annotated Proxy Mobile IP (P-MIP) call from a Starent Lab chassis shows you what to expect when implemented. Product documenation is fairly complete in describing how to setup Proxy-MIP and this just completes the picture with a practical example.
This article is mostly an annotation of a Proxy Mobile IP (P-MIP) call from a Starent Lab chassis. The documentation contains very detailed instructions on how to configure the chassis for P-MIP, including ladder diagrams of call flows, and so there is no reason to repeat that same information here.
In summary, P-MIP enables a device that is designed to do only Simple IP to be able to do Mobile IP. This is achieved by the PDSN initiating a MIP session to an HA on behalf of the device without it knowing it. Because the device is not aware of MIP, and of course there is no MIP RRQ received from it, then the MIP RRQ sent from the FA to the HA will not contain a number of extensions that normally would be received from the device, such as the “Mobile Home Auth Extension” and “Generalized Mobile IP Auth Extension”, as well as “MN-FA Challenge Extension”:
Mobile Home Auth Extension Follows:
Extension Type: 0x20
Length: 0x14
SPI: 0x0000012C
Authenticator: Hex: <5B 9C 0D FC 0C 61 22 AE AA 1E 2C 6D E0 91 4D AC >
Generalized Mobile IP Auth Extension Follows:
Extension Type: 0x24
Sub-Type: 0x01 (MN-AAA)
Length: 0x0014
SPI: 0x00000002
Authenticator: Hex: <25 E8 02 DC E3 11 FF DD 7B C9 ED 21 BD 2F AE F4 >
In order for MIP exchange between the FA and HA to be successful, certain configurables need to be setup, as outlined in the documentation. In this example, BOTH the HA and the FA are configured in the same chassis. From the bare-bones config used for the trace below:
context destination
fa-service fa
fa-ha-spi remote-address 192.168.51.152 spi-number 256 encrypted secret 01abd002c82b4a2c hash-algorithm md5
authentication mn-ha allow-noauth
proxy-mip allow
bind address 192.168.51.151
#exit
ha-service ha
mn-ha-spi spi-number 256 encrypted secret 01abd002c82b4a2c hash-algorithm md5
fa-ha-spi remote-address 192.168.51.151 spi-number 256 encrypted secret 01abd002c82b4a2c hash-algorithm md5
authentication mn-aaa allow-noauth
authentication mn-ha allow-noauth
bind address 192.168.51.152
#exit
Note authentication mn-aaa and mn-ha config lines are required.
See attached file for details.
Imported from Starent Networks Knowledgebase Article # 10600