The current standard for Mobile IP allows a mobile user to maintain connections as the user roams through the Internet, and allows mobile users to be reached under the same IP address. Accordingly, the current system for Mobile IP facilitates bi-directional communication, and supports mobile servers (or routers or other network resources).
Mobile IP is an open Internet standard and is specified mainly in ITEF-RFC 2002 which is hereby incorporated by reference. The fundamental premise of Mobile IP is that a mobile user can maintain the same network address regardless of where he roams. This ability is fundamentally important and desirable for two reasons: (1) connections can be maintained while roaming from one network to another and (2) bi-directional communications become possible. Connections can be maintained for IP-based communications protocols such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). For these protocols, connections are identified by four parameters, namely source and destination IP addresses and source and destination port numbers. Without Mobile IP, roaming requires a change in the mobile user's IP address which in turn leads to a loss of all connections established under the previous IP address. Hence, Mobile IP's ability to maintain the same IP address allows for “seamless” roaming in the sense that connections can be maintained while roaming. Another benefit from maintaining a single IP address is true bi-directional communications. That means, connections can be established with roaming mobile devices (hereafter referred to as a “clients”) as the destination. This ability is crucial for interactive applications (like MS NetMeeting, CUSeeMe, PowWow, and others). It also paves the way for mobile information servers. It is important to realize that these benefits apply to all IP based applications. From the application, and thus the user, the perspective is that of only a single, permanent IP address that identifies each client (i.e. laptop, handheld, smart-phone) regardless of its location.
Mobile IP works by employing two IP addresses: a permanent IP address is visible to applications and the user, while a second temporary or care-of address is used to ensure proper routing. Accordingly, when a party is traveling away from their home network, their client establishes a new IP address and this new IP address is forwarded back to their home network as a forwarding address for all message traffic addressed to the original, permanent IP address. Accordingly, the mobile user has their packets routed to them as if they were still connected to their home network terminal. In operation, Mobile IP software arbitrates between the two addresses and hides mobility from applications and the user.
In most applications, Mobile IP operates through software resident on the mobile user's home network. This software (sometimes referred to as an “agent”) intercepts packets arriving for departed clients and forwards them to the clients at their care-of addresses. In some cases, Mobile IP includes the use of Mobile IP software resident on various subnets visited by the roaming clients (termed “Foreign Agents”). In many cases, the use of Foreign Agents are not strictly required since its functionality may be subsumed into the clients themselves. A client operating without a Foreign Agent is said to be in co-located mode.
The strength of the Mobile IP protocol clearly is that it enables seamless roaming and bi-directional communications. From a practical perspective, however, Mobile IP by itself is inadequate. Most importantly, Mobile IP has been designed for an open Internet. Security has scarcely been considered in its specification. In practice, a mobile user's communications must be protected against eavesdropping and tampering.
In addition to providing no security for its own networks, as presently configured and practiced, Mobile IP networks do not provide any practical means for securely accessing protected corporate networks with which it communicates. In particular, the Mobile IP protocol will not work through such devices as firewalls or VPN gateways which are increasingly common.