In mobile IP networks, when a mobile node (MN) moves from one cell to another, handover occurs. The result of the handover is that the MN connects to the network through a new access router (AR). The handover may occur between access routers of the same or different administrative domains. In all cases, the information related to the mobile node has to be transferred from the old AR to the new AR in order to minimize the effect of the change of access routers. This is the so-called context transfer (see H. Syed et al, “General Requirements for a Context Transfer Framework,” draft-ietf-seamoby-ct-reqs-alpha05.txt, IETF Internet Draft, May 2001). We propose a policy-based approach that is efficient, secure and does not require significant additional functionalities being built into access routers.
Current or proposed solutions are based on moving the complete intelligence to the network elements, i.e., access routers. Each access router must discover candidate access routers for possible handover, select the target access router for actual handover based on the capabilities of the mobile node, authenticate the target access router and finally perform the context transfer. Specifically, each access router performs the following functions:
1. Contacting the respective Home agent server
2. Contacting the Home AAA server
3. Interpreting the static subscription profile of the mobile node
4. Authenticating and authorizing the neighboring access routers
5. Interpreting the static capability of the neighboring access routers (and/or)
6. Moving the static capacity of the mobile node to the access routers (and/or)
7. Performing some pre-context activities before the actual context transfer
8. Finally transferring the context to the new access router
These functions are in addition to the main responsibilities of an access router, i.e., to route IP packets based on subscriber information and to perform metering and monitoring for charging and management purposes. Hence, the above functions may require a radical change in the current Internet infrastructure. The following are the potential shortcomings:
1. Currently there is no common mechanism for two access routers to exchange information across two autonomous systems (AS).
2. For security reasons, network operators do not want to expose the capabilities or capacity of their access routers. If one of the router is compromised the whole system is likely to get compromised. Yet current solutions require routers to expose their capabilities to other routers in same or different domains
3. Moving the intelligence to the access router is a security issue. Control and update distributed information is always a potential problem. In strictly protected networks such as Telecom networks, this may be less important. But IP networks are not as easy to protect as Telecom networks.
4. There are no automatic schemes where routers can authenticate each other. They may relay on public key based mechanism but it's a along way to go as the public key mechanism may take time into effect.
5. The router selection rules or algorithms are installed on all access routers or Mobile Nodes. This may increase the cost of both access routers and mobile nodes and impact router performance. In addition, a simple change of the selection rules requires updating on all routers or mobile nodes.
The above-mentioned references are exemplary only and are not meant to be limiting in respect to the resources and/or technologies available to those skilled in the art.