RE: Amazing but true

From: Scott Morris (swm@emanon.com)
Date: Thu Feb 27 2003 - 09:41:04 GMT-3

• Next message: Scott Morris: "RE: Amazing but true"
• Previous message: West, Jeff: "RE: Matching IP Precedence in VoIP ACLs"
• Maybe in reply to: ccie2be: "Amazing but true"
• Next in thread: Scott Morris: "RE: Amazing but true"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I can drink quite a bit... So be careful what the challenge is. :)

No, I didn't create the technology, but I was a trainer on this (among
other things) about two years ago when it first began to rear its head!
And it's just a part of my vast collection of useless knowledge. ;)

I say SHOULD because the RFC states there has to be. Remember that the
colocate care-of address isn't really handled by any spec at this point
(to my knowledge), it's one of those things that came out because it
seemed like a good idea. And as the software for mobile nodes
progresses, it's entirely possible that the need will be decreased, but
technology and feasibility and logic will always win.

You have to think about what mobile IP is accomplishing and what it was
designed for. That will answer your question that there really MUST be
an FA someplace. And of course because we always want to track and
therefore bill for things, and prevent bad people from figuring out
loopholes, there will always be an FA on the roaming network regardless
of who terminates the tunnel in the end.

Yes, the bare minimum would be a router with IRDP plus an IP address
(given somehow) to a mobile node with support for colocated care-of
addresses. The tunnel is built to the HA.

IRDP is only a requirement for the FA. On the FA side, you assume you
have random people wandering around in and out of cell range that
suddenly appear on your network, and what do they need to know in order
to get out? A router. The HA just sits back at the office waiting for
tunnels to come to it.

A two drink limit? You've got to be kidding. ;)

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Wednesday, February 26, 2003 11:12 PM
To: Group Study; Scott Morris
Subject: Re: Amazing but true

Hey Scott,

Your second response just got you another drink. Keep this up and
pretty soon we'll be seeing how much drinking you can handle. Out of
curiousity, how do come to have so much in depth knowledge on this
technology? Were you somehow involved with it's creation cause I know
this info isn't available from Cisco's CCO?

Normally, when I find out that a topic isn't on the lab, I think, "Good,
now I can move onto something that will help get me over the top.", but
you've got me intrigued about this stuff.

So, getting back to Mobile IP, you've raised a few interesting issues.
Ex: You say there SHOULD be a FA but you don't say there MUST be a FA.
Does that mean that this combo will work?

Router with IRDP configured on it (but not FA service) plus Mobile node
with support for co-located c/o address plus DHCP

In this scenario, it seems that the mobile node discovers via IRDP it's
on a non-home segment, uses DHCP to get a co-located c/a, then registers
with it's HA which allows the HA to build a tunnel directly to the MN.
Is this what happens?

Also, is IRDP a requirement for both the FA and the HA or just the FA?
Your remarks lead me to think that IRDP is the real key for this to
work.

BTW, if you're tired of this stuff (or you can't handle anymore
drinking), I can be content with what you've already explained to me.
So, I leave it up to you. In any case, thanks for all the info.

Jim

----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
<ccielab@groupstudy.com>
Sent: Wednesday, February 26, 2003 8:16 PM
Subject: RE: Amazing but true

> Heheheh... Thanks for the offer, perhaps I'll take you up on it
> someday! :) (Always good to keep a list of where free alcohol is
> while
> travelling!)
>
> You're mostly correct, but let me make sure the scenario is in your
> head ok... When roaming through a network, there SHOULD be foreign
> agents configured (or at least something sending IRDP announcements).

> Now, assuming that there are foreign agents configured on the roaming
> network, there are two scenarios that colocate care-of addresses are
> used.
>
> First, if the FA's are currently loaded with all the mobile nodes that

> they can handle, then the mobile node may get a colocated IP via DHCP.
>
> Second, if the mobile node has as agreement with the provider and is
> "pre-assigned" an IP to use while on their network.
>
> In those two cases alone, and providing the mobile node's software is
> capable, then the mobile node will become their own FA. There still
> must be SOMETHING to route IP via the local subnets wherever they are,

> and THAT is the purpose of the colocate care-of address.
>
> In the foreign-agent configuration (12.2 at least), you have a
> "force-register" option which says that the mobile node must register
> with the FA regardless of whether the FA is creating the tunnel or
> whether the mobile node has their own colocate address. This would be

> done for billing and regulation purposes. But otherwise, your
> scenario is correct, that if you have a local routable IP, you can do
> anything you want.
>
> As for the lab, you don't have to care about ANY of this stuff,
> because it is NOT part of the routing & switching lab at all. There
> have been many conversations over the past year or so about "Mobile
> IP" on the R&S lab. That's a misnomer! They are really talking about

> "local area mobility", which may indeed be on your R&S lab!!! That's
> a whole different beast, and a whole lot easier to configure and work
> with!
>
> Hope that helps!
>
> Scott
>
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Wednesday, February 26, 2003 7:29 PM
> To: Group Study; swm@emanon.com
> Subject: Re: Amazing but true
>
>
> Hey Scott,
>
> First of all, let me thank you for your response. It's one of the
> best written, logical, responsive, and comprehensive post I've seen on

> group study since I've started following group study ( about 2 months
> ago). And, to show my graditude, if you're ever in New York City, I
> hope you'll let me know so I can buy you a drink.
>
> Now, let me make sure I completely understand what you're saying.
>
> If a mobile node's client software supports a co-located
> care-of-address, it doesn't need there to be a Foreign Agent when it
> attaches to a non- home network segment because it can be it's own FA.

> Is that right? And, if so, does it go thru a process whereby it first

> checks to see if there's a FA, and, if so, uses the "typical" method
> of using the FA's care-of-address, but, if not, resorts to a
> co-location care-of-address?
>
> Also, doesn't this process, if I understand it correctly, present a
> potential problem in that mobile nodes can attach to any non-home
> network segment whether or not attachment is authorized? For example,

> suppose a company has 5 network segments A, B, C, D, and E. And, the
> company's security policy says that mobile nodes whose home segment is

> A, B or C can roam among those 3 segments and mobile nodes whose home
> segment is D or E can roam anywhere. To me, it sounds like this
> policy can't be enforced if the mobile nodes are able to use a
> co-located care-of-address. Is that correct?
>
> And, finally, as a practical matter vis-a-vis the lab, I don't have to

> be concerned with this care-of -address distinction because it's not
> something I explicitly configure on the router - if anything, it might

> be an option configured on the mobile node itself - if it's supported.

> True?
>
> Anyway, thank you again. I've been wondering about this for several
> weeks. Jim
>
>
> ----- Original Message -----
> From: "Scott Morris" <swm@emanon.com>
> To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'"
> <ccielab@groupstudy.com>
> Sent: Wednesday, February 26, 2003 6:20 PM
> Subject: RE: Amazing but true
>
>
> > The foreign agent care-of-address is the "typical" way that mobile
> > IP works. And it's the announcement of the FA itself saying to the
> > home agent that 'I know how to get to x.x.x.x' (done through a
> > tunnel). So
>
> > for routing purposes, the FA becomes the care-of-address in order to

> > get to x.x.x.x...
> >
> > The colocate care-of-address actually implies that sometimes a
> > mobile node moves onto a roaming network that either has no FA's, or

> > all of the FA's are busy. This is when it can become it's "own" FA
> > using a colocated care-of-address. The specifics of how to get one
> > aren't in the mobile IP RFC's, but DHCP is the primary method. At
> > that point, the mobile node technically has two addresses, it's
> > "normal" mobile one, and an address within the roaming networks'
> > scope. It is also possible to have a pre-determined colocated
> > address configured on the mobile node
> >
> > So you the network engineer MAY determine things depending on which
> > end of the problem you are on! If you are on the mobile node/home
> > agent side, there's nothing you can do. If you are engineering the
> > foreign agent/roaming network then you are in control of this, and
> > may
>
> > set up extra things in order to facilitate this interaction (or
> > not).
>
> > It would depend on the mobile node software though as to whether it
> > would take effect.
> >
> > If a colocated c/o address is used, the the mobile node will not
> > attempt to register with the FA router. It will just start sending
> > IP
>
> > packets as if it were its own FA.
> >
> > Hope that helps.
> >
> > Scott
> >
> > -----Original Message-----
> > From: ccie2be [mailto:ccie2be@nyc.rr.com]
> > Sent: Wednesday, February 26, 2003 5:33 PM
> > To: Group Study; swm@emanon.com
> > Subject: Re: Amazing but true
> >
> >
> > Hi,
> >
> > Here's the original post regarding care-of-addresses used with
> > Mobile IP.
> >
> >
> > With Mobile IP there are 2 types of care-of addresses:
> >
> > 1) Care-of-address acquired from a Foreign Agent
> > 2) Colocated care-of-address
> >
> > The Cisco docs does a good job of explaining what these are but
> > doesn't say anything about what determines which type of address is
> > used or why 1 type should be used versus the other.
> >
> > Do I, as the network engineer, determine which type of address is
> > used? Does this depend on what mobile node software is installed on
> > the client or is this configured on the router, and if so, how?
> >
> > Please help me understand this. Thanks, Jim
> >
> > ----- Original Message -----
> > From: "Scott Morris" <swm@emanon.com>
> > To: "'ccie2be'" <ccie2be@nyc.rr.com>
> > Sent: Wednesday, February 26, 2003 5:30 PM
> > Subject: RE: Amazing but true
> >
> >
> > > What was/were the original questions?
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf
>
> > > Of ccie2be
> > > Sent: Wednesday, February 26, 2003 2:50 PM
> > > To: Group Study
> > > Subject: Amazing but true
> > >
> > >
> > > Hi everyone,
> > >
> > > Over the past few weeks, several times I've posted a question
> > > regarding the two types of care-of-addresses used with Mobile IP.
> > > My question concerned what detemines which type of address is used

> > > and whether the type used is something that's configured on the
> > > router or determined by some other means - perhaps the software
> > > installed on the
> >
> > > mobile client.
> > >
> > > What surprises me though is that there hasn't been one single
> > > response! I don't understand how that could be. I've searched
> > > thru both the Group Study archieves and Cisco's documentation and
> > > found nothing addressing this question. I also know that mobile
> > > IP is fair game for the lab, so I'm amazed that this question
> > > continues to
>
> > > go unanswered.
> > >
> > > And, though I can't understand why that is I've come up with 2
> > > theories:
> > >
> > > a) nobody knows
> > > b) nobody cares
> > >
> > > I can't imagine that nobody on groupstudy knows this - this is
> > > probably the most knowledgable group of networking professional in

> > > the
> >
> > > world - so let's nix that idea.
> > >
> > > Could it be that nobody cares? That's also hard to imagine.
> > > Everyday, questions seemingly far more esoteric are posted and
> > > responded to. Besides, there must be at least a few people who
> > > might
>
> > > need to implement Mobile IP in the near future and they would
> > > certainly need to know about this. And, even if nobody at the
> > > moment needed to know about this for work, most people on group
> > > study seemed to be very intellectually curious So, let's nix this
> > > theory as well.
> > >
> > > Well, I hope this sparks some discussion, and maybe, in the
> > > process,
>
> > > generates the answer to the original question.
> > >
> > > What do you think?
> > >
> > > Jim

• Next message: Scott Morris: "RE: Amazing but true"
• Previous message: West, Jeff: "RE: Matching IP Precedence in VoIP ACLs"
• Maybe in reply to: ccie2be: "Amazing but true"
• Next in thread: Scott Morris: "RE: Amazing but true"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:37 GMT-3