Using the System as Both a GGSN/FA and an HA
Information Required
Source Context Configuration
Destination Context Configuration
Mobile IP Destination Context Configuration
| Required Information | Description |
|---|---|
| Mobile IP Destination context name | This
is an identification string between 1 and 79 characters (alpha and/or
numeric) by which the Mobile IP destination context will be recognized
by the system.
NOTE: For this
configuration, the destination context name should not match the domain
name of a specific domain. It should, however, match the name of
the context in which the HA service is configured if a separate
system is used to provide HA functionality.
|
| ICC Interface Configuration | |
| ICC interface name | The
intra-context communication (ICC) interface is configured to allow
FA and HA services configured within the same context to communicate
with each other. The ICC interface
name is an identification string between 1 and 79 characters (alpha
and/or numeric) by which the interface will be recognized
by the system.
Multiple names are
needed if multiple interfaces will be configured.
ICC interface(s) are
configured in the same destination context as the FA and HA services.
|
| IP address and subnet | These
will be assigned to the ICC interface(s). Multiple addresses
(at least one per service) on the same subnet will be needed to
assign to the same ICC interface.
|
| Physical port number | This
specifies the physical port to which the interface will be bound.
Ports are identified by the chassis slot number where the line card
resides in, followed by the number of the physical connector on
the line card. For example, port 17/1 identifies connector
number 1 on the card in slot 17. A single physical
port can facilitate multiple interfaces.
|
| Physical port description | This
is an identification string between 1 and 79 characters (alpha and/or
numeric) by which the physical port will be recognized by the system. Multiple descriptions
are needed if multiple ports will be used.
Physical ports are
configured within the destination context and are used to bind logical
ICC interfaces.
|
| Gi Interface Configuration | |
| Gi interface name | This
is an identification string between 1 and 79 characters (alpha and/or
numeric) by which the interface will be recognized by the system. Multiple names are
needed if multiple interfaces will be configured.
Gi interfaces are
configured in the destination context.
|
| IP address and subnet | These
will be assigned to the Gi interface. Multiple addresses
and/or subnets are needed if multiple interfaces will be configured.
|
| Physical port number | This
specifies the physical port to which the interface will be bound.
Ports are identified by the chassis slot number where the line card
resides in, followed by the number of the physical connector on
the line card. For example, port 17/1 identifies connector
number 1 on the card in slot 17. A single physical
port can facilitate multiple interfaces.
|
| Physical port description(s) | This
is an identification string between 1 and 79 characters (alpha and/or
numeric) by which the physical port will be recognized by the system. Multiple descriptions
will be needed if multiple ports will be used.
Physical ports are
configured within the destination context and are used to bind logical
Gi interfaces.
|
| Gateway IP address(es) | Used when configuring static routes from the Gi interface(s) to a specific network. |
| IP Address Pool Configuration (optional) | |
| IP address pool name(s) | If IP address pools will be configured in the destination context(s), names or identifiers will be needed for them. The pool name can be between 1 and 31 alpha and/or numeric characters and is case sensitive. |
| IP pool addresses | An
initial address and a subnet, or a starting address and an ending
address, are required for each configured pool. The pool will then
consist of every possible address within the subnet, or all addresses
from the starting address to the ending address. The pool can be configured
as public, private, or static.
|
| FA Service Configuration | |
| FA service name | This
is an identification string between 1 and 63 characters (alpha and/or
numeric) by which the FA service will be recognized by the system .Multiple names are
needed if multiple FA services will be used.
FA services are configured
in the destination context.
|
| UDP port number for Mobile IP traffic | Specifies the port used by the FA service and the HA for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 434. |
| Security Parameter Index (indices) Information | HA IP address: Specifies the IP address of the HAs with which the FA service communicates. The FA service allows the creation of a security profile that can be associated with a particular HA. |
| Index: Specifies the shared SPI between the FA service and a particular HA. The SPI can be configured to any integer value between 256 and 4294967295.Multiple SPIs can be configured if the FA service is to communicate with multiple HAs. | |
| Secrets: Specifies the shared SPI secret between the FA service and the HA. The secret can be between 1 and 127 characters (alpha and/or numeric).An SPI secret is required for each SPI configured. | |
| Hash-algorithm: Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default is hmac-md5.A hash-algorithm is required for each SPI configured. | |
| FA agent advertisement lifetime | Specifies
the time (in seconds) that an FA agent advertisement remains valid
in the absence of further advertisements. The time can be configured
to any integer value between 1 and 65535. The default is 9000.
|
| Number of allowable unanswered FA advertisements | Specifies
the number of unanswered agent advertisements that the FA service
will allow during call setup before it will reject the session. The number can be
any integer value between 1 and 65535. The default is 5.
|
| Maximum mobile-requested registration lifetime allowed | Specifies
the longest registration lifetime that the FA service will allow
in any Registration Request message from the mobile node. The lifetime is expressed
in seconds and can be configured between 1 and 65534. An infinite
registration lifetime can be configured by disabling the timer. The
default is 600 seconds.
|
| Registration reply timeout | Specifies
the amount of time that the FA service will wait for a Registration
Reply from an HA. The time is measured
in seconds and can be configured to any integer value between 1
and 65535. The default is 7.
|
| Number of simultaneous registrations | Specifies
the number of simultaneous Mobile IP sessions that will be supported
for a single subscriber. The maximum number
of sessions is 3. The default is 1.
NOTE: The system
will only support multiple Mobile IP sessions per subscriber if
the subscriber’s mobile node has a static IP address.
|
| Mobile node re-registration requirements | Specifies
how the system should handle authentication for mobile node re-registrations. The FA service can
be configured to always require authentication or not. If not, the
initial registration and de-registration will still be handled normally.
|
| HA service Configuration | |
| HA service name | This
is an identification string between 1 and 63 characters (alpha and/or
numeric) by which the HA service will be recognized by the system. Multiple names are
needed if multiple HA services will be used.
HA services are configured
in the destination context.
|
| UDP port number for Mobile IP traffic | Specifies the port used by the HA service and the FA for communications. The UDP port number can be any integer value between 1 and 65535. The default value is 434. |
| Mobile node re-registration requirements | Specifies how the system should handle authentication for mobile node re-registrations.The HA service can be configured as follows: |
| FA-to-HA Security Parameter Index Information | FA IP address:
The HA service allows the creation of a security profile that can
be associated with a particular FA. This specifies the
IP address of the FA that the HA service will be communicating with.
Multiple FA addresses
are needed if the HA will be communicating with multiple FAs.
|
| Index: Specifies
the shared SPI between the HA service and a particular FA. The SPI
can be configured to any integer value between 256 and 4294967295. Multiple SPIs can
be configured if the HA service is to communicate with multiple
FAs.
|
|
| Secret: Specifies
the shared SPI secret between the HA service and the FA. The secret
can be between 1 and 127 characters (alpha and/or numeric). An SPI secret is required
for each SPI configured.
|
|
| Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret. The
possible algorithms that can be configured are MD5 per RFC 1321
and keyed-MD5 per RFC 2002. The default algorithm is hmac-md5. A hash-algorithm is
required for each SPI configured.
|
|
| Mobile Node Security Parameter Index Information | Index: Specifies
the shared SPI between the HA service and a particular FA. The SPI
can be configured to any integer value between 256 and 4294967295. Multiple SPIs can
be configured if the HA service is to communicate with multiple
FAs.
|
| Secret: Specifies
the shared SPI secret between the HA service and the FA. The secret
can be between 1 and 127 characters (alpha and/or numeric). An SPI secret is required
for each SPI configured.
|
|
| Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret. The
possible algorithms that can be configured are MD5 per RFC 1321
and keyed-MD5 per RFC 2002. The default algorithm is hmac-md5. A hash-algorithm is
required for each SPI configured.
|
|
| Replay-protection process:
Specifies how protection against replay-attacks is implemented.
The possible processes are nonce and timestamp. The default is timestamp
with a tolerance of 60 seconds. A replay-protection
process is required for each mobile node-to-HA SPI configured.
|
|
| Maximum registration lifetime | Specifies
the longest registration lifetime that the HA service will allow
in any Registration Request message from the mobile node. The time is measured
in seconds and can be configured to any integer value between 1
and 65535. An infinite registration lifetime can also be configured
by disabling the timer. The default is 600.
|
| Maximum number of simultaneous bindings | Specifies
the maximum number of “care-of” addresses that
can simultaneously be bound for the same user as identified by NAI
and Home address. The number can be
configured to any integer value between 1 and 5. The default is
3.
|
| Default Subscriber Configuration | |
| “Default” subscriber’s IP context name | Specifies
the name of the egress context on the system that facilitates the
Gi interfaces.
NOTE: For this
configuration, the IP context name should be identical to the name
of the destination context.
|
How This Configuration Works