Overview of the Cisco Mobile Wireless Home Agent
This chapter illustrates the functional elements in a typical Mobile IP packet data system, the Cisco products that are currently available to support this solution. and their implementation in Cisco IOS Mobile Wireless Home Agent software.
This chapter includes the following sections:
•Cisco Mobile Wireless Home Agent in a CDMA Environment
•Cisco Mobile Wireless Home Agent in a WiMAX Environment
•Packet Data Services
•Cisco Mobile IP Service
•Cisco Proxy Mobile IP Service
•The Home Agent
The Cisco Mobile Wireless Home Agent serves as an anchor point for subscribers, providing easy, secure roaming with quality of service (QoS) capabilities to optimize the mobile user experience. The Cisco Mobile Wireless Home Agent (HA) works in conjunction with a Foreign Agent (FA) and mobile node to provide an efficient Mobile IP solution. Figure 1-1 shows a basic topology.
Figure 1-1 Mobile IP Topology
The Cisco Mobile Wireless Home Agent maintains mobile user registrations-through a foreign agent, or in collocated mode (CCOA), and tunnels packets destined for the mobile device to the foreign agent. It supports reverse tunneling, and can securely tunnel packets to the foreign agent using IP Security (IPSec). Additionally, the Cisco Mobile Wireless Home Agent supports dynamic and static home address assignment—for both public and private addresses—for the mobile device. Home address assignment occurs from address pools configured either locally or remotely using Dynamic Host Configuration Protocol (DHCP) server access, or from the authentication, authorization, and accounting (AAA) server, or an On-Demand Address Pool (ODAP).
The Cisco Mobile Wireless Home Agent is the anchor point for mobile terminals for which mobile or proxy mobile services are provided. Traffic sent to the terminal is routed using the Home Agent. With reverse tunneling, traffic from the terminal is also routed through the Cisco Mobile Wireless Home Agent. Unique features such as Home-Agent redundancy and load balancing provide a high level of availability and reliability, and allow geographical dispersion while maintaining accounting integrity. Another unique feature, Network Address Translation (NAT) traversal, allows the Cisco Home Agent to be used as an anchor point across many access technologies. This allows users to transparently roam across different access networks while retaining a constant connection and addressability.
Cisco Mobile Wireless Home Agent in a CDMA Environment
CDMA2000 is a third-generation (3G) wireless solution that allows the mobile wireless operator already using CDMA technology to offer packet data services. The Cisco CDMA2000 Packet Data Services solution is designed to meet the needs of the mobile wireless industry as it transitions toward 3G cellular data services. The Cisco Mobile Wireless Home Agent is an important component of this solution. The Cisco CDMA2000 Packet Data Services solution includes the Cisco Packet Data Serving Node (PDSN) with the Foreign Agent function, the CDMA2000-based Cisco Mobile Wireless home agent, the Cisco Network Registrar®, Cisco Access Registrar® server, and several other security products and features. Figure 1-2 illustrates the functional elements in a typical Cisco CDMA2000 Packet Data Services system.
The Cisco Mobile Wireless Home Agent is part of a Cisco Systems® solution that complies with international wireless standards, enables expanded mobility, and is always addressable and reachable through the use of Mobile IP and proxy Mobile IP. The Cisco Mobile Wireless Home Agent, in conjunction with the Cisco Packet Data Serving Node (PDSN) Foreign Agent, allows a mobile station with Mobile IP client functions to access the Internet or a corporate intranet using Mobile IP-based service access. Mobile IP extends user mobility beyond the coverage area and provides roaming capabilities. In a CDMA2000 environment, when another Cisco PDSN is allocated to the call (following a handoff), the new Cisco PDSN performs a Mobile IP registration with the Cisco Mobile Wireless Home Agent. This helps to ensure that the same home address assigned when the initial session is established is allocated to the mobile client. Traffic is routed through the Cisco Mobile Wireless Home Agent, and the home agent also provides proxy Address Resolution Protocol (ARP) services. When reverse tunneling is used, traffic from the terminal also is routed through the home agent. Clients without a Mobile IP client can take advantage of these services by using the proxy Mobile IP or client Mobile IP capabilities. Figure 1-2 shows a CDMA2000 Network with a Cisco Mobile Wireless Home Agent and other required components for packet data services.
Figure 1-2 CDMA2000 Network
As the illustration shows, the mobile station, which must support either Simple IP or Mobile IP, connects to a radio tower and BTS. The BTS connects to a BSC, which contains a component called the Packet Control Function (PCF). The PCF communicates with the Cisco PDSN through an A10/A11 interface. The A10 interface is for user data and the A11 interface is for control messages. This interface is also known as the RAN-to-PDSN (R-P) interface. For the Cisco Home Agent Release 2.1 and above, you must use a Giga Ethernet (GE) interface on the Cisco SAMI platform.
The IP networking between the PDSN and external data networks is through the PDSN-to-intranet/Internet (Pi) interface. For the Cisco Home Agent, you can use either an FE or GE interface as the Pi interface.
For "back office" connectivity, such as connections to a AAA server, the interface is media independent.
The Home Agent, in conjunction with the PDSN and Foreign Agent, allows a mobile station with Mobile IP client function, to access the Internet or corporate intranet using Mobile IP-based service access. Mobile IP extends user mobility beyond the coverage area of the current, serving PDSN/Foreign Agent. If another PDSN is allocated to the call (following a handoff), the target PDSN performs a Mobile IP registration with the Home Agent; this ensures that the same home address is allocated to the mobile station. Additionally, clients without a Mobile IP client can also make use of these services by using the Proxy Mobile IP capability provided by the PDSN.
The Home Agent, then, is the anchor point for mobile terminals for which MobileIP or Proxy MobileIP services are provided. Traffic is routed through the Home Agent, and the Home Agent also provides Proxy ARP services. In the case of reverse tunneling, traffic from the terminal is also routed through the Home Agent.
The Cisco Mobile Wireless Home Agent supports all required standards, including the Third-Generation Partnership Project 2 (3GPP2) Technical Specification Group P and X (TSG-P, TSG-X) Standard, and the Wireless IP Network Standard (also known as TIA/EIA/IS-835-D), which defines the overall structure of a CDMA2000 network. It includes features such as enhanced Mobile IP, security, and authentication.
Cisco Mobile Wireless Home Agent in a WiMAX Environment
WiMAX (Worldwide Interoperability for Microwave Access) is fourth-generation (4G) wireless solution based on IEEE standard technology for delivering advanced broadband wireless services in emerging, high-growth and developed markets. WiMAX offers significant additional benefits, most significantly lower deployment costs through the use of an all-data, all-IP architecture, lower spectrum acquisition costs, and a wide range of IP-enabled applications, many of which come from the IP broadband domain. The Cisco Home Agent is part of the Core Service Node in the WiMAX End-to-End Reference Model. The WiMAX end-to-end Reference Model consists of the following logical entities: Mobile Subscriber Station (MSS), Access Service Network (ASN), and Core Service Network (CSN). Further ASN Decomposition is shown in Figure 1-3. The Network Reference Model (NRM) is a logical representation of the network architecture. The NRM identifies functional entities, and reference points over which interoperability may be achieved between functional entities.
Figure 1-3 WiMAX Reference Model
The Access Services Network (ASN)
The ASN is defined as a set of network functions that provide radio access to a WiMAX subscriber. ASN comprises network elements such as Base Station(s) (in one or more Base Station Clusters), and ASN Gateway(s). An ASN may be shared by more than one Connectivity Service Networks (CSN).
Connectivity Service Network (CSN)
The Connectivity Services Network (CSN) is a set of network elements that provides the IP connectivity to the service layer. Provisioning elements such as the AAA and DHCP servers are residing in the CSN as well as the macro mobility anchor point, a function enabled by the Home Agent. The service layer provides the foundation for enabling the delivery of rich services, subscriber identification and policy enforcement. Cisco is helping service providers evolve towards network convergence through its comprehensive IP Next Generation Network (NGN) vision, architecture and networking solutions. The WiMAX Forum Network Reference Model (as defined by the organization's Network Working Group) hints at the use of network, service control and application layer convergence.
Hardware Platform Support
The Cisco Mobile Wireless Home Agent runs on the Cisco Service Application Module for IP (SAMI) for the Cisco 7600 Series. The physical interfaces supported on the Cisco 7600 Series platforms are mainly Fast Ethernet and Gigabit Ethernet, FlexWAN (ATM, Frame Relay), and the new line of Shared Port Adaptor (SPA) and SPA Interface Processor (SIP) line cards, and are independent of physical media.
Additionally, the Cisco Mobile Wireless Home Agent runs on the Cisco 7301 Series router.
Note The Load Balancing and Session Redundancy features are not available for the Mobile Wireless Home Agent on the Cisco 7301 Series Router platform.
•Home Agent SAMI service module leverages carrier class Cisco 7600 Series Router, which offers a variety of chassis configurations for different
•Highly scalable solution allows the system to rapidly scale by adding more service modules to meet traffic loads
•A very robust and proven approach that has been used to support a variety of different applications in the mobile space.
Packet Data Services
In the context of a CDMA2000 network, the Cisco Home Agent supports two types of packet data services: Mobile IP and Proxy Mobile IP services. From the perspective of the Cisco Home Agent, these services are identical.
Cisco Mobile IP Service
With Mobile IP, the mobile station can roam beyond the coverage area of a given PDSN and still maintain the same IP address and application-level connections.
Figure 4 shows the placement of the Cisco Home Agent in a Mobile IP scenario.
Figure 4 CDMA Network—Mobile IP Scenario
The communication process occurs in the following order:
1. The mobile station registers with its Home Agent (HA) through an FA. In the context of the CDMA2000 network, the FA is the Cisco PDSN.
2. The Cisco HA accepts the registration, assigns an IP address to the mobile station, and creates a tunnel to the FA. The resulting configuration is a PPP link between the mobile station and the FA (or PDSN), and an IP-in-IP or GRE tunnel between the FA and the HA.
As part of the registration process, the Cisco HA creates a binding table entry to associate the mobile station's home address with its care-of address.
Note While away from home (from the HA's perspective), the mobile station is associated with a care-of address. This address identifies the mobile station's current, topological point of attachment to the Internet, and is used to route packets to the mobile station. Either a Foreign Agent's address, or an address obtained by the mobile station for use while it is present on a particular network, is used as the care-of address. In the case of the Cisco Home Agent, the care-of address is always an address of the Foreign Agent.
3. The HA advertises network reachability to the mobile station, and tunnels datagrams to the mobile station at its current location.
4. The mobile station sends packets with its home address as the source IP address.
5. Packets destined for the mobile station go through the HA, which tunnels them to the PDSN. From there they are sent to the mobile station using the care-of address. This scenario also applies to reverse tunneling, which allows traffic moving from the mobile to the network to pass through the Home Agent.
6. When the PPP link is handed off to a new PDSN, the link is renegotiated and the Mobile IP registration is renewed.
7. The HA updates its binding table with the new care-of address.
Note For more information about Mobile IP, refer to the Cisco IOS Release 12.4 documentation modules Cisco IOS IP Mobility Configuration Guide, Release 12.4 and Cisco IOS IP Mobility Command Reference, Release 12.4. RFC 2002 describes the specification in detail. TIA/EIA/IS-835-B also defines how Mobile IP is realized in the Home Agent.
Cisco Proxy Mobile IP Service
For certain service providers there is a lack of commercially available Mobile IP client software, while PPP, which is widely used to connect to an Internet Service Provider (ISP), is ubiquitous in IP devices. As an alternative to Mobile IP, you can use Cisco's Proxy Mobile IP feature. This capability of the Cisco PDSN, which is integrated with PPP, enables the PDSN (functioning as a Foreign Agent) and a Mobile IP client, to provide mobility to authenticated PPP users.
The communication process occurs in the following order:
1. The Cisco PDSN (acting as an FA) collects and sends mobile station authentication information to the AAA server (specifically, PPP authentication information).
2. If the mobile station is successfully authorized to use Cisco PDSN Proxy Mobile IP service, the AAA server returns the registration data and an HA address.
3. The FA uses this information, and other data, to generate a registration request (RRQ) on behalf of the mobile station, and sends it to the Cisco HA.
4. If the registration is successful, the Cisco HA sends a registration reply (RRP) that contains an IP address to the FA.
5. The FA assigns the IP address (received in the RRP) to the mobile station, using IP control protocol (IPCP).
6. A tunnel is established between the Cisco HA and the FA, or PDSN. If reverse tunneling is enabled, the tunnel carries traffic to and from the mobile station.
Note The PDSN takes care of all Mobile IP re-registrations on behalf of the Proxy-MIP client.
New Features in IOS Release 12.4(15)XM
This section describes features that were introduced or modified in Home Agent Release 4.1 for Cisco IOS Release 12.4(15)XM:
•Support for the Cisco 7301 Series Router platform.
This section lists features that were introduced ore modified before Cisco IOS Release 12.4(15)XM1:
•Support for Service and Application Module for IP (SAMI), page 2-1
Cisco HA 4.0 and above will run on the Cisco SAMI cards in the 7600 Series Router chassis. The SUP720, SUP32 and RSP720 will be used in the 7600 chassis, and will also host the IOS SLB component for load-distribution.
Up to 9 SAMI cards can be supported in a single Cisco 7600 Series Router chassis.
Note The Cisco Mobile Wireless Home Agent is no longer supported on the Cisco 7200 or Cisco 6500 Series Router platforms.
•Enhancements to Hot-lining, page 14-1
•Enhancements to Home Agent Quality of Service, page 13-1
•Framed-Pool Standard, page 15-14
•WiMAX AAA Attributes, page 15-17
•MS Traffic Redirection in Upstream, page 15-24
•Per Foreign-Agent Access-Type Support, page 15-23
•Support for Max Bindings, page 15-6
•Support for Call Admission Control (CAC), page 15-5
•MIP/LAC (PPP Regeneration) Support, page 15-6
•Priority-Metric for Local Pool, page 15-15
•Mobile IPv4 Host Configuration Extensions RFC4332, page 15-16
This section describes features that were introduced or modified in prior to Home Agent Release 4.0:
•Support for Mobile Equipment Identifier (MEID)
•Home Agent Accounting Enhancements
–Home Agent Accounting in a Redundant Setup
–Packet count and Byte count in Accounting Records
–Additional Attributes in the Accounting Records
–Additional Accounting Methods—Interim Accounting is Supported.
•VRF Mapping on the RADIUS Server
•Conditional Debugging Enhancements
•Home Agent Redundancy Enhancements
–Redundancy with Radius Downloaded Pool Names
•CLI for IP-LOCAL-POOL-MIB
•Mobile-User ACLs in Packet Filtering
•DNS Server Address Assignment
•Mobile IP MIB Enhancements in Network Management, MIBs, and SNMP on the Home Agent
This section describes features that were introduced or modified in previous releases of the Cisco Mobile Wireless Home Agent:
•Mobile IPv4 Registration Revocation, page 7-1
•HA Server Load Balancing, page 6-1
•Home Agent Accounting, page 11-1
•Skip HA-CHAP with MN-FA Challenge Extension (MFCE), page 4-2
•VRF Support on HA, page 12-1
•Radius Disconnect, page 7-4
•Conditional Debugging, page 16-4
•Home Address Assignment, page 3-1
•Home Agent Redundancy, page 5-1
•Virtual Networks, page 5-6
•On-Demand Address Pool (ODAP), page 3-5
•Mobile IP IPSec, page 10-2
•Support for ACLs on Tunnel Interface, page 15-1
•Support for AAA Attributes MN-HA-SPI and MN-HA SHARED KEY, page 15-3
•3 DES Encryption, page 10-1
•User Profiles, page 15-3
•Mobility Binding Association, page 15-3
•User Authentication and Authorization, page 4-1
•HA Binding Update, page 15-4
•Per User Packet Filtering, page 9-1
•Security, page 10-1
In addition to supporting Cisco IOS networking features, a Cisco 7600 series router configured as a Home Agent, supports the following Home Agent-specific features:
•Support for static IP addresses assignment
–Public IP addresses
–Private IP addresses
•Support for dynamic IP addresses assignment
–Public IP addresses
–Private IP addresses
•Multiple flows for different Network Access Identifiers (NAIs) using static or dynamic addresses
•Multiple flows for the same NAI using different static addresses
•Foreign Agent Challenge extensions in RFC 3012 - bis 03
–Mobile IP Agent Advertisement Challenge Extension
–MN-FA Challenge Extension
–Generalized Mobile IP Authentication Extension, which specifies the format for the MN-AAA Authentication Extension
•Mobile IP Extensions specified in RFC 2002
–MN-HA Authentication Extension
–FA-HA Authentication Extension
•Reverse Tunneling, RFC 2344
•Mobile NAI Extension, RFC 2794
•Multiple tunneling modes between FA and HA
–IP-in-IP Encapsulation, RFC 2003
–Generic Route Encapsulation, RFC 2784
•Binding Update message for managing stale bindings
•Home Agent redundancy support
•Mobile IP Extensions specified in RFC 3220
–Authentication requiring the use of SPI. section 3.2
•Support for Packet Filtering
–Input access lists
–Output access lists
•Support for proxy and gratuitous ARP
•Mobile IP registration replay protection using time stamps. Nonce-based replay protection is not supported.
•Supports static and dynamic IP address allocation.
•Attracts, intercepts, and tunnels datagrams for delivery to the MS.
•Receives tunneled datagrams from the MS (through the FA), unencapsulates them, and delivers them to the corresponding node (CN).
Note Depending on the configuration, reverse tunneling may, or may not, be used by the MS, and may or may not be accepted by the HA.
•Presents a unique routable address to the network.
•Supports ingress and egress filtering.
•Maintains binding information for each registered MS containing an association of Care-of Address (CoA) with the home address, NAI, and security keys together with the lifetime of that association.
•Receives and processes registration renewal requests within the bounds of the Mobile IP registration lifetime timer, either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Receives and processes de-registration requests either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Maintains a subscriber database that is stored locally or retrieved from an external source.
•Sends a binding update to the source PDSN under hand-off conditions when suitably configured.
•Supports dynamic HA assignment.
The Home Agent
The Home Agent (HA) maintains mobile user registrations and tunnels packets destined for the mobile to the PDSN/FA. It supports reverse tunneling, and can securely tunnel packets to the PDSN using IPSec. Broadcast packets are not tunneled. Additionally, the HA performs dynamic home address assignment for the mobile. Home address assignment can be from address pools configured locally, through either DHCP server access, or from the AAA server.
The Cisco Mobile Wireless HA supports proxy Mobile IP functionality, and is available on the Cisco 7600 Series Router platforms.
A Cisco HA based on the Cisco 7600 series router, with two SAMI cards housing six active HA images and six standby images, would support the above figures multiplied by 6.
For more information on Mobile IP as it relates to Home Agent configuration tasks, please refer to the following URL: