Problems I've found with Mobile
All the problems I've found during the implementation of Mobile
IP are based on the case when the Mobile Node is away from home.
I'll try to explain them as precise as I can but without digging
too much into details.
- Once the Mobile Node is on a foreign network and
registered with both foreign agent and home agent, if it
wants to communicate with machines which are connected to
its home network, it could use small TTL values (Time To
Live). If that occurs, and the Mobile Node/Foreign Agent
does not encapsulate packets (i.e. using Bi-tunneling),
and the number of routers between its current network and
its home network is high, those packets will not arrive
to its home network.
This could be solved using Bi-Tunneling or if the Mobile
Node is aware of its nature (Mobility awareness?)
- The Mobile IP RFC reads that the Mobile Node can use the
local router on the foreign network as a default router.
One of the problems about that is that the Mobile Node is
not capable of obtaining router's MAC address (because it
is not able of ARP'ing). Therefore, the Mobile Node just
can communicate as default router with the Foreign Agent.
That's the reason I've decided not to include IP
addresses of any router in the agent advertisements.
- The Foreign Agent, when the Mobile Node is on the foreign
network, of course, cannot communicate with the Mobile
The packets will be delivered to the Home Agent and the
source address will be Foreign Agent's source address.
When the home Agent receives the packet it will
encapsulate it. The new IP header will have the
destination address of the Foreign Agent. But the RFC
specifies that the Home? Agent must discard packets where
the outer destination address is equal to the inner
source address in order to avoid loops.
- Most of the actual routers installed in the Internet are
trying to avoid estranges doing some IP filtering (in
some sense, the routers are becoming a firewall) in order
to eliminate IP spoofing.
The idea behind this attack is the forgery of source IP
addresses. Some programs (less and less often) base
authentication on the source IP address of packets they
receive. Therefore, if a external machine to an
organization fakes its IP address could get unauthorised
access to machines on that organization (even if they
cannot get any answer back).
Therefore, those routers filter the incoming packets of
the external connection. If the packets which arrive from
the external connection to the organization, have the IP
address of any internal machine, they drop them.
With this scenario, Mobile Nodes cannot communicate with
its home network when away from home (apart from the
Last updated: 25/4/97. Manuel