Mobile IP - Foreign Agent Local Routing to Mobile Networks

In previous releases of Cisco IOS software, traffic from a correspondent node to a mobile router must always go through the mobile router’s home agent (HA). The Mobile IP - Foreign Agent Local Routing to Mobile Networks feature allows traffic from local devices attached to the foreign agent (FA) to be routed directly through the FA to the mobile networks of mobile routers that are visiting the FA’s subnets. Direct routing is accomplished by injecting routes to the mobile network into the routing table of the FA.

The Mobile IP - Foreign Agent Local Routing to Mobile Networks feature is useful in scenarios in which a mobile router needs to receive high bandwidth traffic, such as streaming video, from a device on the local LAN of the FA. This feature can also be useful any time that the bandwidth between the FA and the HA is limited.

Feature History for Mobile IP - Foreign Agent Local Routing to Mobile Networks Feature

Release

Modification

12.3(7)T

This feature was introduced.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Foreign Agent Local Routing to Mobile Networks

Modifications to the home agent were made to support foreign agent local routing. You must be running Cisco IOS Release 12.3(7)T or higher for both the home agent and foreign agent for this feature to function properly.

Restrictions for Foreign Agent Local Routing to Mobile Networks

  • A security association between the home agent (HA) and the foreign agent (FA) is mandatory. FA local routing will not occur if there is no security association configured.

  • Redistributing FA-injected routes thorough Interior Gateway Protocol (IGP) is not supported.

  • The overlapping of mobile networks on the FA is not supported.

Information About Foreign Agent Local Routing to Mobile Networks

Foreign Agent Local Routing to Mobile Networks Feature Design

The Mobile IP - Foreign Agent Local Routing to Mobile Networks feature allows traffic from a correspondent node on a local subnet to route directly through the foreign agent (FA) to a mobile network that is visiting the FA. This direct routing is accomplished by injecting mobile network routes into the routing table of the FA.

This feature is useful in scenarios in which a mobile router needs to receive high bandwidth traffic, such as streaming video, from a device on the local LAN of the FA. An example of such a scenario is diagrammed in the figure below.

Figure 1. Usage Scenario for the Mobile IP - Foreign Agent Local Routing to Mobile Networks Feature

In this scenario, a police officer has been called to a bank where an incident is occurring. The mobile router in the police officer’s car registers with the FA and connects to the video streaming server, a correspondent node, that is located inside the bank. The police officer may then watch live video of the incident that is occurring inside the bank, gaining valuable information about how to proceed with handling the incident safely.

Before the introduction of the Mobile IP - Foreign Agent Local Routing to Mobile Networks feature, the streaming video from the correspondent node in the bank would be routed from the FA to the HA, then back to the FA, and finally to the mobile router. This behavior, known as triangular routing, is not desirable for latency-sensitive applications. If a second police car arrived and wanted to watch the video as well, the already limited bandwidth between the FA and the HA would be even further taxed. The Mobile IP - Foreign Agent Local Routing to Mobile Networks feature allows traffic from the local corresponding node to be routed directly from the FA to the mobile router, eliminating the unnecessary trip to the HA.

Benefits of Foreign Agent Local Routing to Mobile Networks

The Mobile IP - Foreign Agent Local Routing to Mobile Networks feature improves latency by allowing the FA to route traffic directly to mobile networks rather than routing through the HA. This feature is useful in scenarios in which a mobile router needs to receive high bandwidth traffic, such as streaming video, from a device on the local LAN of the FA. This feature can also be useful any time that the bandwidth between the FA and the HA is limited.

How to Configure Foreign Agent Local Routing to Mobile Networks

Configuring Local Routing to Mobile Networks on the Foreign Agent

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip mobile foreign-agent inject-mobile-networks [mobnetacl access-list-identifier ]
  4. ip mobile secure {aaa-download | host | visitor | home-agent | foreign-agent | proxy-host } {lower-address [upper-address ] | nai string } {inbound-spi spi-in outbound-spi spi-out | spi spi } key hex string [replay timestamp [number ]] [algorithm {md5 mode prefix-suffix | hmac-md5 }]

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

ip mobile foreign-agent inject-mobile-networks [mobnetacl access-list-identifier ]

Example:


Router(config)# ip mobile foreign-agent inject-mobile-networks mobnetacl mobile-net-list

Enables direct routing to the mobile networks via the foreign agent.

Step 4

ip mobile secure {aaa-download | host | visitor | home-agent | foreign-agent | proxy-host } {lower-address [upper-address ] | nai string } {inbound-spi spi-in outbound-spi spi-out | spi spi } key hex string [replay timestamp [number ]] [algorithm {md5 mode prefix-suffix | hmac-md5 }]

Example:


Router(config)# ip mobile secure home-agent 10.10.10.1 spi 1400 key hex 12345678123456781234567812345678 algorithm hmac-md5

Specifies the mobility security associations for the mobile host, visitor, home agent, and foreign agent.

Troubleshooting Tips

Modifications to the home agent were made to support foreign agent local routing. You must be running Cisco IOS Release 12.3(7)T or higher for both the home agent and foreign agent for this feature to function properly. If the home agent version is lower than that, the foreign agent will report the following debug output from the debug ip mobile command: 


*Jan 13 21:30:38.283: MobileIP: Parsing Dynamic Mobile Networks extension for MR10.2.2.2 
*Jan 13 21:30:38.283: MobileIP: Parsed Mobile Network 0.0.0.0:0.0.0.0 for MR 10.2.2.2

You can recognize this problem by observing that the debug output on the foreign agent only indicates the single network of 0.0.0.0 0.0.0.0.

Configuring an Access List

To restrict which mobile networks will have their local routes injected into the FA routing table, you may choose to configure an access list. You can configure either a named access list or a numbered access list. Perform one of the following tasks to configure an access list on the FA:

Configuring a Named Access List

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip access-list {standard | extended } access-list-name
  4. [sequence-number ] permit source [source-wildcard ]

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip access-list {standard | extended } access-list-name

Example:

Router(config)# ip access-list standard mobile-net-list

Defines an IP access list by name.

Step 4

[sequence-number ] permit source [source-wildcard ]

Example:

Router(config-std-nacl)# permit any

Sets conditions to allow a packet to pass a named IP access list.

Configuring a Numbered Access List

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. access-list access-list-number {deny | permit } source [source-wildcard ] [log ]

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

access-list access-list-number {deny | permit } source [source-wildcard ] [log ]

Example:

Router(config)# access-list 88 permit any

Defines a standard IP access list.

Configuration Examples for Foreign Agent Local Routing to Mobile Networks

Foreign Agent Local Routing to Mobile Networks Using a Named Access List Example

The following example configures the FA for local routing and uses a named access list: 


ip mobile foreign-agent care-of Ethernet2/2
ip mobile foreign-agent inject-mobile-networks mobnetacl mobile-net-list
ip mobile foreign-agent reg-wait 120
ip mobile secure home-agent 10.10.10.1 spi 1400 key hex 12345678123456781234567812345678      algorithm hmac-md5
!
ip access-list standard mobile-net-list
 permit any

Foreign Agent Local Routing to Mobile Networks Using a Numbered Access List Example

The following example configures the FA for local routing and uses a numbered access list: 


ip mobile foreign-agent care-of Ethernet2/2
ip mobile foreign-agent inject-mobile-networks mobnetacl 88
ip mobile foreign-agent reg-wait 120
ip mobile secure home-agent 10.10.10.1 spi 1400 key hex 12345678123456781234567812345678      algorithm hmac-md5
!
access-list 88 permit any

Additional References

The following sections provide references related to the Mobile IP - Foreign Agent Local Routing to Mobile Networks feature.

Related Documents

Related Topic

Document Title

Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS IP Command Reference, Volume 4 of 4: IP Mobility , Release 12.3 T

Mobile IP commands and configuration tasks related to mobile networks

Cisco Mobile Networks feature document, Release 12.2(4)T and Release 12.2(13)T

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

RFCs

RFCs

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml

Command Reference

The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS IP Mobility Command Reference at http://www.cisco.com/en/US/docs/ios/ipmobility/command/reference/imo_book.html. For information about all Cisco IOS commands, go to the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or to the Cisco IOS Master Commands List .

  • ip mobile foreign-agent inject-mobile-networks

  • show ip mobile globals

Glossary

correspondent node --A peer with which a mobile node or mobile router is communicating. A correspondent node may be either stationary or mobile.

foreign agent --A router on the visited foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.

home agent --A router on a home network of the mobile node that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding.

mobile network --A network that moves with the mobile router. A mobile network is a collection of hosts and routes that are fixed with respect to each other but are mobile, as a unit, with respect to the rest of the Internet.

mobile node --A host or router that changes its point of attachment from one network or subnet to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming that link-layer connectivity to a point of attachment is available.

mobile router --A mobile node that is a router. It provides for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, a bicycle, or a kayak. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers.


Note

Refer to Internetworking Terms and Acronyms for terms not included in this glossary.