MCoA / DSMIPv6 implementation for UMIP

Back to index

Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Overview

Toyota InfoTechnology Center, USA, Inc. has contributed an implementation of Multiple Care-of Addresses Registration (MCoA, RFC5648) and Dual Stack Mobile IPv6 (DSMIPv6, RFC5555). It is available under the GPLv2 license.

It is available as a kernel patch (for version 3.8.2 and version 3.10.24) and a patch for UMIP v1.0. Below are some explanations to build a MCoA and DSMIPv6-ready kernel and UMIP userland. Sample configuration files for UMIP are also provided.

Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Build a DSMIPv6 and MCoA-ready Kernel

The procedure to build a DSMIPv6 and MCoA-ready is quite similar to the one explained in the UMIP installation document except that you need to patch the kernel and enable a couple of additional kernel options. We provide a kernel patch for kernel versions 3.8.2 and 3.10.24.

Follow the instructions explained in the UMIP installation document until you have uncompressed the kernel sources. Then, download the kernel patch and apply it to the sources as explained below. For kernel version 3.8.2:

# cd linux-3.8.2/
# wget http://umip.org/contrib/patchs/linux-3.8.2-mcoa-dsmip6-20130821.patch
# patch -p1 < linux-3.8.2-mcoa-dsmip6-20130821.patch

For kernel version 3.10.24:

# cd linux-3.10.24/
# wget http://umip.org/contrib/patchs/linux-3.10.24-mcoa-dsmip6-20131212.patch
# patch -p1 < linux-3.10.24-mcoa-dsmip6-20131212.patch

At the Kernel option configuration step, you will have to enable additional options. Set them as static, NOT as modules:

-*- Networking support  --->
    Networking options  --->
    --> IP: UDP Encapsulation transformation
    --> UDP Encapsulation transformation - NAT Traversal support

Also, in order to support policy routing and other iptables/ip6tables features used later in this document, you need to enable the Netfilter framework, and particularly the MARK and TCPMSS target support.

-*- Networking support  --->
    Networking options  --->
    [*] Network packet filtering framework (Netfilter)  --->
        [*] Advanced netfilter configuration
            Core Netfilter Configuration  --->
            <M>   "MARK" target support
            <M>   "TCPMSS" target support

You can then proceed as usual with the kernel compilation and installation.

Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Compiling UMIP with MCoA and DSMIPv6 support

First, you need to retrieve the UMIP sources from our umip.git repository:

$ git clone git://git.umip.org/umip.git

The MCoA/DSMIPv6 patch applies on top of UMIP v1.0. You first need to checkout this tag, then you can retrieve the patch file and apply it to the UMIP sources:

$ cd umip/
$ git checkout v1.0
$ wget http://umip.org/contrib/patchs/umip-1.0-mcoa-dsmip6.patch
$ patch -p1 < umip-1.0-mcoa-dsmip6.patch

You can now compile UMIP as usual (check the UMIP installation document for more details):

$ autoreconf -i 
$ CPPFLAGS='-isystem /usr/src/linux/usr/include/' ./configure --enable-vt
$ make
# make install
Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Configuration

Sample Topology

The configuration files proposed in this document are based on the UMIP NEMO testbed that is described in the NEMO documentation.

Figure of HA and MR

The HA requires a public IPv4 address, either on the existing interface connected to the internet (here: eth1), or on a new interface connected to the Internet.

The mobile network is connected to the eth1 interface of the MR (it is called the ingress interface). The MR advertises a prefix (called the Mobile Network Prefix, MNP) in his mobile network. In our testbed, this MNP is 2001:db8:ffff:ff01::/64. The MR also configures an address on its ingress interface (2001:db8:ffff:ff01::1).

In addition, the MR can also have an IPv4 MNP. Here, we will use private addresses (the HA will act as a NAT). In the configuration files below, the MR uses the 10.10.100.0/24 IPv4 MNP.

Home Agent (HA)

Below is a sample HA configuration file. It is based on the one provided in the the NEMO documentation.

# Sample UMIP configuration file for a 
# NEMO, DSMIPv6 and MCoA-enabled Home Agent 
NodeConfig HA;

# Set DebugLevel to 0 if you do not want debug messages
DebugLevel 10;

# Replace eth0 with the interface connected to the home link
Interface "eth0";

# Accept registrations from Mobile Routers
HaAcceptMobRtr enabled;

# Accept MCoA and DSMIPv6 registrations
HaAcceptMCoA enabled;
HaAcceptDsmip6 enabled;

# Home Agent IPv4 public address.
# Replace 'x.y.z.w' with your public HA IPv4 address 
HomeAgentV4Address x.y.z.w;

# Accept IPv4 traffic from the MR
HaAcceptIPv4Traffic enabled;

# Binding informations
# 10.10.10.100 is the (private) IPv4 HoA of the MR. It is required
# in the configuration but it is not used yet by the implementation.
# 10.10.100.0/24 is the private IPv4 MNP delegated to the Mobile Network.
BindingAclPolicy 2001:db8:ffff:0::1 (2001:db8:ffff:ff01::/64) 10.10.10.100 (10.10.100.0/24) MCoA allow;
DefaultBindingAclPolicy allow;

# Disable IPsec. It is not compatible with MCoA and DSMIPv6.
UseMnHaIPsec disabled;
KeyMngMobCapability disabled;

Before starting mip6d, the HA needs to perform a few operations. Below is a sample script, see the comments for more information:

#!/bin/bash
# MCoA/DSMIPv6 HA pre-startup script

# HA IPv4 public address and interface. Replace 'x.y.z.w' with 
# your public HA IPv4 address and 'eth0' with the interface on 
# which the public IPv4 address is set:
HA_IP4_ADDR=x.y.z.w
HA_IP4_IFACE=eth1

# If you use IPv4 MNPs with private prefixes, you need to create 
# a NAT at the HA:
/sbin/iptables -t nat -A POSTROUTING -o ${HA_IP4_IFACE} -j SNAT --to ${HA_IP4_ADDR}

# DSMIPv6 requires the sysctl rp_filter values to be set to 0,
# because IPv4-in-IPv6 packets would be dropped otherwise when the
# IPv4 packet is inspected. Also, you need to activate IPv4 and
# IPv6 forwarding:
sysctl -w net.ipv4.conf.default.rp_filter=0
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

# You can then start radvd and mip6d as usual.
## EOF

You can then start UMIP as usual.

Mobile Router (MR)

Below is a sample MR configuration file. It is based on the one provided in the the NEMO documentation.

# Sample UMIP configuration file for a 
# NEMO, DSMIPv6 and MCoA-enabled Mobile Router
NodeConfig MN;

# Set DebugLevel to 0 if you do not want debug messages
DebugLevel 10;

# Enable the optimistic handovers
OptimisticHandoff enabled;

# The Binding Lifetime (in sec.)
MnMaxHaBindingLife 60;

# Disable RO
DoRouteOptimizationCN disabled;
DoRouteOptimizationMN disabled;
UseCnBuAck disabled;
MnDiscardHaParamProb enabled;

# Enable DSMIPv6 
MnUseDsmip6 enabled;

# Enable the use of IPv4 traffic
# inside the mobile network.
MnUseIPv4Traffic enabled;

# Use NEMO Explicit Mode
MobRtrUseExplicitMode enabled;

# List here the interfaces that you will use 
# on your mobile node. All of the interfaces will 
# be used at the same time (with MCoA).
Interface "eth0" {
    MnIfPreference 1;
    # You can use the integrated DHCPv4 client by 
    # un-commenting the below line, or simply use 
    # an external DHCPv4 client.  
    #UseDhcp enabled;
    # BID of the interface
    Bid 10;
}
Interface "wlan0" {
    MnIfPreference 2;
    # BID of the interface
    Bid 20;
}

# Replace eth0 with one of your interface used on
# your mobile node.
MnHomeLink "eth0" {
    IsMobRtr enabled;
    HomeAgentAddress 2001:db8:ffff:0::1000;
    HomeAddress 2001:db8:ffff:0::1/64 (2001:db8:ffff:ff01::/64);

    # Enable MCoA and register the interfaces used for MCoA
    # Replace eth0 and wlan0 with your egress interface names.
    MCoAReg enabled;
    MCoAIface "eth0", "wlan0";

    # DSMIPv6 - The IPv4 parameters must be statically set. Put 
    # here the IPv4 HoA and IPv4 MNP if any. 
    HomeV4Address 10.10.10.100/24 (10.10.100.0/24);
}

# Disable IPsec. It is not compatible with MCoA and DSMIPv6.
UseMnHaIPsec disabled;
KeyMngMobCapability disabled;

Before starting mip6d, the MR needs to perform a few operations. Below is a sample script, see the comments for more information:

#!/bin/bash
# MCoA/DSMIPv6 MR pre-startup script

# Interface definition. Replace the interface
# names with yours.
EGRESS1=eth0
EGRESS2=wlan0
INGRESS=eth1

# If you use an IPv4 MNP in your mobile network, you should set
# the MSS to 1200 for every IPv4 TCP packets on each of the egress
# interface of the MR (because of the multiple levels of 
# encapsulation). Change the interface name with yours and execute
# the below command for each of your egress interface:
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
         -o ${EGRESS1} -j TCPMSS --set-mss 1200
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN \
         -o ${EGRESS2} -j TCPMSS --set-mss 1200

# DSMIPv6 needs an IPv4 default route, we add it to the ingress
# interface:
/sbin/ip route add default dev ${INGRESS}

# DSMIPv6 requires the sysctl rp_filter values to be set to 0,
# because IPv4-in-IPv6 packets would be dropped otherwise when the
# IPv4 packet is inspected. Also, you need to activate IPv4 and
# IPv6 forwarding:
sysctl -w net.ipv4.conf.default.rp_filter=0
sysctl -w net.ipv4.conf.all.rp_filter=0
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

# If you use an IPv4 MNP, you may also want to configure an IPv4 
# address on the MR ingress interface, and start a DHCPv4 server
# on the MR. You can then start radvd and mip6d as usual.
## EOF

You can then start UMIP as usual.

Routing Policies

MCoA allows you to define routing policies and send traffic via a selected MR-HA tunnel. You can easily enforce such policies using the Netfilter framework with the ip6tables command.

For example, on the MR side:

#!/bin/sh

# Flush the mangle table
ip6tables -F -t mangle

# MNP and HOA information
MNP=2001:db8:ffff:ff01::/64
HOA=2001:db8:ffff:0::1

# Send all ICMPv6 traffic from the MNP via the interface which BID is 20:
ip6tables -A OUTPUT -t mangle -s ${MNP} -p icmpv6 -j MARK --set-mark 20
ip6tables -A PREROUTING -t mangle -s ${MNP} -p icmpv6 -j MARK --set-mark 20

# Send all ICMPv6 traffic from the HoA via the interface which BID is 10:
ip6tables -A OUTPUT -t mangle -s ${HOA} -p icmpv6 -j MARK --set-mark 10
ip6tables -A PREROUTING -t mangle -s ${HOA} -p icmpv6 -j MARK --set-mark 10

On the HA side, you need to enforce symmetric policies in order to make sure that the flow will use the same path on both ways. Here, we simply replace -s with -d:

#!/bin/sh

# Flush the mangle table
ip6tables -F -t mangle

# MNP and HOA information
MNP=2001:db8:ffff:ff01::/64
HOA=2001:db8:ffff:0::1

# Send all ICMPv6 traffic to the MNP via the interface which BID is 20:
ip6tables -A OUTPUT -t mangle -d ${MNP} -p icmpv6 -j MARK --set-mark 20
ip6tables -A PREROUTING -t mangle -d ${MNP} -p icmpv6 -j MARK --set-mark 20

# Send all ICMPv6 traffic to the HoA via the interface which BID is 10:
ip6tables -A OUTPUT -t mangle -d ${HOA} -p icmpv6 -j MARK --set-mark 10
ip6tables -A PREROUTING -t mangle -d ${HOA} -p icmpv6 -j MARK --set-mark 10
Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Known Limitations

This section lists the known limitations of the implementation. If you face a bug or want to submit a patch to fix those limitations, you can send a mail on our support mailing list.

At the moment, only a single MR can be located behind the same NAT. The DSMIPv6 standard (RFC5555) specifies that the UDP port allocated for the Home Agent is 4191. However, the port on the MR side should be chosen randomly, which is not the case in the current implementation (port number 4191 is also always used on the MR side). Because of that, the Access Points that performs stateful NAT based on the IP address and port number will have an issue to route incoming packets to the correct MR, when there are more than one MR behind the same NAT. In order to fix this issue, one must:

Overview   Kernel   UMIP   Configuration   Limitations   Changelog

Changelog