|
|
Table Of Contents
Redundancy in a Mobile Environment
Mobile Access Router Redundancy
Home Agent Redundancy Configuration
Redundancy in a Mobile Environment
There can be three levels of redundancy for the Cisco Mobile Network: mobile access router (MR) redundancy, home agent (HA) redundancy, and foreign agent (FA) redundancy. Hot Standby Router Protocol (HSRP) need not be configured on the Foreign Agent. Foreign Agent redundancy is achieved by overlapping wireless coverage.
This chapter describes advanced mobile access router redundancy configurations.
Mobile Access Router Redundancy
Mobile access router redundancy provides backup for Mobile Networks if the mobile access router goes down. A passive mobile access router detects if an active mobile access router goes down, by using interface tracking and HSRP. Once a passive mobile access router detects that an active mobile access router is down, it sends a registration request to create a new binding and take over as the active mobile access router. The passive mobile access router is in an isolated state until it becomes active.
Figure 11-1 Mobile Access Router Redundancy
To enable mobile access router redundancy, use the following commands beginning in interface configuration mode:
You do not need to configure HSRP on both the mobile access router roaming interface and the interface attached to the physical mobile networks. If one of the interfaces is configured with HSRP, and the standby track command is configured on the other interface, the redundancy mechanism will work.
Mobile Access Router Redundancy Example
In the following example, two mobile access routers provide services for the mobile networks:
Mobile Router 1
interface loopback0ip address 10.1.0.1 255.255.255.255router mobileip mobile routeraddress 10.1.0.1 255.255.0.0home-agent 1.1.1.1ip mobile secure home-agent 1.1.1.1 spi 101 key hex 12345678123456781234567812345678!interface serial 0!Roaming interface and periodic solicitationip mobile router-service roamip mobile router-service solicitinterface ethernet 0ip mobile router-service roaminterface ethernet 1ip address 10.1.1.1 255.255.255.0interface ethernet 2ip address 10.1.2.1 255.255.255.0Mobile Router 2
interface loopback0ip address 10.2.0.1 255.255.255.255router mobileip mobile routeraddress 10.2.0.1 255.255.0.0home-agent 1.1.1.1ip mobile secure home-agent 1.1.1.1 spi 102 key hex 23456781234567812345678123456781!interface serial 0!Roaming interface and periodic solicitationip mobile router-service roamip mobile router-service solicitinterface ethernet 0ip mobile router-service roaminterface ethernet 1ip address 10.2.1.1 255.255.255.0interface ethernet 2ip address 10.2.2.1 255.255.255.0Home Agent Redundancy
In the home agent example, two home agents provide redundancy for the home agent component. If one home agent fails, the standby home agent immediately becomes active so that no packets are lost. Hot Standby Router Protocol (HSRP) is configured on the home agents, along with HSRP attributes such as the HSRP group name. Thus, the rest of the topology treats the home agents as a single virtual home agent and any fail-over is transparent.
The mobile networks also are defined on the home agent so that the home agent knows to inject these networks into the routing table when the mobile access router is registered.
In the foreign agent example, two routers provide foreign agent services. No specific redundancy feature needs to be configured on foreign agents; overlapping wireless coverage provides the redundancy.
The mobile access routers use HSRP to provide redundancy, and their group name is associated to the HSRP group name. The mobile access routers are aware of the HSRP states. When HSRP is in the active state, the mobile access router is active. If HSRP is in the nonactive state, the mobile access router is passive.
See Figure 11-2 for an example topology of a redundant network.
Figure 11-2 Topology Showing Cisco Mobile Network Redundancy
HA1
interface Ethernet0/0ip address 100.100.100.1 255.255.255.0ip irdpip irdp maxadvertinterval 10ip irdp minadvertinterval 7ip irdp holdtime 30no ip route-cacheno ip mroute-cacheduplex halfstandby ip 100.100.100.100standby priority 100standby preempt delay sync 5!HSRP group namestandby name HA_HSRP2!router mobile!router ripversion 2redistribute mobilenetwork 100.0.0.0default-metric 1!ip classlessip mobile home-agent address 100.100.100.100!Maps to HSRP group nameip mobile home-agent redundancy HA_HSRP2 virtual-networkip mobile virtual-network 70.70.70.0 255.255.255.0ip mobile host 70.70.70.70 virtual-network 70.70.70.0 255.255.255.0ip mobile mobile-networks 70.70.70.70description san jose jet!Mobile Networksnetwork 20.20.20.0 255.255.255.0network 10.10.10.0 255.255.255.0ip mobile secure host 70.70.70.70 spi 100 key hex 12345678123456781234567812345678ip mobile secure home-agent 100.100.100.2 spi 300 key ascii hiHA2
interface Ethernet1/1ip address 100.100.100.2 255.255.255.0ip irdpip irdp maxadvertinterval 10ip irdp minadvertinterval 7ip irdp holdtime 30standby ip 100.100.100.100standby priority 99standby preempt delay sync 5!HSRP group namestandby name HA_HSRP2!router mobile!router ripversion 2redistribute mobilenetwork 100.0.0.0default-metric 1!ip classlessip mobile home-agent address 100.100.100.100!Maps to HSRP group nameip mobile home-agent redundancy HA_HSRP2 virtual-networkip mobile virtual-network 70.70.70.0 255.255.255.0ip mobile host 70.70.70.70 virtual-network 70.70.70.0 255.255.255.0ip mobile mobile-networks 70.70.70.70description san jose jet!Mobile Networksnetwork 20.20.20.0 255.255.255.0network 10.10.10.0 255.255.255.0ip mobile secure host 70.70.70.70 spi 100 key hex 12345678123456781234567812345678ip mobile secure home-agent 100.100.100.1 spi 300 key ascii hiHome Agent Redundancy Configuration
The home agent creates a mobility binding table that tracks the association of a home address with the current care-of address of the mobile node. However, if the home agent fails, the mobility binding table will be lost and all mobile nodes registered with the home agent lose connectivity unless a redundancy mechanism is employed.
The Mobile IP home agent Redundancy feature runs on top of the HSRP and designates one active home agent and a standby home agent. HSRP is a protocol developed by Cisco that provides network redundancy in a way that ensures that user traffic will immediately and transparently recover from first hop failures in network edge devices.
By sharing an IP address and a MAC (Layer 2) address, two or more routers can act as a single virtual router or default gateway to the hosts on a LAN. The members of the router group continually exchange status messages by detecting when a router goes down. This router group is referred to as the HSRP group.
The Mobile IP home agent redundancy functionality allows standby home agents and active home agents to exchange mobility binding updates. Also, when a router first becomes the standby home agent, the active home agent downloads the entire mobility binding table to the standby home agent.
The following sections give an overview of how redundancy is implemented when a mobile node travels to a foreign network.
Registration and Mobility Binding Tables
Without home agent redundancy, the mobility binding table entries are not communicated to the standby home agent. If the active home agent fails, the mobility binding table is lost and all mobile nodes registered to the home agent lose connectivity.
Home agent functionality is a service provided by the router and is not interface specific. The main concern is on which interface of the home agent should a mobile node use to send its registration requests, or alternatively, on which interface of the home agent should the home agent receive registration requests. There are two scenarios to consider: (1) a mobile node that has an home agent interface (home agent IP address) that is not on the same subnet as the mobile node, and (2) a mobile node that requires the home agent interface to be on the same subnet as the mobile node, that is, the home agent and mobile node must be on the same home network. Note that the choice of which home agent IP address to use is an agreement between the home agent and mobile node.
For mobile nodes on physical networks, an active home agent accepts registration requests from the mobile node and sends the binding updates to the standby home agent. This process keeps the mobility binding table synchronized between the standby home agent and active home agent. See Figure 11-3(a) for an example of this process.
Virtual networks are logical circuits that are programmed and share a common physical infrastructure. For this type of network, the active and standby home agents are peers—either can handle registration requests and update the peer home agent.
When a standby home agent comes up, it must request all mobility binding information from the active home agent. The active home agent responds by downloading the mobility binding table to the standby home agent. The standby home agent acknowledges that it has received the requested binding information. See Figure 11-3(b) for an example of an active home agent downloading the mobility bindings to a standby home agent. A main concern in this scenario is which home agent IP address should the standby home agent use to retrieve the appropriate mobility binding table and on which interface of the standby home agent should the binding request be sent.
Figure 11-3 Mobility Binding Process
Home Agent Redundancy on a Physical Network
To enable home agent redundancy for a physical network, complete the following procedure:
Figure 11-4 shows an example network topology for physical networks. The configuration example supports home agents that are on the same or a different physical network as the mobile node.
Figure 11-4 Topology Showing Home Agent Redundancy on a Physical Network
HA1 is favored to provide home agent service for mobile nodes on physical network, because the priority is set to 110, which is above the default of 100. HA1 preempts any active home agent when it comes up. During preemption, it does not become the active home agent until it retrieves the mobility binding table from the current active home agent or until 100 seconds expire for home agent synchronization.
Note
If the standby preempt command is used, the preempt synchronization delay must be set or mobility bindings can not be retrieved before the home agent preempts to become active.
The standby HSRP group name is SanJoseHA and HSRP group address is 1.0.0.10. The standby home agent uses this HSRP group address to retrieve mobility bindings for mobile nodes on the physical network. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy.
Mobile nodes are configured with home agent address 1.0.0.10. When registrations come in, only the active home agent processes them. The active home agent sends a mobility binding update to the standby home agent, which also sets up a tunnel with the same source and destination endpoints. Updates and table retrievals are authenticated using the security associations configured on the home agent for its peer home agent. When packets destined for mobile nodes are received, either of the home agents tunnel them. If HA1 goes down, HA2 becomes active through HSRP and will process packets sent to home agent address 1.0.0.10.
Active HA1:
int Ethernet0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHAstandby preempt delay sync 100standby priority 110ip mobile home-agent standby SanJoseHAip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2:
int Ethernet0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHAip mobile home-agent standby SanJoseHAip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455Home Agent Redundancy on a Virtual Network Using One Physical Network
To enable home agent redundancy for a virtual network using one physical network, complete the following procedure:
Step 1
Router (config)# standby [hsrp-group-number] ip hsrp-group-addrEnable the HSRP.
Step 2
Router(config)# standby name hsrp-group-name
Configure the name of the standby group.
Step 3 a
Router(config)# ip mobile home-agent address hsrp-group-addr
Define a global home agent address. Execute Step 3a when the the mobile node and home agent are on different subnets.
Step 3 b
Router(config)# ip mobile home-agent
Enable and control home agent services to the router. Execute Step 3b when the mobile node and home agent are on the same subnet.
Step 4
Router(config)# ip mobile virtual-network net mask [address addr]
Define the virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option.
Step 5
Router(config)#
ip mobile home-agent standby hsrp-group-name [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group to support virtual networks.
Step 6
Router(config)#
ip mobile secure home-agent addr spi spi key hex stringConfigure the home agent security association between peer routers. If configured on the active home agent, the IP address addr is that of the standby home agent. If configured on the standby home agent, the IP address addr is that of the active router. Note that a security association must be set up between all home agents in the standby group.
Example of a Virtual Network Using One Physical Network
This section presents two configuration examples: the mobile node and home agent are on different subnets, and the mobile node and home agent are on the same subnet.
Note
Different Subnets
HA1 and HA2 share responsibility for providing home agent service for mobile nodes on virtual network 20.0.0.0. The home agents are connected on only one physical network.
The standby group name is SanJoseHA and HSRP group address is 1.0.0.10. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy. Thus, HSRP allows the home agent to receive packets destined to 1.0.0.10.
This configuration differs from the physical network example in that a global home agent address must be specified to support virtual networks. This address is returned in registration replies to the mobile node.
Active HA1:
int fe0/0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! specifies global home agent address=HSRP group address to be used by all mobile nodesip mobile home-agent address 1.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455
Standby HA2:
int e0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! specifies global home agent address=HSRP group address to be used by all mobile nodesip mobile home-agent address 1.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455Same Subnet
In this example, a loopback address is configured on the home agent to be on the same subnet as the virtual network. A mobile node on a virtual network uses the home agent IP address=loopback address configured for the virtual network. When a standby home agent comes up, it uses this home agent IP address to retrieve mobility bindings for mobile nodes on the virtual network.
Active HA1:
int fe0/0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! loopback to receive registration from MN on virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip mobile home-agent! address used by Standby home agent for redundancy (update and download)ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 hex 00112233445566778899001122334455Standby HA2:
int e0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! loopback to receive registration from MN on virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip mobile home-agent! address used by Standby home agent for redundancy (update and download)ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455Home Agent Redundancy on a Virtual Network Using Multiple Physical Networks
To enable home agent redundancy for a virtual network using multiple physical network, complete the following procedure:
Step 1
Router (config-if)# standby [hsrp-group-number] ip hsrp-group-addrEnable the HSRP.
Step 2
Router(config-if)# standby [standby-group-number] name hsrp-group-name1
Configure the name of the standby HSRP group1.
Step 3
Router(config-if)# standby [standby-group-number] name hsrp-group-name2
Configure the name of the standby HSRP group2.
Step 4
Router(config-if)# standby [group-number] priority priority1
Configure the name of the priority HSRP group1, that prioritizes a potential hot standby router. The range is from 1 to 255, where 1 denotes the lowest priority and 255 denotes the highest priority. The default priority value is 100. The router in the HSRP group with the highest priority value becomes the active router.
Step 5
Router(config-if)# standby [group-number] priority priority2
Configure the name of the priority HSRP group2.
Step 6 a
Router(config)# ip mobile home-agent address loopback-interface-addr
Define the global home agent address for virtual networks. In this configuration, the address is the loopback interface address. Execute Step 6a if the mobile node and home agent are on different subnets.
Step 4 b
Router(config)# ip mobile home-agent
Enable and control home agent services. Execute Step 4b if the mobile node and home agent are on the same subnet.
Step 5
Router(config)# ip mobile virtual-network net mask [address addr]
Define the virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option.
Step 6
Router(config)#
ip mobile home-agent standby hsrp-group-name1 [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group1 to support virtual networks.
Step 7
Router(config)#
ip mobile home-agent standby hsrp-group-name2 [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group2 to support virtual networks.
Step 8
Router(config)#
ip mobile secure home-agent addr spi spi key hex stringConfigure the home agent security association between peer routers. If configured on the active home agent, the IP address addr is that of the standby home agent. If configured on the standby home agent, the IP address addr is that of the active router. Note that a security association must be set up between all home agents in the standby group.
Example of HA Redundancy for a Virtual Network Using Multiple Physical Networks
This section presents two configuration examples: the mobile node and home agent are on different subnets, and the mobile node and home agent are on the same subnet.
Different Subnets
HA1 and HA2 share responsibility in providing home agent service for mobile nodes on virtual network 20.0.0.0. Both home agents are configured with a global home agent address of 10.0.0.10, which is the address of their loopback interface. This configuration allows home agents to receive registration requests and packets destined to 10.0.0.10.
The loopback address is used as the global home agent address instead of the HSRP group addresses 1.0.0.10 and 2.0.0.10 to allow the home agents to continue serving the virtual network even if either physical network goes down.
Mobile nodes are configured with home agent address 10.0.0.10. When registrations come in, either home agent processes them (depending on routing protocols) and updates the peer home agent. The home agent that receives the registration finds the first HSRP group that is mapped to 10.0.0.10 with a peer in the group and sends the update out that interface. If there is a network problem (for example, the home agent network adapter fails or cable disconnects), HSRP notices the peer's absence. The home agent does not use that HSRP group and finds another HSRP group to use.
Note
When the peer home agent receives the registration update, both home agents tunnel the packets to the mobile nodes.
Active HA1:
int e0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int e1ip addr 2.0.0.1 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2int lo0ip addr 10.0.0.10 255.255.255.255!Specifies global home agent address=loopback address to be used by all mobile nodesip mobile home-agent address 10.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0! Used to map to the HSRP group SanJoseHANet1ip mobile home-agent standby SanJoseHANet1 virtual-network! Used to map to the HSRP group SanJoseHANet2ip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2:
int e0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int e1ip addr 2.0.0.2 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2int lo0ip addr 10.0.0.10 255.255.255.255!Specifies global home agent address=loopback address to be used by all mobile nodesip mobile home-agent address 10.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0! Used to map to the HSRP group SanJoseHANet1ip mobile home-agent standby SanJoseHANet1 virtual-network! Used to map to the HSRP group SanJoseHANet2ip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455Same Subnet
In this example, a loopback address is configured on the home agent to be on the same subnet as the virtual networks. A mobile node on a virtual network uses the home agent IP address=loopback address configured for the virtual network. When a standby home agent comes up, it uses this home agent IP address to retrieve mobility bindings for mobile nodes on the virtual networks.
Active HA1
int e0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int e1ip addr 2.0.0.1 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2! loopback to receive registration from MN on virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip mobile home-agent! address used by Standby home agent for redundancy (update and download)ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile home-agent standby SanJoseHANet1 virtual-networkip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455Active HA2
int e0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHAint e1ip addr 2.0.0.2 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2! loopback to receive registration from MN on virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip mobile home-agent! address used by Standby home agent for redundancy (update and download)ip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile home-agent standby SanJoseHANet1 virtual-networkip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455Home Agent Redundancy on Multiple Virtual Networks Using One Physical Network
To enable home agent redundancy for multiple virtual networks using one physical network, complete the following procedure:
Step 1
Router(config-if)# standby [hsrp-group-number] ip hsrp-group-addrEnable the HSRP.
Step 2
Router(config-if)# standby name hsrp-group-name
Configure the name of the standby group.
Step 3 a
Router(config)# ip mobile home-agent address hsrp-group-addr
Define a global home agent address. Execute Step 3a when the the mobile node and home agent are on different subnets.
Step 3 b
Router(config)# ip mobile home-agent
Enable and control home agent services to the router. Execute Step 3b when the mobile node and home agent are on the same subnet.
Step 4
Router(config)# ip mobile virtual-network net mask [address addr]
Define the virtual networks. Repeat this step for each virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option.
Step 5
Router(config)#
ip mobile home-agent standby hsrp-group-name [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group to support virtual networks.
Step 6
Router(config)#
ip mobile secure home-agent addr spi spi key hex stringSet up the home agent security association between peer routers. If configured on the active home agent, the IP address addr is that of the standby home agent. If configured on the standby home agent, the IP address addr is that of the active router. Note that a security association must be set up between all home agents in the standby group.
Example of Multiple Virtual Networks Using One Physical Network
This section presents two configuration examples: the mobile node and home agent are on different subnets, and the mobile node and home agent are on the same subnet. Figure 11-5 shows an example network topology for example. Figure 11-6 shows an example network topology for example.
Figure 11-5 Topology Showing Home Agent Redundancy on Multiple Virtual Networks Using One Physical Network (Different Subnets)
Figure 11-6 Topology Showing Home Agent Redundancy on Multiple Virtual Networks Using One Physical Network (Same Subnet)
Different Subnets
HA1 and HA2 share responsibility for providing home agent service for mobile nodes on virtual networks 20.0.0.0 and 30.0.0.0. The home agents are connected on only one physical network.
The standby group name is SanJoseHA and HSRP group address is 1.0.0.10. Mobile IP is configured to use the SanJoseHA standby group to provide home agent redundancy. Thus, HSRP allows the home agent to receive packets destined to 1.0.0.10.
This configuration differs from the physical network example in that a global home agent address must be specified to support virtual networks. This address is returned in registration replies to the mobile node.
Active HA1:
int e0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! specifies global home agent address=HSRP group address to be used by all mobile nodesip mobile home-agent address 1.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0ip mobile virtual-network 30.0.0.0 255.0.0.0! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2:
int e0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! specifies global home agent address=HSRP group address to be used by all mobile nodesip mobile home-agent address 1.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0ip mobile virtual-network 30.0.0.0 255.0.0.0! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455Same Subnet
For each virtual network, a loopback address is configured on the home agent to be on the same subnet as the virtual network. It is only necessary to configure one loopback interface, and assign different IP addresses to the loopback interface for each virtual network, that is, using the ip address ip-address mask [secondary] command. A mobile node on a particular virtual network will use home agent IP address =loopback address configured for that virtual network. When a standby home agent comes up, it will also use this home agent IP address to retrieve mobility bindings for mobile nodes on a particular virtual network.
Active HA1
int Ethernet0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! loopback to receive registration from MN on each virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip addr 30.0.0.1 255.255.255.255 secondaryip mobile home-agent! address used by Standby home agent for redundancy (update and download) for! each virtual-networkip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2
int Ethernet0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHA! loopback to receive registration from MN on each virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip addr 30.0.0.1 255.255.255.255 secondaryip mobile home-agent! address used by Standby home agent for redundancy (update and download) for! each virtual-networkip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1! used to map to the HSRP group SanJoseHAip mobile home-agent standby SanJoseHA virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455Home Agent Redundancy on Multiple Virtual Networks Using Multiple Physical Networks
To enable home agent redundancy for multiple virtual network using multiple physical networks, complete the following procedure:
Step 1
Router (config-if)# standby [hsrp-group-number] ip hsrp-group-addr
Enable the HSRP.
Step 2
Router(config-if)# standby name hsrp-group-name1
Configure the name of the standby HSRP group1.
Step 3
Router(config-if)# standby name hsrp-group-name2
Configure the name of the standby HSRP group2.
Step 4 a
Router(config)# ip mobile home-agent address loopback-interface-addr
Execute Step 4a if the mobile node and home agent are on different subnets.
Define the global home agent address for virtual networks. In this configuration, the address is the loopback interface address.
Step 4 b
Router(config)# ip mobile home-agent
Execute Step 4b if the mobile node and home agent are on the same subnet.
Enable and control home agent services.
Step 5
Router(config)# ip mobile virtual-network net mask [address addr]
Define the virtual networks. Repeat this step for each virtual network. If the mobile node and home agent are on the same subnet, use the [address addr] option.
Step 6
Router(config)#
ip mobile home-agent standby hsrp-group-name1 [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group1 to support virtual networks.
Step 7
Router(config)#
ip mobile home-agent standby hsrp-group-name2 [[virtual-network] address addr]Configure the home agent for redundancy using the HSRP group2 to support virtual networks.
Step 8
Router(config)#
ip mobile secure home-agent addr spi spi key hex stringSet up the home agent security association between peer routers. If configured on the active home agent, the IP address addr is that of the standby home agent. If configured on the standby home agent, the IP address addr is that of the active router. Note that a security association must be set up between all home agents in the standby group.
Example of Multiple Virtual Networks Using Multiple Physical Networks
Figure 11-7 shows an example network topology for this configuration type. This section presents two configuration examples: (1) the mobile node and home agent are on different subnets, and (2) the mobile node and home agent are on the same subnet.
Figure 11-7 Topology Showing Home Agent Redundancy on Virtual Networks Using Multiple Physical Networks
Different Subnets
HA1 and HA2 share responsibility in providing home agent service for mobile nodes on virtual networks 20.0.0.0, 30.0.0.0, and 40.0.0.0. Both home agents are configured with a global home agent address of 10.0.0.10, which is the address of their loopback interface. This configuration allows home agents to receive registration requests and packets destined to 10.0.0.10.
The loopback address is used as the global home agent address instead of the HSRP group addresses 1.0.0.10 and 2.0.0.10 to allow the home agents to continue serving the virtual networks even if either physical network goes down.
Mobile nodes are configured with home agent address 10.0.0.10. When registrations come in, either home agent processes them (depending on routing protocols) and updates the peer home agent. The home agent that receives the registration finds the first HSRP group that is mapped to 10.0.0.10 with a peer in the group and sends the update out that interface. If there is a network problem (for example, the home agent network adapter fails or cable disconnects), HSRP notices the peer's absence. The home agent does not use that HSRP group and finds another HSRP group to use.
Note
When the peer home agent receives the registration update, both home agents tunnel the packets to the mobile nodes.
Active HA1:
int Ethernet0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int Ethernet0ip addr 2.0.0.1 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2int lo0ip addr 10.0.0.10 255.255.255.255!Specifies global home agent address=loopback address to be used by all mobile nodesip mobile home-agent address 10.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0ip mobile virtual-network 30.0.0.0 255.0.0.0ip mobile virtual-network 40.0.0.0 255.0.0.0! Used to map to the HSRP group SanJoseHANet1ip mobile home-agent standby SanJoseHANet1 virtual-network! Used to map to the HSRP group SanJoseHANet2ip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2:
int Ethernet0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int Ethernet1ip addr 2.0.0.2 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2int lo0ip addr 10.0.0.10 255.255.255.255!Specifies global home agent address=loopback address to be used by all mobile nodesip mobile home-agent address 10.0.0.10ip mobile virtual-network 20.0.0.0 255.0.0.0ip mobile virtual-network 30.0.0.0 255.0.0.0ip mobile virtual-network 40.0.0.0 255.0.0.0! Used to map to the HSRP group SanJoseHANet1ip mobile home-agent standby SanJoseHANet1 virtual-network! Used to map to the HSRP group SanJoseHANet2ip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455Same Subnet
For each virtual network, a loopback address is configured on the home agent to be on the same subnet as the virtual network. It is only necessary to configure one loopback interface, and assign different IP addresses to the loopback interface for each virtual network, that is, using the ip address ip-address mask [secondary] command.
A mobile node on a particular virtual network will use home agent IP address =loopback address configured for that virtual network. When a standby home agent comes up, it will also use this home agent IP address to retrieve mobility bindings for mobile nodes on a particular virtual network.
Active HA1
int Ethernet0ip addr 1.0.0.1 255.0.0.0standby ip 1.0.0.10standby name SanJoseHANet1int Ethernet1ip addr 2.0.0.1 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2! loopback to receive registration from MN on each virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip addr 30.0.0.1 255.255.255.255 secondaryip addr 40.0.0.1 255.255.255.255 secondaryip mobile home-agent! address used by Standby home agent for redundancy (update and download) for! each virtual-networkip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1! used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2ip mobile home-agent standby SanJoseHANet1 virtual-networkip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.2 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.2 spi 100 key hex 00112233445566778899001122334455Standby HA2
int Ethernet0ip addr 1.0.0.2 255.0.0.0standby ip 1.0.0.10standby name SanJoseHAint Ethernet1ip addr 2.0.0.2 255.0.0.0standby ip 2.0.0.10standby name SanJoseHANet2! loopback to receive registration from MN on each virtual-networkint lo0ip addr 20.0.0.1 255.255.255.255ip addr 30.0.0.1 255.255.255.255 secondaryip addr 40.0.0.1 255.255.255.255 secondaryip mobile home-agent! address used by Standby home agent for redundancy (update and download) for! each virtual-networkip mobile virtual-network 20.0.0.0 255.0.0.0 address 20.0.0.1ip mobile virtual-network 30.0.0.0 255.0.0.0 address 30.0.0.1ip mobile virtual-network 40.0.0.0 255.0.0.0 address 40.0.0.1! used to map to the HSRP groups SanJoseHANet1 and SanJoseHANet2ip mobile home-agent standby SanJoseHANet1 virtual-networkip mobile home-agent standby SanJoseHANet2 virtual-networkip mobile secure home-agent 1.0.0.1 spi 100 key hex 00112233445566778899001122334455ip mobile secure home-agent 2.0.0.1 spi 100 key hex 00112233445566778899001122334455Redundancy Verification
To verify that mobile access router redundancy is configured correctly on the router, use the following commands in privileged EXEC mode:
Posted: Wed Nov 1 10:38:00 PST 2006
All contents are Copyright © 1992--2006 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
