1. Field of the Invention
The present invention relates to method for solving Mobile IP related filtering issues and more particularly to a method for creating filters that allow for the use of care-of-address by a mobile station and a correspondent node.
2. Description of the Related Art
In cdma2000 networks, a Packet Data Serving Node (PDSN) acts as an access node for a mobile station and creates a number of filters for active sessions associated with the mobile station. Specifically, there are two types of filters in the PDSN. The first type includes Service Based Local Policy (SBLP) filters that are set up by the network for Multimedia Messaging Service (MMS). These filters are based on the subscriber profile of the mobile station and are set up by a Policy Decision Function (PDF) associated with the PDSN. The second type includes Traffic Flow Template (TFT) that is set up by the mobile station for traffic flows. These filters provide specific flow treatment to each session between the mobile station and the PDSN. As such, the PDSN does not allow any un-authorized traffic that does not match any of the filters to be forwarded to or from the mobile station. Typically, the filters have source and destination addresses/ports as selectors in order to be able to identify the flows.
When using Mobile IP, the mobile station uses its home address during Session Initiation Protocol (SIP) negotiation for a session between the mobile station and a correspondent node. Thus, the SBLP filters set up by Proxy Call Session Control Function (P-CSCF) and PDF include the home addresses of the mobile station and the correspondent node. However, the mobile station is assigned a care-of-address from a visited network in addition to its home address when the mobile station is using Mobile IP. Thereafter, all traffic sent by the mobile station has the care-of-address as the source address. Similarly, traffic from the correspondent node includes the mobile station's care-of-address as the destination address. As such, the information in the packets from the mobile station does not match any of the filters set up at the PDSN and the packets are dropped by the PDSN.
The problem described above becomes worse when the correspondent node is also a mobile node and uses its care-of-address as the source address. In addition to packets from the mobile station being dropped by the PDSN, when the correspondent node uses its care-of-address as the source address, packets from the correspondent node also do not match any of the filters at the PDSN that have the correspondent node's home address. Moreover, even in solutions where the PDSN somehow updates the filters with the correspondent node's care-of-address, if the correspondent node moves and attaches to a new IP subnet, then its care-of-address changes in the middle of a session causing packets with the new care-of-address to not match the source address in the filters of the PDSN and the PDSN to drop the packets.
In one example that further describes the problem outlined above, during the session between the correspondent node and the mobile station, the correspondent node performs return routablility and route optimization functions and sends a Care-of-Test init message to the mobile station. The message includes the correspondent node's care-of-address in the source field. As such, the source address for the correspondent node in the message does not match the information in the SBLP filters that was established during SIP negotiation, causing the PDSN to drop the packet. Hence, the mobile station will not receive the message and the return routablility and route optimization functions will fail.
One solution to the problem identified above is to map the packet to a default service instance at the PDSN. This causes the packet to reach the mobile station so that the return routablility and route optimization functions can proceed as normal. If the route optimization function succeeds, all subsequent packets from the correspondent node to the mobile station will have the correspondent node's care-of-address in the source field. This solution, however, causes a permanent failure of the SBLP filter and makes the mobile station vulnerable to Denial-of-Service attacks because any sender with a malicious intent can flood the mobile station with junk IP packets using any source address. Furthermore, destination packets will also have the correspondent node's care-of-address instead of its home address. However, if packets from the mobile station to the correspondent node do not include the correspondent node's home address, the PDSN will not allow the packets to be forwarded to the correspondent node.
The problem is slightly different with TFT filters. When the mobile station sets up TFT filters, it uses the correspondent node's home address. When the correspondent node sends packets using its care-of-address as the source address, these packets will not match the TFT filters at the PDSN and hence will not get the right flow treatment.