Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
Service Configuration Procedures
Session Continuity Support ▀
Cisco ASR 5000 Series Access Service Network Gateway Administration Guide ▄
OL-22953-01
Session Continuity Support
This section describes how to enable the mobility for WiMAX and other access technology subscribers. WiMAX HA
implementation differs from 3GPP2 on the keys used to authenticate MN-HA and FA-HA AE in MIP RRQ. WiMAX
HA involves using dynamic keys distributed by AAA for authenticating RRQ.
implementation differs from 3GPP2 on the keys used to authenticate MN-HA and FA-HA AE in MIP RRQ. WiMAX
HA involves using dynamic keys distributed by AAA for authenticating RRQ.
The following WiMAX support is provided for MIP keys management and WiMAX HA support:
MIPv4 support
Managing MIP Key distribution from AAA
Registration Revocation
MIPv4 RRQ with NAI extension
Support of GRE key extension of CVSE in RRP
MIPv4 Registration
For MIP registration HA uses following extensions:
MN-NAI Extension
MN-HA AE
Revocation Support Extension
FA-HA AE
The MIP client includes the same NAI in all MIP RRQs it sends for the entire duration of the MIP session, regardless of
EAP re-authentication. This includes MIP renewal and de-registration messages. The MN-HA and FA-HA keys based
on WiMAX VSA from AAA is used to authenticate the RRQ and the compute authenticator in RRP.
EAP re-authentication. This includes MIP renewal and de-registration messages. The MN-HA and FA-HA keys based
on WiMAX VSA from AAA is used to authenticate the RRQ and the compute authenticator in RRP.
The authentication algorithm for MN-HA and FA-HA AE is HMAC-MD5. If a renew/dereg RRQ message is received,
AAA authentication occurs only if the SPI value for the authentication extension in the RRQ changes. If the SPI
returned by AAA is different from the requested one, the RRQ is rejected. Both MN-HA and FA-HA AE are expected
in MIP RRQ for WiMAX calls.
AAA authentication occurs only if the SPI value for the authentication extension in the RRQ changes. If the SPI
returned by AAA is different from the requested one, the RRQ is rejected. Both MN-HA and FA-HA AE are expected
in MIP RRQ for WiMAX calls.
Following is the description of how different requests for HA support are processed.
Processing Access-Request: When the initial MIP RRQ is received, HA authenticates with AAA to get the MIP
Keys (MN-HA and HA-RK) required to authenticate MIP RRQ.
Processing Access-Accept: In the Access Accept, MIP Keys MN-HA and HA-RK (if requested) are received.
The MN-HA key is maintained for each subscriber session and the FA-HA key is computed based on HA-RK
maintained per HA.
maintained per HA.
All of the attributes (HA-RK-KEY, HA-RK-SPI, and HA-RK-Lifetime) must be returned in the requested HA-RK key
for the HA-RK information in the Access Accept to be valid.
for the HA-RK information in the Access Accept to be valid.
The mandatory Message Authenticator is included in the Access request and Accept packets for the integrity protection
of RADIUS packets.
of RADIUS packets.
MIPv4 Revocation: MIP Revocation is supported as per RFC 3543. It uses FA-HA keys fetched dynamically
from AAA during MIP registration.
Apart from these processes, HA provides the following function applicable to WiMAX HA.
Functional Level Description: HA retrieves the MIP Keys dynamically from AAA to authenticate the RRQ.