About Mobile IPv4 Testing


Use the IPv4 HA Nodal test case to test an HA's ability to process MN registrations and mobility events, and to handle bearer plane traffic destined for a roaming MN. The options available in the test case allow you to configure tests that simulate the access models described below:

Use the CDMA/WiFi Convergence test case to test a PDIF-FA's ability to properly register and service MNs entering the network from a wireless LAN in the WLAN access model.

In an IPv4 network, the process by which an MN attaches to a network can be summarized as follows:


Basic Access Model

In the basic Mobile IPv4 access model, bearer plane traffic is routed differently depending on the location of the MN:

IPv4 HA Nodal Test Case

When you include FA support in an IPv4 HA Nodal test, the test system simulates the MNs and at least one FA, and can optionally simulate a Network Host for testing the bearer plane and multiple FAs for simulating inter-FA handoffs.

When you use co-located care-of addresses in an IPv4 HA Nodal test, the test system simulates the MNs and can optionally simulate a Network Host or MN mobility.

IPv4 FA Nodal Test Case

When you include HA support in an IPv4 FA Nodal test, the test system simulates the MNs and at least one HA, and can optionally simulate a Network Host for testing the bearer plane and multiple HAs for simulating inter-FA handoffs.

 

^ Back to Top


Reverse Tunnel Access Model

In the Reverse Tunnel model, bearer plane traffic in the reverse direction, from the MN to a Network Host, is tunneled to the HA rather than routed directly to the Network Host. The HA decapsulates the packets and then relays them towards the Network Host.

IPv4 HA Nodal Test Case

When you include FA support in an IPv4 HA Nodal test, the test system simulates the MNs and at least one FA, and can optionally simulate a Network Host for testing the bearer plane and multiple FAs for simulating inter-FA handoffs.

When you use co-located care-of addresses in an IPv4 HA Nodal test, the test system simulates the MNs and can optionally simulate a Network Host or MN mobility.

IPv4 FA Nodal Test Case

When you include HA support in an IPv4 FA Nodal test, the test system simulates the MNs and at least one HA, and can optionally simulate a Network Host for testing the bearer plane and multiple HAs for simulating inter-FA handoffs.

 

^ Back to Top


Virtual Private Network (VPN) Access Model

The Mobile IP Virtual Private Network (VPN) model allows MN access to a private home network. Its structure is the same as the Reverse Tunnel model explained above, with one exception. In the reverse tunnel model, the HA is in the service provider network; in the VPN model, the HA belongs to the private network. If the HA is also a security gateway, IPSec can be used to secure bearer plane packets between the MN and the HA.

As with the reverse tunnel model, all data packets are routed through the HA. Since the HA is in the private network, the MNs can use private addresses and NAT traversal is supported.

IPv4 HA Nodal Test Case

When you include FA support (shown) or use co-located care-of addresses, you can add IPSec and encrypt bearer plane traffic between the MNs and the HA.

IPv4 FA Nodal Test Case

When you include HA support (shown) or use co-located care-of addresses, you can add IPSec and encrypt bearer plane traffic between the MNs and the FA.

^ Back to Top


Network-Based VPN Access Model

The Mobile IPv4 Network-Based VPN model allows MN access to a private network by establishing an IPSec tunnel between the MN and a Security Gateway on the perimeter of the private network. In contrast with the Mobile IP VPN model, the HA is in the service provider's network, and may have no knowledge of the private network.

As with the reverse tunnel model, all data packets are routed through the HA. The MN obtains its home address from the HA, and that address must be unique across the HA. The MN may request that the Security Gateway assign a private address to the IPSec tunnel, and NAT-T is supported.

IPv4 HA Nodal Test Case

In an IPv4 HA Nodal test with an FA node (shown) or with co-located care-of addresses, you can add IPSec and encrypt bearer plane traffic between the MNs and the Security Gateway.

IPv4 FA Nodal Test Case

In an IPv4 FA Nodal test with an HA node (shown) or with co-located care-of addresses, you can add IPSec and encrypt bearer plane traffic between the MNs and the Security Gateway.

^ Back to Top


WLAN Access Model

The MIPv4 WLAN access model provides access to a CDMA2000 network from a wireless LAN that is operated within a CDMA2000 network or from a wireless LAN that is operated by another entity who provides a portal to a CDMA2000 network through a business arrangement. The MN registers with its HA via a Packet Data Interworking Function (PDIF) that includes FA functionality.

In this case, the MN receives a co-located care-of address from the WLAN and then attempts to establish an IPSec SA with the PDIF-FA in order to secure all control plane traffic prior to registration. The PDIF-FA may be located in a foreign network, as shown, or in the home network. Bearer-plane traffic in the reverse direction is always tunneled to the HA.

CDMA/WiFi Convergence Test Case

Test a PDIF-FA in a nodal configuration using the test case's default configuration. The test case emulates the MNs, an HA, and an optional Network Host.

The CDMA/WiFi Convergence test case also supports and end-to-end configuration. In this case, a primary and optional secondary HA can be included in the test.

The VPN configurations described above are also supported. IPSec can be used with bearer plane traffic between the MN and a Security Gateway and can be used with control plane traffic between the PDIF-FA and an HA node.

MIP Registration

In addition to performing the functions of a PDSN — access control, IP address allocation, policy enforcement, and accounting collection — and providing FA mobility support, the PDIF is also a security gateway for the CDMA2000 network.

When an MN joins a WLAN, it receives an IP address from the wireless network and access to the Internet. An attempt to access a CDMA2000 service will trigger the registration process, and that is the starting point for a test. Co-located Care-of Address defines the MN's WLAN address.

When an MN attempts to register, it begins by locating an FA through the agent discovery process. The PDIF-FA should respond with an Agent Advertisement message. After it locates the FA, the MN attempts to establish an IPSec tunnel and requests that an IP address be assigned to the tunnel.

IKEv2 is required to provide MOBIKE support and EAP authentication support. MOBIKE allows IKE and IPSec SAs to be updated when a peer moves from one network to another, resulting in a change of IP address, thereby maintaining the integrity of the SAs and the IPSec tunnel.

During IKE Phase I, the PDIF-FA authenticates the MN with its home AAA server using either EAP-AKA or EAP-TLS with pre-shared keys. When an MN is registering from a foreign network, the PDIF-FA interfaces with a Visited AAA server (VAAA) which in turn interfaces with the MN's Home AAA server (HAAA), either directly or through Broker AAA servers. The PDIF-FA/AAA interface supports both RADIUS and Diameter, and AAA Server Node test cases can be used to simulate a VAAA and an HAAA.

Once the IPSec SA is established, MIP registration commences and is secured by IPSec. The address assigned during SA negotiation becomes the MN's care-of address registered with the HA. If the MN successfully registers, the PDIF-FA opens an accounting session on the HAAA and the MN is free to access CDMA2000 services.

Session termination can be initiated by the MN (shown), by the PDIF, or by the PDIF at the behest of the HAAA. The peer that initiates the disconnect sends an IKEv2 Informational request with a Delete payload to the remote peer. If the disconnect is initiated by the network, accounting is stopped prior to the Delete request.

^ Back to Top