MN-4-1-2-3-001 - Sending BE by reverse tunneling
Host
|
HAcn CN0 NUTZ
| | |
-----+-------+--------+--------+------- LinkZ
|
R2 CN0Y NUTY
| | |
-----+-------+--------+--------+------- LinkY
|
R1 CN0X NUTX
| | |
-----+-------+-------+--------+--------+------- LinkX
| |
HA1 HA0 Node0 CN00 NUT0
| | | | |
--------------+-------+-------+--------+--------+------- Link0
| Link0 |
3ffe:501:ffff:100::/64 |
home link |
| LinkX |
3ffe:501:ffff:102::/64 |
|
| LinkY |
3ffe:501:ffff:103::/64 |
|
| LinkZ |
3ffe:501:ffff:104::/64 |
CN0 home link |
| HA0(Link0) |
3ffe:501:ffff:100:200:ff:fe00:a0a0 |
|
| HA1(Link0) |
3ffe:501:ffff:100:200:ff:fe00:a1a1 |
|
| Node0(Link0) |
3ffe:501:ffff:100:200:ff:fe00:a3a3 |
|
| R1(LinkX) |
3ffe:501:ffff:102:200:ff:fe00:a4a4 |
|
| R2(LinkY) |
3ffe:501:ffff:103:200:ff:fe00:a6a6 |
|
| CN0(LinkZ) |
3ffe:501:ffff:104:200:ff:fe00:a8a8 |
|
| HAcn(LinkZ) |
3ffe:501:ffff:104:200:ff:fe00:aaaa |
|
1. Selection Option
- IPsec Support between MN and HA: YES or NO
- Route Optimization support: YES
2. Position of Mobile Node
HA0 NUT0 R1 R2 CN0 HAcn
| | | | | |
| ----> | | | | | 1.Router Advertisement
| | | | | |
| NUTX | | | |
| | | | | |
| | <---- | | | | 2.Router Advertisement
| <---- | | | | | 3.Neighbor Solicitations
| | | | | | 4.(no reply:3 seconds)
| | | | | |
| <---- | | | | | 5.Binding Update
| ----> | | | | | 6.Binding Acknowledgement
| | | | | |
1. Send Router Advertisement. (HA0 -> HA0_allnode_multi)
2. Send Router Advertisement. (R1 -> R1_allnode_multi)
3. Receive Neighbor Solicitations. (NUT0 -> HA0)
4. (no reply)
# Wait during a maximum of 3 seconds(RFC2461).
5. Receive Binding Update to HA0. (NUTX -> HA0)
# Home Address destination option is included.
6. Send Binding Acknowledgement. (HA0 -> NUTX)
# Type2 routing header is included.
HA0 NUT0 R1 R2 CN0 HAcn
| | | | | |
| ====> | <-------------------- | | 1.ICMP Echo Request
| | | | | |
| <==== | --------------------> | | 2.Home Test Init
| | --------------------> | | 3.Care-of Test Init
| | <-------------------- | | 4.Care-of Test
| ====> | <-------------------- | | 5.Home Test
| | | | | |
| <==== | --------------------> | | 6.ICMP Echo Reply
| | | | | |
| | --------------------> | | 7.Binding Update
| | --------------------> | | 8.ICMP Echo Reply
| | | | | |
#-------------------------------------------------------------------------------
# | | | | | <---- | 9-1.Router Advertisement
# | | | | | |
# | | | | CN0Y |
# | | | | | |
# | | | | ----> | | 9-2.Router Advertisement
# | | | | | ----> | 9-3.Neighbor Solicitations
# | | | | | | 9-4.(no reply:3 seconds)
# | | | | | |
# | | | | | ----> | 9-5.Binding Update
# | | | | | <---- | 9-6.Binding Acknowledgement
#-------------------------------------------------------------------------------
| | | | | |
| ====> | <-------------------- | ====> | 10.Home Test Init
| ====> | <-------------------- | | 11.Care-of Test Init
| <==== | --------------------> | | 12.Care-of Test
| <==== | --------------------> | <==== | 13.Home Test
| | | | | |
| ====> | <-------------------- | | 14.Binding Update
| <==== | --------------------> | | 15.Binding Acknowledgement
| | | | | |
| | | | | | 16.(wait)
| | | | | |
| | <-------------------- | | 17.ICMP Echo Request
| | --------------------> | | 18.ICMP Echo Reply(*1)
| | | | | |
| ====> | <-------------------- | ====> | 19.Home Test Init
| ====> | <-------------------- | | 20.Care-of Test Init
| <==== | --------------------> | | 21.Care-of Test
| <==== | --------------------> | <==== | 22.Home Test
| | | | | |
| ====> | <-------------------- | | 23.Binding Update
| <==== | --------------------> | | 24.Binding Acknowledgement
| | | | | |
| | | | | | 25.(wait)
| | | | | |
| | <-------------------- | | 26.ICMP Echo Request
| <==== | --------------------> | | 27.Binding Error(*2)
| | | | | |
1. Send tunneled ICMP Echo Request. (out: HA0 -> NUTX, in: CN0 -> NUT0)
2. Receive reverse tunneled Home Test Init.
(out: NUTX -> HA0, in: NUT0 -> CN0)
3. Receive Care-of Test Init. (NUTX -> CN0)
4. Send Care-of Test. (CN0 -> NUTX)
5. Send tunneled Home Test. (out: HA0 -> NUTX, in: CN0 -> NUT0)
6. Receive reverse tunneled ICMP Echo Reply or [8].
(out: NUTX -> HA0, in: NUT0 -> CN0)
7. Receive Binding Update to CN0. (NUTX -> CN0)
# Home Address destination option is included.
8. [6] or Receive ICMP Echo Reply. (NUTX -> CN0)
# Home Address destination option is included.
#-------------------------------------------------------------------------------
# 9-1. Send Router Advertisement. (HAcn -> HAcn_allnode_multi)
# 9-2. Send Router Advertisement. (R2 -> R2_allnode_multi)
# 9-3. Receive Neighbor Solicitations. (CN0 -> HAcn)
# 9-4. (no reply)
# # Wait during a maximum of 3 seconds(RFC2461).
# 9-5. Receive Binding Update to HA0. (CN0Y -> HAcn)
# 9-6. Send Binding Acknowledgement. (HAcn -> CN0Y)
#-------------------------------------------------------------------------------
10. Send tunneled Home Test Init. (out: HA0->NUTX, in: CN0->NUT0)
11. Send tunneled Care-of Test Init. (out: HA0->NUTX, in: CN0Y->NUT0)
12. Receive reverse tunneled care-of Test. (out: NUTX->HA0, in: NUT0->CN0Y)
13. Receive reverse tunneled Home Test. (out: NUTX->HA0, in: NUT0->CN0)
14. Send tunneled Binding Update. (out: HA0->NUTX, in: CN0Y->NUT0)
# Home Address destination option is included.
# The Acknowledge(A) bit is set to ON.
15. Receive reverse tunneled Binding Acknowledgement.
(out: NUTX->HA0, in: NUT0->CN0Y)
# Type2 routing header is included.
16. (wait)
17. Send ICMP Echo Request. (CN0Y -> NUTX)
# Type2 routing header is included.
# Home Address destination option is included.
18. Receive ICMP Echo Reply. (NUTX -> CN0Y)
# Type2 routing header is included.
# Home Address destination option is included.
19. Send tunneled Home Test Init. (out: HA0->NUTX, in: CN0->NUT0)
20. Send tunneled Care-of Test Init. (out: HA0->NUTX, in: CN0Y->NUT0)
21. Receive reverse tunneled care-of Test. (out: NUTX->HA0, in: NUT0->CN0Y)
22. Receive reverse tunneled Home Test. (out: NUTX->HA0, in: NUT0->CN0)
23. Send tunneled Binding Update. (out: HA0->NUTX, in: CN0Y->NUT0)
# Home Address destination option is included.
# The Acknowledge(A) bit is set to ON.
24. Receive reverse tunneled Binding Acknowledgement.
(out: NUTX->HA0, in: NUT0->CN0Y)
# Type2 routing header is included.
25. (wait)
26. Send ICMP Echo Request. (CN0Y -> NUTX)
# Type2 routing header is included.
# Home Address destination option is included.
27. Receive reverse tunneled Binding Error. (out: NUTX->HA0, in: NUT0->CN0Y)
Packet Format is:
10(and 19).Home Test Init
11(and 20).Care-of Test Init
12(and 21).Care-of Test
13(and 22).Home Test
14.Binding Update
15.Binding Acknowledgement
17.ICMP Echo Request
18.ICMP Echo Reply
23.Binding Update Data is:
IPv6 header (source = home agent
destination = care-of address of target)
ESP header
IPv6 header (source = care-of address of correspondent node
destination = home address of target)
Destination Option Header
Home Address option(home address of correspondent node)
Mobility header
Binding Update
Sequence=any
A=1
H=0
Lifetime=0
Home nonce Index
Care-of nonce Index
Authenticator
24.Binding Acknowledgement Data is:
IPv6 header (source = care-of address of target
destination = home agent)
ESP header
IPv6 header (source = home address of target
destination = care-of address of correspondent node)
Routing Header
Type2 Routing heder option(home address of correspondent node)
Mobility header
Binding Acknowledgement
Status=0
K=0
Sequence=any
Lifetime=any
Authenticator
27.Binding Error
(*1) PASS: CN0Y receives the ICMP Echo reply packet by route optimization.
(*2) PASS: HA0 receives the Binding Error packet by reverse tunneling.
Then, check whether this packet fills all of the following.
- The Destination Address(outer) is set to HA address.
- The Source Address(outer) is set to primary care-of address.
- The Destination Address(inner) is set to the Source Address
of ICMP Echo request[24].
- The Source Address(inner) is set to home address.
- The Home Address destination option is not included.
- The Type2 routing header option is not included.
- The Home Address of Binding Error is set to the HomeAddress
destination option of ICMP Echo request[24].
(draft-ietf-mobileip-ipv6-24.txt)
6.1 Mobility Header
The Mobility Header is an extension header used by mobile nodes,
correspondent nodes, and home agents in all messaging related to the
creation and management of bindings. The subsections within this
section describe the message types that may be sent using the
Mobility Header.
Mobility Header messages MUST NOT be sent with a type 2 routing
header, except as described in Section 9.5.4 for Binding
Acknowledgement. Mobility Header messages also MUST NOT be used with
a Home Address destination option, except as described in Section
11.7.1 and Section 11.7.2 for Binding Update. Binding Update List or
Binding Cache information (when present) for the destination MUST NOT
be used in sending Mobility Header messages. That is, Mobility
Header messages bypass both the Binding Cache check described in
Section 9.3.2 and the Binding Update List check described in Section
11.3.1 which are normally performed for all packets. This applies
even to messages sent to or from a correspondent node which is itself
a mobile node.
9.3.3 Sending Binding Error Messages
Section 9.2 and Section 9.3.1 describe error conditions that lead to
a need to send a Binding Error message.
A Binding Error message is sent directly to the address that appeared
in the IPv6 Source Address field of the offending packet. If the
Source Address field does not contain a unicast address, the Binding
Error message MUST NOT be sent.
The Home Address field in the Binding Error message MUST be copied
from the Home Address field in the Home Address destination option of
the offending packet, or set to the unspecified address if no such
option appeared in the packet.
Note that the IPv6 Source Address and Home Address field values
discussed above are the values from the wire, i.e., before any
modifications possibly performed as specified in Section 9.3.1.
Binding Error messages SHOULD be subject to rate limiting in the same
manner as is done for ICMPv6 messages [14].