Internet Engineering Task Force W. T. Teo INTERNET DRAFT National Univ. of Singapore Y. Li Bay Networks, Inc. 1 March 1998 Mobile IP extension for Private Internets Support (MVPN) draft-teoyli-mobileip-mvpn-00.txt Status of this Memo This document is a submission to the Mobile-IP Working Group of the Internet Engineering Task Force (IETF). Comments should be submitted to the mobile-ip@smallworks.com mailing list. Distribution of this memo is unlimited. This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet-Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast). Abstract This memo describes a scheme to enable the mobile node to move from public to private domains or between private domains while it still maintains internet connectivity. This extended mobility support does not require that the private host have access to the global Internet. This memo takes advantage of the PAID agent, a domain border agent, specified in the private address identification (PAID) procotol. To register a mobility binding, we introduce a mobile extension in the regional registration messages with the PAID agent, and a private extension to the global registration messages with the home agent. Teo, Li Expires 31 August 1998 [Page i] Internet Draft MVPN 1 March 1998 1. Introduction 1.1 Problem Mobile IP base protocol [6] provides an efficient, scalable mechanism for node mobility within the public Internet. However, it does not support movement between private domains and between private domain and public domain. Private internets are defined in [9]. They differ from the existing public internet in terms of address allocation. Private internets are generally used to number hosts within an enterprise, organization or a community. These hosts are not meant to be accessed from public internet hosts outside the private internets. The problem arises when a private host providing services to other clients in the private networks moves to another private or public site. Besides, the uniqueness of private IP address for each host cannot be assumed. Since routers generally deliver datagrams based on their destination IP address, the mechanism provided by the Mobile IP will not work at all between different private internet communities. 1.2 MVPN The protocol (MVPN) specified in this memo attempts to extend the Mobile IP support to private internets, that is, to enable mobility between private domains and from public to private domains. The private address identification protocol (PAID) [4] proposes an approach which facilitates the private extension of the mobility support. It proposes to bind each private address, by regional registration, to a public address of another node (called PAID agent or domain border agent) and thus provides an unique identification of a private host. This protocol also invents a PAID Encapsulation mechanism. This approach enables the global communication between private domains. Taking advantage of the PAID agent, the MVPN introduces a private extension to the global Registration Request and Registration Reply messages as specified in the Mobile IP base protocol [6]. These messages will then be forwarded between the mobile node and the home agent by way of a foreign PAID agent and/or a home PAID agent. The idea of regional registration was introduced by Perkins [8]. It was meant to reduce the frequency of distant registrations with the home agent. We extend this idea to the private domains. When a mobile node moves to a private domain, it has to first register its private care-of address with the public PAID agent. To perform this regional registration, MVPN introduces a mobile PAID extension to the PAID registration messages as specified in the PAID protocol [4]. Teo, Li Expires 31 August 1998 [Page 1] Internet Draft MVPN 1 March 1998 1.3. Applicability MVPN is intended to enable nodes to move from a public domain to a private domain, or to move between private domains. MVPN does not support movement from a private domain to a public one. With the support of MVPN, both the mobile node and the home agent can be public or private nodes. The foreign agent can be a public node only if the mobile node is in the same domain as the foreign agent or both the mobile node and the home agent are public nodes. In a private domain, MVPN does not require the foreign agent for registration, but the mobile node still uses the Agent Advertisement messages from the foreign agent to detect movement, from one subnet to another or from a domain to another. Although the corresponding node may not be able to access the private domain which the mobile node is visiting, as long as it is able to communicate with the mobile node's home network, the corresponding node will be able to communicate with the mobile node with help of the home agent, the home PAID agent, and the foreign PAID agent. MVPN is compatible with the PAID protocol [4]. When the Internet supports PAID partly or completely, the MVPN will even enable the mobile node to move from a private domain to a public one. 1.4. Terminology and Definitions Identification of Private Address (PAID) The identification of a private address is a address pair. It is defined in [4]. We also call it as the binary identification of the private address. PAID Agent A PAID agent is a node that provides private nodes with the public portion of the binary identification. It is defined in [4]. Home PAID Agent This is a PAID agent of the mobile node's home agent when the home agent is private. It supports MVPN in the mobile node's home domain. It does not process Registrtion Request and Registration Reply messages but it forwards these messages. The home PAID agent tunnels packets, including the registration messages, between the home agent and the foreign PAID agent or the foreign agent. Teo, Li Expires 31 August 1998 [Page 2] Internet Draft MVPN 1 March 1998 Foreign PAID Agent This is a PAID agent of the mobile node's care-of address. It supports MVPN in the mobile node's foreign domain. It processes Registrtion Request and Registration Reply messages. It tunnels packets between the home agent/the home PAID agent and the foreign agent/the mobile node. Mobile Node The mobile node in MVPN is the same as that defined as in the Mobile IP base protocol, except that the mobile node address can be a public address, private address, or a address pair. Home Agent The home agent in MVPN is the same as that defined as in the Mobile IP base protocol. Home agent address can be private or public. Foreign Agent The foreign agent in MVPN is the same as that defined as in the Mobile IP base protocol. Foreign agent address can be private or public. In MVPN, the foreign agent is less important since the mobile node can obtain co-located care-of address by DHCP [1]. Care-of Address The care-of address in MVPN is the same as that defined as in the Mobile IP base protocol. It can be private or public. We refer as private care-of address to the care-of address of the mobile node when the care-of address is private. Public Care-of Address The public care-of address of the mobile node is referred to a public address of the foreign PAID agent. Mobility Binding Similar to that in the Mobile IP base protocol, the mobility binding in MVPN is the association of the binary identification of the mobile node home address, the binary identification of the care-of address, along with the lifetime of the association. Teo, Li Expires 31 August 1998 [Page 3] Internet Draft MVPN 1 March 1998 2. Protocol Overview When a home agent in MVPN moves to another private domain, it will identify the mobile node's location by the binary identification of the mobile node's care-of address, that is, the address pair . On the other hand, the mobile node will identify the home agent by the binary identification of the home agent, that is, the address pair . 2.1 Obtaining Care-of Address The mobile node, when moving to a private network in another domain, may attempt to obtain a private co-located care-of address by using DHCP [1]. Since there are plenty of private addresses in each enterprise network, using co-located care-of addresses is not expensive. 2.2 Discovery of Foreign PAID Agent After obtaining a care-of address, the mobile node may attempt to register a binary identification with a foreign PAID agent. The mobile node may discover the foreign PAID agent by the PAID agent discovery protocol in [4]. Alternatively, a foreign agent may include a PAID agent extension in the Agent Advertisement message, and thus the mobile node is able to learn the PAID agent from the foreign agent. 2.3 Regional Registration The mobile node may register a binary identification with a foraign PAID agent through exchange of a pair of PAID Registration Request and Reply messages as specified in the PAID registration protocol (see [4]). To additionally regionally register a mobility binding with the foreign PAID agent, the mobile node should include a Mobile PAID Extension in the PAID Registration Request message. The foreign PAID agent should associates the mobility binding regionally with itself and include the Mobile PAID Extension in the reply. This way the mobile node may not necessarily originate a home registration as in section 2.4 unless it moves to another domain. This is because the mobile node can be served by the same foreign PAID agent while moving inside the domain. Teo, Li Expires 31 August 1998 [Page 4] Internet Draft MVPN 1 March 1998 2.4 Home Registration Using the binary identification of its care-of address, the mobile node may register a mobility binding with its home agent, by exchange of a pair of Registration Request and Reply messages, via the foreign PAID agent and the home PAID agent. To register such a mobility binding, both the request and the reply should contain a Private Extension. The private extension contains private mobile node address, and/or private home agent address, and/or private care-of address. The foreign agent, foreign PAID agent, or home agent will determine if the Registration Request and reply messages supports MVPN by checking the presence of the private extension. 2.5 Transit Registration The mobile node may register a mobility binding with other foreign PAID agents in domains it visited previously. These foreign PAID agents will then redirect mobile traffic to the location where the mobile node is currently visiting. Transit registration can be performed in the same way as the home registration. 2.6 Movement Detection The mobile node will take advantage of Agent Advertisement messages to detect movement. In order to detect the movement from one domain to another, both the home agent and foreign agent should advertise all PAID agents in the domain as well as care-of addresses. A mobile node should detect a change in location when it receives an Agent Advertisement with a different set of care-of address. In contrast, when the mobile node learns the message has a different set of PAID agent addresses, it should be considered to have moved into another domain. 2.7 Datagram Forwarding / Tunnelling In general, IP Encapsulation within IP [7] or GRE [3] can be employed for tunneling from the home agent to the mobile node. In the MVPN case, it is difficult for a PAID agent to identify where the mobile traffic is destined. If the mobile node has register a binding with 'P' bit set, it means all agents support PAID encapsulation [4]. In this case, the home agent may tunnel packets to the private care-of address with PAID encapsulation. If the mobile node is not able to register a binding with the 'P' bit set, the PAID encapsulation should apply to the tunnels between the mobile node and the foreign PAID agent or between the home PAID agent and the home agent. Other tunnels may employ the a regular tunneling mechanism other than the PAID encapsulation. Teo, Li Expires 31 August 1998 [Page 5] Internet Draft MVPN 1 March 1998 A private mobile node should use reverse tunnel [5] when originating packets to its home domain. This is because private hosts currently do not support PAID and packets are not deliverable between two private domains. If the PAID can be supported between the foreign domain and the destination domain, the mobile node should build two levels of PAID forwarding headers for packets origination. 2.8 Interoperability with Mobile IP Base Protocol Interoperability with the Mobile IP base protocol is unidirectional. When the mobile node moves from a public domain to a private domain, if the mobile node and the private domain supports MVPN while the public domain supports the base protocol, the mobile node will be able to register a mobility binding with the home agent successfully. In this case, to register a mobility binding, the mobile node should send a Registration Request to the home agent via the foreign PAID agent. This request should include a private extension which contains only the private care-of address. Since the Registration Reply does not include the care-of address field, the home agent does not neccesarily include a private extension in the reply to the mobile node. Supporting movement from a private domain to a public domain is difficult and unnecessary. It is difficult for a foreign agent to identify a private mobile node since there may be two mobile nodes that have the same private address. On the other hand, the Mobile IP base protocol currently supports movement between public networks or between networks in the same routing domain. Since more and more enterprise networks have been configured with private addresses, only movement to the private domain is realistic. Teo, Li Expires 31 August 1998 [Page 6] Internet Draft MVPN 1 March 1998 3. Formats of Messages and Extensions 3.1 Registration Request Message There is only one new bit 'P' in the Registration Request: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type |S|B|D|M|G|V|T|P| Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Home Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Home Agent Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Care-of Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + Identification + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T If the 'T' bit is set, the mobile node asks its home agent to accept a reverse tunnel from the care-of address. Mobile nodes using a foreign agent care-of address ask the foreign agent to reverse-tunnel its packets. P If the 'P' bit is set, the mobile node asks its home agent to perform PAID encapsulation for packets destined to the mobile node. Public Home Address The mobile node's home address if the mobile node is public or otherwise the home PAID agent address. Public Home Agent Address The home agent address if the home agent is public or otherwise the home PAID agent address. Public Care-of Address The care-of address if there is no foreign PAID agent or otherwise the foriegn PAID agent address. 3.2 Registration Reply Message MVPN does not introduce any new field in the Registration Reply message except that it renames the home address field and the home agent field as follows. Teo, Li Expires 31 August 1998 [Page 7] Internet Draft MVPN 1 March 1998 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Home Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Home Agent Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Identification + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Extensions ... +-+-+-+-+-+-+-+- Public Home Address The mobile node's home address if the mobile node is public or otherwise the home PAID agent address. Public Home Agent Address The home agent address if the home agent is public or otherwise the home PAID agent address. 3.3 PAID Agent Extension This extension is included in the Agent Advertisement message. The mobile node can use it to detect movement and find a foreign PAID agent. The presence of this extension signifies the agent supports MVPN. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Reserved | No. of Agents | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PAID Agent Addresses | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Lifetime |B|H|F| Rsvd | Preference | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | . | | . | | . | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type 48 Reserved 0 Teo, Li Expires 31 August 1998 [Page 8] Internet Draft MVPN 1 March 1998 No. of Agents The number of agents in this extension. PAID Agent Addresses A PAID agent address. It MUST be public. Lifetime The longest lifetime (measured in seconds) that this agent is willing to accept in any PAID Request. A value of 0xffff indicates infinity. B Busy. The PAID agent will not accept request from additional private nodes. H Home PAID agent. This agent offers service as a home PAID agent. F Foreign PAID agent. This agent offers service as a foreign PAID agent. Preference This is for load balancing or other purposes. 0 means no service can be provided. infinity 0xff means unlimited services. 3.4 Private Extension This extension is included in Registration Request and Registration Reply messages. This is to extend the mobile IP to private internets. The presence of this extension signifies the mobile node supports MVPN. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length |M|H|F| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (If present) Private Home Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (If present) Private Home Agent Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (If present) Private Care-of Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ M bit If set, the private home address is present. Teo, Li Expires 31 August 1998 [Page 9] Internet Draft MVPN 1 March 1998 H bit If set, the private home agent address is present. F bit If set, the private care-of address is present. In Registration Reply message, this bit SHOULD be set to 0 since the care-of address is not required. 3.5 Mobile PAID Extension This extension is included in the PAID Registration Request and PAID Registration Reply [4] messages. This is for the mobile node to regionally register a mobility binding with a foreign PAID agent. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length |P| Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Public Home Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | (If present) Private Home Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ P bit If set, the private home address is present. Teo, Li Expires 31 August 1998 [Page 10] Internet Draft MVPN 1 March 1998 4. Mobile Node Consideration The mobile node supporting MVPN MUST always include the private extension in the Registration Request messages. 4.1 Private Mobile Node The discussion of movement from a private domain to a public domain is beyond the scope of this document. Therefore, it is assumed that the private mobile node moves to another private domain. 4.1.1 Regional Registration When the private mobile node performs the regional registration, it MUST include a mobile PAID extension in the PAID Registration Request message. This extension MUST contain the private mobile home address. When the mobile node receives a PAID Registration Reply, it SHOULD verify the presence of the mobile PAID extension. This extension SHOULD contain the private home address. 4.1.2 Home Registration When the private mobile node performs the home registration, it MUST include the private extension in the Registration Request and this extension MUST contain the private home address, the private home agent address, and the private care-of address. When the mobile node receives a Registration Reply, it MUST verify the presence of the private extension. The private extension MUST contain the private home address and the private home agent address. 4.1.3 Datagram Originating and Receiving The mobile node MUST employ the PAID encapsulation when it originates packets to a corresponding node that is in a domain other than its visiting domain. In this case, it SHOULD use reverse tunneling method. When receiving a packet tunneled by the foreign PAID agent, the mobile node SHOULD decapsulate the packet using the relevant encapsulation protocol as indicated in the packet. Teo, Li Expires 31 August 1998 [Page 11] Internet Draft MVPN 1 March 1998 4.2 Public Mobile Node The Mobile IP base protocol supports the scenary that a public mobile node moves to another public domain. In this case, a foreign PAID agent can also be deployed in this foreign domain so that the mobile node just keeps registering with this PAID agent regionally instead of frequently performing home registration. For the convenience of description as below, even if the care-of address is public, we still call the care-of address as "private care-of address". 4.2.1 Regional Registration When the public mobile node performs the regional registration, it MAY include a mobile PAID extension in the PAID Registration Request. This extension only contains the public mobile home address. When the mobile node receives a PAID Registration Reply, it SHOULD verify the presence of the mobile PAID extension. This extension SHOULD contain the public home address. 4.2.2 Home Registration When the public mobile node performs the home registration, it SHOULD include the private extension in the Registration Request. The extension SHOULD contain the private care-of address. When the mobile node receives a Registration Reply, it SHOULD not verify the presence of the private extension since the home agent probably does not support MVPN. 4.2.3 Datagram Originating and Receiving The mobile node MAY apply the PAID encapsulation when it originates packets to a corresponding node that is in a domain other than its visiting domain. In this case, it SHOULD use reverse tunneling method. If the visiting domain is public, the mobile node MAY use other encapsulation protocols to originate packets. When receiving a packet tunneled by the foreign PAID agent, the mobile node SHOULD decapsulate the packet using the relevant encapsulation protocol as indicated in the packet. Teo, Li Expires 31 August 1998 [Page 12] Internet Draft MVPN 1 March 1998 5. Foreign Agent Consideration The foreign agent MAY include the PAID agent extension in the Agent Advertisement messages. This is to allow the mobile node to detect the movement between different domains. The mobile node MAY also learn from the PAID agent extension and initiate the regional registration with a PAID agent. In MVPN, the registration messages MAY bypass the foreign agent since the mobile node MAY obtain co-located care-of address. 6. Foreign PAID Agent Consideration 6.1 Regional Registration When the foreign PAID agent receives a PAID Registration Request message with the mobile PAID extension included, if it can honour the request, it SHOULD associate the binary identification of the mobile node with the binary identification of the care-of address. It SHOULD return a PAID Registration Reply message with the mobile PAID extension. 6.2 Home Registration 6.2.1 Receiving Registration Request When the foreign PAID agent receives a Registration Request message, it SHOULD verify the reply is valid. The foreign PAID agent MUST already have a regional mobility binding for the mobile node, and the private extension MUST be present. If the request is invalid, the PAID agent SHOULD deny the request and respond with a Registration Reply message that contains a proper error code. If the request is valid, the PAID agent SHOULD associate the mobility binding of the mobile node with the home agent or the binary identification of the home agent. If the home agent is private, the foreign PAID agent SHOULD tunnel the request to the home PAID agent using PAID encapsulation. Otherwise, the foreign PAID agent SHOULD simply forward the message to the home agent. 6.2.2 Receiving Registration Reply When the foreign PAID agent receives a Registration Reply message, it SHOULD verify the reply is valid. If the mobile node is private, the private extension MUST be present, and the private home address and private home agent address MUST be present in the private extension. Teo, Li Expires 31 August 1998 [Page 13] Internet Draft MVPN 1 March 1998 If the reply is invalid, the PAID agent SHOULD drop it and log a message. If the reply is valid, the PAID agent SHOULD activate the mobility binding for subsequent datagram forwarding, and then forwards the message to the mobile node. 6.3 Datagram Forwarding When the foreign PAID agent receives a packet destined for the mobile node, it MUST employ the PAID encapsulation to tunnel the packet to the mobile node. When the PAID agent receives a packet from the mobile node, it SHOULD verify it is PAID encapsulated. If the P bit was not set in the home registration for the mobility binding, the PAID agent MAY tunnel the packet to the home agent using IP within IP encapsulation. Otherwise, PAID encapsulation SHOULD be used. 7. Home PAID Agent Consideration The home PAID agent SHOULD forward Registration messages, as specified in PAID [4], between the home agent and the foreign PAID agent. It does not have to save any mobility binding. 8. Home Agent Consideration 8.1 Home Registration When the home agent receives a Registration Request message, it SHOULD verify the reply is valid. If the mobile node is private, the private extension MUST be present. If the request is invalid, the home agent SHOULD deny the request and respond with a Registration Reply message that contains a proper error code. If the request is valid, the home agent SHOULD associate the mobility binding of the mobile node with itself. The home agent SHOULD send a Registration Reply message, which SHOULD contain the original private extension in the request. If the home agent is private, it SHOULD tunnel the reply to the home PAID agent using PAID encapsulation. Otherwise, the home agent SHOULD simply forward the message to the foreign PAID agent or the foreign agent. Teo, Li Expires 31 August 1998 [Page 14] Internet Draft MVPN 1 March 1998 8.2 Data Forwarding When the home agent receives a packet destined for the mobile node, if it is private, it MUST employ the PAID encapsulation to tunnel the packet to the home PAID agent. Otherwise, the home agent MAY tunnel the packet to the foreign PAID agent or the foreign agent using IP within IP encapsulation. When the home agent receives a packet originated from the mobile node, it SHOULD simply forward it to the corresponding node. 9. Security The security issue is beyond the scope of this document. 10. Acknowledgements Many thanks to Dr. Y. C. Tay at the National University of Singapore for supporting this joint work as well as for his valuable comments. An implementation of MVPN is done by Wee Tuck Teo, one of the authors, at the National University of Singapore. References: [1] R. Droms. Dynamic Host Configuration Protocol. RFC 2131, March 1997. [2] K. Egevang, and P. Francis. The IP Network Address Translator, RFC 1631, May 1994. [3] S. Hanks, T. Li, D. Farinacci, and P. Traina. Generic Routing Encapsulation (GRE). RFC 1701, October 1994. [4] Y. Li and W. T. Teo. IP Private Address Identification, Internet Draft, January 1998. [5] G. Montenegro. Reverse Tunneling for Mobile IP, Internet Draft, March 1997. [6] C. Perkins. IP Mobility Support Version 2, Internet Drafts, November 1997. [7] C. Perkins. IP Encapsulation within IP. RFC 2003, May 1996. [8] C. Perkins. Mobile-IP Local Registration with Hierarchical Foreign Agents. February 1996. [9] Y. Rekhter and et. al. Address allocation for Private Internets, RFC 1918, February 1996. Teo, Li Expires 31 August 1998 [Page 15] Internet Draft MVPN 1 March 1998 Author's Address Questions about this memo can also be directed to the author: W. T. Teo Department of ISCS National University of Singapore Lower Kent Ridge Crescent SINGAPORE 119260 E-mail: teoweetu@iscs.nus.edu.sg Y. Li Bay Networks, Inc. BL60-304 600 Technology Park Drive Billerica, MA 01821 Phone: 1-978-916-1130 Fax: 1-978-670-8760 E-mail: yli@BayNetworks.COM Teo, Li Expires 31 August 1998 [Page 16]