Problems I've found with Mobile IP


All the problems I've found during the implementation of Mobile IP are based on the case when the Mobile Node is away from home. I'll try to explain them as precise as I can but without digging too much into details.

  1. Once the Mobile Node is on a foreign network and registered with both foreign agent and home agent, if it wants to communicate with machines which are connected to its home network, it could use small TTL values (Time To Live). If that occurs, and the Mobile Node/Foreign Agent does not encapsulate packets (i.e. using Bi-tunneling), and the number of routers between its current network and its home network is high, those packets will not arrive to its home network.

  2. This could be solved using Bi-Tunneling or if the Mobile Node is aware of its nature (Mobility awareness?) 

  3. The Mobile IP RFC reads that the Mobile Node can use the local router on the foreign network as a default router. One of the problems about that is that the Mobile Node is not capable of obtaining router's MAC address (because it is not able of ARP'ing). Therefore, the Mobile Node just can communicate as default router with the Foreign Agent. That's the reason I've decided not to include IP addresses of any router in the agent advertisements.

  4. The Foreign Agent, when the Mobile Node is on the foreign network, of course, cannot communicate with the Mobile Node because:

  5. The packets will be delivered to the Home Agent and the source address will be Foreign Agent's source address. When the home Agent receives the packet it will encapsulate it. The new IP header will have the destination address of the Foreign Agent. But the RFC specifies that the Home? Agent must discard packets where the outer destination address is equal to the inner source address in order to avoid loops. 

  6. Most of the actual routers installed in the Internet are trying to avoid estranges doing some IP filtering (in some sense, the routers are becoming a firewall) in order to eliminate IP spoofing.

  7. The idea behind this attack is the forgery of source IP addresses. Some programs (less and less often) base authentication on the source IP address of packets they receive. Therefore, if a external machine to an organization fakes its IP address could get unauthorised access to machines on that organization (even if they cannot get any answer back).
    Therefore, those routers filter the incoming packets of the external connection. If the packets which arrive from the external connection to the organization, have the IP address of any internal machine, they drop them.
    With this scenario, Mobile Nodes cannot communicate with its home network when away from home (apart from the registration mechanism).

Last updated: 25/4/97. Manuel Rodríguez