Overview of the Cisco Mobile Wireless Home Agent
This chapter illustrates the functional elements in a typical CDMA2000 packet data system, the Cisco products that are currently available to support this solution. and their implementation in Cisco IOS Mobile Wireless Home Agent software.
This chapter includes the following sections:
•Cisco Home Agent Network
•Packet Data Services
•The Home Agent
Cisco's Mobile Wireless Packet Data Solution includes the Packet Data Serving Node (PDSN) with Foreign Agent (FA) functionality, the Cisco Mobile Wireless Home Agent (HA), Authentication, Authorization and Accounting (AAA) servers, and several other security products and features. The solution is standards compliant, and is designed to meet the needs of the mobile wireless industry as it transitions towards third-generation cellular data services.
The Home Agent is the anchor point for mobile terminals for which MobileIP or Proxy MobileIP services are provided. Traffic sent to the terminal is routed through the Home Agent. With reverse tunneling, traffic from the terminal is also routed through the Home Agent.
A PDSN provides access to the Internet, intranets, and Wireless Application Protocol (WAP) servers for mobile stations using a Code Division Multiple Access 2000 (CDMA2000) Radio Access Network (RAN). The Cisco PDSN is a Cisco IOS software feature that runs on Cisco 7200 routers, Catalyst 6500 switches, and Cisco 7600 Internet routers, and acts as an access gateway for Simple IP and Mobile IP stations. It provides FA support and packet transport for virtual private networking (VPN). It also acts as a AAA client.
The Cisco PDSN and the Cisco Home Agent support all relevant 3GPP2 standards, including those that define the overall structure of a CDMA2000 network, and the interfaces between radio components, the Home Agent, and the PDSN.
CDMA is one of the standards for mobile communication. A typical CDMA2000 network includes terminal equipment, mobile termination, base transceiver stations (BTSs), base station controllers (BSCs), PDSNs, and other CDMA network and data network entities. The PDSN is the interface between a BSC and a network router.
Figure 1-1 illustrates the relationship of the components of a typical CDMA2000 network, including a PDSN and a Home Agent. In this illustration, a roaming mobile station user is receiving data services from a visited access provider network, rather than from the mobile station user's subscribed access provider network.
Figure 1-1 The CDMA Network
As the illustration shows, the mobile station, which must support either Simple IP or Mobile IP, connects to a radio tower and BTS. The BTS connects to a BSC, which contains a component called the Packet Control Function (PCF). The PCF communicates with the Cisco PDSN through an A10/A11 interface. The A10 interface is for user data and the A11 interface is for control messages. This interface is also known as the RAN-to-PDSN (R-P) interface. For the Cisco Home Agent Release 2.1 and above, you must use a Fast Ethernet (FE) interface as the R-P interface on the Cisco 7200 platform, and a Giga Ethernet (GE) interface on the Cisco Multi-Processor WAN Application Module (MWAM) platform.
The IP networking between the PDSN and external data networks is through the PDSN-to-intranet/Internet (Pi) interface. For the Cisco Home Agent, you can use either an FE or GE interface as the Pi interface.
For "back office" connectivity, such as connections to a AAA server, the interface is media independent. Any of the interfaces supported on the Cisco 7206 can be used to connect to these types of services, but we recommend that you use either an FE or GE interface as the Pi interface.
Cisco Home Agent Network
Figure 1-2 illustrates the functional elements in a typical CDMA2000 packet data system, and Cisco products that are currently available to support this solution. The Home Agent, in conjunction with the PDSN and Foreign Agent, allows a mobile station with Mobile IP client function, to access the Internet or corporate intranet using Mobile IP-based service access. Mobile IP extends user mobility beyond the coverage area of the current, serving PDSN/Foreign Agent. If another PDSN is allocated to the call (following a handoff), the target PDSN performs a Mobile IP registration with the Home Agent; this ensures that the same home address is allocated to the mobile station. Additionally, clients without a Mobile IP client can also make use of these services by using the Proxy Mobile IP capability provided by the PDSN.
The Home Agent, then, is the anchor point for mobile terminals for which Mobile IP or Proxy Mobile IP services are provided. Traffic is routed through the Home Agent, and the Home Agent also provides Proxy ARP services. In the case of reverse tunneling, traffic from the terminal is also routed through the Home Agent.
Figure 1-2 Cisco Products for CDMA2000 Packet Data Services Solution
For Mobile IP services, the Home Agent would typically be located within an ISP network, or within a corporate domain. However, many ISPs and/or corporate entities may not be ready to provision Home Agents by the time service providers begin rollout of third-generation packet data services. As a remedy, Access service providers could provision Home Agents within their own domains, and then forward packets to ISPs or corporate domains using VPDN services. Figure 1-3 illustrates the functional elements that are necessary to support Mobile IP-based service access when the Home Agent is located in the service provider domain.
Figure 1-3 Cisco Mobile IP-Based Service Access With Home Agent in Service Provider Network
For Mobile IP and Proxy-Mobile IP types of access, these solutions allow a mobile user to roam within and beyond its service provider boundaries, while always being reachable and addressable through the IP address assigned on initial session establishment. Details of Mobile IP and Proxy Mobile IP Services can be found in the Packet Data Services section that follows.
Packet Data Services
In the context of a CDMA2000 network, the Cisco Home Agent supports two types of packet data services: Mobile IP and Proxy Mobile IP services. From the perspective of the Cisco Home Agent, these services are identical.
Cisco Mobile IP Service
With Mobile IP, the mobile station can roam beyond the coverage area of a given PDSN and still maintain the same IP address and application-level connections.
Figure 1-4 shows the placement of the Cisco Home Agent in a Mobile IP scenario.
Figure 1-4 CDMA Network—Mobile IP Scenario
The communication process occurs in the following order:
1. The mobile station registers with its Home Agent (HA) through an FA. In the context of the CDMA2000 network, the FA is the Cisco PDSN.
2. The Cisco HA accepts the registration, assigns an IP address to the mobile station, and creates a tunnel to the FA. The resulting configuration is a PPP link between the mobile station and the FA (or PDSN), and an IP-in-IP or GRE tunnel between the FA and the HA.
As part of the registration process, the Cisco HA creates a binding table entry to associate the mobile station's home address with its Care-of Address (CoA).
Note While away from home (from the HA's perspective), the mobile station is associated with a care-of address. This address identifies the mobile station's current, topological point of attachment to the Internet, and is used to route packets to the mobile station. Either a Foreign Agent's address, or an address obtained by the mobile station for use while it is present on a particular network, is used as the care-of address. In the case of the Cisco Home Agent, the care-of address is always an address of the Foreign Agent.
3. The HA advertises network reachability to the mobile station, and tunnels datagrams to the mobile station at its current location.
4. The mobile station sends packets with its home address as the source IP address.
5. Packets destined for the mobile station go through the HA, which tunnels them to the PDSN. From there they are sent to the mobile station using the care-of address. This scenario also applies to reverse tunneling, which allows traffic moving from the mobile to the network to pass through the Home Agent.
6. When the PPP link is handed off to a new PDSN, the link is renegotiated and the Mobile IP registration is renewed.
7. The HA updates its binding table with the new care-of address.
Note For more information about Mobile IP, refer to the Cisco IOS Release 12.3 documentation modules Cisco IOS IP Configuration Guide and Cisco IOS IP Command Reference. RFC 2002 describes the specification in detail. TIA/EIA/IS-835-B also defines how Mobile IP is realized in the Home Agent.
Cisco Proxy Mobile IP Service
While PPP, which is widely used to connect to an Internet Service Provider (ISP), is ubiquitous in IP devices, certain service providers lack commercially available Mobile IP client software. As an alternative to Mobile IP, you can use Cisco's Proxy Mobile IP feature. This capability of the Cisco PDSN, which is integrated with PPP, enables the PDSN (functioning as a Foreign Agent) and a Mobile IP client, to provide mobility to authenticated PPP users.
The communication process occurs in the following order:
1. The Cisco PDSN (acting as an FA) collects and sends mobile station authentication information to the AAA server (specifically, PPP authentication information).
2. If the mobile station is successfully authorized to use Cisco PDSN Proxy Mobile IP service, the AAA server returns the registration data and an HA address.
3. The FA uses this information, and other data, to generate a registration request (RRQ) on behalf of the mobile station, and sends it to the Cisco HA.
4. If the registration is successful, the Cisco HA sends a registration reply (RRP) that contains an IP address to the FA.
5. The FA assigns the IP address (received in the RRP) to the mobile station, using IP control protocol (IPCP).
6. A tunnel is established between the Cisco HA and the FA, or PDSN. If reverse tunneling is enabled, the tunnel carries traffic to and from the mobile station.
Note The PDSN takes care of all Mobile IP re-registrations on behalf of the Proxy-MIP client.
New Features in IOS Release 12.3(14)YX1
This section lists features that were introduced or modified in Home Agent Release for Cisco IOS Release 12.3(14)YX1:
•Mobile Equipment Identifier (MEID) Support, page 14-5
This section describes features that were introduced or modified in Home Agent Release 3.0:
•Home Agent Accounting Enhancements
–Home Agent Accounting in a Redundant Setup
–Packet count and Byte count in Accounting Records
–Additional Attributes in the Accounting Records
–Additional Accounting Methods—Interim Accounting is Supported.
•VRF Mapping on the RADIUS Server
•Conditional Debugging Enhancements
•Home Agent Redundancy Enhancements
–Redundancy with Radius Downloaded Pool Names
•SNMP Traps to Track Utilization of Local IP Pool
•Support for Supervisor 720 and 1GB MWAM in Supported Platforms
•Mobile-User ACLs in Packet Filtering
•DNS Server Address Assignment
•Mobile IP MIB Enhancements in SNMP, MIBs and Network Management
This section lists features that were introduced or modified in previous releases of the Cisco Mobile Wireless Home Agent:
•Mobile IPv4 Registration Revocation, page 7-1
•HA Server Load Balancing, page 6-1
•Home Agent Accounting, page 11-1
•Skip HA-CHAP with MN-FA Challenge Extension (MFCE), page 4-2
•VRF Support on HA, page 12-1
•Hot-lining, page 13-1
•Radius Disconnect, page 7-4
•Conditional Debugging, page 15-3
•Home Address Assignment, page 3-1
•Home Agent Redundancy, page 5-1
•Virtual Networks, page 5-6
•On-Demand Address Pool (ODAP), page 3-6
•Mobile IP IPSec, page 10-2
•Support for ACLs on Tunnel Interface, page 14-1
•Support for AAA Attributes MN-HA-SPI and MN-HA SHARED KEY, page 14-3
•3 DES Encryption, page 10-1
•User Profiles, page 14-3
•Mobility Binding Association, page 14-4
•User Authentication and Authorization, page 4-1
•HA Binding Update, page 14-4
•Per User Packet Filtering, page 9-1
•Security, page 10-1
In addition to supporting Cisco IOS networking features, a Cisco 7200 series router, Cisco 6500 series switch, or Cisco 7600 series router, configured as a Home Agent, supports the following Home Agent-specific features:
•Support for static IP addresses assignment
–Public IP addresses
–Private IP addresses
•Support for dynamic IP addresses assignment
–Public IP addresses
–Private IP addresses
•Multiple flows for different Network Access Identifiers (NAIs) using static or dynamic addresses
•Multiple flows for the same NAI using different static addresses
•Foreign Agent Challenge extensions in RFC 3012 - bis 03
–Mobile IP Agent Advertisement Challenge Extension
–MN-FA Challenge Extension
–Generalized Mobile IP Authentication Extension, which specifies the format for the MN-AAA Authentication Extension
•Mobile IP Extensions specified in RFC 2002
–MN-HA Authentication Extension
–FA-HA Authentication Extension
•Reverse Tunneling, RFC 2344
•Mobile NAI Extension, RFC 2794
•Multiple tunneling modes between FA and HA
–IP-in-IP Encapsulation, RFC 2003
–Generic Route Encapsulation, RFC 2784
•Binding Update message for managing stale bindings
•Home Agent redundancy support
•Mobile IP Extensions specified in RFC 3220
–Authentication requiring the use of SPI. section 3.2
•Support for Packet Filtering
–Input access lists
–Output access lists
•Support for proxy and gratuitous ARP
•Mobile IP registration replay protection using time stamps. Nonce-based replay protection is not supported.
The Cisco Mobile Wireless Home Agent provides these additional benefits:
•Supports static and dynamic IP address allocation.
•Attracts, intercepts, and tunnels datagrams for delivery to the MS.
•Receives tunneled datagrams from the MS (through the FA), unencapsulates them, and delivers them to the corresponding node (CN).
Note Depending on the configuration, reverse tunneling may, or may not, be used by the MS, and may or may not be accepted by the HA.
•Presents a unique routable address to the network.
•Supports ingress and egress filtering.
•Maintains binding information for each registered MS containing an association of Care-of Address (CoA) with the home address, NAI, and security keys together with the lifetime of that association.
•Receives and processes registration renewal requests within the bounds of the Mobile IP registration lifetime timer, either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Receives and processes de-registration requests either from the MS (through the FA in the Mobile IP case), or from the FA (in the Proxy Mobile IP case).
•Maintains a subscriber database that is stored locally or retrieved from an external source.
•Sends a binding update to the source PDSN under hand-off conditions when suitably configured.
•Supports dynamic HA assignment.
The Home Agent
The Home Agent (HA) maintains mobile user registrations and tunnels packets destined for the mobile to the PDSN/FA. It supports reverse tunneling, and can securely tunnel packets to the PDSN using IPSec. Broadcast packets are not tunneled. Additionally, the HA performs dynamic home address assignment for the mobile. Home address assignment can be from address pools configured locally, through either DHCP server access, or from the AAA server.
The Cisco HA supports proxy Mobile IP functionality, and is available on the Cisco 7600 series router, Cisco 7200 series router, and Cisco 6500 series switch platforms. A Cisco HA based on the Cisco 7200 series router supports up to 262,000 mobile bindings, can process 100 bindings per second, and is RFC 2002, RFC 2003, RFC 2005 and RFC2006 compliant.
A Cisco HA based on the Cisco 7600 series router or Cisco Catalyst 6500 switch, with two MWAM cards housing five active HA images and five standby images, would support the above figures multiplied by 5.
For more information on Mobile IP as it relates to Home Agent configuration tasks, please refer to the following URL: