Mobile Router

icon Mobile Router

Introduction

The last four articles were about IP multicast. There are some more multicast topics I'd like to write about, including more brief coverage of MBGP, MSDP, Bi-directional PIM, Source-Specific Multicast (SSM), Multicast Routing Monitor (MRM), Uni-Directional Link Routing (UDLR), and Pragmatic General Multicast (PGM). But not right now. It's time for a change.

I happened to be skimming the lists of new Cisco IOS features. See also the following links:

Among the other topics on the list, I noticed the new Cisco Mobile Networks or Mobile Router feature. It is at

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftmbrout.htm

This seemed technically pretty interesting. The idea is for the router to be mobile but maintain all connectivity for hosts connecting through it, transparently to those hosts. This feature also has the virtue of being something one can try out in a fairly simple lab, which I've done.

I'm going to assume that you've already read my previous article about Local Area Mobility and standard Mobile IP, to save us from having to go through how Mobile IP works all over again. I do include a brief summary below, since we'll need the terminology and concepts to understand what Mobile Router is doing. The previous article can be found at:

I'll admit, I'm not sure how immediately relevant or useful this article is. It does give a way to work with Mobile IP without a computer with a Mobile IP stack on it.

Note that Mobile Router doesn't require wireless links, it works with any interface. So it could be used with Ethernet or FastEthernet connections, where a mobile router is being temporarily jacked in at various locations. It's appropriate for situations and applications where DHCP won't work because you'd be constantly re-addressing.

Do your routers move around? (Do you wish they could?) How about a vehicle with a routed network in it, where you drive into range of different wireless hubs during the course of a day?  The Cisco documentation example: airplane with router in it, flying into contact with different ground or satellite stations. (Imagine the stewardess announcing "All PC users, it's time to renew your DHCP leases, we've flown over a new ground station.")

Mobile IP Review

In case you can't instantly recall all about Mobile IP, or didn't read the previous article, here's the quick review. Even if you do recall the prior article or know something about Mobile IP, it would probably be good to read through this.

Recall that in Mobile IP, the idea is to work with a fixed (unchanging) IP address while moving around. This address appears for routing purposes to be local to the Home Agent router. As the Mobile IP node moves, there are no changes of routes in corporate routing tables. Mobile IP can even work with Internet routing tables at global scale. All it takes is protocol support, a Home Agent router, and one or more Foreign Agents to provide mobile access.

Foreign Agent routers work with the Mobile IP host to register new roaming locations with a Home Agent router. Advertisements from the Foreign Agent notify the Mobile Router or Mobile IP node of its presence as the Mobile node roams. The Mobile Node sends a Registration message to the Home Agent via the new Foreign Agent, letting the Home Agent know that message to it should be sent via a tunnel to the "Care Of" address.

This is like spending a college Summer vacation travelling and visiting friends, calling Mom once in a while to let her know who you'd be staying with for the next couple of weeks. Mom duly dumps your mail into a big envelope and forwards it Care Of the friend you're currently visiting. (To make the analogy better, maybe Mom for some reason forwards each envelope inside a new envelope?)

Packets headed from a "Correspondent node" towards the mobile node get routed normally to the Home Agent router. The Home Agent router tunnels these packets to the Foreign Agent router near the mobile node. The Foreign Agent router de-encapsulates the packets from the tunnel and transmits them to the connected mobile node (visitor). Return packets go from Mobile node to Foreign Agent and then directly to Correspondent node, unless "reverse tunneling" is enabled.

In order for all this to work, the mobile node needs to have a special Mobile IP stack that knows how to work with the Foreign Agent router, and also how to send Register messages to the Home Agent. Basically, there is some MAC layer "cheating" on the subnet between Foreign Agent and Mobile Node. For outbound traffic, the Mobile Node dynamically sets the Foreign Agent as default gateway, and forwards traffic to it, even though they are not on the same subnet. For traffic going towards the Mobile Node, the Foreign Agent uses a host route and a local ARP entry to get traffic to the Mobile Node, even though its address may well not be that of the local subnet.

If readdressing at each new location with DHCP will meet your needs, there's no reason to go to all this bother. That works if you're in one location for at least a couple of hours. If you're roaming into new subnets every 30 minutes, it gets tiresome, and Mobile IP / Mobile Router might help. Note that readdressing via DHCP every 30 minutes also makes it hard to download large web documents, or FTP Cisco IOS images, etc. (Tasks that don't complete during that 30 minute period of being at one address.)

If you do need a fixed IP address, then Mobile IP provides a highly scalable solution. How about always-on Instant Messaging (so you don't have to keep logging in with each new address)? How about Voice Over IP based on fixed IP address? How about a long-running FTP transfer or some other application that isn't mobility-aware? With Mobile IP you can start up the application, and it runs while you roam. The fixed IP address allows for this constant connectivity, without setting up new FTP connections, or logins to database, etc. (Hmm, maybe we're all going to have to crank up our TCP timeouts now, to allow time for moving between roaming connections.)

Mobile Router

The Mobile Router feature in Cisco IOS version 12.2(4)T provides support for not just mobile nodes but for mobile routers as well. The beauty of this solution is that the nodes behind the router don't need to be aware of Mobile IP in any shape or form. They don't have to have a Mobile IP stack set up or supported on them. They can use normal Ethernet or other connectivity to the mobile router. Only the participating routers require Mobile IP support and configuration.

There are other ways to have a fixed address behind a mobile router. You can do this by using unnumbered serial links and a fast converging routing protocol such as EIGRP or OSPF. Every time your mobile router peers with a new neighbor, you generate routing updates into the network. If this doesn't happen very often, maybe you just use ordinary routing to track the subnets behind the mobile router. That doesn't work if you roam into a new cell every few seconds, or if there are hundreds of routers doing this.

How Does Mobile Router Work?

The Mobile Router feature first establishes the mobile router as a Mobile IP mobile node connected to a Home Agent. Thus a Mobile IP tunnel is used to get packets from the Home Agent to the Foreign Agent, for forwarding to the Mobile Router. In addition however, a second tunnel is set up, now that Home Agent has a way to communicate with the Mobile Router. This tunnel goes from the Home Agent directly to the Mobile Router. It is used to send packets to the mobile networks behind the Mobile Router.

The Mobile Router feature adds some routing support for stubby mobile networks: the configured mobile network is put into the routing table on the Home Agent, with route via the second tunnel direct to the Mobile Router. And the Mobile Router automatically acquires a default route via the Foreign Agent. On the Home Agent, you can redistribute the router mobile route to the mobile network into EIGRP or your other routing protocol.

So when packets have to reach nodes on the mobile networks or subnets, they are normally routed to the Home Agent, using the redistributed mobile route. The Home Agent tunnels them to the Mobile Router, using the tunnel to the Foreign Agent to deliver the tunneled packets to the Mobile Router. (Double tunneling.) The outer header delivers the packets to the Foreign Agent, which is the only node in the network besides the Home Agent that knows the Mobile Router is directly connected to it and not to the Home Agent. The Foreign Agent removes the outer tunnel header and delivers the inner tunneled packets to the connected Mobile Router. This is necessary since even the Foreign Agent thinks the mobile network behind the Mobile Router is reached via the Home Agent. But when the inner tunneled packets reach the Mobile Router, it strips off the tunnel header and it can deliver the packets directly onto the connected mobile network.

The following picture tries to show all this in one compact diagram. I include addressing because I built and tested Mobile Router (using 2514 routers running 12.2(4)T1 code, the IP Plus feature set). Note that the Home Agent at the left advertises mobile network 148.33.0.0 /16 to the world, and it thinks that 148.33.0.0 /16 is reached by Mobile Router 172.16.2.1 on the mobile virtual network 172.16.2.0 /24.

There's one thing in this figure that should appear odd: the Ethernet address on Ethernet 1 of the Mobile Router is not in the same subnet as the Ethernets 0 and 1 on the Foreign Agent router. You do need some IP address on the interface, or it won't "hear" the IRDP advertisements from the Foreign Agent. I tested with a 180.1.1.1 address on Ethernet 1, and 172.16.2.1 on loopback 0 on the Mobile Router,  and that also worked. The drawback was that in sending PING, etc., no-one else knew where 180.1.1.1 was, so I had to remember to use extended PING and specify the source address as 172.16.2.1, or I got no replies back.


 

Configuring Mobile Router

I built and tested Mobile Router. Captured configurations and show command output can be found at:


The following is the critical parts of the router configurations. I'll note that the mobile note registration did  not work until I added the security information.

HomeAgent Config

hostname HomeAgent
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0
ip address 172.16.100.1 255.255.255.0
!
interface Serial0
ip address 192.30.1.1 255.255.255.0
clockrate 4000000
!
router mobile
!
router eigrp 1
redistribute mobile metric 10 2000 255 1 1500
network 1.0.0.0
network 172.16.0.0
network 192.30.1.0
auto-summary
!
ip classless
ip mobile home-agent
ip mobile virtual-network 172.16.2.0 255.255.255.0
ip mobile host 172.16.2.1 virtual-network 172.16.2.0 255.255.255.0
ip mobile mobile-networks 172.16.2.1
  network 148.33.0.0 255.255.0.0
ip mobile secure host 172.16.2.1 spi 100 key ascii cisco

Foreign Agent Config

hostname ForeignAgent
!
interface Ethernet0
ip address 192.30.2.1 255.255.255.0
ip irdp
ip irdp maxadvertinterval 10
ip irdp minadvertinterval 7
ip irdp holdtime 30
ip mobile foreign-service
!
interface Ethernet1
ip address 192.30.3.1 255.255.255.0
ip irdp
ip irdp maxadvertinterval 10
ip irdp minadvertinterval 7
ip irdp holdtime 30
ip mobile foreign-service
!
interface Serial0
ip address 192.30.1.2 255.255.255.0
!
router mobile
!
router eigrp 1
network 192.30.1.0
network 192.30.2.0
network 192.30.3.0
auto-summary
!
ip classless
ip mobile foreign-agent care-of Serial0

MobileRtr Config

hostname MobileRtr
!
interface Ethernet0
ip address 148.33.2.129 255.255.255.192
!
interface Ethernet1
ip address 172.16.2.1 255.255.255.252
ip mobile router-service roam
ip mobile router-service solicit
no ip route-cache
!
router mobile
!
ip classless
ip mobile secure home-agent 1.1.1.1 spi 100 key ascii cisco
ip mobile router
  address 172.16.2.1 255.255.255.0
  home-agent 1.1.1.1

Redundancy

The Mobile Router can have more than one roaming interface. You can specify a priority so that if IRDP advertisements are received on more than one interface, the router knows which interface to prefer.

Foreign Agents are by nature redundant. That is, if one goes away and advertisements from another are received, the latter one will get used.

The Home Agent and the Mobile Router can both make use of HSRP for redundancy. Dual Home Agents running HSRP create a virtual router that the rest of the network can use as Home Agent. When one physical Home Agent fails, the other can quickly register mobile nodes as needed. Dual Mobile Routers can also be configured to run HSRP and track HSRP state. Only the router which is active for HSRP becomes actively registered for Mobile Router.

For more details and sample configurations, see the following link:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftmbrout.htm#xtocid29

Conclusion

I hope  you though that was as much fun as I did!

I'm not yet sure what next month's article will be. I've been thinking of doing some articles on Call Manager, also on Security topics (we're long overdue to cover the PIX). Questions, suggestions for articles, etc. can be sent to This email address is being protected from spambots. You need JavaScript enabled to view it. .


Dr. Peter J. Welcher (CCIE #1773, CCSI #94014) is a Senior Consultant with Chesapeake NetCraftsmen. NetCraftsmen is a high-end consulting firm and Cisco Premier Partner dedicated to quality consulting and knowledge transfer. NetCraftsmen has eleven CCIE's (4 of whom are double-CCIE's, R&S and Security). NetCraftsmen has expertise including large network high-availability routing/switching and design, VoIP, QoS, MPLS, network management, security, IP multicast, and other areas. See http://www.netcraftsmen.net for more information about NetCraftsmen. . New articles will be posted under the Articles link. Questions, suggestions for articles, etc. can be sent to This email address is being protected from spambots. You need JavaScript enabled to view it. .

12/28/2001
Copyright (C)  2001,  Peter J. Welcher