RFC 2520 (rfc2520) - Page 2 of 8
NHRP with Mobile NHCs
Alternative Format: Original Text Document
RFC 2520 NHRP with Mobile NHCs February 1999
1. Introduction
The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
document, are to be interpreted as described in [4].
This document describes an extension for Mobile NHCs to use when they
wish to register with their home LIS but initially connect to a non-
serving NHS to do so. The reader is encouraged to read [1] for more
details on the NHRP registration process.
2.0 Definition of the NHRP Mobile NHC Authentication Extension
Compulsory = 1
Type = 10 (proposed)
Length = variable
The NHRP Mobile NHC Authentication Extension is carried in NHRP
Registration packets to convey end to end authentication Information.
This extension is defined in contrast to the NHRP Authentication
Extension defined in [1] which has hop by hop semantics.
This new extension is used when a mobile NHC initially connects to an
NHS which is not one of its serving NHSs and the mobile NHC and
nonserving NHS are not in a security relationship. The mobile NHC
does this in order to send an NHRP Registration Request, via normal
routing and forwarding processes, to one of its serving NHSs with
which it does have a security relationship. As defined in [1], a
serving NHS is an NHS in the NHC's home LIS with which the NHC will
register. Upon receiving such an NHRP Registration Request, the
serving NHS will do the following: authenticate the sender NHC, set
up a VC to the NHC, and then send an NHRP Resolution Reply in
response on that new VC.
Note that, as defined in [1], a transit NHS (such as the one to which
the mobile NHC initially connects) must ignore an extension which it
does not understand and that an NHS must not change the order of
extensions in an NHRP packet. Thus, the end to end semantics of this
extension are preserved without causing changes to existing
implementations.
If a serving NHS receives a packet which fails the hop by hop
authentication test defined in [1] then the NHS MUST generate an
Error Indication of type 'Authentication Failure' and discard the
packet. However in the case where the NHRP Mobile NHC Authentication
Extension is used as described above, sending an Error Indication is
not possible since no route exists back toward the mobile NHC
assuming a VC does not already exist between the mobile NHC and the
Luciani, et al. Experimental