Network Working Group C. Perkins, Ed.
Request for Comments: 3344 Nokia Research Center
Obsoletes: 3220 August 2002
Category: Standards Track
Network Working Group C. Perkins, Ed.
Request for Comments: 3344 Nokia Research Center
Obsoletes: 3220 August 2002
Category: Standards Track
IP Mobility Support for IPv4
IPv4的IP移动性支持
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
This document specifies protocol enhancements that allow transparent routing of IP datagrams to mobile nodes in the Internet. Each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, a mobile node is also associated with a care-of address, which provides information about its current point of attachment to the Internet. The protocol provides for registering the care-of address with a home agent. The home agent sends datagrams destined for the mobile node through a tunnel to the care-of address. After arriving at the end of the tunnel, each datagram is then delivered to the mobile node.
本文档指定了协议增强功能,允许将IP数据报透明路由到Internet中的移动节点。每个移动节点总是由其家庭地址标识,而不管其当前连接到Internet的点。当移动节点远离其家时,移动节点还与转交地址相关联,该地址提供关于其当前互联网连接点的信息。该协议规定向家庭代理注册转交地址。归属代理通过隧道将目的地为移动节点的数据报发送到转交地址。到达隧道末端后,每个数据报随后被传送到移动节点。
Contents
目录
1. Introduction 3
1.1. Protocol Requirements . . . . . . . . . . . . . . . . . 4
1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Applicability . . . . . . . . . . . . . . . . . . . . . 5
1.5. New Architectural Entities . . . . . . . . . . . . . . 5
1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . 6
1.7. Protocol Overview . . . . . . . . . . . . . . . . . . . 9
1.8. Message Format and Protocol Extensibility . . . . . . . 13
1.9. Type-Length-Value Extension Format for Mobile IP
Extensions . . . . . . . . . . . . . . . . . . . . . 15
1.10. Long Extension Format . . . . . . . . . . . . . . . . . 16
1. Introduction 3
1.1. Protocol Requirements . . . . . . . . . . . . . . . . . 4
1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . 5
1.4. Applicability . . . . . . . . . . . . . . . . . . . . . 5
1.5. New Architectural Entities . . . . . . . . . . . . . . 5
1.6. Terminology . . . . . . . . . . . . . . . . . . . . . . 6
1.7. Protocol Overview . . . . . . . . . . . . . . . . . . . 9
1.8. Message Format and Protocol Extensibility . . . . . . . 13
1.9. Type-Length-Value Extension Format for Mobile IP
Extensions . . . . . . . . . . . . . . . . . . . . . 15
1.10. Long Extension Format . . . . . . . . . . . . . . . . . 16
1.11. Short Extension Format . . . . . . . . . . . . . . . . 16
2. Agent Discovery 17
2.1. Agent Advertisement . . . . . . . . . . . . . . . . . . 18
2.1.1. Mobility Agent Advertisement Extension . . . . 20
2.1.2. Prefix-Lengths Extension . . . . . . . . . . . 22
2.1.3. One-byte Padding Extension . . . . . . . . . . 22
2.2. Agent Solicitation . . . . . . . . . . . . . . . . . . 23
2.3. Foreign Agent and Home Agent Considerations . . . . . . 23
2.3.1. Advertised Router Addresses . . . . . . . . . . 24
2.3.2. Sequence Numbers and Rollover Handling . . . . 24
2.4. Mobile Node Considerations . . . . . . . . . . . . . . 25
2.4.1. Registration Required . . . . . . . . . . . . . 26
2.4.2. Move Detection . . . . . . . . . . . . . . . . 26
2.4.3. Returning Home . . . . . . . . . . . . . . . . 27
2.4.4. Sequence Numbers and Rollover Handling . . . . 28
3. Registration 28
3.1. Registration Overview . . . . . . . . . . . . . . . . . 29
3.2. Authentication . . . . . . . . . . . . . . . . . . . . 30
3.3. Registration Request . . . . . . . . . . . . . . . . . 30
3.4. Registration Reply . . . . . . . . . . . . . . . . . . 33
3.5. Registration Extensions . . . . . . . . . . . . . . . . 36
3.5.1. Computing Authentication Extension Values . . . 36
3.5.2. Mobile-Home Authentication Extension . . . . . 37
3.5.3. Mobile-Foreign Authentication Extension . . . . 37
3.5.4. Foreign-Home Authentication Extension . . . . . 38
3.6. Mobile Node Considerations . . . . . . . . . . . . . . 38
3.6.1. Sending Registration Requests . . . . . . . . . 40
3.6.2. Receiving Registration Replies . . . . . . . . 44
3.6.3. Registration Retransmission . . . . . . . . . . 47
3.7. Foreign Agent Considerations . . . . . . . . . . . . . 47
3.7.1. Configuration and Registration Tables . . . . . 48
3.7.2. Receiving Registration Requests . . . . . . . . 49
3.7.3. Receiving Registration Replies . . . . . . . . 52
3.8. Home Agent Considerations . . . . . . . . . . . . . . . 54
3.8.1. Configuration and Registration Tables . . . . . 55
3.8.2. Receiving Registration Requests . . . . . . . . 56
3.8.3. Sending Registration Replies . . . . . . . . . 59
4. Routing Considerations 62
4.1. Encapsulation Types . . . . . . . . . . . . . . . . . . 62
4.2. Unicast Datagram Routing . . . . . . . . . . . . . . . 62
4.2.1. Mobile Node Considerations . . . . . . . . . . 62
4.2.2. Foreign Agent Considerations . . . . . . . . . 63
4.2.3. Home Agent Considerations . . . . . . . . . . . 64
4.3. Broadcast Datagrams . . . . . . . . . . . . . . . . . . 66
4.4. Multicast Datagram Routing . . . . . . . . . . . . . . 66
4.5. Mobile Routers . . . . . . . . . . . . . . . . . . . . 67
4.6. ARP, Proxy ARP, and Gratuitous ARP . . . . . . . . . . 69
5. Security Considerations 73
1.11. Short Extension Format . . . . . . . . . . . . . . . . 16
2. Agent Discovery 17
2.1. Agent Advertisement . . . . . . . . . . . . . . . . . . 18
2.1.1. Mobility Agent Advertisement Extension . . . . 20
2.1.2. Prefix-Lengths Extension . . . . . . . . . . . 22
2.1.3. One-byte Padding Extension . . . . . . . . . . 22
2.2. Agent Solicitation . . . . . . . . . . . . . . . . . . 23
2.3. Foreign Agent and Home Agent Considerations . . . . . . 23
2.3.1. Advertised Router Addresses . . . . . . . . . . 24
2.3.2. Sequence Numbers and Rollover Handling . . . . 24
2.4. Mobile Node Considerations . . . . . . . . . . . . . . 25
2.4.1. Registration Required . . . . . . . . . . . . . 26
2.4.2. Move Detection . . . . . . . . . . . . . . . . 26
2.4.3. Returning Home . . . . . . . . . . . . . . . . 27
2.4.4. Sequence Numbers and Rollover Handling . . . . 28
3. Registration 28
3.1. Registration Overview . . . . . . . . . . . . . . . . . 29
3.2. Authentication . . . . . . . . . . . . . . . . . . . . 30
3.3. Registration Request . . . . . . . . . . . . . . . . . 30
3.4. Registration Reply . . . . . . . . . . . . . . . . . . 33
3.5. Registration Extensions . . . . . . . . . . . . . . . . 36
3.5.1. Computing Authentication Extension Values . . . 36
3.5.2. Mobile-Home Authentication Extension . . . . . 37
3.5.3. Mobile-Foreign Authentication Extension . . . . 37
3.5.4. Foreign-Home Authentication Extension . . . . . 38
3.6. Mobile Node Considerations . . . . . . . . . . . . . . 38
3.6.1. Sending Registration Requests . . . . . . . . . 40
3.6.2. Receiving Registration Replies . . . . . . . . 44
3.6.3. Registration Retransmission . . . . . . . . . . 47
3.7. Foreign Agent Considerations . . . . . . . . . . . . . 47
3.7.1. Configuration and Registration Tables . . . . . 48
3.7.2. Receiving Registration Requests . . . . . . . . 49
3.7.3. Receiving Registration Replies . . . . . . . . 52
3.8. Home Agent Considerations . . . . . . . . . . . . . . . 54
3.8.1. Configuration and Registration Tables . . . . . 55
3.8.2. Receiving Registration Requests . . . . . . . . 56
3.8.3. Sending Registration Replies . . . . . . . . . 59
4. Routing Considerations 62
4.1. Encapsulation Types . . . . . . . . . . . . . . . . . . 62
4.2. Unicast Datagram Routing . . . . . . . . . . . . . . . 62
4.2.1. Mobile Node Considerations . . . . . . . . . . 62
4.2.2. Foreign Agent Considerations . . . . . . . . . 63
4.2.3. Home Agent Considerations . . . . . . . . . . . 64
4.3. Broadcast Datagrams . . . . . . . . . . . . . . . . . . 66
4.4. Multicast Datagram Routing . . . . . . . . . . . . . . 66
4.5. Mobile Routers . . . . . . . . . . . . . . . . . . . . 67
4.6. ARP, Proxy ARP, and Gratuitous ARP . . . . . . . . . . 69
5. Security Considerations 73
5.1. Message Authentication Codes . . . . . . . . . . . . . 73
5.2. Areas of Security Concern in this Protocol . . . . . . 73
5.3. Key Management . . . . . . . . . . . . . . . . . . . . 74
5.4. Picking Good Random Numbers . . . . . . . . . . . . . . 74
5.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . 74
5.6. Ingress Filtering . . . . . . . . . . . . . . . . . . . 75
5.7. Replay Protection for Registration Requests . . . . . . 75
5.7.1. Replay Protection using Timestamps . . . . . . 75
5.7.2. Replay Protection using Nonces . . . . . . . . 77
6. IANA Considerations 77
6.1. Mobile IP Message Types . . . . . . . . . . . . . . . . 78
6.2. Extensions to RFC 1256 Router Advertisement . . . . . . 78
6.3. Extensions to Mobile IP Registration Messages . . . . . 79
6.4. Code Values for Mobile IP Registration Reply
Messages. . . . . . . . . . . . . . . . . . . . . . 79
7. Acknowledgments 80
A. Patent Issues 82
B. Link-Layer Considerations 82
C. TCP Considerations 83
C.1. TCP Timers . . . . . . . . . . . . . . . . . . . . . . 83
C.2. TCP Congestion Management . . . . . . . . . . . . . . . 83
D. Example Scenarios 84
D.1. Registering with a Foreign Agent Care-of Address . . . 84
D.2. Registering with a Co-Located Care-of Address . . . . . 84
D.3. Deregistration . . . . . . . . . . . . . . . . . . . . 85
E. Applicability of Prefix-Lengths Extension 86
F. Interoperability Considerations 86
G. Changes since RFC 2002 87
G.1. Major Changes . . . . . . . . . . . . . . . . . . . . . 87
G.2. Minor Changes . . . . . . . . . . . . . . . . . . . . . 89
G.3. Changes since revision 04 of RFC2002bis . . . . . . . . 91
H. Example Messages 92
H.1. Example ICMP Agent Advertisement Message Format . . . . 92
H.2. Example Registration Request Message Format . . . . . . 93
H.3. Example Registration Reply Message Format . . . . . . . 94
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 99
5.1. Message Authentication Codes . . . . . . . . . . . . . 73
5.2. Areas of Security Concern in this Protocol . . . . . . 73
5.3. Key Management . . . . . . . . . . . . . . . . . . . . 74
5.4. Picking Good Random Numbers . . . . . . . . . . . . . . 74
5.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . 74
5.6. Ingress Filtering . . . . . . . . . . . . . . . . . . . 75
5.7. Replay Protection for Registration Requests . . . . . . 75
5.7.1. Replay Protection using Timestamps . . . . . . 75
5.7.2. Replay Protection using Nonces . . . . . . . . 77
6. IANA Considerations 77
6.1. Mobile IP Message Types . . . . . . . . . . . . . . . . 78
6.2. Extensions to RFC 1256 Router Advertisement . . . . . . 78
6.3. Extensions to Mobile IP Registration Messages . . . . . 79
6.4. Code Values for Mobile IP Registration Reply
Messages. . . . . . . . . . . . . . . . . . . . . . 79
7. Acknowledgments 80
A. Patent Issues 82
B. Link-Layer Considerations 82
C. TCP Considerations 83
C.1. TCP Timers . . . . . . . . . . . . . . . . . . . . . . 83
C.2. TCP Congestion Management . . . . . . . . . . . . . . . 83
D. Example Scenarios 84
D.1. Registering with a Foreign Agent Care-of Address . . . 84
D.2. Registering with a Co-Located Care-of Address . . . . . 84
D.3. Deregistration . . . . . . . . . . . . . . . . . . . . 85
E. Applicability of Prefix-Lengths Extension 86
F. Interoperability Considerations 86
G. Changes since RFC 2002 87
G.1. Major Changes . . . . . . . . . . . . . . . . . . . . . 87
G.2. Minor Changes . . . . . . . . . . . . . . . . . . . . . 89
G.3. Changes since revision 04 of RFC2002bis . . . . . . . . 91
H. Example Messages 92
H.1. Example ICMP Agent Advertisement Message Format . . . . 92
H.2. Example Registration Request Message Format . . . . . . 93
H.3. Example Registration Reply Message Format . . . . . . . 94
References . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 98
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . 99
IP version 4 assumes that a node's IP address uniquely identifies the node's point of attachment to the Internet. Therefore, a node must be located on the network indicated by its IP address in order to receive datagrams destined to it; otherwise, datagrams destined to the node would be undeliverable. For a node to change its point of attachment without losing its ability to communicate, currently one of the two following mechanisms must typically be employed:
IP版本4假设一个节点的IP地址唯一地标识该节点到Internet的连接点。因此,节点必须位于由其IP地址指示的网络上,以便接收目的地为其的数据报;否则,发送到节点的数据报将无法传递。为了使节点在不丧失通信能力的情况下改变其连接点,目前必须采用以下两种机制之一:
a) the node must change its IP address whenever it changes its point of attachment, or
a) 当节点更改其连接点时,必须更改其IP地址,或者
b) host-specific routes must be propagated throughout much of the Internet routing fabric.
b) 特定于主机的路由必须在大部分Internet路由结构中传播。
Both of these alternatives are often unacceptable. The first makes it impossible for a node to maintain transport and higher-layer connections when the node changes location. The second has obvious and severe scaling problems, especially relevant considering the explosive growth in sales of notebook (mobile) computers.
这两种选择通常都是不可接受的。第一种情况是,当节点改变位置时,节点不可能保持传输和更高层的连接。第二个问题明显且严重,尤其是考虑到笔记本(移动)电脑销量的爆炸性增长。
A new, scalable, mechanism is required for accommodating node mobility within the Internet. This document defines such a mechanism, which enables nodes to change their point of attachment to the Internet without changing their IP address.
需要一种新的、可扩展的机制来适应互联网中的节点移动性。本文档定义了这样一种机制,使节点能够在不更改IP地址的情况下更改其到Internet的连接点。
Changes between this revised specification for Mobile IP and the original specifications (see [33, 32, 34, 43, 8]) are detailed in the appendix section G.
本修订版移动IP规范与原始规范(见[33,32,34,43,8])之间的变更详见附录G节。
A mobile node must be able to communicate with other nodes after changing its link-layer point of attachment to the Internet, yet without changing its IP address.
移动节点必须能够在更改其连接到Internet的链路层连接点后与其他节点通信,但不更改其IP地址。
A mobile node must be able to communicate with other nodes that do not implement these mobility functions. No protocol enhancements are required in hosts or routers that are not acting as any of the new architectural entities introduced in Section 1.5.
移动节点必须能够与未实现这些移动功能的其他节点通信。不作为第1.5节中介绍的任何新体系结构实体的主机或路由器不需要协议增强。
All messages used to update another node as to the location of a mobile node must be authenticated in order to protect against remote redirection attacks.
所有用于更新另一个节点的移动节点位置的消息都必须经过身份验证,以防止远程重定向攻击。
The link by which a mobile node is directly attached to the Internet may often be a wireless link. This link may thus have a substantially lower bandwidth and higher error rate than traditional wired networks. Moreover, mobile nodes are likely to be battery powered, and minimizing power consumption is important. Therefore, the number of administrative messages sent over the link by which a mobile node is directly attached to the Internet should be minimized, and the size of these messages should be kept as small as is reasonably possible.
移动节点通过其直接连接到因特网的链路通常可以是无线链路。因此,与传统有线网络相比,该链路可能具有显著更低的带宽和更高的错误率。此外,移动节点可能由电池供电,因此最大限度地降低功耗非常重要。因此,通过移动节点直接连接到因特网的链路发送的管理消息的数量应该最小化,并且这些消息的大小应该保持尽可能小。
The protocols defined in this document place no additional constraints on the assignment of IP addresses. That is, a mobile node can be assigned an IP address by the organization that owns the machine.
本文档中定义的协议对IP地址的分配没有附加限制。也就是说,拥有机器的组织可以为移动节点分配IP地址。
This protocol assumes that mobile nodes will generally not change their point of attachment to the Internet more frequently than once per second.
该协议假设移动节点通常不会以超过每秒一次的频率更改其与Internet的连接点。
This protocol assumes that IP unicast datagrams are routed based on the destination address in the datagram header (and not, for example, by source address).
该协议假设IP单播数据报是基于数据报报头中的目标地址(而不是源地址)路由的。
Mobile IP is intended to enable nodes to move from one IP subnet to another. It is just as suitable for mobility across homogeneous media as it is for mobility across heterogeneous media. That is, Mobile IP facilitates node movement from one Ethernet segment to another as well as it accommodates node movement from an Ethernet segment to a wireless LAN, as long as the mobile node's IP address remains the same after such a movement.
移动IP旨在使节点能够从一个IP子网移动到另一个IP子网。它既适用于异构介质的移动,也适用于异构介质的移动。也就是说,移动IP促进了节点从一个以太网段到另一个以太网段的移动,并且只要移动节点的IP地址在这种移动之后保持不变,它就适应了节点从以太网段到无线LAN的移动。
One can think of Mobile IP as solving the "macro" mobility management problem. It is less well suited for more "micro" mobility management applications -- for example, handoff amongst wireless transceivers, each of which covers only a very small geographic area. As long as node movement does not occur between points of attachment on different IP subnets, link-layer mechanisms for mobility (i.e., link-layer handoff) may offer faster convergence and far less overhead than Mobile IP.
人们可以将移动IP视为解决“宏观”移动管理问题。它不太适合更“微型”的移动管理应用——例如,无线收发器之间的切换,每个收发器只覆盖很小的地理区域。只要不同IP子网上的连接点之间不发生节点移动,用于移动的链路层机制(即链路层切换)可以提供比移动IP更快的收敛速度和更少的开销。
Mobile IP introduces the following new functional entities:
移动IP引入了以下新的功能实体:
Mobile Node
移动节点
A host or router that changes its point of attachment from one network or subnetwork to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its (constant) IP address, assuming link-layer connectivity to a point of attachment is available.
将其连接点从一个网络或子网络更改为另一个网络的主机或路由器。移动节点可以在不改变其IP地址的情况下改变其位置;假设连接点的链路层连接可用,它可以使用其(恒定)IP地址继续与任何位置的其他Internet节点通信。
Home Agent
国内代理
A router on a mobile node's home network which tunnels datagrams for delivery to the mobile node when it is away from home, and maintains current location information for the mobile node.
移动节点家庭网络上的一种路由器,用于在移动节点离家时传送数据报,并维护移动节点的当前位置信息。
Foreign Agent
外国代理人
A router on a mobile node's visited network which provides routing services to the mobile node while registered. The foreign agent detunnels and delivers datagrams to the mobile node that were tunneled by the mobile node's home agent. For datagrams sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.
移动节点访问网络上的路由器,在注册时向移动节点提供路由服务。外部代理将由移动节点的主代理通过隧道传输的数据报卸载并发送到移动节点。对于移动节点发送的数据报,外部代理可以用作注册移动节点的默认路由器。
A mobile node is given a long-term IP address on a home network. This home address is administered in the same way as a "permanent" IP address is provided to a stationary host. When away from its home network, a "care-of address" is associated with the mobile node and reflects the mobile node's current point of attachment. The mobile node uses its home address as the source address of all IP datagrams that it sends, except where otherwise described in this document for datagrams sent for certain mobility management functions (e.g., as in Section 3.6.1.1).
移动节点在家庭网络上被赋予一个长期的IP地址。该家庭地址的管理方式与向固定主机提供“永久”IP地址的方式相同。当离开其家庭网络时,“转交地址”与移动节点相关联,并反映移动节点的当前连接点。移动节点使用其家庭地址作为其发送的所有IP数据报的源地址,除非本文件中另有说明,用于某些移动性管理功能的数据报(如第3.6.1.1节)。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [4].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[4]中所述进行解释。
In addition, this document frequently uses the following terms:
此外,本文件经常使用以下术语:
Authorization-enabling extension
授权启用扩展
An authentication which makes a (registration) message acceptable to the ultimate recipient of the registration message. An authorization-enabling extension MUST contain an SPI.
使(注册)消息为注册消息的最终接收者所接受的一种身份验证。授权启用扩展必须包含SPI。
In this document, all uses of authorization-enabling extension refer to authentication extensions that enable the Registration Request message to be acceptable to the home agent. Using additional protocol structures specified outside of this document, it may be possible for the mobile node to provide authentication of its registration to the
在本文档中,授权启用扩展的所有用途均指使注册请求消息为归属代理所接受的身份验证扩展。使用本文档之外指定的附加协议结构,移动节点可以向用户提供其注册的认证
home agent, by way of another authenticating entity within the network that is acceptable to the home agent (for example, see RFC 2794 [6]).
归属代理,通过网络中归属代理可接受的另一认证实体(例如,参见RFC 2794[6])。
Agent Advertisement
代理广告
An advertisement message constructed by attaching a special Extension to a router advertisement [10] message.
通过在路由器广告[10]消息上附加一个特殊扩展来构造的一种广告消息。
Authentication
认证
The process of verifying (using cryptographic techniques, for all applications in this specification) the identity of the originator of a message.
验证(对于本规范中的所有应用程序,使用加密技术)消息发起人身份的过程。
Care-of Address
转交地址
The termination point of a tunnel toward a mobile node, for datagrams forwarded to the mobile node while it is away from home. The protocol can use two different types of care-of address: a "foreign agent care-of address" is an address of a foreign agent with which the mobile node is registered, and a "co-located care-of address" is an externally obtained local address which the mobile node has associated with one of its own network interfaces.
通向移动节点的隧道的终止点,用于在移动节点离家时转发给移动节点的数据报。该协议可以使用两种不同类型的转交地址:“外来代理转交地址”是移动节点注册的外来代理的地址,“同处转交地址”是移动节点已与其自身网络接口之一关联的外部获得的本地地址。
Correspondent Node
对应节点
A peer with which a mobile node is communicating. A correspondent node may be either mobile or stationary.
移动节点与之通信的对等方。对应节点可以是移动的或静止的。
Foreign Network
外网
Any network other than the mobile node's Home Network.
移动节点的家庭网络以外的任何网络。
Gratuitous ARP
无故ARP
An ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache [45]. See section 4.6.
由一个节点发送的ARP数据包,以便自发地使其他节点更新其ARP缓存中的条目[45]。见第4.6节。
Home Address
家庭住址
An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet.
分配给移动节点一段较长时间的IP地址。无论节点连接到Internet的位置如何,它都保持不变。
Home Network
家庭网络
A network, possibly virtual, having a network prefix matching that of a mobile node's home address. Note that standard IP routing mechanisms will deliver datagrams destined to a mobile node's Home Address to the mobile node's Home Network.
一种网络,可能是虚拟的,其网络前缀与移动节点的家庭地址匹配。请注意,标准IP路由机制将向移动节点的家庭网络发送目的地为移动节点家庭地址的数据报。
Link
链接
A facility or medium over which nodes can communicate at the link layer. A link underlies the network layer.
节点可在链路层上进行通信的设施或介质。链接位于网络层的下方。
Link-Layer Address
链路层地址
The address used to identify an endpoint of some communication over a physical link. Typically, the Link-Layer address is an interface's Media Access Control (MAC) address.
用于通过物理链路标识某些通信的端点的地址。通常,链路层地址是接口的媒体访问控制(MAC)地址。
Mobility Agent
流动剂
Either a home agent or a foreign agent.
要么是国内代理人,要么是国外代理人。
Mobility Binding
迁移率绑定
The association of a home address with a care-of address, along with the remaining lifetime of that association.
家庭地址与转交地址的关联,以及该关联的剩余生命周期。
Mobility Security Association
移动安全协会
A collection of security contexts, between a pair of nodes, which may be applied to Mobile IP protocol messages exchanged between them. Each context indicates an authentication algorithm and mode (Section 5.1), a secret (a shared key, or appropriate public/private key pair), and a style of replay protection in use (Section 5.7).
一对节点之间的安全上下文集合,可应用于它们之间交换的移动IP协议消息。每个上下文表示一种身份验证算法和模式(第5.1节)、一个秘密(共享密钥或适当的公钥/私钥对)和使用中的重播保护类型(第5.7节)。
Node
节点
A host or a router.
主机或路由器。
Nonce
暂时
A randomly chosen value, different from previous choices, inserted in a message to protect against replays.
一个随机选择的值,与以前的选择不同,插入到消息中以防止重播。
Security Parameter Index (SPI)
安全参数索引(SPI)
An index identifying a security context between a pair of nodes among the contexts available in the Mobility Security Association. SPI values 0 through 255 are reserved and MUST NOT be used in any Mobility Security Association.
标识移动安全关联中可用上下文中的一对节点之间的安全上下文的索引。SPI值0到255是保留的,不得在任何移动安全关联中使用。
Tunnel
地下通道
The path followed by a datagram while it is encapsulated. The model is that, while it is encapsulated, a datagram is routed to a knowledgeable decapsulating agent, which decapsulates the datagram and then correctly delivers it to its ultimate destination.
封装时数据报所遵循的路径。模型是,当数据报被封装时,它被路由到一个知识渊博的去封装代理,该代理对数据报进行去封装,然后正确地将其传递到最终目的地。
Virtual Network
虚拟网络
A network with no physical instantiation beyond a router (with a physical network interface on another network). The router (e.g., a home agent) generally advertises reachability to the virtual network using conventional routing protocols.
在路由器之外没有物理实例化的网络(在另一个网络上有物理网络接口)。路由器(例如,归属代理)通常使用常规路由协议来宣传虚拟网络的可达性。
Visited Network
访问网络
A network other than a mobile node's Home Network, to which the mobile node is currently connected.
除移动节点的家庭网络之外的网络,移动节点当前连接到该网络。
Visitor List
访问者列表
The list of mobile nodes visiting a foreign agent.
访问外部代理的移动节点列表。
The following support services are defined for Mobile IP:
为移动IP定义了以下支持服务:
Agent Discovery
代理发现
Home agents and foreign agents may advertise their availability on each link for which they provide service. A newly arrived mobile node can send a solicitation on the link to learn if any prospective agents are present.
国内代理商和国外代理商可在其提供服务的每个链接上公布其可用性。新到达的移动节点可以在链接上发送请求,以了解是否存在任何潜在代理。
Registration
登记
When the mobile node is away from home, it registers its care-of address with its home agent. Depending on its method of attachment, the mobile node will register either
当移动节点离开家时,它向其归属代理注册其转交地址。根据其连接方法,移动节点将注册
directly with its home agent, or through a foreign agent which forwards the registration to the home agent.
直接向其本国代理或通过将注册转发给本国代理的外国代理。
silently discard
默默地抛弃
The implementation discards the datagram without further processing, and without indicating an error to the sender. The implementation SHOULD provide the capability of logging the error, including the contents of the discarded datagram, and SHOULD record the event in a statistics counter.
实现丢弃数据报,无需进一步处理,也不会向发送方指示错误。实现应提供记录错误的能力,包括丢弃数据报的内容,并应在统计计数器中记录事件。
The following steps provide a rough outline of operation of the Mobile IP protocol:
以下步骤大致概述了移动IP协议的操作:
- Mobility agents (i.e., foreign agents and home agents) advertise their presence via Agent Advertisement messages (Section 2). A mobile node may optionally solicit an Agent Advertisement message from any locally attached mobility agents through an Agent Solicitation message.
- 移动代理(即外国代理和本国代理)通过代理广告消息宣传其存在(第2节)。移动节点可以可选地通过代理请求消息从任何本地连接的移动代理请求代理广告消息。
- A mobile node receives these Agent Advertisements and determines whether it is on its home network or a foreign network.
- 移动节点接收这些代理播发并确定它是在其家庭网络上还是在外部网络上。
- When the mobile node detects that it is located on its home network, it operates without mobility services. If returning to its home network from being registered elsewhere, the mobile node deregisters with its home agent, through exchange of a Registration Request and Registration Reply message with it.
- 当移动节点检测到它位于其家庭网络上时,它在没有移动服务的情况下运行。如果从别处注册返回其家庭网络,则移动节点通过与其交换注册请求和注册回复消息,向其家庭代理注销注册。
- When a mobile node detects that it has moved to a foreign network, it obtains a care-of address on the foreign network. The care-of address can either be determined from a foreign agent's advertisements (a foreign agent care-of address), or by some external assignment mechanism such as DHCP [13] (a co-located care-of address).
- 当移动节点检测到它已移动到外部网络时,它在外部网络上获得转交地址。转交地址可以通过外国代理的广告(外国代理转交地址)确定,也可以通过一些外部分配机制(如DHCP[13](共址转交地址)确定。
- The mobile node operating away from home then registers its new care-of address with its home agent through exchange of a Registration Request and Registration Reply message with it, possibly via a foreign agent (Section 3).
- 然后,在远离家乡的地方操作的移动节点通过可能经由外地代理与其交换注册请求和注册回复消息,向其家乡代理注册其新的转交地址(第3节)。
- Datagrams sent to the mobile node's home address are intercepted by its home agent, tunneled by the home agent to the mobile node's care-of address, received at the tunnel endpoint (either at a foreign agent or at the mobile node itself), and finally delivered to the mobile node (Section 4.2.3).
- 发送到移动节点的主地址的数据报被其主代理截获,由主代理通过隧道传输到移动节点的转交地址,在隧道端点处接收(在外部代理处或在移动节点本身处),最后发送到移动节点(第4.2.3节)。
- In the reverse direction, datagrams sent by the mobile node are generally delivered to their destination using standard IP routing mechanisms, not necessarily passing through the home agent.
- 在相反的方向上,移动节点发送的数据报通常使用标准IP路由机制传送到其目的地,而不一定通过归属代理。
When away from home, Mobile IP uses protocol tunneling to hide a mobile node's home address from intervening routers between its home network and its current location. The tunnel terminates at the mobile node's care-of address. The care-of address must be an address to which datagrams can be delivered via conventional IP routing. At the care-of address, the original datagram is removed from the tunnel and delivered to the mobile node.
离开家时,移动IP使用协议隧道来隐藏移动节点的家庭地址,以防其家庭网络和当前位置之间的路由器介入。隧道终止于移动节点的转交地址。转交地址必须是数据报可以通过常规IP路由传送到的地址。在转交地址处,原始数据报从隧道中移除并传送到移动节点。
Mobile IP provides two alternative modes for the acquisition of a care-of address:
移动IP为获取转交地址提供了两种可选模式:
a) A "foreign agent care-of address" is a care-of address provided by a foreign agent through its Agent Advertisement messages. In this case, the care-of address is an IP address of the foreign agent. In this mode, the foreign agent is the endpoint of the tunnel and, upon receiving tunneled datagrams, decapsulates them and delivers the inner datagram to the mobile node. This mode of acquisition is preferred because it allows many mobile nodes to share the same care-of address and therefore does not place unnecessary demands on the already limited IPv4 address space.
a) “外国代理转交地址”是外国代理通过其代理广告消息提供的转交地址。在这种情况下,转交地址是外部代理的IP地址。在这种模式下,外部代理是隧道的端点,在接收到隧道数据报时,将其解封并将内部数据报传递给移动节点。这种获取模式是首选的,因为它允许许多移动节点共享相同的转交地址,因此不会对已经有限的IPv4地址空间提出不必要的要求。
b) A "co-located care-of address" is a care-of address acquired by the mobile node as a local IP address through some external means, which the mobile node then associates with one of its own network interfaces. The address may be dynamically acquired as a temporary address by the mobile node such as through DHCP [13], or may be owned by the mobile node as a long-term address for its use only while visiting some foreign network. Specific external methods of acquiring a local IP address for use as a co-located care-of address are beyond the scope of this document. When using a co-located care-of address, the mobile node serves as the endpoint of the tunnel and itself performs decapsulation of the datagrams tunneled to it.
b) “同处转交地址”是移动节点通过一些外部手段获得的作为本地IP地址的转交地址,然后移动节点将其与自己的网络接口之一相关联。该地址可以由移动节点(例如通过DHCP[13])动态地获取为临时地址,或者可以由移动节点拥有为其仅在访问某个外部网络时使用的长期地址。获取本地IP地址以用作同一托管地址的特定外部方法不在本文档的范围内。当使用同一位置的转交地址时,移动节点充当隧道的端点,并且自身执行隧道传输到它的数据报的解除封装。
The mode of using a co-located care-of address has the advantage that it allows a mobile node to function without a foreign agent, for example, in networks that have not yet deployed a foreign agent. It does, however, place additional burden on the IPv4 address space because it requires a pool of addresses within the foreign network to
使用共同定位的转交地址的模式的优点是,它允许移动节点在没有外部代理的情况下工作,例如,在尚未部署外部代理的网络中。但是,它确实给IPv4地址空间带来了额外的负担,因为它需要外部网络中的一个地址池来完成
be made available to visiting mobile nodes. It is difficult to efficiently maintain pools of addresses for each subnet that may permit mobile nodes to visit.
可用于访问移动节点。很难有效地维护允许移动节点访问的每个子网的地址池。
It is important to understand the distinction between the care-of address and the foreign agent functions. The care-of address is simply the endpoint of the tunnel. It might indeed be an address of a foreign agent (a foreign agent care-of address), but it might instead be an address temporarily acquired by the mobile node (a co-located care-of address). A foreign agent, on the other hand, is a mobility agent that provides services to mobile nodes. See Sections 3.7 and 4.2.2 for additional details.
理解转交地址和外国代理人职能之间的区别很重要。转交地址只是隧道的端点。它可能确实是外部代理的地址(外部代理转交地址),但它可能是移动节点临时获取的地址(共址转交地址)。另一方面,外部代理是向移动节点提供服务的移动代理。更多详情见第3.7节和第4.2.2节。
For example, figure 1 illustrates the routing of datagrams to and from a mobile node away from home, once the mobile node has registered with its home agent. In figure 1, the mobile node is using a foreign agent care-of address, not a co-located care-of address.
例如,图1说明了在移动节点向其归属代理注册后,数据报往返于远离家乡的移动节点的路由。在图1中,移动节点使用的是外部代理转交地址,而不是同一位置的转交地址。
2) Datagram is intercepted 3) Datagram is by home agent and detunneled and is tunneled to the delivered to the care-of address. mobile node.
2) 数据报被截获3)数据报被归属代理截获,并被删除,然后通过隧道传送到转交地址。移动节点。
+-----+ +-------+ +------+
|home | =======> |foreign| ------> |mobile|
|agent| | agent | <------ | node |
+-----+ +-------+ +------+
1) Datagram to /|\ /
mobile node | / 4) For datagrams sent by the
arrives on | / mobile node, standard IP
home network | / routing delivers each to its
via standard | |_ destination. In this figure,
IP routing. +----+ the foreign agent is the
|host| mobile node's default router.
+----+
+-----+ +-------+ +------+
|home | =======> |foreign| ------> |mobile|
|agent| | agent | <------ | node |
+-----+ +-------+ +------+
1) Datagram to /|\ /
mobile node | / 4) For datagrams sent by the
arrives on | / mobile node, standard IP
home network | / routing delivers each to its
via standard | |_ destination. In this figure,
IP routing. +----+ the foreign agent is the
|host| mobile node's default router.
+----+
Figure 1: Operation of Mobile IPv4
图1:移动IPv4的操作
A home agent MUST be able to attract and intercept datagrams that are destined to the home address of any of its registered mobile nodes. Using the proxy and gratuitous ARP mechanisms described in Section 4.6, this requirement can be satisfied if the home agent has a network interface on the link indicated by the mobile node's home address. Other placements of the home agent relative to the mobile node's home location MAY also be possible using other mechanisms for intercepting datagrams destined to the mobile node's home address. Such placements are beyond the scope of this document.
归属代理必须能够吸引和拦截发送到其任何注册移动节点的归属地址的数据报。使用第4.6节中描述的代理和免费ARP机制,如果归属代理在由移动节点的归属地址指示的链路上具有网络接口,则可以满足该要求。归属代理相对于移动节点的归属位置的其他放置也可以使用用于截取目的地为移动节点的归属地址的数据报的其他机制。此类放置超出了本文件的范围。
Similarly, a mobile node and a prospective or current foreign agent MUST be able to exchange datagrams without relying on standard IP routing mechanisms; that is, those mechanisms which make forwarding decisions based upon the network-prefix of the destination address in the IP header. This requirement can be satisfied if the foreign agent and the visiting mobile node have an interface on the same link. In this case, the mobile node and foreign agent simply bypass their normal IP routing mechanism when sending datagrams to each other, addressing the underlying link-layer packets to their respective link-layer addresses. Other placements of the foreign agent relative to the mobile node MAY also be possible using other mechanisms to exchange datagrams between these nodes, but such placements are beyond the scope of this document.
类似地,移动节点和预期的或当前的外部代理必须能够在不依赖标准IP路由机制的情况下交换数据报;也就是说,这些机制基于IP报头中的目标地址的网络前缀做出转发决策。如果外部代理和访问的移动节点在同一链路上具有接口,则可以满足此要求。在这种情况下,移动节点和外部代理在相互发送数据报时只是绕过它们的正常IP路由机制,将底层链路层数据包寻址到它们各自的链路层地址。也可以使用其他机制来在这些节点之间交换数据报,但是这种放置不在本文档的范围之内。
If a mobile node is using a co-located care-of address (as described in (b) above), the mobile node MUST be located on the link identified by the network prefix of this care-of address. Otherwise, datagrams destined to the care-of address would be undeliverable.
如果移动节点正在使用同一位置的转交地址(如上文(b)中所述),则移动节点必须位于由该转交地址的网络前缀标识的链路上。否则,发送到转交地址的数据报将无法发送。
Mobile IP defines a set of new control messages, sent with UDP [37] using well-known port number 434. The following two message types are defined in this document:
移动IP定义了一组新的控制消息,使用众所周知的端口号434通过UDP[37]发送。本文档中定义了以下两种消息类型:
1 Registration Request 3 Registration Reply
1注册申请3注册回复
Up-to-date values for the message types for Mobile IP control messages are specified in the most recent "Assigned Numbers" [40].
移动IP控制消息的消息类型的最新值在最新的“分配编号”[40]中指定。
In addition, for Agent Discovery, Mobile IP makes use of the existing Router Advertisement and Router Solicitation messages defined for ICMP Router Discovery [10].
此外,对于代理发现,移动IP利用为ICMP路由器发现定义的现有路由器广告和路由器请求消息[10]。
Mobile IP defines a general Extension mechanism to allow optional information to be carried by Mobile IP control messages or by ICMP Router Discovery messages. Some extensions have been specified to be encoded in the simple Type-Length-Value format described in Section 1.9.
移动IP定义了一种通用扩展机制,允许移动IP控制消息或ICMP路由器发现消息携带可选信息。一些扩展已指定为第1.9节中描述的简单类型长度值格式编码。
Extensions allow variable amounts of information to be carried within each datagram. The end of the list of Extensions is indicated by the total length of the IP datagram.
扩展允许在每个数据报中携带不同数量的信息。扩展列表的末尾由IP数据报的总长度表示。
Two separately maintained sets of numbering spaces, from which Extension Type values are allocated, are used in Mobile IP:
在移动IP中使用两组单独维护的编号空间,从中分配扩展类型值:
- The first set consists of those Extensions which may appear only in Mobile IP control messages (those sent to and from UDP port number 434). In this document, the following Types are defined for Extensions appearing in Mobile IP control messages:
- 第一组由可能仅出现在移动IP控制消息中的扩展(发送到UDP端口号434或从UDP端口号434发送的扩展)组成。在本文档中,为出现在移动IP控制消息中的扩展定义了以下类型:
32 Mobile-Home Authentication 33 Mobile-Foreign Authentication 34 Foreign-Home Authentication
32移动家庭身份验证33移动国外身份验证34国外家庭身份验证
- The second set consists of those extensions which may appear only in ICMP Router Discovery messages [10]. In this document, the following Types are defined for Extensions appearing in ICMP Router Discovery messages:
- 第二组由可能仅出现在ICMP路由器发现消息中的扩展组成[10]。在本文档中,为ICMP路由器发现消息中出现的扩展定义了以下类型:
0 One-byte Padding (encoded with no Length nor Data field) 16 Mobility Agent Advertisement 19 Prefix-Lengths
0单字节填充(编码时没有长度也没有数据字段)16移动代理广告19前缀长度
Each individual Extension is described in detail in a separate section later in this document. Up-to-date values for these Extension Type numbers are specified in the most recent "Assigned Numbers" [40].
本文档后面的单独章节将详细描述每个扩展。这些扩展类型编号的最新值在最近的“分配编号”[40]中指定。
Due to the separation (orthogonality) of these sets, it is conceivable that two Extensions that are defined at a later date could have identical Type values, so long as one of the Extensions may be used only in Mobile IP control messages and the other may be used only in ICMP Router Discovery messages.
由于这些集合的分离(正交性),可以想象,以后定义的两个扩展可以具有相同的类型值,只要其中一个扩展可以仅用于移动IP控制消息,而另一个扩展可以仅用于ICMP路由器发现消息。
The type field in the Mobile IP extension structure can support up to 255 (skippable and not skippable) uniquely identifiable extensions. When an Extension numbered in either of these sets within the range 0 through 127 is encountered but not recognized, the message containing that Extension MUST be silently discarded. When an Extension numbered in the range 128 through 255 is encountered which is not recognized, that particular Extension is ignored, but the rest of the Extensions and message data MUST still be processed. The Length field of the Extension is used to skip the Data field in searching for the next Extension.
移动IP扩展结构中的类型字段最多可支持255个(可跳过和不可跳过)唯一标识的扩展。当遇到一个编号在0到127范围内的扩展名但无法识别时,包含该扩展名的消息必须以静默方式丢弃。当遇到编号在128到255之间但无法识别的扩展名时,将忽略该特定扩展名,但仍必须处理其余扩展名和消息数据。扩展名的长度字段用于在搜索下一个扩展名时跳过数据字段。
Unless additional structure is utilized for the extension types, new developments or additions to Mobile IP might require so many new extensions that the available space for extension types might run out. Two new extension structures are proposed to solve this problem. Certain types of extensions can be aggregated, using
除非扩展类型使用额外的结构,否则移动IP的新开发或添加可能需要如此多的新扩展,以至于扩展类型的可用空间可能会耗尽。提出了两种新的扩展结构来解决这个问题。某些类型的扩展可以使用
subtypes to identify the precise extension, for example as has been done with the Generic Authentication Keys extensions [35]. In many cases, this may reduce the rate of allocation for new values of the type field.
用于标识精确扩展的子类型,例如,通用身份验证密钥扩展[35]。在许多情况下,这可能会降低类型字段新值的分配率。
Since the new extension structures will cause an efficient usage of the extension type space, it is recommended that new Mobile IP extensions follow one of the two new extension formats whenever there may be the possibility to group related extensions together.
由于新的扩展结构将有效地利用扩展类型空间,因此建议新的移动IP扩展遵循两种新扩展格式之一,只要有可能将相关扩展分组在一起。
The following subsections provide details about three distinct structures for Mobile IP extensions:
以下小节详细介绍了移动IP扩展的三种不同结构:
- The simple extension format - The long extension format - The short extension format
- 简单扩展格式-长扩展格式-短扩展格式
The Type-Length-Value format illustrated in figure 2 is used for extensions which are specified in this document. Since this simple extension structure does not encourage the most efficient usage of the extension type space, it is recommended that new Mobile IP extensions follow one of the two new extension formats specified in sections 1.10 or 1.11 whenever there may be the possibility to group related extensions together.
图2中所示的类型长度值格式用于本文档中指定的扩展。由于这种简单的扩展结构不鼓励最有效地使用扩展类型空间,因此建议新的移动IP扩展遵循第1.10节或第1.11节中规定的两种新扩展格式之一,只要有可能将相关扩展分组在一起。
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| Type | Length | Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| Type | Length | Data ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Figure 2: Type-Length-Value extension format for Mobile IPv4
图2:移动IPv4的类型长度值扩展格式
Type Indicates the particular type of Extension.
类型指示扩展的特定类型。
Length Indicates the length (in bytes) of the data field within this Extension. The length does NOT include the Type and Length bytes.
Length表示此扩展中数据字段的长度(以字节为单位)。长度不包括类型和长度字节。
Data The particular data associated with this Extension. This field may be zero or more bytes in length. The format and length of the data field is determined by the type and length fields.
数据与此扩展关联的特定数据。此字段的长度可以是零个或多个字节。数据字段的格式和长度由类型和长度字段决定。
This format is applicable for non-skippable extensions which carry information more than 256 bytes.
此格式适用于承载超过256字节信息的不可跳过扩展。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Sub-Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Sub-Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data .....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Long Extension format requires that the following fields be specified as the first fields of the extension.
长扩展名格式要求将以下字段指定为扩展名的第一个字段。
Type is the type, which describes a collection of extensions having a common data type.
类型是类型,它描述具有公共数据类型的扩展集合。
Sub-Type is a unique number given to each member in the aggregated type.
子类型是为聚合类型中的每个成员指定的唯一编号。
Length indicates the length (in bytes) of the data field within this Extension. It does NOT include the Type, Length and Sub-Type bytes.
Length表示此扩展中数据字段的长度(以字节为单位)。它不包括类型、长度和子类型字节。
Data is the data associated with the subtype of this extension. This specification does not place any additional structure on the subtype data.
数据是与此扩展的子类型关联的数据。本规范不在子类型数据上放置任何附加结构。
Since the length field is 16 bits wide, a the extension data can exceed 256 bytes in length.
由于长度字段为16位宽,扩展数据的长度可以超过256字节。
This format is compatible with the skippable extensions defined in section 1.9. It is not applicable for extensions which require more than 256 bytes of data; for such extensions, use the format described in section 1.10.
此格式与第1.9节中定义的可跳过扩展兼容。它不适用于需要超过256字节数据的扩展;对于此类扩展,请使用第1.10节中描述的格式。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sub-Type | Data ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sub-Type | Data ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The Short Extension format requires that the following fields be specified as the first fields of the extension:
短扩展名格式要求将以下字段指定为扩展名的第一个字段:
Type is the type, which describes a collection of extensions having a common data type.
类型是类型,它描述具有公共数据类型的扩展集合。
Sub-Type is a unique number given to each member in the aggregated type.
子类型是为聚合类型中的每个成员指定的唯一编号。
Length 8-bit unsigned integer. Length of the extension, in bytes, excluding the extension Type and the extension Length fields. This field MUST be set to 1 plus the total length of the data field.
长度为8位无符号整数。扩展的长度(字节),不包括扩展类型和扩展长度字段。此字段必须设置为1加上数据字段的总长度。
Data is the data associated with this extension. This specification does not place any additional structure on the subtype data.
Data是与此扩展关联的数据。本规范不在子类型数据上放置任何附加结构。
Agent Discovery is the method by which a mobile node determines whether it is currently connected to its home network or to a foreign network, and by which a mobile node can detect when it has moved from one network to another. When connected to a foreign network, the methods specified in this section also allow the mobile node to determine the foreign agent care-of address being offered by each foreign agent on that network.
代理发现是一种方法,通过该方法,移动节点确定其当前是连接到其家庭网络还是连接到外部网络,并且通过该方法,移动节点可以检测其何时从一个网络移动到另一个网络。当连接到外部网络时,本节中指定的方法还允许移动节点确定该网络上的每个外部代理提供的外部代理转交地址。
Mobile IP extends ICMP Router Discovery [10] as its primary mechanism for Agent Discovery. An Agent Advertisement is formed by including a Mobility Agent Advertisement Extension in an ICMP Router Advertisement message (Section 2.1). An Agent Solicitation message is identical to an ICMP Router Solicitation, except that its IP TTL MUST be set to 1 (Section 2.2). This section describes the message formats and procedures by which mobile nodes, foreign agents, and home agents cooperate to realize Agent Discovery.
移动IP将ICMP路由器发现[10]扩展为其代理发现的主要机制。通过在ICMP路由器广告消息中包括移动代理广告扩展来形成代理广告(第2.1节)。代理请求消息与ICMP路由器请求相同,只是其IP TTL必须设置为1(第2.2节)。本节描述移动节点、外部代理和本地代理协作实现代理发现的消息格式和过程。
Agent Advertisement and Agent Solicitation may not be necessary for link layers that already provide this functionality. The method by which mobile nodes establish link-layer connections with prospective agents is outside the scope of this document (but see Appendix B). The procedures described below assume that such link-layer connectivity has already been established.
对于已经提供此功能的链接层,可能不需要代理广告和代理请求。移动节点与潜在代理建立链路层连接的方法不在本文档范围内(但请参见附录B)。下面描述的过程假设已经建立了这样的链路层连接。
No authentication is required for Agent Advertisement and Agent Solicitation messages. They MAY be authenticated using the IP Authentication Header [22], which is unrelated to the messages described in this document. Further specification of the way in which Advertisement and Solicitation messages may be authenticated is outside of the scope of this document.
代理播发和代理请求消息不需要身份验证。可以使用IP认证头[22]对它们进行认证,这与本文档中描述的消息无关。广告和征集消息认证方式的进一步说明不在本文件范围内。
Agent Advertisements are transmitted by a mobility agent to advertise its services on a link. Mobile nodes use these advertisements to determine their current point of attachment to the Internet. An Agent Advertisement is an ICMP Router Advertisement that has been extended to also carry an Mobility Agent Advertisement Extension (Section 2.1.1) and, optionally, a Prefix-Lengths Extension (Section 2.1.2), One-byte Padding Extension (Section 2.1.3), or other Extensions that might be defined in the future.
代理播发由移动代理发送,以在链路上播发其服务。移动节点使用这些广告来确定其当前的互联网连接点。代理播发是一种ICMP路由器播发,该播发已扩展为还携带移动代理播发扩展(第2.1.1节)和可选的前缀长度扩展(第2.1.2节)、一字节填充扩展(第2.1.3节)或将来可能定义的其他扩展。
Within an Agent Advertisement message, ICMP Router Advertisement fields of the message are required to conform to the following additional specifications:
在代理播发消息中,消息的ICMP路由器播发字段需要符合以下附加规范:
- Link-Layer Fields
- 链接层字段
Destination Address
目的地址
The link-layer destination address of a unicast Agent Advertisement MUST be the same as the source link-layer address of the Agent Solicitation which prompted the Advertisement.
单播代理播发的链路层目标地址必须与提示播发的代理请求的源链路层地址相同。
- IP Fields
- IP字段
TTL The TTL for all Agent Advertisements MUST be set to 1.
TTL所有代理播发的TTL必须设置为1。
Destination Address
目的地址
As specified for ICMP Router Discovery [10], the IP destination address of an multicast Agent Advertisement MUST be either the "all systems on this link" multicast address (224.0.0.1) [11] or the "limited broadcast" address (255.255.255.255). The subnet-directed broadcast address of the form <prefix>.<-1> cannot be used since mobile nodes will not generally know the prefix of the foreign network. When the Agent Advertisement is unicast to a mobile node, the IP home address of the mobile node SHOULD be used as the Destination Address.
按照ICMP路由器发现[10]的规定,多播代理播发的IP目标地址必须是“此链路上的所有系统”多播地址(224.0.0.1)[11]或“有限广播”地址(255.255.255.255)。无法使用形式为<prefix><-1>的子网定向广播地址,因为移动节点通常不知道外部网络的前缀。当代理广告单播到移动节点时,应将移动节点的IP家庭地址用作目的地地址。
- ICMP Fields
- ICMP字段
Code The Code field of the agent advertisement is interpreted as follows:
代码代理广告的代码字段解释如下:
0 The mobility agent handles common traffic -- that is, it acts as a router for IP datagrams not necessarily related to mobile nodes. 16 The mobility agent does not route common traffic. However, all foreign agents MUST (minimally) forward to a default router any datagrams received from a registered mobile node (Section 4.2.2).
0移动代理处理公共流量——也就是说,它充当不一定与移动节点相关的IP数据报的路由器。16移动代理不路由公共业务。但是,所有外部代理必须(至少)将从注册移动节点接收到的任何数据报转发给默认路由器(第4.2.2节)。
Lifetime
一生
The maximum length of time that the Advertisement is considered valid in the absence of further Advertisements.
在没有其他广告的情况下,广告被视为有效的最长时间。
Router Address(es)
路由器地址
See Section 2.3.1 for a discussion of the addresses that may appear in this portion of the Agent Advertisement.
关于代理广告这一部分中可能出现的地址的讨论,请参见第2.3.1节。
Num Addrs
地址数
The number of Router Addresses advertised in this message. Note that in an Agent Advertisement message, the number of router addresses specified in the ICMP Router Advertisement portion of the message MAY be set to 0. See Section 2.3.1 for details.
此消息中公布的路由器地址数。注意,在代理播发消息中,在消息的ICMP路由器播发部分中指定的路由器地址的数目可以设置为0。详见第2.3.1节。
If sent periodically, the nominal interval at which Agent Advertisements are sent SHOULD be no longer than 1/3 of the advertisement Lifetime given in the ICMP header. This interval MAY be shorter than 1/3 the advertised Lifetime. This allows a mobile node to miss three successive advertisements before deleting the agent from its list of valid agents. The actual transmission time for each advertisement SHOULD be slightly randomized [10] in order to avoid synchronization and subsequent collisions with other Agent
如果定期发送,则发送代理播发的标称间隔应不超过ICMP标头中给出的播发生存期的1/3。此间隔可能短于公布寿命的1/3。这允许移动节点在从其有效代理列表中删除代理之前错过三个连续广告。每个广告的实际传输时间应稍微随机化[10],以避免同步和随后与其他代理发生冲突
Advertisements that may be sent by other agents (or with other Router Advertisements sent by other routers). Note that this field has no relation to the "Registration Lifetime" field within the Mobility Agent Advertisement Extension defined below.
可能由其他代理发送的广告(或与其他路由器发送的其他路由器广告一起发送)。请注意,此字段与下面定义的移动代理广告扩展中的“注册寿命”字段无关。
The Mobility Agent Advertisement Extension follows the ICMP Router Advertisement fields. It is used to indicate that an ICMP Router Advertisement message is also an Agent Advertisement being sent by a mobility agent. The Mobility Agent Advertisement Extension is defined as follows:
Mobility Agent播发扩展遵循ICMP路由器播发字段。它用于指示ICMP路由器广告消息也是由移动代理发送的代理广告。移动代理广告扩展定义如下:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero or more Care-of Addresses |
| ... |
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| zero or more Care-of Addresses |
| ... |
Type 16
类型16
Length (6 + 4*N), where 6 accounts for the number of bytes in the Sequence Number, Registration Lifetime, flags, and reserved fields, and N is the number of care-of addresses advertised.
长度(6+4*N),其中6表示序列号、注册生存期、标志和保留字段中的字节数,N表示公布的转交地址数。
Sequence Number
序列号
The count of Agent Advertisement messages sent since the agent was initialized (Section 2.3.2).
自代理初始化以来发送的代理播发消息的计数(第2.3.2节)。
Registration Lifetime
注册寿命
The longest lifetime (measured in seconds) that this agent is willing to accept in any Registration Request. A value of 0xffff indicates infinity. This field has no relation to the "Lifetime" field within the ICMP Router Advertisement portion of the Agent Advertisement.
此代理在任何注册请求中愿意接受的最长生存期(以秒为单位)。0xffff值表示无穷大。此字段与代理播发的ICMP路由器播发部分中的“生存期”字段无关。
R Registration required. Registration with this foreign agent (or another foreign agent on this link) is required even when using a co-located care-of address.
R需要注册。即使使用同一地点的转交地址,也需要向该外国代理(或此链接上的其他外国代理)注册。
B Busy. The foreign agent will not accept registrations from additional mobile nodes.
B很忙。外部代理将不接受来自其他移动节点的注册。
H Home agent. This agent offers service as a home agent on the link on which this Agent Advertisement message is sent.
H国内代理人。此代理作为本地代理在发送此代理广告消息的链接上提供服务。
F Foreign agent. This agent offers service as a foreign agent on the link on which this Agent Advertisement message is sent.
F外国代理人。此代理作为外部代理在发送此代理广告消息的链接上提供服务。
M Minimal encapsulation. This agent implements receiving tunneled datagrams that use minimal encapsulation [34].
M最小封装。此代理实现接收使用最小封装的隧道数据报[34]。
G GRE encapsulation. This agent implements receiving tunneled datagrams that use GRE encapsulation [16].
G-GRE封装。此代理实现接收使用GRE封装的隧道数据报[16]。
r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.
r发送为零;接待时被忽略。不应分配给任何其他用途。
T Foreign agent supports reverse tunneling [27].
T外部代理支持反向隧道[27]。
reserved Sent as zero; ignored on reception.
保留发送为零;接待时被忽略。
Care-of Address(es)
转交地址
The advertised foreign agent care-of address(es) provided by this foreign agent. An Agent Advertisement MUST include at least one care-of address if the 'F' bit is set. The number of care-of addresses present is determined by the Length field in the Extension.
该外国代理提供的广告外国代理转交地址。如果设置了“F”位,代理广告必须至少包含一个转交地址。存在的转交地址数由扩展名中的长度字段确定。
A home agent MUST always be prepared to serve the mobile nodes for which it is the home agent. A foreign agent may at times be too busy to serve additional mobile nodes; even so, it must continue to send Agent Advertisements, so that any mobile nodes already registered with it will know that they have not moved out of range of the foreign agent and that the foreign agent has not failed. A foreign agent may indicate that it is "too busy" to allow new mobile nodes to register with it, by setting the 'B' bit in its Agent Advertisements. An Agent Advertisement message MUST NOT have the 'B' bit set if the 'F' bit is not also set. Furthermore, at least one of the 'F' bit and the 'H' bit MUST be set in any Agent Advertisement message sent.
归属代理必须始终准备为其作为归属代理的移动节点提供服务。外部代理有时可能太忙,无法为其他移动节点提供服务;即使如此,它也必须继续发送代理广告,以便已经向其注册的任何移动节点都知道它们没有移出外部代理的范围,并且外部代理没有失败。外部代理可以通过在其代理播发中设置“B”位来指示其“太忙”,无法允许新的移动节点向其注册。如果未设置“F”位,则代理播发消息不得设置“B”位。此外,在发送的任何代理广告消息中,必须至少设置“F”位和“H”位中的一个。
When a foreign agent wishes to require registration even from those mobile nodes which have acquired a co-located care-of address, it sets the 'R' bit to one. Because this bit applies only to foreign agents, an agent MUST NOT set the 'R' bit to one unless the 'F' bit is also set to one.
当外部代理希望要求注册,即使是从那些已获得共同定位转交地址的移动节点注册时,它会将“R”位设置为1。由于此位仅适用于外部代理,代理不得将“R”位设置为1,除非“F”位也设置为1。
The Prefix-Lengths Extension MAY follow the Mobility Agent Advertisement Extension. It is used to indicate the number of bits of network prefix that applies to each Router Address listed in the ICMP Router Advertisement portion of the Agent Advertisement. Note that the prefix lengths given DO NOT apply to care-of address(es) listed in the Mobility Agent Advertisement Extension. The Prefix-Lengths Extension is defined as follows:
前缀长度扩展可以跟随移动代理广告扩展。它用于指示应用于代理播发的ICMP路由器播发部分中列出的每个路由器地址的网络前缀位数。注意,给出的前缀长度不适用于移动代理广告扩展中列出的转交地址。前缀长度扩展定义如下:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Prefix Length | ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Prefix Length | ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 19 (Prefix-Lengths Extension)
类型19(前缀长度扩展)
Length N, where N is the value (possibly zero) of the Num Addrs field in the ICMP Router Advertisement portion of the Agent Advertisement.
长度N,其中N是代理播发的ICMP路由器播发部分中Num Addrs字段的值(可能为零)。
Prefix Length(s)
前缀长度(s)
The number of leading bits that define the network number of the corresponding Router Address listed in the ICMP Router Advertisement portion of the message. The prefix length for each Router Address is encoded as a separate byte, in the order that the Router Addresses are listed in the ICMP Router Advertisement portion of the message.
前导位数,用于定义消息的ICMP路由器公告部分中列出的相应路由器地址的网络号。每个路由器地址的前缀长度编码为一个单独的字节,按照路由器地址在消息的ICMP路由器公告部分中列出的顺序。
See Section 2.4.2 for information about how the Prefix-Lengths Extension MAY be used by a mobile node when determining whether it has moved. See Appendix E for implementation details about the use of this Extension.
有关移动节点在确定其是否已移动时如何使用前缀长度扩展的信息,请参见第2.4.2节。有关使用此扩展的实施细节,请参见附录E。
Some IP protocol implementations insist upon padding ICMP messages to an even number of bytes. If the ICMP length of an Agent Advertisement is odd, this Extension MAY be included in order to make the ICMP length even. Note that this Extension is NOT intended to be a general-purpose Extension to be included in order to word- or long-align the various fields of the Agent Advertisement. An Agent Advertisement SHOULD NOT include more than one One-byte Padding Extension and if present, this Extension SHOULD be the last Extension in the Agent Advertisement.
一些IP协议实现坚持将ICMP消息填充到偶数字节。如果代理播发的ICMP长度为奇数,则可以包括此扩展以使ICMP长度为偶数。请注意,此扩展不打算作为通用扩展,以便对代理广告的各个字段进行字对齐或长对齐。代理播发不应包含多个单字节填充扩展名,如果存在,则此扩展名应是代理播发中的最后一个扩展名。
Note that unlike other Extensions used in Mobile IP, the One-byte Padding Extension is encoded as a single byte, with no "Length" nor "Data" field present. The One-byte Padding Extension is defined as follows:
请注意,与移动IP中使用的其他扩展不同,单字节填充扩展被编码为单个字节,不存在“长度”或“数据”字段。单字节填充扩展定义如下:
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Type |
+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7
+-+-+-+-+-+-+-+-+
| Type |
+-+-+-+-+-+-+-+-+
Type 0 (One-byte Padding Extension)
类型0(单字节填充扩展名)
An Agent Solicitation is identical to an ICMP Router Solicitation with the further restriction that the IP TTL Field MUST be set to 1.
代理请求与ICMP路由器请求相同,但进一步限制IP TTL字段必须设置为1。
Any mobility agent which cannot be discovered by a link-layer protocol MUST send Agent Advertisements. An agent which can be discovered by a link-layer protocol SHOULD also implement Agent Advertisements. However, the Advertisements need not be sent, except when the site policy requires registration with the agent (i.e., when the 'R' bit is set), or as a response to a specific Agent Solicitation. All mobility agents MUST process packets that they receive addressed to the Mobile-Agents multicast group, at address 224.0.0.11. A mobile node MAY send an Agent Solicitation to 224.0.0.11. All mobility agents SHOULD respond to Agent Solicitations.
链路层协议无法发现的任何移动代理都必须发送代理播发。可以通过链路层协议发现的代理也应该实现代理播发。但是,不需要发送广告,除非站点策略要求向代理注册(即,设置了“R”位),或者作为对特定代理请求的响应。所有移动代理必须处理它们接收的数据包,这些数据包的地址是移动代理多播组,地址为224.0.0.11。移动节点可向224.0.0.11发送代理请求。所有移动代理都应响应代理请求。
The same procedures, defaults, and constants are used in Agent Advertisement messages and Agent Solicitation messages as specified for ICMP Router Discovery [10], except that:
为ICMP路由器发现[10]指定的代理播发消息和代理请求消息中使用相同的过程、默认值和常量,但以下情况除外:
- a mobility agent MUST limit the rate at which it sends broadcast or multicast Agent Advertisements; the maximum rate SHOULD be chosen so that the Advertisements do not consume a significant amount of network bandwidth, AND
- 移动代理必须限制其发送广播或多播代理广告的速率;应选择最大速率,以便广告不会占用大量网络带宽,以及
- a mobility agent that receives a Router Solicitation MUST NOT require that the IP Source Address is the address of a neighbor (i.e., an address that matches one of the router's own addresses on the arrival interface, under the subnet mask associated with that address of the router).
- 接收路由器请求的移动代理不得要求IP源地址是邻居的地址(即,在与路由器地址相关联的子网掩码下,与到达接口上的路由器自身地址之一相匹配的地址)。
- a mobility agent MAY be configured to send Agent Advertisements only in response to an Agent Solicitation message.
- 移动代理可被配置为仅响应于代理请求消息而发送代理广告。
If the home network is not a virtual network, then the home agent for any mobile node SHOULD be located on the link identified by the mobile node's home address, and Agent Advertisement messages sent by the home agent on this link MUST have the 'H' bit set. In this way, mobile nodes on their own home network will be able to determine that they are indeed at home. Any Agent Advertisement messages sent by the home agent on another link to which it may be attached (if it is a mobility agent serving more than one link), MUST NOT have the 'H' bit set, unless the home agent also serves as a home agent (to other mobile nodes) on that other link. A mobility agent MAY use different settings for each of the 'R', 'H', and 'F' bits on different network interfaces.
如果归属网络不是虚拟网络,则任何移动节点的归属代理应位于由移动节点的归属地址标识的链路上,并且归属代理在此链路上发送的代理广告消息必须设置“H”位。这样,他们自己家庭网络上的移动节点将能够确定他们确实在家。由归属代理在其可能附加到的另一链路上发送的任何代理广告消息(如果它是服务于多个链路的移动代理)不得设置“H”位,除非归属代理还在该另一链路上充当归属代理(到其他移动节点)。移动代理可以对不同网络接口上的“R”、“H”和“F”比特中的每一个使用不同的设置。
If the home network is a virtual network, the home network has no physical realization external to the home agent itself. In this case, there is no physical network link on which to send Agent Advertisement messages advertising the home agent. Mobile nodes for which this is the home network are always treated as being away from home.
如果家庭网络是虚拟网络,则家庭网络在家庭代理自身之外没有物理实现。在这种情况下,没有物理网络链路可用于发送代理广告消息以宣传归属代理。这是家庭网络的移动节点总是被视为远离家庭。
On a particular subnet, either all mobility agents MUST include the Prefix-Lengths Extension or all of them MUST NOT include this Extension. Equivalently, it is prohibited for some agents on a given subnet to include the Extension but for others not to include it. Otherwise, one of the move detection algorithms designed for mobile nodes will not function properly (Section 2.4.2).
在特定子网上,所有移动代理都必须包含前缀长度扩展,或者所有移动代理都不能包含此扩展。同样,禁止给定子网上的某些代理包含扩展,但禁止其他代理不包含扩展。否则,为移动节点设计的移动检测算法之一将无法正常工作(第2.4.2节)。
The ICMP Router Advertisement portion of the Agent Advertisement MAY contain one or more router addresses. An agent SHOULD only put its own addresses, if any, in the advertisement. Whether or not its own address appears in the Router Addresses, a foreign agent MUST route datagrams it receives from registered mobile nodes (Section 4.2.2).
代理播发的ICMP路由器播发部分可以包含一个或多个路由器地址。代理商只应在广告中注明自己的地址(如有)。无论其自身地址是否出现在路由器地址中,外部代理必须路由其从注册移动节点接收的数据报(第4.2.2节)。
The sequence number in Agent Advertisements ranges from 0 to 0xffff. After booting, an agent MUST use the number 0 for its first advertisement. Each subsequent advertisement MUST use the sequence number one greater, with the exception that the sequence number 0xffff MUST be followed by sequence number 256. In this way, mobile nodes can distinguish a reduction in the sequence number that occurs after a reboot from a reduction that results in rollover of the sequence number after it attains the value 0xffff.
代理播发中的序列号范围为0到0xffff。启动后,代理必须将数字0用于其第一次播发。每个后续播发必须使用大于1的序列号,但序列号0xffff后面必须跟序列号256。通过这种方式,移动节点可以区分重新启动后发生的序列号减少和在序列号达到值0xffff后导致序列号滚动的减少。
Every mobile node MUST implement Agent Solicitation. Solicitations SHOULD only be sent in the absence of Agent Advertisements and when a care-of address has not been determined through a link-layer protocol or other means. The mobile node uses the same procedures, defaults, and constants for Agent Solicitation as specified for ICMP Router Solicitation messages [10], except that the mobile node MAY solicit more often than once every three seconds, and that a mobile node that is currently not connected to any foreign agent MAY solicit more times than MAX_SOLICITATIONS.
每个移动节点都必须实现代理请求。只有在没有代理广告以及未通过链路层协议或其他方式确定转交地址的情况下,才应发送请求。移动节点使用与ICMP路由器请求消息[10]相同的过程、默认值和常量进行代理请求,但移动节点可能每三秒请求一次以上,并且,当前未连接到任何外部代理的移动节点的请求次数可能超过MAX_请求次数。
The rate at which a mobile node sends Solicitations MUST be limited by the mobile node. The mobile node MAY send three initial Solicitations at a maximum rate of one per second while searching for an agent. After this, the rate at which Solicitations are sent MUST be reduced so as to limit the overhead on the local link. Subsequent Solicitations MUST be sent using a binary exponential backoff mechanism, doubling the interval between consecutive Solicitations, up to a maximum interval. The maximum interval SHOULD be chosen appropriately based upon the characteristics of the media over which the mobile node is soliciting. This maximum interval SHOULD be at least one minute between Solicitations.
移动节点发送请求的速率必须受到移动节点的限制。移动节点可以在搜索代理时以每秒一个的最大速率发送三个初始请求。在此之后,必须降低发送请求的速率,以限制本地链路上的开销。后续请求必须使用二进制指数退避机制发送,将连续请求之间的间隔增加一倍,直至达到最大间隔。最大间隔应基于移动节点正在请求的媒体的特征来适当地选择。两次招标之间的最大间隔应至少为一分钟。
While still searching for an agent, the mobile node MUST NOT increase the rate at which it sends Solicitations unless it has received a positive indication that it has moved to a new link. After successfully registering with an agent, the mobile node SHOULD also increase the rate at which it will send Solicitations when it next begins searching for a new agent with which to register. The increased solicitation rate MAY revert to the maximum rate, but then MUST be limited in the manner described above. In all cases, the recommended solicitation intervals are nominal values. Mobile nodes MUST randomize their solicitation times around these nominal values as specified for ICMP Router Discovery [10].
当仍在搜索代理时,移动节点不得增加其发送请求的速率,除非其已收到移动到新链路的肯定指示。在成功地向代理注册之后,移动节点还应该提高其在下一次开始搜索要注册的新代理时发送请求的速率。增加的征集率可以恢复为最高率,但必须以上述方式加以限制。在所有情况下,建议的招标间隔均为标称值。移动节点必须按照ICMP路由器发现[10]的规定,围绕这些标称值随机化其请求时间。
Mobile nodes MUST process received Agent Advertisements. A mobile node can distinguish an Agent Advertisement message from other uses of the ICMP Router Advertisement message by examining the number of advertised addresses and the IP Total Length field. When the IP total length indicates that the ICMP message is longer than needed for the number of advertised addresses, the remaining data is interpreted as one or more Extensions. The presence of a Mobility Agent Advertisement Extension identifies the advertisement as an Agent Advertisement.
移动节点必须处理接收到的代理播发。移动节点可以通过检查播发地址的数量和IP总长度字段,将代理播发消息与ICMP路由器播发消息的其他用途区分开来。当IP总长度指示ICMP消息的长度超过播发地址数所需的长度时,剩余数据将被解释为一个或多个扩展。移动代理广告扩展的存在将广告标识为代理广告。
If there is more than one advertised address, the mobile node SHOULD pick the first address for its initial registration attempt. If the registration attempt fails with a status Code indicating rejection by the foreign agent, the mobile node MAY retry the attempt with each subsequent advertised address in turn.
如果有多个播发地址,移动节点应为其初始注册尝试选择第一个地址。如果注册尝试失败,并且状态代码指示被外部代理拒绝,则移动节点可以依次使用每个后续播发地址重试该尝试。
When multiple methods of agent discovery are in use, the mobile node SHOULD first attempt registration with agents including Mobility Agent Advertisement Extensions in their advertisements, in preference to those discovered by other means. This preference maximizes the likelihood that the registration will be recognized, thereby minimizing the number of registration attempts.
当使用多个代理发现方法时,移动节点应首先尝试向代理注册,包括在其广告中的移动代理广告扩展,优先于通过其他手段发现的那些。这种偏好最大化了注册被识别的可能性,从而最小化了注册尝试的次数。
A mobile node MUST ignore reserved bits in Agent Advertisements, as opposed to discarding such advertisements. In this way, new bits can be defined later, without affecting the ability for mobile nodes to use the advertisements even when the newly defined bits are not understood.
移动节点必须忽略代理播发中的保留位,而不是丢弃此类播发。这样,可以稍后定义新比特,而不影响移动节点使用广告的能力,即使在不理解新定义的比特时也是如此。
When the mobile node receives an Agent Advertisement with the 'R' bit set, the mobile node SHOULD register through the foreign agent, even when the mobile node might be able to acquire its own co-located care-of address. This feature is intended to allow sites to enforce visiting policies (such as accounting) which require exchanges of authorization.
当移动节点接收到设置了“R”位的代理广告时,移动节点应通过外部代理注册,即使移动节点可能能够获取其自己的同址转交地址。此功能旨在允许站点强制执行需要交换授权的访问策略(如记帐)。
If formerly reserved bits require some kind of monitoring/enforcement at the foreign link, foreign agents implementing the new specification for the formerly reserved bits can set the 'R' bit. This has the effect of forcing the mobile node to register through the foreign agent, so the foreign agent could then monitor/enforce the policy.
如果以前保留的位需要在外部链路上进行某种监视/强制,则为以前保留的位实施新规范的外部代理可以设置“R”位。这具有强制移动节点通过外部代理注册的效果,因此外部代理随后可以监视/实施策略。
Two primary mechanisms are provided for mobile nodes to detect when they have moved from one subnet to another. Other mechanisms MAY also be used. When the mobile node detects that it has moved, it SHOULD register (Section 3) with a suitable care-of address on the new foreign network. However, the mobile node MUST NOT register more frequently than once per second on average, as specified in Section 3.6.3.
当移动节点从一个子网移动到另一个子网时,为其提供了两种主要的检测机制。也可以使用其他机制。当移动节点检测到它已经移动时,它应该在新的外部网络上用适当的转交地址注册(第3节)。但是,如第3.6.3节所述,移动节点的注册频率不得超过平均每秒一次。
The first method of move detection is based upon the Lifetime field within the main body of the ICMP Router Advertisement portion of the Agent Advertisement. A mobile node SHOULD record the Lifetime received in any Agent Advertisements, until that Lifetime expires. If the mobile node fails to receive another advertisement from the same agent within the specified Lifetime, it SHOULD assume that it has lost contact with that agent. If the mobile node has previously received an Agent Advertisement from another agent for which the Lifetime field has not yet expired, the mobile node MAY immediately attempt registration with that other agent. Otherwise, the mobile node SHOULD attempt to discover a new agent with which to register.
第一种移动检测方法基于代理广告的ICMP路由器广告部分的主体内的生存期字段。移动节点应记录在任何代理播发中接收的生存期,直到该生存期到期。如果移动节点在指定的生存期内未能从同一代理接收到另一个广告,则应假定它已与该代理失去联系。如果移动节点先前已经从另一个代理接收到代理广告,其生存期字段尚未过期,则移动节点可以立即尝试向该另一个代理注册。否则,移动节点应尝试发现要注册的新代理。
The second method uses network prefixes. The Prefix-Lengths Extension MAY be used in some cases by a mobile node to determine whether or not a newly received Agent Advertisement was received on the same subnet as the mobile node's current care-of address. If the prefixes differ, the mobile node MAY assume that it has moved. If a mobile node is currently using a foreign agent care-of address, the mobile node SHOULD NOT use this method of move detection unless both the current agent and the new agent include the Prefix-Lengths Extension in their respective Agent Advertisements; if this Extension is missing from one or both of the advertisements, this method of move detection SHOULD NOT be used. Similarly, if a mobile node is using a co-located care-of address, it SHOULD not use this method of move detection unless the new agent includes the Prefix-Lengths Extension in its Advertisement and the mobile node knows the network prefix of its current co-located care-of address. On the expiration of its current registration, if this method indicates that the mobile node has moved, rather than re-registering with its current care-of address, a mobile node MAY choose instead to register with a the foreign agent sending the new Advertisement with the different network prefix. The Agent Advertisement on which the new registration is based MUST NOT have expired according to its Lifetime field.
第二种方法使用网络前缀。在某些情况下,移动节点可以使用前缀长度扩展来确定新接收的代理广告是否在与移动节点的当前转交地址相同的子网上接收。如果前缀不同,则移动节点可假定其已移动。如果移动节点当前正在使用外部代理转交地址,则移动节点不应使用该移动检测方法,除非当前代理和新代理在其各自的代理广告中包括前缀长度扩展;如果一个或两个广告中缺少此扩展,则不应使用此移动检测方法。类似地,如果移动节点正在使用同一位置的转交地址,则其不应使用这种移动检测方法,除非新代理在其广告中包括前缀长度扩展,并且移动节点知道其当前同一位置的转交地址的网络前缀。在其当前注册到期时,如果该方法指示移动节点已经移动,而不是使用其当前转交地址重新注册,则移动节点可以选择向发送具有不同网络前缀的新广告的外部代理注册。根据其生存期字段,新注册所基于的代理广告不得过期。
A mobile node can detect that it has returned to its home network when it receives an Agent Advertisement from its own home agent. If so, it SHOULD deregister with its home agent (Section 3). Before attempting to deregister, the mobile node SHOULD configure its routing table appropriately for its home network (Section 4.2.1). In
当移动节点从它自己的归属代理接收代理广告时,它可以检测到它已经返回到它的归属网络。如果是这样,则应向其国内代理注销注册(第3节)。在尝试注销之前,移动节点应为其家庭网络适当配置其路由表(第4.2.1节)。在里面
addition, if the home network is using ARP [36], the mobile node MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP.
此外,如果家庭网络使用ARP[36],移动节点必须遵循第4.6节中描述的有关ARP、代理ARP和免费ARP的程序。
If a mobile node detects two successive values of the sequence number in the Agent Advertisements from the foreign agent with which it is registered, the second of which is less than the first and inside the range 0 to 255, the mobile node SHOULD register again. If the second value is less than the first but is greater than or equal to 256, the mobile node SHOULD assume that the sequence number has rolled over past its maximum value (0xffff), and that reregistration is not necessary (Section 2.3).
如果移动节点检测到来自其注册的外部代理的代理广告中的序列号的两个连续值,其中第二个值小于第一个值并且在0到255范围内,则移动节点应再次注册。如果第二个值小于第一个值但大于或等于256,则移动节点应假定序列号已超过其最大值(0xffff),并且无需重新注册(第2.3节)。
Mobile IP registration provides a flexible mechanism for mobile nodes to communicate their current reachability information to their home agent. It is the method by which mobile nodes:
移动IP注册为移动节点提供了一种灵活的机制,用于将其当前可达性信息传递给其归属代理。它是移动节点执行以下操作的方法:
- request forwarding services when visiting a foreign network,
- 访问外部网络时请求转发服务,
- inform their home agent of their current care-of address,
- 将其当前转交地址告知其国内代理商,
- renew a registration which is due to expire, and/or
- 更新到期的注册,和/或
- deregister when they return home.
- 当他们回家时注销注册。
Registration messages exchange information between a mobile node, (optionally) a foreign agent, and the home agent. Registration creates or modifies a mobility binding at the home agent, associating the mobile node's home address with its care-of address for the specified Lifetime.
注册消息在移动节点(可选)外部代理和归属代理之间交换信息。注册在归属代理处创建或修改移动绑定,将移动节点的归属地址与其指定生存期内的转交地址相关联。
Several other (optional) capabilities are available through the registration procedure, which enable a mobile node to:
通过注册过程,还可以使用其他几种(可选)功能,这些功能使移动节点能够:
- discover its home address, if the mobile node is not configured with this information.
- 如果移动节点未配置此信息,则查找其家庭地址。
- maintain multiple simultaneous registrations, so that a copy of each datagram will be tunneled to each active care-of address
- 维护多个同时注册,以便将每个数据报的副本通过隧道传输到每个主动转交地址
- deregister specific care-of addresses while retaining other mobility bindings, and
- 取消注册特定转交地址,同时保留其他移动绑定,以及
- discover the address of a home agent if the mobile node is not configured with this information.
- 如果移动节点未配置此信息,则查找归属代理的地址。
Mobile IP defines two different registration procedures, one via a foreign agent that relays the registration to the mobile node's home agent, and one directly with the mobile node's home agent. The following rules determine which of these two registration procedures to use in any particular circumstance:
移动IP定义了两种不同的注册过程,一种是通过将注册转发给移动节点的归属代理的外部代理,另一种是直接与移动节点的归属代理。以下规则确定在任何特定情况下使用这两种注册程序中的哪一种:
- If a mobile node is registering a foreign agent care-of address, the mobile node MUST register via that foreign agent.
- 如果移动节点正在注册外部代理转交地址,则移动节点必须通过该外部代理进行注册。
- If a mobile node is using a co-located care-of address, and receives an Agent Advertisement from a foreign agent on the link on which it is using this care-of address, the mobile node SHOULD register via that foreign agent (or via another foreign agent on this link) if the 'R' bit is set in the received Agent Advertisement message.
- 如果移动节点正在使用同一位置的转交地址,并且在其使用该转交地址的链路上从外部代理接收代理广告,则如果在接收到的代理广告消息中设置了“R”位,则移动节点应通过该外部代理(或通过该链路上的另一外部代理)注册。
- If a mobile node is otherwise using a co-located care-of address, the mobile node MUST register directly with its home agent.
- 如果移动节点以其他方式使用同一位置的转交地址,则移动节点必须直接向其归属代理注册。
- If a mobile node has returned to its home network and is (de)registering with its home agent, the mobile node MUST register directly with its home agent.
- 如果移动节点已返回其家庭网络并且正在向其家庭代理(取消)注册,则移动节点必须直接向其家庭代理注册。
Both registration procedures involve the exchange of Registration Request and Registration Reply messages (Sections 3.3 and 3.4). When registering via a foreign agent, the registration procedure requires the following four messages:
两种注册程序均涉及注册请求和注册回复信息的交换(第3.3节和第3.4节)。通过外国代理注册时,注册过程需要以下四条消息:
a) The mobile node sends a Registration Request to the prospective foreign agent to begin the registration process.
a) 移动节点向预期的外部代理发送注册请求以开始注册过程。
b) The foreign agent processes the Registration Request and then relays it to the home agent.
b) 外国代理处理注册请求,然后将其转发给本国代理。
c) The home agent sends a Registration Reply to the foreign agent to grant or deny the Request.
c) 本国代理向外国代理发送注册回复,以批准或拒绝请求。
d) The foreign agent processes the Registration Reply and then relays it to the mobile node to inform it of the disposition of its Request.
d) 外部代理处理注册回复,然后将其转发给移动节点,以通知其请求的处理情况。
When the mobile node instead registers directly with its home agent, the registration procedure requires only the following two messages:
当移动节点直接向其归属代理注册时,注册过程只需要以下两条消息:
a) The mobile node sends a Registration Request to the home agent.
a) 移动节点向归属代理发送注册请求。
b) The home agent sends a Registration Reply to the mobile node, granting or denying the Request.
b) 归属代理向移动节点发送注册回复,批准或拒绝请求。
The registration messages defined in Sections 3.3 and 3.4 use the User Datagram Protocol (UDP) [37]. A nonzero UDP checksum SHOULD be included in the header, and MUST be checked by the recipient. A zero UDP checksum SHOULD be accepted by the recipient. The behavior of the mobile node and the home agent with respect to their mutual acceptance of packets with zero UDP checksums SHOULD be defined as part of the mobility security association which exists between them.
第3.3节和第3.4节中定义的注册消息使用用户数据报协议(UDP)[37]。标头中应包含非零UDP校验和,并且必须由收件人进行检查。收件人应接受零UDP校验和。移动节点和归属代理相互接受UDP校验和为零的数据包的行为应定义为它们之间存在的移动安全关联的一部分。
Each mobile node, foreign agent, and home agent MUST be able to support a mobility security association for mobile entities, indexed by their SPI and IP address. In the case of the mobile node, this must be its Home Address. See Section 5.1 for requirements for support of authentication algorithms. Registration messages between a mobile node and its home agent MUST be authenticated with an authorization-enabling extension, e.g. the Mobile-Home Authentication Extension (Section 3.5.2). This extension MUST be the first authentication extension; other foreign agent-specific extensions MAY be added to the message after the mobile node computes the authentication.
每个移动节点、外部代理和归属代理必须能够支持移动实体的移动安全关联,并根据其SPI和IP地址进行索引。对于移动节点,这必须是其家庭地址。有关认证算法支持的要求,请参见第5.1节。移动节点及其归属代理之间的注册消息必须通过授权启用扩展进行身份验证,例如移动归属身份验证扩展(第3.5.2节)。此扩展必须是第一个身份验证扩展;在移动节点计算认证之后,可以向消息添加其他特定于外部代理的扩展。
A mobile node registers with its home agent using a Registration Request message so that its home agent can create or modify a mobility binding for that mobile node (e.g., with a new lifetime). The Request may be relayed to the home agent by the foreign agent through which the mobile node is registering, or it may be sent directly to the home agent in the case in which the mobile node is registering a co-located care-of address.
移动节点使用注册请求消息向其归属代理注册,以便其归属代理可以为该移动节点创建或修改移动绑定(例如,具有新的生存期)。该请求可以由移动节点正在通过其注册的外部代理转发给归属代理,或者在移动节点正在注册共同定位的转交地址的情况下,该请求可以直接发送给归属代理。
IP fields:
IP字段:
Source Address Typically the interface address from which the message is sent.
源地址通常是发送消息的接口地址。
Destination Address Typically that of the foreign agent or the home agent.
目标地址通常是外国代理或本国代理的地址。
See Sections 3.6.1.1 and 3.7.2.2 for details. UDP fields:
详见第3.6.1.1节和第3.7.2.2节。UDP字段:
Source Port variable
源端口变量
Destination Port 434
目的港434
The UDP header is followed by the Mobile IP fields shown below:
UDP标头后面是移动IP字段,如下所示:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type |S|B|D|M|G|r|T|x| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ...
+-+-+-+-+-+-+-+-
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type |S|B|D|M|G|r|T|x| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ...
+-+-+-+-+-+-+-+-
Type 1 (Registration Request)
第1类(注册申请)
S Simultaneous bindings. If the 'S' bit is set, the mobile node is requesting that the home agent retain its prior mobility bindings, as described in Section 3.6.1.2.
S同时绑定。如果设置了“S”位,则移动节点请求归属代理保留其先前的移动绑定,如第3.6.1.2节所述。
B Broadcast datagrams. If the 'B' bit is set, the mobile node requests that the home agent tunnel to it any broadcast datagrams that it receives on the home network, as described in Section 4.3.
B广播数据报。如果设置了“B”位,则移动节点请求归属代理将其在归属网络上接收到的任何广播数据报通过隧道传送给它,如第4.3节所述。
D Decapsulation by mobile node. If the 'D' bit is set, the mobile node will itself decapsulate datagrams which are sent to the care-of address. That is, the mobile node is using a co-located care-of address.
D通过移动节点解除封装。如果设置了“D”位,则移动节点将自行对发送到转交地址的数据报进行解密。也就是说,移动节点正在使用共同定位的转交地址。
M Minimal encapsulation. If the 'M' bit is set, the mobile node requests that its home agent use minimal encapsulation [34] for datagrams tunneled to the mobile node.
M最小封装。如果设置了“M”位,则移动节点请求其归属代理对隧道传输到移动节点的数据报使用最小封装[34]。
G GRE encapsulation. If the 'G' bit is set, the mobile node requests that its home agent use GRE encapsulation [16] for datagrams tunneled to the mobile node.
G-GRE封装。如果设置了“G”位,则移动节点请求其归属代理对隧道传输到移动节点的数据报使用GRE封装[16]。
r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.
r发送为零;接待时被忽略。不应分配给任何其他用途。
T Reverse Tunneling requested; see [27].
T要求反向隧道;见[27]。
x Sent as zero; ignored on reception.
x作为零发送;接待时被忽略。
Lifetime
一生
The number of seconds remaining before the registration is considered expired. A value of zero indicates a request for deregistration. A value of 0xffff indicates infinity.
注册被视为过期之前剩余的秒数。值为零表示请求注销。0xffff值表示无穷大。
Home Address
家庭住址
The IP address of the mobile node.
移动节点的IP地址。
Home Agent
国内代理
The IP address of the mobile node's home agent.
移动节点的归属代理的IP地址。
Care-of Address
转交地址
The IP address for the end of the tunnel.
隧道末端的IP地址。
Identification
识别
A 64-bit number, constructed by the mobile node, used for matching Registration Requests with Registration Replies, and for protecting against replay attacks of registration messages. See Sections 5.4 and 5.7.
由移动节点构造的64位数字,用于将注册请求与注册回复进行匹配,并用于防止注册消息的重播攻击。见第5.4节和第5.7节。
Extensions
扩展
The fixed portion of the Registration Request is followed by one or more of the Extensions listed in Section 3.5. An authorization-enabling extension MUST be included in all Registration Requests. See Sections 3.6.1.3 and 3.7.2.2 for information on the relative order in which different extensions, when present, MUST be placed in a Registration Request message.
注册请求的固定部分后面是第3.5节中列出的一个或多个扩展。所有注册请求中必须包含授权启用扩展。有关注册请求消息中不同扩展(如果存在)的相对顺序的信息,请参见第3.6.1.3节和第3.7.2.2节。
A mobility agent returns a Registration Reply message to a mobile node which has sent a Registration Request (Section 3.3) message. If the mobile node is requesting service from a foreign agent, that foreign agent will receive the Reply from the home agent and subsequently relay it to the mobile node. The Reply message contains the necessary codes to inform the mobile node about the status of its Request, along with the lifetime granted by the home agent, which MAY be smaller than the original Request.
移动代理向已发送注册请求(第3.3节)消息的移动节点返回注册回复消息。如果移动节点正在从外部代理请求服务,则该外部代理将接收来自归属代理的应答,并随后将其中继到移动节点。回复消息包含必要的代码,用于通知移动节点其请求的状态以及归属代理授予的生存期,该生存期可能小于原始请求。
The foreign agent MUST NOT increase the Lifetime selected by the mobile node in the Registration Request, since the Lifetime is covered by an authentication extension which enables authorization by the home agent. Such an extension contains authentication data which cannot be correctly (re)computed by the foreign agent. The home agent MUST NOT increase the Lifetime selected by the mobile node in the Registration Request, since doing so could increase it beyond the maximum Registration Lifetime allowed by the foreign agent. If the Lifetime received in the Registration Reply is greater than that in the Registration Request, the Lifetime in the Request MUST be used. When the Lifetime received in the Registration Reply is less than that in the Registration Request, the Lifetime in the Reply MUST be used.
外部代理不得增加移动节点在注册请求中选择的生存期,因为该生存期由允许归属代理授权的认证扩展覆盖。此类扩展包含外部代理无法正确(重新)计算的身份验证数据。归属代理不得增加移动节点在注册请求中选择的生存期,因为这样做可能会使其超过外部代理允许的最大注册生存期。如果注册回复中接收的生存期大于注册请求中的生存期,则必须使用请求中的生存期。当注册回复中接收的生存期小于注册请求中的生存期时,必须使用回复中的生存期。
IP fields:
IP字段:
Source Address Typically copied from the destination address of the Registration Request to which the agent is replying. See Sections 3.7.2.3 and 3.8.3.1 for complete details.
源地址通常是从代理答复的注册请求的目标地址复制的。完整详情见第3.7.2.3节和第3.8.3.1节。
Destination Address Copied from the source address of the Registration Request to which the agent is replying
从代理答复的注册请求的源地址复制的目标地址
UDP fields:
UDP字段:
Source Port <variable>
源端口<变量>
Destination Port Copied from the source port of the corresponding Registration Request (Section 3.7.1).
从相应注册请求的源端口复制的目标端口(第3.7.1节)。
The UDP header is followed by the Mobile IP fields shown below:
UDP标头后面是移动IP字段,如下所示:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ...
+-+-+-+-+-+-+-+-
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Extensions ...
+-+-+-+-+-+-+-+-
Type 3 (Registration Reply)
第3类(注册回复)
Code A value indicating the result of the Registration Request. See below for a list of currently defined Code values.
编码一个指示注册请求结果的值。有关当前定义的代码值列表,请参见下文。
Lifetime
一生
If the Code field indicates that the registration was accepted, the Lifetime field is set to the number of seconds remaining before the registration is considered expired. A value of zero indicates that the mobile node has been deregistered. A value of 0xffff indicates infinity. If the Code field indicates that the registration was denied, the contents of the Lifetime field are unspecified and MUST be ignored on reception.
如果“代码”字段指示注册已被接受,则“生存期”字段将设置为注册到期前剩余的秒数。值为零表示移动节点已取消注册。0xffff值表示无穷大。如果代码字段指示注册被拒绝,则生命周期字段的内容未指定,在接收时必须忽略。
Home Address
家庭住址
The IP address of the mobile node.
移动节点的IP地址。
Home Agent
国内代理
The IP address of the mobile node's home agent.
移动节点的归属代理的IP地址。
Identification
识别
A 64-bit number used for matching Registration Requests with Registration Replies, and for protecting against replay attacks of registration messages. The value is
一个64位数字,用于将注册请求与注册回复进行匹配,并用于防止注册消息的重播攻击。价值是
based on the Identification field from the Registration Request message from the mobile node, and on the style of replay protection used in the security context between the mobile node and its home agent (defined by the mobility security association between them, and SPI value in the authorization-enabling extension). See Sections 5.4 and 5.7.
基于来自移动节点的注册请求消息的标识字段,以及在移动节点及其归属代理之间的安全上下文中使用的重播保护类型(由它们之间的移动安全关联和授权启用扩展中的SPI值定义)。见第5.4节和第5.7节。
Extensions
扩展
The fixed portion of the Registration Reply is followed by one or more of the Extensions listed in Section 3.5. An authorization-enabling extension MUST be included in all Registration Replies returned by the home agent. See Sections 3.7.2.2 and 3.8.3.3 for rules on placement of extensions to Reply messages.
注册回复的固定部分后面是第3.5节中列出的一个或多个扩展。归属代理返回的所有注册回复中必须包含授权启用扩展。请参见第3.7.2.2节和第3.8.3.3节,了解回复消息扩展的放置规则。
The following values are defined for use within the Code field. Registration successful:
定义了以下值,以便在“代码”字段中使用。注册成功:
0 registration accepted 1 registration accepted, but simultaneous mobility bindings unsupported
0注册已接受1注册已接受,但不支持同时移动绑定
Registration denied by the foreign agent:
外国代理拒绝注册:
64 reason unspecified 65 administratively prohibited 66 insufficient resources 67 mobile node failed authentication 68 home agent failed authentication 69 requested Lifetime too long 70 poorly formed Request 71 poorly formed Reply 72 requested encapsulation unavailable 73 reserved and unavailable 77 invalid care-of address 78 registration timeout 80 home network unreachable (ICMP error received) 81 home agent host unreachable (ICMP error received) 82 home agent port unreachable (ICMP error received) 88 home agent unreachable (other ICMP error received)
64原因未指定65管理禁止66资源不足67移动节点身份验证失败68归属代理身份验证失败69请求的生存期太长70格式错误请求71格式错误回复72请求的封装不可用73保留和不可用77无效转交地址78注册超时80家庭网络不可访问(接收到ICMP错误)81家庭代理主机不可访问(接收到ICMP错误)82家庭代理端口不可访问(接收到ICMP错误)88家庭代理不可访问(接收到其他ICMP错误)
Registration denied by the home agent:
注册被总部代理拒绝:
128 reason unspecified 129 administratively prohibited 130 insufficient resources 131 mobile node failed authentication 132 foreign agent failed authentication 133 registration Identification mismatch 134 poorly formed Request 135 too many simultaneous mobility bindings 136 unknown home agent address
128原因未指定129管理禁止130资源不足131移动节点身份验证失败132外部代理身份验证失败133注册标识不匹配134格式错误请求135太多同时移动绑定136未知归属代理地址
Up-to-date values of the Code field are specified in the most recent "Assigned Numbers" [40].
代码字段的最新值在最新的“分配编号”[40]中指定。
The Authenticator value computed for each authentication Extension MUST protect the following fields from the registration message:
为每个身份验证扩展计算的身份验证程序值必须保护以下字段不受注册消息的影响:
- the UDP payload (that is, the Registration Request or Registration Reply data),
- UDP有效负载(即注册请求或注册回复数据),
- all prior Extensions in their entirety, and
- 所有先前扩展的全部内容,以及
- the Type, Length, and SPI of this Extension.
- 此扩展的类型、长度和SPI。
The default authentication algorithm uses HMAC-MD5 [23] to compute a 128-bit "message digest" of the registration message. The data over which the HMAC is computed is defined as:
默认身份验证算法使用HMAC-MD5[23]计算注册消息的128位“消息摘要”。计算HMAC的数据定义为:
- the UDP payload (that is, the Registration Request or Registration Reply data),
- UDP有效负载(即注册请求或注册回复数据),
- all prior Extensions in their entirety, and
- 所有先前扩展的全部内容,以及
- the Type, Length, and SPI of this Extension.
- 此扩展的类型、长度和SPI。
Note that the Authenticator field itself and the UDP header are NOT included in the computation of the default Authenticator value. See Section 5.1 for information about support requirements for message authentication codes, which are to be used with the various authentication Extensions.
请注意,验证器字段本身和UDP标头不包括在默认验证器值的计算中。有关消息身份验证代码的支持要求的信息,请参见第5.1节,消息身份验证代码将与各种身份验证扩展一起使用。
The Security Parameter Index (SPI) within any of the authentication Extensions defines the security context which is used to compute the Authenticator value and which MUST be used by the receiver to check that value. In particular, the SPI selects the authentication algorithm and mode (Section 5.1) and secret (a shared key, or appropriate public/private key pair) used in computing the Authenticator. In order to ensure interoperability between different implementations of the Mobile IP protocol, an implementation MUST be able to associate any SPI value with any authentication algorithm and mode which it implements. In addition, all implementations of Mobile IP MUST implement the default authentication algorithm (HMAC-MD5) specified above.
任何身份验证扩展中的安全参数索引(SPI)定义了安全上下文,该上下文用于计算验证器值,接收方必须使用该上下文来检查该值。具体而言,SPI选择用于计算认证器的认证算法和模式(第5.1节)以及机密(共享密钥或适当的公钥/私钥对)。为了确保移动IP协议的不同实现之间的互操作性,实现必须能够将任何SPI值与其实现的任何认证算法和模式相关联。此外,移动IP的所有实现都必须实现上面指定的默认身份验证算法(HMAC-MD5)。
Exactly one authorization-enabling extension MUST be present in all Registration Requests, and also in all Registration Replies generated by the Home Agent. The Mobile-Home Authentication Extension is always an authorization-enabling for registration messages specified in this document. This requirement is intended to eliminate problems [2] which result from the uncontrolled propagation of remote redirects in the Internet. The location of the extension marks the end of the authenticated data.
所有注册请求中以及由归属代理生成的所有注册回复中必须仅存在一个授权启用扩展。移动家庭身份验证扩展始终是本文档中指定的注册消息的授权。本要求旨在消除因远程重定向在Internet上不受控制的传播而导致的问题[2]。扩展的位置标志着经过身份验证的数据的结束。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 32
类型32
Length 4 plus the number of bytes in the Authenticator.
长度4加上验证器中的字节数。
SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).
SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。
Authenticator (variable length) (See Section 3.5.1.)
验证器(可变长度)(见第3.5.1节)
This Extension MAY be included in Registration Requests and Replies in cases in which a mobility security association exists between the mobile node and the foreign agent. See Section 5.1 for information about support requirements for message authentication codes.
在移动节点和外部代理之间存在移动安全关联的情况下,该扩展可以包括在注册请求和应答中。有关消息身份验证代码支持要求的信息,请参见第5.1节。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 33
类型33
Length 4 plus the number of bytes in the Authenticator.
长度4加上验证器中的字节数。
SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).
SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。
Authenticator (variable length) (See Section 3.5.1.)
验证器(可变长度)(见第3.5.1节)
This Extension MAY be included in Registration Requests and Replies in cases in which a mobility security association exists between the foreign agent and the home agent. See Section 5.1 for information about support requirements for message authentication codes.
在外国代理和本国代理之间存在移动安全关联的情况下,此扩展可以包括在注册请求和回复中。有关消息身份验证代码支持要求的信息,请参见第5.1节。
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | SPI ....
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
... SPI (cont.) | Authenticator ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 34
类型34
Length 4 plus the number of bytes in the Authenticator.
长度4加上验证器中的字节数。
SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).
SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。
Authenticator (variable length) (See Section 3.5.1.)
验证器(可变长度)(见第3.5.1节)
A mobile node MUST be configured with a netmask and a mobility security association for each of its home agents. In addition, a mobile node MAY be configured with its home address, and the IP
移动节点必须为其每个归属代理配置网络掩码和移动安全关联。此外,移动节点可以配置其家庭地址和IP地址
address of one or more of its home agents; otherwise, the mobile node MAY discover a home agent using the procedures described in Section 3.6.1.2.
一个或多个国内代理商的地址;否则,移动节点可以使用第3.6.1.2节中描述的过程来发现归属代理。
If the mobile node is not configured with a home address, it MAY use the Mobile Node NAI extension [6] to identify itself, and set the Home Address field of the Registration Request to 0.0.0.0. In this case, the mobile node MUST be able to assign its home address after extracting this information from the Registration Reply from the home agent.
如果移动节点未配置家庭地址,则其可使用移动节点NAI扩展[6]来识别自身,并将注册请求的家庭地址字段设置为0.0.0.0。在这种情况下,移动节点必须能够在从归属代理的注册回复中提取该信息之后分配其归属地址。
For each pending registration, the mobile node maintains the following information:
对于每个挂起的注册,移动节点维护以下信息:
- the link-layer address of the foreign agent to which the Registration Request was sent, if applicable, - the IP destination address of the Registration Request, - the care-of address used in the registration, - the Identification value sent in the registration, - the originally requested Lifetime, and - the remaining Lifetime of the pending registration.
- 注册请求发送到的外部代理的链路层地址,如适用,-注册请求的IP目标地址,-注册中使用的转交地址,-注册中发送的标识值,-最初请求的生存期,和-挂起注册的剩余生存期。
A mobile node SHOULD initiate a registration whenever it detects a change in its network connectivity. See Section 2.4.2 for methods by which mobile nodes MAY make such a determination. When it is away from home, the mobile node's Registration Request allows its home agent to create or modify a mobility binding for it. When it is at home, the mobile node's (de)Registration Request allows its home agent to delete any previous mobility binding(s) for it. A mobile node operates without the support of mobility functions when it is at home.
当移动节点检测到其网络连接发生变化时,应发起注册。请参阅第2.4.2节,了解移动节点可通过哪些方法进行此类确定。当移动节点离家时,移动节点的注册请求允许其归属代理为其创建或修改移动绑定。当移动节点在家中时,移动节点的(取消)注册请求允许其归属代理删除其之前的任何移动绑定。移动节点在家时不支持移动功能。
There are other conditions under which the mobile node SHOULD (re)register with its foreign agent, such as when the mobile node detects that the foreign agent has rebooted (as specified in Section 2.4.4) and when the current registration's Lifetime is near expiration.
在其他条件下,移动节点应(重新)向其外部代理注册,例如当移动节点检测到外部代理已重新启动(如第2.4.4节所述)以及当前注册的生存期即将到期时。
In the absence of link-layer indications of changes in point of attachment, Agent Advertisements from new agents SHOULD NOT cause a mobile node to attempt a new registration, if its current registration has not expired and it is still also receiving Agent Advertisements from the foreign agent with which it is currently registered. In the absence of link-layer indications, a mobile node MUST NOT attempt to register more often than once per second.
在没有连接点变化的链路层指示的情况下,如果移动节点的当前注册尚未过期,并且仍然从当前注册的外部代理接收代理广告,则来自新代理的代理广告不应导致移动节点尝试新注册。在没有链路层指示的情况下,移动节点尝试注册的频率不得超过每秒一次。
A mobile node MAY register with a different agent when transport-layer protocols indicate excessive retransmissions. A mobile node MUST NOT consider reception of an ICMP Redirect from a foreign agent that is currently providing service to it as reason to register with a new foreign agent. Within these constraints, the mobile node MAY register again at any time.
当传输层协议指示过度重传时,移动节点可以向不同的代理注册。移动节点不能考虑从当前提供服务的外部代理接收ICMP重定向,作为向新的外部代理登记的理由。在这些约束内,移动节点可以随时再次注册。
Appendix D shows some examples of how the fields in registration messages would be set up in some typical registration scenarios.
附录D展示了在一些典型注册场景中如何设置注册消息中的字段的一些示例。
The following sections specify details for the values the mobile node MUST supply in the fields of Registration Request messages.
以下各节指定了移动节点必须在注册请求消息字段中提供的值的详细信息。
This section provides the specific rules by which mobile nodes pick values for the IP header fields of a Registration Request.
本节提供了移动节点为注册请求的IP头字段选择值的特定规则。
IP Source Address:
IP源地址:
- When registering on a foreign network with a co-located care-of address, the IP source address MUST be the care-of address.
- 当使用同一位置的转交地址在外部网络上注册时,IP源地址必须是转交地址。
- Otherwise, if the mobile node does not have a home address, the IP source address MUST be 0.0.0.0.
- 否则,如果移动节点没有家庭地址,则IP源地址必须为0.0.0.0。
- In all other circumstances, the IP source address MUST be the mobile node's home address.
- 在所有其他情况下,IP源地址必须是移动节点的家庭地址。
IP Destination Address:
IP目标地址:
- When the mobile node has discovered the agent with which it is registering, through some means (e.g., link-layer) that does not provide the IP address of the agent (the IP address of the agent is unknown to the mobile node), then the "All Mobility Agents" multicast address (224.0.0.11) MUST be used. In this case, the mobile node MUST use the agent's link-layer unicast address in order to deliver the datagram to the correct agent.
- 当移动节点通过一些不提供代理的IP地址(移动节点不知道代理的IP地址)的手段(例如,链路层)发现其正在注册的代理时,则必须使用“所有移动代理”多播地址(224.0.0.11)。在这种情况下,移动节点必须使用代理的链路层单播地址,以便将数据报传递给正确的代理。
- When registering with a foreign agent, the address of the agent as learned from the IP source address of the corresponding Agent Advertisement MUST be used. This MAY be an address which does not appear as an advertised care-of address in the Agent Advertisement. In addition, when transmitting this Registration Request message, the mobile node MUST use a link-
- 在向外国代理注册时,必须使用从相应代理广告的IP源地址得知的代理地址。这可能是一个地址,该地址在代理广告中不作为广告的转交地址出现。此外,当发送该注册请求消息时,移动节点必须使用链路-
layer destination address copied from the link-layer source address of the Agent Advertisement message in which it learned this foreign agent's IP address.
从代理播发消息的链接层源地址复制的层目标地址,代理播发消息在该层源地址中获知此外部代理的IP地址。
- When the mobile node is registering directly with its home agent and knows the (unicast) IP address of its home agent, the destination address MUST be set to this address.
- 当移动节点直接向其归属代理注册并且知道其归属代理的(单播)IP地址时,必须将目标地址设置为该地址。
- If the mobile node is registering directly with its home agent, but does not know the IP address of its home agent, the mobile node may use dynamic home agent address resolution to automatically determine the IP address of its home agent (Section 3.6.1.2). In this case, the IP destination address is set to the subnet-directed broadcast address of the mobile node's home network. This address MUST NOT be used as the destination IP address if the mobile node is registering via a foreign agent, although it MAY be used as the Home Agent address in the body of the Registration Request when registering via a foreign agent.
- 如果移动节点直接向其归属代理注册,但不知道其归属代理的IP地址,则移动节点可使用动态归属代理地址解析来自动确定其归属代理的IP地址(第3.6.1.2节)。在这种情况下,IP目的地地址被设置为移动节点的家庭网络的子网定向广播地址。如果移动节点通过外部代理注册,则该地址不得用作目的地IP地址,尽管在通过外部代理注册时,该地址可以用作注册请求正文中的归属代理地址。
IP Time to Live:
IP生存时间:
- The IP TTL field MUST be set to 1 if the IP destination address is set to the "All Mobility Agents" multicast address as described above. Otherwise a suitable value should be chosen in accordance with standard IP practice [38].
- 如果IP目标地址如上所述设置为“所有移动代理”多播地址,则IP TTL字段必须设置为1。否则,应根据标准IP实践[38]选择合适的值。
This section provides specific rules by which mobile nodes pick values for the fields within the fixed portion of a Registration Request.
本节提供了移动节点为注册请求的固定部分内的字段选择值的特定规则。
A mobile node MAY set the 'S' bit in order to request that the home agent maintain prior mobility binding(s). Otherwise, the home agent deletes any previous binding(s) and replaces them with the new binding specified in the Registration Request. Multiple simultaneous mobility bindings are likely to be useful when a mobile node using at least one wireless network interface moves within wireless transmission range of more than one foreign agent. IP explicitly allows duplication of datagrams. When the home agent allows simultaneous bindings, it will tunnel a separate copy of each arriving datagram to each care-of address, and the mobile node will receive multiple copies of datagrams destined to it.
移动节点可以设置“S”位以请求归属代理保持先前的移动绑定。否则,归属代理将删除任何以前的绑定,并将其替换为注册请求中指定的新绑定。当使用至少一个无线网络接口的移动节点在多个外部代理的无线传输范围内移动时,多个同时移动绑定可能是有用的。IP明确允许复制数据报。当归属代理允许同时绑定时,它将通过隧道将每个到达的数据报的一个单独副本传送到每个转交地址,并且移动节点将接收到它的多个数据报副本。
The mobile node SHOULD set the 'D' bit if it is registering with a co-located care-of address. Otherwise, the 'D' bit MUST NOT be set.
如果移动节点正在使用同一位置的转交地址注册,则应设置“D”位。否则,不得设置“D”位。
A mobile node MAY set the 'B' bit to request its home agent to forward to it, a copy of broadcast datagrams received by its home agent from the home network. The method used by the home agent to forward broadcast datagrams depends on the type of care-of address registered by the mobile node, as determined by the 'D' bit in the mobile node's Registration Request:
移动节点可设置“B”位以请求其归属代理转发其归属代理从归属网络接收的广播数据报的副本。归属代理用于转发广播数据报的方法取决于移动节点注册的转交地址的类型,由移动节点的注册请求中的“D”位确定:
- If the 'D' bit is set, then the mobile node has indicated that it will decapsulate any datagrams tunneled to this care-of address itself (the mobile node is using a co-located care-of address). In this case, to forward such a received broadcast datagram to the mobile node, the home agent MUST tunnel it to this care-of address. The mobile node de-tunnels the received datagram in the same way as any other datagram tunneled directly to it.
- 如果设置了“D”位,则移动节点已指示它将对通过隧道传输到此转交地址本身的任何数据报解除封装(移动节点正在使用一个位于同一位置的转交地址)。在这种情况下,为了将这样一个接收到的广播数据报转发给移动节点,归属代理必须通过隧道将其转发到这个转交地址。移动节点以与直接通过隧道传输到它的任何其他数据报相同的方式对接收到的数据报进行反隧道传输。
- If the 'D' bit is NOT set, then the mobile node has indicated that it is using a foreign agent care-of address, and that the foreign agent will thus decapsulate arriving datagrams before forwarding them to the mobile node. In this case, to forward such a received broadcast datagram to the mobile node, the home agent MUST first encapsulate the broadcast datagram in a unicast datagram addressed to the mobile node's home address, and then MUST tunnel this resulting datagram to the mobile node's care-of address.
- 如果未设置“D”位,则移动节点已指示其正在使用外部代理转交地址,并且外部代理将因此在将到达的数据报转发到移动节点之前对其解除封装。在这种情况下,为了将这种接收到的广播数据报转发给移动节点,归属代理必须首先将广播数据报封装在寻址到移动节点的归属地址的单播数据报中,然后必须将该结果数据报隧道到移动节点的转交地址。
When decapsulated by the foreign agent, the inner datagram will thus be a unicast IP datagram addressed to the mobile node, identifying to the foreign agent the intended destination of the encapsulated broadcast datagram, and will be delivered to the mobile node in the same way as any tunneled datagram arriving for the mobile node. The foreign agent MUST NOT decapsulate the encapsulated broadcast datagram and MUST NOT use a local network broadcast to transmit it to the mobile node. The mobile node thus MUST decapsulate the encapsulated broadcast datagram itself, and thus MUST NOT set the 'B' bit in its Registration Request in this case unless it is capable of decapsulating datagrams.
当外部代理解除封装时,内部数据报因此将是寻址到移动节点的单播IP数据报,向外部代理标识封装的广播数据报的预期目的地,并且将以与到达移动节点的任何隧道数据报相同的方式被递送到移动节点。外部代理不得解除封装的广播数据报的封装,也不得使用本地网络广播将其传输到移动节点。因此,移动节点必须对封装的广播数据报本身进行去封装,因此在这种情况下不得在其注册请求中设置“B”位,除非其能够对数据报进行去封装。
The mobile node MAY request alternative forms of encapsulation by setting the 'M' bit and/or the 'G' bit, but only if the mobile node is decapsulating its own datagrams (the mobile node is using a co-located care-of address) or if its foreign agent has indicated support for these forms of encapsulation by setting the corresponding bits in the Mobility Agent Advertisement Extension of an Agent Advertisement received by the mobile node. Otherwise, the mobile node MUST NOT set these bits.
移动节点可通过设置“M”位和/或“G”位来请求替代形式的封装,但仅当移动节点正在解封装其自己的数据报时(移动节点正在使用共同定位的转交地址)或者,如果其外部代理已经通过在移动节点接收的代理广告的移动代理广告扩展中设置相应比特来指示对这些封装形式的支持。否则,移动节点不得设置这些位。
The Lifetime field is chosen as follows:
寿命字段的选择如下所示:
- If the mobile node is registering with a foreign agent, the Lifetime SHOULD NOT exceed the value in the Registration Lifetime field of the Agent Advertisement message received from the foreign agent. When the method by which the care-of address is learned does not include a Lifetime, the default ICMP Router Advertisement Lifetime (1800 seconds) MAY be used.
- 如果移动节点正在向外部代理注册,则生存期不应超过从外部代理接收的代理广告消息的注册生存期字段中的值。当学习转交地址的方法不包括生存期时,可以使用默认的ICMP路由器广告生存期(1800秒)。
- The mobile node MAY ask a home agent to delete a particular mobility binding, by sending a Registration Request with the care-of address for this binding, with the Lifetime field set to zero (Section 3.8.2).
- 移动节点可以请求归属代理删除特定的移动绑定,方法是发送带有该绑定的转交地址的注册请求,并将生存期字段设置为零(第3.8.2节)。
- Similarly, a Lifetime of zero is used when the mobile node deregisters all care-of addresses, such as upon returning home.
- 类似地,当移动节点取消注册所有转交地址时,例如在返回家乡时,使用零生存期。
The Home Address field MUST be set to the mobile node's home address, if this information is known. Otherwise, the Home Address MUST be set to zeroes.
如果已知此信息,则必须将“家庭地址”字段设置为移动节点的家庭地址。否则,家庭地址必须设置为零。
The Home Agent field MUST be set to the address of the mobile node's home agent, if the mobile node knows this address. Otherwise, the mobile node MAY use dynamic home agent address resolution to learn the address of its home agent. In this case, the mobile node MUST set the Home Agent field to the subnet-directed broadcast address of the mobile node's home network. Each home agent receiving such a Registration Request with a broadcast destination address MUST reject the mobile node's registration and SHOULD return a rejection Registration Reply indicating its unicast IP address for use by the mobile node in a future registration attempt.
如果移动节点知道该地址,则必须将“归属代理”字段设置为移动节点的归属代理的地址。否则,移动节点可以使用动态归属代理地址解析来学习其归属代理的地址。在这种情况下,移动节点必须将归属代理字段设置为移动节点的归属网络的子网定向广播地址。接收到具有广播目的地地址的这样的注册请求的每个归属代理必须拒绝移动节点的注册,并且应当返回指示其单播IP地址的拒绝注册回复,以供移动节点在将来的注册尝试中使用。
The Care-of Address field MUST be set to the value of the particular care-of address that the mobile node wishes to (de)register. In the special case in which a mobile node wishes to deregister all care-of addresses, it MUST set this field to its home address.
转交地址字段必须设置为移动节点希望(取消)注册的特定转交地址的值。在移动节点希望取消注册所有转交地址的特殊情况下,它必须将此字段设置为其家庭地址。
The mobile node chooses the Identification field in accordance with the style of replay protection it uses with its home agent. This is part of the mobility security association the mobile node shares with its home agent. See Section 5.7 for the method by which the mobile node computes the Identification field.
移动节点根据其与归属代理一起使用的重播保护的类型来选择标识字段。这是移动节点与其归属代理共享的移动安全关联的一部分。有关移动节点计算标识字段的方法,请参见第5.7节。
This section describes the ordering of any mandatory and any optional Extensions that a mobile node appends to a Registration Request. This following ordering MUST be followed:
本节描述移动节点附加到注册请求的任何强制扩展和任何可选扩展的顺序。必须遵循以下顺序:
a) The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration Request, followed by
a) IP标头,后跟UDP标头,后跟注册请求的固定长度部分,后跟
b) If present, any non-authentication Extensions expected to be used by the home agent (which may or may not also be useful to the foreign agent), followed by
b) 如果存在,则预期由归属代理使用的任何非身份验证扩展(这可能对外部代理有用,也可能不有用),然后是
c) An authorization-enabling extension, followed by
c) 授权启用扩展,后跟
d) If present, any non-authentication Extensions used only by the foreign agent, followed by
d) 如果存在,则为仅由外部代理使用的任何非身份验证扩展,后跟
e) The Mobile-Foreign Authentication Extension, if present.
e) 移动外部身份验证扩展(如果存在)。
Note that items (a) and (c) MUST appear in every Registration Request sent by the mobile node. Items (b), (d), and (e) are optional. However, item (e) MUST be included when the mobile node and the foreign agent share a mobility security association.
注意,项目(a)和(c)必须出现在移动节点发送的每个注册请求中。(b)、(d)和(e)项为可选项。然而,当移动节点和外部代理共享移动安全关联时,必须包括(e)项。
Registration Replies will be received by the mobile node in response to its Registration Requests. Registration Replies generally fall into three categories:
移动节点将接收注册回复以响应其注册请求。登记答复一般分为三类:
- the registration was accepted, - the registration was denied by the foreign agent, or - the registration was denied by the home agent.
- 注册被接受,-注册被外国代理拒绝,或-注册被本国代理拒绝。
The remainder of this section describes the Registration Reply handling by a mobile node in each of these three categories.
本节的其余部分描述了移动节点在这三个类别中的每一个类别中的注册应答处理。
Registration Replies with an invalid, non-zero UDP checksum MUST be silently discarded.
必须以静默方式放弃具有无效、非零UDP校验和的注册回复。
In addition, the low-order 32 bits of the Identification field in the Registration Reply MUST be compared to the low-order 32 bits of the Identification field in the most recent Registration Request sent to the replying agent. If they do not match, the Reply MUST be silently discarded.
此外,必须将注册应答中标识字段的低阶32位与发送给应答代理的最新注册请求中标识字段的低阶32位进行比较。如果它们不匹配,则必须默默地放弃答复。
Also, the Registration Reply MUST be checked for presence of an authorization-enabling extension. For all Registration Reply messages containing a Status Code indicating status from the Home Agent, the mobile node MUST check for the presence of an authorization-enabling extension, acting in accordance with the Code field in the Reply. The rules are as follows:
此外,必须检查注册回复是否存在授权启用扩展。对于包含指示来自归属代理的状态的状态代码的所有注册应答消息,移动节点必须根据应答中的代码字段检查授权启用扩展的存在。规则如下:
a) If the mobile node and the foreign agent share a mobility security association, exactly one Mobile-Foreign Authentication Extension MUST be present in the Registration Reply, and the mobile node MUST check the Authenticator value in the Extension. If no Mobile-Foreign Authentication Extension is found, or if more than one Mobile-Foreign Authentication Extension is found, or if the Authenticator is invalid, the mobile node MUST silently discard the Reply and SHOULD log the event as a security exception.
a) 如果移动节点和外部代理共享移动安全关联,则注册回复中必须正好存在一个移动外部身份验证扩展,并且移动节点必须检查扩展中的验证器值。如果未找到移动外部身份验证扩展,或者如果找到多个移动外部身份验证扩展,或者如果验证器无效,则移动节点必须以静默方式放弃回复,并应将事件记录为安全异常。
b) If the Code field indicates that service is denied by the home agent, or if the Code field indicates that the registration was accepted by the home agent, exactly one Mobile-Home Authentication Extension MUST be present in the Registration Reply, and the mobile node MUST check the Authenticator value in the Extension. If the Registration Reply was generated by the home agent but no Mobile-Home Authentication Extension is found, or if more than one Mobile-Home Authentication Extension is found, or if the Authenticator is invalid, the mobile node MUST silently discard the Reply and SHOULD log the event as a security exception.
b) 如果代码字段指示归属代理拒绝服务,或者如果代码字段指示归属代理接受注册,则注册回复中必须正好存在一个移动归属身份验证扩展,并且移动节点必须检查扩展中的验证器值。如果注册回复由归属代理生成,但未找到移动归属身份验证扩展,或者如果找到多个移动归属身份验证扩展,或者如果身份验证程序无效,则移动节点必须以静默方式放弃该回复,并应将该事件记录为安全异常。
If the Code field indicates an authentication failure, either at the foreign agent or the home agent, then it is quite possible that any authenticators in the Registration Reply will also be in error. This could happen, for example, if the shared secret between the mobile node and home agent was erroneously configured. The mobile node SHOULD log such errors as security exceptions.
如果代码字段指示身份验证失败,无论是在外国代理还是在本国代理,则很可能注册回复中的任何身份验证程序也会出错。例如,如果移动节点和归属代理之间的共享秘密配置错误,则可能发生这种情况。移动节点应将此类错误记录为安全异常。
If the Code field indicates that the request has been accepted, the mobile node SHOULD configure its routing table appropriately for its current point of attachment (Section 4.2.1).
如果代码字段指示请求已被接受,则移动节点应针对其当前连接点适当配置其路由表(第4.2.1节)。
If the mobile node is returning to its home network and that network is one which implements ARP, the mobile node MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP.
如果移动节点返回其家庭网络,并且该网络是实现ARP的网络,则移动节点必须遵循第4.6节中描述的有关ARP、代理ARP和免费ARP的程序。
If the mobile node has registered on a foreign network, it SHOULD re-register before the expiration of the Lifetime of its registration. As described in Section 3.6, for each pending Registration Request, the mobile node MUST maintain the remaining lifetime of this pending registration, as well as the original Lifetime from the Registration Request. When the mobile node receives a valid Registration Reply, the mobile node MUST decrease its view of the remaining lifetime of the registration by the amount by which the home agent decreased the originally requested Lifetime. This procedure is equivalent to the mobile node starting a timer for the granted Lifetime at the time it sent the Registration Request, even though the granted Lifetime is not known to the mobile node until the Registration Reply is received. Since the Registration Request is certainly sent before the home agent begins timing the registration Lifetime (also based on the granted Lifetime), this procedure ensures that the mobile node will re-register before the home agent expires and deletes the registration, in spite of possibly non-negligible transmission delays for the original Registration Request and Reply that started the timing of the Lifetime at the mobile node and its home agent.
如果移动节点已在外部网络上注册,则应在其注册有效期到期之前重新注册。如第3.6节所述,对于每个未决注册请求,移动节点必须保持该未决注册的剩余生存期,以及注册请求的原始生存期。当移动节点接收到有效的注册回复时,移动节点必须将其对注册剩余生存期的查看减少归属代理减少最初请求的生存期的量。此过程相当于移动节点在发送注册请求时启动所授予生存期的计时器,即使在收到注册回复之前移动节点不知道所授予的生存期。由于注册请求肯定是在归属代理开始计时注册生存期(也基于授予的生存期)之前发送的,因此该过程确保移动节点将在归属代理到期之前重新注册并删除注册,尽管原始注册请求和应答可能存在不可忽略的传输延迟,但这会在移动节点及其归属代理处开始生命周期的计时。
If the Code field indicates that service is being denied, the mobile node SHOULD log the error. In certain cases the mobile node may be able to "repair" the error. These include:
如果代码字段指示服务被拒绝,则移动节点应记录错误。在某些情况下,移动节点可能能够“修复”错误。这些措施包括:
Code 69: (Denied by foreign agent, Lifetime too long)
代码69:(被外国代理拒绝,寿命太长)
In this case, the Lifetime field in the Registration Reply will contain the maximum Lifetime value which that foreign agent is willing to accept in any Registration Request. The mobile node MAY attempt to register with this same agent, using a Lifetime in the Registration Request that MUST be less than or equal to the value specified in the Reply.
在这种情况下,注册回复中的生存期字段将包含外国代理在任何注册请求中愿意接受的最大生存期值。移动节点可以尝试使用注册请求中必须小于或等于应答中指定的值的生存期向该同一代理注册。
Code 133: (Denied by home agent, Identification mismatch)
代码133:(由国内代理拒绝,身份不匹配)
In this case, the Identification field in the Registration Reply will contain a value that allows the mobile node to synchronize with the home agent, based upon the style of replay protection in effect (Section 5.7). The mobile node MUST adjust the parameters it uses to compute the Identification field based upon the information in the Registration Reply, before issuing any future Registration Requests.
在这种情况下,注册回复中的标识字段将包含一个值,该值允许移动节点基于有效的重播保护样式与归属代理同步(第5.7节)。在发出任何未来的注册请求之前,移动节点必须根据注册回复中的信息调整其用于计算标识字段的参数。
Code 136: (Denied by home agent, Unknown home agent address)
代码136:(被家庭代理拒绝,家庭代理地址未知)
This code is returned by a home agent when the mobile node is performing dynamic home agent address resolution as described in Sections 3.6.1.1 and 3.6.1.2. In this case, the Home Agent field within the Reply will contain the unicast IP address of the home agent returning the Reply. The mobile node MAY then attempt to register with this home agent in future Registration Requests. In addition, the mobile node SHOULD adjust the parameters it uses to compute the Identification field based upon the corresponding field in the Registration Reply, before issuing any future Registration Requests.
如第3.6.1.1和3.6.1.2节所述,当移动节点执行动态归属代理地址解析时,归属代理返回该代码。在这种情况下,应答中的归属代理字段将包含返回应答的归属代理的单播IP地址。然后,移动节点可以在将来的注册请求中尝试向该归属代理注册。此外,在发出任何未来的注册请求之前,移动节点应根据注册回复中的相应字段调整其用于计算标识字段的参数。
When no Registration Reply has been received within a reasonable time, another Registration Request MAY be transmitted. When timestamps are used, a new registration Identification is chosen for each retransmission; thus it counts as a new registration. When nonces are used, the unanswered Request is retransmitted unchanged; thus the retransmission does not count as a new registration (Section 5.7). In this way a retransmission will not require the home agent to resynchronize with the mobile node by issuing another nonce in the case in which the original Registration Request (rather than its Registration Reply) was lost by the network.
如果在合理时间内未收到注册回复,则可以发送另一个注册请求。当使用时间戳时,为每次重传选择新的注册标识;因此,它被视为新的注册。当使用nonce时,未响应的请求将不加更改地重新传输;因此,重新传输不算作新的注册(第5.7节)。这样,在原始注册请求(而不是其注册回复)被网络丢失的情况下,重传将不需要归属代理通过发出另一个nonce来与移动节点重新同步。
The maximum time until a new Registration Request is sent SHOULD be no greater than the requested Lifetime of the Registration Request. The minimum value SHOULD be large enough to account for the size of the messages, twice the round trip time for transmission to the home agent, and at least an additional 100 milliseconds to allow for processing the messages before responding. The round trip time for transmission to the home agent will be at least as large as the time required to transmit the messages at the link speed of the mobile node's current point of attachment. Some circuits add another 200 milliseconds of satellite delay in the total round trip time to the home agent. The minimum time between Registration Requests MUST NOT be less than 1 second. Each successive retransmission timeout period SHOULD be at least twice the previous period, as long as that is less than the maximum as specified above.
发送新注册请求之前的最长时间不应大于注册请求的请求生存期。最小值应足够大,以说明消息的大小,传输到归属代理的往返时间的两倍,以及至少额外的100毫秒,以允许在响应之前处理消息。用于传输到归属代理的往返时间将至少与以移动节点的当前连接点的链路速度传输消息所需的时间一样大。一些电路在到归属代理的总往返时间中再增加200毫秒的卫星延迟。注册请求之间的最短时间不得少于1秒。每个连续的重新传输超时时间应至少是前一个时间段的两倍,只要该时间段小于上述规定的最大值。
The foreign agent plays a mostly passive role in Mobile IP registration. It relays Registration Requests between mobile nodes and home agents, and, when it provides the care-of address, decapsulates datagrams for delivery to the mobile node. It SHOULD also send periodic Agent Advertisement messages to advertise its
外来代理在移动IP注册中扮演着被动的角色。它在移动节点和归属代理之间中继注册请求,并且,当它提供转交地址时,对数据报进行去封装以传送到移动节点。它还应定期发送代理广告消息,以宣传其
presence as described in Section 2.3, if not detectable by link-layer means.
如第2.3节所述,如果链路层方法无法检测到存在。
A foreign agent MUST NOT transmit a Registration Request except when relaying a Registration Request received from a mobile node, to the mobile node's home agent. A foreign agent MUST NOT transmit a Registration Reply except when relaying a Registration Reply received from a mobile node's home agent, or when replying to a Registration Request received from a mobile node in the case in which the foreign agent is denying service to the mobile node. In particular, a foreign agent MUST NOT generate a Registration Request or Reply because a mobile node's registration Lifetime has expired. A foreign agent also MUST NOT originate a Registration Request message that asks for deregistration of a mobile node; however, it MUST relay valid (de)Registration Requests originated by a mobile node.
外部代理不得发送注册请求,除非将从移动节点接收到的注册请求中继到移动节点的归属代理。外部代理不得发送注册回复,除非在中继从移动节点的归属代理接收到的注册回复时,或者在外部代理拒绝向移动节点提供服务的情况下,在答复从移动节点接收到的注册请求时。特别是,外部代理不得生成注册请求或回复,因为移动节点的注册生存期已过期。外部代理也不得发起请求撤销移动节点注册的注册请求消息;但是,它必须中继由移动节点发起的有效(取消)注册请求。
Each foreign agent MUST be configured with a care-of address. In addition, for each pending or current registration the foreign agent MUST maintain a visitor list entry containing the following information obtained from the mobile node's Registration Request:
每个外部代理必须配置一个转交地址。此外,对于每个待定或当前注册,外部代理必须维护一个访客列表条目,其中包含从移动节点的注册请求中获得的以下信息:
- the link-layer source address of the mobile node - the IP Source Address (the mobile node's Home Address) or its co-located care-of address (see description of the 'R' bit in section 2.1.1) - the IP Destination Address (as specified in 3.6.1.1) - the UDP Source Port - the Home Agent address - the Identification field - the requested registration Lifetime, and - the remaining Lifetime of the pending or current registration.
- 移动节点的链路层源地址-IP源地址(移动节点的家庭地址)或其共同定位的转交地址(见第2.1.1节中“R”位的描述)-IP目标地址(如第3.6.1.1节所述)-UDP源端口-归属代理地址-标识字段-请求的注册生存期,以及-挂起或当前注册的剩余生存期。
If the mobile node's Home Address is zero in the Registration Request message, then the foreign agent MUST follow the procedures specified in RFC 2794 [6]. In particular, if the foreign agent cannot manage pending registration request records with such a zero Home Address for the mobile node, the foreign agent MUST return a Registration Reply with Code indicating NONZERO_HOMEADDR_REQD (see [6]).
如果注册请求消息中移动节点的家庭地址为零,则外部代理必须遵循RFC 2794[6]中规定的程序。特别是,如果外部代理无法使用移动节点的零家庭地址管理挂起的注册请求记录,则外部代理必须返回一个注册回复,其代码指示非零家庭地址请求(参见[6])。
The foreign agent MAY configure a maximum number of pending registrations that it is willing to maintain (typically 5). Additional registrations SHOULD then be rejected by the foreign agent with code 66. The foreign agent MAY delete any pending Registration Request after the request has been pending for more than 7 seconds; in this case, the foreign agent SHOULD reject the Request with code 78 (registration timeout).
外国代理可以配置其愿意维护的最大未决注册数(通常为5)。然后,代码为66的外国代理应拒绝额外注册。外国代理可以在请求被挂起超过7秒后删除任何挂起的注册请求;在这种情况下,外部代理应拒绝代码为78(注册超时)的请求。
As with any node on the Internet, a foreign agent MAY also share mobility security associations with any other nodes. When relaying a Registration Request from a mobile node to its home agent, if the foreign agent shares a mobility security association with the home agent, it MUST add a Foreign-Home Authentication Extension to the Request and MUST check the required Foreign-Home Authentication Extension in the Registration Reply from the home agent (Sections 3.3 and 3.4). Similarly, when receiving a Registration Request from a mobile node, if the foreign agent shares a mobility security association with the mobile node, it MUST check the required Mobile-Foreign Authentication Extension in the Request and MUST add a Mobile-Foreign Authentication Extension to the Registration Reply to the mobile node.
与Internet上的任何节点一样,外部代理也可以与任何其他节点共享移动安全关联。当将注册请求从移动节点中继到其归属代理时,如果外部代理与归属代理共享移动安全关联,则必须向请求添加外部归属身份验证扩展,并且必须在来自归属代理的注册回复中检查所需的外部归属身份验证扩展(第3.3节和第3.4节)。类似地,当接收到来自移动节点的注册请求时,如果外部代理与移动节点共享移动安全关联,则其必须检查请求中所需的移动外部认证扩展,并且必须将移动外部认证扩展添加到对移动节点的注册回复中。
If the foreign agent accepts a Registration Request from a mobile node, it checks to make sure that the indicated home agent address does not belong to any network interface of the foreign agent. If not, the foreign agent then MUST relay the Request to the indicated home agent. Otherwise, if the foreign agent denies the Request, it MUST send a Registration Reply to the mobile node with an appropriate denial Code, except in cases where the foreign agent would be required to send out more than one such denial per second to the same mobile node. The following sections describe this behavior in more detail.
如果外部代理接受来自移动节点的注册请求,它将检查以确保所指示的归属代理地址不属于外部代理的任何网络接口。如果没有,则外国代理必须将请求转发给指定的本国代理。否则,如果外部代理拒绝该请求,则它必须向移动节点发送带有适当拒绝代码的注册回复,除非要求外部代理每秒向同一移动节点发送多个此类拒绝。以下各节将更详细地描述此行为。
If the foreign agent has configured one of its network interfaces with the IP address specified by the mobile node as its home agent address, the foreign agent MUST NOT forward the request again. If the foreign agent serves the mobile node as a home agent, the foreign agent follows the procedures specified in section 3.8.2. Otherwise, if the foreign agent does not serve the mobile node as a home agent, the foreign agent rejects the Registration Request with code 136 (unknown home agent address).
如果外部代理已将其网络接口之一配置为移动节点指定的IP地址作为其归属代理地址,则外部代理不得再次转发请求。如果外部代理作为归属代理服务于移动节点,则外部代理遵循第3.8.2节中规定的程序。否则,如果外部代理不作为归属代理服务于移动节点,则外部代理拒绝代码为136(未知归属代理地址)的注册请求。
If a foreign agent receives a Registration Request from a mobile node in its visitor list, the existing visitor list entry for the mobile node SHOULD NOT be deleted or modified until the foreign agent receives a valid Registration Reply from the home agent with a Code indicating success. The foreign agent MUST record the new pending Request as a separate part of the existing visitor list entry for the mobile node. If the Registration Request requests deregistration, the existing visitor list entry for the mobile node SHOULD NOT be deleted until the foreign agent has received a successful Registration Reply. If the Registration Reply indicates that the
如果外部代理从其访客列表中的移动节点接收到注册请求,则不应删除或修改移动节点的现有访客列表条目,直到外部代理从归属代理接收到有效的注册回复(代码表示成功)。外部代理必须将新的挂起请求记录为移动节点现有访客列表条目的一个单独部分。如果注册请求请求取消注册,则在外部代理收到成功的注册回复之前,不应删除移动节点的现有访客列表条目。如果注册回复表明
Request (for registration or deregistration) was denied by the home agent, the existing visitor list entry for the mobile node MUST NOT be modified as a result of receiving the Registration Reply.
请求(注册或注销)被归属代理拒绝,移动节点的现有访客列表条目不得因收到注册回复而被修改。
Registration Requests with an invalid, non-zero UDP checksum MUST be silently discarded. Requests with non-zero bits in reserved fields MUST be rejected with code 70 (poorly formed request). Requests with the 'D' bit set to 0, and specifying a care-of address not offered by the foreign agent, MUST be rejected with code 77 (invalid care-of address).
必须以静默方式放弃具有无效、非零UDP校验和的注册请求。保留字段中具有非零位的请求必须以代码70(格式错误的请求)被拒绝。“D”位设置为0的请求,并且指定的转交地址不是由外部代理提供的,必须以代码77(无效转交地址)拒绝。
Also, the authentication in the Registration Request MUST be checked. If the foreign agent and the mobile node share a mobility security association, exactly one Mobile-Foreign Authentication Extension MUST be present in the Registration Request, and the foreign agent MUST check the Authenticator value in the Extension. If no Mobile-Foreign Authentication Extension is found, or if more than one Mobile-Foreign Authentication Extension is found, or if the Authenticator is invalid, the foreign agent MUST silently discard the Request and SHOULD log the event as a security exception. The foreign agent also SHOULD send a Registration Reply to the mobile node with Code 67.
此外,必须检查注册请求中的身份验证。如果外部代理和移动节点共享移动安全关联,则注册请求中必须正好存在一个移动外部身份验证扩展,并且外部代理必须检查扩展中的验证器值。如果未找到移动外部身份验证扩展,或者找到多个移动外部身份验证扩展,或者如果身份验证程序无效,则外部代理必须以静默方式放弃请求,并应将事件记录为安全异常。外部代理还应向移动节点发送代码为67的注册回复。
If the foreign agent accepts the mobile node's Registration Request, it MUST relay the Request to the mobile node's home agent as specified in the Home Agent field of the Registration Request. The foreign agent MUST NOT modify any of the fields beginning with the fixed portion of the Registration Request up through and including the Mobile-Home Authentication Extension or other authentication extension supplied by the mobile node as an authorization-enabling extension for the home agent. Otherwise, an authentication failure is very likely to occur at the home agent. In addition, the foreign agent proceeds as follows:
如果外部代理接受移动节点的注册请求,则必须按照注册请求的“归属代理”字段中的指定,将该请求转发给移动节点的归属代理。外部代理不得修改从注册请求的固定部分开始的任何字段,直到移动归属认证扩展或移动节点提供的其他认证扩展,作为归属代理的授权启用扩展。否则,很可能在归属代理上发生身份验证失败。此外,外国代理人的收益如下:
- It MUST process and remove any Extensions following the Mobile-Home Authentication Extension, - It MAY append any of its own non-authentication Extensions of relevance to the home agent, if applicable, and - It MUST append the Foreign-Home Authentication Extension, if the foreign agent shares a mobility security association with the home agent.
- 它必须处理并删除移动家庭身份验证扩展之后的任何扩展,-它可以将自己的任何非身份验证扩展附加到家庭代理(如果适用),并且-如果外部代理与家庭代理共享移动安全关联,它必须附加外部家庭身份验证扩展。
Specific fields within the IP header and the UDP header of the relayed Registration Request MUST be set as follows:
中继注册请求的IP标头和UDP标头中的特定字段必须设置如下:
IP Source Address
IP源地址
The foreign agent's address on the interface from which the message will be sent.
将从中发送消息的接口上的外部代理地址。
IP Destination Address
IP目的地址
Copied from the Home Agent field within the Registration Request.
从注册请求中的Home Agent字段复制。
UDP Source Port
UDP源端口
<variable>
<variable>
UDP Destination Port
UDP目标端口
434
434
After forwarding a valid Registration Request to the home agent, the foreign agent MUST begin timing the remaining lifetime of the pending registration based on the Lifetime in the Registration Request. If this lifetime expires before receiving a valid Registration Reply, the foreign agent MUST delete its visitor list entry for this pending registration.
在将有效注册请求转发给归属代理之后,外部代理必须根据注册请求中的生存期开始计时挂起注册的剩余生存期。如果此生存期在收到有效的注册回复之前过期,则外部代理必须删除此挂起注册的访客列表条目。
If the foreign agent denies the mobile node's Registration Request for any reason, it SHOULD send the mobile node a Registration Reply with a suitable denial Code. In such a case, the Home Address, Home Agent, and Identification fields within the Registration Reply are copied from the corresponding fields of the Registration Request.
如果外部代理出于任何原因拒绝移动节点的注册请求,则应向移动节点发送带有适当拒绝代码的注册回复。在这种情况下,从注册请求的相应字段复制注册回复中的家庭地址、家庭代理和标识字段。
If the Reserved field is nonzero, the foreign agent MUST deny the Request and SHOULD return a Registration Reply with status code 70 to the mobile node. If the Request is being denied because the requested Lifetime is too long, the foreign agent sets the Lifetime in the Reply to the maximum Lifetime value it is willing to accept in any Registration Request, and sets the Code field to 69. Otherwise, the Lifetime SHOULD be copied from the Lifetime field in the Request.
如果保留字段非零,则外部代理必须拒绝该请求,并应向移动节点返回状态代码为70的注册回复。如果请求被拒绝,因为请求的生存期太长,则外部代理会将应答中的生存期设置为它愿意在任何注册请求中接受的最大生存期值,并将代码字段设置为69。否则,应该从请求中的Lifetime字段复制生存期。
Specific fields within the IP header and the UDP header of the Registration Reply MUST be set as follows:
注册回复的IP头和UDP头中的特定字段必须设置如下:
IP Source Address
IP源地址
Copied from the IP Destination Address of Registration Request, unless the "All Agents Multicast" address was used. In this case, the foreign agent's address (on the interface from which the message will be sent) MUST be used.
从注册请求的IP目标地址复制,除非使用了“所有代理多播”地址。在这种情况下,必须使用外部代理的地址(在发送消息的接口上)。
IP Destination Address
IP目的地址
If the Registration Reply is generated by the Foreign Agent in order to reject a mobile node's Registration Request, and the Registration Request contains a Home Address which is not 0.0.0.0, then the IP Destination Address is copied from the Home Address field of the Registration Request. Otherwise, if the Registration Reply is received from the Home Agent, and contains a Home Address which is not 0.0.0.0, then the IP Destination Address is copied from the Home Address field of the Registration Reply. Otherwise, the IP Destination Address of the Registration Reply is set to be 255.255.255.255.
如果注册回复由外部代理生成以拒绝移动节点的注册请求,并且注册请求包含不是0.0.0.0的家庭地址,则从注册请求的家庭地址字段复制IP目的地地址。否则,如果从归属代理接收到注册回复,并且包含不是0.0.0.0的归属地址,则从注册回复的归属地址字段复制IP目标地址。否则,注册回复的IP目标地址设置为255.255.255.255。
UDP Source Port
UDP源端口
434
434
UDP Destination Port
UDP目标端口
Copied from the UDP Source Port of the Registration Request.
从注册请求的UDP源端口复制。
The foreign agent updates its visitor list when it receives a valid Registration Reply from a home agent. It then relays the Registration Reply to the mobile node. The following sections describe this behavior in more detail.
外国代理在收到本国代理的有效注册回复后更新其访客列表。然后,它将注册回复转发给移动节点。以下各节将更详细地描述此行为。
If upon relaying a Registration Request to a home agent, the foreign agent receives an ICMP error message instead of a Registration Reply, then the foreign agent SHOULD send to the mobile node a Registration Reply with an appropriate "Home Agent Unreachable" failure Code (within the range 80-95, inclusive). See Section 3.7.2.3 for details on building the Registration Reply.
如果在将注册请求中继到归属代理时,外部代理收到ICMP错误消息而不是注册回复,则外部代理应向移动节点发送带有适当的“归属代理不可访问”故障代码(在80-95范围内,包括80-95)的注册回复。有关建立注册回复的详细信息,请参见第3.7.2.3节。
Registration Replies with an invalid, non-zero UDP checksum MUST be silently discarded.
必须以静默方式放弃具有无效、非零UDP校验和的注册回复。
When a foreign agent receives a Registration Reply message, it MUST search its visitor list for a pending Registration Request with the same mobile node home address as indicated in the Reply. If no such pending Request is found, and if the Registration Reply does not correspond with any pending Registration Request with a zero mobile node home address (see section 3.7.1), the foreign agent MUST silently discard the Reply. The foreign agent MUST also silently discard the Reply if the low-order 32 bits of the Identification field in the Reply do not match those in the Request.
当外部代理收到注册回复消息时,它必须在其访客列表中搜索具有与回复中所示相同的移动节点主地址的挂起注册请求。如果未发现此类未决请求,并且如果注册回复与任何具有零移动节点主地址的未决注册请求不一致(请参见第3.7.1节),则外部代理必须以静默方式放弃回复。如果应答中标识字段的低位32位与请求中的不匹配,则外部代理还必须悄悄地放弃应答。
Also, the authentication in the Registration Reply MUST be checked. If the foreign agent and the home agent share a mobility security association, exactly one Foreign-Home Authentication Extension MUST be present in the Registration Reply, and the foreign agent MUST check the Authenticator value in the Extension. If no Foreign-Home Authentication Extension is found, or if more than one Foreign-Home Authentication Extension is found, or if the Authenticator is invalid, the foreign agent MUST silently discard the Reply and SHOULD log the event as a security exception. The foreign agent also MUST reject the mobile node's registration and SHOULD send a Registration Reply to the mobile node with Code 68.
此外,必须检查注册回复中的身份验证。如果外部代理和归属代理共享移动安全关联,则注册回复中必须正好存在一个外部归属身份验证扩展,并且外部代理必须检查扩展中的身份验证程序值。如果未找到外部家庭身份验证扩展,或者如果找到多个外部家庭身份验证扩展,或者如果验证器无效,则外部代理必须以静默方式放弃回复,并应将事件记录为安全异常。外部代理还必须拒绝移动节点的注册,并应向移动节点发送代码为68的注册回复。
A Registration Reply which satisfies the validity checks of Section 3.8.2.1 is relayed to the mobile node. The foreign agent MUST also update its visitor list entry for the mobile node to reflect the results of the Registration Request, as indicated by the Code field in the Reply. If the Code indicates that the home agent has accepted the registration and the Lifetime field is nonzero, the foreign agent SHOULD set the Lifetime in the visitor list entry to the minimum of the following two values:
满足第3.8.2.1节有效性检查的注册回复被中继到移动节点。外部代理还必须更新移动节点的访客列表条目,以反映注册请求的结果,如回复中的代码字段所示。如果代码表明本国代理已接受注册且寿命字段为非零,则外国代理应将访客列表条目中的寿命设置为以下两个值中的最小值:
- the value specified in the Lifetime field of the Registration Reply, and
- 在注册回复的生存期字段中指定的值,以及
- the foreign agent's own maximum value for allowable registration lifetime.
- 外国代理自身允许的注册生存期的最大值。
If, instead, the Code indicates that the Lifetime field is zero, the foreign agent MUST delete its visitor list entry for the mobile node. Finally, if the Code indicates that the registration was denied by
相反,如果代码指示Lifetime字段为零,则外部代理必须删除移动节点的访问者列表条目。最后,如果代码指示注册被拒绝
the home agent, the foreign agent MUST delete its pending registration list entry, but not its visitor list entry, for the mobile node.
对于移动节点,本地代理、外部代理必须删除其挂起的注册列表条目,但不能删除其访客列表条目。
The foreign agent MUST NOT modify any of the fields beginning with the fixed portion of the Registration Reply up through and including the Mobile-Home Authentication Extension. Otherwise, an authentication failure is very likely to occur at the mobile node.
外部代理不得修改从注册回复的固定部分开始的任何字段,包括移动家庭身份验证扩展。否则,很可能在移动节点处发生认证失败。
In addition, the foreign agent SHOULD perform the following additional procedures:
此外,外国代理应执行以下附加程序:
- It MUST process and remove any Extensions following the Mobile-Home Authentication Extension, - It MAY append its own non-authentication Extensions of relevance to the mobile node, if applicable, and - It MUST append the Mobile-Foreign Authentication Extension, if the foreign agent shares a mobility security association with the mobile node.
- 它必须处理并删除移动归属身份验证扩展之后的任何扩展,-如果适用,它可以将自己的非身份验证扩展附加到移动节点,并且-如果外部代理与移动节点共享移动安全关联,它必须附加移动外部身份验证扩展。
Specific fields within the IP header and the UDP header of the relayed Registration Reply are set according to the same rules specified in Section 3.7.2.3.
中继注册回复的IP报头和UDP报头中的特定字段根据第3.7.2.3节中规定的相同规则进行设置。
After forwarding a valid Registration Reply to the mobile node, the foreign agent MUST update its visitor list entry for this registration as follows. If the Registration Reply indicates that the registration was accepted by the home agent, the foreign agent resets its timer of the lifetime of the registration to the Lifetime granted in the Registration Reply; unlike the mobile node's timing of the registration lifetime as described in Section 3.6.2.2, the foreign agent considers this lifetime to begin when it forwards the Registration Reply message, ensuring that the foreign agent will not expire the registration before the mobile node does. On the other hand, if the Registration Reply indicates that the registration was rejected by the home agent, the foreign agent deletes its visitor list entry for this attempted registration.
在将有效的注册回复转发给移动节点后,外部代理必须按如下所示更新此注册的访客列表条目。如果注册回复表明注册已被本国代理接受,则外国代理将其注册有效期计时器重置为注册回复中授予的有效期;与第3.6.2.2节中描述的移动节点的注册生存期定时不同,外部代理在转发注册回复消息时认为该生存期开始,以确保外部代理不会在移动节点之前使注册过期。另一方面,如果注册回复表明注册被本国代理拒绝,则外国代理将删除该尝试注册的访客列表条目。
Home agents play a reactive role in the registration process. The home agent receives Registration Requests from the mobile node (perhaps relayed by a foreign agent), updates its record of the mobility bindings for this mobile node, and issues a suitable Registration Reply in response to each.
家庭代理在注册过程中扮演被动角色。归属代理接收来自移动节点的注册请求(可能由外部代理中继),更新其关于该移动节点的移动绑定的记录,并响应于每个请求发出合适的注册回复。
A home agent MUST NOT transmit a Registration Reply except when replying to a Registration Request received from a mobile node. In particular, the home agent MUST NOT generate a Registration Reply to indicate that the Lifetime has expired.
归属代理不得发送注册回复,除非在回复从移动节点接收的注册请求时。特别是,归属代理不得生成注册回复以指示生存期已过期。
Each home agent MUST be configured with an IP address and with the prefix size for the home network. The home agent MUST be configured with the mobility security association of each authorized mobile node that it is serving as a home agent.
每个家庭代理必须配置一个IP地址和家庭网络的前缀大小。归属代理必须配置其作为归属代理服务的每个授权移动节点的移动安全关联。
When the home agent accepts a valid Registration Request from a mobile node that it serves as a home agent, the home agent MUST create or modify the entry for this mobile node in its mobility binding list containing:
当归属代理接受来自其作为归属代理的移动节点的有效注册请求时,归属代理必须在其移动绑定列表中为该移动节点创建或修改包含以下内容的条目:
- the mobile node's home address - the mobile node's care-of address - the Identification field from the Registration Reply - the remaining Lifetime of the registration
- 移动节点的家庭地址-移动节点的转交地址-注册回复中的标识字段-注册的剩余生存期
The home agent MAY optionally offer the capability to dynamically associate a home address to a mobile node upon receiving a Registration Request from that mobile node. The method by which a home address is allocated to the mobile node is beyond the scope of this document, but see [6]. After the home agent makes the association of the home address to the mobile node, the home agent MUST put that home address into the Home Address field of the Registration Reply.
归属代理可以可选地提供在接收到来自移动节点的注册请求时将归属地址动态地关联到该移动节点的能力。将家庭地址分配给移动节点的方法超出了本文档的范围,但请参见[6]。在归属代理将归属地址与移动节点关联之后,归属代理必须将该归属地址放入注册回复的归属地址字段中。
The home agent MAY also maintain mobility security associations with various foreign agents. When receiving a Registration Request from a foreign agent, if the home agent shares a mobility security association with the foreign agent, the home agent MUST check the Authenticator in the required Foreign-Home Authentication Extension in the message, based on this mobility security association. Similarly, when sending a Registration Reply to a foreign agent, if the home agent shares a mobility security association with the foreign agent, the home agent MUST include a Foreign-Home Authentication Extension in the message, based on this mobility security association.
归属代理还可以与各种外国代理保持移动安全关联。当接收到来自外部代理的注册请求时,如果归属代理与外部代理共享移动安全关联,则归属代理必须基于此移动安全关联检查消息中所需的外部归属身份验证扩展中的验证器。类似地,当向外部代理发送注册回复时,如果归属代理与外部代理共享移动安全关联,则归属代理必须基于该移动安全关联在消息中包括外部归属认证扩展。
If the home agent accepts an incoming Registration Request, it MUST update its record of the the mobile node's mobility binding(s) and SHOULD send a Registration Reply with a suitable Code. Otherwise (the home agent denies the Request), it SHOULD send a Registration Reply with an appropriate Code specifying the reason the Request was denied. The following sections describe this behavior in more detail. If the home agent does not support broadcasts (see section 4.3), it MUST ignore the 'B' bit (as opposed to rejecting the Registration Request).
若归属代理接受传入的注册请求,它必须更新其移动节点的移动绑定记录,并应发送带有适当代码的注册回复。否则(归属代理拒绝该请求),它应该发送一个注册回复,并使用适当的代码指定拒绝该请求的原因。以下各节将更详细地描述此行为。如果归属代理不支持广播(参见第4.3节),则必须忽略“B”位(而不是拒绝注册请求)。
Registration Requests with an invalid, non-zero UDP checksum MUST be silently discarded by the home agent.
具有无效、非零UDP校验和的注册请求必须由归属代理自动放弃。
The authentication in the Registration Request MUST be checked. This involves the following operations:
必须检查注册请求中的身份验证。这涉及以下操作:
a) The home agent MUST check for the presence of an authorization-enabling extension, and perform the indicated authentication. Exactly one authorization-enabling extension MUST be present in the Registration Request; and the home agent MUST either check the Authenticator value in the extension or verify that the authenticator value has been checked by another agent with which it has a security association. If no authorization-enabling extension is found, or if more than one authorization-enabling extension is found, or if the Authenticator is invalid, the home agent MUST reject the mobile node's registration and SHOULD send a Registration Reply to the mobile node with Code 131. The home agent MUST then discard the Request and SHOULD log the error as a security exception.
a) 归属代理必须检查是否存在授权启用扩展,并执行指定的身份验证。注册请求中必须仅存在一个授权启用扩展;并且归属代理必须检查扩展中的验证器值,或者验证验证器值是否已由与其具有安全关联的另一代理检查。如果未找到授权启用扩展,或者如果找到多个授权启用扩展,或者如果验证器无效,则归属代理必须拒绝移动节点的注册,并应向移动节点发送注册回复,代码为131。然后,归属代理必须放弃该请求,并将该错误记录为安全异常。
b) The home agent MUST check that the registration Identification field is correct using the context selected by the SPI within the authorization-enabling extension. See Section 5.7 for a description of how this is performed. If incorrect, the home agent MUST reject the Request and SHOULD send a Registration Reply to the mobile node with Code 133, including an Identification field computed in accordance with the rules specified in Section 5.7. The home agent MUST do no further processing with such a Request, though it SHOULD log the error as a security exception.
b) 归属代理必须使用SPI在授权启用扩展中选择的上下文检查注册标识字段是否正确。有关如何执行此操作的说明,请参见第5.7节。如果不正确,归属代理必须拒绝请求,并应向移动节点发送代码为133的注册回复,包括根据第5.7节规定的规则计算的标识字段。归属代理不得对此类请求进行进一步处理,但应将错误记录为安全异常。
c) If the home agent shares a mobility security association with the foreign agent, the home agent MUST check for the presence of a valid Foreign-Home Authentication Extension. Exactly one
c) 如果归属代理与外部代理共享移动安全关联,则归属代理必须检查是否存在有效的外部归属身份验证扩展。正好一个
Foreign-Home Authentication Extension MUST be present in the Registration Request in this case, and the home agent MUST check the Authenticator value in the Extension. If no Foreign-Home Authentication Extension is found, or if more than one Foreign-Home Authentication Extension is found, or if the Authenticator is invalid, the home agent MUST reject the mobile node's registration and SHOULD send a Registration Reply to the mobile node with Code 132. The home agent MUST then discard the Request and SHOULD log the error as a security exception.
在这种情况下,注册请求中必须存在外部家庭身份验证扩展,并且家庭代理必须检查扩展中的验证器值。如果未找到外部家庭身份验证扩展,或者如果找到多个外部家庭身份验证扩展,或者如果验证器无效,则家庭代理必须拒绝移动节点的注册,并应向移动节点发送注册回复,代码为132。然后,归属代理必须放弃该请求,并将该错误记录为安全异常。
In addition to checking the authentication in the Registration Request, home agents MUST deny Registration Requests that are sent to the subnet-directed broadcast address of the home network (as opposed to being unicast to the home agent). The home agent MUST discard the Request and SHOULD returning a Registration Reply with a Code of 136. In this case, the Registration Reply will contain the home agent's unicast address, so that the mobile node can re-issue the Registration Request with the correct home agent address.
除了检查注册请求中的身份验证外,归属代理还必须拒绝发送到归属网络的子网定向广播地址的注册请求(而不是单播到归属代理)。归属代理必须放弃该请求,并应返回代码为136的注册回复。在这种情况下,注册回复将包含归属代理的单播地址,以便移动节点可以使用正确的归属代理地址重新发出注册请求。
Note that some routers change the IP destination address of a datagram from a subnet-directed broadcast address to 255.255.255.255 before injecting it into the destination subnet. In this case, home agents that attempt to pick up dynamic home agent discovery requests by binding a socket explicitly to the subnet-directed broadcast address will not see such packets. Home agent implementors should be prepared for both the subnet-directed broadcast address and 255.255.255.255 if they wish to support dynamic home agent discovery.
请注意,某些路由器将数据报的IP目标地址从子网定向广播地址更改为255.255.255.255,然后再将其注入目标子网。在这种情况下,试图通过将套接字显式绑定到子网定向广播地址来拾取动态归属代理发现请求的归属代理将看不到此类数据包。如果归属代理实现者希望支持动态归属代理发现,则应为子网定向广播地址和255.255.255.255做好准备。
If the Registration Request satisfies the validity checks in Section 3.8.2.1, and the home agent is able to accommodate the Request, the home agent MUST update its mobility binding list for the requesting mobile node and MUST return a Registration Reply to the mobile node.
如果注册请求满足第3.8.2.1节中的有效性检查,并且归属代理能够适应该请求,则归属代理必须更新其请求移动节点的移动绑定列表,并且必须向移动节点返回注册回复。
In this case, the Reply Code will be either 0 if the home agent supports simultaneous mobility bindings, or 1 if it does not. See Section 3.8.3 for details on building the Registration Reply message.
在这种情况下,如果归属代理支持同时移动绑定,则回复代码将为0,如果不支持,则回复代码将为1。有关建立注册回复消息的详细信息,请参见第3.8.3节。
The home agent updates its record of the mobile node's mobility bindings as follows, based on the fields in the Registration Request:
归属代理根据注册请求中的字段更新其移动节点的移动绑定记录,如下所示:
- If the Lifetime is zero and the Care-of Address equals the mobile node's home address, the home agent deletes all of the entries in the mobility binding list for the requesting mobile node. This is how a mobile node requests that its home agent cease providing mobility services.
- 如果生存期为零且转交地址等于移动节点的归属地址,则归属代理删除请求移动节点的移动绑定列表中的所有条目。这就是移动节点请求其归属代理停止提供移动服务的方式。
- If the Lifetime is zero and the Care-of Address does not equal the mobile node's home address, the home agent deletes only the entry containing the specified Care-of Address from the mobility binding list for the requesting mobile node. Any other active entries containing other care-of addresses will remain active.
- 如果生存期为零且转交地址不等于移动节点的归属地址,则归属代理仅从请求移动节点的移动绑定列表中删除包含指定转交地址的条目。包含其他转交地址的任何其他活动条目将保持活动状态。
- If the Lifetime is nonzero, the home agent adds an entry containing the requested Care-of Address to the mobility binding list for the mobile node. If the 'S' bit is set and the home agent supports simultaneous mobility bindings, the previous mobility binding entries are retained. Otherwise, the home agent removes all previous entries in the mobility binding list for the mobile node.
- 如果生存期非零,则归属代理将包含请求的转交地址的条目添加到移动节点的移动绑定列表中。如果设置了“S”位,并且归属代理支持同时移动绑定,则保留以前的移动绑定条目。否则,归属代理移除移动节点的移动绑定列表中的所有先前条目。
In all cases, the home agent MUST send a Registration Reply to the source of the Registration Request, which might indeed be a different foreign agent than that whose care-of address is being (de)registered. If the home agent shares a mobility security association with the foreign agent whose care-of address is being deregistered, and that foreign agent is different from the one which relayed the Registration Request, the home agent MAY additionally send a Registration Reply to the foreign agent whose care-of address is being deregistered. The home agent MUST NOT send such a Reply if it does not share a mobility security association with the foreign agent. If no Reply is sent, the foreign agent's visitor list will expire naturally when the original Lifetime expires.
在所有情况下,本国代理必须向注册请求的来源发送注册回复,该来源可能确实是与其托管地址正在(注销)注册的外国代理不同的外国代理。如果归属代理与托管地址被注销的外国代理共享移动安全关联,并且该外国代理与转发注册请求的外国代理不同,则归属代理还可以向托管地址被注销的外国代理发送注册回复。如果本国代理未与外国代理共享移动安全关联,则不得发送此类回复。如果未发送回复,则当原始生存期到期时,外国代理的访客列表将自然过期。
The home agent MUST NOT increase the Lifetime above that specified by the mobile node in the Registration Request. However, it is not an error for the mobile node to request a Lifetime longer than the home agent is willing to accept. In this case, the home agent simply reduces the Lifetime to a permissible value and returns this value in the Registration Reply. The Lifetime value in the Registration Reply informs the mobile node of the granted lifetime of the registration, indicating when it SHOULD re-register in order to maintain continued service. After the expiration of this registration lifetime, the home agent MUST delete its entry for this registration in its mobility binding list.
归属代理不得将生存期增加到超过移动节点在注册请求中指定的生存期。然而,移动节点请求比归属代理愿意接受的生存期更长的生存期并不是错误。在这种情况下,归属代理只是将生存期减少到允许的值,并在注册回复中返回该值。注册应答中的生存期值通知移动节点注册的已授予生存期,指示移动节点应在何时重新注册以维持持续服务。在该注册生存期到期后,归属代理必须在其移动绑定列表中删除该注册的条目。
If the Registration Request duplicates an accepted current Registration Request, the new Lifetime MUST NOT extend beyond the Lifetime originally granted. A Registration Request is a duplicate if the home address, care-of address, and Identification fields all equal those of an accepted current registration.
如果注册请求与已接受的当前注册请求重复,则新的生存期不得超过最初授予的生存期。如果家庭地址、转交地址和标识字段均与当前已接受的注册相同,则注册请求为重复。
In addition, if the home network implements ARP [36], and the Registration Request asks the home agent to create a mobility binding for a mobile node which previously had no binding (the mobile node was previously assumed to be at home), then the home agent MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP. If the mobile node already had a previous mobility binding, the home agent MUST continue to follow the rules for proxy ARP described in Section 4.6.
此外,如果家庭网络实现ARP[36],并且注册请求要求家庭代理为之前没有绑定的移动节点创建移动绑定(移动节点之前假设在家),则家庭代理必须遵循第4.6节中描述的关于ARP、代理ARP、,和免费的ARP。如果移动节点已经具有先前的移动绑定,则归属代理必须继续遵循第4.6节中描述的代理ARP规则。
If the Registration Reply does not satisfy all of the validity checks in Section 3.8.2.1, or the home agent is unable to accommodate the Request, the home agent SHOULD return a Registration Reply to the mobile node with a Code that indicates the reason for the error. If a foreign agent was involved in relaying the Request, this allows the foreign agent to delete its pending visitor list entry. Also, this informs the mobile node of the reason for the error such that it may attempt to fix the error and issue another Request.
如果注册回复未满足第3.8.2.1节中的所有有效性检查,或者归属代理无法满足请求,则归属代理应向移动节点返回注册回复,并带有指示错误原因的代码。如果某个外部代理参与转发请求,则允许该外部代理删除其挂起的访客列表条目。此外,这将通知移动节点错误的原因,以便它可以尝试修复错误并发出另一个请求。
This section lists a number of reasons the home agent might reject a Request, and provides the Code value it should use in each instance. See Section 3.8.3 for additional details on building the Registration Reply message.
本节列出了归属代理拒绝请求的许多原因,并提供了在每个实例中应该使用的代码值。有关构建注册回复消息的更多详细信息,请参见第3.8.3节。
Many reasons for rejecting a registration are administrative in nature. For example, a home agent can limit the number of simultaneous registrations for a mobile node, by rejecting any registrations that would cause its limit to be exceeded, and returning a Registration Reply with error code 135. Similarly, a home agent may refuse to grant service to mobile nodes which have entered unauthorized service areas by returning a Registration Reply with a Code of 129.
拒绝注册的许多理由是行政性质的。例如,归属代理可以通过拒绝任何会导致超出其限制的注册,并返回带有错误代码135的注册回复,来限制移动节点的同时注册的数量。类似地,归属代理可以通过返回代码为129的注册回复来拒绝向进入未授权服务区域的移动节点授予服务。
Requests with non-zero bits in reserved fields MUST be rejected with code 134 (poorly formed request).
保留字段中具有非零位的请求必须以代码134(格式错误的请求)被拒绝。
If the home agent accepts a Registration Request, it then MUST update its record of the mobile node's mobility binding(s) and SHOULD send a Registration Reply with a suitable Code. Otherwise (the home agent has denied the Request), it SHOULD send a Registration Reply with an appropriate Code specifying the reason the Request was denied. The following sections provide additional detail for the values the home agent MUST supply in the fields of Registration Reply messages.
如果归属代理接受注册请求,则它必须更新其移动节点的移动绑定记录,并应发送带有适当代码的注册回复。否则(归属代理已拒绝该请求),它应发送一个注册回复,并使用适当的代码指定拒绝该请求的原因。以下各节提供了归属代理必须在注册回复消息字段中提供的值的其他详细信息。
This section provides the specific rules by which home agents pick values for the IP and UDP header fields of a Registration Reply.
本节提供了家庭代理为注册回复的IP和UDP头字段选择值的特定规则。
IP Source Address Copied from the IP Destination Address of Registration Request, unless a multicast or broadcast address was used. If the IP Destination Address of the Registration Request was a broadcast or multicast address, the IP Source Address of the Registration Reply MUST be set to the home agent's (unicast) IP address.
从注册请求的IP目标地址复制的IP源地址,除非使用了多播或广播地址。如果注册请求的IP目标地址是广播或多播地址,则注册回复的IP源地址必须设置为归属代理的(单播)IP地址。
IP Destination Address Copied from the IP Source Address of the Registration Request.
从注册请求的IP源地址复制的IP目标地址。
UDP Source Port Copied from the UDP Destination Port of the Registration Request.
从注册请求的UDP目标端口复制的UDP源端口。
UDP Destination Port Copied from the UDP Source Port of the Registration Request.
从注册请求的UDP源端口复制的UDP目标端口。
When sending a Registration Reply in response to a Registration Request that requested deregistration of the mobile node (the Lifetime is zero and the Care-of Address equals the mobile node's home address) and in which the IP Source Address was also set to the mobile node's home address (this is the normal method used by a mobile node to deregister when it returns to its home network), the IP Destination Address in the Registration Reply will be set to the mobile node's home address, as copied from the IP Source Address of the Request.
当发送注册回复以响应请求撤销移动节点注册的注册请求时(生存期为零,转交地址等于移动节点的家庭地址),其中IP源地址也被设置为移动节点的家庭地址(这是移动节点返回其家庭网络时取消注册的正常方法),注册回复中的IP目的地地址将设置为移动节点的家庭地址(从请求的IP源地址复制)。
In this case, when transmitting the Registration Reply, the home agent MUST transmit the Reply directly onto the home network as if the mobile node were at home, bypassing any mobility binding list entry that may still exist at the home agent for the destination mobile node. In particular, for a mobile node returning home after being registered with a care-of address, if the mobile node's new Registration Request is not accepted by the home agent, the mobility binding list entry for the mobile node will still indicate that datagrams addressed to the mobile node should be tunneled to the mobile node's registered care-of address; when sending the Registration Reply indicating the rejection of this Request, this existing binding list entry MUST be ignored, and the home agent MUST transmit this Reply as if the mobile node were at home.
在这种情况下,当发送注册应答时,归属代理必须将应答直接发送到归属网络上,就像移动节点在家一样,绕过可能仍然存在于目的地移动节点的归属代理中的任何移动性绑定列表条目。特别地,对于在使用转交地址注册之后返回家乡的移动节点,如果归属代理不接受该移动节点的新注册请求,移动节点的移动性绑定列表条目仍将指示发往移动节点的数据报应通过隧道传输到移动节点的注册转交地址;当发送指示拒绝此请求的注册回复时,必须忽略此现有绑定列表条目,并且归属代理必须像移动节点在家一样发送此回复。
This section provides the specific rules by which home agents pick values for the fields within the fixed portion of a Registration Reply.
本节提供了家庭代理为注册回复的固定部分内的字段选择值的特定规则。
The Code field of the Registration Reply is chosen in accordance with the rules specified in the previous sections. When replying to an accepted registration, a home agent SHOULD respond with Code 1 if it does not support simultaneous registrations.
注册回复的代码字段是根据前面章节中规定的规则选择的。在回复已接受的注册时,如果不支持同时注册,则国内代理应以代码1进行回复。
The Lifetime field MUST be copied from the corresponding field in the Registration Request, unless the requested value is greater than the maximum length of time the home agent is willing to provide the requested service. In such a case, the Lifetime MUST be set to the length of time that service will actually be provided by the home agent. This reduced Lifetime SHOULD be the maximum Lifetime allowed by the home agent (for this mobile node and care-of address).
必须从注册请求中的相应字段复制生存期字段,除非请求的值大于归属代理愿意提供请求的服务的最大时间长度。在这种情况下,生存期必须设置为归属代理实际提供服务的时间长度。此缩短的生存期应该是归属代理允许的最大生存期(对于此移动节点和转交地址)。
If the Home Address field of the Registration Request is nonzero, it MUST be copied into the Home Address field of the Registration Reply message. Otherwise, if the Home Address field of the Registration Request is zero as specified in section 3.6, the home agent SHOULD arrange for the selection of a home address for the mobile node, and insert the selected address into the Home Address field of the Registration Reply message. See [6] for further relevant details in the case where mobile nodes identify themselves using an NAI instead of their IP home address.
如果注册请求的家庭地址字段非零,则必须将其复制到注册回复消息的家庭地址字段中。否则,如果按照第3.6节的规定,注册请求的家庭地址字段为零,则家庭代理应安排为移动节点选择家庭地址,并将所选地址插入注册回复消息的家庭地址字段。有关移动节点使用NAI而不是IP主地址识别自己的情况,请参阅[6]以了解更多相关详细信息。
If the Home Agent field in the Registration Request contains a unicast address of this home agent, then that field MUST be copied into the Home Agent field of the Registration Reply. Otherwise, the home agent MUST set the Home Agent field in the Registration Reply to its unicast address. In this latter case, the home agent MUST reject the registration with a suitable code (e.g., Code 136) to prevent the mobile node from possibly being simultaneously registered with two or more home agents.
如果注册请求中的Home Agent字段包含此Home Agent的单播地址,则必须将该字段复制到注册回复的Home Agent字段中。否则,归属代理必须将注册回复中的归属代理字段设置为其单播地址。在后一种情况下,归属代理必须用合适的代码(例如,代码136)拒绝注册,以防止移动节点可能同时向两个或多个归属代理注册。
This section describes the ordering of any required and any optional Mobile IP Extensions that a home agent appends to a Registration Reply. The following ordering MUST be followed:
本节描述归属代理在注册回复后附加的任何必需和可选移动IP扩展的顺序。必须遵循以下顺序:
a) The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration Reply,
a) IP报头,后跟UDP报头,后跟注册回复的固定长度部分,
b) If present, any non-authentication Extensions used by the mobile node (which may or may not also be used by the foreign agent),
b) 如果存在,移动节点使用的任何非认证扩展(外部代理也可以使用,也可以不使用),
c) The Mobile-Home Authentication Extension,
c) 移动家庭认证扩展,
d) If present, any non-authentication Extensions used only by the foreign agent, and
d) 如果存在,仅由外部代理使用的任何非身份验证扩展,以及
e) The Foreign-Home Authentication Extension, if present.
e) 外国家庭身份验证扩展(如果存在)。
Note that items (a) and (c) MUST appear in every Registration Reply sent by the home agent. Items (b), (d), and (e) are optional. However, item (e) MUST be included when the home agent and the foreign agent share a mobility security association.
请注意,项目(a)和(c)必须出现在由国内代理发送的每个注册回复中。(b)、(d)和(e)项为可选项。但是,当本国代理和外国代理共享移动安全关联时,必须包括(e)项。
This section describes how mobile nodes, home agents, and (possibly) foreign agents cooperate to route datagrams to/from mobile nodes that are connected to a foreign network. The mobile node informs its home agent of its current location using the registration procedure described in Section 3. See the protocol overview in Section 1.7 for the relative locations of the mobile node's home address with respect to its home agent, and the mobile node itself with respect to any foreign agent with which it might attempt to register.
本节描述移动节点、归属代理和(可能的)外部代理如何合作,将数据报路由到连接到外部网络的移动节点或从移动节点路由到外部网络。移动节点使用第3节中描述的注册过程通知其归属代理其当前位置。请参阅第1.7节中的协议概述,了解移动节点的家庭地址相对于其家庭代理的相对位置,以及移动节点自身相对于其可能尝试注册的任何外部代理的相对位置。
Home agents and foreign agents MUST support tunneling datagrams using IP in IP encapsulation [32]. Any mobile node that uses a co-located care-of address MUST support receiving datagrams tunneled using IP in IP encapsulation. Minimal encapsulation [34] and GRE encapsulation [16] are alternate encapsulation methods which MAY optionally be supported by mobility agents and mobile nodes. The use of these alternative forms of encapsulation, when requested by the mobile node, is otherwise at the discretion of the home agent.
本地代理和外部代理必须支持使用IP-in-IP封装的隧道数据报[32]。任何使用同一位置转交地址的移动节点都必须支持接收使用IP-in-IP封装进行隧道传输的数据报。最小封装[34]和GRE封装[16]是可选的封装方法,可选择由移动代理和移动节点支持。当移动节点请求时,这些替代封装形式的使用由归属代理自行决定。
When connected to its home network, a mobile node operates without the support of mobility services. That is, it operates in the same way as any other (fixed) host or router. The method by which a mobile node selects a default router when connected to its home
当连接到其家庭网络时,移动节点在不支持移动服务的情况下运行。也就是说,它的运行方式与任何其他(固定)主机或路由器相同。当移动节点连接到其家庭时,移动节点选择默认路由器的方法
network, or when away from home and using a co-located care-of address, is outside the scope of this document. ICMP Router Advertisement [10] is one such method.
网络,或当不在家且使用同一地点的转交地址时,不在本文件范围内。ICMP路由器广告[10]就是这样一种方法。
When registered on a foreign network, the mobile node chooses a default router by the following rules:
当在外部网络上注册时,移动节点根据以下规则选择默认路由器:
- If the mobile node is registered using a foreign agent care-of address, it MAY use its foreign agent as a first-hop router. The foreign agent's MAC address can be learned from Agent Advertisement. Otherwise, the mobile node MUST choose its default router from among the Router Addresses advertised in the ICMP Router Advertisement portion of that Agent Advertisement message.
- 如果移动节点使用外部代理转交地址注册,则它可以使用其外部代理作为第一跳路由器。外部代理的MAC地址可以从代理广告中获知。否则,移动节点必须从该代理播发消息的ICMP路由器播发部分中播发的路由器地址中选择其默认路由器。
- If the mobile node is registered directly with its home agent using a co-located care-of address, then the mobile node SHOULD choose its default router from among those advertised in any ICMP Router Advertisement message that it receives for which its externally obtained care-of address and the Router Address match under the network prefix. If the mobile node's externally obtained care-of address matches the IP source address of the Agent Advertisement under the network prefix, the mobile node MAY also consider that IP source address as another possible choice for the IP address of a default router. The network prefix MAY be obtained from the Prefix-Lengths Extension in the Router Advertisement, if present. The prefix MAY also be obtained through other mechanisms beyond the scope of this document.
- 如果移动节点使用同一位置的转交地址直接向其归属代理注册,则移动节点应从其接收的任何ICMP路由器公告消息中的公告中选择其默认路由器,其外部获得的转交地址和路由器地址在网络前缀下匹配。如果移动节点的外部获得的地址与网络前缀下的代理广告的IP源地址相匹配,则移动节点还可以考虑IP源地址作为默认路由器的IP地址的另一个可能选择。如果存在,则可以从路由器公告中的前缀长度扩展中获得网络前缀。前缀也可以通过本文件范围以外的其他机制获得。
While they are away from the home network, mobile nodes MUST NOT broadcast ARP packets to find the MAC address of another Internet node. Thus, the (possibly empty) list of Router Addresses from the ICMP Router Advertisement portion of the message is not useful for selecting a default router, unless the mobile node has some means not involving broadcast ARP and not specified within this document for obtaining the MAC address of one of the routers in the list. Similarly, in the absence of unspecified mechanisms for obtaining MAC addresses on foreign networks, the mobile node MUST ignore redirects to other routers on foreign networks.
当移动节点远离家庭网络时,不得通过广播ARP数据包来查找另一个互联网节点的MAC地址。因此,来自消息的ICMP路由器广告部分的路由器地址的(可能为空)列表对于选择默认路由器不有用,除非移动节点具有一些不涉及广播ARP且在本文档中未指定用于获取列表中的路由器之一的MAC地址的手段。类似地,在没有用于在外部网络上获取MAC地址的未指定机制的情况下,移动节点必须忽略到外部网络上的其他路由器的重定向。
Upon receipt of an encapsulated datagram sent to its advertised care-of address, a foreign agent MUST compare the inner destination address to those entries in its visitor list. When the destination does not match the address of any mobile node currently in the visitor list, the foreign agent MUST NOT forward the datagram without
在收到发送到其广告转交地址的封装数据报后,外部代理必须将内部目标地址与其访客列表中的条目进行比较。当目的地与访客列表中当前任何移动节点的地址不匹配时,外部代理不得转发数据报而不发送
modifications to the original IP header, because otherwise a routing loop is likely to result. The datagram SHOULD be silently discarded. ICMP Destination Unreachable MUST NOT be sent when a foreign agent is unable to forward an incoming tunneled datagram. Otherwise, the foreign agent forwards the decapsulated datagram to the mobile node.
对原始IP报头的修改,因为否则可能导致路由循环。数据报应该被悄悄地丢弃。当外部代理无法转发传入的隧道数据报时,不得发送无法到达的ICMP目标。否则,外部代理将解除封装的数据报转发给移动节点。
The foreign agent MUST NOT advertise to other routers in its routing domain, nor to any other mobile node, the presence of a mobile router (Section 4.5) or mobile node in its visitor list.
外部代理不得向其路由域中的其他路由器或任何其他移动节点通告其访客列表中是否存在移动路由器(第4.5节)或移动节点。
The foreign agent MUST route datagrams it receives from registered mobile nodes. At a minimum, this means that the foreign agent must verify the IP Header Checksum, decrement the IP Time To Live, recompute the IP Header Checksum, and forward such datagrams to a default router.
外部代理必须路由它从注册的移动节点接收的数据报。至少,这意味着外部代理必须验证IP报头校验和,减少IP生存时间,重新计算IP报头校验和,并将此类数据报转发到默认路由器。
A foreign agent MUST NOT use broadcast ARP for a mobile node's MAC address on a foreign network. It may obtain the MAC address by copying the information from an Agent Solicitation or a Registration Request transmitted from a mobile node. A foreign agent's ARP cache for the mobile node's IP address MUST NOT be allowed to expire before the mobile node's visitor list entry expires, unless the foreign agent has some way other than broadcast ARP to refresh its MAC address associated with the mobile node's IP address.
外部代理不得将广播ARP用于外部网络上移动节点的MAC地址。它可以通过复制来自代理请求或从移动节点发送的注册请求的信息来获得MAC地址。移动节点IP地址的外部代理ARP缓存不得在移动节点的访客列表条目到期之前过期,除非外部代理使用广播ARP以外的其他方式刷新其与移动节点IP地址关联的MAC地址。
Each foreign agent SHOULD support the mandatory features for reverse tunneling [27].
每个外国代理应支持反向隧道的强制性功能[27]。
The home agent MUST be able to intercept any datagrams on the home network addressed to the mobile node while the mobile node is registered away from home. Proxy and gratuitous ARP MAY be used in enabling this interception, as specified in Section 4.6.
当移动节点在外地注册时,归属代理必须能够截获归属网络上发往移动节点的任何数据报。根据第4.6节的规定,可以使用代理和无偿ARP来实现此拦截。
The home agent must examine the IP Destination Address of all arriving datagrams to see if it is equal to the home address of any of its mobile nodes registered away from home. If so, the home agent tunnels the datagram to the mobile node's currently registered care-of address or addresses. If the home agent supports the optional capability of multiple simultaneous mobility bindings, it tunnels a copy to each care-of address in the mobile node's mobility binding list. If the mobile node has no current mobility bindings, the home agent MUST NOT attempt to intercept datagrams destined for the mobile node, and thus will not in general receive such datagrams. However, if the home agent is also a router handling common IP traffic, it is possible that it will receive such datagrams for forwarding onto the
归属代理必须检查所有到达的数据报的IP目的地地址,以查看它是否等于在离家注册的任何移动节点的归属地址。如果是这样,归属代理将数据报隧道传输到移动节点当前注册的转交地址。如果归属代理支持多个同时移动绑定的可选功能,则它将一个副本隧道到移动节点的移动绑定列表中的每个转交地址。如果移动节点没有当前的移动绑定,则归属代理不得尝试截获目的地为移动节点的数据报,因此通常不会接收此类数据报。然而,如果归属代理也是处理公共IP通信的路由器,则它有可能接收这样的数据报以转发到路由器
home network. In this case, the home agent MUST assume the mobile node is at home and simply forward the datagram directly onto the home network.
家庭网络。在这种情况下,归属代理必须假设移动节点在家中,并简单地将数据报直接转发到归属网络上。
For multihomed home agents, the source address in the outer IP header of the encapsulated datagram MUST be the address sent to the mobile node in the home agent field of the registration reply. That is, the home agent cannot use the the address of some other network interface as the source address.
对于多宿家庭代理,封装数据报的外部IP报头中的源地址必须是注册回复的家庭代理字段中发送给移动节点的地址。也就是说,归属代理不能使用某些其他网络接口的地址作为源地址。
See Section 4.1 regarding methods of encapsulation that may be used for tunneling. Nodes implementing tunneling SHOULD also implement the "tunnel soft state" mechanism [32], which allows ICMP error messages returned from the tunnel to correctly be reflected back to the original senders of the tunneled datagrams.
关于隧道可能使用的封装方法,请参见第4.1节。实现隧道的节点还应实现“隧道软状态”机制[32],该机制允许从隧道返回的ICMP错误消息正确反映回隧道数据报的原始发送方。
Home agents MUST decapsulate packets addressed to themselves, sent by a mobile node for the purpose of maintaining location privacy, as described in Section 5.5. This feature is also required for support of reverse tunneling [27].
如第5.5节所述,出于维护位置隐私的目的,家庭代理必须对移动节点发送的发往自己的数据包进行解密。支持反向隧道也需要此功能[27]。
If the Lifetime for a given mobility binding expires before the home agent has received another valid Registration Request for that mobile node, then that binding is deleted from the mobility binding list. The home agent MUST NOT send any Registration Reply message simply because the mobile node's binding has expired. The entry in the visitor list of the mobile node's current foreign agent will expire naturally, probably at the same time as the binding expired at the home agent. When a mobility binding's lifetime expires, the home agent MUST delete the binding, but it MUST retain any other (non-expired) simultaneous mobility bindings that it holds for the mobile node.
如果给定移动绑定的生存期在归属代理接收到该移动节点的另一有效注册请求之前到期,则该绑定将从移动绑定列表中删除。归属代理不能仅仅因为移动节点的绑定已过期而发送任何注册回复消息。移动节点的当前外部代理的访问者列表中的条目将自然过期,可能与归属代理的绑定过期的时间相同。当移动绑定的生存期到期时,归属代理必须删除该绑定,但必须保留其为移动节点保留的任何其他(未到期)同时移动绑定。
When a home agent receives a datagram, intercepted for one of its mobile nodes registered away from home, the home agent MUST examine the datagram to check if it is already encapsulated. If so, special rules apply in the forwarding of that datagram to the mobile node:
当一个归属代理接收到一个数据报,该数据报是为其在离家注册的一个移动节点截获的,归属代理必须检查该数据报以检查它是否已经被封装。如果是,则在将该数据报转发到移动节点时应用特殊规则:
- If the inner (encapsulated) Destination Address is the same as the outer Destination Address (the mobile node), then the home agent MUST also examine the outer Source Address of the encapsulated datagram (the source address of the tunnel). If this outer Source Address is the same as the mobile node's current care-of address, the home agent MUST silently discard that datagram in order to prevent a likely routing loop. If, instead, the outer Source Address is NOT the same as the mobile node's current care-of address, then the home agent SHOULD forward the datagram to the mobile node. In order to forward
- 如果内部(封装)目标地址与外部目标地址(移动节点)相同,则归属代理还必须检查封装数据报的外部源地址(隧道的源地址)。如果该外部源地址与移动节点的当前转交地址相同,则归属代理必须悄悄地丢弃该数据报,以防止可能的路由循环。相反,如果外部源地址与移动节点的当前转交地址不同,则归属代理应将数据报转发给移动节点。为了前进
the datagram in this case, the home agent MAY simply alter the outer Destination Address to the care-of address, rather than re-encapsulating the datagram.
在这种情况下,归属代理可以简单地将外部目的地地址更改为转交地址,而不是重新封装数据报。
- Otherwise (the inner Destination Address is NOT the same as the outer Destination Address), the home agent SHOULD encapsulate the datagram again (nested encapsulation), with the new outer Destination Address set equal to the mobile node's care-of address. That is, the home agent forwards the entire datagram to the mobile node in the same way as any other datagram (encapsulated already or not).
- 否则(内部目的地地址与外部目的地地址不同),归属代理应再次封装数据报(嵌套封装),新的外部目的地地址设置等于移动节点的转交地址。也就是说,归属代理以与任何其他数据报(已封装或未封装)相同的方式将整个数据报转发到移动节点。
When a home agent receives a broadcast datagram, it MUST NOT forward the datagram to any mobile nodes in its mobility binding list other than those that have requested forwarding of broadcast datagrams. A mobile node MAY request forwarding of broadcast datagrams by setting the 'B' bit in its Registration Request message (Section 3.3). For each such registered mobile node, the home agent SHOULD forward received broadcast datagrams to the mobile node, although it is a matter of configuration at the home agent as to which specific categories of broadcast datagrams will be forwarded to such mobile nodes.
当归属代理接收到广播数据报时,它不得将该数据报转发给其移动绑定列表中的任何移动节点,但已请求转发广播数据报的移动节点除外。移动节点可通过在其注册请求消息中设置“B”位来请求广播数据报的转发(第3.3节)。对于每个这样注册的移动节点,归属代理应当将接收到的广播数据报转发给移动节点,尽管归属代理处关于哪些特定类别的广播数据报将被转发给这样的移动节点是配置问题。
If the 'D' bit was set in the mobile node's Registration Request message, indicating that the mobile node is using a co-located care-of address, the home agent simply tunnels appropriate broadcast IP datagrams to the mobile node's care-of address. Otherwise (the 'D' bit was NOT set), the home agent first encapsulates the broadcast datagram in a unicast datagram addressed to the mobile node's home address, and then tunnels this encapsulated datagram to the foreign agent. This extra level of encapsulation is required so that the foreign agent can determine which mobile node should receive the datagram after it is decapsulated. When received by the foreign agent, the unicast encapsulated datagram is detunneled and delivered to the mobile node in the same way as any other datagram. In either case, the mobile node must decapsulate the datagram it receives in order to recover the original broadcast datagram.
如果在移动节点的注册请求消息中设置了“D”位,指示移动节点正在使用同一位置的转交地址,则归属代理只是将适当的广播IP数据报隧道传输到移动节点的转交地址。否则(未设置“D”位),归属代理首先将广播数据报封装在寻址到移动节点的归属地址的单播数据报中,然后将该封装的数据报隧道传输到外部代理。需要这种额外的封装级别,以便外部代理可以确定哪个移动节点应该在数据报解除封装后接收数据报。当外部代理接收到单播封装的数据报时,以与任何其他数据报相同的方式解除单播封装的数据报并将其传送到移动节点。在任何一种情况下,移动节点都必须解除其接收的数据报的封装,以便恢复原始广播数据报。
As mentioned previously, a mobile node that is connected to its home network functions in the same way as any other (fixed) host or router. Thus, when it is at home, a mobile node functions identically to other multicast senders and receivers. This section therefore describes the behavior of a mobile node that is visiting a foreign network.
如前所述,连接到其家庭网络的移动节点以与任何其他(固定)主机或路由器相同的方式工作。因此,当移动节点在家中时,其功能与其他多播发送方和接收方相同。因此,本节描述访问外部网络的移动节点的行为。
In order to receive multicasts, a mobile node MUST join the multicast group in one of two ways. First, a mobile node MAY join the group via a (local) multicast router on the visited subnet. This option assumes that there is a multicast router present on the visited subnet. If the mobile node is using a co-located care-of address, it SHOULD use this address as the source IP address of its IGMP [11] messages. Otherwise, it MAY use its home address.
为了接收多播,移动节点必须以两种方式之一加入多播组。首先,移动节点可以通过访问子网上的(本地)多播路由器加入该组。此选项假定访问的子网上存在多播路由器。如果移动节点使用同一位置的转交地址,则应使用该地址作为其IGMP[11]消息的源IP地址。否则,它可以使用其家庭地址。
Alternatively, a mobile node which wishes to receive multicasts MAY join groups via a bi-directional tunnel to its home agent, assuming that its home agent is a multicast router. The mobile node tunnels IGMP messages to its home agent and the home agent forwards multicast datagrams down the tunnel to the mobile node. For packets tunneled to the home agent, the source address in the IP header SHOULD be the mobile node's home address.
或者,希望接收多播的移动节点可以通过双向隧道加入到其归属代理的组,假设其归属代理是多播路由器。移动节点通过隧道将IGMP消息传送给其归属代理,归属代理通过隧道将多播数据报转发给移动节点。对于通过隧道传输到归属代理的数据包,IP报头中的源地址应该是移动节点的归属地址。
The rules for multicast datagram delivery to mobile nodes in this case are identical to those for broadcast datagrams (Section 4.3). Namely, if the mobile node is using a co-located care-of address (the 'D' bit was set in the mobile node's Registration Request), then the home agent SHOULD tunnel the datagram to this care-of address; otherwise, the home agent MUST first encapsulate the datagram in a unicast datagram addressed to the mobile node's home address and then MUST tunnel the resulting datagram (nested tunneling) to the mobile node's care-of address. For this reason, the mobile node MUST be capable of decapsulating packets sent to its home address in order to receive multicast datagrams using this method.
在这种情况下,向移动节点传送多播数据报的规则与广播数据报的规则相同(第4.3节)。即,如果移动节点正在使用同一位置的转交地址(在移动节点的注册请求中设置了“D”位),则归属代理应将数据报隧道到该转交地址;否则,归属代理必须首先将数据报封装在寻址到移动节点的归属地址的单播数据报中,然后必须将得到的数据报(嵌套隧道)隧道到移动节点的转交地址。因此,移动节点必须能够解封装发送到其家庭地址的分组,以便使用该方法接收多播数据报。
A mobile node that wishes to send datagrams to a multicast group also has two options: (1) send directly on the visited network; or (2) send via a tunnel to its home agent. Because multicast routing in general depends upon the IP source address, a mobile node which sends multicast datagrams directly on the visited network MUST use a co-located care-of address as the IP source address. Similarly, a mobile node which tunnels a multicast datagram to its home agent MUST use its home address as the IP source address of both the (inner) multicast datagram and the (outer) encapsulating datagram. This second option assumes that the home agent is a multicast router.
希望向多播组发送数据报的移动节点也有两个选项:(1)直接在访问的网络上发送;或(2)通过隧道发送给其国内代理。由于多播路由通常取决于IP源地址,因此直接在访问的网络上发送多播数据报的移动节点必须使用同一位置的转交地址作为IP源地址。类似地,将多播数据报隧道传输到其归属代理的移动节点必须使用其归属地址作为(内部)多播数据报和(外部)封装数据报的IP源地址。第二个选项假定归属代理是多播路由器。
A mobile node can be a router that is responsible for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, a bicycle, or a kayak. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers. In this document, such networks are called "mobile networks".
移动节点可以是路由器,负责一个或多个整体网络的移动性,这些网络可能在飞机、轮船、火车、汽车、自行车或皮划艇上一起移动。连接到由移动路由器服务的网络的节点本身可以是固定节点或移动节点或路由器。在本文件中,此类网络称为“移动网络”。
A mobile router MAY act as a foreign agent and provide a foreign agent care-of address to mobile nodes connected to the mobile network. Typical routing to a mobile node via a mobile router in this case is illustrated by the following example:
移动路由器可以充当外部代理并向连接到移动网络的移动节点提供外部代理转交地址。在这种情况下,通过移动路由器到移动节点的典型路由由以下示例说明:
a) A laptop computer is disconnected from its home network and later attached to a network port in the seat back of an aircraft. The laptop computer uses Mobile IP to register on this foreign network, using a foreign agent care-of address discovered through an Agent Advertisement from the aircraft's foreign agent.
a) 笔记本电脑与家庭网络断开连接,然后连接到飞机座椅靠背的网络端口。笔记本电脑使用移动IP在该外国网络上注册,使用通过飞机外国代理的代理广告发现的外国代理转交地址。
b) The aircraft network is itself mobile. Suppose the node serving as the foreign agent on the aircraft also serves as the default router that connects the aircraft network to the rest of the Internet. When the aircraft is at home, this router is attached to some fixed network at the airline's headquarters, which is the router's home network. While the aircraft is in flight, this router registers from time to time over its radio link with a series of foreign agents below it on the ground. This router's home agent is a node on the fixed network at the airline's headquarters.
b) 飞机网络本身是移动的。假设飞机上充当外部代理的节点也充当默认路由器,将飞机网络连接到互联网的其余部分。当飞机在家时,该路由器连接到航空公司总部的某个固定网络,该网络是路由器的家庭网络。当飞机飞行时,该路由器不时通过其无线电链路与地面上的一系列外国特工进行注册。该路由器的主代理是航空公司总部固定网络上的一个节点。
c) Some correspondent node sends a datagram to the laptop computer, addressing the datagram to the laptop's home address. This datagram is initially routed to the laptop's home network.
c) 一些通信节点向笔记本电脑发送数据报,将数据报寻址到笔记本电脑的家庭地址。该数据报最初路由到笔记本电脑的家庭网络。
d) The laptop's home agent intercepts the datagram on the home network and tunnels it to the laptop's care-of address, which in this example is an address of the node serving as router and foreign agent on the aircraft. Normal IP routing will route the datagram to the fixed network at the airline's headquarters.
d) 笔记本电脑的家庭代理截取家庭网络上的数据报,并将其传输到笔记本电脑的转交地址,在本例中,该地址是飞机上用作路由器和外部代理的节点的地址。正常的IP路由将数据报路由到航空公司总部的固定网络。
e) The aircraft router and foreign agent's home agent there intercepts the datagram and tunnels it to its current care-of address, which in this example is some foreign agent on the ground below the aircraft. The original datagram from the correspondent node has now been encapsulated twice: once by the laptop's home agent and again by the aircraft's home agent.
e) 飞机路由器和外国代理的本地代理在那里拦截数据报并将其传输到其当前转交地址,在本例中,该地址是飞机下方地面上的某个外国代理。来自通讯节点的原始数据报现在已经封装了两次:一次是由笔记本电脑的home agent封装,另一次是由飞机的home agent封装。
f) The foreign agent on the ground decapsulates the datagram, yielding a datagram still encapsulated by the laptop's home agent, with a destination address of the laptop's care-of address. The ground foreign agent sends the resulting datagram over its radio link to the aircraft.
f) 地面上的外国代理对数据报进行解密,生成一个仍由笔记本电脑的本地代理封装的数据报,其目标地址为笔记本电脑的转交地址。地面外部代理通过其无线电链路向飞机发送生成的数据报。
g) The foreign agent on the aircraft decapsulates the datagram, yielding the original datagram from the correspondent node, with a destination address of the laptop's home address. The aircraft foreign agent delivers the datagram over the aircraft network to the laptop's link-layer address.
g) 飞机上的外部代理对数据报进行解密,从对应节点生成原始数据报,目标地址为笔记本电脑的家庭地址。飞机外部代理通过飞机网络将数据报发送到笔记本电脑的链路层地址。
This example illustrated the case in which a mobile node is attached to a mobile network. That is, the mobile node is mobile with respect to the network, which itself is also mobile (here with respect to the ground). If, instead, the node is fixed with respect to the mobile network (the mobile network is the fixed node's home network), then either of two methods may be used to cause datagrams from correspondent nodes to be routed to the fixed node.
该示例说明了移动节点连接到移动网络的情况。也就是说,移动节点相对于网络是移动的,网络本身也是移动的(这里相对于地面)。相反,如果节点相对于移动网络是固定的(移动网络是固定节点的家庭网络),则可以使用两种方法中的任一种来使得来自对应节点的数据报路由到固定节点。
A home agent MAY be configured to have a permanent registration for the fixed node, that indicates the mobile router's address as the fixed host's care-of address. The mobile router's home agent will usually be used for this purpose. The home agent is then responsible for advertising connectivity using normal routing protocols to the fixed node. Any datagrams sent to the fixed node will thus use nested tunneling as described above.
归属代理可被配置为具有固定节点的永久注册,其指示移动路由器的地址作为固定主机的转交地址。移动路由器的归属代理通常用于此目的。然后,归属代理负责使用到固定节点的正常路由协议进行广告连接。因此,发送到固定节点的任何数据报都将使用如上所述的嵌套隧道。
Alternatively, the mobile router MAY advertise connectivity to the entire mobile network using normal IP routing protocols through a bi-directional tunnel to its own home agent. This method avoids the need for nested tunneling of datagrams.
或者,移动路由器可以使用普通IP路由协议通过双向隧道向其自己的归属代理通告到整个移动网络的连接。这种方法避免了数据报嵌套隧道的需要。
The use of ARP [36] requires special rules for correct operation when wireless or mobile nodes are involved. The requirements specified in this section apply to all home networks in which ARP is used for address resolution.
ARP[36]的使用需要特殊规则,以便在涉及无线或移动节点时正确操作。本节规定的要求适用于所有使用ARP进行地址解析的家庭网络。
In addition to the normal use of ARP for resolving a target node's link-layer address from its IP address, this document distinguishes two special uses of ARP:
除了正常使用ARP从目标节点的IP地址解析目标节点的链路层地址外,本文档还区分了ARP的两种特殊用途:
- A Proxy ARP [39] is an ARP Reply sent by one node on behalf of another node which is either unable or unwilling to answer its own ARP Requests. The sender of a Proxy ARP reverses the Sender and Target Protocol Address fields as described in [36], but supplies some configured link-layer address (generally, its own) in the Sender Hardware Address field. The node receiving the Reply will then associate this link-layer address with the IP address of the original target node, causing it to transmit future datagrams for this target node to the node with that link-layer address.
- 代理ARP[39]是一个节点代表另一个节点发送的ARP回复,该节点无法或不愿回答自己的ARP请求。代理ARP的发送方反转发送方和目标协议地址字段,如[36]中所述,但在发送方硬件地址字段中提供一些配置的链路层地址(通常为自己的)。然后,接收回复的节点将该链路层地址与原始目标节点的IP地址相关联,从而使其将该目标节点的未来数据报发送到具有该链路层地址的节点。
- A Gratuitous ARP [45] is an ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache. A gratuitous ARP MAY use either an ARP Request or an ARP Reply packet. In either case, the ARP Sender Protocol Address and ARP Target Protocol Address are both set to the IP address of the cache entry to be updated, and the ARP Sender Hardware Address is set to the link-layer address to which this cache entry should be updated. When using an ARP Reply packet, the Target Hardware Address is also set to the link-layer address to which this cache entry should be updated (this field is not used in an ARP Request packet).
- 免费ARP[45]是节点发送的ARP数据包,目的是自发地使其他节点更新其ARP缓存中的条目。免费的ARP可以使用ARP请求或ARP应答数据包。在任何一种情况下,ARP发送方协议地址和ARP目标协议地址都设置为要更新的缓存项的IP地址,ARP发送方硬件地址设置为该缓存项应更新到的链路层地址。使用ARP应答数据包时,目标硬件地址也设置为该缓存项应更新到的链路层地址(ARP请求数据包中不使用该字段)。
In either case, for a gratuitous ARP, the ARP packet MUST be transmitted as a local broadcast packet on the local link. As specified in [36], any node receiving any ARP packet (Request or Reply) MUST update its local ARP cache with the Sender Protocol and Hardware Addresses in the ARP packet, if the receiving node has an entry for that IP address already in its ARP cache. This requirement in the ARP protocol applies even for ARP Request packets, and for ARP Reply packets that do not match any ARP Request transmitted by the receiving node [36].
在任何一种情况下,对于免费的ARP,ARP数据包必须作为本地链路上的本地广播数据包传输。如[36]所述,任何接收任何ARP数据包(请求或回复)的节点必须使用ARP数据包中的发送方协议和硬件地址更新其本地ARP缓存,前提是接收节点的ARP缓存中已有该IP地址的条目。ARP协议中的这一要求甚至适用于ARP请求数据包,以及与接收节点发送的任何ARP请求不匹配的ARP应答数据包[36]。
While a mobile node is registered on a foreign network, its home agent uses proxy ARP [39] to reply to ARP Requests it receives that seek the mobile node's link-layer address. When receiving an ARP Request, the home agent MUST examine the target IP address of the Request, and if this IP address matches the home address of any mobile node for which it has a registered mobility binding, the home agent MUST transmit an ARP Reply on behalf of the mobile node. After exchanging the sender and target addresses in the packet [39], the home agent MUST set the sender link-layer address in the packet to the link-layer address of its own interface over which the Reply will be sent.
当移动节点在外部网络上注册时,其归属代理使用代理ARP[39]回复其接收到的ARP请求,以查找移动节点的链路层地址。当接收到ARP请求时,归属代理必须检查该请求的目标IP地址,并且如果该IP地址与它具有注册的移动绑定的任何移动节点的归属地址匹配,则归属代理必须代表移动节点发送ARP应答。交换数据包[39]中的发送方和目标地址后,归属代理必须将数据包中的发送方链路层地址设置为其自身接口的链路层地址,应答将通过该接口发送。
When a mobile node leaves its home network and registers a binding on a foreign network, its home agent uses gratuitous ARP to update the ARP caches of nodes on the home network. This causes such nodes to associate the link-layer address of the home agent with the mobile node's home (IP) address. When registering a binding for a mobile node for which the home agent previously had no binding (the mobile node was assumed to be at home), the home agent MUST transmit a gratuitous ARP on behalf of the mobile node. This gratuitous ARP packet MUST be transmitted as a broadcast packet on the link on which the mobile node's home address is located. Since broadcasts on the local link (such as Ethernet) are typically not guaranteed to be reliable, the gratuitous ARP packet SHOULD be retransmitted a small number of times to increase its reliability.
当移动节点离开其家庭网络并在外部网络上注册绑定时,其家庭代理使用免费的ARP更新家庭网络上节点的ARP缓存。这使得此类节点将归属代理的链路层地址与移动节点的归属(IP)地址相关联。当注册归属代理以前没有绑定的移动节点的绑定(移动节点假定在家中)时,归属代理必须代表移动节点发送免费的ARP。这个免费的ARP数据包必须作为广播数据包在移动节点的家庭地址所在的链路上传输。由于本地链路(如以太网)上的广播通常不保证可靠,因此免费的ARP数据包应重新传输少量次以提高其可靠性。
When a mobile node returns to its home network, the mobile node and its home agent use gratuitous ARP to cause all nodes on the mobile node's home network to update their ARP caches to once again associate the mobile node's own link-layer address with the mobile node's home (IP) address. Before transmitting the (de)Registration Request message to its home agent, the mobile node MUST transmit this gratuitous ARP on its home network as a local broadcast on this link. The gratuitous ARP packet SHOULD be retransmitted a small number of times to increase its reliability, but these retransmissions SHOULD proceed in parallel with the transmission and processing of its (de)Registration Request.
当移动节点返回其家庭网络时,移动节点及其家庭代理使用免费ARP使移动节点家庭网络上的所有节点更新其ARP缓存,以再次将移动节点自身的链路层地址与移动节点的家庭(IP)地址相关联。在将(取消)注册请求消息发送给其归属代理之前,移动节点必须在其归属网络上将此免费ARP作为本地广播在该链路上传输。免费的ARP数据包应重新传输少量次以提高其可靠性,但这些重新传输应与其(取消)注册请求的传输和处理并行进行。
When the mobile node's home agent receives and accepts this (de)Registration Request, the home agent MUST also transmit a gratuitous ARP on the mobile node's home network. This gratuitous ARP also is used to associate the mobile node's home address with the mobile node's own link-layer address. A gratuitous ARP is transmitted by both the mobile node and its home agent, since in the case of wireless network interfaces, the area within transmission range of the mobile node will likely differ from that within range of its home agent. The ARP packet from the home agent MUST be transmitted as a local broadcast on the mobile node's home link, and SHOULD be retransmitted a small number of times to increase its reliability; these retransmissions, however, SHOULD proceed in parallel with the transmission and processing of its (de)Registration Reply.
当移动节点的归属代理接收并接受该(取消)注册请求时,归属代理还必须在移动节点的归属网络上发送免费的ARP。此免费ARP还用于将移动节点的家庭地址与移动节点自己的链路层地址相关联。免费的ARP由移动节点及其归属代理发送,因为在无线网络接口的情况下,移动节点的传输范围内的区域可能与其归属代理范围内的区域不同。来自归属代理的ARP数据包必须作为本地广播在移动节点的归属链路上传输,并且应该重新传输少量次以增加其可靠性;但是,这些重新传输应与(取消)注册回复的传输和处理并行进行。
While the mobile node is away from home, it MUST NOT transmit any broadcast ARP Request or ARP Reply messages. Finally, while the mobile node is away from home, it MUST NOT reply to ARP Requests in which the target IP address is its own home address, unless the ARP Request is unicast by a foreign agent with which the mobile node is attempting to register or a foreign agent with which the mobile node has an unexpired registration. In the latter case, the mobile node MUST use a unicast ARP Reply to respond to the foreign agent. Note that if the mobile node is using a co-located care-of address and receives an ARP Request in which the target IP address is this care-of address, then the mobile node SHOULD reply to this ARP Request. Note also that, when transmitting a Registration Request on a foreign network, a mobile node may discover the link-layer address of a foreign agent by storing the address as it is received from the Agent Advertisement from that foreign agent, but not by transmitting a broadcast ARP Request message.
当移动节点不在家时,它不得发送任何广播ARP请求或ARP回复消息。最后,当移动节点不在家时,它不得回复其中目标IP地址为其自身家庭地址的ARP请求,除非ARP请求由移动节点尝试注册的外部代理或移动节点具有未过期注册的外部代理单播。在后一种情况下,移动节点必须使用单播ARP应答来响应外部代理。注意,如果移动节点正在使用同一位置的转交地址并接收到目标IP地址为该转交地址的ARP请求,则移动节点应回复该ARP请求。还注意,当在外部网络上发送注册请求时,移动节点可以通过存储从该外部代理的代理广告接收到的地址而不是通过发送广播ARP请求消息来发现该外部代理的链路层地址。
The specific order in which each of the above requirements for the use of ARP, proxy ARP, and gratuitous ARP are applied, relative to the transmission and processing of the mobile node's Registration Request and Registration Reply messages when leaving home or returning home, are important to the correct operation of the protocol.
上述ARP、代理ARP和免费ARP的使用要求中的每一个的应用的具体顺序,相对于离开家或回家时移动节点的注册请求和注册回复消息的传输和处理,对于协议的正确操作是重要的。
To summarize the above requirements, when a mobile node leaves its home network, the following steps, in this order, MUST be performed:
为了总结上述要求,当移动节点离开其家庭网络时,必须按此顺序执行以下步骤:
- The mobile node decides to register away from home, perhaps because it has received an Agent Advertisement from a foreign agent and has not recently received one from its home agent.
- 移动节点决定离开家乡注册,可能是因为它已经从外地代理接收到代理广告,并且最近没有从其家乡代理接收到代理广告。
- Before transmitting the Registration Request, the mobile node disables its own future processing of any ARP Requests it may subsequently receive requesting the link-layer address corresponding to its home address, except insofar as necessary to communicate with foreign agents on visited networks.
- 在发送注册请求之前,移动节点禁用其自己未来对其随后可能接收到的任何ARP请求的处理,该ARP请求请求对应于其归属地址的链路层地址,除非在访问网络上与外部代理通信是必要的。
- The mobile node transmits its Registration Request.
- 移动节点发送其注册请求。
- When the mobile node's home agent receives and accepts the Registration Request, it performs a gratuitous ARP on behalf of the mobile node, and begins using proxy ARP to reply to ARP Requests that it receives requesting the mobile node's link-layer address. In the gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the home agent. If, instead, the home agent rejects the Registration Request, no ARP processing (gratuitous nor proxy) is performed by the home agent.
- 当移动节点的归属代理接收并接受注册请求时,它代表移动节点执行免费的ARP,并开始使用代理ARP来回复它接收到的请求移动节点链路层地址的ARP请求。在免费ARP中,ARP发送方硬件地址设置为归属代理的链路层地址。相反,如果归属代理拒绝注册请求,则归属代理不执行ARP处理(无偿或代理)。
When a mobile node later returns to its home network, the following steps, in this order, MUST be performed:
当移动节点稍后返回其家庭网络时,必须按此顺序执行以下步骤:
- The mobile node decides to register at home, perhaps because it has received an Agent Advertisement from its home agent.
- 移动节点决定在家中注册,可能是因为它已经从其家代理接收到代理广告。
- Before transmitting the Registration Request, the mobile node re-enables its own future processing of any ARP Requests it may subsequently receive requesting its link-layer address.
- 在发送注册请求之前,移动节点重新启用其自己未来对其随后可能接收到的请求其链路层地址的任何ARP请求的处理。
- The mobile node performs a gratuitous ARP for itself. In this gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the mobile node.
- 移动节点为自己执行免费的ARP。在此免费ARP中,ARP发送方硬件地址设置为移动节点的链路层地址。
- The mobile node transmits its Registration Request.
- 移动节点发送其注册请求。
- When the mobile node's home agent receives and accepts the Registration Request, it stops using proxy ARP to reply to ARP Requests that it receives requesting the mobile node's link-layer address, and then performs a gratuitous ARP on behalf of the mobile node. In this gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the mobile node. If, instead, the home agent rejects the Registration Request, the home agent MUST NOT make any change to the way it performs ARP processing (gratuitous nor proxy) for the mobile node. In this latter case, the home agent should operate as if the mobile node has not returned home, and continue to perform proxy ARP on behalf of the mobile node.
- 当移动节点的归属代理接收并接受注册请求时,它停止使用代理ARP来回复它接收到的请求移动节点的链路层地址的ARP请求,然后代表移动节点执行免费ARP。在此免费ARP中,ARP发送方硬件地址设置为移动节点的链路层地址。相反,如果归属代理拒绝注册请求,则归属代理不得对其为移动节点执行ARP处理(无偿或代理)的方式进行任何更改。在后一种情况下,归属代理应该像移动节点没有返回家乡一样操作,并且继续代表移动节点执行代理ARP。
The mobile computing environment is potentially very different from the ordinary computing environment. In many cases, mobile computers will be connected to the network via wireless links. Such links are particularly vulnerable to passive eavesdropping, active replay attacks, and other active attacks.
移动计算环境可能与普通计算环境非常不同。在许多情况下,移动计算机将通过无线链路连接到网络。此类链接特别容易受到被动窃听、主动重放攻击和其他主动攻击。
Home agents and mobile nodes MUST be able to perform authentication. The default algorithm is HMAC-MD5 [23], with a key size of 128 bits. The foreign agent MUST also support authentication using HMAC-MD5 and key sizes of 128 bits or greater, with manual key distribution. Keys with arbitrary binary values MUST be supported.
家庭代理和移动节点必须能够执行身份验证。默认算法为HMAC-MD5[23],密钥大小为128位。外部代理还必须支持使用HMAC-MD5和128位或更大的密钥大小以及手动密钥分发的身份验证。必须支持具有任意二进制值的键。
The "prefix+suffix" use of MD5 to protect data and a shared secret is considered vulnerable to attack by the cryptographic community. Where backward compatibility with existing Mobile IP implementations that use this mode is needed, new implementations SHOULD include keyed MD5 [41] as one of the additional authentication algorithms for use when producing and verifying the authentication data that is supplied with Mobile IP registration messages, for instance in the extensions specified in sections 3.5.2, 3.5.3, and 3.5.4.
使用MD5“前缀+后缀”来保护数据和共享机密被认为容易受到加密社区的攻击。如果需要与使用此模式的现有移动IP实现向后兼容,则新实现应包括keyed MD5[41],作为生成和验证随移动IP注册消息提供的认证数据时使用的附加认证算法之一,例如,在第3.5.2节、第3.5.3节和第3.5.4节规定的扩展中。
More authentication algorithms, algorithm modes, key distribution methods, and key sizes MAY also be supported for all of these extensions.
所有这些扩展还可能支持更多的身份验证算法、算法模式、密钥分发方法和密钥大小。
The registration protocol described in this document will result in a mobile node's traffic being tunneled to its care-of address. This tunneling feature could be a significant vulnerability if the registration were not authenticated. Such remote redirection, for
本文档中描述的注册协议将导致移动节点的通信量通过隧道传输到其转交地址。如果注册未经过身份验证,此隧道功能可能是一个严重的漏洞。例如,这种远程重定向
instance as performed by the mobile registration protocol, is widely understood to be a security problem in the current Internet if not authenticated [2]. Moreover, the Address Resolution Protocol (ARP) is not authenticated, and can potentially be used to steal another host's traffic. The use of "Gratuitous ARP" (Section 4.6) brings with it all of the risks associated with the use of ARP.
由移动注册协议执行的实例,被广泛理解为当前互联网中的一个安全问题,如果未经验证[2]。此外,地址解析协议(ARP)没有经过身份验证,可能被用来窃取另一个主机的通信量。使用“免费ARP”(第4.6节)会带来与使用ARP相关的所有风险。
This specification requires a strong authentication mechanism (keyed MD5) which precludes many potential attacks based on the Mobile IP registration protocol. However, because key distribution is difficult in the absence of a network key management protocol, messages with the foreign agent are not all required to be authenticated. In a commercial environment it might be important to authenticate all messages between the foreign agent and the home agent, so that billing is possible, and service providers do not provide service to users that are not legitimate customers of that service provider.
该规范需要一个强大的身份验证机制(密钥MD5),它可以防止基于移动IP注册协议的许多潜在攻击。然而,由于在没有网络密钥管理协议的情况下密钥分发是困难的,因此不需要对具有外部代理的消息全部进行身份验证。在商业环境中,验证外部代理和本地代理之间的所有消息可能很重要,这样就可以进行计费,并且服务提供商不向不是该服务提供商的合法客户的用户提供服务。
The strength of any authentication mechanism depends on several factors, including the innate strength of the authentication algorithm, the secrecy of the key used, the strength of the key used, and the quality of the particular implementation. This specification requires implementation of keyed MD5 for authentication, but does not preclude the use of other authentication algorithms and modes. For keyed MD5 authentication to be useful, the 128-bit key must be both secret (that is, known only to authorized parties) and pseudo-random. If nonces are used in connection with replay protection, they must also be selected carefully. Eastlake, et al. [14] provides more information on generating pseudo-random numbers.
任何身份验证机制的强度都取决于几个因素,包括身份验证算法的固有强度、所用密钥的保密性、所用密钥的强度以及特定实现的质量。本规范要求实现密钥MD5进行身份验证,但不排除使用其他身份验证算法和模式。要使键控MD5身份验证有用,128位密钥必须是机密的(即,只有授权方知道)和伪随机的。如果将nonce与重播保护结合使用,则还必须仔细选择它们。Eastlake等人[14]提供了有关生成伪随机数的更多信息。
Users who have sensitive data that they do not wish others to see should use mechanisms outside the scope of this document (such as encryption) to provide appropriate protection. Users concerned about traffic analysis should consider appropriate use of link encryption. If absolute location privacy is desired, the mobile node can create a tunnel to its home agent. Then, datagrams destined for correspondent nodes will appear to emanate from the home network, and it may be more difficult to pinpoint the location of the mobile node. Such mechanisms are all beyond the scope of this document.
拥有不希望他人看到的敏感数据的用户应使用本文档范围之外的机制(如加密)提供适当的保护。关注流量分析的用户应考虑适当使用链路加密。如果需要绝对位置隐私,移动节点可以创建到其归属代理的隧道。然后,发送给对应节点的数据报似乎来自家庭网络,并且可能更难精确定位移动节点的位置。这些机制都超出了本文件的范围。
Many routers implement security policies such as "ingress filtering" [15] that do not allow forwarding of packets that have a Source Address which appears topologically incorrect. In environments where this is a problem, mobile nodes may use reverse tunneling [27] with the foreign agent supplied care-of address as the Source Address. Reverse tunneled packets will be able to pass normally through such routers, while ingress filtering rules will still be able to locate the true topological source of the packet in the same way as packets from non-mobile nodes.
许多路由器实施安全策略,如“入口过滤”[15],不允许转发源地址在拓扑上不正确的数据包。在存在此问题的环境中,移动节点可以使用反向隧道[27],外部代理提供的转交地址作为源地址。反向隧道数据包将能够正常通过此类路由器,而入口过滤规则仍将能够以与来自非移动节点的数据包相同的方式定位数据包的真实拓扑源。
The Identification field is used to let the home agent verify that a registration message has been freshly generated by the mobile node, not replayed by an attacker from some previous registration. Two methods are described in this section: timestamps (mandatory) and "nonces" (optional). All mobile nodes and home agents MUST implement timestamp-based replay protection. These nodes MAY also implement nonce-based replay protection (but see Appendix A).
标识字段用于让归属代理验证注册消息是否由移动节点新生成,而不是由攻击者从以前的某个注册中重播。本节描述了两种方法:时间戳(强制)和“nonces”(可选)。所有移动节点和归属代理都必须实现基于时间戳的重播保护。这些节点还可以实现基于nonce的重播保护(但请参见附录A)。
The style of replay protection in effect between a mobile node and its home agent is part of the mobile security association. A mobile node and its home agent MUST agree on which method of replay protection will be used. The interpretation of the Identification field depends on the method of replay protection as described in the subsequent subsections.
移动节点与其归属代理之间有效的重播保护类型是移动安全关联的一部分。移动节点及其归属代理必须就将使用哪种重播保护方法达成一致。识别字段的解释取决于后续小节中描述的重放保护方法。
Whatever method is used, the low-order 32 bits of the Identification MUST be copied unchanged from the Registration Request to the Reply. The foreign agent uses those bits (and the mobile node's home address) to match Registration Requests with corresponding replies. The mobile node MUST verify that the low-order 32 bits of any Registration Reply are identical to the bits it sent in the Registration Request.
无论使用何种方法,都必须将标识的低阶32位从注册请求复制到应答,不作更改。外部代理使用这些位(以及移动节点的家庭地址)将注册请求与相应的回复进行匹配。移动节点必须验证任何注册回复的低阶32位与它在注册请求中发送的位相同。
The Identification in a new Registration Request MUST NOT be the same as in an immediately preceding Request, and SHOULD NOT repeat while the same security context is being used between the mobile node and the home agent. Retransmission as in Section 3.6.3 is allowed.
新注册请求中的标识不得与前一个请求中的标识相同,并且在移动节点和归属代理之间使用相同的安全上下文时不得重复。允许按照第3.6.3节的规定重新传输。
The basic principle of timestamp replay protection is that the node generating a message inserts the current time of day, and the node receiving the message checks that this timestamp is sufficiently close to its own time of day. Unless specified differently in the
时间戳重放保护的基本原理是,生成消息的节点插入当前时间,接收消息的节点检查该时间戳是否足够接近其自己的时间。除非合同中另有规定
security association between the nodes, a default value of 7 seconds MAY be used to limit the time difference. This value SHOULD be greater than 3 seconds. Obviously the two nodes must have adequately synchronized time-of-day clocks. As with any messages, time synchronization messages may be protected against tampering by an authentication mechanism determined by the security context between the two nodes.
节点之间的安全关联,默认值7秒可用于限制时差。该值应大于3秒。显然,这两个节点必须具有充分同步的时钟。与任何消息一样,时间同步消息可以通过由两个节点之间的安全上下文确定的认证机制来防止篡改。
If timestamps are used, the mobile node MUST set the Identification field to a 64-bit value formatted as specified by the Network Time Protocol [26]. The low-order 32 bits of the NTP format represent fractional seconds, and those bits which are not available from a time source SHOULD be generated from a good source of randomness. Note, however, that when using timestamps, the 64-bit Identification used in a Registration Request from the mobile node MUST be greater than that used in any previous Registration Request, as the home agent uses this field also as a sequence number. Without such a sequence number, it would be possible for a delayed duplicate of an earlier Registration Request to arrive at the home agent (within the clock synchronization required by the home agent), and thus be applied out of order, mistakenly altering the mobile node's current registered care-of address.
如果使用时间戳,移动节点必须将标识字段设置为64位值,该值的格式由网络时间协议指定[26]。NTP格式的低阶32位表示分数秒,时间源不可用的那些位应该从良好的随机性源生成。然而,注意,当使用时间戳时,在来自移动节点的注册请求中使用的64位标识必须大于在任何先前的注册请求中使用的标识,因为归属代理也将该字段用作序列号。如果没有这样的序列号,则早期注册请求的延迟副本可能到达归属代理(在归属代理要求的时钟同步内),并且因此被无序应用,从而错误地改变移动节点的当前注册转交地址。
Upon receipt of a Registration Request with an authorization-enabling extension, the home agent MUST check the Identification field for validity. In order to be valid, the timestamp contained in the Identification field MUST be close enough to the home agent's time of day clock and the timestamp MUST be greater than all previously accepted timestamps for the requesting mobile node. Time tolerances and resynchronization details are specific to a particular mobility security association.
在收到具有授权启用扩展的注册请求后,国内代理必须检查标识字段的有效性。为了有效,包含在标识字段中的时间戳必须足够接近归属代理的时间时钟,并且时间戳必须大于请求移动节点的所有先前接受的时间戳。时间容差和重新同步细节特定于特定的移动安全关联。
If the timestamp is valid, the home agent copies the entire Identification field into the Registration Reply it returns the Reply to the mobile node. If the timestamp is not valid, the home agent copies only the low-order 32 bits into the Registration Reply, and supplies the high-order 32 bits from its own time of day. In this latter case, the home agent MUST reject the registration by returning Code 133 (identification mismatch) in the Registration Reply.
如果时间戳有效,归属代理将整个标识字段复制到注册应答中,并将应答返回给移动节点。如果时间戳无效,归属代理仅将低阶32位复制到注册应答中,并从其自己的时间提供高阶32位。在后一种情况下,归属代理必须通过在注册回复中返回代码133(标识不匹配)来拒绝注册。
As described in Section 3.6.2.1, the mobile node MUST verify that the low-order 32 bits of the Identification in the Registration Reply are identical to those in the rejected registration attempt, before using the high-order bits for clock resynchronization.
如第3.6.2.1节所述,在使用高阶位进行时钟重新同步之前,移动节点必须验证注册应答中标识的低阶32位与被拒绝注册尝试中标识的低阶32位相同。
The basic principle of nonce replay protection is that node A includes a new random number in every message to node B, and checks that node B returns that same number in its next message to node A. Both messages use an authentication code to protect against alteration by an attacker. At the same time node B can send its own nonces in all messages to node A (to be echoed by node A), so that it too can verify that it is receiving fresh messages.
nonce replay保护的基本原理是,节点A在发送给节点B的每条消息中包含一个新的随机数,并检查节点B是否在发送给节点A的下一条消息中返回相同的数字。这两条消息都使用身份验证码来防止攻击者的更改。同时,节点B可以在所有消息中向节点A发送其自己的nonce(由节点A回送),以便它也可以验证它正在接收新消息。
The home agent may be expected to have resources for computing pseudo-random numbers useful as nonces [14]. It inserts a new nonce as the high-order 32 bits of the identification field of every Registration Reply. The home agent copies the low-order 32 bits of the Identification from the Registration Request message into the low-order 32 bits of the Identification in the Registration Reply. When the mobile node receives an authenticated Registration Reply from the home agent, it saves the high-order 32 bits of the identification for use as the high-order 32 bits of its next Registration Request.
归属代理可能被期望具有用于计算可用作nonce的伪随机数的资源[14]。它插入一个新的nonce作为每个注册应答的标识字段的高阶32位。归属代理将来自注册请求消息的低阶32位标识复制到注册应答中的低阶32位标识。当移动节点从归属代理接收经认证的注册应答时,它保存标识的高阶32位以用作其下一个注册请求的高阶32位。
The mobile node is responsible for generating the low-order 32 bits of the Identification in each Registration Request. Ideally it should generate its own random nonces. However it may use any expedient method, including duplication of the random value sent by the home agent. The method chosen is of concern only to the mobile node, because it is the node that checks for valid values in the Registration Reply. The high-order and low-order 32 bits of the identification chosen SHOULD both differ from their previous values. The home agent uses a new high-order value and the mobile node uses a new low-order value for each registration message. The foreign agent uses the low-order value (and the mobile host's home address) to correctly match registration replies with pending Requests (Section 3.7.1).
移动节点负责在每个注册请求中生成标识的低阶32位。理想情况下,它应该生成自己的随机nonce。然而,它可以使用任何方便的方法,包括复制由归属代理发送的随机值。选择的方法仅与移动节点有关,因为它是检查注册回复中有效值的节点。所选标识的高阶和低阶32位均应与其先前的值不同。归属代理使用新的高阶值,移动节点为每个注册消息使用新的低阶值。外部代理使用低阶值(和移动主机的家庭地址)将注册回复与未决请求正确匹配(第3.7.1节)。
If a registration message is rejected because of an invalid nonce, the Reply always provides the mobile node with a new nonce to be used in the next registration. Thus the nonce protocol is self-synchronizing.
如果注册消息由于无效的nonce而被拒绝,则应答总是向移动节点提供一个新的nonce以用于下一次注册。因此,nonce协议是自同步的。
Mobile IP specifies several new number spaces for values to be used in various message fields. These number spaces include the following:
移动IP为要在各种消息字段中使用的值指定几个新的数字空间。这些数字空间包括以下内容:
- Mobile IP message types sent to UDP port 434, as defined in section 1.8.
- 发送到UDP端口434的移动IP消息类型,如第1.8节所定义。
- types of extensions to Registration Request and Registration Reply messages (see sections 3.3 and 3.4, and also consult [27, 29, 6, 7, 12])
- 注册请求和注册回复消息的扩展类型(参见第3.3节和第3.4节,也可参考[27,29,6,7,12])
- values for the Code in the Registration Reply message (see section 3.4, and also consult [27, 29, 6, 7, 12])
- 注册回复消息中代码的值(参见第3.4节,也可参考[27,29,6,7,12])
- Mobile IP defines so-called Agent Solicitation and Agent Advertisement messages. These messages are in fact Router Discovery messages [10] augmented with mobile-IP specific extensions. Thus, they do not define a new name space, but do define additional Router Discovery extensions as described below in Section 6.2. Also see Section 2.1 and consult [7, 12].
- 移动IP定义了所谓的代理请求和代理广告消息。这些消息实际上是路由器发现消息[10],并通过特定于移动IP的扩展进行了扩展。因此,它们没有定义新的名称空间,而是定义了额外的路由器发现扩展,如下文第6.2节所述。另见第2.1节并参考[7,12]。
There are additional Mobile IP numbering spaces specified in [7].
[7]中规定了额外的移动IP编号空间。
Information about assignment of mobile-ip numbers derived from specifications external to this document is given by IANA at http://www.iana.org/numbers.html. From that URL, follow the hyperlinks to [M] within the "Directory of General Assigned Numbers", and subsequently to the specific section for "Mobile IP Numbers".
IANA在以下地址提供了根据本文件外部规范获得的移动ip号码分配信息:http://www.iana.org/numbers.html. 从该URL,点击“一般分配号码目录”中[M]的超链接,然后点击“移动IP号码”的特定部分。
Mobile IP messages are defined to be those that are sent to a message recipient at port 434 (UDP or TCP). The number space for Mobile IP messages is specified in Section 1.8. Approval of new extension numbers is subject to Expert Review, and a specification is required [30]. The currently standardized message types have the following numbers, and are specified in the indicated sections.
移动IP消息定义为发送到端口434(UDP或TCP)的消息收件人的消息。第1.8节规定了移动IP消息的数字空间。新分机号的批准需经专家审查,并需要一份规范[30]。当前标准化的消息类型具有以下编号,并在指定的部分中指定。
Type Name Section
---- -------------------------------------------- ---------
1 Registration Request 3.3
3 Registration Reply 3.4
Type Name Section
---- -------------------------------------------- ---------
1 Registration Request 3.3
3 Registration Reply 3.4
RFC 1256 defines two ICMP message types, Router Advertisement and Router Solicitation. Mobile IP defines a number space for extensions to Router Advertisement, which could be used by protocols other than Mobile IP. The extension types currently standardized for use with Mobile IP have the following numbers.
RFC1256定义了两种ICMP消息类型,路由器公告和路由器请求。移动IP为路由器广告的扩展定义了一个数字空间,可由移动IP以外的协议使用。当前与移动IP一起使用的标准化扩展类型有以下编号。
Type Name Reference
---- -------------------------------------------- ---------
0 One-byte Padding 2.1.3
16 Mobility Agent Advertisement 2.1.1
19 Prefix-Lengths 2.1.2
Type Name Reference
---- -------------------------------------------- ---------
0 One-byte Padding 2.1.3
16 Mobility Agent Advertisement 2.1.1
19 Prefix-Lengths 2.1.2
Approval of new extension numbers for use with Mobile IP is subject to Expert Review, and a specification is required [30].
与移动IP一起使用的新分机号码的批准需经过专家审查,并且需要一份规范[30]。
The Mobile IP messages, specified within this document, and listed in sections 1.8 and 6.1, may have extensions. Mobile IP message extensions all share the same number space, even if they are to be applied to different Mobile IP messages. The number space for Mobile IP message extensions is specified within this document. Approval of new extension numbers is subject to Expert Review, and a specification is required [30].
本文件中规定并在第1.8节和第6.1节中列出的移动IP消息可能具有扩展名。移动IP消息扩展共享相同的数字空间,即使它们将应用于不同的移动IP消息。本文档中指定了移动IP消息扩展的数字空间。新分机号的批准需经专家审查,并需要一份规范[30]。
Type Name Reference
---- -------------------------------------------- ---------
0 One-byte Padding
32 Mobile-Home Authentication 3.5.2
33 Mobile-Foreign Authentication 3.5.3
34 Foreign-Home Authentication 3.5.4
Type Name Reference
---- -------------------------------------------- ---------
0 One-byte Padding
32 Mobile-Home Authentication 3.5.2
33 Mobile-Foreign Authentication 3.5.3
34 Foreign-Home Authentication 3.5.4
The Mobile IP Registration Reply message, specified in section 3.4, has a Code field. The number space for the Code field values is also specified in Section 3.4. The Code number space is structured according to whether the registration was successful, or whether the foreign agent denied the registration request, or lastly whether the home agent denied the registration request, as follows:
第3.4节中规定的移动IP注册回复消息具有代码字段。第3.4节还规定了代码字段值的数字空间。根据注册是否成功,或者外国代理是否拒绝注册请求,或者最后是本国代理是否拒绝注册请求,代码编号空间的结构如下:
0-8 Success Codes 9-63 No allocation guidelines currently exist 64-127 Error Codes from the Foreign Agent 128-192 Error Codes from the Home Agent 193-255 No allocation guidelines currently exist
0-8成功代码9-63当前不存在分配准则64-127来自外国代理的错误代码128-192来自本国代理的错误代码193-255当前不存在分配准则
Approval of new Code values requires Expert Review [30].
新代码值的批准需要专家审查[30]。
Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp and John Ioannidis (JI) (Columbia University), for forming the working group, chairing it, and putting so much effort into its early development. Columbia's early Mobile IP work can be found in [18, 19, 17].
特别感谢史蒂夫·迪林(施乐PARC)、丹·杜尚(Dan Duchamp)和约翰·伊奥尼迪斯(John Ioannidis)(哥伦比亚大学)组建工作组,担任工作组主席,并为其早期发展付出了巨大努力。哥伦比亚大学早期的移动IP工作可以在[18,19,17]中找到。
Thanks also to Kannan Alaggapan, Greg Minshall, Tony Li, Jim Solomon, Erik Nordmark, Basavaraj Patil, and Phil Roberts for their contributions to the group while performing the duties of chairperson, as well as for their many useful comments.
还要感谢Kannan Alaggapan、Greg Minshall、Tony Li、Jim Solomon、Erik Nordmark、Basavaraj Patil和Phil Roberts在履行主席职责时对小组的贡献,以及他们的许多有用意见。
Thanks to the active members of the Mobile IP Working Group, particularly those who contributed text, including (in alphabetical order)
感谢移动IP工作组的积极成员,特别是那些提供文本的成员,包括(按字母顺序排列)
- Ran Atkinson (Naval Research Lab), - Samita Chakrabarti (Sun Microsystems) - Ken Imboden (Candlestick Networks, Inc.) - Dave Johnson (Carnegie Mellon University), - Frank Kastenholz (FTP Software), - Anders Klemets (KTH), - Chip Maguire (KTH), - Alison Mankin (ISI) - Andrew Myles (Macquarie University), - Thomas Narten (IBM) - Al Quirt (Bell Northern Research), - Yakov Rekhter (IBM), and - Fumio Teraoka (Sony). - Alper Yegin (NTT DoCoMo)
- 运行阿特金森(海军研究实验室),-萨米塔·查克拉巴蒂(太阳微系统公司)-肯·因博登(烛台网络公司)-戴夫·约翰逊(卡内基梅隆大学),-弗兰克·卡斯滕霍尔茨(FTP软件),-安德斯·克莱梅茨(KTH),-芯片马奎尔(KTH),-艾莉森·曼金(ISI)-安德鲁·迈尔斯(麦格理大学),-托马斯·纳滕(IBM)-艾尔·奎特(贝尔北方研究公司),-雅科夫·雷克特(IBM)和-Teraoka(索尼)。-阿尔珀·耶金(NTT DoCoMo)
Thanks to Charlie Kunzinger and to Bill Simpson, the editors who produced the first drafts for of this document, reflecting the discussions of the Working Group. Much of the new text in the later revisions preceding RFC 2002 is due to Jim Solomon and Dave Johnson.
感谢查理·昆辛格(Charlie Kunzinger)和比尔·辛普森(Bill Simpson),这两位编辑编写了本文件的初稿,反映了工作组的讨论。RFC 2002之前的后期修订版中的大部分新文本都是由Jim Solomon和Dave Johnson编写的。
Thanks to Greg Minshall (Novell), Phil Karn (Qualcomm), Frank Kastenholz (FTP Software), and Pat Calhoun (Sun Microsystems) for their generous support in hosting interim Working Group meetings.
感谢Greg Minshall(Novell)、Phil Karn(高通公司)、Frank Kastenholz(FTP软件)和Pat Calhoun(Sun Microsystems)在主持临时工作组会议方面给予的慷慨支持。
Sections 1.10 and 1.11, which specify new extension formats to be used with aggregatable extension types, were included from a specification document (entitled "Mobile IP Extensions Rationalization (MIER)", which was written by
第1.10节和第1.11节规定了与可聚合扩展类型一起使用的新扩展格式,该节包含在一份规范文件中(标题为“移动IP扩展合理化(MIER)”,该文件由
- Mohamed M.Khalil, Nortel Networks - Raja Narayanan, nVisible Networks - Haseeb Akhtar, Nortel Networks - Emad Qaddoura, Nortel Networks
- Mohamed M.Khalil,北电网络-Raja Narayanan,nVisible Networks-Haseeb Akhtar,北电网络-Emad Qaddoura,北电网络
Thanks to these authors, and also for the additional work on MIER, which was contributed by Basavaraj Patil, Pat Calhoun, Neil Justusson, N. Asokan, and Jouni Malinen.
感谢这些作者,也感谢巴萨瓦拉吉·帕蒂尔、帕特·卡尔霍恩、尼尔·贾斯图森、N.阿育冈和朱尼·马利南对MIER的额外工作。
A. Patent Issues
A.专利问题
The IETF has been notified of intellectual property rights claimed in regard to some or all of the specification contained in this document. For more information consult the online list of claimed rights.
IETF已收到关于本文件所含部分或全部规范的知识产权声明。有关更多信息,请查阅在线权利主张列表。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
B. Link-Layer Considerations
B.链路层注意事项
The mobile node MAY use link-layer mechanisms to decide that its point of attachment has changed. Such indications include the Down/Testing/Up interface status [24], and changes in cell or administration. The mechanisms will be specific to the particular link-layer technology, and are outside the scope of this document.
移动节点可以使用链路层机制来确定其连接点已经改变。此类指示包括下降/测试/上升接口状态[24],以及电池或管理的变化。这些机制将特定于特定的链路层技术,不在本文档的范围内。
The Point-to-Point-Protocol (PPP) [42] and its Internet Protocol Control Protocol (IPCP) [25], negotiates the use of IP addresses. The mobile node SHOULD first attempt to specify its home address, so that if the mobile node is attaching to its home network, the unrouted link will function correctly. When the home address is not accepted by the peer, but a transient IP address is dynamically assigned to the mobile node, and the mobile node is capable of supporting a co-located care-of address, the mobile node MAY register that address as a co-located care-of address. When the peer specifies its own IP address, that address MUST NOT be assumed to be a foreign agent care-of address or the IP address of a home agent.
点对点协议(PPP)[42]及其互联网协议控制协议(IPCP)[25]协商IP地址的使用。移动节点应首先尝试指定其家庭地址,以便在移动节点连接到其家庭网络时,未路由的链路将正常工作。当对等方不接受归属地址,但是动态地将瞬时IP地址分配给移动节点,并且移动节点能够支持同一位置的转交地址时,移动节点可以将该地址注册为同一位置的转交地址。当对等方指定其自己的IP地址时,该地址不得假定为外部代理转交地址或本地代理的IP地址。
PPP extensions for Mobile IP have been specified in RFC 2290 [44]. Please consult that document for additional details for how to handle care-of address assignment from PPP in a more efficient manner.
RFC 2290[44]中规定了移动IP的PPP扩展。有关如何以更有效的方式处理PPP转交地址分配的更多详细信息,请参阅该文件。
C. TCP Considerations
C.TCP注意事项
When high-delay (e.g. SATCOM) or low-bandwidth (e.g. High-Frequency Radio) links are in use, some TCP stacks may have insufficiently adaptive (non-standard) retransmission timeouts. There may be spurious retransmission timeouts, even when the link and network are actually operating properly, but just with a high delay because of the medium in use. This can cause an inability to create or maintain TCP connections over such links, and can also cause unneeded retransmissions which consume already scarce bandwidth. Vendors are encouraged to follow the algorithms in RFC 2988 [31] when implementing TCP retransmission timers. Vendors of systems designed for low-bandwidth, high-delay links should consult RFCs 2757 and 2488 [28, 1]. Designers of applications targeted to operate on mobile nodes should be sensitive to the possibility of timer-related difficulties.
当使用高延迟(例如卫星通信)或低带宽(例如高频无线电)链路时,某些TCP堆栈可能具有不充分自适应(非标准)的重传超时。即使链路和网络实际运行正常,也可能会出现虚假的重新传输超时,但由于使用的介质,延迟很高。这可能导致无法在此类链路上创建或维护TCP连接,也可能导致不必要的重新传输,这会消耗本来就很稀少的带宽。鼓励供应商在实施TCP重传计时器时遵循RFC 2988[31]中的算法。为低带宽、高延迟链路设计的系统供应商应咨询RFCs 2757和2488[28,1]。针对在移动节点上运行的应用程序的设计者应该对计时器相关困难的可能性保持敏感。
Mobile nodes often use media which are more likely to introduce errors, effectively causing more packets to be dropped. This introduces a conflict with the mechanisms for congestion management found in modern versions of TCP [21]. Now, when a packet is dropped, the correspondent node's TCP implementation is likely to react as if there were a source of network congestion, and initiate the slow-start mechanisms [21] designed for controlling that problem. However, those mechanisms are inappropriate for overcoming errors introduced by the links themselves, and have the effect of magnifying the discontinuity introduced by the dropped packet. This problem has been analyzed by Caceres, et al. [5]. TCP approaches to the problem of handling errors that might interfere with congestion management are discussed in documents from the [pilc] working group [3, 9]. While such approaches are beyond the scope of this document, they illustrate that providing performance transparency to mobile nodes involves understanding mechanisms outside the network layer. Problems introduced by higher media error rates also indicate the need to avoid designs which systematically drop packets; such designs might otherwise be considered favorably when making engineering tradeoffs.
移动节点通常使用更容易引入错误的媒体,从而有效地导致更多的数据包被丢弃。这与现代TCP版本中的拥塞管理机制产生了冲突[21]。现在,当数据包被丢弃时,对应节点的TCP实现可能会做出反应,就好像存在网络拥塞源一样,并启动设计用于控制该问题的慢启动机制[21]。然而,这些机制不适合克服链路本身引入的错误,并且具有放大丢包引入的不连续性的效果。Caceres等人对这个问题进行了分析[5]。[pilc]工作组[3,9]的文件中讨论了处理可能干扰拥塞管理的错误的TCP方法。虽然这些方法超出了本文档的范围,但它们说明了为移动节点提供性能透明性需要理解网络层之外的机制。较高的媒体错误率带来的问题也表明需要避免系统性丢弃数据包的设计;在进行工程权衡时,此类设计可能会被认为是有利的。
D. Example Scenarios
D.示例场景
This section shows example Registration Requests for several common scenarios.
本节显示了几个常见场景的注册请求示例。
The mobile node receives an Agent Advertisement from a foreign agent and wishes to register with that agent using the advertised foreign agent care-of address. The mobile node wishes only IP-in-IP encapsulation, does not want broadcasts, and does not want simultaneous mobility bindings:
移动节点从外部代理接收代理广告,并希望使用广告的外部代理转交地址向该代理注册。移动节点只希望IP封装中的IP,不希望广播,也不希望同时移动绑定:
IP fields:
Source Address = mobile node's home address
Destination Address = copied from the IP source address of the
Agent Advertisement
Time to Live = 1
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=0,D=0,M=0,G=0
Lifetime = the Registration Lifetime copied from the
Mobility Agent Advertisement Extension of the
Router Advertisement message
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = the Care-of Address copied from the
Mobility Agent Advertisement Extension of the
Router Advertisement message
Identification = Network Time Protocol timestamp or Nonce
Extensions:
An authorization-enabling extension (e.g., the
Mobile-Home Authentication Extension)
IP fields:
Source Address = mobile node's home address
Destination Address = copied from the IP source address of the
Agent Advertisement
Time to Live = 1
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=0,D=0,M=0,G=0
Lifetime = the Registration Lifetime copied from the
Mobility Agent Advertisement Extension of the
Router Advertisement message
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = the Care-of Address copied from the
Mobility Agent Advertisement Extension of the
Router Advertisement message
Identification = Network Time Protocol timestamp or Nonce
Extensions:
An authorization-enabling extension (e.g., the
Mobile-Home Authentication Extension)
The mobile node enters a foreign network that contains no foreign agents. The mobile node obtains an address from a DHCP server [13] for use as a co-located care-of address. The mobile node supports all forms of encapsulation (IP-in-IP, minimal encapsulation, and GRE), desires a copy of broadcast datagrams on the home network, and does not want simultaneous mobility bindings:
移动节点进入不包含外部代理的外部网络。移动节点从DHCP服务器[13]获取地址以用作共同定位的转交地址。移动节点支持所有形式的封装(IP-in-IP、最小封装和GRE),希望在家庭网络上获得广播数据报的副本,并且不希望同时进行移动绑定:
IP fields:
Source Address = care-of address obtained from DHCP server
Destination Address = IP address of home agent
Time to Live = 64
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=1,D=1,M=1,G=1
Lifetime = 1800 (seconds)
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = care-of address obtained from DHCP server
Identification = Network Time Protocol timestamp or Nonce
Extensions:
The Mobile-Home Authentication Extension
IP fields:
Source Address = care-of address obtained from DHCP server
Destination Address = IP address of home agent
Time to Live = 64
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=1,D=1,M=1,G=1
Lifetime = 1800 (seconds)
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = care-of address obtained from DHCP server
Identification = Network Time Protocol timestamp or Nonce
Extensions:
The Mobile-Home Authentication Extension
The mobile node returns home and wishes to deregister all care-of addresses with its home agent.
移动节点返回家乡并希望向其家乡代理注销所有转交地址。
IP fields:
Source Address = mobile node's home address
Destination Address = IP address of home agent
Time to Live = 1
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=0,D=0,M=0,G=0
Lifetime = 0
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = the mobile node's home address
Identification = Network Time Protocol timestamp or Nonce
IP fields:
Source Address = mobile node's home address
Destination Address = IP address of home agent
Time to Live = 1
UDP fields:
Source Port = <any>
Destination Port = 434
Registration Request fields:
Type = 1
S=0,B=0,D=0,M=0,G=0
Lifetime = 0
Home Address = the mobile node's home address
Home Agent = IP address of mobile node's home agent
Care-of Address = the mobile node's home address
Identification = Network Time Protocol timestamp or Nonce
Extensions: An authorization-enabling extension (e.g., the Mobile-Home Authentication Extension)
扩展:授权启用扩展(例如,移动家庭认证扩展)
E. Applicability of Prefix-Lengths Extension
E.前缀长度扩展的适用性
Caution is indicated with the use of the Prefix-Lengths Extension over wireless links, due to the irregular coverage areas provided by wireless transmitters. As a result, it is possible that two foreign agents advertising the same prefix might indeed provide different connectivity to prospective mobile nodes. The Prefix-Lengths Extension SHOULD NOT be included in the advertisements sent by agents in such a configuration.
由于无线发射机提供的覆盖区域不规则,因此在无线链路上使用前缀长度扩展时应注意。因此,两个广告相同前缀的外国代理可能确实为潜在的移动节点提供不同的连接。在这种配置中,代理发送的播发中不应包括前缀长度扩展。
Foreign agents using different wireless interfaces would have to cooperate using special protocols to provide identical coverage in space, and thus be able to claim to have wireless interfaces situated on the same subnetwork. In the case of wired interfaces, a mobile node disconnecting and subsequently connecting to a new point of attachment, may well send in a new Registration Request no matter whether the new advertisement is on the same medium as the last recorded advertisement. And, finally, in areas with dense populations of foreign agents it would seem unwise to require the propagation via routing protocols of the subnet prefixes associated with each individual wireless foreign agent; such a strategy could lead to quick depletion of available space for routing tables, unwarranted increases in the time required for processing routing updates, and longer decision times for route selection if routes (which are almost always unnecessary) are stored for wireless "subnets".
使用不同无线接口的外国代理必须使用特殊协议进行合作,以提供相同的空间覆盖,从而能够声称无线接口位于同一子网络上。在有线接口的情况下,移动节点断开连接并随后连接到新的连接点,很可能发送新的注册请求,而不管新的广告是否在与上次记录的广告相同的介质上。最后,在外来代理人口密集的地区,要求通过与每个单独的无线外来代理相关联的子网前缀的路由协议进行传播似乎是不明智的;如果为无线“子网”存储路由(几乎总是不必要的),这种策略可能会导致路由表可用空间的快速耗尽、处理路由更新所需时间的不必要增加以及路由选择的决策时间更长。
F. Interoperability Considerations
F.互操作性考虑
This document specifies revisions to RFC 2002 that are intended to improve interoperability by resolving ambiguities contained in the earlier text. Implementations that perform authentication according to the new more precisely specified algorithm would be interoperable with earlier implementations that did what was originally expected for producing authentication data. That was a major source of non-interoperability before.
本文件规定了对RFC 2002的修订,旨在通过解决先前文本中的歧义来提高互操作性。根据新的更精确的指定算法执行身份验证的实现可以与早期实现进行互操作,早期实现完成了最初用于生成身份验证数据的预期。这是以前互操作性不强的一个主要原因。
However, this specification does have new features that, if used, would cause interoperability problems with older implementations. All features specified in RFC 2002 will work with the new implementations, except for V-J compression [20]. The following list details some of the possible areas of compatibility problems that may be experienced by nodes conforming to this revised specification, when attempting to interoperate with nodes obeying RFC 2002.
然而,该规范确实有一些新特性,如果使用这些特性,将导致与旧实现的互操作性问题。RFC 2002中指定的所有功能都将与新的实现一起使用,除了V-J压缩[20]。以下列表详细说明了符合本修订规范的节点在尝试与遵守RFC 2002的节点进行互操作时可能遇到的一些兼容性问题。
- A client that expects some of the newly mandatory features (like reverse tunneling) from a foreign agent would still be interoperable as long as it pays attention to the `T' bit.
- 如果客户希望从外国代理那里获得一些新的强制性功能(如反向隧道),那么只要它注意到“T”位,就仍然可以进行互操作。
- Mobile nodes that use the NAI extension to identify themselves would not work with old mobility agents.
- 使用NAI扩展来识别自己的移动节点将无法与旧的移动代理一起工作。
- Mobile nodes that use a zero home address and expect to receive their home address in the Registration Reply would not work with old mobility agents.
- 使用零家庭地址并期望在注册回复中接收其家庭地址的移动节点将无法与旧的移动代理一起工作。
- Mobile nodes that attempt to authenticate themselves without using the Mobile-Home authentication extension will be unable to successful register with their home agent.
- 尝试在不使用移动家庭身份验证扩展的情况下对自己进行身份验证的移动节点将无法成功地向其家庭代理注册。
In all of these cases, a robust and well-configured mobile node is very likely to be able to recover if it takes reasonable actions upon receipt of a Registration Reply with an error code indicating the cause for rejection. For instance, if a mobile node sends a registration request that is rejected because it contains the wrong kind of authentication extension, then the mobile node could retry the registration with a mobile-home authentication extension, since the foreign agent and/or home agent in this case will not be configured to demand the alternative authentication data.
在所有这些情况下,如果一个健壮且配置良好的移动节点在收到带有指示拒绝原因的错误代码的注册回复后采取合理的措施,那么它很可能能够恢复。例如,如果移动节点发送的注册请求因包含错误类型的身份验证扩展而被拒绝,则移动节点可以使用移动家庭身份验证扩展重试注册,因为在这种情况下,外部代理和/或本地代理将不会配置为要求替代身份验证数据。
G. Changes since RFC 2002
G.自2002年RFC以来的变化
This section details differences between the original Mobile IP base specification (RFC 2002 and ff.) that have been made as part of this revised protocol specification for Mobile IP.
本节详细介绍了原始移动IP基本规范(RFC 2002和ff)之间的差异,这些差异已作为本修订版移动IP协议规范的一部分。
- Specification for Destination IP address of Registration Reply transmitted from Foreign Agent, to avoid any possible transmission to IP address 0.0.0.0.
- 从外部代理传输的注册回复的目标IP地址规范,以避免任何可能传输到IP地址0.0.0.0的情况。
- Specification of two new formats for Mobile IP extensions, according to the ideas contained in MIER.
- 根据MIER中包含的思想,为移动IP扩展指定了两种新格式。
- Specification that the SPI of the MN-HA authentication extension is to be used as part of the data over which the authentication algorithm must be computed.
- MN-HA身份验证扩展的SPI用作必须计算身份验证算法的数据的一部分的规范。
- Eliminated Van-Jacobson Compression feature
- 消除了vanjacobson压缩特性
- Specification that foreign agents MAY send advertisements at a rate faster than once per second, but chosen so that the advertisements do not burden the capacity of the local link. For simplicity, the foreign agent now MAY send advertisements at an interval less than 1/3 the advertised ICMP Lifetime.
- 外国代理可以每秒一次以上的速度发送广告的规范,但选择的广告不会对本地链路的容量造成负担。为简单起见,外部代理现在可以以小于公布的ICMP生存期的1/3的间隔发送公布。
- Specification that foreign agents SHOULD support reverse tunneling, and home agents MUST support decapsulation of reverse tunnels.
- 国外代理应支持反向隧道的规范,国内代理必须支持反向隧道的去封装。
- Changed the preconfiguration requirements in section 3.6 for the mobile node to reflect the capability, specified in RFC 2794 [6], for the mobile node to identify itself by using its NAI, and then getting a home address from the Registration Reply.
- 更改了第3.6节中对移动节点的预配置要求,以反映RFC 2794[6]中规定的移动节点通过使用其NAI识别自身的能力,然后从注册回复中获取家庭地址。
- Changed section 3.7.3.1 so that a foreign agent is not required to discard Registration Replies that have a Home Address field that does not match any pending Registration Request.
- 更改了第3.7.3.1节,因此外国代理无需放弃注册回复,因为其家庭地址字段与任何待决注册请求不匹配。
- Allowed registrations to be authenticated by use of a security association between the mobile node and a suitable authentication entity acceptable to the home agent. Defined "Authorization-enabling Extension" to be an authentication extension that makes a registration message acceptable to the recipient. This is needed according to specification in [6].
- 允许通过使用移动节点和归属代理可接受的适当认证实体之间的安全关联来认证注册。将“授权启用扩展”定义为使收件人可以接受注册邮件的身份验证扩展。根据[6]中的规范,这是必需的。
- Mandated that HMAC-MD5 be used instead of the "prefix+suffix" mode of MD5 as originally mandated in RFC 2002.
- 要求使用HMAC-MD5,而不是RFC 2002中最初规定的MD5的“前缀+后缀”模式。
- Specified that the mobile node SHOULD take the first care-of address in a list offered by a foreign agent, and MAY try each subsequent advertised address in turn if the attempted registrations are rejected by the foreign agent
- 指定移动节点应采用由外部代理提供的列表中的第一个转交地址,并且如果尝试的注册被外部代理拒绝,则移动节点可以依次尝试每个后续的广告地址
- Clarification that a mobility agent SHOULD only put its own addresses into the initial (i.e., not mobility-related) list of routers in the mobility advertisement. RFC 2002 suggests that a mobility agent might advertise other default routers.
- 说明移动代理只应将其自己的地址放入移动广告中路由器的初始(即,与移动无关)列表中。RFC 2002建议移动代理可能会宣传其他默认路由器。
- Specification that a mobile node MUST ignore reserved bits in Agent Advertisements, as opposed to discarding such advertisements. In this way, new bits can be defined later, without affecting the ability for mobile nodes to use the advertisements even when the newly defined bits are not understood. Furthermore, foreign agents can set the `R' bit to make sure that new bits are handled by themselves instead of some legacy mobility agent.
- 指定移动节点必须忽略代理播发中的保留位,而不是丢弃此类播发。这样,可以稍后定义新比特,而不影响移动节点使用广告的能力,即使在不理解新定义的比特时也是如此。此外,外国代理可以设置“R”位,以确保新位由自己而不是某些遗留移动代理处理。
- Specification that the foreign agent checks to make sure that the indicated home agent address does not belong to any of its network interfaces before relaying a Registration Request. If
- 在中继注册请求之前,外部代理检查以确保指示的归属代理地址不属于其任何网络接口的规范。如果
the check fails, and the foreign agent is not the mobile node's home agent, then the foreign agent rejects the request with code 136 (unknown home agent address).
检查失败,并且外部代理不是移动节点的归属代理,然后外部代理拒绝代码为136(未知归属代理地址)的请求。
- Specification that, while they are away from the home network, mobile nodes MUST NOT broadcast ARP packets to find the MAC address of another Internet node. Thus, the (possibly empty) list of Router Addresses from the ICMP Router Advertisement portion of the message is not useful for selecting a default router, unless the mobile node has some means not involving broadcast ARP and not specified within this document for obtaining the MAC address of one of the routers in the list. Similarly, in the absence of unspecified mechanisms for obtaining MAC addresses on foreign networks, the mobile node MUST ignore redirects to other routers on foreign networks.
- 当移动节点远离家庭网络时,不得通过广播ARP数据包来查找另一个互联网节点的MAC地址。因此,来自消息的ICMP路由器广告部分的路由器地址的(可能为空)列表对于选择默认路由器不有用,除非移动节点具有一些不涉及广播ARP且在本文档中未指定用于获取列表中的路由器之一的MAC地址的手段。类似地,在没有用于在外部网络上获取MAC地址的未指定机制的情况下,移动节点必须忽略到外部网络上的其他路由器的重定向。
- Specification that a foreign agent MUST NOT use broadcast ARP for a mobile node's MAC address on a foreign network. It may obtain the MAC address by copying the information from an Agent Solicitation or a Registration Request transmitted from a mobile node.
- 外部代理不得在外部网络上对移动节点的MAC地址使用广播ARP的规范。它可以通过复制来自代理请求或从移动节点发送的注册请求的信息来获得MAC地址。
- Specification that a foreign agent's ARP cache for the mobile node's IP address MUST NOT be allowed to expire before the mobile node's visitor list entry expires, unless the foreign agent has some way other than broadcast ARP to refresh its MAC address associated to the mobile node's IP address.
- 在移动节点的访客列表条目到期之前,不得允许外部代理的移动节点IP地址ARP缓存过期的规范,除非外部代理有广播ARP以外的其他方式刷新其与移动节点IP地址相关的MAC地址。
- At the end of section 4.6, clarified that a home agent MUST NOT make any changes to the way it performs proxy ARP after it rejects an invalid deregistration request.
- 在第4.6节末尾,澄清了家乡代理在拒绝无效注销请求后不得对其执行代理ARP的方式进行任何更改。
- In section 4.2.3, specification that multihomed home agents MUST use the the address sent to the mobile node in the home agent field of the registration reply as the source address in the outer IP header of the encapsulated datagram.
- 在第4.2.3节中,多宿家庭代理必须使用注册回复的家庭代理字段中发送给移动节点的地址作为封装数据报外部IP报头中的源地址的规范。
- Inserted 'T' bit into its proper place in the Registration Request message format (section 3.3).
- 将“T”位插入注册请求消息格式中的适当位置(第3.3节)。
- Allowed registration replies to be processed by the mobile node, even in the absence of any Mobile-Home Authentication extension, when containing rejection code by the foreign agent.
- 当包含外部代理的拒绝代码时,允许移动节点处理注册回复,即使没有任何移动家庭身份验证扩展。
- Specification that the foreign agent MAY configure a maximum number of pending registrations that it is willing to maintain (typically 5). Additional registrations SHOULD then be rejected by the foreign agent with code 66. The foreign agent MAY delete any pending Registration Request after the request has been pending for more than 7 seconds; in this case, the foreign agent SHOULD reject the Request with code 78 (registration timeout).
- 外部代理可以配置其愿意维护的最大未决注册数的规范(通常为5)。然后,代码为66的外国代理应拒绝额外注册。外国代理可以在请求被挂起超过7秒后删除任何挂起的注册请求;在这种情况下,外部代理应拒绝代码为78(注册超时)的请求。
- Relaxation of the requirement that, when a mobile node has joined a multicast group at the router on the foreign network, the mobile node MUST use its home address as the source IP address for multicast packets,
- 放宽了以下要求:当移动节点已加入外部网络路由器上的多播组时,移动节点必须使用其家庭地址作为多播数据包的源IP地址,
- Clarification that a mobility agent MAY use different settings for each of the 'R', 'H', and 'F' bits on different network interfaces.
- 说明移动代理可以对不同网络接口上的每个“R”、“H”和“F”位使用不同的设置。
- Replacement of the terminology "recursive tunneling" by the terminology "nested tunneling".
- 将术语“递归隧道”替换为术语“嵌套隧道”。
- Specification that the mobile node MAY use the IP source address of an agent advertisement as its default router address.
- 移动节点可以使用代理广告的IP源地址作为其默认路由器地址的规范。
- Clarification that keys with arbitrary binary values MUST be supported as part of mobility security associations.
- 说明具有任意二进制值的密钥必须作为移动安全关联的一部分得到支持。
- Specification that the default value may be chosen as 7 seconds, for allowable time skews between a home agent and mobile node using timestamps for replay protection. Further specification that this value SHOULD be greater than 3 seconds.
- 对于使用时间戳进行重播保护的归属代理和移动节点之间允许的时间偏差,可以将默认值选择为7秒的规范。进一步说明该值应大于3秒。
- Specification that Registration Requests with the 'D' bit set to 0, and specifying a care-of address not offered by the foreign agent, MUST be rejected with code 77 (invalid care-of address).
- “D”位设置为0的注册请求以及指定非由外部代理提供的转交地址的规范必须以代码77(无效转交地址)拒绝。
- Clarification that the foreign agent SHOULD consider its own maximum value when handling the Lifetime field of the Registration Reply.
- 说明在处理注册回复的生存字段时,外部代理应考虑其自身的最大值。
- Clarification that the home agent MUST ignore the 'B' bit (as opposed to rejecting the Registration Request) if it does not support broadcasts.
- 说明如果不支持广播,则归属代理必须忽略“B”位(而不是拒绝注册请求)。
- Advice about the impossibility of using dynamic home agent discovery in the case when routers change the IP destination address of a datagram from a subnet-directed broadcast address to 255.255.255.255 before injecting it into the destination subnet.
- 当路由器将数据报的IP目标地址从子网定向广播地址更改为255.255.255.255,然后再将其注入目标子网时,关于不可能使用动态归属代理发现的建议。
- Clarified that when an Agent Advertisement is unicast to a mobile node, the specific IP home address of a mobile node MAY be used as the destination IP address.
- 澄清了当代理广告单播到移动节点时,移动节点的特定IP归属地址可以用作目的地IP地址。
- Included a reference to RFC 2290 within appendix B, which deals with PPP operation.
- 附录B中包含了对RFC 2290的参考,其中涉及PPP运营。
- Created IANA Considerations section
- 创建IANA注意事项部分
- In section 3.8.3, clarified that a home agent SHOULD arrange the selection of a home address for a mobile node when the Registration Reply contains a zero Home Address.
- 在第3.8.3节中,澄清了当注册回复包含零家庭地址时,家庭代理应为移动节点安排家庭地址的选择。
This section lists the changes between this version (...-06.txt) and the previous version (...-04.txt) of the document. This section can be deleted by the RFC editor.
本节列出了文档的此版本(…-06.txt)和以前版本(…-04.txt)之间的更改。RFC编辑器可以删除此部分。
- Noted that HMAC-MD5 should be considered for use in place of the "prefix+suffix" mode of MD5 as originally mandated in RFC 2002.
- 注意,应考虑使用HMAC-MD5代替RFC 2002中最初规定的MD5的“前缀+后缀”模式。
- Included a reference to RFC 2290 within appendix B, which deals with PPP operation.
- 附录B中包含了对RFC 2290的参考,其中涉及PPP运营。
- Revamped IANA Considerations section
- 改进的IANA注意事项部分
- Revamped Changes section
- 修订更改组
- Replaced Patents section with wording mandated from RFC 2026.
- 用RFC 2026规定的措辞替换专利部分。
- Updated citations.
- 更新引文。
H. Example Messages
H.示例信息
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num Addrs |Addr Entry Size| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router Address[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preference Level[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router Address[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preference Level[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 16 | Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Extensions :
: .... ...... ...... :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Code | Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Num Addrs |Addr Entry Size| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router Address[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preference Level[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Router Address[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Preference Level[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 16 | Length | Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Registration Lifetime |R|B|H|F|M|G|r|T| reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address[1] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address[2] |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| .... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Extensions :
: .... ...... ...... :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The UDP header is followed by the Mobile IP fields shown below:
UDP标头后面是移动IP字段,如下所示:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 1 |S|B|D|M|G|r|T|x| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional Non-Auth Extensions for HA ... |
| ( variable length ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =32 | Length | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI (cont..) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
: MN-HA Authenticator ( variable length ) :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Non-Auth Extensions for FA .........
: Optional MN-FA Authentication Extension...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 1 |S|B|D|M|G|r|T|x| Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Care-of Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional Non-Auth Extensions for HA ... |
| ( variable length ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =32 | Length | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI (cont..) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
: MN-HA Authenticator ( variable length ) :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Non-Auth Extensions for FA .........
: Optional MN-FA Authentication Extension...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The UDP header is followed by the Mobile IP fields shown below:
UDP标头后面是移动IP字段,如下所示:
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 3 | Code | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional HA Non-Auth Extensions ... |
| ( variable length ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =32 | Length | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI (cont...) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
: MN-HA Authenticator ( variable length ) :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Extensions used by FA.........
: Optional MN-FA Authentication Extension...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 3 | Code | Lifetime |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Home Agent |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ Identification +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Optional HA Non-Auth Extensions ... |
| ( variable length ) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type =32 | Length | SPI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SPI (cont...) | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
: MN-HA Authenticator ( variable length ) :
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
: Optional Extensions used by FA.........
: Optional MN-FA Authentication Extension...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
References
工具书类
[1] Allman, M., Glover, D. and L. Sanchez, "Enhancing TCP Over Satellite Channels using Standard Mechanisms", BCP 28, RFC 2488, January 1999.
[1] Allman,M.,Glover,D.和L.Sanchez,“使用标准机制增强卫星信道上的TCP”,BCP 28,RFC 2488,1999年1月。
[2] S. M. Bellovin. Security Problems in the TCP/IP Protocol Suite. ACM Computer Communications Review, 19(2), March 1989.
[2] 贝洛文。TCP/IP协议套件中的安全问题。ACM计算机通信评论,19(2),1989年3月。
[3] Border, J., Kojo, M., Griner, J., Montenegro, G. and Z. Shelby, "Performance Enhancing Proxies", RFC 3135, June 2001.
[3] Border,J.,Kojo,M.,Griner,J.,黑山,G.和Z.Shelby,“绩效提升代理”,RFC 31352001年6月。
[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[4] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[5] Ramon Caceres and Liviu Iftode. Improving the Performance of Reliable Transport Protocols in Mobile Computing Environments. IEEE Journal on Selected Areas in Communications, 13(5):850-- 857, June 1995.
[5] Ramon Caceres和Liviu Iftode。提高移动计算环境中可靠传输协议的性能。IEEE通信选定领域杂志,13(5):850-857,1995年6月。
[6] Calhoun P. and C. Perkins, "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, January 2000.
[6] Calhoun P.和C.Perkins,“IPv4移动IP网络访问标识符扩展”,RFC 2794,2000年1月。
[7] Calhoun, P. and C. Perkins, "Mobile IP Foreign Agent Challenge/Response Extension", RFC 3012, December 2000.
[7] Calhoun,P.和C.Perkins,“移动IP外国代理挑战/响应扩展”,RFC3012,2000年12月。
[8] Cong, D., Hamlen, M. and C. Perkins, "The Definitions of Managed Objects for IP Mobility Support using SMIv2", RFC 2006, October 1996.
[8] Cong,D.,Hamlen,M.和C.Perkins,“使用SMIv2的IP移动性支持的托管对象定义”,RFC 2006,1996年10月。
[9] Dawkins, S., Montenegro, G., Kojo, M., Magret, V. and N. Vaidya, "End-to-end Performance Implications of Links with Errors", BCP 50, RFC 3155, August 2001.
[9] Dawkins,S.,黑山,G.,Kojo,M.,Magret,V.和N.Vaidya,“有错误链接的端到端性能影响”,BCP 50,RFC 3155,2001年8月。
[10] Deering, S., "ICMP Router Discovery Messages", RFC 1256, September 1991.
[10] Deering,S.,“ICMP路由器发现消息”,RFC 1256,1991年9月。
[11] Deering, S., "Host Extensions for IP Multicasting", STD 5, RFC 1112, August 1989.
[11] Deering,S.,“IP多播的主机扩展”,STD 5,RFC 1112,1989年8月。
[12] Dommety, G. and K. Leung, "Mobile IP Vendor/Organization-Specific Extensions", RFC 3115, April 2001.
[12] Dommety,G.和K.Leung,“移动IP供应商/特定于组织的扩展”,RFC3115,2001年4月。
[13] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.
[13] Droms,R.,“动态主机配置协议”,RFC 2131,1997年3月。
[14] Eastlake, D., Crocker, S. and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994.
[14] Eastlake,D.,Crocker,S.和J.Schiller,“安全性的随机性建议”,RFC 1750,1994年12月。
[15] Ferguson P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000.
[15] Ferguson P.和D.Senie,“网络入口过滤:击败利用IP源地址欺骗的拒绝服务攻击”,BCP 38,RFC 2827,2000年5月。
[16] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.
[16] Hanks,S.,Li,T.,Farinaci,D.和P.Traina,“通用路由封装(GRE)”,RFC 17011994年10月。
[17] J. Ioannidis. Protocols for Mobile Internetworking. PhD Dissertation - Columbia University in the City of New York, July 1993.
[17] 约阿尼迪斯。移动互联网协议。博士论文-纽约市哥伦比亚大学,1993年7月。
[18] John Ioannidis, Dan Duchamp, and Gerald Q. Maguire Jr. IP-Based Protocols for Mobile Internetworking. In Proceedings of the SIGCOMM '91 Conference: Communications Architectures & Protocols, pages 235--245, September 1991.
[18] John Ioannidis、Dan Duchamp和Gerald Q.Maguire Jr.基于IP的移动互联网协议。《SIGCOMM'91会议记录:通信体系结构和协议》,第235-245页,1991年9月。
[19] John Ioannidis and Gerald Q. Maguire Jr. The Design and Implementation of a Mobile Internetworking Architecture. In Proceedings of the Winter USENIX Technical Conference, pages 489--500, January 1993.
[19] John Ioannidis和Gerald Q.Maguire Jr.移动互联网架构的设计和实现。《冬季USENIX技术会议记录》,第489-500页,1993年1月。
[20] Jacobson, V., "Compressing TCP/IP headers for low-speed serial links", RFC 1144, February 1990.
[20] Jacobson,V.,“压缩低速串行链路的TCP/IP头”,RFC 1144,1990年2月。
[21] Jacobson, V., "Congestion Avoidance and Control. In Proceedings, SIGCOMM '88 Workshop, pages 314--329. ACM Press, August 1988. Stanford, CA.
[21] Jacobson,V.,《拥塞避免和控制》,载于SIGCOMM'88研讨会论文集,第314-329页,ACM出版社,1988年8月,加利福尼亚州斯坦福。
[22] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, November 1998.
[22] Kent,S.和R.Atkinson,“IP认证头”,RFC 2402,1998年11月。
[23] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[23] Krawczyk,H.,Bellare,M.和R.Canetti,“HMAC:用于消息身份验证的键控哈希”,RFC2104,1997年2月。
[24] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.
[24] McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 28632000年6月。
[25] McGregor, G., "The PPP Internet Protocol Control Protocol (IPCP)", RFC 1332, May 1992.
[25] McGregor,G.“PPP互联网协议控制协议(IPCP)”,RFC 1332,1992年5月。
[26] Mills, D., "Network Time Protocol (Version 3) Specification, Implementation", RFC 1305, March 1992.
[26] Mills,D.,“网络时间协议(版本3)规范,实施”,RFC13051992年3月。
[27] Montenegro, G., "Reverse Tunneling for Mobile IP (revised)", RFC 3024, January 2001.
[27] 黑山G.“移动IP反向隧道(修订版)”,RFC 30242001年1月。
[28] Montenegro, G., Dawkins, S., Kojo, M., Magret, V. and N. Vaidya, "Long Thin Networks", RFC 2757, January 2000.
[28] 黑山,G.,道金斯,S.,科乔,M.,马格雷特,V.和N.瓦迪亚,“细长网络”,RFC 2757,2000年1月。
[29] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for Mobile IP", RFC 2356, June 1998.
[29] 黑山,G.和V.Gupta,“Sun的移动IP跳过防火墙穿越”,RFC 2356,1998年6月。
[30] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", RFC 2434, October 1998.
[30] Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,RFC 2434,1998年10月。
[31] Paxson, V. and M. Allman, "Computing TCP's Retransmission Timer", RFC 2988, November 2000.
[31] Paxson,V.和M.Allman,“计算TCP的重传计时器”,RFC 2988,2000年11月。
[32] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.
[32] Perkins,C.,“IP内的IP封装”,RFC 2003,1996年10月。
[33] Perkins, C., "IP Mobility Support", RFC 2002, October 1996.
[33] Perkins,C.,“IP移动支持”,RFC 2002,1996年10月。
[34] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October 1996.
[34] Perkins,C.,“IP内的最小封装”,RFC 2004,1996年10月。
[35] Perkins, C. and P. Calhoun, "AAA Registration Keys for Mobile IP", Work in Progress, July 2001.
[35] Perkins,C.和P.Calhoun,“移动IP的AAA注册密钥”,正在进行的工作,2001年7月。
[36] Plummer, D., "Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware", STD 37, RFC 826, November 1982.
[36] Plummer,D.,“以太网地址解析协议:或将网络协议地址转换为48位以太网地址,以便在以太网硬件上传输”,STD 37,RFC 826,1982年11月。
[37] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.
[37] Postel,J.,“用户数据报协议”,STD 6,RFC 768,1980年8月。
[38] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.
[38] Postel,J.,“互联网协议”,STD 5,RFC 7911981年9月。
[39] Postel, J., "Multi-LAN Address Resolution", RFC 925, October 1984.
[39] Postel,J.,“多局域网地址解析”,RFC 925,1984年10月。
[40] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.
[40] Reynolds,J.和J.Postel,“分配的数字”,标准2,RFC 1700,1994年10月。
[41] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.
[41] Rivest,R.,“MD5消息摘要算法”,RFC1321,1992年4月。
[42] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994.
[42] 辛普森,W.,“点对点协议(PPP)”,STD 51,RFC 1661994年7月。
[43] Solomon, J., "Applicability Statement for IP Mobility Support" RFC 2005, October 1996.
[43] Solomon,J.,“IP移动性支持的适用性声明”,RFC 2005,1996年10月。
[44] Solomon J. and S. Glass, "Mobile-IPv4 Configuration Option for PPP IPCP", RFC 2290, February 1998.
[44] Solomon J.和S.Glass,“PPP IPCP的移动IPv4配置选项”,RFC 2290,1998年2月。
[45] Stevens, W., "TCP/IP Illustrated, Volume 1: The Protocols" Addison-Wesley, Reading, Massachusetts, 1994.
[45] Stevens,W.,“TCP/IP图解,第1卷:协议”,Addison Wesley,雷丁,马萨诸塞州,1994年。
Authors' Addresses
作者地址
The working group can be contacted via the current chairs:
可通过现任主席联系工作组:
Basavaraj Patil Nokia 6000 Connection Dr. Irving, TX. 75039 USA
Basavaraj Patil诺基亚6000连接德克萨斯州欧文博士,美国75039
Phone: +1 972-894-6709
EMail: Basavaraj.Patil@nokia.com
Phone: +1 972-894-6709
EMail: Basavaraj.Patil@nokia.com
Phil Roberts Megisto Corp. Suite 120 20251 Century Blvd Germantown MD 20874 USA
Phil Roberts Megisto公司美国马里兰州日耳曼镇世纪大道120号20251室20874
Phone: +1 847-202-9314
EMail: PRoberts@MEGISTO.com
Phone: +1 847-202-9314
EMail: PRoberts@MEGISTO.com
Questions about this memo can also be directed to the editor:
有关本备忘录的问题也可直接向编辑提出:
Charles E. Perkins Communications Systems Lab Nokia Research Center 313 Fairchild Drive Mountain View, California 94043 USA
Charles E.Perkins通信系统实验室诺基亚研究中心313 Fairchild Drive Mountain View,加利福尼亚94043
Phone: +1-650 625-2986
EMail: charliep@iprg.nokia.com
Fax: +1 650 625-2502
Phone: +1-650 625-2986
EMail: charliep@iprg.nokia.com
Fax: +1 650 625-2502
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。