Cisco Mobile Networks Priority HA Assignment

Before the introduction of the Cisco Mobile Networks--Priority HA Assignment feature, the mobile router preconfigured home agents (HAs) with different priorities, registering with only the highest priority home agent. However, a mobile router may roam to an area where registration with a closer home agent is more desirable. This feature allows a mobile router to register with the closer home agent using the combination of existing home agent priority configurations on the mobile router and care-of address access lists configured on the home agent.

Feature Specifications for the Cisco Mobile Networks-Priority HA Assignment Feature

Feature History

Release

Modification

12.2(15)T

This feature was introduced.

Supported Platforms

For information about platforms supported, refer to Cisco Feature Navigator.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About Cisco Mobile Networks Priority HA Assignment

Feature Design of Cisco Mobile Networks Priority HA Assignment

This feature changes the behavior of the HA priority configurations on the mobile router without adding any new commands. Each HA will have an access list containing all the foreign agent care-of addresses in its region. When a mobile router sends a registration request to the best HA, the HA will accept or deny the request depending on which care-of address is used in the registration request. If the HA denies the request because the care-of address is not in the access list of that particular HA, the mobile router will try to register with the next best HA, and so on. If HAs have the same priority, then the most recently configured HA takes precedence. If registration with even the lowest priority HA fails, the mobile router will wait for an advertisement and then try to register again starting with the highest priority HA. When the mobile router registers with a new HA, it will also attempt to deregister with the old HA using the old foreign agent care-of address.

Best HA Selection Process

If more than one HA is reachable from any care-of address that may be used by the mobile router, then the HAs need an access list (which is a foreign agent care-of address or collocated care-of address) configured to enforce the best HA selection process. This configuration enforces a region covered by a specific HA defined by the care-of addresses (configured as access lists) within the region. Registrations originating outside the region are administratively denied while registrations within the region are processed.

Benefits of Cisco Mobile Networks Priority HA Assignment

This feature allows a mobile router to register with a geographically closer HA, which improves latency on the network.

How to Configure Cisco Mobile Networks Priority HA Assignment

Configuring Care-of Address Access Lists on an HA

This task describes how to configure care-of address access lists on an HA.


Note

Without the distribute-list command configured, each HA will advertise a route to the same virtual network. This situation may cause routing conflicts and traffic destined to the home network of the mobile router to be dropped.

With the distribute-list command configured, you can suppress the advertisement of the virtual networks to the rest of the network. However, pings to the mobile router home address will fail but pings to an address with the mobile network served by the mobile router will succeed. Traffic destined to the mobile network would continue to reach the destination without problems.

If the home network consists of both mobile routers and mobile nodes, the distribute-list command will block only the addresses of the mobile routers and not the entire subnet.

Routes to the mobile router are not advertised when the mobile router is not registered. Pings to an address on the mobile network will return unreachable if the mobile router is not registered.

Mobile networks will only be advertised by one HA at a time as long as deregistration to the old HA is successful. After roaming to a new HA, pings to the mobile network may take some time depending on how fast the mobile network route is propagated throughout the network by the routing protocol.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip mobile home-agent care-of-access access-list
  4. ip access-list standard access-list-name
  5. permit coa-ip-address
  6. permit mr-home-address
  7. exit
  8. router protocol
  9. redistribute mobile subnets
  10. distribute-list access-list out
  11. exit
  12. access-list access-list-number deny source
  13. access-list access-list-number permit any
  14. Repeat Steps 3 through 7 for each HA configured on the mobile router. Repeat Steps 8 through 13 for each HA if virtual networks are configured.

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

ip mobile home-agent care-of-access access-list

Example:


Router(config)# ip mobile home-agent care-of-access HA1-FA1

Controls which care-of addresses in registration requests are permitted by the home agent.

  • By default, all care-of addresses are permitted. The access list can be a string or number from 1 to 99.

Step 4

ip access-list standard access-list-name

Example:


Router(config)# ip access-list standard HA1-FA1

Defines a standard access list and enters standard named access list configuration mode.

  • Use this command to configure access lists on each HA that is reachable by the mobile router.

Step 5

permit coa-ip-address

Example:


Router(config-std-nacl)# permit 3.3.3.2

Sets conditions for an access list.

  • The coa-ip-address can be a foreign agent care-of address or a collocated care-of address. This command informs the HA which care-of addresses can be accepted in a registration request.

Step 6

permit mr-home-address

Example:


Router(config-std-nacl)# permit 5.5.5.3

Sets conditions for an access list.

  • The mr-home-address is the home address for the mobile router. See the Troubleshooting Tips section below for an explanation as to why it is important to include the mobile router home address.

Step 7

exit

Example:


Router(config-std-nacl)# exit

Exits to global configuration mode.

Step 8

router protocol

Example:


Router(config)# router ospf

Configures a routing protocol.

Step 9

redistribute mobile subnets

Example:


Router(config-router)# redistribute mobile subnets

Enables redistribution of a virtual network into routing protocols.

Step 10

distribute-list access-list out

Example:


Router(config-router)# distribute-list 1 out

(Optional) Suppresses networks from being advertised in updates.

  • This command configured on each HA will prevent the advertisement of the virtual network for the mobile routers. See the "Restrictions" and Troubleshooting Tips sections for more information about using this command.

Step 11

exit

Example:


Router(config-router)# exit

Exits to global configuration mode.

Step 12

access-list access-list-number deny source

Example:


Router(config)# access-list 1 deny 5.5.5.0

Defines a standard IP access list.

  • Denies access if the conditions are matched.

  • In this example, the source value is the the virtual network configured on the HA. The distribute-list command in Step 10 prevents the advertisement of this virtual network.

Step 13

access-list access-list-number permit any

Example:


Router(config)# access-list 1 permit any

Defines a standard IP access list.

  • Permits access if the conditions are matched.

Step 14

Repeat Steps 3 through 7 for each HA configured on the mobile router. Repeat Steps 8 through 13 for each HA if virtual networks are configured.

--

Troubleshooting Tips

Care-of Address List Operation

Any time an HA has a care-of address access list configured, the access list should permit the mobile router home address (for deregistration) and the interesting list of care-of addresses (for registration).

The care-of address lists are designed to allow registrations only of a select group of care-of addresses on an HA. For priority HA assignment to work, deregistrations need to be allowed as well. The deregistration is sent with the mobile router home address in the care-of address field of the deregistration. If the home address is not permitted, any deregistration will be dropped by the access list. Priority HA assignment does not work properly if the deregistrations are dropped.

Virtual Network Advertisements

In a network using mobile routers configured with priority HA assignment and multiple HAs, the HAs may be sharing routing information. If so, each HA will advertise a route to the same mobile virtual network through the redistribute mobile command. This situaton results in multiple routes to the same virtual network, which can cause routing conflicts and lost packets. The distribute-list command configured on each HA will prevent the advertisement of the virtual-network for the mobile routers. There is no dependency on registration for this to occur.

Configuring HA Priorities on the Mobile Router

This task describes how to configure HA priorities on the mobile router.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip mobile router
  4. home-agent ip-address priority level
  5. end
  6. show ip mobile router

DETAILED STEPS

  Command or Action Purpose
Step 1

enable

Example:


Router> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Router# configure terminal

Enters global configuration mode.

Step 3

ip mobile router

Example:


Router(config)# ip mobile router

Enables the mobile router and enters mobile router configuration mode.

Step 4

home-agent ip-address priority level

Example:


Router(mobile-router)#
 
home-agent  1.1.1.1 
priority 101

Specifies the home agent that the mobile router uses during registration.

  • The priority level prioritizes which home agent address is the best to use during registration. The range is from 0 to 255, where 0 denotes the lowest priority and 255 denotes the highest priority. The default is 100.

Step 5

end

Example:


Router(mobile-router)# end

Exits to privileged EXEC mode.

Step 6

show ip mobile router

Example:


Router# show ip mobile router

Displays configuration information and monitoring statistics about the mobile router.

  • This command displays the home agent that the mobile router is registered with. The qualifiers (best) (current) displayed after the home agent entry indicates that this home agent was chosen as the best home agent to register with.

Examples

This section provides the following output example for the show ip mobile router command:

The following example shows that the mobile router is currently registered with the best home agent located at 200.200.200.1: 


Router# show ip mobile router
Mobile Router 
  Enabled 01/01/02 10:01:34 
  Last redundancy state transition NEVER 
Configuration:
  Home Address 5.5.5.3 Mask 255.255.255.0 
  Home Agent 200.200.200.1 Priority 102 (best) (current) 
        100.100.100.1 Priority 101 
  Registration lifetime 90 sec 
  Retransmit Init 1000, Max 5000 msec, Limit 3 
  Extend Expire 120, Retry 3, Interval 10 
Monitor:
  Status -Registered- 
  Active foreign agent 3.3.3.2, Care-of 3.3.3.2 
  On interface Ethernet5/3

Configuration Examples for Cisco Mobile Networks Priority HA Assignment

HA Priority Configuration Example

In the following example, two home agents are configured with access lists that allow the mobile router to choose the best HA to register with:

Home Agent1


interface Loopback0 
 ip address 100.100.100.1 255.255.255.255 
! 
interface Ethernet1 
 ip address 2.2.2.1 255.255.255.0 
! 
router mobile 
! 
router ospf 100 
 redistribute mobile subnets 
 network 2.0.0.0 0.255.255.255 area 0 
 network 100.100.100.0 0.255.255.255 area 0 
! Suppresses virtual network to be advertised in updates
 distribute-list 1 out 
! 
ip mobile home-agent care-of-access HA1-FA1 
ip mobile virtual-network 5.5.5.0 255.255.255.0 
ip mobile host 5.5.5.3 virtual-network 5.5.5.0 255.255.255.0 lifetime 90 
ip mobile mobile-networks 5.5.5.3 
 description Jet 
 network 6.6.6.0 255.255.255.0 
ip mobile secure host 5.5.5.3 spi 100 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
! 
ip access-list standard HA1-FA1 
! MR CCOA 
 permit 4.4.4.2 
! FA1 COA 
 permit 7.7.7.1 
! MR home address 
 permit 5.5.5.3 
! 
! Denies virtual network to 
access-list 1 deny 5.5.5.0 0.0.0.255 
access-list 1 permit any

Home Agent 2


interface Loopback0 
 ip address 200.200.200.1 255.255.255.255 
! 
interface Ethernet0 
 ip address 1.1.1.1 255.255.255.0 
! 
router mobile 
! 
router ospf 100 
 redistribute mobile subnets 
 network 1.0.0.0 0.255.255.255 area 0 
 network 200.200.200.0 0.255.255.255 area 0 
! Suppresses virtual network to be advertised in update
 distribute-list 1 out 
! 
ip mobile home-agent care-of-access HA2-FA2 
ip mobile virtual-network 5.5.5.0 255.255.255.0 
ip mobile host 5.5.5.3 virtual-network 5.5.5.0 255.255.255.0 lifetime 90 
ip mobile mobile-networks 5.5.5.3 
 description Jet 
 network 6.6.6.0 255.255.255.0 
ip mobile secure host 5.5.5.3 spi 200 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
! 
ip access-list standard HA2-FA2 
! FA COA 
 permit 3.3.3.2 
! MR home address 
 permit 5.5.5.3 
! 
access-list 1 deny 5.5.5.0 0.0.0.255 
access-list 1 permit any

Mobile Router


interface Loopback0 
 ip address 5.5.5.3 255.255.255.255 
! 
! CCOA roaming interface registers with HA1 only 
interface Ethernet5/1 
 ip address 4.4.4.3 255.255.255.0 
 ip mobile router-service roam priority 99 
 ip mobile router-service collocated gateway 4.4.4.2 
! 
! This roaming interface will use FA COA to register 
interface Ethernet5/3 
 ip address 3.3.3.3 255.255.255.0 
 ip mobile router-service roam 
! 
! Mobile Network interface 
interface Ethernet5/4 
 ip address 6.6.6.3 255.255.255.0 
! 
router mobile 
! 
ip mobile secure home-agent 100.100.100.1 spi 100 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
ip mobile secure home-agent 200.200.200.1 spi 200 key hex 12345678123456781234567812345678 algorithm md5 mode prefix-suffix 
! 
ip mobile router 
 address 5.5.5.3 255.255.255.0 
 home-agent 100.100.100.1 priority 101 
 home-agent 200.200.200.1 priority 102 
 register lifetime 90

Additional References

For additional information related to the Cisco Mobile Networks--Priority HA Assignment feature, see to the following sections:

Related Documents

Related Topic

Document Title

Mobile IP configuration tasks

"Configuring Mobile IP" chapter in the Cisco IOS IP Configuration Guide, Release 12.2

Mobile IP commands: complete command syntax, command mode, defaults, usage guidelines, and examples

"Mobile IP Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 T

Mobile IP commands related to Cisco mobile networks

Cisco Mobile Networks feature document, Release 12.2(4)T and 12.2(13)T

Access list commands

"IP Services Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2 T

Standards

Standards

Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

--

MIBs

MIBs

MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFCs

Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

--

Technical Assistance

Description

Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml

Glossary

care-of address --The termination point of the tunnel to a mobile node or mobile router. This can be a collocated care-of address, by which the mobile node or mobile router acquires a local address and detunnels its own packets, or a foreign agent care-of address, by which a foreign agent detunnels packets and forwards them to the mobile node or mobile router.

home agent --A router on a home network of the mobile node or that tunnels packets to the mobile node or mobile router while they are away from home. It keeps current location information for registered mobile nodes called a mobility binding .

foreign agent --A router on the visited network of a foreign network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers packets to the mobile node or mobile router that were tunneled by the home agent of the mobile node. For packets sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.

mobile network --A network that moves with the mobile router. A mobile network is a collection of hosts and routes that are fixed with respect to each other but are mobile, as a unit, with respect to the rest of the Internet.

mobile router --A mobile node that is a router. It provides for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, or bicycle. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers.


Note

Refer to Internetworking Terms and Acronyms for terms not included in this glossary.