RFC 2344 (rfc2344) - Page 2 of 19
Reverse Tunneling for Mobile IP
Alternative Format: Original Text Document
RFC 2344 Reverse Tunneling for Mobile IP May 1998
4.1.1. Sending Registration Requests to the Foreign Agent ...... 8
4.1.2. Receiving Registration Replies from the Foreign Agent ... 9
4.2. Foreign Agent Considerations .............................. 9
4.2.1. Receiving Registration Requests from the Mobile Node ... 10
4.2.2. Relaying Registration Requests to the Home Agent ....... 10
4.3. Home Agent Considerations ................................ 10
4.3.1. Receiving Registration Requests from the Foreign Agent . 11
4.3.2. Sending Registration Replies to the Foreign Agent ...... 11
5. Mobile Node to Foreign Agent Delivery Styles ............... 12
5.1. Direct Delivery Style .................................... 12
5.1.1. Packet Processing ...................................... 12
5.1.2. Packet Header Format and Fields ........................ 12
5.2. Encapsulating Delivery Style ............................. 13
5.2.1 Packet Processing ....................................... 13
5.2.2. Packet Header Format and Fields ........................ 14
5.3. Support for Broadcast and Multicast Datagrams ............ 15
5.4. Selective Reverse Tunneling .............................. 15
6. Security Considerations .................................... 16
6.1. Reverse-tunnel Hijacking and Denial-of-Service Attacks ... 16
6.2. Ingress Filtering ........................................ 17
7. Acknowledgements ........................................... 17
References .................................................... 17
Editor and Chair Addresses .................................... 18
Full Copyright Statement ...................................... 19
1. Introduction
Section 1.3 of the Mobile IP specification [1] lists the following
assumption:
It is assumed that IP unicast datagrams are routed based on the
destination address in the datagram header (i.e., not by source
address).
Because of security concerns (for example, IP spoofing attacks), and
in accordance with RFC 2267 [8] and CERT [3] advisories to this
effect, routers that break this assumption are increasingly more
common.
In the presence of such routers, the source and destination IP
address in a packet must be topologically correct. The forward tunnel
complies with this, as its endpoints (home agent address and care-of
address) are properly assigned addresses for their respective
locations. On the other hand, the source IP address of a packet
transmitted by the mobile node does not correspond to the network
prefix from where it emanates.
This document discusses topologically correct reverse tunnels.
Montenegro Standards Track