test

System Administration Guide: IP Services

Mobile IP With Reverse Tunneling

The previous description of Mobile IP assumes that the routing within the Internet is independent of the source address of the datagram. However, intermediate routers might check for a topologically correct source address. If an intermediate router does check, the mobile node needs to set up a reverse tunnel. By setting up a reverse tunnel from the care-of address to the home agent, you ensure a topologically correct source address for the IP data packet. Reverse tunnel support is advertised by foreign agents and home agents. A mobile node can request a reverse tunnel between the foreign agent and the home agent when the mobile node registers. A reverse tunnel is a tunnel that starts at the care-of address of the mobile node and terminates at the home agent. The following illustration shows the Mobile IP topology that uses a reverse tunnel.

Figure 23–4 Mobile IP With a Reverse Tunnel

Illustrates how a mobile node communicates through a reverse tunnel to a correspondent node.

Limited Private Addresses Support

Mobile nodes that have private addresses that are not globally routable through the Internet require reverse tunnels. Solaris Mobile IP supports mobile nodes that are privately addressed. See Overview of the Solaris Mobile IP Implementation for the functions that Solaris Mobile IP does not support.

Enterprises employ private addresses when external connectivity is not required. Private addresses are not routable through the Internet. When a mobile node has a private address, the mobile node can only communicate with a correspondent node by having its datagrams reverse-tunneled to its home agent. The home agent then delivers the datagram to the correspondent node in whatever manner the datagram is normally delivered when the mobile node is at home. The following illustration shows a network topology with two mobile nodes that are privately addressed. The two mobile nodes use the same care-of address when registered to the same foreign agent.

Figure 23–5 Privately Addressed Mobile Nodes Residing on the Same Foreign Network

Illustrates the network topology of two privately addressed mobile nodes that use the same care-of address when registered to the same foreign agent.

The care-of address and the home agent address must be globally routable addresses if these addresses belong to different domains that are connected by a public Internet.

The same foreign network can include two mobile nodes that are privately addressed with the same IP address. However, each mobile node must have a different home agent. Also, each mobile node must be on different advertising subnets of a single foreign agent. The following illustration shows a network topology that depicts this situation.

Figure 23–6 Privately Addressed Mobile Nodes Residing on Different Foreign Networks

Illustrates the network topology of two privately addressed mobile nodes that reside on different foreign networks.