The present invention is generally related to mobile communications, and more particularly to a method for extending a home Virtual Local Area Network (VLAN) through an Ethernet/IP campus network to mobile nodes on foreign subnets.
A Virtual Local Area Network (VLAN) is a logical grouping of two or more nodes which are not necessarily on the same physical network segment but which share the same network number. A large or campus network may contain multiple VLANs that provide equivalent services. For example, a campus network may contain multiple Voice VLANS. As a node roams from its home subnet to a foreign subnet messages to and from the node need to be properly routed.
Standard Mobile IP supports seamless subnet mobility for IP applications only. However standard Mobile IP is not currently widely used primarily because it is not widely supported by existing conventional (i.e. Microsoft) TCP/IP protocol sacks. Furthermore, Standard Mobile IP does not support non-IP protocols.
Thus a need exists for a solution that enables seamless inter-subnet mobility for non-IP mobile nodes. Furthermore, the need exists for a solution which supports both IP and non-IP protocols wherein a mobile node does not need to be configured with a permanent IP address.
Unless otherwise defined, the following definitions should be used. Terms not defined should be given their ordinary or customary meaning as defined by the Institute of Electrical and Electronics Engineers 802.11 standard, hereby incorporated by reference.
802.11— The 802.11 protocol and 802.11 terms are defined by the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard.
802 address—In this document, an “802 address” is a canonical IEEE 48-bit “Ethernet” address. 802.11 and Ethernet addresses are 802 addresses.
AP—802.11 access point.
AP Subnet—APs are grouped per IP subnet. A single Subnet Context Manager (SCM) is elected for each AP subnet. An AP and SCM provide access to MNs that belong to different subnets via standard VLAN trunking.
CCM—Campus Context Manager, a central context manager that issues security credentials for a mobile node's foreign agent and home agent. Mobile Ethernet agents authenticate and establish a separate secret key with the campus context manager. The campus context manager is used by the foreign agent and home agent to establish a shared secret key with each other. A MN “home VLAN bindings” are stored in the CCM for a “campus network” and are distributed, as required, as a MN roams. The CCM functions as an “authenticator” and key distribution center (KDC) for SCMs and APs.
Campus Network—A “campus network” is an aggregate “seamless roaming domain”, which implies a geographic locality. A campus network may include 1 or more 802.11 Extended Service Sets, where an Extended Service Set is identified by a Service Set Identifier (SSID), as defined in the IEEE 802.11 specification.
CH—Correspondent Host. A mobile or non-mobile node that is actively communicating with a MN.
FA—Foreign Agent. In this document, a foreign agent is a Mobile Ethernet foreign agent, unless explicitly noted otherwise.
HA—Home Agent. In this document, a home agent is a Mobile Ethernet home agent, unless explicitly noted otherwise.
HA Bridge—A HA Bridge is co-located with each Mobile Ethernet HA. The HA Bridge is responsible for bridging Ethernet frames, for a MN on a foreign subnet, between the MN's “home VLAN” and the co-located HA.
Home VLAN Bindings—A Mobile Ethernet MN is bound to a home subnet or “home VLAN”. The “home VLAN bindings include the MN 802 address, MN IP address (if it exists), current SCM/HA IP address, and “home VLAN ID”.
HA/FA—A combined Mobile Ethernet home and foreign agent. In a simple implementation, an HA/FA is a software entity in an SCM.
IGMP—Internet Group Management Protocol. IGMP is used to determine IP multicast group membership.
IGMP Snooping—Switches and APs “snoop” IGMP messages, received on a port, to determine which IP multicast addresses must be transmitted on the port.
MIP—Mobile IPv4 as defined in Internet Engineering Task Force (IETF) RFC 2002 and IETF RFC 3220.
MN—802.11 Mobile Node.
Network Access Identifier (NAI)—An NAI is used to identify a user within a network domain. For example, “joe@cisco.com” is a typical NAI.
SCM—Subnet Context Manager. A single SCM provides a central control point for each AP subnet. From the perspective of a MN, a home SCM is the SCM of the home VLAN for the MN and a foreign SCM is an SCM on any other “foreign subnet”. An SCM/HA is a home SCM and co-located Mobile Ethernet home agent. An SCM/FA is a foreign SCM and co-located Mobile Ethernet foreign agent.
Seamless roaming. A MN is said to roam “seamlessly” if it roams between APs in different subnets without changing its “home IP address”.
SSID—802.11 Service Set Identifier. An SSID identifies a set of MNs grouped into a logical “service set”, and the APs that provide access for the service set. Mobile Ethernet is enabled or disabled per SSID. An SSID is implicitly or explicitly bound to a VLAN ID. By default, an SSID is bound to the local SCM/HA. An SSID can be explicitly bound to a remote “home SCM/HA” and remote home VLAN.
VLAN—A “Virtual LAN”, as defined in the IEEE 802.1Q standard. VLAN-tagged frames are transmitted on a VLAN Trunk link.
WLAN—Wireless LAN.
WLCCP—Wireless LAN Context Control Protocol. A protocol wherein the central context manager is used to authenticate a home agent and a foreign agent. The protocol uses encrypted messages using keys exchanged during the authentication step. Furthermore, a protocol that enables a foreign agent and a home agent to establish a secret key between them via the central context manager. WLCCP is used to cache and securely distribute home VLAN bindings and other mobility context for MNs. WLCCP registration triggers Mobile Ethernet registration. Mobile Ethernet security is facilitated by the WLCCP security infrastructure.