IP Address Management
The Steel-Belted Radius Carrier Code Division Multiple Access (CDMA) mobility module meets the AAA service requirements of CDMA wireless operators who are transitioning to next-generation 3G/Mobile IP-based networks. Within a wired network, Steel-Belted Radius Carrier performs authentication, authorization, and accounting (AAA) of fixed data connections. With the CDMA mobility module, Steel-Belted Radius Carrier performs these tasks on mobile connections within a wireless network, where users can physically move from place to place while maintaining their connection to the network.
When a mobile node requests access to the Internet, the Packet Data Serving Node (PDSN) sends an authentication request to the Steel-Belted Radius Carrier server. A PDSN provides access to the Internet, intranets, and Wireless Application Protocol servers for mobile nodes utilizing a CDMA2000 Radio Access Network (RAN). The AAA server verifies the user's credentials, and sends an Access-Accept message along with information about how to configure the connection to the PDSN, which then routes the user onto the Internet.
In such a wireless network, the user's mobile node is provided with a durable IP address that persists, even as point-to-point radio connections are made and broken as the user moves from cell-to-cell in the wireless provider's network and across multiple networks.
A wireless operator can offer the following two levels of IP address management:
- Simple IP (SIP)
- Mobile IP (MIP)
NOTE: For more information about IP address management, see Home Address Assignment Process446.
Simple IP
Simple IP provides a low level of IP address mobility. Simple IP requires that mobile users remain associated with the same PDSN for mobile nodes to retain the same IP address. As long as the user moves among the cells associated with the PDSN, the PDSN keeps track of the mobile node and assigns it the same IP address each time that it reconnects through a new cell. Simple IP is similar to IP addressing in a wired connection, where one address maps to one connection.
Simple IP guarantees IP address mobility only within a restricted geographic coverage area, and only within the network of a single provider. If the user moves to an area handled by a different PDSN, the previous connection is terminated, another connection is established, and a new IP address is assigned.
Simple IP allows wireless providers to support subscribers using older handsets that do not support Mobile IP, and also might be a lower-cost option offered by wireless providers.
Mobile IP
Mobile IP (MIP) provides a higher level of mobility than Simple IP. With Mobile IP, a subscriber is issued a single IP address for the duration of the session regardless of where they move on the network. The subscriber may roam to another provider's network if a roaming agreement exists, and the subscriber moves outside of the geographic area of the home network.
When Mobile IP is used, the user's wireless provider maintains a home agent through which all the user's traffic is routed. The user's mobile node connects to the network through an PDSN, which functions as a foreign agent.
The foreign agent contacts the home agent on behalf of the user. The home agent is able to make the user's IP address appear constant to any party with which the user is in contact by simply routing the mobile node's traffic to the foreign agent at the user's current geographical position. The Steel-Belted Radius Carrier server plays a central role in supporting a Mobile IP infrastructure by coordinating communication between home agents and foreign agents, and by controlling the potential security association between these devices.
IP Address Durability in Roaming Scenarios
Roaming occurs when one provider's subscriber connects through another provider's network. Roaming can occur for both Simple IP and Mobile IP.
When the mobile node requests access to the network from a roaming partner, the PDSN sends an authentication request to its local Steel-Belted Radius Carrier server, which proxies (forwards) it to the home AAA server on the subscriber's provider network. That Steel-Belted Radius Carrier server verifies the user's credentials and sends an Access-Accept message along with information about how to configure the connection (which might include assignments for the IP address and home agent address), enabling the PDSN to route the user onto the network.
With Simple IP, when a mobile node crosses from one provider network to another, its old AAA session is closed, a new one is established through the new PDSN, and the user is issued a new IP address (assuming the RADIUS server is in charge of assigning IP addresses).
With Mobile IP, when the mobile node requests access to the Internet from a roaming partner, the process is similar to the Simple IP process. The main difference is that there is an additional, intermediate local server that proxies requests to the partner network. The Foreign Authentication, Authorization, and Accounting server (FAAA) proxies (forwards) the PDSN's request to the appropriate Home Authentication, Authorization, and Accounting server (HAAA) at the user's home provider network. The FAAA determines the correct HAAA to connect to based on username decoration or other available information.
The Mobile IP session that requires roaming is set up similar to the non-roaming case, except that a tunnel is provided between the PDSN in the partner network and the home agent in the provider network. The HAAA is responsible for any security association between the foreign agent and home agent. The tunnel hides the fact that the user is mobile and enables the user to access the network through the appropriate home agent.
|
NOTE: A Steel-Belted Radius Carrier server without the CDMA mobility module can act as a FAAA server. HAAA functionality requires Steel-Belted Radius Carrier to have the CDMA mobility module enabled. |
Support for Special Accounting Requests
The 3GPP2 specification enables a PDSN to generate multiple accounting start/stop pairs for a given session (for Simple IP and Mobile IP sessions). A PDSN that sends an Accounting-Stop message with a 3GPP2-Session-Continue attribute value of 1, instructs the AAA server not to delete the session. When Steel-Belted Radius Carrier receives such a request, the CDMA mobility module marks the session as dormant and does not free any of its allocated resources (such as the IP address).
This type of Accounting-Stop message is typically followed by an Accounting-Start that marks the session as active again.
A PDSN that sends an Accounting-Stop message with a 3GPP2-Session-Continue attribute value of 0, instructs the AAA server to delete the session. You can create a new session for a different PDSN. For example, a transfer to a different PDSN typically occurs in the case of inter-PDSN handoff as explained in Inter-PDSN Handoff.
