sun.com docs.sun.com My Sun Worldwide Sites

Previous Previous     Contents     Index     Next Next
Mobile Node Identified by Its NAI

The Address section for a mobile node that is identified by its NAI contains the Type, SPI, and Pool labels. The NAI parameter enables you to identify mobile nodes through their NAI. The Address section, using the NAI parameter, has the following syntax:

[Address NAI]
     Type = Node
     SPI = SPI-identifier
     Pool = pool-identifier

To use pools, you identify mobile nodes through their NAI. The Address section permits you to configure an NAI, as opposed to a home address. An NAI uses the format user@domain. You use the Pool label to specify which address pool to use in order to allocate the home address to the mobile node.

The following table describes the labels and values that you can use in the Address section for a mobile node that is identified by its NAI.

Table 29-7 Address Section Labels and Values (Mobile Node Identified by Its NAI)

Label

Value

Description

Type

node

Specifies that the entry is for a mobile node

SPI

n

Specifies the SPI value for the associated entry

Pool

n

Allocates the pool from which an address is assigned to a mobile node

You must have corresponding SPI and Pool sections for the SPI and Pool labels that are defined in an Address section with a mobile node that is identified by its NAI, as shown in the following figure.

Figure 29-1 Corresponding SPI and Pool Sections for Address Section With Mobile Node Identified by Its NAI

Shows that an SPI of 251 and POOL of 10 correspond to the same
SPI and POOL numbers in the ADDRESS NAI section.
Default Mobile Node

The Address section for a default mobile node contains the Type, SPI, and Pool labels. The Node-Default parameter enables you to permit all mobile nodes to get service if they have the correct SPI (defined in this section). The Address section, using the Node-Default parameter, has the following syntax:

[Address Node-Default]
     Type = Node
     SPI = SPI-identifier
     Pool = pool-identifier

The Node-Default parameter enables you to reduce the size of the configuration file. Otherwise, each mobile node requires its own section. However, the Node-Default parameter does pose a security risk. If a mobile node is no longer trusted for any reason, you need to update the security information on all trusted mobile nodes. This task can be very tedious. However, you can use the Node-Default parameter in networks that consider security risks unimportant.

The following table describes the labels and values that you can use in the Address section for a default mobile node.

Table 29-8 Address Section Labels and Values (Default Mobile Node)

Label

Value

Description

Type

node

Specifies that the entry is for a mobile node

SPI

n

Specifies the SPI value for the associated entry

Pool

n

Allocates the pool from which an address is assigned to a mobile node

You must have corresponding SPI and Pool sections for the SPI and Pool labels that are defined in the Address section with a default mobile node, as shown in the following figure.

Figure 29-2 Corresponding SPI and Pool Sections for Address Section With a Default Mobile Node

Shows that an SPI of 251 and POOL of 10 correspond to the same
SPI and POOL numbers in the ADDRESS NODE-DEFAULT section.

Configuring the Mobility IP Agent

You can use the mipagentconfig command to configure the mobility agent. This command enables you to create or modify any parameter in the /etc/inet/mipagent.conf configuration file. Specifically, you can change any setting. Also, you can add or delete mobility clients, pools, and SPIs. The mipagentconfig command has the following syntax:

# mipagentconfig <command> <parameter> <value>

The following table describes the commands that you can use with mipagentconfig to create or modify parameters in the /etc/inet/mipagent.conf configuration file.

Table 29-9 mipagentconfig Subcommands

Command

Description

add

Used to add advertisement parameters, security parameters, SPIs, and addresses to the configuration file

change

Used to change advertisement parameters, security parameters, SPIs, and addresses in the configuration file

delete

Used to delete advertisement parameters, security parameters, SPIs, and addresses from the configuration file

get

Used to display current values in the configuration file

See the mipagentconfig(1M) man page for a description of command parameters and acceptable values. Modifying the Mobile IP Configuration File provides procedures that use the mipagentconfig command.

Mobile IP Mobility Agent Status

You can use the mipagentstat command to display a foreign agent's visitor list and a home agent's binding table. You can also display the security associations with an agent's mobility agent peers. To display the foreign agent visitor list, you use the mipagentstat command's -f option. To display the home agent binding table, you use the mipagentstat command's -h option. To display the security associations with an agent's mobility agent peers, you use the mipagentstat command's -p option. The following examples show typical output when the mipagentstat command is used with these options.

Example 29-1 Foreign Agent Visitor List

Mobile Node     Home Agent     Time (s)     Time (s)  Flags
                               Granted      Remaining
--------------- -------------- ------------ --------- -----
foobar.xyz.com  ha1.xyz.com    600          125       .....T.
10.1.5.23       10.1.5.1       1000         10        .....T.

Example 29-2 Home Agent Binding Table

Mobile Node     Home Agent     Time (s)     Time (s)  Flags
                               Granted      Remaining
--------------- -------------- ------------ --------- -----
foobar.xyz.com  fa1.tuv.com    600          125       .....T.
10.1.5.23       123.2.5.12     1000         10        .....T.

Example 29-3 Mobility Agent Peer Security Association Table

Foreign                  ..... Security Association(s).....
Agent                    Requests Replies  FTunnel  RTunnel
----------------------   -------- -------- -------- --------
forn-agent.eng.sun.com   AH       AH       ESP      ESP

Home                     ..... Security Association(s) .....
Agent                    Requests Replies  FTunnel  RTunnel
----------------------   -------- -------- -------- --------
home-agent.eng.sun.com   AH       AH       ESP      ESP
ha1.xyz.com              AH,ESP   AH       AH,ESP   AH,ESP

See the mipagentstat(1M) man page for more information about the command's options. Displaying Mobility Agent Status provides procedures that use the mipagentstat command.

Mobile IP State Information

On shutdown, the mipagent daemon stores internal state information in /var/inet/mipagent_state. This event occurs only when the mipagent provides services as a home agent. This state information includes the list of mobile nodes that are being supported as a home agent, their current care-of addresses, and remaining registration lifetimes. This state information also includes the security association configuration with mobility agent peers. If the mipagent daemon is terminated for maintenance and restarted, mipagent_state is used to recreate as much of the mobility agent's internal state as possible. The intention is to minimize service disruption for mobile nodes that might be visiting other networks. If mipagent_state exists, it is read immediately after mipagent.conf every time mipagent is started or restarted.

netstat Extensions for Mobile IP

Mobile IP extensions have been added to the netstat command to identify Mobile IP forwarding routes. Specifically, you can use the netstat command to display a new routing table that is called "Source-Specific." See the netstat(1M) man page for more information.

The following example shows the output of netstat when you use the -nr flags.

Example 29-4 Mobile IP Output From netstat Command

Routing Table:   IPv4 Source-Specific     
Destination      In If     Source      Gateway Flags  Use  Out If
--------------  ------- ------------ --------- -----  ---- -------
10.6.32.11      ip.tun1      --      10.6.32.97  UH      0 hme1
    --          hme1    10.6.32.11       --      U       0 ip.tun1

The example shows the routes for a foreign agent that uses a reverse tunnel. The first line indicates that the destination IP address 10.6.32.11 and the incoming interface ip.tun1 select hme1 as the interface that forwards the packets. The next line indicates that any packet that originates from interface hme1 and source address 10.6.32.11 must be forwarded to ip.tun1.

snoop Extensions for Mobile IP

Mobile IP extensions have been added to the snoop command to identify Mobile IP traffic on the link. See the snoop(1M) man page for more information.

The following example shows the output of snoop that runs on the mobile node, mip-mn2.

Example 29-5 Mobile IP Output From snoop Command

mip-mn2# snoop
Using device /dev/hme (promiscuous mode)
  mip-fa2 -> 224.0.0.1    ICMP Router advertisement (Lifetime 200s [1]: 
{mip-fa2-80 2147483648}), (Mobility Agent Extension), (Prefix Lengths), 
(Padding)
  mip-mn2 -> mip-fa2   Mobile IP reg rqst 
  mip-fa2 -> mip-mn2   Mobile IP reg reply (OK code 0)

This example shows that the mobile node received one of the periodically sent mobility agent advertisements from the foreign agent, mip-fa2. Then, mip-mn2 sent a registration request to mip-fa2, and in response, received a registration reply. The registration reply indicates that the mobile node successfully registered with its home agent.

The snoop command also supports IPsec extensions. Consequently, you can show how registration and tunnel packets are being protected.

Previous Previous     Contents     Index     Next Next
Company Info Contact Terms of Use Privacy Copyright 1994-2007 Sun Microsystems, Inc.