Cisco Cisco Packet Data Gateway (PDG) Ratgeber Für Administratoren
Service Configuration Procedures
▀ Session Continuity Support
▄ Cisco ASR 5x00 Home Agent Administration Guide
70
Session Continuity Support
This section describes the procedure to enable the mobility for WiMAX subscriber and other access technology
subscribers; i.e. 3GPP2. WiMAX HA implementation differs from 3GPP2 on the keys used to authenticate MN-HA and
FA-HA AE in MIP RRQ. WiMAX HA involves using dynamic keys distributed by AAA for authenticating RRQ.
subscribers; i.e. 3GPP2. WiMAX HA implementation differs from 3GPP2 on the keys used to authenticate MN-HA and
FA-HA AE in MIP RRQ. WiMAX HA involves using dynamic keys distributed by AAA for authenticating RRQ.
Following WiMAX support is provided for MIP keys management and WiMAX HA support:
MIPv4 support
Managing MIP Key distribution from AAA
Registration Revocation
MIPv4 RRQ with NAI extension
Support of GRE key extension of CVSE in RRP
MIPv4 Registration
For MIP registration HA uses the following extensions:
MN-NAI Extension
MN-HA AE
Revocation Support Extension
FA-HA AE
The MIP client includes the same NAI in all MIP RRQs it sends for the entire duration of the MIP session regardless of
EAP re-authentication, including MIP renewal and de-registration messages. The MN-HA and FA-HA keys based on
WiMAX VSA from AAA is used to authenticate the RRQ and compute authenticator in RRP.
EAP re-authentication, including MIP renewal and de-registration messages. The MN-HA and FA-HA keys based on
WiMAX VSA from AAA is used to authenticate the RRQ and compute authenticator in RRP.
Authentication algorithm used to authenticate MN-HA and FA-HA AE is HMAC-MD5. If renew/dereg RRQ is
received, authentication with AAA will happen only if SPI value for authentication extension in RRQ changes. If SPI
returned by AAA is different from the requested one, the RRQ will be rejected. Both MN-HA and FA-HA AE are
expected in MIP RRQ for WiMAX calls.
received, authentication with AAA will happen only if SPI value for authentication extension in RRQ changes. If SPI
returned by AAA is different from the requested one, the RRQ will be rejected. Both MN-HA and FA-HA AE are
expected in MIP RRQ for WiMAX calls.
The following describes the processing of different requests for HA support:
Processing Access-Request: When initial MIP RRQ is received, HA authenticates with AAA to get the MIP
Keys (MN-HA and HA-RK) required to authenticate MIP RRQ.
Processing Access-Accept: In the Access Accept, MIP Keys MN-HA and HA-RK (if requested) is received.
MN-HA key is maintained for each subscriber session and FA-HA key is computed based on HA-RK
maintained per HA.
maintained per HA.
All the attributes (HA-RK-KEY, HA-RK-SPI, and HA-RK-Lifetime) must be returned if HA-RK key is requested for
the HA-RK info in Access Accept to be valid.
the HA-RK info in Access Accept to be valid.
Message Authenticator will be included in Access request and Accept packets for integrity protection of RADIUS
packets and is mandatory.
packets and is mandatory.
MIPv4 Revocation: MIP Revocation is supported as per RFC 3543 and it uses FA-HA keys fetched dynamically
from AAA during MIP registration.
Apart from these processing, HA provides following function applicable to WiMAX HA.
Functional Level Description: HA retrieves the MIP Keys dynamically from AAA to authenticate the RRQ.
Authentication of MIP RRQ in WiMAX HA: When a MIP RRQ is received HA authenticates the user with
AAA for both P-MIP and C-MIP call to get the MIP Keys.