Contents
- IPv6 ACL Extensions for Mobile IPv6
- Finding Feature Information
- Information About IPv6 ACL Extensions for Mobile IPv6
- Mobile IPv6 Overview
- How Mobile IPv6 Works
- Packet Headers in Mobile IPv6
- How to Configure IPv6 ACL Extensions for Mobile IPv6
- Enabling Mobile IPv6 on the Router
- Filtering Mobile IPv6 Protocol Headers and Options
- Controlling ICMP Unreachable Messages
- Configuration Examples for IPv6 ACL Extensions for Mobile IPv6
- Example: Viewing IPv6 Mobile Information on an Interface
- Additional References
- Feature Information for IPv6 ACL Extensions for Mobile IPv6
IPv6 ACL Extensions for Mobile IPv6
Mobile IP is part of both IPv4 and IPv6 standards. Mobile IP allows a host device to be identified by a single IP address even though the device may move its physical point of attachment from one network to another. Regardless of movement between different networks, connectivity at the different points is achieved seamlessly without user intervention. Roaming from a wired network to a wireless or wide-area network is also done with ease. Mobile IP provides ubiquitous connectivity for users, whether they are within their enterprise networks or away from home.
- Finding Feature Information
- Information About IPv6 ACL Extensions for Mobile IPv6
- How to Configure IPv6 ACL Extensions for Mobile IPv6
- Configuration Examples for IPv6 ACL Extensions for Mobile IPv6
- Additional References
- Feature Information for IPv6 ACL Extensions for Mobile IPv6
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About IPv6 ACL Extensions for Mobile IPv6
Mobile IPv6 Overview
Mobile IPv4 provides an IPv4 node with the ability to retain the same IPv4 address and maintain uninterrupted network and application connectivity while traveling across networks. In Mobile IPv6, the IPv6 address space enables Mobile IP deployment in any kind of large environment. No foreign agent is needed to use Mobile IPv6.
System infrastructures do not need an upgrade to accept Mobile IPv6 nodes. IPv6 autoconfiguration simplifies mobile node (MN) Care of Address (CoA) assignment.
Mobile IPv6 benefits from the IPv6 protocol itself; for example, Mobile IPv6 uses IPv6 option headers (routing, destination, and mobility) and benefits from the use of neighbor discovery.
Mobile IPv6 provides optimized routing, which helps avoid triangular routing. Mobile IPv6 nodes work transparently even with nodes that do not support mobility (although these nodes do not have route optimization).
Mobile IPv6 is fully backward-compatible with existing IPv6 specifications. Therefore, any existing host that does not understand the new mobile messages will send an error message, and communications with the mobile node will be able to continue, albeit without the direct routing optimization.
How Mobile IPv6 Works
To implement Mobile IPv6, you need a home agent on the home subnet on which the mobile node’s home address resides. The IPv6 home address (HA) is assigned to the mobile node. The mobile node obtains a new IPv6 address (the CoA) on networks to which it connects. The home agent accepts BUs from the mobile node informing the agent of the mobile node’s location. The home agent then acts as proxy for the mobile node, intercepting traffic to the mobile node’s home address and tunneling it to the mobile node.
The mobile node informs a home agent on its original home network about its new address, and the correspondent node communicates with the mobile node about the CoA. Because of the use of ingress filtering, the mobile node reverses tunnel return traffic to the home agent, so that the mobile node source address (that is, its home address) will always be topographically correct.
Mobile IPv6 is the ability of a mobile node to bypass the home agent when sending IP packets to a correspondent node. Optional extensions make direct routing possible in Mobile IPv6, though the extensions might not be implemented in all deployments of Mobile IPv6.
Direct routing is built into Mobile IPv6, and the direct routing function uses the IPv6 routing header and the IPv6 destination options header. The routing header is used for sending packets to the mobile node using its current CoA, and the new home address destination option is used to include the mobile node’s home address, because the current CoA is the source address of the packet.
Packet Headers in Mobile IPv6
The basic IPv6 packet header has 8 fields with a total size of 40 octets (320 bits). Fields were removed from the IPv6 header compared with the IPv4 header because, in IPv6, fragmentation is not handled by routers and checksums at the network layer are not used. Instead, fragmentation in IPv6 is handled by the source of a packet and checksums at the data link layer and transport layer are used. Additionally, the basic IPv6 packet header and options field are aligned to 64 bits, which can facilitate the processing of IPv6 packets.
Mobile IPv6 uses the routing and destination option headers for communications between the mobile node and the correspondent node. The new mobility option header is used only for the BU process.
Several ICMP message types have been defined to support Mobile IPv6. IPv6 access lists can be configured to allow IPv6 access list entries matching Mobile-IPv6-specific ICMP messages to be configured and to allow the definition of entries to match packets containing Mobile IPv6 extension headers.
For further information on IPv6 packet headers, refer to the "Implementing IPv6 Addressing and Basic Connectivity" module.
How to Configure IPv6 ACL Extensions for Mobile IPv6
- Enabling Mobile IPv6 on the Router
- Filtering Mobile IPv6 Protocol Headers and Options
- Controlling ICMP Unreachable Messages
Enabling Mobile IPv6 on the Router
You can customize interface configuration parameters before you start Mobile IPv6 (see the Customizing Mobile IPv6 on the Interface) or while Mobile IPv6 is in operation.
1.
enable
2.
configure
terminal
3.
interface
type
number
4.
ipv6
mobile
home-agent
[preference preference-value
5.
exit
6.
exit
7.
show
ipv6
mobile
globals
8.
show
ipv6
mobile
home-agent
interface-type
interface-number
[prefix]]
DETAILED STEPS
Filtering Mobile IPv6 Protocol Headers and Options
IPv6 extension headers have been developed to support the use of option headers specific to Mobile IPv6. The IPv6 mobility header, the type 2 routing header, and the destination option header allow the configuration of IPv6 access list entries that match Mobile-IPv6-specific ICMPv6 messages and allow the definition of entries to match packets that contain the new and modified IPv6 extension headers. For more information on how to create, configure, and apply IPv6 access lists, refer to the implementing Traffic Filters and Firewalls for IPv6 Security module.
1.
enable
2.
configure
terminal
3.
ipv6
access-list
access-list-name
4.
permit
icmp
{source-ipv6-prefix / prefix-length | any | host source-ipv6-address| auth} [operator port-number]] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6-address | auth} [operator
[port-number]] [icmp-type [icmp-code] | icmp-message] [dest-option-type
[doh-number | doh-type]] [dscp value] [flow-label value] [fragments] [log] [log-input] [mobility] [mobility-type [mh-number | mh-type]] [routing] [routing-type routing-number] [sequence value] [time-range name]
DETAILED STEPS
Controlling ICMP Unreachable Messages
When IPv6 is unable to route a packet, it generates an appropriate ICMP unreachable message directed toward the source of the packet. Perform this task to control ICMP unreachable messages for any packets arriving on a specified interface.
1.
enable
2.
configure
terminal
3.
interface
type
number
4.
ipv6
unreachables
DETAILED STEPS
Configuration Examples for IPv6 ACL Extensions for Mobile IPv6
Example: Viewing IPv6 Mobile Information on an Interface
Device(config-if)# ipv6 nd ra-interval 100 60 Subsequent use of the show ipv6 interface then displays the interval as follows: Router(config)# show ipv6 interface ethernet 1/0 Ethernet1/0 is administratively down, line protocol is down IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:5A01 [TEN] No Virtual link-local address(es): No global unicast address is configured Joined group address(es): FF02::1 FF02::2 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND advertised reachable time is 0 milliseconds ND advertised retransmit interval is 0 milliseconds ND router advertisements are sent every 60 to 100 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses.
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
IPv6 addressing and connectivity |
IPv6 Configuration Guide |
Cisco IOS commands |
|
IPv6 commands |
Cisco IOS IPv6 Command Reference |
Cisco IOS IPv6 features |
Cisco IOS IPv6 Feature Mapping |
Standards and RFCs
Standard/RFC |
Title |
---|---|
RFCs for IPv6 |
IPv6 RFCs |
MIBs
MIB |
MIBs Link |
---|---|
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for IPv6 ACL Extensions for Mobile IPv6
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
IPv6 ACL Extensions for Mobile IPv6 |
12.4(2)T 12.2(33)SRB 12.2(33)SXI 15.0(1)S 15.0(1)SY |
IPv6 access lists can be configured to allow IPv6 access list entries matching Mobile-IPv6-specific ICMP messages to be configured and to allow the definition of entries to match packets containing Mobile IPv6 extension headers. The following commands were introduced or modified: deny, ipv6 access-list, ipv6 unreachables, permit. |