About Mobile IP Testing


The Mobile IP access model provides an additional level of mobility over that offered by the Simple IP model. With Mobile IP, the PDSN includes an FA and the MN is able to move between PDSN-FA coverage areas while maintaining existing packet data sessions (maintaining the same IP address). This topic explains the Mobile IP access models supported by the CDMA2000 test cases:


Basic Mobile IP

In the Mobile IP model, the MN registers with its HA, in its Home Network, through the PDSN-FA using the MIP interface. The HA forwards data packets destined for the MN by tunneling them to the FA. In the forward direction (HA to FA), the HA uses IP encapsulated within IP (IP/IP) or GRE (IP/GRE). For traffic in the reverse direction, the HA is not involved and the IP traffic is routed directly from the FA to the network host.

While MNs may be authenticated with a Visited AAA Server using CHAP or PAP authentication, the PDSN-FA performs authentication with the Home AAA Server using the Mobile IP Challenge Response mechanism, and will override any PAP/CHAP authentication. The MN is authenticated on the HA through the use of the Mobile-Home-Authentication extension. Non-authenticated access is not allowed.

Mobile IP supports MN IP addresses that can be either pre-provisioned (on the MN) static addresses, or dynamically assigned addresses. In either case, the IP address management is the responsibility of the home IP network, and the address must be unique across both the PDSN-FA and the HA.

FA Nodal Testing

Use the FA Nodal test case to test a PDSN-FA with the basic Mobile IP access model.

In this test case, the test system simulates the MNs, PCFs, and an HA for control plane testing, and can optionally simulate a network host on the IP network side of the PDSN-FA for testing the bearer plane.

HA Nodal Testing

Use the HA Nodal test case to test an HA with the basic Mobile IP access model.

In this test case, the test system simulates the MNs, PCFs, and PDSN-FAs for control plane testing, and can optionally simulate a network host on the IP network side of the PDSN-FAs for testing the bearer plane. Multiple PDSN-FAs can be simulated when intra-PDSN mobility handoffs are included in the test.

End-to-End Testing

Use the End-to-End Mobile IP test case to test one or more PDSN-FAs, a primary HA, and an optional secondary HA in the Mobile IP access model.

In this test case, the test system simulates the MNs and PCFs for control plane testing, and can optionally simulate a network host on the IP network side of the PDSN-FAs for testing the bearer plane. Multiple PDSN-FAs can be used to test mobility handoffs.

^ Back to Top


Mobile IP Reverse Tunnel

The Mobile IP Reverse Tunnel model differs from the Mobile IP model in that packets sent to and from the MN are tunneled between the PDSN-FA and the HA.

The reverse tunnel model allows the HA to perform security, NAT, QOS, and other IP services since all packets are routed through the HA. These services can be provided whether the MN is in its home IP network or roaming in another provider's network.

FA Nodal Testing

Use the FA Nodal test case to test a PDSN-FA with the Mobile IP Reverse Tunnel access model.

In this test case, the test system simulates the MNs, PCFs, and an HA for control plane testing, and can optionally simulate a network host on the IP network side of the HA for testing the bearer plane.

HA Nodal Testing

Use the HA Nodal test case to test an HA with the Mobile IP Reverse Tunnel access model.

In this test case, the test system simulates the MNs, PCFs, and PDSN-FAs for control plane testing, and can optionally simulate a network host on the IP network side of the HA for testing the bearer plane. Multiple PDSN-FAs can be simulated when intra-PDSN mobility handoffs are included in the test.

End-to-End Testing

Use the End-to-End Mobile IP test case to test one or more PDSN-FAs, a primary HA, and an optional secondary HA in the Mobile IP Reverse Tunnel access model.

In this test case, the test system simulates the MNs and PCFs for control plane testing, and can optionally simulate a network host on the IP network side of the HA for testing the bearer plane. Multiple PDSN-FAs can be used to test mobility handoffs.

^ Back to Top


Mobile IP Virtual Private Network

The Mobile IP Virtual Private Network (VPN) model allows MN access to a private network. Its structure is the same as the Mobile IP Reverse Tunnel model explained above, with one exception. In the reverse tunnel model, the HA is in the service provider network; in the VPN model, the HA belongs to the private network and can also act as a Security Gateway. IPSec is used to encrypt control plane packets between the PDSN-FA and the HA, and can optionally be used to encrypt bearer plane packets between the MN and the HA. Separate SAs are used for the control and bearer planes.

As with the reverse tunnel model, all data packets are routed through the HA. Since the HA is in the private network, the MNs can use private addresses. MN IP addresses need not be unique across the PDSN-FA, but must be unique across the HA.

NOTE: Dynamic pre-shared key configuration via RADIUS is not supported at this time.

FA Nodal Testing

Use the FA Nodal test case to test a PDSN-FA with the Mobile IP VPN access model.

In this test case, the test system simulates the MNs, PCFs, and an HA for control plane testing, and can optionally simulate a network host on the private network side of the HA for testing the bearer plane. IPSec is used to encrypt control plane packets between the PDSN-FA and the HA node, and bearer plane packets can also be encrypted.

HA Nodal Testing

Use the HA Nodal test case to test an HA with the Mobile IP VPN access model.

In this test case, the test system simulates the MNs, PCFs, and PDSN-FAs for control plane testing, and can optionally simulate a network host on the private network side of the HA for testing the bearer plane. Multiple PDSN-FAs can be simulated when intra-PDSN mobility handoffs are included in the test. IPSec is used to encrypt control plane packets between the PDSN-FA nodes and the HA, and bearer plane packets can also be encrypted.

^ Back to Top


Mobile IP Network-Based Virtual Private Network

The Mobile IP Network Based VPN model allows MN access to a private network while the service provider network controls IP address assignment and management of the private network addresses. In contrast with the Mobile IP VPN model, the HA is in the service provider's network, and connects to a Security Gateway on the perimeter of the private network. IPSec encryption is used between the HA and the Security Gateway.

As with the reverse tunnel model, all data packets are routed through the HA. The MN obtains its IP address from the HA, and that address must be unique across the HA. An IPSec tunnel is defined between the HA and the Security Gateway. The private network, through the use of a proxy RADIUS server, controls user authentication as shown below.

FA Nodal Testing

Use the FA Nodal test case to test a PDSN-FA with the Mobile IP Network Based VPN access model.

In this test case, the test system simulates the MNs, PCFs, an HA, and a Security Gateway for control plane testing, and can optionally simulate a network host on the private network side of the Security Gateway for testing the bearer plane. IPSec is used to encrypt bearer plane packets between the HA and the Security Gateway.

HA Nodal Testing

Use the HA Nodal test case to test an HA with the Mobile IP Network Based VPN access model.

In this test case, the test system simulates the MNs, PCFs and PDSN-FAs for control plane testing, and can optionally simulate a network host on the private network side of the Security Gateway for testing the bearer plane. Multiple PDSN-FAs can be simulated when intra-PDSN mobility handoffs are included in the test.  IPSec is used to encrypt bearer plane packets between the HA and the Security Gateway.

End-to-End Testing

Use the End-to-End Mobile IP test case to test one or more PDSN-FAs, a primary HA and an optional secondary HA in the Mobile IP Network Based VPN access model.

In this test case, the test system simulates the MNs and PCFs for control plane testing, and can optionally simulate a network host on the private network side of the Security Gateway for testing the bearer plane. Multiple PDSN-FAs can be used to test mobility handoffs. IPSec is used to encrypt bearer plane packets between the HA and the Security Gateway.

^ Back to Top


Registration with DMU

Dynamic Mobile IP Key Update (DMU) is used to distribute and update MIP keys using RSA encryption in a CDMA2000 network. An MN can be pre-configured with public RSA and CHAP keys, shared by the home AAA server, that are included in a Registration Request (RRQ). The keys are included in the Access Request sent to the MN's home AAA server. The MN decrypts the keys returned in the AAA authenticator and can verify the identity of the AAA server by the public key.

The MIP DMU registration process with key update, which begins after the MN establishes a PPP session with the PDSN-FA, is shown in the diagram below. DMU is supported in the End-to-End Mobile IP test case, and the MIP Key Data payload parameters are defined on the MIP tab.

^ Back to Top


Related Topics

  1. About IPSec
  2. About the CDMA2000 Application
  3. CDMA2000 Test Cases
  4. Setting Up CDMA2000 Mobile IP Tests