The Cable Guy - September 2004
Introduction to Mobile IPv6
Request for Comments (RFC) 3775 defines Mobile Internet Protocol version 6 (IPv6), which allows an IPv6 node to remain reachable regardless of its location on an IPv6 network and whether the nodes with which the Mobile IPv6 node is communicating also support Mobile IPv6.
The following sections describe:
- Roaming nodes and Transport layer connection survivability
- Components of Mobile IPv6
- Mobile IPv6 data delivery
- Correspondent registration process
- Mobile IPv6 nodes and TCP connections
- Mobile IPv6 support in Microsoft Windows
Roaming Nodes and Transport Layer Connection Survivability
When a node becomes mobile, such as a wireless-enabled laptop computer that roams between different portions of a wireless network, there are mechanisms to ensure that the mobile node has a relevant address for the network segment (subnet) to which it is attached. For IPv6, these mechanisms include stateless address autoconfiguration through router discovery and the Dynamic Host Configuration Protocol for IPv6 (DHCPv6). After detecting that it is on a new link of a wireless network, the roaming wireless node uses router discovery, DHCPv6, or both to configure IPv6 addresses, the addresses of neighboring IPv6 default routers, and other configuration parameters.
Although the mobile node can automatically reconfigure itself for the new link to which it is attached, Transport layer connections, such as TCP connections, that were made using the roaming node's previous address can no longer be used. The previous address is no longer valid for the new network segment and the existing TCP connections must be abandoned. Applications must make new connections using the newly assigned address. Depending on the application, a sudden change in IPv6 address configuration can cause the application to stop working, requiring the user to stop and restart the application.
For true roaming support, an IPv6 node must support both auto-reconfiguration and Transport layer connection survivability. Rather than providing Transport layer survivability by modifying applications or Transport layer protocols such as TCP, the solution offered by Mobile IPv6 is to extend IPv6 so that Transport layer protocols and applications are unaware of changes in IPv6 address configuration. In Mobile IPv6, applications and Transport layer protocols use an IPv6 address that is assigned to the Mobile IPv6 node that does not change, regardless of the mobile node's location and current address configuration.
Components of Mobile IPv6
The following figure shows the components of Mobile IPv6.
If your browser does not support inline frames, click here to view on a separate page.
The components of Mobile IPv6 are the following:
- Mobile node An IPv6 node that can change links, and therefore addresses, and maintain reachability using its home address.
- Home link The link from which the mobile node originates.
- Home address An address assigned to the mobile node when it is attached to the home link and through which the mobile node is always reachable, regardless of its location on an IPv6 network. Because the mobile node is always assigned the home address, it is always logically connected to the home link.
- Home agent A router on the home link that maintains registrations of mobile nodes that are away from home and their current addresses. Although the figure shows the home agent as the router connecting the home link to an IPv6 network, the home agent does not have to serve this function. The home agent can also be a node on the home link that does not perform any forwarding when the mobile is connected to the home link.
- Foreign link A link that is not the mobile node's home link.
- Care-of address An address used by a mobile node while it is attached to a foreign link. The association of a home address with a care-of address for a mobile node is known as a binding.
- Correspondent node An IPv6 node that communicates with a mobile node. A correspondent node does not have to be Mobile IPv6-capable.
Correspondent nodes that are Mobile IPv6-capable and home agents maintain information about bindings in a binding cache. Mobile nodes maintain information about correspondent nodes in a binding update list.
Note The IPv6 network in the previous figure can be the IPv6 Internet, an IPv6-capable portion of a private intranet, or a public or private IPv4 infrastructure when using an IPv6 transition technology such as 6to4, Intra-site Automatic Tunnel Addressing Protocol (ISATAP), or Teredo. For more information, see IPv6 Transition Technologies.
Mobile IPv6 Data Delivery
When a mobile node is away from home, it can receive data packets from a correspondent node in the following ways:
- If the correspondent node is not Mobile IPv6-capable or a correspondent registration is not yet complete, data packets are sent to the mobile node's home address. Correspondent registrations are described in the Correspondent Registration Process section of this article. The home agent intercepts the data packets and tunnels them using IPv6-over-IPv6 tunneling to the mobile node's care-of address.
- If the correspondent node is Mobile IPv6-capable and a correspondent registration has been completed, data packets are sent directly to the mobile node's location on the IPv6 network. The data packets include a new Type 2 Routing extension header that contains the mobile node's home address.
When a mobile node is away from home, it can send data packets to a correspondent node in the following ways:
- If the correspondent node is not Mobile IPv6-capable or a correspondent registration is not yet complete, data packets are tunneled using IPv6-over-IPv6 tunneling to home agent, which forwards them to the correspondent node.
- If the correspondent node is Mobile IPv6-capable and a correspondent registration has been completed, data packets are sent directly to the correspondent node. The data packets include a new Home Address option in a Destination Options header that contains the mobile node's home address.
The tunneling of packets between the correspondent node and the mobile node via the home agent is known as bidirectional tunneling. Bidirectional tunneling ensures that the mobile node is always reachable when it is away from home, even if the correspondent node is not Mobile IPv6-capable. However, bidirectional tunneling can cause significant transmission delays.
The sending of packets directly between a mobile node and a Mobile IPv6-capable correspondent node is known as route optimization. Route optimization eliminates the transmission delays associated with bidirectional tunneling and is needed to provide sufficient performance for time-sensitive traffic, such as Voice over IP (VoIP).
The following figure shows a mobile node and a correspondent node exchanging data packets using bidirectional tunneling and route optimization.
If your browser does not support inline frames, click here to view on a separate page.
Correspondent Registration Process
To perform route optimization delivery of data packets, the mobile node and the correspondent node perform the correspondent registration process, which consists of the following:
The Return Routability procedure
To provide proof that the mobile node is reachable at both its home address and its care-of address, the mobile node and the correspondent node perform the Return Routability procedure. The proof is needed to defend against various types of connection hijacking and denial-of-service attacks. During the Return Routability procedure, the mobile node sends two different test packets to the correspondent node. One is sent through the home agent and one is sent directly to the correspondent node. The correspondent node sends responses to the test packets, each response containing a cryptographic token.
Exchange of Binding Update and Binding Acknowledgement messages
After the Return Routability procedure is complete, the mobile node sends a Mobile IPv6 Binding Update message to the correspondent node. The Binding Update message includes authentication data calculated using the cryptographic tokens sent by the correspondent node during the Return Routability procedure. The correspondent node validates the authentication data. This validation is not strong cryptographic authentication, but is sufficient to prevent most types of attacks. If the authentication data is valid, the correspondent node adds an entry to its binding cache for the mobile node and sends a Binding Acknowledgement message.
Upon receipt of the Binding Acknowledgement message, the mobile node adds an entry to its binding update list for the correspondent node.
After the correspondent registration process is complete, the mobile node and correspondent node can send data packets to each other using route optimization.
Mobile IPv6 Nodes and TCP Connections
To show how Mobile IPv6 provides Transport layer connection survivability, let us examine what happens to an existing TCP connection when a mobile IPv6 node moves from its home link to a foreign link. To simplify the discussion in this example, we will only describe in detail the set of messages exchanged between the mobile node and the correspondent node. For detailed information about Mobile IPv6 processes, see Understanding Mobile IPv6.
Node A is a mobile node and Node B is a Mobile IPv6-capable correspondent node. Node A configures a home address while it is connected to its home link. Node A makes a TCP connection with Node B. When Node A roams to a foreign link, the following process occurs:
After sensing a change in the link to which Node A is connected and obtaining a care-of address, Node A exchanges a set of Binding Update and Binding Acknowledgement messages with its home agent. The home agent adds an entry to its binding cache for Node A, storing its home address and care-of address. This is known as a home registration.
For this example, Node B sends a TCP segment for the existing TCP connection to Node A. Because Node B has not yet been informed that Node A has changed its location, Node B sends the TCP segment to Node A's home address.
Because the home agent has a binding cache entry for Node A's home address, the home agent intercepts the TCP segment and tunnels it to Node A's care-of address.
After receiving the TCP segment tunneled via the home agent, Node A begins the correspondent registration process, including the Return Routability procedure and the exchange of Binding Update and Binding Acknowledgement messages.
During the correspondent registration process, TCP segments sent between the mobile node and the correspondent node are bidirectionally tunneled through the home agent.
After the correspondent registration is complete, the mobile node has an entry for the correspondent node in its binding update list and the correspondent node has an entry for the mobile node in its binding cache.
Node A and Node B exchange subsequent TCP segments using route optimization.
If Node B is not Mobile IPv6-capable, then the correspondent registration process fails and all TCP segments that are sent between Node A and Node B are bidirectionally tunneled.
During the roaming, the TCP connection initially established between the mobile node's home address and the correspondent node's address remains intact. There might be TCP segments that are dropped during step 1, in which there is a delay when Node A is sensing the link change, obtaining a new care-of address, and performing home registration. However, these segments are retransmitted by TCP.
Mobile IPv6 Support in Microsoft Windows
Microsoft Windows XP with Service Pack 1, Windows XP with Service Pack 2, and Windows Server 2003 include only correspondent node support based on version 13 of the now obsolete Mobile IPv6 Internet draft. For more information, see Chapter 12 of the Understanding IPv6 Microsoft Press book.
For More Information
For more information about Mobile IPv6 and IPv6, consult the following resources:
For a list of all The Cable Guy articles, click here.