Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
611
Views
0
Helpful
0
Comments

Annotated PDSN Proxy Mobile IP monitor subscriber trace

David Damerjian
Cisco Employee
Cisco Employee

‎01-24-2012 02:16 PM - edited ‎07-05-2021 12:11 PM

annotated Proxy Mobile IP (P-MIP) call from a Starent Lab chassis shows you what to expect when implemented. Product documenation is fairly complete in describing how to setup Proxy-MIP and this just completes the picture with a practical example.

This article is mostly an annotation of a Proxy Mobile IP (P-MIP) call from a Starent Lab chassis. The documentation contains very detailed instructions on how to configure the chassis for P-MIP, including ladder diagrams of call flows, and so there is no reason to repeat that same information here.

In summary, P-MIP enables a device that is designed to do only Simple IP to be able to do Mobile IP. This is achieved by the PDSN initiating a MIP session to an HA on behalf of the device without it knowing it. Because the device is not aware of MIP, and of course there is no MIP RRQ received from it, then the MIP RRQ sent from the FA to the HA will not contain a number of extensions that normally would be received from the device, such as the “Mobile Home Auth Extension” and “Generalized Mobile IP Auth Extension”, as well as “MN-FA Challenge Extension”:

Mobile Home Auth Extension Follows:

      Extension Type: 0x20

              Length: 0x14

                 SPI: 0x0000012C

       Authenticator: Hex: <5B 9C 0D FC 0C 61 22 AE AA 1E 2C 6D E0 91 4D AC >

Generalized Mobile IP Auth Extension Follows:

      Extension Type: 0x24

            Sub-Type: 0x01 (MN-AAA)

              Length: 0x0014

                 SPI: 0x00000002

       Authenticator: Hex: <25 E8 02 DC E3 11 FF DD 7B C9 ED 21 BD 2F AE F4 >

In order for MIP exchange between the FA and HA to be successful, certain configurables need to be setup, as outlined in the documentation. In this example, BOTH the HA and the FA are configured in the same chassis. From the bare-bones config used for the trace below:

context destination

    fa-service fa

      fa-ha-spi remote-address 192.168.51.152 spi-number 256 encrypted secret 01abd002c82b4a2c hash-algorithm md5

      authentication mn-ha allow-noauth

      proxy-mip allow

      bind address 192.168.51.151

    #exit

    ha-service ha

      mn-ha-spi spi-number 256  encrypted secret 01abd002c82b4a2c hash-algorithm md5

      fa-ha-spi remote-address 192.168.51.151 spi-number 256 encrypted secret 01abd002c82b4a2c hash-algorithm md5

      authentication mn-aaa allow-noauth

      authentication mn-ha allow-noauth

      bind address 192.168.51.152

    #exit

Note authentication mn-aaa and mn-ha config lines are required.

See attached file for details.

Imported from Starent Networks Knowledgebase Article # 10600

121226-ProxyMIP.htm.zip
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents