Home Agent assisted Route Optimization between Mobile IPv4 Networks

Traditionally, there has been no method for route optimization in Mobile IPv4 apart from an early attempt . Unlike Mobile IPv6, where Route Optimization has been included from the start, with Mobile IPv4 route optimization hasn't been addressed in a generalized scope. Even though general route optimization may not be of interest in the scope of IPv4, there are still specific applications for Route Optimization in Mobile IPv4. This document proposes a method to optimize routes between networks behind Mobile Routers, as defined by NEMO. Although NAT and the pending shortage of IPv4 addresses makes widespread deployment of end-to-end route optimization infeasible, using Route Optimization from a Mobile router to Mobile router is still a practical scenario. Note that the method specified in this document is only for Route Optimization between Mobile Routers; any network prefix not advertised by a Mobile Router would still be routed via the Home Agent, although an MR could advertise very large address spaces, e.g. by acting as an Internet gateway. A particular use case concerns setting up redundant yet economical enterprise networks. Recently, a trend has emerged where customers prefer to maintain connectivity via multiple service providers. Reasons include redundancy, reliability, and availability issues. These kinds of multi-homing scenarios have traditionally been solved by using such technologies as multihoming BGP. However, a more lightweight and economical solution is desirable. From a service provider perspective a common topology for an enterprise customer network consists of one to several sites (typically headquarters and various branch offices). These sites are typically connected via various Layer 2 technologies (ATM or Frame relay PVCs), MPLS VPNs, or Layer 3 site-to-site VPNs. With a Service Level Agreement, a customer can obtain a very reliable and well supported intranet connectivity. However, compared to the cost of "consumer-grade" broadband Internet access the SLA-guaranteed version can be considered very expensive. These consumer-grade options, however, are not reliable approach for mission-critical applications. Mobile IP, especially Mobile Routers, can be used to improve reliability of connectivity even when implemented over consumer-grade Internet access. The customer becomes a client for a virtual service provider, which does not take part in the actual access technology. The service provider has a backend system and an IP address pool that it distributes to customers. Access is provided by multiple, independent, possibly consumer-grade ISPs, with Mobile IP providing seamless handovers if service from a specific ISP fails. The drawback of this solution is that it creates a star topology; All Mobile IP tunnels end up at the service provider hosted home agent, causing heavy load at the backend. Route Optimization between mobile networks addresses this issue, by taking network load off the home agent and the backend. An example network is pictured below:

In this example case, the organization network consists of two sites that are connected via 2 ISPs for redundancy reasons. Mobile IP allows fast handovers without problems of multi-homing and BGP peering between each individual ISP and the organization. The traffic however takes a non-optimal route through the virtual operator backend. Route optimization addresses this issue, allowing traffic between Sites A and B to flow directly through ISP B's network, or in case of a link failure, via the ISP peering point (such as MAE-WEST). The backend will not suffer from heavy loads. The specification in this document is meant to be experimental, with the primary design goal is to limit the load on the backend to minimum. Additional design goals include extensibility to a more generalized scope, such as not requiring all MRs to be homed on the same Home Agent. Experiences are mostly sought on applicability to real-world operations, and protocol-specific issues such as signaling scalability, interworking with other Mobile IP extensions not specifically addressed in the document and behavior of end-user applications over route-optimized paths. The aforementioned use-case is the original application. Moving to standards track should be considered after enough deployment experience has been gathered. Besides the aforementioned issues, additional elements that might require refinement based on real-world experiences are delivery of information on networks managed by peer Mobile Routers, conducting of the MR<->MR authentication, reaction and recovery methods to connectivity breakdowns and other break-before-make topology changes, keepalive timer intervals, formats of signaling extensions, behavior in NAT/firewalled environment and the prefix and realm compression algorithms.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. RFC 5944 defines Care-of Address as the termination point of a tunnel toward a mobile node, for datagrams forwarded to the mobile node while it is away from home. The protocol can use two different types of care-of address: a "foreign agent care-of address" which is an address of a foreign agent with which the mobile node is registered, and a "co-located care-of address", which is an externally obtained local address which the mobile node has associated with one of its own network interfaces. However, in the case of Network Mobility, foreign agents are not used, so no foreign care-of addresses are used either. RFC 5944 defines a Correspondent node as a peer with which a mobile node is communicating. Correspondent Router is a peer Mobile Router which MAY also represent one or more entire networks. RFC 5944 defines Home Address as an IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet. RFC 5944 defines Home Agent as a router on a mobile node's home network which tunnels datagrams for delivery to the mobile node when it is away from home, and maintains current location information for the mobile node. For this application, the "home network" sees limited usage. Network Prefix with the mask of /32. e.g. 192.0.2.254/32, consisting of a single host. RFC 5944 defines Mobility Binding as the association of Home Address with a Care-of address, along with the lifetime remaining for that association. RFC 5177 defines Mobile Network Prefix as the network prefix of the subnet delegated to a Mobile Router as the Mobile Network. Mobile Router as defined by RFC 5177 and RFC 5944 . They define a Mobile Router as a mobile node that can be a router that is responsible for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, a bicycle, or a kayak. Data structure maintained by Mobile Routers on possible destinations for Route Optimization. Contains information (Home Addresses) on potential Correspondent Routers and their associated Mobile Networks. Procedure to bind a Mobile Router's Home Address to a Care-of address on a Correspondent Router with a degree of trust. Some formulas in this specification use the symbol "|" to indicate bytewise concatenation, as in A | B. This concatenation requires that all of the octets of the datum A appear first in the result, followed by all of the octets of the datum B. Some formulas in this specification use a functional form "First (size, input)" to indicate truncation of the "input" data so that only the first "size" bits remain to be used.

This section describes the changed functionality of Home Agent and Mobile Router compared to the base NEMOv4 operation defined in . The basic premise is still the same; Mobile Routers, when registering to the Home Agent, may inform the Home Agent of the mobile network prefixes they are managing (explicit mode) or the Home Agent already knows the prefix assignments. However, instead of prefix <-> Mobile Router mapping information only remaining on the Home Agent and the single Mobile Router, this information will now be distributed to the other Mobile Routers as well. The Home Agent-assisted Route Optimization is primarily intended for helping to optimize traffic patterns between multiple sites in a single organization or administrative domain; however, extranets can also be reached with optimized routes, as long as all Mobile Routers connect to the same Home Agent. The procedure aims to maintain backwards compatibility; with legacy nodes or routers full connectivity is always preserved even though optimal routing cannot be guaranteed. The scheme requires a Mobile Router to be able to receive messages from other Mobile Routers unsolicited - that is, without first initiating a request. This behavior - accepting unsolicited messages - is similar to the registration revocation procedure. Many of the mechanisms are the same - including the fact that advertising route optimization support upon registration implies capability to receive registration requests and return routability messages from other Mobile Routers. Compared to IPv6, where Mobile Node <-> Correspondent node bindings are maintained via Mobility Routing header and Home Address options, Mobile IPv4 always requires the use of tunnels. Therefore, inter-mobile-router tunnel establishment has to be conducted.

During registration, a registering Mobile Router MAY request information on route-optimizable network prefixes. The Mobile Router MAY also allow redistribution of information on its managed network prefixes regardless of whether they are explicitly registered or already configured. These are indicated with a Mobile Router Route Optimization capability extension; see . If the Home Agent accepts the request for Route Optimization, this is indicated with a Route Optimization Reply extension in the registration reply. Note that the redistribution of network prefix information from the Home Agent happens only during the registration signaling. There are no "routing updates" from the Home Agent except during re-registrations triggered by handovers, registration timeouts, and specific solicitation. The solicitation re-registration MAY occur if a Correspondent Router receives a registration request from a unknown Mobile Router (see ).

As noted, a NEMO-supporting Home Agent already maintains information on which network prefixes are reachable behind specific Mobile Routers. The only change to this functionality is that this information can now be distributed to other Mobile Routers upon request. This request is implied by including a Route Optimization capability extension Route Optimization capability extension and setting the 'R' bit. When a Home Agent receives a registration request, standard authentication and authorization procedures are conducted. If registration is successful and the Route Optimization capability information extension was present in the registration request, the reply message MUST include Route Optimization Reply extension to indicate that Route Optimization Capability extension was understood. Furthermore, the extension also informs the Mobile Router whether NAT was detected between Home Agent and the Mobile Router using the procedure in RFC 3519, which is based on the discrepancy between requester's indicated Care-of address and packet's source address. The reply message MAY also include one route optimization prefix advertisement extension which informs the Mobile Router of existing mobile network prefixes and the Mobile Routers that manage them, if eligible for redistribution. The networks SHOULD be included in order of priority, with the prefixes determined by policy as most desirable targets for Route Optimization listed first. The extension is constructed as shown in . The extension consists of a list where each Mobile Router, identified by Home Address, is listed with corresponding prefix(es) and their respective realm(s). Each network prefix can be associated with a realm, usually in the form 'organization.example.com'. Besides the routers in the customer's own organization, the prefix list may also include other Mobile Routers, e.g. a default prefix (0.0.0.0/0) pointing towards an Internet gateway for Internet connectivity or additional prefixes belonging to possible extranets. The realm information can be used to make policy decisions on the Mobile Router, such as preferring optimization within a specific realm only. Furthermore, the unique realm information can be used to differentiate between overlapping address spaces utilized by the same or different organizations concurrently and adjusting forwarding policies accordingly. In a typical scenario where Network Prefixes are allocated to Mobile Routers connecting to a single Home Agent, the prefixes are usually either continuous or at least very close to each other. Due to these characteristics, an optional prefix compression mechanism is provided. Another, optional, compression scheme is in use for realm information, where realms often share the same higher-level domains. These compression mechanisms are further explained in . Upon receiving a registration reply with a Route Optimization prefix advertisement extension, the Mobile Router SHALL insert the Mobile Router Home Addresses included in the extension as host-prefixes to the local Route Optimization Cache if they do not already exist. If present, any additional prefixes information SHALL also be inserted into the Route Optimization Cache. The Mobile Router MAY discard entries from a desired starting point onwards, due to memory or other policy related constraints. The intention of listing the prefixes in order of priority is to provide implicit guidance for this decision. If the capacity of the device allows, the Mobile Router SHOULD use information on all advertised prefixes.

Mobile routers supporting route optimization will maintain a Route Optimization Cache. The Route Optimization Cache contains mappings between potential Correspondent Router HoA's, network(s) associated with each HoA, information on reachability related to NAT and other divisions, and Return Routability procedure-related information. The Cache is populated based on information received from the Home Agent in Route optimization prefix advertisements and in registration messages from Correspondent Routers. Portions of the cache may also be configured statically. The Route Optimization Cache contains the following information for all known Correspondent Routers. Note that some fields may contain multiple entries. For example, during handovers, there may be both old and new CoA's listed. Correspondent Router's Home Address. Primary key identifying each CR. Correspondent Router's Care-of Address(es). May be empty if none known. Potential tunnel's destination address(es). Mobile Router's Care-of Address(es) used with this Correspondent Router. Tunnel's source address. Tunnel interface(s) associated with this Correspondent Router. The tunnel interface itself handles all the necessary operations to keep the tunnel operational, e.g. Sending keepalive messages required by UDP encapsulation. A table of booleans, set for all pairs of potential MR-CoA's and CR-CoA's which require NAT awareness and the behavior is known, populated either statically or based on discovery. If set to true, the MR can establish a UDP tunnel towards the CR, using this pair of CoA's. A received advertisement can indicate this to be set initially false for all respective CR's CoA's. Affects tunnel establishment direction; see and the registration procedure in deciding which Care-of-addresses to include in the Care-of-address extension in registration reply. If set to true, mandates use of UDP encapsulation. Return routability state for each CR-HoA and MR-CoA pair. States are INACTIVE, IN PROGRESS and ACTIVE. If state is INACTIVE, return routability procedure must be completed before forwarding route-optimized traffic. If state is IN PROGRESS or ACTIVE, the information concerning this Correspondent Router MUST NOT be removed from Route Optimization Cache as long as a tunnel to the Correspondent Router is established. Registration management key for each CR-HoA - MR-CoA pair. This field is only used if configured statically - if the KRm was computed using Return Routability procedure, it is calculated in-situ based on nonces and router key. If configured statically, RRSTATE is permanently set to ACTIVE. If the KRm was established with Return Routability procedure, contains the Care-of nonce index for each MR-CoA - CR-HoA pair. If the KRm was established with Return Routability procedure, contains the Care-of keygen token for each MR-CoA - CR-HoA pair. If the KRm was established with Return Routability procedure, contains the Home nonce index for each CR-HoA If the KRm was established with Return Routability procedure, contains the Home keygen token for each CR-HoA. A list of destination network prefixes reachable via this Correspondent Router. Includes network and prefix length, e.g. 192.0.2.0/25. Always contains at least a single entry, the CR-HoA host network prefix in the form of 192.0.2.1/32. Each prefix may be associated with a realm. May also be empty, if realm is not provided by advertisement or configuration. Boolean field for each prefix - CR-HoA pair, which is set to true if this prefix's owner has been confirmed. The Host Network Prefix consisting of the Correspondent Router itself does need validation beyond Return Routability procedure. For other prefixes, the confirmation is done by soliciting the information from HA. Traffic for prefixes which have unconfirmed ownership should not be routed through the tunnel. Information that is no longer valid due to expirations or topology changes MAY be removed from the Route Optimization Cache as desired by the Mobile Router.

The purpose of return routability procedure is to establish Care-of-Address <-> Home Address bindings in a trusted manner. The return routability procedure for Mobile IPv6 is described in . The same principles apply to the Mobile IPv4 version: two messages are sent to the Correspondent Router's Home Address, one via Home Agent using Mobile Router's Home Address, and the other directly from the Mobile Router CoA, with two responses coming through same routes. Registration management key is derived from token information carried on these messages. This registration management key (KRm) can then be used to authenticate registration requests (comparable to Binding Updates in Mobile IPv6). The Return Routability procedure is a method provided by the Mobile IP protocol to establish the KRm in a relatively lightweight fashion. If desired, the KRm's can be configured to Mobile Routers statically, or using a desired external secure key provisioning mechanism. If KRm's are known to the Mobile Routers via some other mechanism, the Return Routability procedure can be skipped. Such provisioning mechanisms are out of scope for this document. The main assumption on traffic patterns is that the Mobile Router that initiates the RR procedure can always send outbound messages, even when behind NAT or firewall. This basic assumption made for NAT Traversal in is also applicable here. In case the Correspondent Router is behind such obstacles, it receives these messages via the reverse tunnel to CR's Home Address, thus any problem regarding the CR's connectivity is addressed during the registration to the Home Agent. The Return Routability procedure consists of four Mobile IP messages: Home Test Init, Care-of Test Init, Home Test and Care-of Test. They are constructed as shown in through . If the Mobile Router has included the Mobile Router Route Optimization capability extension in its Registration Request, it MUST be able to accept Return Routability messages. The messages are delivered as Mobile IP signaling packets. The destination address of HoTI and CoTI messages is set to Correspondent Router's HoA with the sources being MR's home and care-of-address, respectively. The return routability procedure begins with the Mobile Router sending HoTI and CoTI messages, each containing a (different) 64-bit random value, the cookie. The cookie is used to bind specific signaling exchange together. Upon receiving the HoTI or CoTI message the Correspondent Router MUST have a secret Kcr and nonce. If it does not have this material yet, it MUST produce it before continuing with the return routability procedure. Correspondent Router responds to HoTI and CoTI messages by constructing HoT and CoT messages, respectively, as replies. The HoT message contains home init cookie, current home nonce index and home keygen token. The CoT message contains care-of init cookie, current care-of nonce index and care-of keygen token. The Home Keygen token is constructed as follows: Home keygen token = First (64, HMAC_SHA1 (Kcr, (home address | nonce | 0))) The Care-of Keygen token is constructed as follows: Care-of keygen token = First (64, HMAC_SHA1 (Kcr, (Care-of address | nonce | 1))) Note that the Care-of address in this case is the source address of the received CoTI message packet. The address may have changed in-transit due to network address translation. This does not affect registration process; subsequent registration requests are expected to arrive from the same translated address. Return Routability procedure SHOULD be initiated when the Route Optimization Cache's RRSTATE field for the desired Care-of Address with target Correspondent Router is INACTIVE. If the state was INACTIVE, the state MUST be set to IN PROGRESS when Return Routability procedure is initiated. In case of handover occurring, the Mobile Router SHOULD only send a CoTI message to obtain a new care-of keygen token; The home keygen token may still be valid. If the reply to a registration indicates that one or both of the tokens has expired, the RRSTATE MUST be set to INACTIVE. The Return Routability procedure may then be restarted as needed. Upon completion of Return Routability procedure, the Routing Optimization Cache's RRSTATE field is set to ACTIVE, allowing for registration requests to be sent. The Mobile Router will establish a registration management key KRm by default using SHA1 hash algorithm: KRm = SHA1 (home keygen token | care-of keygen token) When de-registering (by setting time to zero), care-of keygen token is not used. Instead the Registration management key is generated as follows: KRm = SHA1 (home keygen token) Like in Mobile IPv6, the Correspondent Router does not maintain any state for the Mobile Router until after receiving a registration request.

Each Mobile Router maintains a 'correspondent router key', Kcr, which MUST NOT be shared with any other entity. Kcr is used for authenticating peer Mobile Routers in the situation where a mobile router is acting as a CR. This is analogous to node key, Kcn, in Mobile IPv6. A Correspondent Router uses its router key to verify that the keygen tokens sent by a peer Mobile Router in a registration request are the CR's own. The router key MUST be a random number, 16 octets in length, generated with a good random number generator . The Mobile Router MAY generate a new key at any time to avoid persistent key storage. If desired, it is RECOMMENDED to expire the keys in conjunction with nonces; see .

Each Mobile Router also maintains one or more indexed nonces. Nonces SHOULD be generated periodically with a good random number generator . The Mobile Router may use the same nonces with all Mobile Routers. Nonces MAY be of any length, with the RECOMMENDED length being 64 bits.

The router keys and nonce updating guidelines are similar to ones in Mobile IPv6. Mobile Routers keep both the current nonce and small set of valid previous nonces whose lifetimes have not expired yet. Nonce should remain valid for at least MAX_TOKEN_LIFETIME (see ) seconds after it has first been used in constructing a return routability response. However, the correspondent router MUST NOT accept nonces beyond MAX_NONCE_LIFETIME seconds (see ) after the first use. As the difference between these two constants is 30 seconds, a convenient way to enforce the above lifetimes is to generate a new nonce every 30 seconds. The node can then continue to accept keygen tokens that have been based on the last 8 (MAX_NONCE_LIFETIME / 30) nonces. This results in keygen tokens being acceptable MAX_TOKEN_LIFETIME to MAX_NONCE_LIFETIME seconds after they have been sent to the mobile node, depending on whether the token was sent at the beginning or end of the first 30 second period. Note that the correspondent node may also attempt to generate new nonces on demand, or only if the old nonces have been used. This is possible, as long as the correspondent node keeps track of how long a time ago the nonces were used for the first time, and does not generate new nonces on every return routability request. If Kcr is being updated, the update SHOULD be done at the same time as nonce is updated. This way, nonce indexes can be used to refer to both Kcr's and nonces.

This section deals with the operation of Mobile and Correspondent Routers performing route optimization. Note that in the context of this document all routers work as both Mobile Router and Correspondent Router. The term "Mobile Router" applies to the router initiating the Route Optimization procedure, and "Correspondent Router" indicates the peer router. Especially compared to Mobile IPv6 route optimization there are two issues that are different regarding IPv4. First of all, since Mobile IPv4 always uses tunnels, there must be a tunnel established between MR and CR's Care-of addresses. The Correspondent Router learns of Mobile Router's Care-of address as it is provided by the Registration Request. The Mobile Router learns the Correspondent Router's Care-of address by a new extension, "Care-of Address", in the registration reply. The second issue is a security consideration: in a registration request, the Mobile Router claims to represent an arbitrary IPv4 network. If the CR has not yet received this information (HoA <-> Network prefix), it SHOULD perform a re-registration to the Home Agent to verify the claim. An additional aspect is that Mobile Router MAY use a different Care-of-Address for different Correspondent Routers (and Home Agent). This is useful in situations where the network provides only partial-mesh connectivity, and specific interfaces must be used to reach specific destinations. In addition, this allows for load balancing.

Since each Mobile Router knows the eligible route-optimizable networks, the route optimization between all Correspondent Routers can be established at any time; however a better general practice is to conduct Route Optimization on-demand only. It is RECOMMENDED to start Route optimization only when sending a packet that originates from a local managed network (and the network is registered as route optimizable) and whose destination address falls within the network prefixes of the Route Optimization Cache. With a small number of Mobile Routers, such on-demand behavior may not be necessary and full-mesh route-optimization may be in place constantly.

Each Mobile Router maintains a routing table. In a typical situation, the Mobile Router has one or more interface(s) to the local networks, one or more interface(s) to wide-area networks (such as provided by ISPs), and a tunnel interface to the Home Agent. Additional tunnel interfaces become activated as Route Optimization is being performed. The routing table SHOULD typically contain Network Prefixes managed by Correspondent Routers associated with established route-optimized tunnel interfaces. A default route MAY point to the reverse tunnel to the Home Agent if not overridden by prefix information. The routing table MAY also include additional routes if required by tunneling implementation. The route for the Home Address of Correspondent Router SHOULD also be pointing towards the tunnel taking the optimized path. If two prefixes overlap each other, e.g. 192.0.2.128/25 and 192.0.2.128/29, the standard longest match rule for routing is in effect. However, overlapping private address SHOULD be considered an error situation. Any aggregation for routes in private address space SHOULD be conducted only at HA.

If route optimization between a Mobile Router and a Correspondent Router is desired, either the Return Routability procedure must have been performed ( See ), or key KRm must be pre-shared between the Mobile and Correspondent Router. If either condition applies, a Mobile Router MAY send a registration request to the Correspondent Router's HoA from the desired interface. The registration request's source address and Care-of address field are set to the address of the desired outgoing interface on the Mobile Router. The address MAY be same as the Care-of address used with the Home Agent. The Home Agent field is set to the Home Agent of the Mobile Router. The registration request MUST be sent to (have a destination address of) the Home Address of the Correspondent Router. The registration request MUST include a Mobile-Correspondent Authentication extension defined in and SHOULD include a Mobile Network Request Extension defined in . If present, the Mobile Network Request Extension MUST contain the network prefixes, as if registering in explicit mode. If timestamps are used, the Correspondent Router MUST check the identification field for validity. The Authenticator field is hashed with the key KRm. The Correspondent Router replies to the request with a Registration Reply. The registration reply MUST include a Mobile-Correspondent Authentication extension defined in and, if Mobile Network Request Extension was present in the request, a Mobile Network Acknowledgement extension. The encapsulation can be set as desired, except in the case where the Route Optimization Cache Entry has NAT entries for the Correspondent Router, or the Mobile Router itself is known to be behind NAT or firewall. If either of the conditions apply, the Registration Request MUST specify UDP encapsulation. It is RECOMMENDED to always use UDP encapsulation to facilitate detection of path failures via keepalive mechanism. The Correspondent Router first checks the registration request's authentication against Kcr and nonce indexes negotiated during Return Routability procedure. This ensures that the registration request is coming from a correct Mobile Router. If the check fails, an appropriate registration reply code is sent (see ). If the failure is due to nonce index expiring, the Mobile Router sets RRSTATE for the CR to INACTIVE. Return routability procedure MAY then be initiated again. If the check passes, the Correspondent Router MUST then check it's Route Optimization Cache for whether the Mobile Router exists is associated with the prefixes included in the request (Prefixes are present and Flag HA is true for each prefix). Note that the viewpoint is always local; the Correspondent Router compares CR-HoA entries against the MR's Home Address - from the CR's perspective the Mobile Router is also a "Correspondent Router". If the check against the cache fails, the Correspondent Router SHOULD send a re-registration request to Home Agent with the 'S' (solicitation) bit set, thus obtaining the latest information on Network Prefixes managed by the incoming Mobile Router. If, even after this update, the prefixes still don't match, the reply's Mobile Network Acknowledgement code MUST be set to "MOBNET_UNAUTHORIZED". The registration MAY also be rejected completely. This verification is done to protect against Mobile Routers claiming to represent arbitrary networks; however, since the Home Agent is assumed to provide trusted information, it can authorize the Mobile Router's claim. If the environment itself is considered trusted, the Correspondent Router can, as a policy, accept registrations without this check; however, this is NOT RECOMMENDED as a general practice. If the prefixes match, the Correspondent Router MAY accept the registration. If the CR chooses to accept, the CR MUST check if a tunnel to the Mobile Router already exists. If the tunnel does NOT exist or has wrong endpoints (CoAs), a new tunnel MUST be established and the Route Optimization Cache updated. The reply MUST include a list of eligible care-of-addresses (see ), with which the Mobile Router may establish a tunnel. The reply MUST also include Mobile-Correspondent Authentication extension (See ). Upon receiving the registration reply, the Mobile Router MUST check if a tunnel to the Correspondent Router already exists. If the tunnel does NOT exist, or has wrong endpoints (CoAs), a new tunnel MUST be established and Route Optimization Cache updated. This is covered in detail in . The Correspondent Router's routing table MUST be updated to indicate that the Mobile Router's networks are reachable via the direct tunnel to the Mobile Router. After the tunnel is established, the Mobile Router MAY update it's routing tables to reach all Correspondent Router's Prefixes via the tunnel, although it is RECOMMENDED to wait for the Correspondent Router to perform it's own, explicit registration. This is primarily a policy decision depending on the network environment. See . Due to the fact that the route optimization procedures may occur concurrently at two Mobile Routers, each working as each other's Correspondent Router, there may be a situation where two routers are attempting to establish separate tunnels between them at the same time. If a router with a smaller Home Address (meaning a normal 32-bit integer comparison treating IPv4 addresses as 32-bit unsigned integers) receives a registration request (in CR role) while its own registration request (sent in MR role) is pending, the attempt should be accepted with reply code "concurrent registration" (Value TBA_S1). If receiving such an indication, the recipient SHOULD consider the registration a success, but only act on it once the peer has completed it's own registration.

Inter-Mobile Router tunnel establishment follows establishing standard reverse tunnels to the Home Agent. The registration request to Correspondent Router includes information on the desired encapsulation. It is RECOMMENDED to use UDP encapsulation. In the cases of GRE , IP over IP or minimal encapsulation no special considerations regarding the reachability are necessary; The tunnel has no stateful information; The packets are simply encapsulated within the GRE, IP, or minimal header. The tunnel origination point for the Correspondent Router is its Care-of Address, not the Home Address where the registration requests were sent. This is different from creation of the Reverse Tunnel to Home Agent, which reuses the channel from registration signaling. Special considerations rise from using UDP encapsulation, especially in cases where one of the Mobile Routers is located behind NAT or firewall. A deviation from RFC 3519 is that keepalives should be sent both from ends of the tunnel to detect path failures after the initial keepalive has been sent - this allows both MR and CR to detect path failures. The initial UDP keepalive SHOULD be sent by the MR. Only after first keepalive is successfully completed, SHOULD the tunnel be considered eligible for traffic. If reply to the initial keepalive is not received, the MR may opt to attempt sending the keepalive with other Care-of addresses provided by the registration reply to check whether they provide better connectivity, or if all of these fail, perform a re-registration via alternative interface, or deregister completely. See . Once the initial keepalive packet has reached the CR and reply has been sent, the CR MAY start sending its own keepalives. The original specification for UDP encapsulation suggests a keepalive interval default of 110 seconds. However, to provide fast response time and switching to alternate paths, it is RECOMMENDED, if power and other constraints allow, to use considerably shorter periods, adapting to the perceived latency as needed. However, the maximum amount of keepalives should at no point exceed MAX_UPDATE_RATE times per second. The purpose of keepalive is not to keep NAT or firewall mappings in place, but serve as a mechanism to provide fast response in case of path failures. If both the Mobile Router and the Correspondent Router are behind separate NATs, route optimization cannot be performed between them. Possibilities to set up mutual tunneling when both routers are behind NAT, are outside the scope of this document. However, some of these issues are addressed in . The designations "MR" and "CR" only apply to the initial tunnel-establishment phase. Once a tunnel is established between two routers, either of them can opt to either tear down the tunnel or perform a handover. Signaling messages have to be authenticated with valid KRm.

All packets received by the Mobile Router are forwarded using normal routing rules according to the routing table. There are no special considerations when constructing the packets, the tunnel interface's own processes will encapsulate any packet automatically.

Handovers and connection breakdowns can be categorized as either ungraceful or graceful, also known as "break-before-make" (bbm) and "make-before-break" (mbb) situations. As with establishment, the "Mobile Router" discussed here is the router wishing to change connectivity state, "Correspondent Router" being the peer. When a Mobile Router wishes to join its home link, it SHOULD, in addition to sending the registration request to the Home Agent with lifetime set to zero, also send such a request to all known Correspondent Routers to their Home Address. The Correspondent Router(s), upon accepting this request and sending the reply, will check whether Route Optimization Cache contains any prefixes associated with the requesting Mobile Router. These entries should be removed and routing table updated accordingly (traffic for the prefixes will be forwarded via the Home Agent again). The tunnel MUST then be destroyed. A short grace period SHOULD be used to allow possible in-transit packets to be received correctly. In the case of a handover, the Correspondent Router simply needs to update the tunnel's destination to the Mobile Router's new Care-of Address. Mobile Router SHOULD keep accepting packets from both old and new care-of Addresses for a short grace period, typically on the order of ten seconds. In the case of UDP encapsulation, it is RECOMMENDED to use same port numbers for both registration signaling and tunneled traffic if possible. The initial keepalive message sent by the MR will verify that direct connectivity exists between MR and CR - if the keepalive fails, the MR SHOULD attempt alternate paths. If the Mobile Router was unable to send the re-registration request before handover, it MUST send it immediately after handover has been completed and tunnel with the Home Agent is established. Since Care-of Address(es) changing invalidates the Krm, it is RECOMMENDED to conduct partial Return Routability by sending CoTI message via the new Care-of-Address and obtaining new care-of keygen token. In all cases, necessary tokens have also to be acquired if the existing ones have expired. If a reply is not received for a registration request to a Correspondent Router, any routes to the network prefixes managed by the Correspondent Router MUST be removed from the routing table, thus causing the user traffic to be forwarded via the Home Agent.

The information the Home Agent maintains on Mobile Network prefixes and the Mobile Routers' Route Optimization Caches do not need to be explicitly synchronized. This is based on the assumption that at least some of the traffic between nodes inside mobile networks is always bidirectional. If using on-demand route optimization, this also implies that when a node in a mobile network talks to a node in another mobile network, if the initial packet does not trigger Route Optimization, the reply packet will. Consider a situation with three mobile networks, A, B, C handled by three Mobile Routers, MR A, MR B and MR C respectively. If they register to a Home Agent in this order, the situation goes as follows: MR A registers and receives no information on other networks from HA, as no other MR has registered yet. MR B registers and receives information on mobile network A being reachable via MR A. MR C registers and receives information on both of the other mobile networks. If a node in mobile network C is about to send traffic to mobile network A, the route optimization is straightforward; MR C already has network A in its Route Optimization Cache. Thus, packet transmission triggers Route Optimization towards MR A. When MR C registers to MR A (after Return Routability procedure is completed), MR A does not have information on mobile network C; Thus it will perform a re-registration to the Home Agent on-demand. This allows MR A to verify that MR C is indeed managing network C. If a node in mobile network B sends traffic to mobile network C, MR B has no information on network C. No route optimization is triggered. However, when the node in network C replies and the reply reaches MR C, route optimization happens as above. Further examples of signaling are in . Even in the very rare case of completely unidirectional traffic from an entire network, the re-registrations to the Home Agent caused by timeouts will eventually cause convergence. However, this should be treated as a special case. Note that all Mobile Routers are connected to same Home Agent. For possibilities concerning multiple Home Agents, see

This section defines the two compression formats used in Route Optimization Prefix Advertisement extensions.

The prefix-compression is based on the idea that prefixes usually share common properties. The scheme is simple delta-compression. In the prefix information advertisement, , the D bit indicates whether receiving a "master" or a "delta" prefix. This, combined with the Prefix Length information, allows for compression and decompression of prefix information. If D=0, what follows in the "Prefix" field are bits 1..n of the new master prefix, where n is PLen. This is rounded up to nearest full octet. Thus, prefix lengths of /4 and /8 take 1 octet, /12 and /16 take 2 octets, /20 and /24 three, and larger than that full 4 octets. If D=1, what follows in the "Prefix" field are bits m..PLen of the prefix, where m is the first changed bit of previous master prefix, with padding from the master prefix filling the field to full octet. Maximum value of Plen-m is 8 (that is, delta MUST fit into one octet). If this is not possible, a new master prefix has to be declared. If the prefixes are equal, for example in the case where same prefix appears in multiple realms, then one octet is still encoded, consisting completely of padding from the master prefix. Determining the order of prefix transmission should be based on saving maximum space during transmission. Example of compression and transmitted data, where network prefixes 192.0.2.0/28, 192.0.2.64/26 and 192.0.2.128/25 are transmitted are illustrated in . Because of the padding to full octets, redundant information is also sent. The bit-patterns being transmitted are:

First prefix, 192.0.2.0/28, is considered a master prefix and is transmitted in full. The PLen of 28 bits determines that all four octets must be transmitted. If the prefix would have been e.g. 192.0.2.0/24, three octets would have sufficed since 24 bits fit into 3 octets. For the following prefixes, the D=1. Thus, they are deltas of the previous prefix where D was zero. 192.0.2.64/26 includes bits 19-26 (full octet). Bits 19-25 are copied from master prefix, but bit 26 is changed to 1. The final notation in binary is "1001", or 0x09. 192.0.2.128/25 includes bits 18-25 (full octet). Bits 18-24 are copied from master prefix, but bit 25 is changed to 1. The final notation in binary is "101", or 0x05. The final encoding thus becomes:

It should be noted that in this case the order of prefix transmission would not affect compression efficiency. If prefix 192.0.2.128/25 would have been considered the master prefix and the others as deltas instead, the resulting encoding still fits into one octet for the subsequent prefixes. There would be no need to declare a new master prefix.

In order to reduce the size of messages, the system introduces a realm compression scheme, which reduces the size of realms in a message. The compression scheme is a simple dynamically updated dictionary based algorithm, which is designed to compress arbitrary length text strings. In this scheme, an entire realm, a single label or a list of labels may be replaced with an index to a previous occurrence of the same string stored in the dictionary. The realm compression defined in this specification was inspired by the RFC 1035 DNS domain name label compression. Our algorithm is, however, improved to gain more compression. When compressing realms, the dictionary is first reset and does not contain a single string. The realms are processed one by one so the algorithm does not expect to see them all or the whole message at once. The state of the compressor is the current content of the dictionary. The realms are compressed label by label or as a list of labels. The dictionary can hold a maximum of 128 strings, after that, a rollover MUST occur and existing contents will be overwritten. Thus, when adding the 129th string into the dictionary, the first entry of the dictionary MUST be overwritten and the index of the new string will become 0. The encoding of an index to the dictionary or an uncompressed run of octets representing a single label has purposely been made simple and the whole encoding works on an octet granularity. The encoding of an uncompressed label takes the form of a one octet:

This encoding allows label lengths from 1 to 127 octets. A label length of zero (0) is not allowed. The "label length" tag octet is then followed by up to 127 octets of the actual encoded label string. The index to the dictionary (the "label index" tag octet) takes the form of a one octet:

The above encodings do not allow generating an output octet value of zero (0). The encapsulating Mobile IPv4 extension makes use of this property and uses the value of zero (0) to mark the end of compressed realm or to indicate an empty realm. It is also possible to encode the complete realm using only "label length" tags. In this case no compression takes place. This allows the sender to skip compression, for example to reduce computation requirements when generating messages. However, the receiver MUST always be prepared to receive compressed realms.

When compressing the input realm, the dictionary is searched for a matching string. If no match could be found, the last label is removed from the right-hand side of the used input realm. The search is repeated until the whole input realm has been processed. If no match was found at all, then the first label of the original input realm is encoded using the "label length" tag and the label is inserted into the dictionary. The previously described search is repeated with the remaining part of the input realm, if any. If nothing remains, the realm encoding is complete. When a matching string is found in the dictionary the matching part of the input realm is encoded using the "label index" tag. The matching part of the input realm is removed and the search is repeated with the remaining part of the input realm, if any. If nothing remains, the octet value of zero (0) is inserted to mark the end of encoded realm. The search algorithm also maintains the "longest non-matching string" for each input realm. Each time the search in dictionary fails and a new label gets encoded using the "label length" tag and inserted into the dictionary, the "longest non-matching string" is concatenated by this label including the separating "." (dot, i.e. Hexadecimal 0x2e). When a match is found in the dictionary the "longest non-matching string" is reset (i.e. Emptied). Once the whole input realm has been processed and encoded, all possible suffixes longer than one label are taken from the string and inserted into the dictionary.

This section shows an example how to encode a set of realms using the specified realm compression algorithm. For example, a message might need to compress the realms "foo.example.com", "bar.foo.example.com", "buz.foo.example.org", "example.com" and "bar.example.com.org". The following example shows the processing of input realms on the left side and the contents of the dictionary on the right hand side. The example uses hexadecimal representation of numbers.

"longest non-matching string" = "foo" Search("example.com") Search("example") Encode(0x07,'e','x','a','m','p','l','e') 0x01 "example" +-> "longest non-matching string" = "foo.example" Search("com") Encode(0x03,'c','o','m') 0x02 "com" +-> "longest non-matching string" = "foo.example.com" 0x03 "foo.example.com" 0x04 "example.com" Encode(0x00) 2) Input "bar.foo.example.com" Search("bar.foo.example.com") Search("bar.foo.example") Search("bar.foo" Search("bar") Encode(0x03,'b','a','r') 0x05 "bar" +-> "longest non-matching string" = "bar" Search("foo.example.com") -> match to 0x03 Encode(0x83) +-> "longest non-matching string" = NUL Encode(0x00) 3) Input "buz.foo.example.org" Search("buz.foo.example.org") Search("buz.foo.example") Search("buz.foo") Search("buz") Encode(0x03,'b','u','z') 0x06 "buz" +-> "longest non-matching string" = "buz" Search("foo.example.org") Search("foo.example") Search("foo") -> match to 0x00 Encode(0x80) +-> "longest non-matching string" = NUL Search("example.org") Search("example") -> match to 0x01 Encode(0x81) +-> "longest non-matching string" = NUL Search("org") Encode(0x03,'o','r','g') 0x07 "org" +-> "longest non-matching string" = "org" Encode(0x00) 4) Input "example.com" Search("example.com") -> match to 0x04 Encode(0x84) Encode(0x00) 5) Input "bar.example.com.org" Search("bar.example.com.org") Search("bar.example.com") Search("bar.example") Search("bar") -> match to 0x05 Encode(0x85) Search("example.com.org") Search("example.com") -> match to 0x04 Encode(0x84) Search("org") -> match to 0x07 Encode(0x87) Encode(0x00) ]]> As can be seen from the example, due the greedy approach of encoding matches, the search algorithm and the dictionary update function is not the most optimal one. However, we do not claim the algorithm would be the most efficient. It functions efficiently enough for most inputs. In this example, the original input realm data was 79 octets and the compressed output excluding the end mark is 35 octets.

This section describes the construction of all new information elements.

This skippable extension MAY be sent by a Mobile Router to a Home Agent in the registration request message.

TBA_T1. Skippable; If Home Agent does not support route optimization advertisements, it can ignore this request and simply not include any information in the reply. "Short" extension format. 1 Set to zero, MUST be ignored on reception. Advertise my networks. If 'A' bit is set, the Home Agent is allowed to advertise the networks managed by this Mobile Router to other Mobile Routers. This also indicates that the Mobile Router is capable of receiving route optimization registration requests. In effect, this allows the Mobile Router to work in Correspondent Router role. Request mobile network information. If 'R' bit is set, the Home Agent MAY respond with information about mobile networks in the same domain. Soliciting prefixes managed by a specific Mobile Router. The Mobile Router is specified in the Optional Mobile Router HoA field. Explicitly specifying the requesting Router is only able to initiate outgoing connections, not accept any incoming ones, due to NAT device, stateful firewall, or similar issue on any interface. This is reflected by the Home Agent in the reply, and distributed in Prefix Advertisements to other Mobile Routers. Solicited Mobile Router's Home Address. This field is only included if flag 'S' is set.

This non-skippable extension MUST be sent by a Home Agent to a Mobile Router in the registration reply message, if Mobile Router indicated support for Route Optimization in registration message and Home Agent supports Route Optimization.

TBA_T2 (Non-skippable), "short" extension format 1 The 'O' flag in Mobile Router Route Optimization capability extension was set during registration. Presence of NAT was detected by Home Agent. This informs the Mobile Router that it is located behind NAT. The detection procedure is specified in RFC 3519, and is based on the discrepancy between registration packet's source address and indicated Care-of Address. The Mobile Router can use this information to make decisions about Route Optimization strategy. Responding to a solicitation. If 'S' bit was present in Mobile router Route optimization capability extension, this is set, otherwise unset. The Reply code indicates whether Route Optimization has been accepted. Values of 0..15 indicate assent and values 16..63 indicate Route Optimization is not done. Will do Route Optimization Route Optimization declined, reason unspecified.

Mobile-Correspondent authentication extension is included in registration requests sent from Mobile Router to Correspondent Router. The existence of this extension indicates that the message is not destined to a Home Agent, but another Mobile Router. The format is similar to the other Authentication Extensions defined in , with SPIs replaced by Nonce Indexes.

The Home Nonce Index field tells the Correspondent Router which nonce value to use when producing the home keygen token. The Care-of Nonce Index field is ignored in requests to remove a binding. Otherwise, it tells the Correspondent Router which nonce value to use when producing the Care-of Keygen Token. TBA_T2 (non-skippable). "Short" extension format. 2 Set to zero, MUST be ignored on reception. Home Nonce Index in use. Care-of Index in use. Authenticator field, by default constructed with First(128, HMAC_SHA1 (KRm, Protected Data)) The protected data, just like on other cases where Authenticator is used, consists of the UDP payload (i.e., the Registration Request or Registration Reply data), all prior Extensions in their entirety, and the Type, Length, and Nonce Indexes of this Extension.

The Care-of Address extension is added to a registration reply sent by the Correspondent Router to inform the Mobile Router of the upcoming tunnel endpoint.

TBA_T2 (Non-skippable), "short" extension format Total length of the packet. When processing the information structures, if Length octets have been reached, this is an indication that the final information structure was reached as well. 3 Care-of address(es) which may be used for tunnel with Mobile Router, in order of priority. Multiple CoA's MAY be listed to facilitate faster NAT traversal.

This non-skippable extension MAY be sent by a Home Agent to a Mobile Router in the registration reply message. The extension is only included when explicitly requested by the Mobile Router in the registration request message, setting 'R'-flag of the Mobile Router Route Optimization capability extension. Implicit prioritization of prefixes is caused by the order of extensions. The extension contains a sequence of information structures. An information structure may consist of either an MR HoA or a network prefix. Any network prefixes following an MR HoA are owned by that MR. An MR HoA MUST be first in sequence, since you cannot have prefixes without an MR.

TBA_T3 (Non-skippable), "long" extension format 1 Total length of the packet. When processing the information structures, if Length octets have been reached, this is an indication that the final information structure was reached as well. Delta. If D=1, the prefix is a delta from last Prefix where D=0. MUST be zero on first information structure, MAY be zero or one on subsequent information structures. If D=1, the Prefix field is one octet in length. See for details. Mobile Router HoA bit. If M=1, the next field is Mobile Router HoA, and Prefix and Realm are omitted. If M=0, the next field is Prefix followed by Realm, and Mobile Router HoA is omitted. For the first information structure, M MUST be set to 1. If M=1, the D bit is set to zero and ignored upon reception. This field is interpreted differently depending on whether M is set or not. If M=0, this indicates the length of the prefix advertised. 6 bits, allows for values from 0 to 63, of which 33-63 are illegal. If M=1, the Information field can be set to zero to indicate no specific information, or to 1 to indicate "outbound connections only". This indicates that the target Mobile Router can only initiate, not receive, connections on any of it's interfaces (apart from the reverse tunnel to HA). This is set if the Mobile Router has explicitly requested it by the 'O' flag in Mobile router Route optimization capability extension. Mobile Router's Home address. All prefixes in the following information structures where M=0 are maintained by this Mobile Router. This field is present only when M = 1. The IPv4 prefix advertised. If D=0, the field length is Plen bits, rounded up to nearest full octet. Least-significant bits starting off Plen (and are zeros) are omitted. If D=1, field length is one octet. This field is present only when M = 0. The Realm that is associated with the advertised Mobile Router HoA and prefix. If empty, MUST be set to '\0'. For realm encoding and optional compression scheme, refer to . This field is present only when M = 0.

This message is sent from Mobile Router to Correspondent Router when performing Return Routability procedure. The source and destination IP addresses are set to MR's Home Address and CR's Home Address, respectively. The UDP source port MAY be randomly chosen. The UDP destination port is 434.

TBA_MIP1 Set to zero, MUST be ignored on reception. 64-bit field which contains a random value, the Home Init Cookie.

This message is sent from Mobile Router to Correspondent Router when performing Return Routability procedure. The source and destination IP addresses are set to MR's Care-of-Address and CR's Home Address, respectively. The UDP source port MAY be randomly chosen. The UDP destination port is 434.

TBA_MIP2 Set to zero, MUST be ignored on reception. 64-bit field which contains a random value, the Care-of Init Cookie.

This message is sent from Correspondent Router to Mobile Router when performing Return Routability procedure as a reply to Home-Test Init message. The source and destination IP addresses, as well as UDP ports, are reversed from the Home-Test Init message the message is constructed for. As such, the UDP source port is always 434.

TBA_MIP3 Set to zero, MUST be ignored on reception. This field will be echoed back by the Mobile Router to the Correspondent Router in a subsequent registration request's authentication extension. 64-bit field which contains a random value, the Home Init Cookie. This field contains the 64 bit home keygen token used in the Return Routability procedure. Generated from cookie + nonce.

This message is sent from Correspondent Router to Mobile Router when performing Return Routability procedure as a reply to Care-of-test Init message. The source and destination IP addresses, as well as UDP ports, are reversed from the Care-of-test Init message the message is constructed for. As such, the UDP source port is always 434.

TBA_MIP4 Set to zero, MUST be ignored on reception. This field will be echoed back by the Mobile Router to the Correspondent Router in a subsequent registration requests' authentication extension. 64-bit field which contains a random value, the Home Init Cookie. This field contains the 64 bit home keygen token used in the Return Routability procedure. Generated from cookie + nonce.

Mechanisms described in MIP NAT traversal allow the Home Agent to work with Mobile Routers situated behind a NAT device or a stateful firewall. Furthermore, the Home Agent may also detect whether NAT device is located between the Mobile Node and the HA. Mobile Router may also explicitly state it is behind a NAT or firewall on all interfaces, and this information is passed on to the other Mobile Routers with the information field in Route optimization prefix advertisement extension. Home Agent may also detect presence of NAT and informs the registering Mobile Router with the 'N' flag in Route Optimization Reply extension. In the case of one or both of the routers is known to be behind NAT or similarly impaired (not being able to accept incoming connections), the tunnel establishment procedure needs to take this into account. In the case where Mobile Router is behind NAT (or firewall) and Correspondent Router is not, the Mobile Router will, when tunnel has been established, send keepalive messages (ICMP echo requests) through the tunnel. Until a reply has been received, the tunnel SHOULD NOT be considered active. Once reply has been received, NAT mapping is in place and traffic can be sent. Source address may change due to NAT in CoTI and Registration Request messages. This does not affect the process - the hash values are calculated by the translated address, and the Registration Request will also appear from the same translated address. Unlike in communication with the Home Agent, in the case of Route Optimization the path used for signaling is not used for tunneled packets, as signaling always uses Home Addresses, and MR <-> CR tunnel is from CoA to CoA. It is assumed that even though port numbers may change, NAT processing rarely allocates more than one external IP address to a single internal address, thus the IP address seen in the Registration Request and Tunnel packets remains the same. However, the UDP source port number may be different in Registration Request and incoming tunnel packets due to port translation. This must not cause an error situation - the Correspondent Router MUST be able to accept tunneling packets from a different UDP source port than what was used in the Registration Request. Since Mobile Routers may have multiple interfaces connecting to several different networks, it might be possible that specific Mobile Routers may only be able to perform Route Optimization using specific Care-of-address pairs, obtained from specific networks, for example in a case where two Mobile Routers have an interface behind same NAT. Similar case may be applicable to nested NATs. In such cases, Mobile Router MAY attempt to detect eligible Care-of-Address pairs by performing a registration and attempting to establish a tunnel (sending keepalives) with each Care-of-Address listed in the Registration Reply's Care-of-Address extension. The eligible pairs should be recorded in Route Optimization cache. If tunnel cannot be established with any CoA's, the Mobile Router MAY attempt to repeat the procedure with alternative interfaces. The above information on network topology can also be configured to the Mobile Routers either statically or via some external feedback mechanism. If both the Mobile Router and the Correspondent Router are behind two separate NATs, some sort of proxy or hole-punching technique may be applicable. This is out of scope of this document.

If both Mobile Router and Correspondent Router move at the same time, this causes no issues from signaling perspective, as all requests are always sent from a Care-of-Address to Home Addresses. Thus, the recipient will always receive the request and can send the reply. This applies even in break-before-make situations where both MR and CR get disconnected at same time - once the connectivity is restored, one end-point of the signaling messages is always the Home Address of respective router, and it is up to the Home Agent to provide reachability.

Since Foreign Agents have been dropped from Network Mobility for Mobile IPv4 work, they are not considered here.

Mobile Routers can negotiate and perform route optimization without the assistance of Home Agent - if they can discover each others existence and thus know where to send registration messages. This document only addresses a logically single Home Agent that distributes network prefix information to the Mobile Routers. Problems arise from possible trust relationships; In this document the Home Agent serves as a way to provide verification that a specific network is managed by a specific router. If Route Optimization is desired between nodes attached to separate Home Agents, there are several possibilities. Note that standard high availability redundancy protocols, such as VRRP, can be utilized; However, in such case the Home Agent is still a single logical entity even if consisting of more than a single node. Several possibilities exist for achieving Route Optimization between Mobile Routers attached to separate Home Agents, such as a new discovery/probing protocol, routing protocol between Home Agents or DNS SRV records, or a common AAA architecture. There already is a framework for HA to retrieve information from AAA so it can be considered as the most viable possibility. See for information on possibility to generalize the method. Any discovery/probing protocols are out of scope for this document.

The procedure as specified is asymmetric; That is, if bidirectional route optimization is desired while maintaining consistency, the route optimization (RR check and registration) has to be performed in both directions, but this is not strictly necessary. This is primarily a policy decision depending on how often the mobile prefixes are reconfigured. Consider the case where two networks, A and B, are handled by Mobile Routers A and B respectively. If the routers are set up in such a fashion that Route Optimization is triggered when a packet is received from a Network Prefix in Route Optimization Cache, the following occurs if a node in network A starts sending ICMP echo requests (pinging) a node in network B. MR B sees the incoming ICMP echo request packet, which is travelling inside the reverse tunnel to the Home Agent. MR B sees that the destination is in network B, and furthermore, source is in network A which exists in the cache. This triggers Route Optimization processing. Until RO is active, the ping packets (echo requests and replies) are routed via the reverse tunnel. MR B completes RR procedure and registration with MR A, which thus becomes a Correspondent Router for MR B. A tunnel is created between the routers. MR A updates its routing tables so that network B is reachable via MR A <-> MR B tunnel. The traffic pattern is now that packets from network B to network A are sent over the direct tunnel, but the packets from A to B are transmitted via the Home Agent and reverse tunnels. MR A now performs its own registration towards MR B. Upon completion, MR A notices that a tunnel to MR B already exists, but updates its routing table so that network B is now reachable via the MR A <-> MR B tunnel. From this point onward, traffic is bidirectional. In this scenario, if MR A does NOT perform a separate route optimization (RR check and registration), but instead simply updates its routing table to reach network B via the tunnel, problems may arise if MR B has started to manage another network B' before the information has propagated to MR A. The end result is that MR B starts to receive packets for network B' via the Home Agent and for network B via direct tunnel. If Reverse Path checking or similar mechanism is in use on MR B, packets from network A could be black holed. Whether to perform this mutual registration or not thus depends on the situation, and whether Mobile Routers are going to start managing additional Network Prefixes during operation.

The design considerations include several mechanisms which might not be strictly necessary if Route Optimization would only be desired between individual customer sites in a managed network. The registration procedure (with the optional Return Routability part), which allows for Correspondent Routers to learn Mobile Router's Care-of Addresses is not strictly necessary; The CoA's could have been provided by HA directly. However, this approach allows the method to be extended to a more generic route optimization. The primary driver for having Home Agent to work as a centralized information distributer is to provide Mobile Routers with the knowledge of not only the other routers, but to provide information on which networks are managed by which routers. The Home Agent provides the information on all feasible nodes with which it is possible to establish Route Optimization. If representing a whole Mobile Network is not necessary, in effect the typical Mobile Node <-> Correspondent Node situation, the mechanisms in this document work just as well - only problem is discovering if the target Correspondent Node can provide Route Optimization capability. This can be performed by not including any prefixes in the information extension, just the HoA address of Mobile Router. In addition, with Route Optimization for single node, checks on whether a Mobile Router is allowed to represent specific networks are unnecessary since there are none. Correspondent node/router discovery protocols (whether they are based on probing or a centralized directory beyond the single Home Agent) are outside the scope of this document.

The design simply provides possibility to create optimal paths between Mobile Routers; It doesn't dictate what should be the user traffic using these paths. One possible approach in helping facilitate load balancing and utilizing all available paths is presented in , which effectively allows for multiple Care-of addresses for a single Home Address. In addition, per-tunnel load balancing is possible by using separate Care-of-Addresses for separate tunnels.

Home Agent assisted Route Optimization scalability issues stem from the general Mobile IPv4 architecture which is based on tunnels. Creating, maintaining and destroying tunnel interfaces can cause load on the Mobile Routers. However, the MRs can always fall back to normal, reverse tunnelled routing if resource constraints are apparent. If there is a large number of optimization-capable prefixes, maintaining state for all of these may be an issue also, due to limits on routing table sizes. Registration responses from Home Agent to Mobile Router may provide information on large number of network prefixes. If thousands of networks are involved, the registration reply messages are bound to grow very large. The prefix- and realm compression mechanisms defined in mitigates this problem to an extent. There will, however, be some practical upper limit after which point some other delivery mechanism for the prefix information will be needed.

The following example signaling assumes that there are three Mobile Routers, MR A, B, C, each managing network prefixes A, B, and C. At the beginning, no networks are registered to the Home Agent. Any AAA processing at the Home Agent is omitted from the diagram.

The following example signaling has same network setup as in - Three mobile routers, each corresponding to their respective network. Node A is in network A and Node C is in network C. At the beginning, no mobile routers know KRm's of each other. If the KRm's would be pre-shared or provisioned with some other method, the Return Routability messages can be omitted. Signaling in has occurred, thus MR A is not aware of the other networks, and MR C is aware of networks A and B.

In this example signaling, MR C changes care-of address while Route Optimization between MR A is operating and data is being transferred. Both cases where the handover is graceful ("make before break") and ungraceful ("break before make") occur in similar fashion, except in the graceful version no packets get lost. This diagram considers the case where MR C gets immediate notification of lost connectivity e.g. due to link status indication. MR A would eventually notice the breakdown due to keepalive messages failing.

| Nodes A and C |<-----------O=-=-=-==-=-=-=-==-=-O-------x exchanging traffic | | | | | | | xxxxxxxxxxx | Break occurs: MR C | | | | | loses connectivity to | | | | | current attachment point | | | | | x------------O=-=-=-==-=-=-=->x | | Traffic from A -> C | | | | | lost and | | | x<=-=-O-------x vice versa | | | | | | | |<--------x | MR C finds a new | | | | | point of attachment, | | | | | registers to HA, clears | | | | | routing tables | | | | | | | x-------->| | Registration reply | | | | | x------------O=-=-=-==-=-=-=->x | | Traffic from A -> C | | | | | lost (reverts to routing | | | | | via HA if enough keepalives | | | | | fail) | | | | | |<-----------O==========O=========O-------| Traffic from C -> A | | | | | sent via HA | | | | | | O<=========O---------x | CoTI message | | | | | (partial RR check) | | | | | | x==========O-------->| | CoT message | | | | | | |<=========O---------x | Registration request, | | | | | reusing newly calculated KRm | | | | | | x==========O-------->| | Registration reply | | | | | | O<=-=-=-=-=-=-=-=-=-=x | First keepalive check if using | | | | | UDP encapsulation, also | x=-=-=-=-=-=-=-=-=-=>| | creates holes in firewalls | | | | | | | | | | x------------O=-=-=-==-=-=-=-==-=-O------>| Traffic from A -> C | | | | | forwarded directly again | | | | | |<-----------O=-=-=-==-=-=-=-==-=-O-------x Traffic from C -> A | | | | | switches back to direct | | | | | tunnel | | | | | ]]>

IANA has assigned rules for the existing registries "Mobile IP Message Types" and "Extensions to Mobile IP Registration Messages", specified in RFC 5944. New Mobile IP message types and extension code allocations are needed for the messages and extensions listed in section 5. The Route Optimization authentication processing requires four new message type numbers. The new Mobile IP Message types are listed below, in Table 1. They should preferably be allocated from a contiguous range. Value Name TBA_MIP1 Home-Test Init message TBA_MIP2 Care-of-Test Init message TBA_MIP3 Home Test message TBA_MIP4 Care-of Test message Three new registration message extension types are required and listed in Table 2. The first type, TBA_T1 is skippable and should be allocated from range 128-255. The other two, TBA_T2 and TBA_T3 are non-skippable and should be allocated from range 0-127, TBA_T2 being of the "short" format and TBA_T3 being of the "long" format. None of the messages are permitted for notification messages. Value Name TBA_T1, 128-255 Mobile router Route optimization indication TBA_T2, 0-127 Route Optimization Extensions TBA_T3, 0-127 Route Optimization data In addition, the registry "Code Values for Mobile IP Registration Reply Messages" needs to be modified. A new success code, TBA_S1, should be allocated as follows: Concurrent registration (pre-accept) In addition, a new allocation range needs to be created as "Error Codes from the Correspondent Node", subject to policy of Expert Review . Suggested range is 201-210. Three new registration reply codes are to be allocated from this range. They are specified in Table 3, below: Value Name TBA_C1 Expired Home nonce Index TBA_C2 Expired Care-of nonce Index TBA_C3 Expired nonces Three new number spaces are required for the subtypes of the extensions in Table 2. A new registry, named "Route Optimization Types and Subtypes" is created with an allocation policy of RFC Required . The registration entries include Type, Subtype and Name. Type and Subtype have range of 0-255. Types are references to registration message extension types. Subtypes are allocated initially as in Table 4, below: Type Subtype Name TBA_T1 0 Reserved TBA_T1 1 Mobile router Route optimization capability TBA_T2 0 Reserved TBA_T2 1 Route optimization reply TBA_T2 2 Mobile-Correspondent authentication extension TBA_T2 3 Care-of address extension TBA_T3 0 Reserved TBA_T3 1 Route optimization prefix advertisement

There are two primary security issues: Other relates to return routability check, which establishes that a specific Care-of address is, indeed, managed by a specific Home Address. Other issue is trust relationships and arbitrary router claiming to represent arbitrary network. The end-user traffic can be protected using normal IPSec mechanisms.

The Return Routability check's security has been vetted with Mobile IPv6. There are no large differences apart from requiring a separate ICMP message for connectivity check, and replay attack protection, which in this case uses Mobile IPv4 timestamps in registration request's identification field instead of sequence numbers. The Return Routability procedure does not establish any kind of state information on the Correspondent router, mitigating Denial of Service attacks. State information is only maintained after a Registration request has been accepted.

The network of trust relationships in Home Agent assisted Route Optimization solve the issues where arbitrary Correspondent Router can trust an arbitrary Mobile Router that it is indeed the proper route to reach an arbitrary mobile network. It is assumed that all Mobile Routers have a trust relationship with the Home Agent. Thus, they trust information provided by Home Agent. The Home Agent provides information matching Home Addresses and network prefixes. Each Mobile Router trusts this information. Mobile Routers may perform Return Routability procedure between each other. This creates a trusted association between Mobile Router Home Address and Care-of Address. The Mobile Router also claims to represent a specific network. This information is not trustworthy as such. The claim can be verified by checking the Home Address <-> network prefix information received, either earlier, or due to on-demand request, from the Home Agent. If they match, the Mobile Router's claim is authentic. If the network is considered trusted, a policy decision can be made to skip this check. Exact definitions on situations where such decision can be made are out of scope of this document. The RECOMMENDED general practice is to perform the check.

Thanks to Alexandru Petrescu for constructive comments and support. Thanks to Jyrki Soini and Kari Laihonen for initial reviews.This work was supported by TEKES as part of the Future Internet program of TIVIT (Finnish Strategic Centre for Science, Technology and Innovation in the field of ICT).