[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits] [IPR]

Versions: 02 05 06 07 08 09 10 11 12 13 14 15 16 17 RFC 2002

Internet Engineering Task Force                       C. Perkins, editor
INTERNET DRAFT                                                       IBM
                                                          4 January 1995


                          IP Mobility Support
                  draft-ietf-mobileip-protocol-08.txt


Abstract

   This document specifies protocol enhancements that allow transparent
   routing of IP datagrams to mobile nodes in the Internet.  Each
   mobile node is always identified by its home address, regardless of
   its current point of attachment to the Internet.  While situated
   away from its home, a mobile node is also associated with a
   care-of address, which provides information about its current point
   of attachment to the Internet.  The protocol provides for registering
   the care-of address with a home agent.  The home agent sends traffic
   destined for the mobile node through a tunnel to the care-of address.


Status of This Memo

   This document is a submission by the Mobile-IP Working Group of the
   Internet Engineering Task Force (IETF). Comments should be submitted
   to the mobile-ip@sunroof.eng.sun.com mailing list.

   Distribution of this memo is unlimited.

   This document is an Internet-Draft.  Internet Drafts are working
   documents of the Internet Engineering Task Force (IETF), its Areas,
   and its Working Groups.  Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months, and may be updated, replaced, or obsoleted by other documents
   at any time.  It is not appropriate to use Internet Drafts as
   reference material, or to cite them other than as a ``working draft''
   or ``work in progress.''

   To learn the current status of any Internet-Draft, please check
   the ``1id-abstracts.txt'' listing contained in the internet-drafts
   Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net
   (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific
   Rim).








Perkins, editor               Expires 4 July 1995               [Page i]


Internet Draft            IP Mobility Support             4 January 1995




                                Contents



Abstract                                                               i

Status of This Memo                                                    i

 1. Introduction                                                       1
     1.1. Requirements  . . . . . . . . . . . . . . . . . . . . . .    2
     1.2. Goals . . . . . . . . . . . . . . . . . . . . . . . . . .    2
     1.3. Assumptions . . . . . . . . . . . . . . . . . . . . . . .    3
     1.4. Specification Language  . . . . . . . . . . . . . . . . .    3
     1.5. Terminology . . . . . . . . . . . . . . . . . . . . . . .    4

 2. Agent Discovery                                                    6
     2.1. Agent Solicitation  . . . . . . . . . . . . . . . . . . .    6
     2.2. Agent Advertisement . . . . . . . . . . . . . . . . . . .    7

 3. Registration                                                       9
     3.1. Authentication  . . . . . . . . . . . . . . . . . . . . .    9
     3.2. Registration Request  . . . . . . . . . . . . . . . . . .   10
     3.3. Registration Reply  . . . . . . . . . . . . . . . . . . .   12

 4. Mobility Message Extensions                                       14
     4.1. Mobility Extension  . . . . . . . . . . . . . . . . . . .   15
     4.2. Key Identifier Extension  . . . . . . . . . . . . . . . .   16
     4.3. Mobile-Home Authentication Extension  . . . . . . . . . .   17
     4.4. Mobile-Foreign Authentication Extension . . . . . . . . .   17
     4.5. Foreign-Home Authentication Extension . . . . . . . . . .   18
     4.6. Minimal Encapsulation Extension . . . . . . . . . . . . .   18

 5. Forwarding Datagrams to the Mobile Node                           20
     5.1. IP in IP Encapsulation  . . . . . . . . . . . . . . . . .   20
     5.2. Minimal Encapsulation . . . . . . . . . . . . . . . . . .   20

 6. Mobile Node Considerations                                        23
     6.1. Configuration and Registration Tables . . . . . . . . . .   23
     6.2. Registration When Away From Home  . . . . . . . . . . . .   23
     6.3. Registration without a foreign agent  . . . . . . . . . .   24
     6.4. De-registration When At Home  . . . . . . . . . . . . . .   25
     6.5. Registration Replies  . . . . . . . . . . . . . . . . . .   25
     6.6. Registration Retransmission . . . . . . . . . . . . . . .   26
     6.7. Simultaneous Registrations  . . . . . . . . . . . . . . .   26
     6.8. Mobile Routers  . . . . . . . . . . . . . . . . . . . . .   26




Perkins, editor              Expires 4 July 1995               [Page ii]


Internet Draft            IP Mobility Support             4 January 1995


 7. Foreign Agent Considerations                                      28
     7.1. Configuration and Registration Tables . . . . . . . . . .   28
     7.2. Receiving Registration Requests . . . . . . . . . . . . .   29
     7.3. Receiving Registration Replies  . . . . . . . . . . . . .   29
     7.4. Decapsulation . . . . . . . . . . . . . . . . . . . . . .   29

 8. Home Agent Considerations                                         30
     8.1. Configuration and Registration Tables . . . . . . . . . .   30
     8.2. Receiving Registration Requests . . . . . . . . . . . . .   30
     8.3. Simultaneous Registrations  . . . . . . . . . . . . . . .   31
     8.4. Registration Expiration . . . . . . . . . . . . . . . . .   32
     8.5. Encapsulation . . . . . . . . . . . . . . . . . . . . . .   32

 9. Security Considerations                                           33
     9.1. Message Authentication Codes  . . . . . . . . . . . . . .   33
     9.2. Tunneling to Care-of Addresses  . . . . . . . . . . . . .   33
     9.3. Key management  . . . . . . . . . . . . . . . . . . . . .   33
     9.4. Picking good random numbers . . . . . . . . . . . . . . .   34
     9.5. Privacy . . . . . . . . . . . . . . . . . . . . . . . . .   34
     9.6. Replay Protection for Registration Requests . . . . . . .   34
           9.6.1. Replay Protection using Nonces  . . . . . . . . .   35
           9.6.2. Replay Protection using Timestamps  . . . . . . .   36

10. Acknowledgements                                                  36

 A. Gratuitous and Proxy ARP                                          37

 B. Link-Layer considerations                                         38
     B.1. Point-to-Point Link-Layers  . . . . . . . . . . . . . . .   38
     B.2. Multi-Point Link-Layers . . . . . . . . . . . . . . . . .   39

 C. TCP Considerations                                                39
     C.1. TCP Timers  . . . . . . . . . . . . . . . . . . . . . . .   39
     C.2. TCP Congestion Management . . . . . . . . . . . . . . . .   39

 D. Tunnel Management                                                 40

Chair's Address                                                       43

Editor's Address                                                      43











Perkins, editor              Expires 4 July 1995              [Page iii]


Internet Draft            IP Mobility Support             4 January 1995


1. Introduction

   Current versions of the Internet Protocol make an implicit assumption
   that a node's point of attachment remains fixed.  Datagrams are sent
   to a node based on the location information contained in the node's
   IP address.

   If a node moves while keeping its IP address unchanged, its network
   number will not reflect its new point of attachment.  Existing
   routing protocols will not be able to route datagrams to it
   correctly.

   This document defines new functions that allow a node to roam on the
   Internet, without changing its IP address.

   The following entities are defined:

      Mobile Node

         A host or router that changes its point of attachment from one
         network or subnetwork to another.

      Home Agent

         A router that maintains a registry of the current mobility
         bindings for that mobile node, and encapsulates datagrams for
         delivery to the mobile node while it is away from home.

      Foreign Agent

         A router that assists a locally reachable mobile node that is
         away from its home network.

      Care-of Address

         The care-of address terminates the end of a tunnel toward a
         mobile node.  Depending on the foreign network configuration,
         the care-of address may be either dynamically assigned to the
         mobile node or associated with a foreign agent.

   The following support services are defined:

      Agent Discovery

         Home agents and foreign agents advertise their availability
         on each link for which they provide service.  A newly arrived
         mobile node can send a solicitation on the link to learn if any
         prospective agents are present.



Perkins, editor               Expires 4 July 1995               [Page 1]


Internet Draft            IP Mobility Support             4 January 1995


      Registration

         When the mobile node is away from home, it registers a
         care-of address with a home agent.  Depending on its method of
         attachment, the mobile node will register either directly with
         a home agent, or through a foreign agent which forwards the
         registration to the home agent.

      Encapsulation

         Once a mobile node has registered a care-of address with its
         home agent, that home agent intercepts datagrams destined for
         the mobile node, builds another datagram with the intercepted
         datagram enclosed within, and forwards the resulting datagram
         to the entity at the care-of address.

      Decapsulation

         At the care-of address, the enclosed datagram is extracted.
         When the mobile node receives packets sent to its own
         care-of address, it decapsulates its own datagrams.  When the
         care-of address is associated with a foreign agent, the foreign
         agent decapsulates the datagrams.  If the datagram is addressed
         to a mobile node which the foreign agent is currently serving,
         it will deliver the datagram to the mobile node.


1.1. Requirements

   A mobile node using its home address shall be able to communicate
   with other nodes after having been disconnected from the Internet,
   and then reconnected at a different point of attachment.

   A mobile node shall continue to be capable of communicating directly
   with existing nodes which do not implement the mobility functions
   described in this document.  No protocol enhancements are required in
   hosts or routers that are not serving any of the mobility functions.

   A mobile node shall provide authentication in its registration
   messages.


1.2. Goals

   The mobile node's directly attached link is likely to be bandwidth
   limited.  Only a few administrative messages should be sent between a
   mobile node and an agent.  The size of these messages should be kept
   as short as possible.



Perkins, editor               Expires 4 July 1995               [Page 2]


Internet Draft            IP Mobility Support             4 January 1995


   As few messages as possible which duplicate functionality are sent
   on mobile links.  This is particularly important on wireless and
   congested links.


1.3. Assumptions

   The protocols defined in this document place no additional
   requirements on assignment of IP addresses.  That is, a mobile node
   can be assigned an IP address by the organization that owns the
   machine, and will be able to use that IP address regardless of the
   current point of attachment.

   It is assumed that mobile nodes are able to change their point of
   attachment to the Internet no more frequently than once per second.

   It is assumed that IP unicast datagrams are routed to a destination
   without regard to the source of the datagram.


1.4. Specification Language

   In this document, several words are used to signify the requirements
   of the specification.  These words are often capitalized.

      MUST               This word, or the adjective "required", means
                         that the definition is an absolute requirement
                         of the specification.

      MUST NOT           This phrase means that the definition is an
                         absolute prohibition of the specification.

      SHOULD             This word, or the adjective "recommended",
                         means that there may exist valid reasons in
                         particular circumstances to ignore this item,
                         but the full implications must be understood
                         and carefully weighed before choosing a
                         different course.

      MAY                This word, or the adjective "optional", means
                         that this item is one of an allowed set of
                         alternatives.  An implementation which does
                         not include this option MUST be prepared to
                         interoperate with another implementation which
                         does include the option.

      silently discard   The implementation discards the packet without
                         further processing, and without indicating an



Perkins, editor               Expires 4 July 1995               [Page 3]


Internet Draft            IP Mobility Support             4 January 1995


                         error to the sender.  The implementation SHOULD
                         provide the capability of logging the error,
                         including the contents of the discarded packet,
                         and SHOULD record the event in a statistics
                         counter.


1.5. Terminology

   This document frequently uses the following terms:

      Agent Advertisement

         A periodic advertisement constructed by attaching a special
         extension to a router advertisement [5] message.

      Correspondent

         A peer with which a mobile node is communicating.  The
         correspondent may be either mobile or stationary.

      Home Address

         A long-term IP address that is assigned to a mobile node.  It
         remains unchanged regardless of where the node is attached
         to the Internet.  Datagrams addressed to the home address
         are intercepted by the home agent while the mobile node is
         registered with that home agent.

      Link

         A communication facility or medium over which nodes can
         communicate at the link layer; a link underlies the network
         layer.

      Mobile Agent

         Either a home agent or a foreign agent.

      Mobility Binding

         The association of a home address with a care-of address, and
         the remaining lifetime of the association.

      Mobility Security Association

         The security relationship between two nodes that is used with
         Mobile IP protocol messages.  This relationship includes the



Perkins, editor               Expires 4 July 1995               [Page 4]


Internet Draft            IP Mobility Support             4 January 1995


         authentication type (i.e., algorithm and algorithm mode), the
         secret (such as a shared key, or appropriate public/private key
         pair), and information about the style of replay protection in
         use.  Note that a single algorithm (such as DES) might have
         several modes (for example, CBC and ECB)(see [16], [12]).

      Routing Prefix

         The high-order bits in an address, which are used by routers to
         locate a link for delivery of a datagram.

      Source Address

         An IP address belonging to the interface on which this message
         is sent.




































Perkins, editor               Expires 4 July 1995               [Page 5]


Internet Draft            IP Mobility Support             4 January 1995


2. Agent Discovery

   To communicate with a foreign or home agent, a mobile node must
   learn either the IP address or the link address of that agent.  It
   is assumed that a link-layer connection has been established between
   the agent and the mobile node.  The method used to establish such
   a link-layer connection is not specified in this document.  After
   establishing a link-layer connection, the mobile node learns whether
   there are any agents available.  If the address of any agent matches
   the mobile node's stored address for its home agent, the mobile node
   is at home.

   An agent which is not identified by a link-layer protocol MUST
   implement ICMP Router Discovery [5].  The router advertisements
   indicate whether the router is also a home agent or a foreign agent.

   When multiple methods of agent identification are in use, the
   mobile node SHOULD first attempt registration with routers sending
   router advertisements in preference to those sending link-layer
   advertisements.  This ordering maximizes the likelihood that the
   registration will be recognized, thereby minimizing the number of
   registration attempts.

   An administrative domain MAY require registration via a foreign
   agent.  This facility (see subsection 4.1) is envisioned for service
   providers with packet filtering fire-walls, or visiting policies
   (such as accounting) which require exchanges of authorization.

   No authentication is required for the advertisement and solicitation
   process.  These messages MAY be authenticated using the IP
   Authentication Header [1], which is external to the messages
   described here.  Further work on authentication of advertisement and
   solicitation is outside of the scope of this document.

   Whenever an externally authenticated message fails authentication,
   the message is silently discarded.


2.1. Agent Solicitation

   Every mobile node MUST implement ICMP Router Solicitation (RFC
   1256 [5]) if it needs to obtain a care-of address in an agent
   advertisement.  However, the solicitation is only sent when no
   care-of address has been determined through a link-layer protocol
   or prior router advertisement.  Any mobility agent which is not
   identified by a link-layer protocol MUST respond to ICMP Router
   Solicitation.




Perkins, editor               Expires 4 July 1995               [Page 6]


Internet Draft            IP Mobility Support             4 January 1995


   The same procedures, defaults, and constants are used as described
   in RFC 1256, except that the mobile node may solicit more often
   than once every three seconds and MAX_SOLICITATIONS does not
   apply for mobile nodes that are currently unconnected to any
   foreign agent.  A mobile node MAY send a solicitation once each
   MOBILE_SOLICITATION_INTERVAL (1 second?)  until the solicitation is
   answered by a mobile agent, and the mobile node can finally issue a
   registration request.


2.2. Agent Advertisement

   Mobile nodes must process ICMP router advertisements[5].  Any
   mobility agent which is not identified by a link-layer protocol MUST
   send ICMP router advertisements.  An agent which is identified by
   a link-layer protocol SHOULD also implement router advertisements.
   However, the advertisements need not be sent, except when the site
   policy requires registration with the agent, or as a response to a
   specific solicitation.

   The same procedures, defaults, and constants are used as described in
   RFC 1256 [5], except as specified herein; a foreign agent MUST NOT
   send router advertisements more often than once per second.

   The router advertisements are extended by examining the number of
   advertised addresses.  When the IP total length indicates that the
   ICMP message is longer than needed for the number of addresses
   present, the remainder is interpreted as extensions.  The extensions
   are described in section 4.

   The Mobility Extension (subsection 4.1) is required, and indicates
   that the router is a mobile agent.  Other extensions indicate
   optionally supported features (see, e.g., subsection 5.2).

   The Code field of the ICMP router advertisement is interpreted as
   follows:

      0    If the Mobility Extension is present, the router supports
           mobility registration.  The router also handles common
           traffic -- that is, IP data packets not necessarily related
           to mobile nodes.

      16   A home or foreign agent which supports registration, but is
           not routing common traffic.

   A foreign agent includes the care-of address as a router address.





Perkins, editor               Expires 4 July 1995               [Page 7]


Internet Draft            IP Mobility Support             4 January 1995


   Upon receipt of an agent advertisement, a mobile node compares the
   router address to that of the home agent(s) in its list.  If there
   is an exact match, the mobile node is at home.  Otherwise, the
   care-of address may be chosen from among advertising agents in the
   same fashion as the mobile node would choose a first hop router.
   The highest preference router address, which falls within a subnet
   that the mobile node has configured on its mobile interface(s), is
   used for the care-of address.  It is very likely that no advertised
   routing prefix matches when the mobile node is not at home.  In this
   case, the highest preference non-matching router address is used for
   the care-of address.

   A home agent which does not provide foreign agent services will have
   preference values less than the highest foreign agent preference.

          DISCUSSION: What is this value?



































Perkins, editor               Expires 4 July 1995               [Page 8]


Internet Draft            IP Mobility Support             4 January 1995


3. Registration

   The registration function exchanges information between mobile
   nodes and home agents.  Registration creates a mobility binding,
   associating the mobile node's home address with a care-of address
   which can be used to reach the mobile node.

   When assigned a transient care-of address, a mobile node can act
   without a foreign agent, and register or de-register directly with a
   home agent by the exchange of only 2 messages:

    a) The mobile node sends a registration request to a home agent,
       asking that home agent to provide the requested service.

    b) The home agent sends a registration reply to the mobile node,
       granting or denying service.

   An administrative domain MAY require registration through a foreign
   agent (see the description of the "F" bit, in subsection 4.1).

   When the care-of address is associated with a foreign agent, the
   foreign agent acts as a relay between the mobile node and home
   agent.  This extended registration process involves the exchange of 4
   messages:

    a) The mobile node sends a registration request to the prospective
       foreign agent to begin the registration process.

    b) The foreign agent relays the request to the home agent, asking
       that home agent to provide the requested service.

    c) The home agent sends a registration reply to the foreign agent to
       grant or deny service.

    d) The foreign agent relays the registration reply to the mobile
       node to inform it of the disposition of its request.

   The registration messages defined in this section(3.2, 3.3) use the
   User Datagram Protocol header [18].  A nonzero UDP checksum SHOULD be
   included in the header, and checked by each recipient.


3.1. Authentication

   Each mobile node, foreign agent, and home agent MUST support
   the maintenance of an internal table holding a list of security
   associations for mobile entities, indexed by their IP address.  See
   section 9.1 for support requirements for authentication algorithms.



Perkins, editor               Expires 4 July 1995               [Page 9]


Internet Draft            IP Mobility Support             4 January 1995


   Only one mobility security association at a time is in effect between
   any given pair of participating nodes.  Whenever a mobility security
   association exists between a pair of nodes, all registration messages
   between these nodes MUST be authenticated.

   In particular, registration messages between mobile node and
   home agent are required to be authenticated with the Mobile-Home
   Authentication Extension (see subsection 4.3).  This extension
   immediately follows all non-authentication extensions, except those
   foreign agent specific extensions which may be added to the packet
   after the mobile node computes the authentication.


3.2. Registration Request

   The registration request message is sent by a mobile node to its home
   agent, so that the home agent can create a new mobility binding for
   the mobile node (with a new lifetime).  The request may be relayed
   to the home agent by the foreign agent from which the mobile node is
   accepting service, or it may be sent directly in case the mobile node
   has received a temporary care-of address by some other means (e.g,
   DHCP [7]).

   IP fields:

      Source        An IP address belonging to the interface on which
                    this message is sent.

                    A mobile node MUST use the transient care-of address
                    when assigned; otherwise, the home address is used.

      Destination   The IP address of the agent, when known.

                    When the IP address is unknown (the agent was
                    discovered via a link-layer protocol), the "All
                    Mobile Agents" multicast address (224.0.0.11).  The
                    link-layer unicast address is used to deliver the
                    datagram to the correct agent.













Perkins, editor              Expires 4 July 1995               [Page 10]


Internet Draft            IP Mobility Support             4 January 1995


   UDP fields:

      Source Port        variable

      Destination Port   434

   The UDP Header is followed by the Mobile-IP fields shown below:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |           Lifetime            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                          Home Address                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           Home Agent                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                        Care-of Address                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Extensions ...
   +-+-+-+-+-+-+-+-

      Type              1

      Code              Optional capabilities:

                        0   remove prior registrations
                        1   retain prior registrations

      Lifetime          The number of seconds remaining before the
                        registration is considered expired.  A value of
                        zero indicates a request for deregistration.  A
                        value of all ones indicates infinity.

      Home Address      The IP address of the mobile node.

      Home Agent        The IP address of a home agent.

      Care-of Address   The IP address for the decapsulation end of a
                        tunnel.

      Identification    A 64-bit sequence number, constructed by the
                        mobile node, used to assist in matching requests




Perkins, editor              Expires 4 July 1995               [Page 11]


Internet Draft            IP Mobility Support             4 January 1995


                        with replies, and in protecting against replay
                        attacks (see section 9.4).


3.3. Registration Reply

   The registration reply message is returned by a home agent to a
   mobile node which has sent a registration request (subsection 3.2)
   message.  If the mobile node is accepting service from a foreign
   agent, that foreign agent will receive the reply from the home
   agent and subsequently relay it to the mobile node.  The reply
   message contains the necessary codes to inform the mobile node about
   the status of its request, along with the lifetime granted by the
   home agent, which MAY be smaller than the original request.  See
   subsection 8.2 for details regarding the selection of the reply
   identification.  When the lifetime of the reply is greater than
   the original request, the excess time SHOULD be ignored.  When the
   lifetime of the reply is smaller than the original request, another
   registration SHOULD occur before the lifetime expires.

   IP fields:

       The source and destination IP addresses of the request message
       are swapped for the reply message.

   UDP fields:

       The source port and destination port of the request message are
       swapped for the reply message.

   Note that the source IP address and the source UDP port of the
   original registration request must be saved in order for the foreign
   agent to return the reply to the correct mobile node UDP port.

   The UDP Header is followed by the Mobile-IP fields shown below:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |           Lifetime            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                         Identification                        +
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Extensions ...
   +-+-+-+-+-+-+-+-




Perkins, editor              Expires 4 July 1995               [Page 12]


Internet Draft            IP Mobility Support             4 January 1995


      Code             One of the following codes:

                       0   service will be provided.
                       1   service will be provided; simultaneous
                          registrations unavailable.

                       Service denied by the foreign agent:

                       16   reason unspecified.
                       17   administratively prohibited.
                       18   insufficient resources.
                       19   mobile node failed authentication.
                       20   home agent failed authentication.
                       21   requested lifetime too long.
                       22   home agent unreachable (ICMP error)

                       Service denied by the home agent:

                       32   reason unspecified.
                       33   administratively prohibited.
                       34   insufficient resources.
                       35   mobile node failed authentication.
                       36   foreign agent failed authentication.

                       Up-to-date values of the Code field are specified
                       in the most recent "Assigned Numbers" [20].

      Lifetime         The seconds remaining before the registration is
                       considered expired.  A value of zero confirms a
                       request for deregistration.  A value of all ones
                       indicates infinity.

      Identification   The registration identification is derived from
                       the request message, for use by the mobile
                       node in matching its reply with an outstanding
                       request.















Perkins, editor              Expires 4 July 1995               [Page 13]


Internet Draft            IP Mobility Support             4 January 1995


4. Mobility Message Extensions

   Each message begins with a short fixed part, followed by one or more
   mobility message extensions in type-length-value format.  These
   extensions may apply to agent advertisement messages (subsection 2.2)
   and registration messages (section 3).

    0                   1                   2
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
   |   Extension   |    Length     |    Data ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

      Extension

         Current values are assigned as follows:

         16   Mobility
         18   Key Identifier
         32   Mobile-Home Authentication
         33   Mobile-Foreign Authentication
         34   Foreign-Home Authentication
         64   Minimal Encapsulation
         65   GRE Encapsulation (see [10])

         Up-to-date values are specified in the most recent "Assigned
         Numbers" [20].

      Length

         Indicates the length (in bytes) of the data field.  The length
         does not include the Extension and Length bytes.

      Data

         This field is zero or more bytes in length and contains the
         value(s) for this extension.  The format and length of the data
         field is determined by the extension and length fields.

   Extensions allow variable amounts of information to be carried within
   each datagram.  The end of the list of extensions is indicated by the
   total length of the IP datagram.

   When an extension is encountered which is not recognized, it is
   ignored.  The length field of the extension is used to skip the data
   field in searching for the next extension.





Perkins, editor              Expires 4 July 1995               [Page 14]


Internet Draft            IP Mobility Support             4 January 1995


4.1. Mobility Extension

   The Mobility Extension is used to indicate that a router
   advertisement message is actually an agent advertisement being sent
   by a mobility agent (see subsection 2.2).  When foreign agents cannot
   accept new requests for service from mobile clients, they will set
   the Busy bit; if the Busy bit is turned off, the agent may attract
   new mobile clients.  An agent which wishes to serve only as a foreign
   agent, sets the 'F' bit in the mobility extension; likewise an agent
   which wishes to serve only as a home agent sets the 'H' bit in the
   mobility extension.  Any home agent must always be prepared to serve
   its mobile clients; it is an error to have the 'B' bit set without
   also having the 'F' bit set.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Lifetime            |R|B|H|F|reservd|
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension         16

      Length            5

      Lifetime          The longest lifetime (measured in seconds)
                        that the agent is willing to accept in any
                        registration request.  A value of all ones
                        indicates infinity.

      Sequence Number   Contains the number of advertisement messages
                        sent since the agent was initialized.

      R                 Foreign agent registration required bit.  When
                        this bit is set to 1, the mobile node SHOULD
                        register through the foreign agent, even
                        when the mobile node has acquired a transient
                        care-of address.

      B                 Busy bit.  The foreign agent is not willing to
                        accept any more registrations, even though it
                        continues to send advertisements with a positive
                        preference.

      H                 Agent is offering service as a home agent.

      F                 Agent is offering service as a foreign agent.



Perkins, editor              Expires 4 July 1995               [Page 15]


Internet Draft            IP Mobility Support             4 January 1995


      reservd           Sent as zero; ignored on reception.

   The sequence number begins with 256 and wraps to zero (0).  When
   the sequence number decreases to a number outside the range 0-255,
   the mobile node MUST assume that any current registration has
   been lost.  When the mobile node detects a sequence number in
   the range 0-255, it may assume that the sequence number field
   has rolled over through 0, thus possibly avoiding an extraneous
   registration request.  This field cannot roll over in less than
   MIN_ADVERTISEMENT_INTERVAL*(2**16) seconds (more than 18 hours),
   and rollover is unambiguously indicated by the presence of sequence
   numbers in the range between 0 and 255.


4.2. Key Identifier Extension

   The key identifier extension is found in registration requests
   (see subsection 3.2).  This extension informs the home agent that
   authentication is performed using a cryptographic key or algorithm
   different than the home agent would use by default.  If a home
   agent receives a registration request which does not contain
   this extension, the home agent assumes that the mobile node used
   the default Message Authentication Code (see subsection 9.1) to
   authenticate the registration.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |         Key Identifier        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension      18

      Length         2

      reserved       Sent as zero; ignored on reception.

      Key Identifier

   The key identifier may be chosen from a list which is privately
   configured between the home agent and the mobile node.  In this case,
   the identifier is completely opaque; the cryptographic algorithm to
   be used cannot be determined from the value of the key identifier.








Perkins, editor              Expires 4 July 1995               [Page 16]


Internet Draft            IP Mobility Support             4 January 1995


4.3. Mobile-Home Authentication Extension

   This extension is found in all registration requests and replies,
   and is intended to eliminate problems[2] which result from the
   uncontrolled propagation of remote redirects in the Internet.  See
   subsection 9.1 for information about support requirements for message
   authentication codes, etc.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |        Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension       32

      Length          The number of data bytes in the extension.

      Authenticator   (variable length) A hash value taken over a
                      stream of bytes including the shared secret, the
                      source and destination port numbers from the UDP
                      header, all UDP data (that is, the registration
                      request or reply data), all prior extensions in
                      their entirety, and the type and length of this
                      extension, but not including the Authenticator
                      field itself.


4.4. Mobile-Foreign Authentication Extension

   This extension may be found in registration requests replies where
   a mobility security association exists between the mobile node and
   a foreign agent.  See subsection 9.1 for information about support
   requirements for message authentication codes, etc.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |        Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension       33

      Length          The number of data bytes in the extension.

      Authenticator   (variable length) A hash value taken over a
                      stream of bytes including the shared secret, the
                      source and destination port numbers from the UDP



Perkins, editor              Expires 4 July 1995               [Page 17]


Internet Draft            IP Mobility Support             4 January 1995


                      header, all UDP data (that is, the registration
                      request or reply data), all prior extensions in
                      their entirety, and the type and length of this
                      extension, but not including the Authenticator
                      field itself.


4.5. Foreign-Home Authentication Extension

   This extension may be found in registration requests and replies
   where a mobility security association exists between the foreign
   agent and a home agent.  See subsection 9.1 for information about
   support requirements for message authentication codes, etc.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |         Authenticator ...
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension       34

      Length          The number of data bytes in the extension.

      Authenticator   (variable length) A hash value taken over a
                      stream of bytes including the shared secret, the
                      source and destination port numbers from the UDP
                      header, all UDP data (that is, the registration
                      request or reply data), all prior extensions in
                      their entirety, and the type and length of this
                      extension, but not including the Authenticator
                      field itself.


4.6. Minimal Encapsulation Extension

   The Minimal Encapsulation Extension is found in agent advertisements
   (subsection 2.2) and registration requests (subsection 3.2).  In
   registration requests, it specifies that the mobile node would like












Perkins, editor              Expires 4 July 1995               [Page 18]


Internet Draft            IP Mobility Support             4 January 1995


   to receive data encapsulated with the Minimal Encapsulation protocol
   (subsection 5.2).

    0                   1
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Extension   |    Length     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Extension   64

      Length      0







































Perkins, editor              Expires 4 July 1995               [Page 19]


Internet Draft            IP Mobility Support             4 January 1995


5. Forwarding Datagrams to the Mobile Node

5.1. IP in IP Encapsulation

   Support for IP in IP encapsulated datagrams is required.

   An outer, full-sized IP fragmentation header is inserted before the
   datagram's IP header:

                                          +---------------------------+
                                          |      Outer IP Header      |
      +---------------------------+       +---------------------------+
      |         IP Header         |       |         IP Header         |
      +---------------------------+ ====> +---------------------------+
      |                           |       |                           |
      |         IP Payload        |       |         IP Payload        |
      |                           |       |                           |
      +---------------------------+       +---------------------------+

   The format of the IP header is described in RFC 791[19].  The outer
   IP header source and destination addresses identify the "endpoints"
   of the tunnel.  The inner IP header source and destination addresses
   identify the sender and recipient of the datagram.

   The protocol field in the outer IP header is set to protocol number
   4 for the encapsulation protocol.  The destination field in the
   outer IP header set to the care-of address of the mobile node.  The
   source field in the outer IP header is set to the IP address of the
   encapsulating agent.

   When the datagram is encapsulated, the Time To Live (TTL) field in
   the outer IP header is set to be the same as the original datagram.
   When decapsulating, the outer TTL minus one is inserted into the
   inner IP TTL. Thus, hops are counted, but the actual routers interior
   to the tunnel are not identified.


5.2. Minimal Encapsulation

   A minimal forwarding header is defined for datagrams which are not
   fragmented prior to encapsulating.  When a datagram is already
   fragmented prior to encapsulating, IP in IP is used.

   Use of this encapsulating method is optional.







Perkins, editor              Expires 4 July 1995               [Page 20]


Internet Draft            IP Mobility Support             4 January 1995


   The minimal header is inserted between the datagram's IP header and
   the rest of the datagram:

      +---------------------------+       +---------------------------+
      |         IP Header         |       |     Modified IP Header    |
      +---------------------------+ ====> +---------------------------+
      |                           |       |     Forwarding Header     |
      |         IP Payload        |       +---------------------------+
      |                           |       |                           |
      +---------------------------+       |         IP Payload        |
                                          |                           |
                                          +---------------------------+

   A foreign agent which is capable of decapsulating the minimal header
   will include the Minimal Encapsulation Extension (subsection 4.6) in
   its router advertisements.

   A mobile node indicates the capability of decapsulating the minimal
   header at the care-of address by the inclusion of the Minimal
   Encapsulation Extension in its registration request.

   The Minimal Encapsulation Extension is not included in the
   registration reply.  The use of the minimal header is entirely at the
   discretion of the home agent.

   The format of the minimal forwarding header is as follows:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |   Protocol    |S|  reserved   |        Header Checksum        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                         Home Address                          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   :                 Correspondent Source Address                  :
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

      Protocol

         Copied from the protocol field in the original IP header.











Perkins, editor              Expires 4 July 1995               [Page 21]


Internet Draft            IP Mobility Support             4 January 1995


      S

         Source field present bit, which indicates that the
         Correspondent Source Address field is present.

          0 not present.
          1 present.

      reserved

         Sent as zero; ignored on reception.

      Header Checksum

         The 16-bit one's complement of the one's complement sum of the
         encapsulation header.  For computing the checksum, the checksum
         field is set to 0.

      Home Address

         Copied from the destination field in the original IP header.

      Correspondent Source Address

         Copied from the source field in the original IP header.
         Present only if the S-bit is set.

   The protocol field in the IP header is replaced by protocol number 55
   for the minimal encapsulation protocol.  The destination field in the
   IP header is replaced by the care-of address of the mobile node.  If
   the encapsulating agent is not the original source of the datagram,
   the source field in the IP header is replaced by the IP address of
   the encapsulating agent.  The Don't Fragment bit is set in the IP
   header.

   When decapsulating a datagram, the fields in the forwarding header
   are restored to the IP header, and the forwarding header is removed
   from the datagram.













Perkins, editor              Expires 4 July 1995               [Page 22]


Internet Draft            IP Mobility Support             4 January 1995


6. Mobile Node Considerations

   A mobile node listens for agent advertisements at all times that it
   has a link connection.  In this manner, it can learn that its foreign
   agent has changed, or that it has arrived home.

   Whenever a mobile node detects a change in its point of attachment,
   it MUST initiate the registration process.  If it is away from home,
   it MUST create a mobility binding by registering with its home agent
   (see subsections 3.2, 2.2).  A mobile node will operate without the
   support of mobility functions when it is at home, but MUST erase its
   mobility bindings at its home agent (subsection 6.4).

   Appendix B discusses the interaction of this mobility specification
   with some link layer implementations for media which may be used with
   mobile nodes.

   Receipt of an ICMP Redirect from a registered agent MUST NOT affect
   the choice of agent for re-registrations.  ICMP Redirect only affects
   the choice of preferred router for forwarding decisions.

     DISCUSSION:  What's a "registered agent"?  Is it supposed to be
                  one of the mobility agents most recently involved
                  with sending an approved registration request to
                  the mobile node?


6.1. Configuration and Registration Tables

   Each mobile node will need:

    - home address
    - prefix size
    - one or more home agents
    - mobility security association for each home agent

   For each pending registration:

    - MAC address of agent
    - care-of address
    - registration identification
    - lifetime


6.2. Registration When Away From Home

   In the absence of link-layer indications of changes in point of
   attachment, agent advertisements from new agents do not necessarily



Perkins, editor              Expires 4 July 1995               [Page 23]


Internet Draft            IP Mobility Support             4 January 1995


   affect a current registration.  In the absence of link-layer
   indications, a mobile node MUST NOT attempt to register more
   often than once per second.  A mobile node may register with a
   different agent when transport-layer protocols indicate excessive
   retransmissions.  The mobile node MUST NOT register with a new
   agent simply because a higher preference agent has appeared, or the
   preference values change for the agent with which it is currently
   registered.  Within these constraints, the mobile node MAY register
   again at any time.

   If a mobile node detects a reduction in the sequence number of
   an agent advertisement from a foreign agent through which it has
   registered, the mobile node MUST register again.  Such a reduction
   does not include the wrap of the Sequence Number to a number in the
   range from 0 to 255.

   A mobile node SHOULD NOT request a lifetime for its registration that
   exceeds the lifetime learned in an agent advertisement.  When the
   method by which the care-of address is learned does not include a
   lifetime, the default router advertisement lifetime (1800 seconds)
   may be used.  The lifetime MAY be modified by the home agent in its
   reply.  A mobile node SHOULD register again before the lifetime of
   its registration expires.  A mobile node MAY ask a home agent to
   terminate forwarding service to a particular care-of address, by
   sending a registration with a lifetime of zero (see subsection 8.2).

   The mobile node SHOULD construct its registration identification by
   concatenating another value of its own choice to the most recent
   nonce received from its home agent.  This value in the trailing bits
   of the identification can be another nonce, or a duplicate of the
   nonce received from the home agent (see subsection 9.6.1).


6.3. Registration without a foreign agent

   In cases where a mobile node away from home is able to dynamically
   acquire a transient IP address (e.g, DHCP [7]), the mobile node
   can serve without a foreign agent, using the transient address as
   the care-of address.  Then all communication between the mobile
   node and its home agent can proceed without the intervention of
   foreign agents.  This eliminates the need to deploy foreign agents as
   separate entities.  This feature MUST NOT be used unless the mobile
   node has mechanisms to detect changes in its link-layer connectivity,
   and can initiate acquisition of a new transient address each time
   such a change occurs.  The lifetime of such a registration is chosen
   by the mobile node.





Perkins, editor              Expires 4 July 1995               [Page 24]


Internet Draft            IP Mobility Support             4 January 1995


   On those links where the mobile node detects an agent advertisement
   that has the "F" bit set in the Mobility Extension (see
   subsection 2.2), the mobile node SHOULD register through an
   appropriate foreign agent, even when it might otherwise be able to
   register directly with a home agent.


6.4. De-registration When At Home

   When a mobile node is attached to its home link, it will no longer
   need any forwarding service from its home agent.  A deregistration
   procedure MUST be used between the mobile node and its home agent.
   The deregistration process involves the exchange of only two
   messages:

    a) The mobile node sends a registration request directly to its home
       agent, with the lifetime set to zero, and the Code field set to
       0, to indicate that the home agent remove all related entries.
       The care-of address is set to the home address.

    b) The home agent sends a registration reply to the mobile node to
       indicate the success or failure of the mobile node's attempted
       deregistration.

   A mobile node need not register again with a home agent when a change
   of sequence number occurs, or the advertisement lifetime expires,
   since it isn't seeking service from the home agent.


6.5. Registration Replies

   To be accepted, the reply must match the registration identification
   of its most recent registration request to the sender; otherwise, the
   message is silently discarded.  If nonces are in use, the mobile node
   records the first 32 bits for use in its next registration request;
   otherwise, if timestamps are in use, the entire 64 bit field may be
   used for identification (see subsection 9.6).

   When a reply is received which has a code indicating rejection by
   the foreign agent, the Mobile-Home Authenticator will be missing or
   invalid.  If a later authenticated reply is received, that reply
   supersedes the unauthenticated reply.  Otherwise, when a reply is
   received with an invalid Authenticator, the message is silently
   discarded.  The mobile node is not required to issue any message in
   response to a registration reply.






Perkins, editor              Expires 4 July 1995               [Page 25]


Internet Draft            IP Mobility Support             4 January 1995


6.6. Registration Retransmission

   When no reply has been received within a reasonable time, the
   registration request is retransmitted.  A new registration
   identification is chosen for each retransmission; thus it counts as a
   new registration.

   The maximum retransmission time SHOULD be no greater than the
   lifetime of the registration request.  The minimum value SHOULD
   be large enough to account for the size of the packets, twice the
   round trip time for transmission at the link speed, and at least
   an additional 100 milliseconds to allow for processing the packets
   before responding.  Some circuits add another 200 milliseconds
   of satellite delay.  The minimum retransmission time MUST NOT
   be less than 1 second.  Each successive value SHOULD be at least
   twice the previous value, as long as that is less than the maximum
   retransmission time.


6.7. Simultaneous Registrations

   Multiple simultaneous registrations are likely to be useful when a
   mobile node is on a border between multiple cellular systems.  IP
   explicitly allows duplication of datagrams.  When the home agent
   allows simultaneous registrations, it will encapsulate a separate
   copy of each arriving datagram to each care-of address, and the
   mobile node will receive multiple copies of its datagrams.

   In order to request this optional capability, the mobile node sends
   the registration request with the Code set to 1.  The return code
   in the registration reply is the same.  No error occurs if the home
   agent is unable to fulfill the request.  When the need for multiple
   registrations has passed, the mobile node SHOULD register again with
   the Code set to 0, to remove the other registrations.


6.8. Mobile Routers

   A mobile node can be a router, which is responsible for the mobility
   of an entire network moving together, such as on an airplane, a ship,
   a train, an automobile, a bicycle, or a kayak.  The nodes connected
   to the mobile network served by the mobile router may themselves be
   fixed nodes or mobile nodes or routers.

   A mobile router may provide a care-of address to mobile nodes
   connected to the mobile network.  In this case, when a correspondent
   host sends a packet to the mobile node, the following actions should
   occur.



Perkins, editor              Expires 4 July 1995               [Page 26]


Internet Draft            IP Mobility Support             4 January 1995


   Normal routing procedures will route the packet addressed to the
   mobile node from the correspondent host to the mobile node's home
   agent.  This home agent's binding for the mobile node causes it to
   tunnel the packet to the mobile router.  Normal routing procedures
   will route the packet from this home agent to the mobile router's
   home agent.  That home agent's binding for the mobile router causes
   the packet to be doubly tunneled to the mobile router's care-of
   address.  For the sake of discussion, assume there is a foreign agent
   available at that care-of address.

   The mobile router's foreign agent will then detunnel the packet
   and use its visitor list entry to deliver the packet to the mobile
   router.  The mobile router will then detunnel the packet and use its
   visitor list entry to deliver the packet finally to the mobile node.

   If a fixed node is connected to a mobile network then either of two
   methods may be used to cause packets from correspondent hosts to be
   routed to the fixed node.

   A home agent may be configured that has a permanent registration for
   the fixed node that indicates the mobile router's address as the
   fixed host's care-of address.  The mobile router's home agent will
   usually be used for this purpose.  The home agent is then responsible
   for advertising connectivity using normal routing protocols to
   the fixed node.  Any packets sent to the fixed node will thus use
   recursive tunneling as described above.

   Alternatively, the mobile router may advertise connectivity to the
   fixed node using normal routing protocols through its own home agent.
   This method avoids the need for recursive tunneling of packets.





















Perkins, editor              Expires 4 July 1995               [Page 27]


Internet Draft            IP Mobility Support             4 January 1995


7. Foreign Agent Considerations

   The foreign agent is passive and has a minimal role; it relays
   registration requests between the home agent and the mobile node, and
   decapsulates datagrams for delivery to the mobile node.

   The foreign agent MUST NOT originate a request or reply that has not
   been prompted by the mobile node.  No request or reply is generated
   to indicate that the service lifetime has expired.  A foreign agent
   MUST NOT originate a message which revokes the registration of
   a different foreign agent.  A foreign agent SHOULD forward such
   revocations without modification when such revocation messages
   originated from an appropriate mobile node.

   The foreign agent SHOULD NOT advertise the presence of a mobile node
   which is a router to other routers in its routing domain.

   The preference in the agent advertisements is used to regulate the
   number of mobile nodes which register with the foreign agent.  When
   the foreign agent would otherwise need to reject new registrations
   because of insufficient resources, the foreign agent SHOULD reduce
   its preference values until resources become available.


7.1. Configuration and Registration Tables

   Each foreign agent will need a care-of address.  In addition, for
   each pending or current registration, the foreign agent will need a
   visitor list entry containing:

    - Media address of mobile node
    - home address
    - prefix size
    - home agent
    - registration identification
    - lifetime

   A foreign agent may also maintain a mobility security association
   for each pending or current registrant, and use it to authenticate
   the registration requests and replies of the mobile node or
   its home agent (subsections 4.4, 4.5).  Even if a foreign agent
   implements authentication, it might not use authentication with each
   registration, because of the key management difficulties.








Perkins, editor              Expires 4 July 1995               [Page 28]


Internet Draft            IP Mobility Support             4 January 1995


7.2. Receiving Registration Requests

   If the foreign agent is able to satisfy an incoming registration
   request, then it forwards the request to the home agent.  Otherwise,
   it denies the request by sending a registration reply to the mobile
   node with an appropriate code.  The foreign agent must maintain a
   list of pending requests, which includes the IP source address and
   UDP source port, in order that a correctly addressed reply can be
   returned to the mobile node.


7.3. Receiving Registration Replies

   A registration reply which is unrelated to any pending request must
   be silently discarded.  If the registration reply is sent from the
   home agent with a status code indicating a successful registration,
   then the foreign agent updates its visitor list accordingly.  If the
   foreign agent receives an ICMP error instead of a registration reply
   in response to the registration request, then it returns the "Home
   Agent Unreachable" failure code to the mobile node.


7.4. Decapsulation

   Every foreign agent MUST examine all arriving encapsulated traffic
   and compare the destination address to those entries in its visitor
   list.  When the destination does not match any node currently in the
   visitor list, the foreign agent MUST NOT forward the datagram without
   modifications to the original IP header, because otherwise a routing
   loop is likely to result.  The datagram SHOULD be silently discarded.
   ICMP Destination Unreachable MUST NOT be sent when a foreign agent is
   unable to forward a datagram.



















Perkins, editor              Expires 4 July 1995               [Page 29]


Internet Draft            IP Mobility Support             4 January 1995


8. Home Agent Considerations

   The home agent has primary responsibility for processing and
   coordinating mobility services.

   The home agent for a given mobile node SHOULD be located on the link
   identified by the home address, if the home network is not merely a
   virtual network.

   The home agent SHOULD advertise the presence of the mobile node which
   is a router to other routers in its routing domain.


8.1. Configuration and Registration Tables

   Each home agent will need an IP address, and the prefix size for the
   home network, if there is one.  For each authorized mobile node, the
   home agent will need:

    - home address
    - mobility security association
    - prefix size(s) for the mobile network(s), if any

   For each registered mobile node, the home agent will need a
   forwarding list entry containing:

    - care-of address
    - registration identification
    - lifetime


8.2. Receiving Registration Requests

   Upon receipt of a registration request (subsection 3.2), the
   home agent grants or denies the service requested, by sending a
   registration reply (subsection 3.2) to the sender of the request with
   the appropriate code set.  If service permission is granted, the home
   agent will update its forwarding list with the care-of address of the
   tunnel.  The home agent MAY shorten the lifetime of the request.

   The request is validated by checking that the registration
   identification is not the same as a preceding request, and the
   Mobile-Home Authentication Extension (subsection 4.3) is correct.
   Other authentication extensions are also validated when present.
   When the registration request is valid, the home agent may select
   a new nonce for use by the mobile node upon its next registration
   request, and include it in the first 32 bits of the identification
   field of the registration reply.  The trailing 32 bits of that field



Perkins, editor              Expires 4 July 1995               [Page 30]


Internet Draft            IP Mobility Support             4 January 1995


   remain as is for use by the mobile node in matching the registration
   reply with one of its outstanding registration requests.  However,
   in the case that the registration request is identical to a recent
   request, the home agent SHOULD send the same identification as
   was issued in reply to the previous valid registration request.
   Identical registration requests are taken to indicate that the mobile
   node did not receive the previous registration reply, and initiated
   its registration request retransmission algorithm.  The registration
   reply status code indicates success; the lifetime in the new reply
   may be decreased by the amount of time elapsed between the two
   registration requests.

   When a registration request is invalid, a registration reply is
   sent with the appropriate error code.  This reply will be used by
   a foreign agent to clear its pending request list, if a foreign
   agent was involved in relaying the registration request.  If the
   request was invalid because of the use of an unexpected value in the
   identification field of the registration request, the home agent
   SHOULD use the high-order bits of the current identification to
   provide a new identification value for the mobile node.  In this
   case, the home agent MAY report an authentication exception to
   its network management support software.  The registration reply
   status code is 19.  If the registration request was invalid because
   of an invalid authenticator value, the home agent MUST issue an
   authentication exception.  The registration reply status code is
   again 19.

   A mobile node requests termination of service by indicating a
   lifetime of zero.  If the Code field set to 1, the home agent removes
   the mobility binding for that care-of address from its forwarding
   list.  Otherwise, if the Code field is set to 0, the home agent
   removes the mobility bindings for all foreign agents associated
   with that mobile node from its forwarding list.  On termination, no
   special reply is sent to additional associated foreign agents.  The
   entries in their visitor lists are allowed to expire naturally.


8.3. Simultaneous Registrations

   When a home agent supports the optional capability of multiple
   simultaneous registrations, any datagrams forwarded are simply
   duplicated, and a copy is sent to each care-of address.  If the home
   agent is unable to fulfill requests for simultaneous registrations,
   it returns the appropriate status in the registration reply
   (subsection 3.3) to the mobile node.  When the mobile node makes
   future registration requests, it will then be able to determine
   whether it can expect simultaneous service at two care-of addresses.




Perkins, editor              Expires 4 July 1995               [Page 31]


Internet Draft            IP Mobility Support             4 January 1995


8.4. Registration Expiration

   If the lifetime for a given mobile node expires before the home
   agent has received another registration request, then the associated
   mobility binding is erased from the forwarding list.  No special
   registration reply is sent to the foreign agents.  The entries in the
   visitor lists will expire naturally, and probably at the same time.


8.5. Encapsulation

   Every home agent MUST examine all arriving traffic for home address
   of any of its mobile nodes.  When previously encapsulated datagrams
   arrive that are associated with the mobile node, the home agent
   simply alters the destination to the care-of address.  This avoids
   recursive encapsulation.  Other previously encapsulated datagrams are
   recursively encapsulated.

     DISCUSSION: More explanation would be valuable here.  Should we
                 explicitly disallow the home agent to send a packet
                 to a foreign agent which encapsulated the packet and
                 sent it to the home agent in the first place?  What
                 are all the cases?




























Perkins, editor              Expires 4 July 1995               [Page 32]


Internet Draft            IP Mobility Support             4 January 1995


9. Security Considerations

   The mobile computing environment is potentially very different from
   the ordinary computing environment.  In many cases, mobile computers
   will be connected to the network via wireless links.  Such links
   are particularly vulnerable to passive eavesdropping, active replay
   attacks, and other active attacks.


9.1. Message Authentication Codes

   Home agents and mobile nodes MUST be able to perform authentication.
   The default algorithm is keyed MD5 [21], with a key size of 128
   bits.  The default mode of operation is to both precede and follow
   the data to be hashed, by the 128-bit key; that is, MD5 is to be
   used in suffix+prefix mode.  The foreign agent SHOULD also support
   authentication using keyed MD5 and key sizes of 128 bits or greater,
   with manual key distribution.  More authentication algorithms,
   algorithm modes, key distribution methods, and key sizes MAY also be
   supported.


9.2. Tunneling to Care-of Addresses

   The registration protocol described in this document will result
   in a mobile node's traffic being tunneled to its care-of address.
   This tunneling feature could be a significant vulnerability if the
   registration were not authentic.  Such remote redirection, for
   instance as performed by the mobile registration protocol, is widely
   understood to be a security problem in the current Internet[2].
   Moreover, the Address Resolution Protocol (ARP) is not authenticated,
   and can potentially be used to steal another host's traffic.  The use
   of "Gratuitous ARP" (see Appendix A) brings with it all of the risks
   associated with the use of ARP.


9.3. Key management

   This specification requires a strong authentication mechanism (keyed
   MD5) which precludes many potential attacks based on the Mobile
   IP registration protocol.  However, because key distribution is
   difficult in the absence of a network key management protocol,
   messages with the foreign agent are not all required to be
   authenticated.  In a commercial environment it might be important
   to authenticate all messages between the foreign agent and the home
   agent, so that billing is possible, and service providers don't
   provide service to users that are not legitimate customers of that
   service provider.



Perkins, editor              Expires 4 July 1995               [Page 33]


Internet Draft            IP Mobility Support             4 January 1995


9.4. Picking good random numbers

   The strength of any authentication mechanism is dependent on
   several factors, including the innate strength of the authentication
   algorithm, the secrecy of the key used, the strength of the key used,
   and the quality of the particular implementation.  This specification
   requires implementation of keyed MD5 for authentication, but does not
   preclude the use of other authentication algorithms and modes.  For
   keyed MD5 authentication to be useful, the 128-bit key must be both
   secret (that is, known only to authorized parties) and pseudo-random.
   If nonces are used in connection with replay protection, they must
   also be selected carefully.  Eastlake, et.al. ([8]) provides more
   information on generating pseudo-random numbers.


9.5. Privacy

   Users who have sensitive data that they do not wish others to see
   should use mechanisms outside the scope of this document (such as
   encryption) to provide appropriate protection.  Users concerned about
   traffic analysis should consider appropriate use of link encryption.
   If absolute location privacy is desired, the Mobile Node can create a
   tunnel to its Home Agent.  Then, packets destined for correspondent
   hosts will appear to emanate from the Home Network, and it may be
   more difficult to pinpoint the location of the mobile node.


9.6. Replay Protection for Registration Requests

   The Identification field is used to let the home agent verify that a
   registration message has been freshly generated by the mobile node,
   not replayed by an attacker from some previous registration.  The
   exact method of using the field depends upon the mobile security
   association defined between the mobile node and home agent.  Two
   methods are described here:  using random "nonce" values (preferred),
   and another method using timestamps.

   Whatever method is used, the low order 32 bits of the identification
   MUST be copied unchanged from the registration request to the reply.
   The foreign agent uses those bits to match registration requests with
   corresponding replies.  The mobile node MUST verify that the low
   order 32 bits of any registration reply are identical to the bits it
   sent in the registration request.

   The Identification MUST NOT be the same as in an immediately
   preceding request, and SHOULD NOT repeat during the lifetime of the
   mobility security association between the mobile node and the home
   agent.



Perkins, editor              Expires 4 July 1995               [Page 34]


Internet Draft            IP Mobility Support             4 January 1995


   There is no provision for the Foreign Agent to generate
   identification values, but it can use the values supplied by the
   mobile node and the home agent.


9.6.1. Replay Protection using Nonces

   The basic principle of nonce replay protection is that Node A
   includes a new random number in every message to node B, and checks
   that Node B returns that same number in its next message to node
   A. Both messages use a cryptographic checksum to protect against
   alteration by an attacker.  At the same time Node B can send its own
   nonces in all messages to Node A (to be echoed by node A), so that it
   too can verify that it is receiving fresh messages.

   The home agent may be expected to have resources for computing
   pseudo-random numbers useful as nonces[8].  It inserts a new
   nonce as the high-order 32 bits of the identification field of
   every registration reply.  The home agent copies the low-order
   (trailing) 32 bits of the Identification from the registration
   request message.  When the mobile node receives an authenticated
   registration reply from the home agent, it saves the high order 32
   bits of the identification for use as the high-order 32 bits of its
   next registration request.

   The mobile node is responsible for generating the low order 32
   bits of the Identification in each registration request.  Ideally
   it should generate its own random nonces.  However it may use any
   expedient method, including duplication of the random value sent by
   the home agent.  The method chosen is of concern only to the mobile
   node, because it is the node that checks for valid values in the
   registration reply.  The high-order and low-order 32 bits of the
   identification chosen SHOULD both differ from their previous values.
   The home agent needs a new high order value; both foreign agent and
   mobile node need a new low order value.

   If a registration message is rejected because of an invalid nonce,
   the reply always provides the mobile node with a new nonce to
   be used in the next registration.  Thus the nonce protocol is
   self-synchronizing.

     DISCUSSION: The use of nonces for replay protection may
     depend partially on the resolution of a patent issue.  A
     mobile node and its home agent must agree on the use of
     replay protection, because if a home agent expects only a
     nonce, it is unlikely to accept the mobile node's time value.





Perkins, editor              Expires 4 July 1995               [Page 35]


Internet Draft            IP Mobility Support             4 January 1995


9.6.2. Replay Protection using Timestamps

   The basic principle of timestamp replay protection is that the node
   generating a message inserts the current time of day, and the node
   receiving the message checks that this timestamp is sufficiently
   close to its own time of day.  Obviously the two nodes must have
   adequately synchronized time of day clocks.  As usual all messages
   are protected against tampering by a cryptographic checksum.

   If timestamps are used, the mobile node sets the Identification
   field to a 64-bit value formatted as specified by the Network Time
   Protocol [15].  The low-order 32 bits of the NTP format represent
   fractional seconds, and those bits which are not available from a
   time source SHOULD be generated from a good source of randomness.

   If the timestamp in an authenticated registration request is close
   enough to the home agent's time of day, the home agent copies the
   entire Identification into the registration reply.  If the timestamp
   is unacceptable, the home agent copies only the low order 32 bits
   into the registration reply, and supplies the high order 32 bits
   from its own time of day.  The error code in the registration reply
   indicates an identification mismatch.  The mobile node MUST verify
   that the low order 32 bits of the identification in the registration
   reply are identical to those in the rejected registration attempt,
   before using the high order bits for clock resynchronization.  Time
   tolerances and resynchronization details are specific to a particular
   mobile security association.


10. Acknowledgements

   Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp
   and John Ioannidis (Columbia), for forming the working group,
   chairing it, and putting so much effort into its early development.

   Thanks also to Greg Minshall for his contributions to the group while
   performing the duties of chairperson.














Perkins, editor              Expires 4 July 1995               [Page 36]


Internet Draft            IP Mobility Support             4 January 1995


   Thanks to the active members of the Mobile-IP working group,
   particularly those who contributed text, including (in alphabetical
   order)

    - Ran Atkinson (Naval Research Lab),
    - Dave Johnson (Carnegie Mellon University),
    - Andrew Myles (Macquarie University),
    - John Penners (US West),
    - Al Quirt (Bell Northern Research),
    - Yakov Rekhter (IBM), and
    - Fumio Teraoka (Sony).

   Thanks to Charlie Kunzinger, the editor who produced the first drafts
   for the Working Group, and to Bill Simpson, who has produced a lot
   of the text of this draft, reflecting the discussions of the Working
   Group.

   Thanks to Greg Minshall (Novell) and Phil Karn (Qualcomm) for their
   generous support in hosting interim Working Group meetings.


A. Gratuitous and Proxy ARP

   Many people will use their computers for extended periods of time
   on a single link, whether or not it is at their home network.  When
   doing so, they will expect the same level of service from their
   infrastructure as they receive today on the home network.

   Mobile nodes do not need a separate "virtual" IP address block; this
   would require a small network to have an extra router between the
   mobile and non-mobile nodes, which is an unacceptable expense.

   This section details the special care to be taken when using ARP [17]
   with nodes on the same link as a mobile node.

   A problem can arise if a mobile node which has previously answered an
   ARP Request moves away from the link, leaving behind a stale entry in
   another node's ARP cache.  For example, if a router which forwards
   datagrams into the home network has a stale ARP cache entry for the
   mobile node, any datagrams arriving through that router for the
   mobile node will be lost.  Thus, it is important that ARP caches of
   nodes populating the link be updated as soon as possible.

   A gratuitous ARP is an ARP Reply that is broadcast to all nodes
   on a link, but not in response to any ARP Request.  When an ARP
   Reply is broadcast, all hosts are required to update their local
   ARP caches, whether or not the ARP Reply was in response to an ARP
   Request they had issued.  With gratuitous ARP, the source IP address



Perkins, editor              Expires 4 July 1995               [Page 37]


Internet Draft            IP Mobility Support             4 January 1995


   is the home address of the mobile node, the MAC address is the source
   link-layer address for the interface used, the target IP address is
   the all-systems multicast address, and the target link-layer address
   is the general broadcast address.

   When there is a physical link which corresponds to the home network,
   a gratuitous ARP is issued by the home agent on behalf of a mobile
   node whenever the home agent receives a valid registration.  That
   should cause the remaining nodes to associate the home address of the
   mobile node with the link-layer address of the home agent which is
   now serving the mobile node.

   While the mobile node is away from its home network, the home agent
   performs proxy ARP Replies for the mobile node.  When a mobile node
   returns to its home network, it SHOULD issue a gratuitous ARP on its
   own behalf, immediately before sending its deregistration request to
   the home agent.

   Although the gratuitous ARP can be lost, this is not different from
   the usual ARP Reply problems, which are outside the scope of this
   document.  A home agent may repeat the gratuitous ARP a small number
   of times.


B. Link-Layer considerations

   The mobile node primarily uses link-layer mechanisms to decide that
   its point of attachment has changed.  Such indications include
   the Down/Testing/Up interface status [13], and changes in cell or
   administration.  The mechanisms will be specific to the particular
   link-layer technology, and are outside the scope of this document.


B.1. Point-to-Point Link-Layers

   The Point-to-Point-Protocol (PPP) [22] and its Internet Protocol
   Control Protocol (IPCP) [14], negotiates the use of IP addresses.

   The mobile node SHOULD first attempt to specify its home address.
   This allows an unrouted link to function correctly.

   When the home address is not accepted by the peer, but a transient
   IP address is dynamically assigned, that address MAY be used as the
   care-of address for registration.  When the peer specifies its own IP
   address, that address MUST NOT be assumed to be the care-of address
   of a foreign agent or the IP address of a home agent.





Perkins, editor              Expires 4 July 1995               [Page 38]


Internet Draft            IP Mobility Support             4 January 1995


   When router advertisements are received which contain the Mobility
   Extension, registration with the agent SHOULD take place as usual.
   If the link is bandwidth limited, this method is preferred over use
   of the transient care-of address.  The encapsulation will be removed
   by the peer, allowing header compression techniques to function
   correctly [11].


B.2. Multi-Point Link-Layers

   Another link establishment protocol, IEEE 802.11 [6], might yield the
   link address of an agent.  This link-layer address SHOULD be used to
   attempt registration.

   The receipt of a router advertisement supersedes the link-layer
   address, and a new registration MUST occur.


C. TCP Considerations

C.1. TCP Timers

   Most hosts and routers which implement TCP/IP do not permit easy
   configuration of the TCP timer values.  When high-delay (e.g.
   SATCOM) or low-bandwidth (e.g.  High-Frequency Radio) links are
   in use, the default TCP timer values in many systems will cause
   retransmissions or timeouts when the link and network is actually
   operating properly, though with greater than usual delays because
   of the medium in use.  This can cause an inability to create or
   maintain connections over such links, and can also cause unneeded
   retransmissions which consume already scarce bandwidth.  Vendors are
   encouraged to make TCP timers more configurable.  Vendors of systems
   designed for the mobile computing markets should pick default timer
   values more suited to low-bandwidth, high-delay links.  Users of
   mobile nodes should be sensitive to the possibility of timer-related
   difficulties.


C.2. TCP Congestion Management

   Mobility nodes are likely to use media which have low bandwidth and
   are more likely to introduce errors, effectively causing more packets
   to be dropped.  This introduces a conflict with the mechanisms for
   congestion management found in modern versions of TCP. Now, when
   a packet is dropped, the correspondent's TCP implementation is
   likely to react as if there were a source of network congestion,
   and initiate the slow-start mechanisms [4] designed for controlling
   that problem.  However, those mechanisms are inappropriate for



Perkins, editor              Expires 4 July 1995               [Page 39]


Internet Draft            IP Mobility Support             4 January 1995


   overcoming errors introduced by the links themselves, and have the
   effect of magnifying the discontinuity introduced by the dropped
   packet.  This problem has been analyzed by Caceres, et. al.([3]);
   there is no easy solution available, and certainly no solution likely
   to be installed soon on all correspondents.  While this problem has
   nothing to do with any of the specifications in this document, it
   does illustrate that providing performance transparency to mobile
   nodes involves understanding mechanisms outside the network layer.
   It also indicates the need to avoid designs which systematically drop
   packets; such designs might otherwise be considered favorably when
   making engineering tradeoffs.


D. Tunnel Management

   It is possible that one of the routers along the tunnel interior
   might encounter an error while processing the datagram, causing it
   to return an IP ICMP error message to the source end of the tunnel.
   ICMP errors that can occur in this circumstance are:

    - Datagram Too Big
    - Time Exceeded
    - Destination Unreachable

   Unfortunately, ICMP only requires IP routers to return 8 bytes (64
   bits) of the datagram beyond the IP header.  This is not enough to
   include the encapsulated header, so it is not generally possible
   for the home agent to immediately reflect the ICMP message from the
   interior of a tunnel back to the source host.

   However, by carefully maintaining "soft state" about its tunnels,
   the encapsulating router can return accurate ICMP messages in most
   cases.  The router SHOULD maintain at least the following soft state
   information about each tunnel:

    - MTU of the tunnel
    - TTL (path length) of the tunnel
    - Reachability of the end of the tunnel

   The router uses the ICMP messages it receives from the interior of a
   tunnel to update the soft state information for that tunnel.  When
   subsequent datagrams arrive that would transit the tunnel, the router
   checks the soft state for the tunnel.  If the datagram would violate
   the state of the tunnel (such as, the TTL is less than the tunnel
   TTL) the router sends an ICMP error message back to the source, but
   also forwards the datagram into the tunnel.





Perkins, editor              Expires 4 July 1995               [Page 40]


Internet Draft            IP Mobility Support             4 January 1995


   Using this technique, the ICMP error messages sent by encapsulating
   routers will not always match up one-to-one with errors encountered
   within the tunnel, but they will accurately reflect the state of the
   network.

   The Don't Fragment bit is always set within the tunnel.  This enables
   the proper MTU of the tunnel to be determined.  Fragmentation which
   occurs because of the size of the encapsulation header is done before
   encapsulation, preventing more than one layer of fragmentation in a
   single datagram.

          DISCUSSION: Would anyone like to provide more explanation?
                      Or, should we just delete most of it
                      and be satisfied with a reference in the
                      section about Home Agent Considerations?

   Tunnel soft state was originally developed for the IP address
   encapsulation (IPAE) specification [9].


References

    [1] R. Atkinson.  SIPP Authentication Header.  Internet Draft --
        work in progress, April 1994.

    [2] S.M. Bellovin.  Security Problems in the TCP/IP Protocol Suite.
        ACM Computer Communications Review, 19(2), March 1989.

    [3] Ramon Caceres and Liviu Iftode.  The Effects of Mobility on
        Reliable Transport Protocols.  In Proceedings of the 14th
        International Conference on Distributed Computing Systems, June
        1994.

    [4] Douglas E. Comer.  Internetworking with TCP/IP, volume 1.
        Prentice Hall, 1991.

    [5] S. Deering.  Router Discovery.  RFC 1256, September 1991.

    [6] Wim Diepstraten, Greg Ennis, and Phil Belanger.  DFWMAC -
        Distributed Foundation Wireless Medium Access Control.  IEEE
        Document P802.11-93/190, Nov 1993.

    [7] R. Droms.  Dynamic Host Configuration Protocol.  RFC 1541,
        October 1993.

    [8] D.E. Eastlake, S.D. Crocker, and J.I. Schiller.  Randomness
        Requirements for Security.  RFC 1750, December 1994.




Perkins, editor              Expires 4 July 1995               [Page 41]


Internet Draft            IP Mobility Support             4 January 1995


    [9] R. Gilligan, E. Nordmark, and B. Hinden.  IPAE: The SIPP
        Interoperability and Transition Mechanism.  Internet Draft --
        work in progress, March 1994.

   [10] S. Hanks, T. Li, D. Farinacci, and P. Traina.  Generic routing
        encapsulation (gre).  draft-hanks-gre-00.txt -- work in
        progress, October 1994.

   [11] V. Jacobson.  Compressing TCP/IP Headers for Low-Speed Serial
        Links.  RFC 1144, February 1990.

   [12] J. Kohl and C. Newman.  The Kerberos Network Authentication
        Service (V5).  RFC 1510, September 1993.

   [13] K. McCloghrie and F. Kastenholz.  Evolution of the Interfaces
        Group MIP-II.  RFC 1573, January 1994.

   [14] G. McGregor.  The PPP Internet Procotol Control Protocol (IPCP).
        RFC 1332, May 1992.

   [15] D. Mills.  Network Time Protocol (Version 3).  RFC 1305, March
        1992.

   [16] National Bureau of Standards.  Data Encryption Standard.
        Federal Information Processing Standards, 1977.

   [17] D. Plummer.  An Ethernet Address Resolution Protocol.  RFC 826,
        November 1982.

   [18] J. Postel.  User Datagram Protocol.  RFC 768, August 1980.

   [19] J. Postel.  Internet Protocol.  RFC 791, September 1981.

   [20] J. Reynolds and J. Postel.  Assigned Numbers.  RFC 1700, October
        1994.

   [21] R. Rivest.  The MD5 Message-Digest Algorithm.  RFC 1321, April
        1992.

   [22] W. Simpson (Editor).  The Point-to-Point Protocol (PPP).  RFC
        1661, July 1994.










Perkins, editor              Expires 4 July 1995               [Page 42]


Internet Draft            IP Mobility Support             4 January 1995


Chair's Addresses

   The working group can be contacted via the current chairs:

          Kannan Alagappan                  Tony Li
          EMC Corporation                   170 W. Tasman Dr.
          171 South Street                  San Jose CA 95134
          Hopkinton, MA  01748

          Work:   +1 508 4351000            Work:   +1 408 5268186
          E-mail: kannan@emc.com            E-mail: tli@cisco.com


Editor's Address

   Questions about this memo can also be directed to:

          Charles Perkins
          Room J1-A25
          T. J. Watson Research Center
          IBM Corporation
          30 Saw Mill River Rd.
          Hawthorne, NY  10532

          Work:  +1 914 7847350
          Fax:   +1 914 7847007
          E-mail: perk@watson.ibm.com
























Perkins, editor              Expires 4 July 1995               [Page 43]


Html markup produced by rfcmarkup 1.129d, available from https://tools.ietf.org/tools/rfcmarkup/