Overview of the Cisco Mobile Wireless Home Agent
This chapter illustrates the functional elements in a typical Mobile IP packet data system, the Cisco products that are currently available to support this solution. and their implementation in Cisco IOS Mobile Wireless Home Agent software.
This chapter includes the following sections:
•Cisco Mobile Wireless Home Agent in a CDMA Environment
•Cisco Mobile Wireless Home Agent in a WiMAX Environment
•Packet Data Services
•Cisco Mobile IP Service
•Cisco Proxy Mobile IP Service
•The Home Agent
The Cisco Mobile Wireless Home Agent serves as an anchor point for subscribers, providing easy, secure roaming with quality of service (QoS) capabilities to optimize the mobile user experience. The Cisco Mobile Wireless Home Agent (HA) works in conjunction with a Foreign Agent (FA) and mobile node to provide an efficient Mobile IP solution. Figure 1-1 shows a basic topology.
Figure 1-1 Mobile IP Topology
The Cisco Mobile Wireless Home Agent maintains mobile user registrations-through a foreign agent, or in collocated mode (CCOA), and tunnels packets destined for the mobile device to the foreign agent. It supports reverse tunneling, and can securely tunnel packets to the foreign agent using IP Security (IPSec). Additionally, the Cisco Mobile Wireless Home Agent supports dynamic and static home address assignment—for both public and private addresses—for the mobile device. Home address assignment occurs from address pools configured either locally or remotely using Dynamic Host Configuration Protocol (DHCP) server access, or from the authentication, authorization, and accounting (AAA) server.
The Cisco Mobile Wireless Home Agent is the anchor point for mobile terminals for which mobile or proxy mobile services are provided. Traffic sent to the terminal is routed using the Home Agent. With reverse tunneling, traffic from the terminal is also routed through the Cisco Mobile Wireless Home Agent. Unique features such as Home-Agent redundancy and load balancing provide a high level of availability and reliability, and allow geographical dispersion while maintaining accounting integrity. Another unique feature, Network Address Translation (NAT) traversal, allows the Cisco Home Agent to be used as an anchor point across many access technologies. This allows users to transparently roam across different access networks while retaining a constant connection and addressability.
Cisco Mobile Wireless Home Agent in a CDMA Environment
CDMA2000 is a third-generation (3G) wireless solution that allows the mobile wireless operator already using CDMA technology to offer packet data services. The Cisco CDMA2000 Packet Data Services solution is designed to meet the needs of the mobile wireless industry as it transitions toward 3G cellular data services. The Cisco Mobile Wireless Home Agent is an important component of this solution. The Cisco CDMA2000 Packet Data Services solution includes the Cisco Packet Data Serving Node (PDSN) with the Foreign Agent function, the CDMA2000-based Cisco Mobile Wireless home agent, the Cisco Network Registrar®, Cisco Access Registrar® server, and several other security products and features. Figure 1-2 illustrates the functional elements in a typical Cisco CDMA2000 Packet Data Services system.
The Cisco Mobile Wireless Home Agent is part of a Cisco Systems® solution that complies with international wireless standards, enables expanded mobility, and is always addressable and reachable through the use of Mobile IP and proxy Mobile IP. The Cisco Mobile Wireless Home Agent, in conjunction with the Cisco Packet Data Serving Node (PDSN) Foreign Agent, allows a mobile station with Mobile IP client functions to access the Internet or a corporate intranet using Mobile IP-based service access. Mobile IP extends user mobility beyond the coverage area and provides roaming capabilities. In a CDMA2000 environment, when another Cisco PDSN is allocated to the call (following a handoff), the new Cisco PDSN performs a Mobile IP registration with the Cisco Mobile Wireless Home Agent. This helps to ensure that the same home address assigned when the initial session is established is allocated to the mobile client. Traffic is routed through the Cisco Mobile Wireless Home Agent, and the home agent also provides proxy Address Resolution Protocol (ARP) services. When reverse tunneling is used, traffic from the terminal also is routed through the home agent. Clients without a Mobile IP client can take advantage of these services by using the proxy Mobile IP or client Mobile IP capabilities. Figure 1-2 shows a CDMA2000 Network with a Cisco Mobile Wireless Home Agent and other required components for packet data services.
Figure 1-2 CDMA2000 Network
As the illustration shows, the mobile station, which must support either Simple IP or Mobile IP, connects to a radio tower and BTS. The BTS connects to a BSC, which contains a component called the Packet Control Function (PCF). The PCF communicates with the Cisco PDSN through an A10/A11 interface. The A10 interface is for user data and the A11 interface is for control messages. This interface is also known as the RAN-to-PDSN (R-P) interface. For the Cisco Home Agent Release 2.1 and above, you must use a Giga Ethernet (GE) interface on the Cisco SAMI platform.
The IP networking between the PDSN and external data networks is through the PDSN-to-intranet/Internet (Pi) interface. For the Cisco Home Agent, you can use either an FE or GE interface as the Pi interface.
For "back office" connectivity, such as connections to a AAA server, the interface is media independent.
The Home Agent, in conjunction with the PDSN and Foreign Agent, allows a mobile station with Mobile IP client function, to access the Internet or corporate intranet using Mobile IP-based service access. Mobile IP extends user mobility beyond the coverage area of the current, serving PDSN/Foreign Agent. If another PDSN is allocated to the call (following a handoff), the target PDSN performs a Mobile IP registration with the Home Agent; this ensures that the same home address is allocated to the mobile station. Additionally, clients without a Mobile IP client can also make use of these services by using the Proxy Mobile IP capability provided by the PDSN.
The Home Agent, then, is the anchor point for mobile terminals for which MobileIP or Proxy MobileIP services are provided. Traffic is routed through the Home Agent, and the Home Agent also provides Proxy ARP services. In the case of reverse tunneling, traffic from the terminal is also routed through the Home Agent.
The Cisco Mobile Wireless Home Agent supports all required standards, including the Third-Generation Partnership Project 2 (3GPP2) Technical Specification Group P and X (TSG-P, TSG-X) Standard, and the Wireless IP Network Standard (also known as TIA/EIA/IS-835-D), which defines the overall structure of a CDMA2000 network. It includes features such as enhanced Mobile IP, security, and authentication.
Cisco Mobile Wireless Home Agent in a WiMAX Environment
WiMAX (Worldwide Interoperability for Microwave Access) is fourth-generation (4G) wireless solution based on IEEE standard technology for delivering advanced broadband wireless services in emerging, high-growth and developed markets. WiMAX offers significant additional benefits, most significantly lower deployment costs through the use of an all-data, all-IP architecture, lower spectrum acquisition costs, and a wide range of IP-enabled applications, many of which come from the IP broadband domain. The Cisco Home Agent is part of the Core Service Node in the WiMAX End-to-End Reference Model. The WiMAX end-to-end Reference Model consists of the following logical entities: Mobile Subscriber Station (MSS), Access Service Network (ASN), and Core Service Network (CSN). Further ASN Decomposition is shown in Figure 1-3. The Network Reference Model (NRM) is a logical representation of the network architecture. The NRM identifies functional entities, and reference points over which interoperability may be achieved between functional entities.
Figure 1-3 WiMAX Reference Model
The Access Services Network (ASN)
The ASN is defined as a set of network functions that provide radio access to a WiMAX subscriber. ASN comprises network elements such as Base Station(s) (in one or more Base Station Clusters), and ASN Gateway(s). An ASN may be shared by more than one Connectivity Service Networks (CSN).
Connectivity Service Network (CSN)
The Connectivity Services Network (CSN) is a set of network elements that provides the IP connectivity to the service layer. Provisioning elements such as the AAA and DHCP servers are residing in the CSN as well as the macro mobility anchor point, a function enabled by the Home Agent. The service layer provides the foundation for enabling the delivery of rich services, subscriber identification and policy enforcement. Cisco is helping service providers evolve towards network convergence through its comprehensive IP Next Generation Network (NGN) vision, architecture and networking solutions. The WiMAX Forum Network Reference Model (as defined by the organization's Network Working Group) hints at the use of network, service control and application layer convergence.
Hardware Platform Support
The Cisco Mobile Wireless Home Agent runs on the Cisco Service Application Module for IP (SAMI) for the Cisco 7600 Series. The physical interfaces supported on the Cisco 7600 Series platforms are mainly Fast Ethernet and Gigabit Ethernet, FlexWAN (ATM, Frame Relay), and the new line of Shared Port Adaptor (SPA) and SPA Interface Processor (SIP) line cards, and are independent of physical media.
HA release 5.1 features are supported on the following SUP32, SUP720 and RSP720 variants. The Product Numbers of the supervisors required are:
Session Redundancy Infrastructure
In Home Agent Release 5.0 and above, the HA uses the same Session Redundancy infrastructure that is used for other Cisco Msef products. The external behavior for redundancy will change significantly. The Home Agent specific redundancy scheme of Release 4.0 and before is still supported. However, the SR-infrastructure-based approach is not compatible with the previous Home Agent redundancy scheme.
The Home Agent redundancy scheme in 5.0 and above maintains the use of HSRP as the means of Active/Standby role resolution as well as being the mechanism for determining that a failure has occurred.
For more information regarding Session Redundancy, consult the Home Agent Session Redundancy Infrastructure, page 6-3:
•Home Agent SAMI service module leverages carrier class Cisco 7600 Series Router, which offers a variety of chassis configurations for different deployment scenarios.
•Highly scalable solution allows the system to rapidly scale by adding more service modules to meet traffic loads
•A very robust and proven approach that has been used to support a variety of different applications in the mobile space.
Packet Data Services
In the context of a CDMA2000 network, the Cisco Home Agent supports two types of packet data services: Mobile IP and Proxy Mobile IP services. From the perspective of the Cisco Home Agent, these services are identical.
Cisco Mobile IP Service
With Mobile IP, the mobile station can roam beyond the coverage area of a given PDSN and still maintain the same IP address and application-level connections.
Figure 4 shows the placement of the Cisco Home Agent in a Mobile IP scenario.
Figure 4 CDMA Network—Mobile IP Scenario
The communication process occurs in the following order:
1. The mobile station registers with its Home Agent (HA) through an FA. In the context of the CDMA2000 network, the FA is the Cisco PDSN.
2. The Cisco HA accepts the registration, assigns an IP address to the mobile station, and creates a tunnel to the FA. The resulting configuration is a PPP link between the mobile station and the FA (or PDSN), and an IP-in-IP or GRE tunnel between the FA and the HA.
As part of the registration process, the Cisco HA creates a binding table entry to associate the mobile station's home address with its care-of address.
Note While away from home (from the HA's perspective), the mobile station is associated with a care-of address. This address identifies the mobile station's current, topological point of attachment to the Internet, and is used to route packets to the mobile station. Either a Foreign Agent's address, or an address obtained by the mobile station for use while it is present on a particular network, is used as the care-of address. In the case of the Cisco Home Agent, the care-of address is always an address of the Foreign Agent.
3. The HA advertises network reachability to the mobile station, and tunnels datagrams to the mobile station at its current location.
4. The mobile station sends packets with its home address as the source IP address.
5. Packets destined for the mobile station go through the HA, which tunnels them to the PDSN. From there they are sent to the mobile station using the care-of address. This scenario also applies to reverse tunneling, which allows traffic moving from the mobile to the network to pass through the Home Agent.
6. When the PPP link is handed off to a new PDSN, the link is renegotiated and the Mobile IP registration is renewed.
7. The HA updates its binding table with the new care-of address.
Note For more information about Mobile IP, refer to the Cisco IOS Release 12.4 documentation modules Cisco IOS IP Mobility Configuration Guide, Release 12.4 and Cisco IOS IP Mobility Command Reference, Release 12.4. RFC 2002 describes the specification in detail. TIA/EIA/IS-835-B also defines how Mobile IP is realized in the Home Agent.
Cisco Proxy Mobile IP Service
For certain service providers there is a lack of commercially available Mobile IP client software, while PPP, which is widely used to connect to an Internet Service Provider (ISP), is ubiquitous in IP devices. As an alternative to Mobile IP, you can use Cisco's Proxy Mobile IP feature. This capability of the Cisco PDSN, which is integrated with PPP, enables the PDSN (functioning as a Foreign Agent) and a Mobile IP client, to provide mobility to authenticated PPP users.
The communication process occurs in the following order:
1. The Cisco PDSN (acting as an FA) collects and sends mobile station authentication information to the AAA server (specifically, PPP authentication information).
2. If the mobile station is successfully authorized to use Cisco PDSN Proxy Mobile IP service, the AAA server returns the registration data and an HA address.
3. The FA uses this information, and other data, to generate a registration request (RRQ) on behalf of the mobile station, and sends it to the Cisco HA.
4. If the registration is successful, the Cisco HA sends a registration reply (RRP) that contains an IP address to the FA.
5. The FA assigns the IP address (received in the RRP) to the mobile station, using IP control protocol (IPCP).
6. A tunnel is established between the Cisco HA and the FA, or PDSN. If reverse tunneling is enabled, the tunnel carries traffic to and from the mobile station.
Note The PDSN takes care of all Mobile IP re-registrations on behalf of the Proxy-MIP client.
Features in IOS Release 12.4(22)YD3
The following features were introduced or modified prior to the Cisco 12.4(22)YD3 Release:
•Support for Alternative MN Identifier, page 16-17
•Support for Call Admission Control (CAC), page 16-18
•Reject Framed-IP if Already in Use, page 16-30
•GRE Key CVSE in Non-VRF Environment, page 16-39
•Conserve Unique IP ID for FA-HA IP-in-IP Tunnel, page 16-15
•Setting Fragmentation Size of First Packet With Offset=0, page 16-13
•CoA for WiMAX Hotlining, page 15-11
•DNS Redirection with Monitoring, page 9-4
•NAI Authentication with Local MN-HA SPI and Key, page 5-4
•IP Redirect for Non-Hotlined Users, page 15-6
•In/Out Access List Per NAI/Realm, page 10-3
•HA - Realm Case-Insensitive Option, page 16-2
•FA-HA Auth Extension Mandatory, page 16-3
•Absolute Timeout Per NAI, page 16-8
•AAA Attributes for "ip mobile host/realm", page 16-25
•VSE Support for China Telecom Attributes, page 16-15
•OM Metrics for 3GPP2 / WiMAX Bindings, page 16-36
•Single IDB for MIP/UDP Tunnels, page 16-37
•Redundancy Support for Hotlining, page 15-4
•No Authorization for Re-Reg / De-Reg, page 5-4
•Tunnel Stats via SNMP, page 17-2
•3GPP2 RRQ Without MHAE, page 5-3
This section describes features that were introduced prior to Cisco IOS Release 12.4(22)YD2:
•Single IP Infrastructure
–Single Interface for MIP, page 3-3
–Single Interface for Configuration, page 3-3
–Single Interface for SNMP Management, page 3-4
–Single Interface for Trouble Shooting and Debug, page 3-4
–Single Interface for AAA, page 3-4
–Single Interface for MIP and AAA, page 3-5
–Single Interface for Failover, page 3-10
–Trap Generation for AAA Unresponsiveness, page 3-11
–Intra-Chassis Configuration Synchronization, page 3-14
•Home Agent Session Redundancy Infrastructure, page 6-3
•Unbounded Limit For Maximum Bindings When Configuring CAC on the HA, page 16-19
•Congestion Control Feature, page 16-19
•Foreign Agent Classification, page 16-33
•MAC Address as Show/Clear Binding Key, page 16-34
•Data Path Idle Timer, page 16-35
•Support for RFC 4917, page 16-40
•Address Assignment Feature, page 4-1
•MAC Address as Show/Clear Binding Key, page 16-34
•Accounting Interim Sync, page 12-4
•Single IP Home Agent Accounting Support, page 12-2
•Per Domain Accounting, page 12-4
•Support for Acct-Terminate-Cause, page 16-31
•Authentication Configuration Extension, page 5-2
This section lists features that were introduced or modified before Cisco IOS Release 12.4(15)XM1:
•Support for Service and Application Module for IP (SAMI), page 2-1
Cisco HA 4.0 and above will run on the Cisco SAMI cards in the 7600 Series Router chassis. The SUP720, SUP32 and RSP720 will be used in the 7600 chassis, and will also host the IOS SLB component for load-distribution.
Up to 9 SAMI cards can be supported in a single Cisco 7600 Series Router chassis.
•Enhancements to Hot-lining, page 15-1
•Enhancements to Home Agent Quality of Service, page 14-1
•Framed-Pool Standard, page 16-20
•WiMAX AAA Attributes, page 16-23
•MS Traffic Redirection in Upstream Path, page 16-12
•Per Foreign-Agent Access-Type Support, page 16-32
•Support for Call Admission Control (CAC), page 16-18
•Priority-Metric for Local Pool, page 16-21
•Mobile IPv4 Host Configuration Extensions RFC4332, page 16-22
This section describes features that were introduced or modified in prior to Home Agent Release 4.0:
•Support for Mobile Equipment Identifier (MEID)
•Home Agent Accounting Enhancements
–Home Agent Accounting in a Redundant Setup
–Packet count and Byte count in Accounting Records
–Additional Attributes in the Accounting Records
–Additional Accounting Methods—Interim Accounting is Supported.
•VRF Mapping on the RADIUS Server
•Conditional Debugging Enhancement
•Home Agent Redundancy Enhancements
–Redundancy with Radius Downloaded Pool Names
•CLI for IP-LOCAL-POOL-MIB
•Mobile-User ACLs in Packet Filtering
•DNS Server Address Assignment
•Mobile IP MIB Enhancements in Network Management, MIBs, and SNMP on the Home Agent
This section describes features that were introduced or modified in previous releases of the Cisco Mobile Wireless Home Agent:
•Mobile IPv4 Registration Revocation, page 8-1
•HA Server Load Balancing, page 7-1
•Overview of HA Accounting, page 12-1
•Skip HA-CHAP with MN-FA Challenge Extension (MFCE), page 5-5
•VRF Support on HA, page 13-1
•Radius Disconnect, page 8-4
•Conditional Debugging, page 17-5
•Home Address Assignment, page 4-1
•Home Agent Redundancy, page 6-1
•Virtual Networks, page 6-9
•Mobile IP IPSec, page 11-1
•Support for ACLs on Tunnel Interface, page 16-10
•Support for AAA Attributes MN-HA-SPI and MN-HA SHARED KEY, page 16-11
•3 DES Encryption, page 11-1
•User Profiles, page 16-11
•Mobility Binding Association, page 16-12
•User Authentication and Authorization, page 5-1
•HA Binding Update, page 16-12
•Per User Packet Filtering, page 10-1
•Security, page 11-1
In addition to supporting Cisco IOS networking features, a Cisco 7600 series router configured as a Home Agent, supports the following Home Agent-specific features:
•Support for static IP addresses assignment
–Public IP addresses
–Private IP addresses
•Support for dynamic IP addresses assignment
–Public IP addresses
–Private IP addresses
•Multiple flows for different Network Access Identifiers (NAIs) using static or dynamic addresses
•Multiple flows for the same NAI using different static addresses
•Foreign Agent Challenge extensions in RFC 3012 - bis 03
–Mobile IP Agent Advertisement Challenge Extension
–MN-FA Challenge Extension
–Generalized Mobile IP Authentication Extension, which specifies the format for the MN-AAA Authentication Extension
•Mobile IP Extensions specified in RFC 2002
–MN-HA Authentication Extension
–FA-HA Authentication Extension
•Reverse Tunneling, RFC 2344
•Mobile NAI Extension, RFC 2794
•Multiple tunneling modes between FA and HA
–IP-in-IP Encapsulation, RFC 2003
–Generic Route Encapsulation, RFC 2784
•Binding Update message for managing stale bindings
•Home Agent redundancy support
•Mobile IP Extensions specified in RFC 3220
–Authentication requiring the use of SPI. section 3.2
•Support for Packet Filtering
–Input access lists
–Output access lists
•Support for proxy and gratuitous ARP
•Mobile IP registration replay protection using time stamps. Nonce-based replay protection is not supported.
•Supports static and dynamic IP address allocation.
•Attracts, intercepts, and tunnels datagrams for delivery to the MS.
•Receives tunneled datagrams from the MS (through the FA), unencapsulates them, and delivers them to the corresponding node (CN).
Note Depending on the configuration, reverse tunneling may, or may not, be used by the MS, and may or may not be accepted by the HA.
•Presents a unique routable address to the network.
•Supports ingress and egress filtering.
•Maintains binding information for each registered MS containing an association of Care-of Address (CoA) with the home address, NAI, and security keys together with the lifetime of that association.
•Receives and processes registration renewal requests within the bounds of the Mobile IP registration lifetime timer, either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Receives and processes de-registration requests either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Maintains a subscriber database that is stored locally or retrieved from an external source.
•Sends a binding update to the source PDSN under hand-off conditions when suitably configured.
•Supports dynamic HA assignment.
Features No Longer Supported
In Home Agent Release 5.0 and above, the following features are no longer supported.
•MIP/LAC (PPP Regeneration) Support
•On-Demand Address Pool (ODAP)
The Home Agent
The Home Agent (HA) maintains mobile user registrations and tunnels packets destined for the mobile to the PDSN/FA. It supports reverse tunneling, and can securely tunnel packets to the PDSN using IPSec. Broadcast packets are not tunneled. Additionally, the HA performs dynamic home address assignment for the mobile. Home address assignment can be from address pools configured locally, through either DHCP server access, or from the AAA server.
The Cisco Mobile Wireless HA supports proxy Mobile IP functionality, and is available on the Cisco 7600 Series Router platforms.
A Cisco HA based on the Cisco 7600 series router, with two SAMI cards housing six active HA images and six standby images, would support the above figures multiplied by 6.
For more information on Mobile IP as it relates to Home Agent configuration tasks, please refer to the following URL: