mip6d (5) - Linux Manuals

mip6d: MIPL Mobile IPv6 Configuration file

NAME

mip6d.conf - MIPL Mobile IPv6 Configuration file

SYNOPSIS

/etc/mip6d.conf

DESCRIPTION

MIPL Mobile IPv6 daemon's configuration file Below is a list of currently supported configuration options. All configuration lines are terminated with a semicolon. Sub-sections are enclosed in '{' and '}'. Strings are quoted with double quotes.

COMMON OPTIONS

The file contains the following common definitions:

NodeConfig CN | HA | MN;

Indicates if the daemon should run in Correspondent Node, Home Agent or Mobile Node mode.

Default: CN

DebugLevel number;

Indicates the debug level of the daemon. If the value is greater than zero, the daemon will not detach from tty (i.e. debug messages will be printed on the controlling tty).

Default: 0

DoRouteOptimizationCN boolean;

Indicates if a node should participate in route optimization with a Mobile Node.

Default: enabled

NonVolatileBindingCache boolean;

This option is currently ignored. Binding cache is always stored in volatile memory, and is not retained between shutdown and startup.

OPTIONS COMMON TO HOME AGENT AND MOBILE NODE

These options are used both in the Home Agent and Mobile Node:
Interface name;
Interface name { MnIfPreference number; IfType CN | HA | MN; }


Specifies an interface and options associated with it. If no options are present, Interface can be terminated with semi-colon. This is used for home agent to specify which interfaces are used for HA operation. For the home agent to function properly, a Router Advertisement daemon (e.g. radvd) must broadcast advertisements with the Home Agent bit and Home Agent Information Option set on these interfaces. This option is also used by multihomed Mobile Nodes to define which interfaces are used by it.

MnIfPreference sets the interface preference value for an interface in a multi-homed Mobile Node. The most preferred intefaces have preference 1, the second most preferred have 2, etc. A preference of zero means the interface will not be used.

Default: 5

IfType overrides the default node behavior for this interface. If a MN doesn't wish to use this inteface for mobility, or a node doesn't act as HA on this interface, the interface type should be set to CN.

Default: same as NodeConfig

UseMnHaIPsec boolean;

Indicates if the MN-HA MIPv6 signalling should be protected with IPsec.

Default: enabled

KeyMngMobCapability boolean;

If dynamic keying with MIPv6-aware IKE is used, this options should be enabled. It turns on the K-bit for binding updates and binding acknowledgements.

Default: disabled

IPsecPolicySet { HomeAgentAddress address; HomeAddress address/length; IPsecPolicy ... ... }


IPsecPolicySet is a set of policies to apply for matching packets. A policy set can contain multiple HomeAddress options, but only one HomeAgentAddress option. For home agent, home agent address field contains its own address, and home address fields may contain any number of mobile nodes for which the same policy applies.

IPsecPolicy has the following format:

IPsecPolicy type UseESPnumber number;

Field type can be one of HomeRegBinding, Mh, MobPfxDisc, ICMP, any, TunnelMh, TunnelHomeTesting, or TunnelPayload. The any option protects all transport mode communication between the MN and HA. Currently only the ESP IPsec protocol is supported, but in the future AH and IPComp might also be available. The two remaining numeric fields are the IPsec reqid values, the first one used for MN - HA, the second one for HA - MN communication. If just one value is defined, the same reqid will be used in both directions. If no reqid is given, reqid will not be used.

If more that one IPsec transport mode or tunnel mode policy is defined between the MN and HA in each direction, reqid can be used to provide an unambiguous one-to-one mapping between IPsec policies and SAs. Otherwise the policies will just share a common SA.

HOME AGENT SPECIFIC OPTIONS

The following definitions are ignored unless the node is configured as a HA:

HaMaxBindingLife number;

Limits the maximum lifetime (in seconds) for Mobile Node home registrations.

Default: 262140

SendMobPfxAdvs boolean;

Controls whether home agent sends Mobile Prefix Advertisements to mobile nodes in foreign networks.

SendUnsolMobPfxAdvs boolean;

Controls whether home agent send unsolicited Mobile Prefix Advertisements to mobile nodes in foreign networks.

MinMobPfxAdvInterval number;

Sets a minimum interval (in seconds) for Mobile Prefix Advertisements.

Default: 600

MaxMobPfxAdvInterval number;

Sets a maximum interval (in seconds) for Mobile Prefix Advertisements.

Default: 86400

BindingAclPolicy address allow | deny

Defines if a MN is allowed to register with the HA or not. The MN home address of the MN is given in the address field."

DefaultBindingAclPolicy allow | deny

Defines the default policy if no matching BindingAclPolicy entry is found for a MN.

Default: allow

MOBILE NODE SPECIFIC OPTIONS

The following definitions are ignored unless the node is configured as a MN:

MnMaxHaBindingLife number;

Limits the maximum lifetime (in seconds) for Mobile Node home registrations.

Default: 262140

MnMaxCnBindingLife number;

Limits the maximum lifetime (in seconds) for Mobile Node Correspondent Node registrations.

Default: 420

MnDiscardHaParamProb boolean;

Toggles if the Mobile Node should discard ICMPv6 Parameter Problem messages from its Home Agent. As the ICMPv6 error messages won't normally be protected by IPsec, a malicious third party can quite easily impersonate the HA to the MN. Having the MN accept these messages therefore leaves it open to Denial of Service attacks, even though its home registration signalling is protected by IPsec.

Default: disabled

SendMobPfxSols boolean;

Controls whether mobile node sends Mobile Prefix Solicitations to the home network.

DoRouteOptimizationMN boolean;

Indicates if the Mobile Node should initialize route optimization with Corresponent Nodes.

Default: enabled

MnUseAllInterfaces enabled | disabled

Indicates if all interfaces should be used for mobility. The preference of these interfaces is always 1. Unless you use dynamically created and named network interfaces you should normally disable this option and use Interface options to explicitly list the used interfaces.

Default: disabled

UseCnBuAck boolean;

Indicates if the Acknowledge bit should be set in Binding Updates sent to Corresponent Nodes.

Default: disabled

MnRouterProbes number;

Indicates how many times the MN should send Neighbor Unreachability Detection probes to its old router after receiving a Router Advertisement from a new one. If the option is set to zero, the MN will move to the new router straight away.

Default: 0

MnRouterProbeTimeout decimal;

Indicates how long (in seconds) the MN should wait for a reply during a access router Neighbor Unreachability Detection probe. If set, it overrides any default Neighbor Solicitation Retransmit Timer value greater than MnRouterProbeTimeout. For example, if the interface Retransmit Timer is 1 second, but MnRouterProbeTimeout is just 0.2 seconds, the MN will only wait 0.2 seconds for a Neighbor Advertisement before proceeding with the handoff.

Default: 0

OptimisticHandoff enabled | disabled

When a Mobile Node sends a Binding Update to the Home Agent, no Route Optimized or reverse tunneled traffic is sent until a Binding Acknowledgement is received. When enabled, this option allows the Mobile Node to assume that the binding was successful right after the BU has been sent, and does not wait for a positive acknowledgement before using RO or reverse tunneling.

Default: disabled;

MnHomeLink name { HomeAddress address/length; HomeAgentAddress address; MnRoPolicy ... ... }


Each MnHomeLink definition has a name. This is the name (enclosed in double quotes) of the interface used for connecting to the physical home link. To set up multiple Home Addresses on the Mobile Node, you need to define multiple MnHomeLink structures. The interface names don't have to be unique in these definitions. All the home link specific definitions are detailed below:

HomeAddress address/length;

Address is an IPv6 address, and length the prefix length of the address, usually 64. This option must be included in a home link definition.

HomeAgentAddress address;

Address is the IPv6 address of the Mobile Node's Home Agent. DHAAD is used if it is the unspecified address ::.

Default: ::

The route optimization policies are of the form:

MnRoPolicy address boolean;

Any number of these policies may be defined. If no policies are defined default behavior depends on the DoRouteOptimizationMN option.

The fields for a route optimization policy entry are as follows: address defines the Correspondent Node this policy applies to, if left undefined the uspecified address is used as a wildcard value boolean sets route optimization either enabled or disabled for packets matching this entry.

EXAMPLES

A Correspondent Node example:

NodeConfig CN;

DoRouteOptimizationCN enabled;

A Home Agent example:

NodeConfig HA;

Interface "eth0";
Interface "eth1";

UseMnHaIPsec enabled;

IPsecPolicySet {
        HomeAgentAddress 3ffe:2620:6:1::1;

        HomeAddress 3ffe:2620:6:1::1234/64;
        HomeAddress 3ffe:2620:6:1::1235/64;

        IPsecPolicy HomeRegBinding UseESP;
        IPsecPolicy TunnelMh UseESP;
}

A Mobile Node example:

NodeConfig MN;

DoRouteOptimizationCN enabled;

DoRouteOptimizationMN enabled;

UseCnBuAck enabled;

MnHomeLink "eth0" {
        HomeAgentAddress 3ffe:2620:6:1::1;
        HomeAddress 3ffe:2620:6:1::1234/64;

        #                       address                 opt.
        #MnRoPolicy     3ffe:2060:6:1::3        enabled;
        #MnRoPolicy                                     disabled;
}

UseMnHaIPsec enabled;

IPsecPolicySet {
        HomeAgentAddress 3ffe:2620:6:1::1;
        HomeAddress 3ffe:2620:6:1::1234/64;

        IPsecPolicy HomeRegBinding UseESP;
        IPsecPolicy TunnelMh UseESP;
}

SEE ALSO

mip6d(1), mipv6(7),

RFC3775: Mobility Support in IPv6,

RFC3776: Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents