Default Mobile Node
The Address section for a default mobile node contains the Type, SPI, and Pool labels. The Node-Default parameter enables you to permit all mobile nodes to get service if they have the correct SPI (defined in this section). The Address section, using the Node-Default parameter, has the following syntax:
[Address Node-Default] Type = Node SPI = SPI-identifier Pool = Pool-identifier
The Node-Default enables you to reduce the size of the configuration file. Otherwise, each mobile node requires its own section. However, the Node-Default does pose a security risk. If a mobile node is no longer trusted for any reason, you need to update the security information on all trusted mobile nodes. This task can be very tedious. However, you can use the Node-Default in networks that consider security risks unimportant.
The following table describes the labels and values that you can use in the Address section for a default mobile node.
Table 25-8 Address Section Labels and Values--Default Mobile Node
Specifies entry for a mobile node
Specifies SPI value for the associated entry
Allocates the pool from which an address is assigned to a mobile node
You must have corresponding SPI and Pool sections for the SPI and Pool labels that are defined in the Address section with a default mobile node, as shown in the following illustration.
Figure 25-2 Corresponding SPI and Pool Sections for Address Section With a Default Mobile Node
Configuring the Mobility IP Agent
You can use the mipagentconfig command to configure the mobility agent. This command enables you to create or modify any parameter in the /etc/inet/mipagent.conf configuration file. Specifically, you can change any setting, and add or delete mobility clients, pools, and SPIs. The mipagentconfig command has the following syntax:
# mipagentconfig <command> <parameter> <value>
The following table describes the commands that you can use with mipagentconfig to create or modify parameters in the /etc/inet/mipagent.conf configuration file.
Table 25-9 mipagentconfig Commands
Used to add advertisement parameters, security parameters, SPIs, and addresses to the configuration file
Used to change advertisement parameters, security parameters, SPIs, and addresses in the configuration file
Used to delete advertisement parameters, security parameters, SPIs, and addresses from the configuration file
Used to display current settings in the configuration file
See the mipagentconfig(1M) man page for a description of command parameters and acceptable values. "Modifying the Mobile IP Configuration File" provides procedures that use the mipagentconfig command.
Mobile IP Mobility Agent Status
You can use the mipagentstat command to display a foreign agent's visitors list and a home agent's binding table. You can also display the security associations with an agent's mobility agent peers. To display the foreign agent visitor list, you use the mipagentstat command's -f option. To display the home agent binding table, you use the mipagentstat command's -h option. To display the security associations with an agent's mobility agent peers, you use the mipagentstat command's -p option. The following examples show typical output when using the mipagentstat command with these options.
Example 25-1 Foreign Agent Visitor List
Mobile Node Home Agent Time (s) Time (s) Flags Granted Remaining --------------- -------------- ------------ --------- ----- foobar.xyz.com ha1.xyz.com 600 125 .....T. 10.1.5.23 10.1.5.1 1000 10 .....T.
Example 25-2 Home Agent Binding Table
Mobile Node Home Agent Time (s) Time (s) Flags Granted Remaining --------------- -------------- ------------ --------- ----- foobar.xyz.com fa1.tuv.com 600 125 .....T. 10.1.5.23 18.104.22.168 1000 10 .....T.
Example 25-3 Mobility Agent Peer Security Association Table
See mipagentstat(1M) command for more information about the command's options. "Displaying Mobility Agent Status" provides procedures that use the mipagentstat command.
Mobile IP State Information
On shutdown, the mipagent daemon stores internal state information in /var/inet/mipagent_state. This occurs only when the mipagent provides services as a home agent. This state information includes the list of mobile nodes that are being supported as a home agent, their current care-of addresses, and remaining registration lifetimes. This state information also includes the security association configuration with mobility agent peers. If the mipagent program is terminated (for maintenance) and restarted, mipagent_state is used to re-create as much of the mobility agent's internal state as possible in an effort to minimize service disruption for mobile nodes that might be visiting other networks. If mipagent_state exists, it is read immediately after mipagent.conf every time mipagent is started or restarted.
netstat Extensions for Mobile IP
Mobile IP extensions have been added to the netstat(1M) command to identify Mobile IP forwarding routes. Specifically, you can use the netstat(1M) command to display a new routing table that is called "Source-Specific." See the netstat(1M) man page for more information.
The following example shows the output of netstat when you use the -nr flags.
Example 25-4 Output From netstat Command
Routing Table: IPv4 Source-Specific Destination In If Source Gateway Flags Use Out If -------------- ------- ------------ --------- ----- ---- ------- 10.6.32.11 ip.tun1 -- 10.6.32.97 UH 0 hme1 -- hme1 10.6.32.11 -- U 0 ip.tun1
The example shows the routes for a foreign agent that uses a reverse tunnel. The first line indicates that the destination IP address 10.6.32.11 and the incoming interface ip.tun1 select hme1 as the interface that forwards the packets. The next line indicates that any packet that originates from interface hme1 and source address 10.6.32.11 must be forwarded to ip.tun1.
snoop Extensions for Mobile IP
Mobile IP extensions have been added to the snoop(1M) command to identify Mobile IP traffic on the link. See the snoop(1M) man page for more information.
The following example shows the output of snoop that runs on the mobile node, mip-mn2.
Example 25-5 Output From snoop Command
This example shows that the mobile node received one of the periodically sent mobility agent advertisements from the foreign agent, mip-fa2. Then mip-mn2 sent a registration request to mip-fa2, and in response, received a registration reply. The registration reply indicates that the mobile node successfully registered with its home agent.
The snoop(1M) command also supports IPsec extensions. Consequently, you can show how registration and tunnel packets are being protected.