1. Field
Embodiments of the invention relate to the field of networking; and more specifically, to security association management on a home agent and a foreign agent.
2. Background
Mobile IP is a protocol which allows laptop computers or other mobile computer devices (referred to as mobile nodes herein) to roam between various sub-networks at various locations, while maintaining Internet and/or WAN connectivity. In a typical Mobile IP network, when a mobile node roams from one foreign network to another foreign network, the mobile node has to send a registration request according to a Mobile IP protocol to a foreign agent associated with the foreign network to establish a communication session with a home agent associated with the mobile node.
Before the foreign agent or the home agent provides a mobile node with network connectivity the foreign agent and/or the home agent authenticates the mobile node. Typically this authentication is performed with the use of a security association. A security association typically includes an indication for an authentication algorithm, a key for that authentication algorithm, and also is associated with a lifespan (i.e., the security association will be valid for a certain amount of time).
One prior art technique of managing security associations is to statically configure the security associations at the foreign agent and the home agent. However, this prior art technique has the disadvantage that as the number of subscribers (e.g., mobile nodes) continues to grow and the unpredictability of which subscribers will be hosted (e.g., the nodes are mobile and roam between various networks) this technique is costly to maintain (e.g., memory, processor, disk storage, etc.) and is non-scalable.
Another prior art technique of managing security associations is to use on-demand downloading of the security association from an external authentication, authorization, and accounting (“AAA”) server. Upon a mobile IP registration request or a mobile IP re-registration request from a mobile node the security association for that mobile node is downloaded from the AAA server. Typically this security association may be locally cached but is removed after the mobile node's IP connection is deleted. However, this prior art technique has the disadvantage that for every mobile IP registration request or mobile IP re-registration request from a mobile node an external round-trip to the AAA server must be performed. These security authentication requests increases the amount of time necessary to provide IP connectivity for the mobile node, increases network traffic, and burdens the AAA servers. The security association also may be permanently cached on the home agent or foreign agent until manually deleted, but this technique suffers from the disadvantage that as the number of subscribers (e.g., mobile nodes) continues to grow and the unpredictability of which subscribers will be hosted (e.g., the nodes are mobile and roam between various networks) this technique is costly to maintain (e.g., memory, processor, disk storage, man power, etc.).