CN101141783A - Method of negotiating mobile IP characteristics - Google Patents
Method of negotiating mobile IP characteristics Download PDFInfo
- Publication number
- CN101141783A CN101141783A CNA2006101269190A CN200610126919A CN101141783A CN 101141783 A CN101141783 A CN 101141783A CN A2006101269190 A CNA2006101269190 A CN A2006101269190A CN 200610126919 A CN200610126919 A CN 200610126919A CN 101141783 A CN101141783 A CN 101141783A
- Authority
- CN
- China
- Prior art keywords
- mobile
- message
- network side
- mobile node
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for consulting the mobile IP characteristic. The invention comprises the information carrying the mobile IP characteristic which is transmitted by the network side or the mobile node to the opposite terminal, the self-supported mobile IP characteristic is contained in the information, and after the opposite terminal receives the information, the sequent operation is performed through the method supported by the both parties according to the mobile IP characteristic supported by the mobile node and the network side and the opposite terminal. The invention avoids problem in the prior art that the mobile node and the network side can't determine the mobile IP characteristic supported by the opposite terminal or can't inform the mobile IP characteristic supported by the mobile node and the network side to the opposite terminal, unnecessary time delay can be reduced, simultaneously the network resources can be saved, the change of the technical proposal of the invention to the existing protocol is smaller, and the invention is easy to be realized.
Description
Technical field
The present invention relates to wireless communication technology, particularly a kind of method of negotiating mobile IP characteristics.
Background technology
In existing mobile IP v 6 technology, mobile node (MN) has two kinds of addresses, and a kind of is home address (HoA), and another kind is Care-of Address (CoA).Wherein, HoA remains unchanged, and when MN moves to field network, still uses this address to keep communication continuity and accessibility; And CoA is when MN moves to field network, is distributed to MN by field network.When MN obtains new CoA, need this CoA and the HoA of self are done binding on home agent (HA), so that the message that HA issues MN with other entities utilizes the tunnel between MN and HA to be transmitted to MN, and the message forwarding past that MN is sent to other entities.This binding flow process employed message is the MN Binding Update (BU) of issuing HA and the binding acknowledgement (BA) of HA loopback, and the address binding of MN is direct and HA carries out.In addition, in order to guarantee the fail safe of binding procedure, mobile IP v 6 requires at first to set up between MN and HA the security association (SA) of an IPsec, and BU and BA message need be protected with this security association.Under normal conditions, MN need know the address of HA, so that carry out necessary communicating by letter with HA.
In the mobile IP v 6 of CDMA2000 network, the corresponding MN of travelling carriage (MS), MS can utilize home link prefix (HL prefix) to configure HoA automatically.If when not disposing mobile IP (MIP) information in MS, MS can utilize the message of DHCP version 6 (DHCPv6) to obtain, and described MIP information is HA address and HoA or home link prefix (HLprefix).The process that MS obtains MIP information as shown in Figure 1, this process also is called the bootstrapping process, specifically may further comprise the steps:
1) MS begins access authentication procedure, described authentication is meant that MS and packet data serving node (PDSN) set up the challenge handshake authentication protocol (CHAP) carried out in peer-peer protocol (PPP) connection procedure or password authentication protocol (PAP) authentication, and MS utilizes this verification process request ownership remote customer dialing authentication (RADIUS) server to be its distribution HA and HoA;
2) PDSN sends the access request of RADIUS to the ownership radius server, and the authentication information of MS is sent to the ownership radius server;
3) the ownership radius server is checked the configuration information of the MS that preserves in this locality according to the sign of MS, finds that this user is a mobile IP v 6 user.If the authentication information of ownership radius server checking MS correct, will distribute a HA and HoA to the user;
4) the ownership radius server is accepted message to the access that PDSN sends RADIUS, has comprised the address of HA in the MIP6-Home Agenet attribute of this message, has comprised HoA in the MIP6-Home Address attribute;
5) after PDSN receives HA address and HoA from the ownership radius server, this information is kept at this locality;
6) PDSN sends the message that access authentication procedure is finished to MS;
7) MS uses the information request message of DHCPv6 to ask MIP information to PDSN, has comprised the network access identifier (NAI) of MS access authentication in this message;
8) PDSN seeks suitable record according to NAI, if find, then gives MS return response message, has comprised HA address and HoA in this response message.
If radius server does not distribute HoA to MS, also can tell PDSN with the home link prefix, MS disposes HoA after obtaining this prefix from PDSN automatically in this locality.
MS has obtained HA and HoA by above bootstrapping flow process from network, next MS can be directly and HA carry out the address binding flow process.This binding procedure is not followed the requirement of standard RFC3775, just will consult IPsecSA earlier between MS and HA, and BU and BA message are protected with this SA, and have been to use a kind of authentication protocol, and the flow process of this authentication protocol specifically comprises as shown in Figure 2:
1) MS sets up PPP with network and is connected, and obtains MIP information by bootstrapping flow process shown in Figure 1.
2) MS sends BU to HA, the HoA and the CoA that comprise the HA distribution in the message or dispose automatically according to the home link prefix; Simultaneously,, comprised MN-AAA (authentication, mandate, charging) mobile authentication option in the message, also comprised the NAI of MS in order to protect the integrality of this message.
3) after HA receives BU, initiate to insert request, NAI, MN-AAA mobile authentication option, HoA and the CoA of MS passed to the ownership radius server to the ownership radius server.Described MN-AAA mobile authentication option calculates by cipher key shared between MS and ownership radius server and finishes, this key is that MS pre-sets by the ownership radius server, the ownership radius server comes identifying user identity according to this key legitimacy.
4) the ownership radius server has been preserved the cipher key shared with MS in advance; utilize the correctness of this key authentication MN-AAA authentication option,, illustrate that then data are not distorted if correct; this MS is a validated user, so calculate the key IK that is used to protect binding flow process between follow-up MS and HA.Meanwhile, MS also can carry out the identical IK that calculates.Because in the communication process of back, if the CoA of MN changes, need to carry out the binding flow process once more, it will use with HA cipher key shared IK binding message will be protected.When carrying out address binding once more, HA has not just needed once more to ownership radius server request IK, and the IK that was to use obtained last time carries out the binding message protection.
5) the ownership radius server sends to HA and accepts message, has comprised the key IK of previous calculations in this message.
6) HA receives and accepts to preserve IK after the message, the row address of going forward side by side binding.
7) HA sends BA to MS, and this message has comprised the MN-HA mobile messaging authentication option of calculating with IK.MS is used in the local IK that calculates and checks MN-HA mobile messaging authentication option after receiving BA, if correct, then address binding process success.
In above flow process, the HA that MS dynamically obtains is positioned at home network, and this HA directly distributes by the ownership aaa server, and described radius server is exactly a kind of aaa server.In addition, also desired IPsec protection in the not use standard of the protection of signaling between MS and HA, and the IK that is to use a kind of MS and server end to calculate according to identical algorithms utilizes IK to carry out message protection.For further perfect, defined the flow process of distributing HA at visited network at present again, and how to have set up IPsecSA between MS and HA, and utilized SA to carry out the flow process of binding message protection by Internet Key Exchange (IKE) to this two aspect.
Fig. 3 is the flow process of distributing HA at visited network, specifically may further comprise the steps:
1) MS carries out access authentication procedure, and simultaneously, MS sends to PDSN with authentication information.
2) PDSN sends to the aaa server of visited network by request message with the authentication information of MS, promptly visits aaa server; Be transmitted to the aaa server of home network by the aaa server of visited network by request message again, promptly belong to aaa server.In order to represent that visited network has the ability and the wish of distributing HA, PDSN has expression the parameter of this ability and issues the ownership aaa server with request message.
3) configuration information of the MS that preserves in this locality according to the identify label inspection of MS of ownership aaa server finds that this user is a mobile IP v 6 user.Simultaneously, if ownership aaa server checking user's authentication information correct, distributes HA at home network then for this user.Have in the request message that the ownership aaa server is found to be received and express support for the parameter of distributing HA at visited network, therefore check the configuration information of MS, see that whether MS allows to be distributed by visited network the operation of HA, if allow, then authorizes at visited network and distributes HA to MS.
4) the ownership aaa server sends response message for the visit aaa server, is transmitted to PDSN by the visit aaa server again, has comprised the address of home network HA in this message, and authorizes the parameter of distributing HA at visited network.
5) PDSN receives response message, and the HA address of the home network received is preserved, and PDSN also can learn the mandate of ownership aaa server from this message it distributes HA at visited network.
6) PDSN sends the message that access authentication is finished to MS.
7) MS uses the information request message of DHCPv6 to ask MIP information to PDSN, has comprised the NAI of MS in this message, and this message also comprises the address that expression MS wishes to ask visited network HA in addition.
8) PDSN distributes the HA of visited network to MS.
9) PDSN gives the response message of MS loopback DHCPv6, has comprised the address of the HA of the visited network that distributes to MS in this message.
In this flow process, HoA can be distributed by dhcp message by the HA and the PDSN of visited network, also can distribute in follow-up address binding process.
MS and HA set up IPsec SA, and the flow process of executive address binding is as shown in Figure 4, and this flow process generally is also referred to as the IKE/IPsec method, may further comprise the steps:
1) MS and PDSN set up in the PPP connection procedure, carry out the bootstrapping process and obtain HA address and HoA.
2) MS and HA set up IPsec SA by IKE, and this process is actually both sides and consults parameters such as the cryptographic algorithm all support and key, is used for encapsulating to data.
3) executive address binding flow process between MS and HA, BU and BA message are protected BU and BA message with the IPsec SA that consults just now.This protection process is to utilize cryptographic algorithm and the key consult that message is encapsulated, send to the opposite end after, utilize identical algorithm to carry out decapsulation again.
In addition, connect owing to set up IKE, and consult IPsec SA and need certain hour, therefore have scheme to propose again, when the MS occurrence positions moves when needing change HA, MS and new HA do not carry out the IKE process, continue the IPsec SA between former HA of use and MS.Method is by former HA IPsec SA to be passed to HAAA, when new HA need use IPsec SA, sends request to HAAA again, thereby obtains IPsec SA, and this method is called as the IPsec of optimization.
From above flow process as can be seen, MS can adopt two kinds of different modes with address binding message protection between HA, and a kind of is authentication protocol, and another kind is to use IKE/IPsec, and the MS that has and HA can also support the IPsec that optimizes.HA and MS may support these modes simultaneously, also may only support a kind of; Though perhaps HA can support multiple mode, for operation strategy and security consideration, operator wishes the preferred a kind of mode that adopts wherein, and MS could carry out corresponding flow process according to the concrete condition of HA like this.But in the prior art; can not determine or be notified to these information of the other side between MS and the HA; be that both sides support on earth or preferably adopt which kind of mode to carry out the address binding message protection; make and in application, this situation occurs through regular meeting; be that MS adopts certain message protection mode to initiate the address protection flow process; but the equipment of network side is not supported this mode; can only process ends; MS adopts another kind of message protection mode to initiate to bind flow process once more behind wait timeout; the result who does has like this caused unnecessary time-delay on the one hand, has also taken the resource of preciousness in the server on the other hand.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of method of negotiating mobile IP characteristics, make network side or mobile node can know the mobile IP characteristics that the opposite end is supported.
In order to achieve the above object, the invention provides a kind of method of negotiating mobile IP characteristics, comprising:
Network side or mobile node send the message of carrying mobile IP characteristics to the opposite end, comprise the mobile IP characteristics of self supporting in the message, after described opposite end received this message, according to the mobile IP characteristics that self and opposite end are supported, the mode that adopts both sides all to support was carried out subsequent operation.
Described mobile IP characteristics comprises:
Network side and mobile node are realized same function or are carried out same operation and whether support two or more mode;
Network side and mobile node wish for function that can adopt two or more mode to realize or operation which kind of mode the opposite end specifically adopts realize;
Whether network side and mobile node support the expanded function of mobile IP.
Described function or be operating as: network side and mobile node carry out message protection to the address binding message.
The expanded function of the mobile IP of described support is specially: the IP safety function of supporting optimization.
Described execution subsequent operation specifically comprises:
Adopt network side to wish to use and method that mobile node also can be supported is carried out message protection to the process of address binding.
Described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Mobile node is initiated the bootstrapping process, and acquisition request moves IP information, and network side carries mobile IP characteristics in the response message of replying described mobile IP information, and the mobile IP characteristics of network side support is sent to described mobile node.
Describedly mobile IP characteristics sent to mobile node specifically carry out following steps:
The authentication and authorization charging server of network side utilizes the authentication and authorization charging agreement that mobile IP characteristics is delivered to packet data serving node, and described mobile IP characteristics is included in the parameter of transmitting hometown-agent-address;
Described packet data serving node utilizes DHCP that described mobile IP characteristics is delivered to mobile node, and described mobile IP characteristics is included in the parameter of transmitting hometown-agent-address.
Describedly mobile IP characteristics sent to mobile node specifically carry out following steps:
The authentication and authorization charging server of network side utilizes the authentication and authorization charging agreement that mobile IP characteristics is delivered to packet data serving node, new parameter of expansion in identifying authorized charge protocol message, and the value of this parameter is described mobile IP characteristics;
Described packet data serving node utilizes DHCP that described mobile IP characteristics is delivered to mobile node, new parameter of expansion in dynamic host configuration protocol messages, and the value of this parameter is described mobile IP characteristics.
Described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
The mobile node initiating capacity is consulted flow process, carries the mobile IP characteristics that mobile node is supported in the expansion reservation position of the capability negotiation message that sends to network side;
Network side keeps the mobile IP characteristics that carries the network side support in the position in the expansion of the capability negotiation message that replies to mobile node.
Described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
The mobile node initiating capacity is consulted flow process, carries the mobile IP characteristics that mobile node is supported in the expansion reservation position of the capability negotiation message that sends to network side;
Network side returns acknowledge message to mobile node;
Network side keeps the mobile IP characteristics that carries the network side support in the position in the expansion of the capability negotiation message that replies to mobile node;
Mobile node returns acknowledge message.
Described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Network side judges self whether to support the employed mobile IP characteristics of mobile node after receiving the binding update messages of mobile node transmission, if then continue the executive address binding; Otherwise in sending to the expansion binding acknowledgement message of mobile node, inform this address binding failure of mobile node, in this message, carry the mobile IP characteristics that network side is supported simultaneously;
Described execution subsequent operation specifically comprises:
If mobile node is supported the mobile IP characteristics that described network side is supported, then use this mobile IP characteristics to initiate the address binding flow process once more.
Described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Network side sends agent advertisement message to mobile node, carries the mobile IP characteristics of self supporting in this message;
Described execution subsequent operation specifically comprises:
After mobile node is received described agent advertisement message, judge self whether employed mobile IP characteristics of network enabled side,, then use this mobile IP characteristics to initiate the address binding flow process to network side if support.
In the present invention, network side and mobile node send the message of carrying mobile IP characteristics to the opposite end, comprise the mobile IP characteristics of self supporting in the message, make that mobile node and network side can be under situations about knowing in advance, the concrete condition of the MIP that supports according to the opposite end, the mode that adopts both sides all to support are carried out follow-up address binding operation.Avoided mobile node and network side in the prior art can't consult or notify the problem of opposite end mobile IP characteristics, can reduce unnecessary time-delay, simultaneously also saved Internet resources, and technical scheme of the present invention is less to the change of existing protocol, is easy to realize.
Description of drawings
Fig. 1 obtains the method flow diagram of MIP information for MS in the prior art;
Fig. 2 carries out the method flow diagram of address binding for using authentication protocol in the prior art;
Fig. 3 is the method flow diagram that distributes HA in the prior art at visited network;
Fig. 4 is for carrying out the method flow diagram of address binding by the IKE/IPsec method in the prior art;
Fig. 5 is the method flow diagram that network side and MS consult the MIP characteristic in the embodiments of the invention one;
Fig. 6 is the method flow diagram that network side and MS consult the MIP characteristic in the embodiments of the invention two;
Fig. 7 is the method flow diagram that network side and MS consult the MIP characteristic in the embodiments of the invention three;
Fig. 8 utilizes the capability negotiation flow process to carry out MIP characteristic negotiation method flow chart in the embodiments of the invention four;
Fig. 9 directly utilizes the signaling of address binding to carry out MIP characteristic negotiation method flow chart in the embodiments of the invention five.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
In the present invention; network side and mobile node are by the message of expansion bootstrapping process or address binding process; in the newly-increased parameter of this message or original parameter, carry the mobile IP characteristics of self supporting; perhaps consult flow process by executive capability; the extended capability negotiation message; the opposite end is informed with the mobile IP characteristics of self supporting in the reservation position of the capability negotiation message by this expansion; make that mobile node and network side can be under situations about knowing in advance; the concrete condition of the MIP that supports according to the opposite end; the mode that adopts both sides all to support is carried out follow-up address binding operation, and the message protection mode that promptly adopts the opposite end to support is carried out address binding.
Embodiment one:
In the present embodiment, HA is distributed by home network, and HA only supports authentication protocol, and the MIP characteristic is notified to MS by the ownership radius server in the bootstrapping process.Message between ownership radius server and PDSN is followed aaa protocol, and the message between PDSN and MS is followed the DHCP agreement.The flow process of network side and MS negotiation MIP characteristic specifically may further comprise the steps as shown in Figure 5:
Step 501, MS begin access authentication procedure, and just MS is setting up CHAP or the pap authentication of carrying out in the PPP connection procedure with PDSN;
Step 502, PDSN send the request of access to the ownership radius server, and the authentication information of MS is passed to this radius server;
Step 503, ownership radius server are checked the configuration information of the MS that preserves in this locality according to the sign of MS, find that this user is a mobile IP v 6 user; If ownership radius server checking user's authentication information correct, will distribute a HA and HoA to the user, according to the configuration information of this HA that preserves in this locality, know that this HA only supports authentication protocol simultaneously;
Step 504, ownership radius server insert message to the acceptance that PDSN sends RADIUS, the address that has comprised HA in the MIP6-Home Agenet attribute of this message, and comprised HoA in the MIP6-HomeAddress attribute, in order to transmit the MIP characteristic, expanded a new attribute MIP6_HA_Feature in this message, the value of this parameter is that home network is only supported authentication protocol;
Step 505, PDSN receive address, the HoA of HA from the ownership radius server, and after the MIP characteristic, these information can be kept at this locality;
Step 506, PDSN send the message that access authentication procedure is finished to MS;
Step 507, MS use the information request message of DHCPv6 to PDSN request MIP information, comprise the NAI of MS in this message;
Step 508, PDSN seek suitable record according to NAI, if find, then give MS loopback DHCPv6 response message, the address and the HoA that have comprised HA in this message, and in this message, expanded new attribute, and this property value is the MIP characteristic value, promptly HA only supports authentication protocol;
Step 509, MS receive response message, resolve and find that home network only supports authentication protocol after this message, and MS self also supports this function.Therefore MS initiates the address binding flow process, sends BU message to HA, and HA returns BA message after finishing address binding, and these two message all use the mode of authentication protocol defined to carry out message protection.
In the present embodiment, employing be the method for message and dhcp message parameter between expansion PDSN and radius server, transmit the MIP characteristic by the parameter of expansion.In fact, the MIP characteristic also can be transmitted in the parameter of transmitting HA address and HoA.
Embodiment two:
In the present embodiment, HA distributes at visited network, and two kinds of message protection modes of HA support, authentication authorization and accounting agreement and IKE/IPsec mode, and visited network wishes to adopt the IKE/IPsec mode to carry out message protection.
Fig. 6 is the flow chart that present embodiment network side and MS consult the MIP characteristic, may further comprise the steps:
Step 601, MS begin access authentication procedure, and authentication information is sent to PDSN.
Step 602, PDSN utilize the request message of AAA institute use agreement to issue the aaa server of visited network the authentication information of MS, are transmitted to the aaa server of home network again by the aaa server of visited network.In order to represent that visited network has the ability and the wish of distributing HA, PDSN has expression the parameter of this ability and issues the ownership aaa server with request message.
The configuration information of the MS that step 603, ownership aaa server are preserved in this locality according to the identify label inspection of MS finds that this user is a mobile IP v 6 user.If aaa server checking user's authentication information correct, distributes HA at home network then for this user.Have in the request message that the ownership aaa server is found to be received and express support for the parameter of distributing HA at visited network, therefore check user's configuration information, see that whether MS allows to be distributed by visited network the operation of HA, if allow, then authorizes at visited network and distributes HA to MS.Simultaneously, the ownership aaa server knows that the HA that self distributes can support two kinds of message protection modes, authentication authorization and accounting agreement and IKE/IPsec.
Step 604, ownership aaa server send response message for the visit aaa server, and then be transmitted to PDSN again, the address that has comprised home network HA in this message, and mandate distributes the parameter of HA at visited network, in order to transmit relevant MIP characteristic, be used for transmitting the parameter of HA address in this message, increase the MIP characteristic.
Step 605, PDSN receive response message, and the HA address and the MIP characteristic of the home network in the message are preserved, and PDSN can learn from this message that also belonging to aaa server has authorized it to distribute HA at visited network.
Step 606, PDSN send the message that access authentication is finished to MS.
Step 607, MS use the information request message of DHCPv6 to PDSN request MIP information, have comprised the NAI of MS in the client identity option of this message, and this message represents that also MS wishes to ask the HA address of visited network in addition.
After step 608, PDSN receive information request message, to the HA of MS distribution visited network, according to NAI query configuration information, simultaneously, PDSN knows that also the HA of this visited network can support authentication protocol and IKE/IPsec, and visited network wishes to adopt the IKE/IPsec mode.
Step 609, PDSN give MS loopback DHCPv6 response message.The address that has comprised the HA of the visited network that distributes to MS in this message, and the characteristic of visited network MIP, promptly visited network wishes to adopt the IKE/IPsec mode, and the MIP characteristic of this visited network is comprised in the option that transmits the HA address.
Step 610, MS and HA go out IPsec SA by ike negotiation.Concrete machinery of consultation is same as the prior art, and the cryptographic algorithm that promptly adopts both sides all to support is come to packet encapsulation.
Step 611, MS and HA utilize IPsec SA executive address binding flow process.
In the present embodiment, the MIP characteristic is transmitted in the parameter of transmitting the HA address.
Embodiment three:
In the present embodiment, HA is distributed by visited network, and HA supports the IPsec function of optimization.
Fig. 7 is the flow chart that present embodiment network side and MS consult the MIP characteristic, may further comprise the steps:
Step 701, MS begin access authentication procedure, and authentication information is issued PDSN.
Step 702, PDSN utilize the request message of AAA institute use agreement to issue the aaa server of visited network the authentication information of MS, are given to the aaa server of home network again by the aaa server of visited network.In order to represent that visited network has the ability and the wish of distributing HA, PDSN has expression the parameter of this ability and issues the ownership aaa server with request message.
The configuration information of the MS that step 703, ownership aaa server are preserved in this locality according to the identify label inspection of MS finds that this user is a mobile IP v 6 user.Simultaneously, if ownership aaa server checking user's authentication information correct, distributes HA at home network then for this user.Have in the request message that the ownership aaa server is found to be received and express support for the parameter of distributing HA at visited network, therefore check the configuration information of MS, see that whether MS allows to be distributed by visited network the operation of HA, if allow, then authorizes at visited network and distributes HA to MS.Simultaneously, the ownership aaa server knows that the HA that is distributed supports the IPsec function of optimizing.
Step 704, ownership aaa server are given visit aaa server echo reply message, be transmitted to PDSN by the visit aaa server again, the address that has comprised home network HA in this message, and mandate distributes the parameter of HA at visited network, in order to transmit the MIP characteristic, be the IPsec function of the HA support optimization of home network, expanded new attribute in response message, the value of this attribute is the MIP characteristic.
Step 705, PDSN receive response message, and the HA address and the MIP characteristic of the home network received are preserved, and PDSN can learn from this message that also aaa server authorized it to distribute HA at visited network.
Step 706, PDSN send the message that access authentication is finished to MS.
Step 707, MS use the information request message of DHCPv6 to PDSN request MIP information, have comprised the NAI of MS in the client identity option of this message, and this message represents that also MS wishes to ask visited network to distribute HA in addition.
Step 708, PDSN are distributed the HA of visited network to MS, and according to the configuration information of this HA that preserves in this locality, PDSN learns that this visited network can support the IPsec of optimization.
Step 709, PDSN have comprised the address of the HA of the visited network that distributes to MS to MS loopback DHCPv6 response message in this message, and the MIP characteristic, and promptly HA supports the IPsec of optimization, and the option that this MIP characteristic is used in new expansion in the response message transmits.
Step 710, MS and HA carry out the address binding flow process based on the IPsec that optimizes.
In the present embodiment, also be to transmit the MIP characteristic by spreading parameter in message.
Embodiment four:
In the Wireless IP network standard, stipulate, carry out between MS and the PDSN before the IP exchanges data, must set up PPP session link.In the process of link establishment, need to use PPP manufacturer Extended Protocol to come version and ability that both sides support are held consultation between MS and the PDSN, this negotiation flow process was carried out before the bootstrapping flow process, employed message format is as shown in the table, wherein, the capability negotiation message format that table 1 sends for MS, this message is 24, put 1 and express support for this ability, put 0 expression and do not support:
| Figure place | Ability |
| ?0 | Simple IP v4 |
| ?1 | Mobile IPv 4 |
| ?2 | Simple IP v6 |
| ?3 | Mobile IP v 6 |
| ?4-23 | Keep |
Table 1
Wherein the 4-23 bit function keeps.
The capability negotiation message format that table 2 returns for PDSN:
| Figure place | Ability |
| 0 | The auxiliary connection of supporting business option 60 |
| 1 | The auxiliary connection of supporting business option 61 |
| 2 | The auxiliary connection of supporting business option 66 |
| 3 | Support the mobile IPv 4 registration revocation |
| 4 | The auxiliary connection of supporting business option 64 |
| 5 | The auxiliary connection of supporting business option 67 |
| 6-23 | Keep |
Table 2
Wherein the 6-23 bit function keeps.
Present embodiment is exactly the affirmation of holding consultation of the MIP characteristic of utilizing this capability negotiation flow process that MS and PDSN are had.For realizing consulting the function of MIP characteristic, need the reservation position of message shown in his-and-hers watches 1 and the table 2 to expand, for example can whether support authentication protocol with the 4th bit representation MS in the table 1, whether the 5th bit representation supports the IKE/IPsec mode, whether the 7th bit representation supports the IPsec mode optimized, for the expansion of message shown in the table 2 in like manner.
Utilize this capability negotiation flow process to carry out flow process that the MIP characteristic consults as shown in Figure 8, may further comprise the steps:
Step 801, MS be to PDSN transmitting capacity negotiation message, wherein comprised the IKE/IPsec message protection ability that instruct MS is supported mobile IP;
Step 802, PDSN echo reply are as affirmation, and this step is optional on stream;
Step 803, PDSN are to MS transmitting capacity negotiation message, and the mobile IP of expression network side supports IKE/IPsec and two kinds of message protection modes of authentication protocol;
Step 804, MS echo reply are as affirmation, and this step also is optional on stream.
By above flow process, MS and PDSN both sides have been known the MIP characteristic that the opposite end is supported, thereby can be according to certain strategy execution flow process subsequently.For example service provider wishes to adopt the IPsec mode of optimization to carry out message protection, and handling capacity knows that both sides support the IPsec mode of optimizing, so adopt this mode after consulting.
Embodiment five:
Present embodiment is directly to utilize the signaling of address binding to carry out the transmission of MIP characteristic.Fig. 9 is the flow chart of this method, carries out following steps:
Step 901, MS send BU message to HA, in order to protect the integrality of this message, have comprised MN-AAA mobile authentication option in the message, perhaps increase a new parameter in message, and the value representation of this parameter wishes to adopt authentication protocol to carry out message protection;
After step 902, HA receive message, find that MS uses authentication protocol protection message, but HA does not wish to adopt this mode, therefore send BA message, this message represents that binding is unsuccessful, and increase a parameter in message, expression HA wishes to use IPsec SA protection message, i.e. IKE/IPsec method; For example this parameter value is to represent that HA wished to use IPsec SA protection message at 00 o'clock, is to express support in 01 o'clock to optimize the IPsec mode, is to express support for authentication protocol at 10 o'clock.
After step 903, MS receive BA,, then carry out the IKE process, negotiate IPsec SA with HA if self also support IPsec SA protection message;
Step 904, MS resend BU message and give HA, and HA returns BA.These two message all use IPsec SA to protect.
Before step 901, HA also can increase a parameter by the expansion agent advertisement message in this message, and the MIP characteristic of this parameter value for self supporting by sending this expansion agent advertisement message, informed MS with the MIP characteristic.
In a word, the above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (12)
1. the method for a negotiating mobile IP characteristics is characterized in that, comprising:
Network side or mobile node send the message of carrying mobile IP characteristics to the opposite end, comprise the mobile IP characteristics of self supporting in the message, after described opposite end received this message, according to the mobile IP characteristics that self and opposite end are supported, the mode that adopts both sides all to support was carried out subsequent operation.
2. the method for negotiating mobile IP characteristics according to claim 1 is characterized in that, described mobile IP characteristics comprises:
Network side and mobile node are realized same function or are carried out same operation and whether support two or more mode;
Network side and mobile node wish for function that can adopt two or more mode to realize or operation which kind of mode the opposite end specifically adopts realize;
Whether network side and mobile node support the expanded function of mobile IP.
3. the method for negotiating mobile IP characteristics according to claim 2 is characterized in that, described function or be operating as: network side and mobile node carry out message protection to the address binding message.
4. the method for negotiating mobile IP characteristics according to claim 2 is characterized in that, the expanded function of the mobile IP of described support is specially: the IP safety function of supporting optimization.
5. the method for negotiating mobile IP characteristics according to claim 1 is characterized in that, described execution subsequent operation specifically comprises:
Adopt network side to wish to use and method that mobile node also can be supported is carried out message protection to the process of address binding.
6. the method for negotiating mobile IP characteristics according to claim 1 is characterized in that, described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Mobile node is initiated the bootstrapping process, and acquisition request moves IP information, and network side carries mobile IP characteristics in the response message of replying described mobile IP information, and the mobile IP characteristics of network side support is sent to described mobile node.
7. the method for negotiation according to claim 6 IP characteristic is characterized in that, describedly mobile IP characteristics is sent to mobile node specifically carries out following steps:
The authentication and authorization charging server of network side utilizes the authentication and authorization charging agreement that mobile IP characteristics is delivered to packet data serving node, and described mobile IP characteristics is included in the parameter of transmitting hometown-agent-address;
Described packet data serving node utilizes DHCP that described mobile IP characteristics is delivered to mobile node, and described mobile IP characteristics is included in the parameter of transmitting hometown-agent-address.
8. the method for negotiation according to claim 6 IP characteristic is characterized in that, describedly mobile IP characteristics is sent to mobile node specifically carries out following steps:
The authentication and authorization charging server of network side utilizes the authentication and authorization charging agreement that mobile IP characteristics is delivered to packet data serving node, new parameter of expansion in identifying authorized charge protocol message, and the value of this parameter is described mobile IP characteristics;
Described packet data serving node utilizes DHCP that described mobile IP characteristics is delivered to mobile node, new parameter of expansion in dynamic host configuration protocol messages, and the value of this parameter is described mobile IP characteristics.
9. according to the method for any described negotiation IP characteristic in the claim 1 to 5, it is characterized in that described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
The mobile node initiating capacity is consulted flow process, carries the mobile IP characteristics that mobile node is supported in the expansion reservation position of the capability negotiation message that sends to network side;
Network side keeps the mobile IP characteristics that carries the network side support in the position in the expansion of the capability negotiation message that replies to mobile node.
10. according to the method for any described negotiation IP characteristic in the claim 9, it is characterized in that described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
The mobile node initiating capacity is consulted flow process, carries the mobile IP characteristics that mobile node is supported in the expansion reservation position of the capability negotiation message that sends to network side;
Network side returns acknowledge message to mobile node;
Network side keeps the mobile IP characteristics that carries the network side support in the position in the expansion of the capability negotiation message that replies to mobile node;
Mobile node returns acknowledge message.
11. the method according to any described negotiation IP characteristic in the claim 1 to 5 is characterized in that, described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Network side judges self whether to support the employed mobile IP characteristics of mobile node after receiving the binding update messages of mobile node transmission, if then continue the executive address binding; Otherwise in sending to the expansion binding acknowledgement message of mobile node, inform this address binding failure of mobile node, in this message, carry the mobile IP characteristics that network side is supported simultaneously;
Described execution subsequent operation specifically comprises:
If mobile node is supported the mobile IP characteristics that described network side is supported, then use this mobile IP characteristics to initiate the address binding flow process once more.
12. the method according to any described negotiation IP characteristic in the claim 1 to 5 is characterized in that, described network side or mobile node send the method for carrying mobile IP characteristics message to the opposite end and specifically comprise:
Network side sends agent advertisement message to mobile node, carries the mobile IP characteristics of self supporting in this message;
Described execution subsequent operation specifically comprises:
After mobile node is received described agent advertisement message, judge self whether employed mobile IP characteristics of network enabled side,, then use this mobile IP characteristics to initiate the address binding flow process to network side if support.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101269190A CN101141783B (en) | 2006-09-06 | 2006-09-06 | Method of negotiating mobile IP characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006101269190A CN101141783B (en) | 2006-09-06 | 2006-09-06 | Method of negotiating mobile IP characteristics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101141783A true CN101141783A (en) | 2008-03-12 |
| CN101141783B CN101141783B (en) | 2012-07-04 |
Family
ID=39193461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006101269190A Active CN101141783B (en) | 2006-09-06 | 2006-09-06 | Method of negotiating mobile IP characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101141783B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011032478A1 (en) * | 2009-09-17 | 2011-03-24 | 中兴通讯股份有限公司 | Method, device and terminal for obtaining terminal identifier |
| WO2022001705A1 (en) * | 2020-06-28 | 2022-01-06 | 中兴通讯股份有限公司 | Method, apparatus and device for supporting tcp dynamic migration, and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3990976B2 (en) * | 2002-12-19 | 2007-10-17 | 株式会社エヌ・ティ・ティ・ドコモ | Mobile node, mobility control device, communication control method, and communication system |
| CN1816036A (en) * | 2005-02-02 | 2006-08-09 | 华为技术有限公司 | Method for realizing protocol edition compatible between apparatuses in mobile IP network |
-
2006
- 2006-09-06 CN CN2006101269190A patent/CN101141783B/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011032478A1 (en) * | 2009-09-17 | 2011-03-24 | 中兴通讯股份有限公司 | Method, device and terminal for obtaining terminal identifier |
| WO2022001705A1 (en) * | 2020-06-28 | 2022-01-06 | 中兴通讯股份有限公司 | Method, apparatus and device for supporting tcp dynamic migration, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101141783B (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101297515B (en) | EAP/SIM authentication for mobile IP to leverage GSM/SIM authentication infrastructure | |
| US9686669B2 (en) | Method of configuring a mobile node | |
| JP3964257B2 (en) | System and method for allowing a simple IP mobile node to operate seamlessly by performing true roaming in a mobile IP network | |
| US20060078119A1 (en) | Bootstrapping method and system in mobile network using diameter-based protocol | |
| CN101300889B (en) | Method and server for providing a mobile key | |
| CN101785270A (en) | Access-network to core-network trust relationship detection for a mobile node | |
| US8432924B2 (en) | Routing optimization method and message transmission system based on proxy mobile agent | |
| EP2151142B1 (en) | Methods and apparatus for sending data packets to and from mobile nodes | |
| CN101088265A (en) | Domain name system (DNS) IP address distribution in a telecommunications network using the protocol for carrying authentication for network access (PANA) | |
| CN101193039B (en) | Notification method for supporting mobile IP enhancing capability in network | |
| JP2008236754A (en) | Mobile communication network, and method and apparatus for carrying out authentication of mobile node in mobile communication network | |
| KR20070110178A (en) | Authentication system in a communication system and method thereof | |
| CN101331716A (en) | Method for transmission of data packets based on the Ethernet transmission protocol between at least one mobile communication unit and a communication system | |
| CN102638782B (en) | Method and system for distributing home agent | |
| EP3758401A1 (en) | Method and device for obtaining local domain name | |
| US8750303B2 (en) | Mobility signaling delegation | |
| CN101141783B (en) | Method of negotiating mobile IP characteristics | |
| US9485652B2 (en) | Method and system for managing mobility of mobile station in a mobile communication system using mobile IP | |
| US9871793B2 (en) | Diameter signaling for mobile IPv4 | |
| CN101447978B (en) | Method for acquiring correct HA-RK Context by accessing AAA server in WiMAX network | |
| CN102811441A (en) | Method and device for managing mobile IP secret key | |
| KR20090065023A (en) | Method for handling an ipsec tunnel mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |