Mobile IP

The mobile IP service (RFC 2002) provides complete mobility to a user. The PDSN has the functionality of an FA. A user is assigned an HA in its home IP network. The MS is assigned an IP address, called home address, which is in the same subnet as the HA. The MS uses CoA (IP address of the FA) to register with the HA. Registration causes the HA to perform proxy ARP on the home subnet and begins intercepting all packets destined to the MN's home address. The HA also creates a binding between the home address of the MN and the care-of address specified in the Registration request. When the HA receives data for an MS, it forwards the data to the FA using CoA and the FA forwards the data to the MS. Packets destined for the MN are tunnelled using IP-in-IP tunnelling to the care-of address.

IP-in-IP tunnelling is specified in RFC 2003. Mobile IP allows an MS to be reachable regardless of whether it is roaming in a public or private network. The only criteria is that the care-of address and the home agent have public IP addresses that are globally routable. In case of private network access, the MS uses reverse tunneling via the FA to send the data through the private network.Mobile IP signaling is exchanged on the traffic channels over the air interface, which is an inefficient usage of the expensive radio resource. There are some improvements with respect to the base mobile IP protocol to make the signaling more RR efficient.

One such improvement is that the agent advertisement messages are not broadcast continuously and periodically by the PDSN to all the MS. Instead, they are sent to an MS after establishing PPP connection. Another improvement is that the PDSN can only repeat the advertisements a configurable number of times for an MS. Also, the PDSN stops sending the advertisements to an MS once it receives a registration request from the same MS. As mobile IP runs over the PPP connection, the mobile IP registration lifetime should be smaller than the PPP inactivity timer.

The MS-FA security procedure is provided by using MS-FA challenge/response mechanism as described in RFC 3012. It is initiated by the PDSN to authenticate a user in a visited domain upon user registration. The PDSN includes an MS-FA challenge extension in the agent advertisement. Since the advertisements are rarely sent, the PDSN includes the next challenge in the registration reply. The MS uses this next challenge in the next re-registration with this PDSN. The PDSN communicates the FA challenge response, received from the MS, to the home AAA server through the visited AAA server.