The protocols related to IP networks, such as the Internet, are developed by the Internet Engineering Task Force (IETF). One of the protocols is the IPSec (short for Internet Security), which is actually a set of protocols intended to support secure transmission of packets at the IP layer. The IPSec protocol set is commonly used to construct Virtual Private Networks (VPNs), i.e. networks which are constructed using public networks, such as the Internet, as the transport medium, but which can be accessed by authorized users only.
The IETF has also been developing support for mobile IP nodes for both versions of IP (i.e. for IPv4 and IPv6). The main results of this work are the two Mobile IP protocols, Mobile IPv4 (RFC 2002) and Mobile IPv6 (work in progress, assumed to reach RFC status soon).
In both versions of Mobile IP, the packets sent to the so-called home address, which is the permanent address of the mobile node, are forwarded to the mobile node when it is not located on the home link. An element called a home agent is located on the link within which the home address of the mobile node is located, i.e. on the so-called home link. The home agent captures all IP packets sent to the home address of the mobile node while the mobile node is not located on the home link, and forwards them to the current IP address of the mobile node, called the care-of address. In Mobile IPv4, the forwarding process utilizes so-called IP-in-IP tunneling, in which encapsulated packets are forwarded to the mobile node. Thus the destination address in the outer IP header of this IP-in-IP tunneling is the care-of address, while the destination address in the inner IP header is the home address of the mobile node.
In Mobile IPv6, the mobile node signals a change in its care-of address to the home agent by sending to the home agent the new care-of address in a message called a Binding Update. The home agent acknowledges this message by returning to the mobile node a message called a Binding Acknowledgement. In Mobile IPv4, the corresponding messages are the Registration Request sent from the mobile node to the home agent and the Registration Reply sent in the opposite direction.
Thus mobility in IP networks requires the use of home agents, which keep track of the current address of the mobile node.
A drawback related to the use of home agents is the high amount of protocol overhead needed to perform the above-mentioned tunneling. This may substantially degrade the performance of the system, especially in narrow bandwidth networks. A further drawback related to the current situation is that home agents are not commonly available.
A drawback related to the current IPSec implementations is, in turn, that they do not support mobility. Therefore, current IPSec implementations cannot utilize the above-described features of Mobile IPv4 and IPv6 supporting mobility.
The present invention seeks to provide mobility support for IPSec communication environments, such as for IPSec VPN implementations, without the above-mentioned drawbacks related to the Mobile IP.