From: Frank Jimenez (franjime@cisco.com)
Date: Thu Feb 27 2003 - 15:45:00 GMT-3
Thought I'd pass this along - looks like it might be useful for some basic
configurations.
Deploying Mobile IP (NSC-261)
http://www.cisco.com/networkers/nw02/post/presentations/docs/NSC-261.pdf
Caveat: I've not deployed any of this personally or in the lab, so YMMV. You
could say that I've been trying to stay off the LAM for now. <rimshot>
Frank Jimenez, CCIE #5738
franjime@cisco.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Scott
Morris
Sent: Wednesday, February 26, 2003 7:17 PM
To: 'ccie2be'; 'Group Study'
Subject: RE: Amazing but true
Heheheh... Thanks for the offer, perhaps I'll take you up on it someday! :)
(Always good to keep a list of where free alcohol is while
travelling!)
You're mostly correct, but let me make sure the scenario is in your head ok...
When roaming through a network, there SHOULD be foreign agents configured (or at
least something sending IRDP announcements). Now, assuming that there are
foreign agents configured on the roaming network, there are two scenarios that
colocate care-of addresses are used.
First, if the FA's are currently loaded with all the mobile nodes that they can
handle, then the mobile node may get a colocated IP via DHCP.
Second, if the mobile node has as agreement with the provider and is
"pre-assigned" an IP to use while on their network.
In those two cases alone, and providing the mobile node's software is capable,
then the mobile node will become their own FA. There still must be SOMETHING to
route IP via the local subnets wherever they are, and THAT is the purpose of the
colocate care-of address.
In the foreign-agent configuration (12.2 at least), you have a "force-register"
option which says that the mobile node must register with the FA regardless of
whether the FA is creating the tunnel or whether the mobile node has their own
colocate address. This would be done for billing and regulation purposes. But
otherwise, your scenario is correct, that if you have a local routable IP, you
can do anything you want.
As for the lab, you don't have to care about ANY of this stuff, because it is
NOT part of the routing & switching lab at all. There have been many
conversations over the past year or so about "Mobile IP" on the R&S lab. That's
a misnomer! They are really talking about "local area mobility", which may
indeed be on your R&S lab!!! That's a whole different beast, and a whole lot
easier to configure and work with!
Hope that helps!
Scott
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Wednesday, February 26, 2003 7:29 PM
To: Group Study; swm@emanon.com
Subject: Re: Amazing but true
Hey Scott,
First of all, let me thank you for your response. It's one of the best written,
logical, responsive, and comprehensive post I've seen on group study since I've
started following group study ( about 2 months ago). And, to show my graditude,
if you're ever in New York City, I hope you'll let me know so I can buy you a
drink.
Now, let me make sure I completely understand what you're saying.
If a mobile node's client software supports a co-located care-of-address, it
doesn't need there to be a Foreign Agent when it attaches to a non- home network
segment because it can be it's own FA. Is that right? And, if so, does it go
thru a process whereby it first checks to see if there's a FA, and, if so, uses
the "typical" method of using the FA's care-of-address, but, if not, resorts to
a co-location care-of-address?
Also, doesn't this process, if I understand it correctly, present a potential
problem in that mobile nodes can attach to any non-home network segment whether
or not attachment is authorized? For example, suppose a company has 5 network
segments A, B, C, D, and E. And, the company's security policy says that mobile
nodes whose home segment is A, B or C can roam among those 3 segments and mobile
nodes whose home segment is D or E can roam anywhere. To me, it sounds like
this policy can't be enforced if the mobile nodes are able to use a co-located
care-of-address. Is that correct?
And, finally, as a practical matter vis-a-vis the lab, I don't have to be
concerned with this care-of -address distinction because it's not something I
explicitly configure on the router - if anything, it might be an option
configured on the mobile node itself - if it's supported. True?
Anyway, thank you again. I've been wondering about this for several weeks. Jim
----- Original Message -----
From: "Scott Morris" <swm@emanon.com>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "'Group Study'" <ccielab@groupstudy.com>
Sent: Wednesday, February 26, 2003 6:20 PM
Subject: RE: Amazing but true
> The foreign agent care-of-address is the "typical" way that mobile IP
> works. And it's the announcement of the FA itself saying to the home
> agent that 'I know how to get to x.x.x.x' (done through a tunnel). So
> for routing purposes, the FA becomes the care-of-address in order to
> get to x.x.x.x...
>
> The colocate care-of-address actually implies that sometimes a mobile
> node moves onto a roaming network that either has no FA's, or all of
> the FA's are busy. This is when it can become it's "own" FA using a
> colocated care-of-address. The specifics of how to get one aren't in
> the mobile IP RFC's, but DHCP is the primary method. At that point,
> the mobile node technically has two addresses, it's "normal" mobile
> one, and an address within the roaming networks' scope. It is also
> possible to have a pre-determined colocated address configured on the
> mobile node
>
> So you the network engineer MAY determine things depending on which
> end of the problem you are on! If you are on the mobile node/home
> agent side, there's nothing you can do. If you are engineering the
> foreign agent/roaming network then you are in control of this, and may
> set up extra things in order to facilitate this interaction (or not).
> It would depend on the mobile node software though as to whether it
> would take effect.
>
> If a colocated c/o address is used, the the mobile node will not
> attempt to register with the FA router. It will just start sending IP
> packets as if it were its own FA.
>
> Hope that helps.
>
> Scott
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Wednesday, February 26, 2003 5:33 PM
> To: Group Study; swm@emanon.com
> Subject: Re: Amazing but true
>
>
> Hi,
>
> Here's the original post regarding care-of-addresses used with Mobile
> IP.
>
>
> With Mobile IP there are 2 types of care-of addresses:
>
> 1) Care-of-address acquired from a Foreign Agent
> 2) Colocated care-of-address
>
> The Cisco docs does a good job of explaining what these are but
> doesn't say anything about what determines which type of address is
> used or why 1 type should be used versus the other.
>
> Do I, as the network engineer, determine which type of address is
> used? Does this depend on what mobile node software is installed on
> the client or is this configured on the router, and if so, how?
>
> Please help me understand this. Thanks, Jim
>
> ----- Original Message -----
> From: "Scott Morris" <swm@emanon.com>
> To: "'ccie2be'" <ccie2be@nyc.rr.com>
> Sent: Wednesday, February 26, 2003 5:30 PM
> Subject: RE: Amazing but true
>
>
> > What was/were the original questions?
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of ccie2be
> > Sent: Wednesday, February 26, 2003 2:50 PM
> > To: Group Study
> > Subject: Amazing but true
> >
> >
> > Hi everyone,
> >
> > Over the past few weeks, several times I've posted a question
> > regarding the two types of care-of-addresses used with Mobile IP.
> > My question concerned what detemines which type of address is used
> > and whether the type used is something that's configured on the
> > router or determined by some other means - perhaps the software
> > installed on the
>
> > mobile client.
> >
> > What surprises me though is that there hasn't been one single
> > response! I don't understand how that could be. I've searched thru
> > both the Group Study archieves and Cisco's documentation and found
> > nothing addressing this question. I also know that mobile IP is
> > fair game for the lab, so I'm amazed that this question continues to
> > go unanswered.
> >
> > And, though I can't understand why that is I've come up with 2
> > theories:
> >
> > a) nobody knows
> > b) nobody cares
> >
> > I can't imagine that nobody on groupstudy knows this - this is
> > probably the most knowledgable group of networking professional in
> > the
>
> > world - so let's nix that idea.
> >
> > Could it be that nobody cares? That's also hard to imagine.
> > Everyday, questions seemingly far more esoteric are posted and
> > responded to. Besides, there must be at least a few people who might
> > need to implement Mobile IP in the near future and they would
> > certainly need to know about this. And, even if nobody at the
> > moment needed to know about this for work, most people on group
> > study seemed to be very intellectually curious So, let's nix this
> > theory as well.
> >
> > Well, I hope this sparks some discussion, and maybe, in the process,
> > generates the answer to the original question.
> >
> > What do you think?
> >
> > Jim
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.456 / Virus Database: 256 - Release Date: 2/18/2003
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:38 GMT-3