Registration
Revocation is a general mechanism whereby either the HA or the FA providing
Mobile IP functionality to the same mobile node can notify the other mobility
agent of the termination of a binding. This functionality provides the
following benefits:
Mobile IP
Registration Revocation can be triggered at the FA by any of the following:
-
Session
terminated with mobile node for whatever reason
-
Session
renegotiation
-
Administrative
clearing of calls
-
Session Manager
software task outage resulting in the loss of FA sessions (sessions that could
not be recovered)
Important:
Registration
Revocation functionality is also supported for Proxy Mobile IP. However, only
the HA can initiate the revocation for Proxy-MIP calls.
Mobile IP
Registration Revocation can be triggered at the HA by any of the following:
-
Administrative
clearing of calls
-
Inter-Access
Gateway handoff. This releases the binding at the previous access gateway/FA
-
Session Manager
software task outage resulting in the loss of FA sessions (for sessions that
could not be recovered)
-
Session Idle
timer expiry (when configured to send Revocation)
-
Any other
condition under which a binding is terminated due to local policy (duplicate
IMSI detected, duplicate home address requested, etc.)
The FA and the HA
negotiate Registration Revocation support when establishing a Mobile IP call.
Revocation support is indicated to the Mobile Node (MN) from the FA by setting
the 'X' bit in the Agent Advertisement to MN. However the MN is not involved in
negotiating the Revocation for a call or in the Revocation process. It only
gets notified about it. The X bit in the Agent Advertisements is just a hint to
the MN that revocation is supported at the FA but is not a guarantee that it
can be negotiated with the HA
At the FA, if
revocation is enabled and a FA-HA SPI is configured, the Revocation Support
extension is appended to the RRQ received from the MN and protected by the
FA-HA Authentication Extension. At the HA, if the RRQ is accepted, and the HA
supports revocation, the HA responds with an RRP that includes the Revocation
Support extension. Revocation support is considered to be negotiated for a
binding when both sides have included a Revocation Support Extension during a
successful registration exchange.
Important:
The Revocation
Support Extension in the RRQ or RRP must be protected by the FA-HA
Authentication Extension. Therefore, an FA-HA SPI must be configured at the FA
and the HA for this to succeed.
If revocation is
enabled at the FA, but an FA-HA SPI is not configured at the FA for a certain
HA, then FA does not send Revocation Support Extension for a call to that HA.
Therefore, the call may come up without Revocation support negotiated.
If the HA receives
an RRQ with Revocation Support Extension, but not protected by FA-HA Auth
Extension, it will be rejected with "FA Failed Authentication" error.
If the FA receives a
RRP with Revocation Support Extension, but not protected by FA-HA Auth
Extension, it will be rejected with "HA Failed Authentication" error.
Also note that
Revocation support extension is included in the initial, renewal or handoff
RRQ/RRP messages. The Revocation extension is not included in a Deregistration
RRQ from the FA and the HA will ignore them in any Deregistration RRQs
received.