Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Mobile IP Routing and Forwarding
306
uses authentication parameters configured locally on the router to authenticate the
registration request. In both cases, if security parameters are not retrieved, then the
request for mobility service is rejected, a security violation error is logged, and no
registration reply is generated.
When you configure the mobile host to use RADIUS authentication for home agent users
by including the aaa keyword in the ip mobile host command, the Mobile IP home agent
application generates a RADIUS access-request message. The RADIUS server then uses
Juniper Networks vendor-specific attributes (VSAs) to provide the appropriate
authentication algorithm and secure key for the authentication request.
For information about the specific Juniper Networks VSAs used for Mobile IP
RADIUS-based authentication, see JunosE Broadband Access Configuration Guide and
RADIUS IETF Attributes
Subscriber Management
The Mobile IP home agent interoperates with the subscriber management application
on E Series routers. The subscriber management application enables customers to
dynamically provision new IP subscribers and quickly create new value-added services.
You can set up your subscriber management environment to create dynamic IP subscriber
interfaces to provision subscribers and provide differentiated service delivery. In this
configuration, the service parameters for an IP subscriber are bound to a dynamic IP
subscriber interface.
During the registration process when the Mobile IP home agent has authenticated the
subscriber with AAA, the home agent locates or creates the appropriate IP tunnel to carry
the data traffic to the foreign agent. When Mobile IP obtains all of the parameters required
for interface creation, including the tunnel ID and the authentication context, it directs
the subscriber management application to create the dynamic IP subscriber interface.
During the re-registration process when there is a handoff from an initial Mobile IP foreign
agent to a new Mobile IP foreign agent, the home agent reauthenticates the subscriber
with AAA and locates or creates the appropriate IP tunnel to carry the data traffic to the
new foreign agent. When Mobile IP obtains all of the parameters required for interface
creation, it directs the subscriber management application to move the dynamic IP
subscriber interface from the initial tunnel for the previous foreign agent to the new tunnel
that points to the new foreign agent. If this was the last subscriber on the tunnel for the
previous foreign agent, then the home agent directs the IP tunneling application to tear
down the initial tunnel.
For more information about subscriber management and dynamic IP subscriber interfaces,
see JunosE Broadband Access Configuration Guide. For more information about dynamic
IP subscriber interfaces, see JunosE Broadband Access Configuration Guide.
The home agent supports both generic routing encapsulation (GRE) and Distance Vector
Multicast Routing Protocol (DVMRP, also known as IP-in-IP) tunnel encapsulation for
forward and reverse tunneling. When packets destined for the mobile node reach a home
agent, the home agent encapsulates the packets and tunnels them to the CoA. Packets
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
