|
|
This document describes the Mobile IP Home Agent Redundancy feature in the following sections:
Mobile IP provides a mechanism for routing IP packets to mobile nodes that can be connected to any network while using their permanent IP address. With Mobile IP, you can identify a host by a single IP address even while the device physically moves its point of attachment from one network to another as in the case of a mobile user.
Mobile IP works because the mobile node is able to discover whether it is at home or away from home. Routers acting as home agents (HAs) or foreign agents (FAs) will advertise their existence. HAs are routers located on the mobile node's home network that are capable of tunneling the mobile node's packets to it while it is away. FAs are routers on a foreign network that can detunnel these packets from the HA.
Mobile nodes on foreign networks need to register with their HA to convey their location. This location is called "care-of address." The HA creates a mobility binding table that tracks the association of a home address with the current care-of address of the mobile node. However, if the HA fails, the mobility binding table will be lost and all mobile nodes registered with the HA will lose connectivity unless a redundancy mechanism is employed.
Thus, the Mobile IP Home Agent Redundancy feature was developed. This functionality runs on top of the Hot Standby Router Protocol (HSRP) and designates one active HA and another HA as a standby HA. HSRP is a protocol developed by Cisco that provides network redundancy in a way that ensures that user traffic will immediately and transparently recover from "first hop" failures in network edge devices and access circuits. By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single virtual router or default gateway to the hosts on a LAN. The members of the router group continually exchange status messages by detecting when a router goes down. This router group is referred to as the "HSRP group."
The Mobile IP HA redundancy functionality allows standby HAs and active HAs to exchange mobility binding updates. Also, when a a router first becomes the standby HA, the active HA downloads the entire mobility binding table to the standby HA.
The following sections give an overview of how redundancy is implemented when a mobile node travels to a foreign network.
Agent Discovery
Agent Discovery determines whether the mobile node is currently connected to its home network or foreign network. Agent Discovery works through advertisements and solicitations to detect whether the mobile node has moved and the way it has moved. When the mobile node is on a foreign network, it acquires a temporary care-of address, which is the exit point of the tunnel from the HA.
Registration and Mobility Binding Tables
Next, the mobile nodes need to register with their HA to communicate their location. This registration process occurs whenever a mobile node detects that its point-of-attachment to a network has changed. The mobile node reports its current care-of address to the HA. Now the HA can tunnel packets to the mobile node using this care-of address.
The HA creates a mobility binding table that maps a mobile node's current home address into the mobile node's current care-of address. An entry in this table is called a binding entry. The main purpose of registration is to create, modify, or delete a mobile node's binding entry at its HA.
Home Agent Redundancy Operation
Without home agent redundancy, the mobility binding table entries are not communicated to the standby HA. If the active HA fails, the mobility binding table is lost and all mobile nodes registered to the HA lose connectivity.
Home agent functionality is a service provided by the router and is not interface specific. The main concern is on which interface of the HA should a mobile node use to send its registration requests, or alternatively, on which interface of the HA should the HA receive registration requests. There are two scenarios to consider: (1) a mobile node that has an HA interface (HA IP address) that is not on the same subnet as the mobile node, and (2) a mobile node that requires the HA interface to be on the same subnet as the mobile node, that is, the HA and mobile node must be on the same home network. Note that the choice of which HA IP address to use is an agreement between the HA and mobile node.
For mobile nodes on physical networks, an active HA accepts registration requests from the mobile node and sends the binding updates to the standby HA. This process keeps the mobility binding table synchronized between the standby HA and active HA. See Figure 1(a) for an example of this process.
Virtual networks are logical circuits that are programmed and share a common physical infrastructure. For this type of network, the active and standby home agents are peers—either can handle registration requests and update the peer home agent.
When a standby HA comes up, it must request all mobility binding information from the active HA. The active HA responds by downloading the mobility binding table to the standby HA. The standby HA acknowledges that it has received the requested binding information. See Figure 1(b) for an example of an active HA downloading the mobility bindings to a standby HA. A main concern in this scenario is which HA IP address should the standby HA use to retrieve the appropriate mobility binding table and on which interface of the standby HA should the binding request be sent.
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
Perform the following tasks to configure your routers for Mobile IP HA redundancy:
Perform one of the following tasks depending on your network configuration:
For diagrams and examples of the various network configurations see the "Configuration Examples" section.
| Command | Purpose |
|---|---|
Router(config)#router mobile | Enable Mobile IP on the router. |
To enable HSRP on an interface, use the following command in interface configuration mode.
| Command | Purpose |
|---|---|
Router(config-if)#standby [hsrp-group-number] ip ip-address | Enable the HSRP. |
To configure HSRP group attributes that affect how the local router participates in HSRP, perform the following task in interface configuration mode:
| Command | Purpose |
|---|---|
Router(config-if)#standby [group-number] priority priority [preempt [delay [minimum | sync] delay]] Router(config-if)#standby [group-number] [priority priority] preempt [delay [minimum | sync] delay] | Set the Hot Standby priority used in choosing the active router. By default, the router that comes up later becomes standby. When one router is designated as an active HA, the priority is set highest in the HSRP group and the preemption is set. Configure the preempt delay sync command so that all bindings will be downloaded to the router before it takes the active role. The router becomes active when all bindings are downloaded or when the timer expires, whichever comes first. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config-if)#standby [hsrp-group-number] ip hsrp-group-addr | Enable the HSRP. |
Step 2 | Router(config-if)#standby name hsrp-group-name | Sets the name of the standby group. |
Step 3 | Router(config)#ip mobile home-agent standby hsrp-group-name | Configure the home agent for redundancy using the HSRP group name. |
Step 4 | Router(config)# | Set up the home agent security association between peer routers. If configured on the active HA, the IP address addr is that of the standby HA. If configured on the standby HA, the IP address addr is that of the active router. Note that a security association needs to be set up between all HAs in the standby group. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router (config-if)# standby [hsrp-group-number] ip hsrp-group-addr | Enable the HSRP. |
Step 2 | Router(config-if)#standby name hsrp-group-name | Set the name of the standby group. |
Step 3 a | Router(config)#ip mobile home-agent address hsrp-group-addr | Execute step 3a when the the mobile node and home agent are on different subnets. Define a global home agent address. |
Step 3 b | Router(config)#ip mobile home-agent | Execute step 3b when the mobile node and home agent are on the same subnet. Enable and control home agent services to the router. |
Step 4 | Router(config)#ip mobile virtual-network net mask [address addr] | Define the virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option. |
Step 5 | Router(config)# | Configure the home agent for redundancy using the HSRP group to support virtual networks. |
Step 6 | Router(config)# | Set up the home agent security association between peer routers. If configured on the active HA, the IP address addr is that of the standby HA. If configured on the standby HA, the IP address addr is that of the active router. Note that a security association needs to be set up between all HAs in the standby group. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router (config-if)# standby [hsrp-group-number] ip hsrp-group-addr | Enable the HSRP. |
Step 2 | Router(config-if)#standby name hsrp-group-name1 | Set the name of the standby HSRP group1. |
Step 3 | Router(config-if)#standby name hsrp-group-name2 | Set the name of the standby HSRP group2. |
Step 4 a | Router(config)#ip mobile home-agent address loopback-interface-addr | Execute step 4a if the mobile node and home agent are on different subnets. Define the global home agent address for virtual networks. In this configuration, the address is the loopback interface address. |
Step 4 b | Router(config)#ip mobile home-agent | Execute step 4b if the mobile node and home agent are on the same subnet. Enable and control home agent services. |
Step 5 | Router(config)#ip mobile virtual-network net mask [address addr] | Define the virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option. |
Step 6 | Router(config)# | Configure the home agent for redundancy using the HSRP group1 to support virtual networks. |
Step 7 | Router(config)# | Configure the home agent for redundancy using the HSRP group2 to support virtual networks. |
Step 8 | Router(config)# | Set up the home agent security association between peer routers. If configured on the active HA, the IP address addr is that of the standby HA. If configured on the standby HA, the IP address addr is that of the active router. Note that a security association needs to be set up between all HAs in the standby group. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config-if)# standby [hsrp-group-number] ip hsrp-group-addr | Enable the HSRP. |
Step 2 | Router(config-if)#standby name hsrp-group-name | Set the name of the standby group. |
Step 3 a | Router(config)#ip mobile home-agent address hsrp-group-addr | Execute step 3a when the the mobile node and home agent are on different subnets. Define a global home agent address. |
Step 3 b | Router(config)#ip mobile home-agent | Execute step 3b when the mobile node and home agent are on the same subnet. Enable and control home agent services to the router. |
Step 4 | Router(config)#ip mobile virtual-network net mask [address addr] | Define the virtual networks. Repeat this step for each virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option. |
Step 5 | Router(config)# | Configure the home agent for redundancy using the HSRP group to support virtual networks. |
Step 6 | Router(config)# | Set up the home agent security association between peer routers. If configured on the active HA, the IP address addr is that of the standby HA. If configured on the standby HA, the IP address addr is that of the active router. Note that a security association needs to be set up between all HAs in the standby group. |
| Command | Purpose | |
|---|---|---|
Step 1 | Router(config-if)#standby [hsrp-group-number] ip hsrp-group-addr | Enable the HSRP. |
Step 2 | Router(config-if)#standby name hsrp-group-name1 | Set the name of the standby HSRP group1. |
Step 3 | Router(config-if)#standby name hsrp-group-name2 | Set the name of the standby HSRP group2. |
Step 4 a | Router(config)#ip mobile home-agent address loopback-interface-addr | Execute step 4a if the mobile node and home agent are on different subnets. Define the global home agent address for virtual networks. In this configuration, the address is the loopback interface address. |
Step 4 b | Router(config)#ip mobile home-agent | Execute step 4b if the mobile node and home agent are on the same subnet. Enable and control home agent services. |
Step 5 | Router(config)#ip mobile virtual-network net mask [address addr] | Define the virtual networks. Repeat this step for each virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option. |
Step 6 | Router(config)# | Configure the home agent for redundancy using the HSRP group1 to support virtual networks. |
Step 7 | Router(config)# | Configure the home agent for redundancy using the HSRP group2 to support virtual networks. |
Step 8 | Router(config)# | Set up the home agent security association between peer routers. If configured on the active HA, the IP address addr is that of the standby HA. If configured on the standby HA, the IP address addr is that of the active router. Note that a security association needs to be set up between all HAs in the standby group. |
To verify that the Mobile IP Home Agent Redundancy feature is configured correctly on the router, use the following commands in EXEC mode:
Step 2 Examine global information for mobile agents
Step 3 Enter the show ip mobile binding [home-agent addr] command.
Step 4 Examine the mobility bindings associated with a home agent address.
Step 5 Enter the show standby command.
Step 6 Examine information associated with the HSRP group.
| Command | Purpose |
|---|---|
Router#debug ip mobile standby | Display debug messages for Mobile IP redundancy activities. |
Router#show ip mobile globals | The global home address is displayed if configured. For each Mobile IP standby group, the home agent address supported is displayed. |
Router#show ip mobile binding [home-agent addr] | Display mobility bindings with specific home agent address. |
Table 1 summarizes the Mobile IP HA redundancy configuration required to support mobile nodes on physical and virtual home networks. Refer to this table for clarification as you read the examples in this section.
| Mobile Node Home Network | Physical Connections | Home Agent Address | Configuration |
|---|---|---|---|
| Mobile Nodes with Home Agents on Different Subnets | |||
Physical network | single | HSRP group address | ip mobile home-agent standby hsrp-group-name |
Virtual network | single | ip mobile home-agent address hsrp-group-addr | ip mobile home-agent standby hsrp-group-name virtual-network |
Virtual network | multiple | ip mobile home-agent address loopback-interface-addr | ip mobile home-agent standby hsrp-group-name1 virtual-network ip mobile home-agent standby hsrp-group-name2 virtual-network Repeat this command for each HSRP group associated with the physical connection. |
Multiple virtual networks | single | ip mobile home-agent address hsrp-group-addr | ip mobile home-agent standby hsrp-group-name virtual-network |
Multiple virtual networks | multiple | ip mobile home-agent address loopback-interface-addr | ip mobile home-agent standby hsrp-group-name1 virtual-network ip mobile home-agent standby hsrp-group-name2 virtual-network Repeat this command for each HSRP group associated with the physical connection. |
| Mobile Nodes with Home Agents on the Same Subnet | |||
Physical network | single | HSRP group address | ip mobile home-agent standby hsrp-group-name |
Virtual network | single | ip mobile virtual-network net mask address addr addr = loopback interface address | ip mobile home-agent standby hsrp-group-name virtual-network |
Virtual network | multiple | ip mobile virtual-network net mask address addr addr = loopback interface address | ip mobile home-agent standby hsrp-group-name1 virtual-network ip mobile home-agent standby hsrp-group-name2 virtual-network Repeat this command for each HSRP group associated with the physical connection. |
Multiple virtual networks | single | ip mobile virtual-network net mask address addr Repeat this command for each virtual network. The addr argument is an address configured on the loopback interface to be on the same subnet. Specify the ip address addr mask secondary command to support multiple IP addresses configured on the same interface. | ip mobile home-agent standby hsrp-group-name virtual-network |
Multiple virtual networks | multiple | ip mobile virtual-network net mask address addr Repeat this command for each virtual network. The addr argument is an address configured on the loopback interface to be on the same subnet. Specify the ip address addr mask secondary command to support multiple IP addresses configured on the same interface. | ip mobile home-agent standby hsrp-group-name1 virtual-network ip mobile home-agent standby hsrp-group-name2 virtual-network Repeat this command for each HSRP group associated with the physical connection. |
This section provides the following configuration examples:
Figure 2 shows an example network topology for physical networks. The configuration example supports home agents that are on the same or a different physical network as the mobile node.
HA1 is favored to provide home agent service for mobile nodes on physical network e0 because the priority is set to 110, which is above the default of 100. HA1 will preempt any active home agent when it comes up. During preemption, it does not become the active home agent until it retrieves the mobility binding table from the current active home agent or until 100 seconds expire for home agent synchronization.
 |
Note If the standby preempt command is used, the preempt synchronization delay must be set or mobility bindings can not be retrieved before the home agent preempts to become active. |
The standby HSRP group name is SanJoseHA and HSRP group address is 1.0.0.10. The standby HA uses this HSRP group address to retrieve mobility bindings for mobile nodes on the physical network. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy.
Mobile nodes are configured with HA address 1.0.0.10. When registrations come in, only the active home agent processes them. The active home agent sends a mobility binding update to the standby home agent, which also sets up a tunnel with the same source and destination endpoints. Updates and table retrievals are authenticated using the security associations configured on the home agent for its peer home agent. When packets destined for mobile nodes are received, either of the home agents tunnel them. If HA1 goes down, HA2 becomes active through HSRP and will process packets sent to home agent address 1.0.0.10.
HA1:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA standby preempt delay sync 100 standby priority 110 ip mobile home-agent standby SanJoseHA ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2:
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ip mobile home-agent standby SanJoseHA ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455
This section presents two configuration examples: (i) the mobile node and home agent are on different subnets, and (ii) the mobile node and home agent are on the same subnet.
(i) Different Subnets
HA1 and HA2 share responsibility for providing home agent service for mobile nodes on virtual network 20.0.0.0. The home agents are connected on only one physical network.
The standby group name is SanJoseHA and HSRP group address is 1.0.0.10. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy. Thus, HSRP allows the home agent to receive packets destined to 1.0.0.10.
This configuration differs from the physical network example in that a global HA address must be specified to support virtual networks. This address is returned in registration replies to the mobile node.
HA1:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! specifies global HA address=HSRP group address to be used by all mobile nodes ip mobile home-agent address 1.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2:
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! specifies global HA address=HSRP group address to be used by all mobile nodes ip mobile home-agent address 1.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455
(ii) Same Subnet
In this example, a loopback address is configured on the HA to be on the same subnet as the virtual network. A mobile node on a virtual network uses the HA IP address=loopback address configured for the virtual network. When a standby HA comes up, it uses this HA IP address to retrieve mobility bindings for mobile nodes on the virtual network.
HA1
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! loopback to receive registration from MN on virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip mobile home-agent ! address used by Standby HA for redundancy (update and download) ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 hex 00112233445566778899001122334455
HA2
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! loopback to receive registration from MN on virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip mobile home-agent ! address used by Standby HA for redundancy (update and download) ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455
This section presents two configuration examples: (i) the mobile node and home agent are on different subnets, and (ii) the mobile node and home agent are on the same subnet.
(i) Different Subnets
HA1 and HA2 share responsibility in providing home agent service for mobile nodes on virtual network 20.0.0.0. Both home agents are configured with a global home agent address of 10.0.0.10, which is the address of their loopback interface. This configuration allows home agents to receive registration requests and packets destined to 10.0.0.10.
The loopback address is used as the global HA address instead of the HSRP group addresses 1.0.0.10 and 2.0.0.10 to allow the HAs to continue serving the virtual network even if either physical network goes down.
Mobile nodes are configured with home agent address 10.0.0.10. When registrations come in, either home agent processes them (depending on routing protocols) and updates the peer home agent. The home agent that receives the registration finds the first HSRP group that is mapped to 10.0.0.10 with a peer in the group and sends the update out that interface. If there is a network problem (for example, the home agent network adapter fails or cable disconnects), HSRP notices the peer's absence. The home agent does not use that HSRP group and finds another HSRP group to use.
|
Note All routers must have identical loopback interface addresses, which will be used as the global HA address. However, do not use this address as the router ID for routing protocols. |
When the peer home agent receives the registration update, both home agents tunnel the packets to the mobile nodes.
HA1:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.1 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 int lo0 ip addr 10.0.0.10 255.255.255.255 !Specifies global HA address=loopback address to be used by all mobile nodes ip mobile home-agent address 10.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ! Used to map to the HSRP group SanJoseHANet1 ip mobile home-agent standby SanJoseHANet1 virtual-network ! Used to map to the HSRP group SanJoseHANet2 ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2:
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.2 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 int lo0 ip addr 10.0.0.10 255.255.255.255 !Specifies global HA address=loopback address to be used by all mobile nodes ip mobile home-agent address 10.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ! Used to map to the HSRP group SanJoseHANet1 ip mobile home-agent standby SanJoseHANet1 virtual-network ! Used to map to the HSRP group SanJoseHANet2 ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455
(ii) Same Subnet
In this example, a loopback address is configured on the HA to be on the same subnet as the virtual networks. A mobile node on a virtual network uses the HA IP address=loopback address configured for the virtual network. When a standby HA comes up, it uses this HA IP address to retrieve mobility bindings for mobile nodes on the virtual networks.
HA1
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.1 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 ! loopback to receive registration from MN on virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip mobile home-agent ! address used by Standby HA for redundancy (update and download) ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile home-agent standby SanJoseHANet1 virtual-network ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA int e1 ip addr 2.0.0.2 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 ! loopback to receive registration from MN on virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip mobile home-agent ! address used by Standby HA for redundancy (update and download) ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile home-agent standby SanJoseHANet1 virtual-network ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455
This section presents two configuration examples: (i) the mobile node and home agent are on different subnets, and (ii) the mobile node and home agent are on the same subnet. Figure 3 shows an example network topology for example (i). Figure 4 shows an example network topology for example (ii).
(i) Different Subnets
HA1 and HA2 share responsibility for providing home agent service for mobile nodes on virtual networks 20.0.0.0 and 30.0.0.0. The home agents are connected on only one physical network.
The standby group name is SanJoseHA and HSRP group address is 1.0.0.10. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy. Thus, HSRP allows the home agent to receive packets destined to 1.0.0.10.
This configuration differs from the physical network example in that a global HA address must be specified to support virtual networks. This address is returned in registration replies to the mobile node.
HA1:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! specifies global HA address=HSRP group address to be used by all mobile nodes ip mobile home-agent address 1.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2:
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! specifies global HA address=HSRP group address to be used by all mobile nodes ip mobile home-agent address 1.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455
(ii) Same Subnet
For each virtual network, a loopback address is configured on the HA to be on the same subnet as the virtual network. It is only necessary to configure one loopback interface, and assign different IP addresses to the loopback interface for each virtual network, that is, using the ip address ip-address mask [secondary] command. A mobile node on a particular virtual network will use HA IP address =loopback address configured for that virtual network. When a standby HA comes up, it will also use this HA IP address to retrieve mobility bindings for mobile nodes on a particular virtual network.
HA1
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! loopback to receive registration from MN on each virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip addr 30.0.0.1 255.255.255.255 secondary ip mobile home-agent ! address used by Standby HA for redundancy (update and download) for ! each virtual-network ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA ! loopback to receive registration from MN on each virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip addr 30.0.0.1 255.255.255.255 secondary ip mobile home-agent ! address used by Standby HA for redundancy (update and download) for ! each virtual-network ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1 ! used to map to the HSRP group SanJoseHA ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455
Figure 5 shows an example network topology for this configuration type. This section presents two configuration examples: (i) the mobile node and home agent are on different subnets, and (ii) the mobile node and home agent are on the same subnet.
(i) Different Subnets
HA1 and HA2 share responsibility in providing home agent service for mobile nodes on virtual networks 20.0.0.0, 30.0.0.0, and 40.0.0.0. Both home agents are configured with a global home agent address of 10.0.0.10, which is the address of their loopback interface. This configuration allows home agents to receive registration requests and packets destined to 10.0.0.10.
The loopback address is used as the global HA address instead of the HSRP group addresses 1.0.0.10 and 2.0.0.10 to allow the HAs to continue serving the virtual networks even if either physical network goes down.
Mobile nodes are configured with home agent address 10.0.0.10. When registrations come in, either home agent processes them (depending on routing protocols) and updates the peer home agent. The home agent that receives the registration finds the first HSRP group that is mapped to 10.0.0.10 with a peer in the group and sends the update out that interface. If there is a network problem (for example, the home agent network adapter fails or cable disconnects), HSRP notices the peer's absence. The home agent does not use that HSRP group and finds another HSRP group to use.
|
Note All routers must have identical loopback interface addresses, which will be used as the global HA address. However, do not use this address as the router ID for routing protocols. |
When the peer home agent receives the registration update, both home agents tunnel the packets to the mobile nodes.
HA1:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.1 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 int lo0 ip addr 10.0.0.10 255.255.255.255 !Specifies global HA address=loopback address to be used by all mobile nodes ip mobile home-agent address 10.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ip mobile virtual-network 40.0.0.0 255.0.0.0 ! Used to map to the HSRP group SanJoseHANet1 ip mobile home-agent standby SanJoseHANet1 virtual-network ! Used to map to the HSRP group SanJoseHANet2 ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2:
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.2 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 int lo0 ip addr 10.0.0.10 255.255.255.255 !Specifies global HA address=loopback address to be used by all mobile nodes ip mobile home-agent address 10.0.0.10 ip mobile virtual-network 20.0.0.0 255.0.0.0 ip mobile virtual-network 30.0.0.0 255.0.0.0 ip mobile virtual-network 40.0.0.0 255.0.0.0 ! Used to map to the HSRP group SanJoseHANet1 ip mobile home-agent standby SanJoseHANet1 virtual-network ! Used to map to the HSRP group SanJoseHANet2 ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455
(ii) Same Subnet
For each virtual network, a loopback address is configured on the HA to be on the same subnet as the virtual network. It is only necessary to configure one loopback interface, and assign different IP addresses to the loopback interface for each virtual network, that is, using the ip address ip-address mask [secondary] command. A mobile node on a particular virtual network will use HA IP address =loopback address configured for that virtual network. When a standby HA comes up, it will also use this HA IP address to retrieve mobility bindings for mobile nodes on a particular virtual network.
HA1
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHANet1 int e1 ip addr 2.0.0.1 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 ! loopback to receive registration from MN on each virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip addr 30.0.0.1 255.255.255.255 secondary ip addr 40.0.0.1 255.255.255.255 secondary ip mobile home-agent ! address used by Standby HA for redundancy (update and download) for ! each virtual-network ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1 ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 ! used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2 ip mobile home-agent standby SanJoseHANet1 virtual-network ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455
HA2
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA int e1 ip addr 2.0.0.2 255.0.0.0 standby ip 2.0.0.10 standby name SanJoseHANet2 ! loopback to receive registration from MN on each virtual-network int lo0 ip addr 20.0.0.1 255.255.255.255 ip addr 30.0.0.1 255.255.255.255 secondary ip addr 40.0.0.1 255.255.255.255 secondary ip mobile home-agent ! address used by Standby HA for redundancy (update and download) for ! each virtual-network ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1 ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1 ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1 ! used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2 ip mobile home-agent standby SanJoseHANet1 virtual-network ip mobile home-agent standby SanJoseHANet2 virtual-network ip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455 ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455
This section documents new or modified commands that configure the Mobile IP HA Redundancy feature on a network.
To define a global home agent address on a different subnet for virtual networks, use the ip mobile home-agent address global configuration command. To remove the address, use the no form of this command.
ip mobile home-agent address addr
Syntax Description
addr Home agent address.
Defaults
No global home agent addresses are specified.
Command Modes
Global configuration
Command History
12.0(2)T This command was introduced.
Release
Modification
Usage Guidelines
Mobile IP uses this home agent address to find the appropriate standby group to send binding updates or request binding tables.
The address will be the HSRP group address or the loopback interface address depending on the configuration.
Examples
The following example specifies a global home agent address of 1.0.0.10:
ip mobile home-agent address 1.0.0.10
Related Commands
show ip mobile globals Displays global information for mobile agents.
Command
Description
To configure the home agent for redundancy by using the Hot Standby Router Protocol (HSRP) group name, use the ip mobile home-agent standby global configuration command. To remove the address, use the no form of this command.
ip mobile home-agent standby hsrp-group-name [[virtual-network] address addr]
Syntax Description
hsrp-group-name Specifies HSRP group name. virtual-network (Optional) Specifies that the HSRP group is used to support virtual networks. address addr (Optional) Home agent address.
Defaults
No global home agent addresses are specified.
Command Modes
Global configuration
Command History
12.0(2)T This command was introduced.
Release
Modification
Usage Guidelines
The virtual-network keyword specifies that the HSRP group supports virtual networks.
|
Note Redundant home agents must have identical Mobile IP configurations. You can use a standby group to provide HA redundancy for either physical or virtual networks, but not both at the same time. |
When Mobile IP standby is configured, the home agent can request mobility bindings from the peer home agent. When the command is deconfigured, the home agent can remove mobility bindings. The following describes how home agent redundancy operates on physical and virtual networks.
Physical network:
Only the active home agent will receive registrations. It updates the standby home agent. The standby home agent requests the mobility binding table from the active home agent. When Mobile IP standby is deconfigured, the standby home agent removes all bindings, but the active home agent keeps all bindings.
Virtual network:
Both active and standby home agents receive registrations if the loopback interface is used; each will update the peer after accepting a registration. Otherwise, the active home agent receives registrations. Both active and standby home agents request mobility binding tables from each other. When Mobile IP standby is deconfigured, the standby or active home agent removes all bindings.
Examples
The following example specifies an HSRP group name of SanJoseHA:
ip mobile home-agent standby SanJoseHA
Related Commands
show ip mobile globals Displays global information for mobile agents.
Command
Description
To define a virtual network, use the ip mobile virtual-network global configuration command. To remove the virtual network, use the no form of this command.
ip mobile virtual-network net mask [address addr]
Syntax Description
net Network associated with the IP address of the virtual network. mask Mask associated with the IP address of the virtual network. address addr (Optional) IP address of a home agent on a virtual network.
Defaults
No home agent addresses are specified.
Command Modes
Global configuration
Command History
12.0(1)T This command was introduced. 12.0(2)T The address keyword was added.
Release
Modification
Usage Guidelines
This command inserts the virtual network into the routing table to allow mobile nodes to use the virtual network as their home network. The network is propagated when redistributed to other routing protocols.
|
Note You may need to include virtual networks when configuring the routing protocols. If this is the case, use the redistribute mobile router configuration command to redistribute routes from one routing domain to another. |
Examples
The following example adds the virtual network 20.0.0.0 to the routing table and specifies that the HA IP address is configured on the loopback interface for that virtual network:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA int lo0 ip addr 20.0.0.1 255.255.255.255 ip mobile home-agent ip mobile virtual-network 20.0.0.0 255.255.0.0 20.0.0.1 ip mobile home-agent standby SanJoseHA virtual-network ip mobile secure home-agent 1.0.0.2 spi 100 hex 00112233445566778899001122334455
Related Commands
ip mobile host Configures the mobile host or mobile node group. redistribute mobile Redistributes routes from one routing domain into another routing domain.
Command
Description
To display the mobility binding table associated with a home agent address, use the show ip mobile binding EXEC command.
show ip mobile binding [home-agent addr | summary]
Syntax Description
home-agent addr (Optional) IP address of home agent. summary (Optional) Total number of bindings in the table.
Command Modes
EXEC
Command History
12.0(1)T This command was introduced. 12.0(2)T The home-agent keyword was added. 12.1(2)T The summary keyword was added.
Release
Modification
Examples
The following is sample output from the show ip mobile binding command:
IRouter# show ip mobile binding
Mobility Binding List:
Total 1
20.0.0.1:
Care-of Addr 68.0.0.31, Src Addr 68.0.0.31,
Lifetime granted 02:46:40 (10000), remaining 02:46:32
Flags SbdmGvt, Identification B750FAC4.C28F56A8,
Tunnel100 src 66.0.0.5 dest 68.0.0.31 reverse-allowed
Routing Options - (G)GRE
Table 2 describes significant fields shown in the display.
| Field | Description |
|---|---|
Total | Total number of mobility bindings. |
IP address | Mobile node's home IP address. |
Care-of Addr | Mobile node's care-of address. |
Src Addr | IP source address of the Registration Request as received by the home agent. Will be either a mobile node's colocated care-of address or an address of the foreign agent. |
Lifetime granted | The lifetime granted to the mobile node for this registration. Number of seconds in parentheses. |
Lifetime remaining | The time remaining until the registration is expired. It has the same initial value as lifetime granted, and is counted down by the home agent. |
Flags | Registration flags sent by mobile node. Upper case characters denote bit set. |
Identification | Identification used in that binding by the mobile node. This field has two purposes: unique identifier for each request, and replay protection. |
Tunnel | The tunnel used by the mobile node is characterized by the source and destination addresses, and reverse-allowed or reverse-off for reverse tunnel. Default is IPIP encapsulation, otherwise GRE will be displayed in Routing Options. |
Routing Options | Routing options list all home agent-accepted services. For example, V bit may have been requested by mobile node (shown in Flags field), but home agent will not provide such service. Possible options are B (broadcast), D (direct-to-mobile node), G (GRE), and T (reverse-tunnel). |
Related Commands
show ip mobile globals Displays global information for mobile agents.
Command
Description
To configure the name of the standby group, use the standby name interface configuration command. To disable the name, use the no form of this command.
standby name string
Syntax Description
string Specifies the name of the standby group.
Defaults
HSRP is disabled.
Command Modes
Interface configuration.
Command History
12.0(2)T This command was introduced.
Release
Modification
Usage Guidelines
The name specifies the HSRP group used.
Examples
The following example specifies the standby name as SanJoseHA:
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA standby preempt delay sync 100 standby priority 110
Related Commands
ip mobile home-agent standby Configures the home agent for redundancy.
Command
Description
To configure a delay period before preempting, use the standby interface configuration command. To restore the default values, use the no form of this command.
standby [group-number] priority priority [preempt [delay [minimum | sync] delay] ]
Syntax Description
group-number (Optional) Group number on the interface to which the other arguments in this command apply. priority priority (Optional) Priority value that prioritizes a potential Hot Standby router. The range is 1 to 255; the default is 100. preempt delay minimum delay (Optional) Time in seconds. The delay argument causes the local router to postpone taking over the active role for delay (minimum) seconds since that router was last restarted. The range is 0 to 3600 seconds (1 hour). The default is 0 seconds (no delay). delay sync delay (Optional) Specifies the maximum synchronization period in delay seconds.
Defaults
group-number: 0
priority: 100
delay: 0 seconds; if the router wants to preempt, it will do so immediately.
By default, the router that comes up later becomes the standby.
Command Modes
Interface configuration
Command History
11.3 This command was introduced. 12.0(2)T The following keywords were added:
Release
Modification
Usage Guidelines
When using this command, you must specify at least one keyword (priority or preempt), or you can specify both.
When group number 0 is used, no group number is written to NVRAM, providing backward compatibility.
The assigned priority is used to help select the active and standby routers. Assuming preemption is enabled, the router with the highest priority becomes the designated active router. In case of ties, the primary IP addresses are compared, and the higher IP address has priority.
Note that the device's priority can change dynamically if an interface is configured with the standby track command and another interface on the router goes down.
When a router first comes up, it does not have a complete routing table. If it is configured to preempt, it will become the active router, yet it is unable to provide adequate routing services. This problem is solved by configuring a delay before the preempting router actually preempts the currently active router.
If the standby preempt command is used, the preempt synchronization delay must be set or mobility bindings can not be retrieved before the home agent preempts to become active.
In the case where one router is designated as the active home agent, the priority is set highest in the HSRP group and preempt is set. Also, the preempt delay sync command is configured so that all bindings are downloaded to the router before it takes the active role. When all bindings are downloaded or when the timer expires, whichever is first, the router becomes active.
Examples
The following example shows that HA1 is favored to provide home agent service for mobile nodes on physical network e0 because the priority is set to 110, which is above the default of 100. During preemption, it does not become the active home agent until it retrieves the mobility binding table from the current active home agent or until 100 seconds expire for home agent synchronization.
HA1
int e0 ip addr 1.0.0.1 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA standby preempt standby preempt delay sync 100 standby priority 110
HA2
int e0 ip addr 1.0.0.2 255.0.0.0 standby ip 1.0.0.10 standby name SanJoseHA
Related Commands
standby track Configures an interface so that the Hot Standby priority changes based on the availability of other interfaces.
Command
Description
This section documents the new debug command related to the Mobile IP Home Agent Redundancy feature.
To display Mobile IP redundancy activities, use the debug ip mobile command.
debug ip mobile [advertise | host [access-list-number] | local-area | standby]
Syntax Description
advertise (Optional) Advertisement information. host (Optional) Mobile node host. access-list-number (Optional) Number of an IP access list. local-area (Optional) Local area. standby (Optional) Redundancy activities
Command History
12.0(1)T This command was introduced. 12.0(2)T The standby keyword was added.
Release
Modification
Usage Guidelines
Use the debug ip mobile command to troubleshoot redundancy problems.
Examples
The following is sample output from the debug ip mobile standby command. In this example, the active HA receives a registration request from MN 20.0.0.2 and sends a binding update to peer HA 1.0.0.2:
MobileIP:MN 20.0.0.2 - sent BindUpd to HA 1.0.0.2 HAA 20.0.0.1 MobileIP:HA standby maint started - cnt 1 MobileIP:MN 20.0.0.2 - sent BindUpd id 3780410816 cnt 0 elapsed 0 adjust -0 to HA 1.0.0.2 in grp 1.0.0.10 HAA 20.0.0.1
In this example, the standby HA receives a binding update for MN 20.0.0.2 sent by active HA:
MobileIP:MN 20.0.0.2 - HA rcv BindUpd from 1.0.0.3 HAA 20.0.0.1
agent discovery—The method by which a mobile node determines whether it is currently connected to its home network or a foreign network and detects whether it has moved and the way it has moved. It is the mechanism by which mobile nodes query and discover mobility agents. This is done is through an extension of the ICMP router discovery protocol, IRDP (RFC 1256),which includes a mechanism to advertise mobility services to potential users.
binding information—Binding information contains the entries in the mobility binding table.
binding information reply—Active HA replies with all binding information to standby HA when request received.
binding information reply acknowledgement—The peer home agent acknowledges that it has received the requested binding information.
binding information request—The HA sends a binding information request to its peer to retrieve all mobility bindings for a specified HA address.
binding update—A binding update contains the information in a mobile node's registration request. The HA sends the update to its peer after accepting a registration.
foreign agent—A router on a mobile node's visited network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers datagrams to the mobile node that were tunneled by the mobile node's home agent. For datagrams sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.
home agent—A router on a mobile node's home network that tunnels packets to the mobile node while it is away from home. It keeps current location information for registered mobile nodes called a mobility binding.
HSRP group address—The virtual IP address of the HSRP group.
loopback address—A special IP number that is designated for the software loopback interface of a machine. The loopback interface has no hardware associated with it, and it is not physically connected to a network. This allows testing of software even if a physical device goes down.
loopback interface—A software function that emulates many of the functions of a real interface.The loopback interface has no hardware associated with it, and it is not physically connected to a network.
mobile node—A host or router that changes it point of attachment from one network or subnet to another. A mobile node can change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its home IP address, assuming link-layer connectivity to a point of attachment is available.
mobility binding—The association of a home address with a care-of address and the remaining lifetime.
peer HA—Active HA and standby HA are peers to each other.
physical network—Physical infrastructure of a network, for example, cables and wires.
tunnel—The path followed by a first packet while it is encapsulated with the payload portion of a second packet.
virtual network—Logical circuits that share a common physical infrastructure. A network that is programmed, not hardwired, to meet specifications.
Posted: Mon Aug 28 09:06:09 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.