Proxy Mobile Ipv4 (Pmipv4) - Cisco ASR 5000 series Product Overview

▀ Supported Features

Proxy Mobile IPv4 (PMIPv4)

The P-MIP procedure is designed for Simple IP-capable access devices for which mobility procedures are performed
entirely in the network. Certain events on the access device require relocation of the L3 anchor point (for example,
CoA). One case is for the initial connection establishment in which the home agent or H-AAA server assigns an IP
address and generates the mobility binding. Another is when the mobile subscriber roams across cell sites or ASNs and
attaches to a target ASN Gateway.
Client Mobile IPv4 (CMIPv4)
CMIPv4 provides mobility procedures for mobile IP-capable access devices. In contrast to PMIPv4, where stateful
DHCP proxy signaling triggers R3 signaling between the ASN Gateway and the home agent, CMIPv4 uses agent
advertisement between the foreign agent component in the ASN Gateway and mobile IP client on subscriber access
device. Mobile IP signaling occurs directly between the access device and the anchor foreign agent component in the
ASN Gateway.
Authenticator
The authenticator function in the ASN Gateway acts as an anchored authenticator for a subscriber for the duration of the
session. For example, as a subscriber moves between base stations served by the ASN Gateway, the authenticator
anchor remains stationary. If a subscriber moves to a base station served by a different ASN Gateway, the anchor
authenticator is hosted at that ASN Gateway. If the R4 interface is not supported between both gateways, only the
subscriber needs to be re-authenticated.
The RADIUS client for authentication and accounting is collocated with the authenticator function. The ASN Gateway
acts as an EAP relay and is agnostic to the EAP method. EAP transport between the ASN Gateway and the base station
is performed as a control exchange. The base station functions as an EAP relay, converting Pair-wise Master Key
version 2 (PKMv2) to the EAP messages for the ASN Gateway. The ASN Gateway works in pass-through mode and
any EAP method that generates keys, such as MSK or EMSK, is supported in the system.
PKMv2 performs over-the-air user authentication. PKMv2 transfers EAP over the IEEE 802.16 air interface between
the MS and the base station. The base station relays the EAP messages to the authenticator in the ASN Gateway. The
AAA client on the authenticator encapsulates the EAP message in AAA protocol packets, and forwards them through
one or more AAA proxies to the AAA server in the CSN of the home NSP. In roaming scenarios, one or more AAA
brokers with AAA proxies may exist between the authenticator and the AAA server. AAA sessions always exist
between the Authenticator and AAA server, with optional AAA brokers providing a conduit for NAI realm-based
routing.
EAP Authentication Methods
WiMAX networks use Ethernet as the L2 protocol for network access authentication. The Extensible Authentication
Protocol (EAP) provides the network authorization function. The ASN Gateway represents the EAP authenticator and
supports a transparent relay point between the EAP client on the subscriber access device and EAP server on the AAA.
The ASN Gateway triggers an EAP-identity request to the subscriber device. The subscriber device responds with an
▄ Cisco ASR 5000 Series Product Overview
ASN Gateway Overview
OL-22938-02