip null-username
static-homeaddr
This command will
enables the accepting of MIP Registration Request without NAI extensions
in this APN.
end
The
following prompt appears:
[local]host_name#
show apn { all | name <apn_name> }
Keyword | Description |
---|---|
Displays configuration information for all configured APN. | |
Displays configuration information for the APN with the specified name.apn_name is the name of the APN. |