In order for mobile nodes to remain reachable while moving around in the Internet, there has to be a specific support for mobility. Otherwise packets destined to a mobile node would not reach the mobile node when it is away from its home link Mobility support in IPv6 is particularly important, as mobile computers are likely to account for a majority or at least a substantial fraction of the population of the Internet during the lifetime of IPv6.
The two main techniques for mobility support in the Internet Protocol are today the following:
Bidirectional tunnelling—A mobile node connects to a stationary anchor point with a bidirectional tunnel. It communicates through the tunnel via a stable IP address, a so-called home address, from the anchor point's link The IP address that terminates the tunnel on the mobile node side at any given point in time is called the mobile node's on-link IP address, also called care-of address.
Route optimization—A mobile node communicates via a direct path to a correspondent node. Packets are routed via the mobile node's on-link IP address. IP address substitution at the mobile node's and correspondent node's IP layers ensures that higher protocol layers see the mobile node's stable IP address instead of the variable on-link IP address.
Both bidirectional tunnelling and route optimization require extra mobility functionality on mobile nodes. This increases the complexity of node implementations and precludes mobility support for legacy nodes. Proxy-based IP mobility protocols are being developed to mitigate this. They do not require mobility functionality on a mobile node, but put such functionality on the mobile node's access router instead. The mobile node's access router thus becomes a proxy of the mobile node, and one of its IP addresses becomes the mobile node's on-link IP address. Proxy Mobile Internet Protocol version 6 (PMIPv6) is currently the main proxy-based IP mobility protocol.
The base specification of Proxy Mobile IPv6 uses bidirectional tunnelling. However, since bidirectional tunnelling increases bandwidth utilization and packet propagation delays due to a sub-optimal packet route via an anchor point, efforts (see e.g. Behcet Sarikaya et al.: “PMIPv6 Route Optimization Protocol, draft-qin-netlmm-pmipro-00”; and Julien Abeille, Marco Liebsch: “Route Optimization for Proxy Mobile IPv6, draft-abeille-netlmm-proxymip6ro-00”) are since recently underway to extend Proxy Mobile IPv6 by a mode for route optimization.
Route optimization requires a mobile node to prove to a correspondent node that it is the legitimate owner of its stable IP address. This IP address ownership proof must in general do without a pre-existing security or trust relationship between the mobile node and the correspondent node.
One of the main protocols for route optimization in Mobile IPv6, Enhanced Route Optimization (see RFC4866, Jari Arkko, Christian Vogt, Wassim Haddad: “Enhanced Route Optimization for Mobile IPv6”), enables a mobile node to prove ownership of its stable IP address by means of generating the stable IP address cryptographically. Specifically, the stable IP address is a function of the public component of the mobile node's public/private key pair, and the mobile node proves ownership of the stable IP address by presenting evidence that it knows the respective private component.
Unfortunately, direct translation of the methodology of Enhanced Route Optimization to Proxy Mobile IPv6 would require the mobile node's access router to learn the mobile node's private key, and it would require the transferral of the mobile node's private key across access routers as the mobile node moves. Both puts the mobile node's public key at an increased risk of compromise and is hence unacceptable from a security perspective.
Behcet Sarikaya et al.: “PMIPv6 Route Optimization Protocol, draft-qin-netlmm-pmipro-00”, specifies a proxy-based route optimization solution based on Enhanced Route Optimization. It directly moves the mobile node's mobility functionality to the access router. As a part of this, it requires a mobile node's access router to learn the mobile node's private key. It also requires the transferral of the mobile node's private key between access routers as the mobile node moves. Both contradict common security guidelines.
Julien Abeille, Marco Liebsch: “Route Optimization for Proxy Mobile IPv6, draft-abeille-netlmm-proxymip6ro-00” provides support for route optimization only if both the mobile node and the correspondent node are located in a Proxy Mobile IPv6 domain. The advantage of this is that a pre-existing security and trust relationship can be assumed to exist between the proxies of the mobile node and the correspondent node. This relationship is utilized for IP address ownership proofs in Sarikaya et al. The disadvantage of requiring a correspondent node to be in a Proxy Mobile IPv6 domain is that it limits the set of correspondent nodes for which communications can be route optimized. Correspondent nodes with support for Enhanced Route Optimization according to RFC4866 that are not in a Proxy Mobile IPv6 domain are not supported.
Sangjin Jeong, Ryuji Wakikawa: “Route Optimization Support for Proxy Mobile IPv6 (PMIPv6), draft-jeong-netlmm-ro-support-for-pmip6-00” considers route optimization with both, correspondent nodes within a Proxy Mobile IPv6 domain, and correspondent nodes outside a Proxy Mobile IPv6 domain. For the former case, security and trust relationships are assumed to exist between the proxies of the mobile node and the correspondent node. This has the same disadvantages as in Julien Abeille et al. For the latter case, route optimization is realized based on the security design of Mobile IPv6 (see David B. Johnson, Charles E. Perkins, Jari Arkko: “Mobility Support in IPv6”, RFC 3775). However, this solution presents some lacks in security, produces long handover delays, and incurs a quite large signalling overhead.