Revocation is a general mechanism whereby either the HA or the FA providing
Mobile IP functionality to the same mobile node can notify the other mobility
agent of the termination of a binding. This functionality provides the
Registration Revocation can be triggered at the FA by any of the following:
terminated with mobile node for whatever reason
clearing of calls
software task outage resulting in the loss of FA sessions (sessions that could
not be recovered)
Revocation functionality is also supported for Proxy Mobile IP. However, only
the HA can initiate the revocation for Proxy-MIP calls.
Registration Revocation can be triggered at the HA by any of the following:
clearing of calls
Gateway handoff. This releases the binding at the previous access gateway/FA
software task outage resulting in the loss of FA sessions (for sessions that
could not be recovered)
timer expiry (when configured to send Revocation)
condition under which a binding is terminated due to local policy (duplicate
IMSI detected, duplicate home address requested, etc.)
The FA and the HA
negotiate Registration Revocation support when establishing a Mobile IP call.
Revocation support is indicated to the Mobile Node (MN) from the FA by setting
the 'X' bit in the Agent Advertisement to MN. However the MN is not involved in
negotiating the Revocation for a call or in the Revocation process. It only
gets notified about it. The X bit in the Agent Advertisements is just a hint to
the MN that revocation is supported at the FA but is not a guarantee that it
can be negotiated with the HA
At the FA, if
revocation is enabled and a FA-HA SPI is configured, the Revocation Support
extension is appended to the RRQ received from the MN and protected by the
FA-HA Authentication Extension. At the HA, if the RRQ is accepted, and the HA
supports revocation, the HA responds with an RRP that includes the Revocation
Support extension. Revocation support is considered to be negotiated for a
binding when both sides have included a Revocation Support Extension during a
successful registration exchange.
Support Extension in the RRQ or RRP must be protected by the FA-HA
Authentication Extension. Therefore, an FA-HA SPI must be configured at the FA
and the HA for this to succeed.
If revocation is
enabled at the FA, but an FA-HA SPI is not configured at the FA for a certain
HA, then FA does not send Revocation Support Extension for a call to that HA.
Therefore, the call may come up without Revocation support negotiated.
If the HA receives
an RRQ with Revocation Support Extension, but not protected by FA-HA Auth
Extension, it will be rejected with "FA Failed Authentication" error.
If the FA receives a
RRP with Revocation Support Extension, but not protected by FA-HA Auth
Extension, it will be rejected with "HA Failed Authentication" error.
Also note that
Revocation support extension is included in the initial, renewal or handoff
RRQ/RRP messages. The Revocation extension is not included in a Deregistration
RRQ from the FA and the HA will ignore them in any Deregistration RRQs