Manualshelf

HP-UX Mobile IPv4 A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
21222324252627282930
2TQFWEV1XGTXKGY
###5WRRQTV
Chapter 1
11
The above entities use the dynamic keys to authenticate any messages between them
after the initial registration. For example, the keys are used to authenticate messages
sent between the Mobile IPv4 entities during a re-registration procedure when
finite-lifetime registrations are used and a lifetime expires. The Mobile Node will use its
Mobile Node - Foreign Agent key to calculate a challenge response for the challenge in
the Foreign Agent’s Advertisement. The Mobile Node will also use its Mobile Node -
Home Agent key to calculate an authentication value for the Registration Request.
The Mobile Node - Home Agent key is also used to authenticate Registration Requests
sent from the Mobile Node to its Home Agent to indicate its new Care-of Address after it
moves to a new foreign network.
Dynamic keys increase security by adding authentication to the messages exchanged
between the Mobile Node and Foreign Agent, and between the Home Agent and Foreign
Agent. Dynamic keys also increases security because a dynamic key is used for Mobile
Node registration, instead of the same static key for each registration. Using different
dynamic keys (instead of the same static key each time) makes it more difficult for
someone examining network packets to determine a key’s value.
The AAAH encrypts keys used by the Mobile Node (Mobile Node - Home Agent and
Mobile Node - Foreign Agent keys) using the AAA key or password for the Mobile Node
user. However, keys for the Home Agent and Foreign Agent are not encrypted by the
AAA protocol. This means messages sent between the following entities contain security
keys but AAA does not encrypt the messages:
AAAH and Home Agent
AAAF and Foreign Agent
In addition, messages sent between the AAAH and AAAF contain security keys. You can
encrypt the messages sent between the AAAH and AAAF using security features
provided by the AAA infrastructure. You should also use an external security
mechanism, such as HP-UX IPSec, to encrypt the messages sent between the AAAH and
Home Agent, and between the AAAF and Foreign Agent.
Dynamic Home Address Allocation
With dynamic home address allocation, the AAAH or Home Agent dynamically allocates
home addresses for Mobile Nodes. HP-UX Mobile IPv4 Home Agents support dynamic
home address allocation for AAA Mobile Nodes. The Home Agent dynamically allocates
the addresses from a pool or range of IP addresses.
The Foreign Agent will update its information for the Mobile Node with the allocated
home address when it receives the AA-Mobile Node Answer (AMA) with the Mobile IPv4
Registration Reply.
Note that the allocated home addresses are permanent. The Mobile IPv4 protocol suite
has no provision for a Mobile Node to return a home address to the Home Agent for
re-use.
Dynamic Home Agent Allocation
Home Agents are dynamically allocated in the following two scenarios:
Static home addresses
Dynamic home addresses