Establishing Route Optimization

Route Optimization improves data transmission rates between the Correspondent Node and Mobile Node. Without Route Optimization, data-packets from the Correspondent Node to the Mobile Node are sent to the Home Agent (and through the Mobile Node’s home network). With Route Optimization, the Correspondent Node sends data-packets directly to the Mobile Node’s Care-of Address.

To establish Route Optimization, the Mobile Node sends a Binding Update message to the Correspondent Node with its current Care-of Address. To prevent attackers from sending false Binding Update messages, the Binding Update is authenticated using a cryptographic signature that verifies the Correspondent Node can contact the Mobile Node using both its Home Address and Care-of Address. Verifying that the Correspondent Node can contact the Mobile Node using both addresses is referred to as the Return Routability procedure.

Most Mobile Nodes will attempt to use Route Optimization after they receive a data-packet from a Correspondent Node through the Home Agent, which indicates the Correspondent Node does not have binding information with the Mobile Node’s current Care-of Address.

The following list describes the sequence of events shown in Figure 1-8 “Return Routability Procedure for Securing Route Optimization”. After the Mobile Node acquires a Care-of Address:

The Mobile Node sends a Care-of Test Init message and a Home Test Init message to the Correspondent Node.
The Correspondent Node sends Care-of Test and Home Test responses to the Mobile Node.
The Mobile Node calculates a Binding Management Key (Kbm) from the Care-of Test and Home Test messages.
The Mobile Node sends an authenticated Binding Update message to the Correspondent Node with its Care-of Address.

The Correspondent Node verifies the Binding Update message and sends a Binding Acknowledgement.




	NOTE: After receiving the Binding Update, the Correspondent Node might send a Binding Acknowledgement to the Mobile Node to acknowledge the Binding Update and to indicate whether it was accepted or rejected. The Correspondent Node will send a Binding Acknowledgement if the Mobile Node sets the A-bit in its Binding Update.

Figure 1-8 Return Routability Procedure for Securing Route Optimization

Mobile Node Sends Care-of Test Init and Home Test Init Messages

The Care-of Test Init message is addressed directly to the Correspondent Node. The Home Test Init message is routed through the Home Agent. These messages are routed over different network segments in most topologies.

Correspondent Node Sends Care-of Test and Home Test Messages

The Correspondent Node sends Care-of Test and Home Test messages back to the Mobile Node. The Care-of Test message is addressed directly to the Mobile Node’s Care-of Address. The Home Test message is addressed to the Mobile Node’s Home Address and is routed through the Home Agent. The Care-of Test and Home Test messages both contain keying material, with index values that the Correspondent Node will use when it receives the Binding Update from the Mobile Node.

In most network topologies, the Care-of Test and Home Test messages are routed over different network segments. For additional security, you can configure IPSec to encrypt and authenticate the Home Test Init and Home Test data-packets between the Home Agent and Mobile Node.

Mobile Node Calculates Binding Material Key

The Mobile Node uses the keying material from the Care-of Test and Home Test messages to calculate a cryptographic key for Binding Update messages. This key is referred to as the binding management key, or Kbm.

Mobile Node Sends Binding Update Message

The Mobile Node uses the binding management key (Kbm) to calculate a cryptographic authentication value (a cryptographic signature) for the Binding Update information, and sends the Binding Update message to the Correspondent Node with the authentication value and index values.

Correspondent Node Verifies Binding Update Message

The Correspondent Node uses the home nonce index and care-of nonce index values sent with the Binding Update to look-up the keying material it sent to the Mobile Node. The Correspondent Node uses the keying material to form a value for the binding management key (Kbm). The Correspondent Node uses the authentication value for the Binding Update to verify that the Mobile Node generated the same value for the binding management key (Kbm). The Correspondent Node sends a Binding Acknowledgement message to the Mobile Node.

The verification of the authentication value and binding management key (Kbm) proves that the Mobile Node received data-packets sent through its Home Agent and sent directly to its proposed Care-of Address (return routability). It also provides some security, because an attacker must capture both the Care-of Test and the Home Test data-packets.

Route Optimization Data Paths

Mobile Node to Correspondent Node Data Path in Route Optimization

In route optimization mode, the Mobile Node sends data-packets directly to the Correspondent Node. The Mobile Node uses its Care-of Address as the source IP address and puts its home address in a special IPv6 header option for Mobile IPv6—the Home Address destination option. The Home Address option is part of an IPv6 Destination Option extension header. The following list describes the sequence of events shown in Figure 1-9 “Data Path: Mobile Node to Correspondent Node in Route Optimization”:

The Mobile Node builds an IPv6 data-packet with its home address as the source address and calculates any upper-layer checksum values (such as an IPSec authentication value) using its home address.
The Mobile Node appends a Home Address destination option to the IPv6 header with its home address.
The Mobile Node replaces its home address in the IPv6 data-packet header with its Care-of Address.
The data-packet is able to pass through routers with ingress routing, because data-packet source address is the Care-of Address and is topologically correct (the source address will be an address on the foreign network).
When the Correspondent Node receives the data-packet, it replaces the Care-of Address with the Mobile Node home address in the source address field. This allows upper-layer protocols to correctly calculate checksum values. The upper-layer protocols can also use the Mobile Node home address to identify the Mobile Node and maintain connectivity and state information for the Mobile Node. The Mobile Node home address is also useful for applications that use incoming source IP addresses for verification.

Figure 1-9 Data Path: Mobile Node to Correspondent Node in Route Optimization

Omitting Home Address Information

A Mobile Node is not required to send its home address to the Correspondent Node in a Home Address destination option. The Mobile Node is required to use the Home Address destination option only when it is using a transport-level connection (such as a TCP connection) with the Correspondent Node that it established while attached to its home network, or when it is using a connection that must be maintained when the Mobile Node attaches to a new foreign network. If the Mobile node is using a short-lived connection or a connectionless communication with the Correspondent Node, the Mobile Node can send only its Care-of Address to the Correspondent Node.

Correspondent Node to Mobile Node Data Path in Route Optimization

In route optimization mode, the Correspondent Node sends data-packets directly to the Mobile Node. The Correspondent Node uses the Mobile Node’s Care-of Address as the destination IP address and puts the Mobile Node’s home address in a special IPv6 routing header for Mobile IPv6, a Type 2 routing header. In effect, the Correspondent Node provides source routing for the data-packet, specifying that data-packets for the Mobile Node’s home address are routed through the Mobile Node’s Care-of Address, as shown in Figure 1-10 “Data Path: Correspondent Node to Mobile Node in Route Optimization”.

Figure 1-10 Data Path: Correspondent Node to Mobile Node in Route Optimization

When the Mobile Node receives the data-packet addressed to its Care-of Address, it processes the IPv6 header and Type 2 routing header. The data-packet is presented to the upper layers as if it was received on the Mobile Node’s home address—making Mobile IPv6 transparent to applications using the Mobile Node’s home address.