Mobile IP

A valid IP address is a must for any computing entity to communicate on the Internet, whether it is your desktop, laptop or PDA. But problems arise when a user wants to move from one place to another and still wants to have an uninterrupted Internet connection. Mobile Seamless Roaming for computers connected to Internet doesn’t go well with the existing IP infrastructure. This is because the Internet is inherently designed such that IP host addresses are tied to home network address. Hosts are assumed to be wired and immobile. Intermediate routers look only at network addresses. Thus mobility without change in IP address results in un-routable packets for existing and new connections with the same IP. 

Let’s take a real life example to understand this. How is snail mail delivered to you? You must have a home address known to your post-office. Whenever your post reaches your city, it is first delivered to your home (local) post office. Then a postman from your home post-office delivers it to you. Now, if you have to move between different cities temporarily, then how do you receive mail? One option is to inform your friends of your new address every time you move. But a better solution is to inform your home post-office of your new address whenever you move. Then whenever any new post comes at your home-address, your home-post-office will put your mail in an envelop with your new address and forward it to your new post-office. For this you must have this special post forwarding facility available at the home and new post-offices.

Similar to our postal scenario, we need some kind of mobility support from the existing IP infrastructure. Mobile IP is a standard proposed by IETF (Internet Engineering Task Force) and allows mobile hosts to move without changing its permanent IP address. Mobile IP is designed with various requirements in mind: 

• It should be transparent to apps running on mobile hosts and provide seamless roaming. This is required because connections and transport level (TCP) are maintained using IP of both peers. 
• Since it is the common characteristics of all the mobile devices to have limited bandwidth and battery life, it is necessary for the Mobile IP to have minimal protocol message exchange.
• Supporting mobility shall not require any change in existing routing infrastructure and protocols.
  
  
  
  Now let’s get into the technicalities of Mobile IP. 

Basic Architecture



Mobility support is provided for existing IP infrastructure by using two IP addresses for mobile hosts: One for identification (which is permanent and called Home-address) and one for routing (which changes with location and called Care-of-address). Three new functional entities are introduced to provide mobility support as shown in the figure below (see Glossary in PCQuest Buzz for more details).

Mobile Node: Also called called Correspondent Node, this host changes it location from one network to another.

Home Agent: A router on home network that serves as a sole contact point to Mobile Node, from other nodes on the

Internet. 



Foreign Agent: A router that functions as point of attachment for the Mobile node when it is roaming.

How Mobile IP works?



All the functionality to provide mobility support for IP revolves around Care of Address. There are three phases of Mobile IP operation:

• Discovering Care-of-Address
• Registering Care-of-Address
• Tunneling packets to Care-of-Address

There are two ways to obtain this care of address 



1. Foreign Agent Care-of-Address is the address of Foreign Agent assigned to Mobile Node during discovery phase. All the packets from Home Agent to Mobile Node are routed through Foreign Agent, who decapsulates the packets and pass them on to Mobile Host during registration and tunneling. This Care-of-address can be used by multiple Mobile Nodes at a time. 

2. Or Mobile Node can directly obtain care-of-address through some other means such as DHCP etc. This temporarily assigned foreign IP address is called Collocated Care-of-Address. In this case home agent send packets directly to this temporary IP address during registration and tunneling.

Initially, the Mobile Node resides in the home network and works without using mobility service. When it moves out of the home network, the first job is to find out if it has moved to any foreign network. From here onwards, Mobile IP starts doing its work.

Discovery



All the Mobility agents periodically broadcast the agent advertisements that contain mobility agent’s address, care-of-address, various flags specifying special features supported by mobility agent and lifetime of proposed binding. If Mobile Node is impatient it can as well solicit for an advertisement by sending a solicitation request. These advertisement and solicitation request are nothing but an extension of ICMP Router Advertisement standard protocol. Once the Mobile Node determines that it has moved to another foreign network, it has to inform Home Agent about this.

Registration



Home Agent maintains binding of form (home address, care of address, lifetime) for each Mobile Node belonging to home network visiting foreign network. After getting new care-of-address during Discovery Phase Mobile Node sends the registration request containing parameters required for binding and tunnel creation to Home Agent. Once Home Agent authenticates the registration request, it creates a mobility binding, a tunnel to care-of-address and route entry to forward packets to Mobile Node through tunnel.

This registration request needs to be authenticated hence Mobile Node must share Security Association with Home Agent.

Also since registration has a lifetime, Mobile Node needs to reregister and update the mobility binding at regular intervals.

Upon successful registration transportation of packets to and from Mobile Node gets start which is the third phase of Mobile IP

operation–tunnelling.

Tunnelling



Tunnelling means encapsulation of IP packet. Going by our post office example as we discussed earlier on getting new mail your home-post-office will put your mail in another envelop with your new-address and forward it to your new-post-office.

Your new-post-office then takes out your letter from outer envelope and delivers the original mail to you.

Similarly default encapsulation used by Mobile IP is IP-in-IP protocol. On receiving any data for Mobile Node, Home Agent inserts the IP tunnel header in front of the original IP header and forward it to care-of-address. IP within IP encapsulation is shown in the following tunnelling figure. By tunnelling we mean that the original IP packet is encapsulated within new IP header. At the other end of tunnel, on receiving this encapsulated packet Foreign Agent removes the outer IP header and delivers the packet to Mobile Node. Then Mobile Node directly reply back to Correspondent Node using source address as it home-address and not care-of-address. 

Issues with Mobile IP

Inefficient routing



It is possible that both, mobile node and correspondent node are on the same sub-network. But as per Mobile IP design all the packets to mobile host are routed through Home Agent. These packets travel a longer path to the destination. Routing in Mobile IP is asymmetric and is termed as triangular routing, since packets from Mobile Node to any Internet host can be routed directly but all the packets to Mobile Node go through Home agent. 

A proposed solution to this problem is to update the correspondent host every time the mobility binding changes. If correspondent node need to refresh its binding to Mobile Node, it will send binding request to Home Agent. Home Agent sends the binding update message to all corresponding hosts that need them, containing Mobile Hosts current Care-of-Address. After that IP packets are routed from Correspondent host to Mobile Node directly without going through Home Agent.

ARP resolution



IP is logical address, for actual communication link level address (called MAC address) is required. IP addresses are resolved into physical address using ARP (Address Resolution Protocol). But when the Mobile Node is away from home network it hinders the normal working of ARP because Mobile Node is not present in the home network to resolve the ARP request. To handle this problem Mobile IP describes two special use of ARP–Proxy ARP and Gratuitious ARP (see Glossary in PCQuest Buzz).

Ingress Filtering



As we have already discussed, Mobile IP results in triangular routing i.e. forward and reverse IP routing paths may be different. Many Firewalls deploy ingress filtering, which means if the router sees the reply packet coming from different interface direction then that of request packet was send, then it will drop the packet. To solve this problem Reverse Tunneling approach is used. In Reverse Tunneling method the reply packets from Mobile Node are tunneled back to Home Agent after Foreign Agent receives them.

Security issues



There are various threats in Mobile IP also. Nodes use wireless links. Hence, the designers of Mobile IP have provided many security features. Mobile IP is able to deal with the security threats of Bogus Registration Attack and Replay Attack (see Glossary in PCQuest Buzz)

Many companies have successfully demonstrated Mobile IP, first among them being Qualcomm and Nortel. It has a great potential for Mobile application deployment without affecting the existing Internet infrastructure. Efforts are going on for enhancing the security of Mobile IP and also to integrate Mobile IP and 802.11 wireless LANs. 

Gaurav Vaidya, ishOni Networks, Bangalore