Mobile ethernet
First Claim
1. A method for inter subnet mobility on a campus network comprising a plurality of Ethernet subnets inter-connected by Internet Protocol routers, comprising:
- logically binding mobile nodes, each having an 802 Media Access Control Address, to a single home subnet by associating the 802 Media Access Control address of each of the mobile nodes with the single home subnet as home subnet bindings;
storing the home subnet bindings in a central context manager wherein the home subnet bindings are accessible throughout the campus network by a home agent and a foreign agent;
maintaining mobility bindings for a first mobile node by the home agent on the home subnet wherein the mobility bindings include an 802 Media Access Control Address of the first mobile node;
dynamically establishing a dynamic shared secret key between the foreign agent and the home agent when the first mobile node first roams to the foreign subnet;
sending a registration message when the first mobile node first roams to the foreign subnet wherein the registration message includes the 802 Media Access Control address of the first mobile node;
sending an Internet Protocol address of a tunnel endpoint on the foreign subnet to the home agent for the home subnet of the first mobile node;
receiving an Ethernet frame for the first mobile node;
determining from the mobility bindings that the first mobile node is on a foreign subnet;
encapsulating the Ethernet frame with an Internet Protocol header addressed to the Internet Protocol address of the tunnel endpoint on the foreign subnet; and
securely sending the encapsulated Ethernet frame using the dynamic shared secret key;
wherein dynamically establishing the dynamic shared secret key further comprises;
authenticating the foreign agent and the home agent with a common context manager;
establishing a separate secret key between the foreign agent and the home agent and the common context manager;
issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and
establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A Mobile Ethernet Protocol that is used to logically extend a “home VLAN”, through an Ethernet/IP “campus network”, to mobile nodes on “foreign subnets”. The network architecture used for Mobile Ethernet is hierarchical and includes a Subnet Context Manager per subnet and a central Campus Context Manager. The protocol is generally based on the standard Mobile IPv4 protocol, but includes significant extensions to standard Mobile IP including using an 802 address as the permanent MN identifier, rather than an IP address, encapsulating and sending Ethernet frames through IP tunnels, and configuring a single Mobile Ethernet HA to provide access to multiple home VLANs wherein Home VLAN bindings for MNs are dynamically established. A MN does not need to be configured with a permanent IP address.
28 Citations
57 Claims
-
1. A method for inter subnet mobility on a campus network comprising a plurality of Ethernet subnets inter-connected by Internet Protocol routers, comprising:
-
logically binding mobile nodes, each having an 802 Media Access Control Address, to a single home subnet by associating the 802 Media Access Control address of each of the mobile nodes with the single home subnet as home subnet bindings; storing the home subnet bindings in a central context manager wherein the home subnet bindings are accessible throughout the campus network by a home agent and a foreign agent; maintaining mobility bindings for a first mobile node by the home agent on the home subnet wherein the mobility bindings include an 802 Media Access Control Address of the first mobile node; dynamically establishing a dynamic shared secret key between the foreign agent and the home agent when the first mobile node first roams to the foreign subnet; sending a registration message when the first mobile node first roams to the foreign subnet wherein the registration message includes the 802 Media Access Control address of the first mobile node; sending an Internet Protocol address of a tunnel endpoint on the foreign subnet to the home agent for the home subnet of the first mobile node; receiving an Ethernet frame for the first mobile node; determining from the mobility bindings that the first mobile node is on a foreign subnet; encapsulating the Ethernet frame with an Internet Protocol header addressed to the Internet Protocol address of the tunnel endpoint on the foreign subnet; and securely sending the encapsulated Ethernet frame using the dynamic shared secret key; wherein dynamically establishing the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
-
40. A method for inter subnet mobility on a campus network comprising a plurality of Ethernet subnets inter-connected by Internet Protocol routers, the method comprising:
-
logically binding a mobile node with an 802 Media Access Control Address to a single home subnet by the mobile node'"'"'s 802 Media Access Control address; storing home subnet bindings in a central context manager wherein the home subnet bindings are accessible throughout the network and indexing by 802 Media Access Control addresses by a home agent and a foreign agent; maintaining mobility bindings for a mobile node by a home agent on a home subnet wherein the mobility bindings comprise a mobile node'"'"'s 802 Media Access Control address and an Internet Protocol Address of a tunnel endpoint on a foreign subnet where the mobile node is currently located; dynamically establishing a dynamic shared secret key between the foreign agent and the home agent when the mobile node first roams to the foreign subnet; sending a registration message when the mobile node first roams to the foreign subnet; wherein the registration message comprises the 802 Media Access Control address of the mobile node and an Internet Protocol address of a tunnel endpoint on the foreign subnet is sent to the home agent for the mobile node'"'"'s home subnet; maintaining mobility bindings for a visiting mobile node by a foreign agent on a foreign subnet, wherein the mobility bindings for a visiting node comprises an Internet Protocol address of the home agent on the mobile node'"'"'s home subnet; intercepting 802 frames transmitted by at least one of the group consisting of a correspondent host and a router on a home subnet by the home agent; determining from the destination 802 address that the mobile node is on the foreign subnet; encapsulating the intercepted frames with an Internet Protocol encapsulation header having an Internet Protocol destination address by the home agent, wherein the Internet Protocol destination address is set to the tunnel endpoint on the foreign subnet via normal Internet Protocol routing; redirecting 802 frames transmitted on the home subnet using standard bridge source learning by the home agent, wherein a unicast 802 address identifies the mobile node on the foreign subnet to the home agent on the mobile node'"'"'s home subnet; intercepting at least one frame that is selected from the group consisting of a unicast Internet Protocol Frame, a multicast Internet Protocol frame, and a non-Internet Protocol frame transmitted by the mobile node visiting the foreign subnet by the foreign agent; locating the mobility bindings for the mobile node using the source 802 address of the frame; encapsulating the non-Internet Protocol frame with an Internet Protocol encapsulation header having a header with a destination address, the destination address being set to the home agent on the mobile node'"'"'s home subnet; and securely forwarding the frame using the dynamic shared secret key and normal Internet Protocol routing, wherein the frame is selected from the group consisting of a unicast 802 frame and a multicast 802 frame; wherein dynamically establishing the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent.
-
-
41. A method for a home agent to extend a virtual local area network to a mobile node on a foreign subnet, the steps comprising:
-
storing mobility bindings for the mobile node on the foreign subnet wherein the mobility bindings comprise a mobile node'"'"'s 802 Media Access Control Address, the mobility bindings identifying a foreign agent on the foreign subnet; dynamically establishing a dynamic shared secret key between the foreign agent and a home agent when the mobile node first roams to the foreign subnet; receiving an Ethernet unicast frame from a co-located home agent bridge port; determining the foreign agent for the mobile node by matching the 802 Media Access Control address of the Ethernet unicast frame with the mobility bindings; encapsulating the Ethernet unicast frame with internet protocol encapsulation header that is addressed to the foreign agent, whereby an encapsulated frame is formed; and securely forwarding the encapsulated frame to the foreign agent using the dynamic shared secret key; wherein dynamically establishing the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A home agent, comprising:
-
a data storage device adapted to store mobility bindings for the mobile node on a foreign subnet wherein the mobility bindings comprise a mobile node'"'"'s 802 Media Access Control Address, the mobility bindings identifying a foreign agent on the foreign subnet; means for dynamically establishing a dynamic shared secret key between the foreign agent and a home agent when the mobile node first roams to the foreign subnet; means for receiving an Ethernet unicast frame from a co-located home agent bridge port; means for determining the foreign agent for the mobile node by matching the 802 Media Access Control address of the Ethernet unicast frame with the mobility bindings; means for encapsulating the Ethernet unicast frame with internet protocol encapsulation header addressed to the foreign agent, whereby an encapsulated frame is formed; and means for securely forwarding the encapsulated frame to the foreign agent using the dynamic shared secret key; wherein dynamically establishing the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent. - View Dependent Claims (49, 50, 51, 52, 53, 54)
-
-
55. A method for a foreign agent to extend a virtual local area network, the steps comprising:
-
automatically receiving a dynamic shared secret key between the foreign agent and a home agent dynamically generated when a mobile node first roams to a foreign subnet; receiving an encapsulated frame for the mobile node, the encapsulated frame comprising an internet protocol encapsulation header and a unicast frame; removing the internet protocol encapsulation header; adding a mobile Ethernet data-link encapsulation header having a destination Ethernet address forming an encapsulated unicast Ethernet frame; and securely forwarding the encapsulated unicast Ethernet frame to a parent access point for the mobile node using the dynamic shared secret key; wherein the destination Ethernet address is the Ethernet address of the mobile node'"'"'s parent Access Point; wherein dynamically generating the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent.
-
-
56. A foreign agent component, comprising:
-
means for establishing mobility bindings for a mobile node with the Foreign Agent and the mobile node'"'"'s parent Access Point, wherein Access Point mobility bindings include the Internet Protocol address of the mobile node'"'"'s Home Agent and the mobile node'"'"'s 802 Media Access Control Address; a data storage device adapted to store the mobility bindings; means for automatically receiving a dynamic shared secret key between the foreign agent and a home agent dynamically generated when the mobile node first roams to a foreign subnet; means for receiving a non-Internet Protocol frame from a foreign mobile node; means for determining the Internet Protocol address of the mobile node'"'"'s Home Agent for the foreign mobile node based on the 802 Media Access Control address of the mobile node from the means for establishing the mobility bindings; means for adding an Internet Protocol encapsulation header having a destination address to the non-Internet Protocol frame; and means for securely forwarding the encapsulated packet to the mobile node'"'"'s Home Agent using the dynamic shared secret key; wherein the destination address is Internet Protocol address of Home Agent; wherein dynamically generating the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent.
-
-
57. A method for a home agent to route a frame from a mobile node on a foreign agent to a home virtual local area network, comprising:
-
dynamically establishing a dynamic shared secret key between the foreign agent and a home agent when the mobile node first roams to a foreign subnet; receiving an encapsulated packet, the packet comprising an Internet Protocol header and a non-Internet Protocol frame; authenticating the encapsulated packet using the dynamic shared secret key; removing the Internet Protocol encapsulation header; forwarding the frame to a co-located Home Agent Bridge Port; determining a home Virtual Local Area Network for the source Ethernet address of the Mobile Node from its mobility bindings by the Home Agent Bridge Port; adding a Virtual Local Area Network tag by the Home Agent Bridge Port; and securely forwarding the frame onto the mobile node'"'"'s home Virtual Local Area Network using the dynamic shared secret key; wherein dynamically generating the dynamic shared secret key further comprises; authenticating the foreign agent and the home agent with a common context manager; establishing a separate secret key between the foreign agent and the home agent and the common context manager; issuing security credentials for a mobile node'"'"'s foreign agent and home agent by the common context manager; and establishing the dynamic shared secret key between the foreign agent and the home agent via the common context manager, wherein the dynamic shared secret key is used to authenticate messages exchanged by the home agent and the foreign agent.
-
Specification