Manualshelf

Mobile IPv6 A.01.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPv6 Software
21222324252627282930
Chapter 1
Introducing HP-UX Mobile IPv6
Establishing Route Optimization
14
Mobile Node Sends Care-of Test Init and Home Test Init Messages
The Care-of Test Init message is addressed directly to the Correspondent Node. The Home Test Init
message is routed through the Home Agent. These messages are routed over different network segments in
most topologies.
Correspondent Node Sends Care-of Test and Home Test Messages
The Correspondent Node sends Care-of Test and Home Test messages back to the Mobile Node. The Care-of
Test message is addressed directly to the Mobile Node’s Care-of Address. The Home Test message is
addressed to the Mobile Node’s Home Address and is routed through the Home Agent. The Care-of Test and
Home Test messages both contain keying material, with index values that the Correspondent Node will use
when it receives the Binding Update from the Mobile Node.
In most network topologies, the Care-of Test and Home Test messages are routed over different network
segments. For additional security, you can configure IPSec to encrypt and authenticate the Home Test Init
and Home Test data-packets between the Home Agent and Mobile Node.
Mobile Node Calculates Binding Material Key
The Mobile Node uses the keying material from the Care-of Test and Home Test messages to calculate a
cryptographic key for Binding Update messages. This key is referred to as the binding management key,
or Kbm.
Mobile Node Sends Binding Update Message
The Mobile Node uses the binding management key (Kbm) to calculate a cryptographic authentication value
(a cryptographic signature) for the Binding Update information, and sends the Binding Update message to
the Correspondent Node with the authentication value and index values.
Correspondent Node Verifies Binding Update Message
The Correspondent Node uses the home nonce index and care-of nonce index values sent with the Binding
Update to look-up the keying material it sent to the Mobile Node. The Correspondent Node uses the keying
material to form a value for the binding management key (Kbm). The Correspondent Node uses the
authentication value for the Binding Update to verify that the Mobile Node generated the same value for the
binding management key (Kbm). The Correspondent Node sends a Binding Acknowledgement message to the
Mobile Node.
The verification of the authentication value and binding management key (Kbm) proves that the Mobile Node
received data-packets sent through its Home Agent and sent directly to its proposed Care-of Address (return
routability). It also provides some security, because an attacker must capture both the Care-of Test and the
Home Test data-packets.