Internet Engineering Task Force (IETF)                   C. Perkins, Ed.
Request for Comments: 5944                                 WiChorus Inc.
Obsoletes: 3344                                            November 2010
Category: Standards Track
ISSN: 2070-1721
        
Internet Engineering Task Force (IETF)                   C. Perkins, Ed.
Request for Comments: 5944                                 WiChorus Inc.
Obsoletes: 3344                                            November 2010
Category: Standards Track
ISSN: 2070-1721
        

IP Mobility Support for IPv4, Revised

IPv4的IP移动性支持,修订版

Abstract

摘要

This document specifies protocol enhancements that allow transparent routing of IP datagrams to mobile nodes in the Internet. Each mobile node is always identified by its home address, regardless of its current point of attachment to the Internet. While situated away from its home, a mobile node is also associated with a care-of address, which provides information about its current point of attachment to the Internet. The protocol provides for registering the care-of address with a home agent. The home agent sends datagrams destined for the mobile node through a tunnel to the care-of address. After arriving at the end of the tunnel, each datagram is then delivered to the mobile node.

本文档指定了协议增强功能,允许将IP数据报透明路由到Internet中的移动节点。每个移动节点总是由其家庭地址标识,而不管其当前连接到Internet的点。当移动节点远离其家时,移动节点还与转交地址相关联,该地址提供关于其当前互联网连接点的信息。该协议规定向家庭代理注册转交地址。归属代理通过隧道将目的地为移动节点的数据报发送到转交地址。到达隧道末端后,每个数据报随后被传送到移动节点。

Status of This Memo

关于下段备忘

This is an Internet Standards Track document.

这是一份互联网标准跟踪文件。

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.

本文件是互联网工程任务组(IETF)的产品。它代表了IETF社区的共识。它已经接受了公众审查,并已被互联网工程指导小组(IESG)批准出版。有关互联网标准的更多信息,请参见RFC 5741第2节。

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc5944.

有关本文件当前状态、任何勘误表以及如何提供反馈的信息,请访问http://www.rfc-editor.org/info/rfc5944.

Copyright Notice

版权公告

Copyright (c) 2010 IETF Trust and the persons identified as the document authors. All rights reserved.

版权所有(c)2010 IETF信托基金和确定为文件作者的人员。版权所有。

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

本文件受BCP 78和IETF信托有关IETF文件的法律规定的约束(http://trustee.ietf.org/license-info)自本文件出版之日起生效。请仔细阅读这些文件,因为它们描述了您对本文件的权利和限制。从本文件中提取的代码组件必须包括信托法律条款第4.e节中所述的简化BSD许可证文本,并提供简化BSD许可证中所述的无担保。

This document may contain material from IETF Documents or IETF Contributions published or made publicly available before November 10, 2008. The person(s) controlling the copyright in some of this material may not have granted the IETF Trust the right to allow modifications of such material outside the IETF Standards Process. Without obtaining an adequate license from the person(s) controlling the copyright in such materials, this document may not be modified outside the IETF Standards Process, and derivative works of it may not be created outside the IETF Standards Process, except to format it for publication as an RFC or to translate it into languages other than English.

本文件可能包含2008年11月10日之前发布或公开的IETF文件或IETF贡献中的材料。控制某些材料版权的人员可能未授予IETF信托允许在IETF标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员处获得充分许可的情况下,不得在IETF标准流程之外修改本文件,也不得在IETF标准流程之外创建其衍生作品,除了将其格式化以RFC形式发布或将其翻译成英语以外的其他语言。

Table of Contents

目录

   1. Introduction ....................................................5
      1.1. Protocol Requirements ......................................5
      1.2. Goals ......................................................6
      1.3. Assumptions ................................................6
      1.4. Applicability ..............................................6
      1.5. New Architectural Entities .................................7
      1.6. Terminology ................................................7
      1.7. Protocol Overview .........................................11
      1.8. Message Format and Protocol Extensibility .................14
      1.9. Type-Length-Value Extension Format for Mobile IP
           Extensions ................................................16
      1.10. Long Extension Format ....................................17
      1.11. Short Extension Format ...................................18
   2. Agent Discovery ................................................18
      2.1. Agent Advertisement .......................................19
           2.1.1. Mobility Agent Advertisement Extension .............21
           2.1.2. Prefix-Lengths Extension ...........................23
           2.1.3. One-Byte Padding Extension .........................24
      2.2. Agent Solicitation ........................................24
      2.3. Foreign Agent and Home Agent Considerations ...............24
           2.3.1. Advertised Router Addresses ........................26
           2.3.2. Sequence Numbers and Rollover Handling .............26
      2.4. Mobile Node Considerations ................................26
           2.4.1. Registration Required ..............................28
           2.4.2. Move Detection .....................................28
           2.4.3. Returning Home .....................................29
           2.4.4. Sequence Numbers and Rollover Handling .............29
   3. Registration ...................................................29
      3.1. Registration Overview .....................................30
      3.2. Authentication ............................................31
      3.3. Registration Request ......................................32
      3.4. Registration Reply ........................................34
      3.5. Registration Extensions ...................................38
           3.5.1. Computing Authentication Extension Values ..........38
           3.5.2. Mobile-Home Authentication Extension ...............39
           3.5.3. Mobile-Foreign Authentication Extension ............40
           3.5.4. Foreign-Home Authentication Extension ..............40
      3.6. Mobile Node Considerations ................................41
           3.6.1. Sending Registration Requests ......................43
           3.6.2. Receiving Registration Replies .....................47
           3.6.3. Registration Retransmission ........................50
      3.7. Foreign Agent Considerations ..............................50
           3.7.1. Configuration and Registration Tables ..............51
           3.7.2. Receiving Registration Requests ....................52
           3.7.3. Receiving Registration Replies .....................56
        
   1. Introduction ....................................................5
      1.1. Protocol Requirements ......................................5
      1.2. Goals ......................................................6
      1.3. Assumptions ................................................6
      1.4. Applicability ..............................................6
      1.5. New Architectural Entities .................................7
      1.6. Terminology ................................................7
      1.7. Protocol Overview .........................................11
      1.8. Message Format and Protocol Extensibility .................14
      1.9. Type-Length-Value Extension Format for Mobile IP
           Extensions ................................................16
      1.10. Long Extension Format ....................................17
      1.11. Short Extension Format ...................................18
   2. Agent Discovery ................................................18
      2.1. Agent Advertisement .......................................19
           2.1.1. Mobility Agent Advertisement Extension .............21
           2.1.2. Prefix-Lengths Extension ...........................23
           2.1.3. One-Byte Padding Extension .........................24
      2.2. Agent Solicitation ........................................24
      2.3. Foreign Agent and Home Agent Considerations ...............24
           2.3.1. Advertised Router Addresses ........................26
           2.3.2. Sequence Numbers and Rollover Handling .............26
      2.4. Mobile Node Considerations ................................26
           2.4.1. Registration Required ..............................28
           2.4.2. Move Detection .....................................28
           2.4.3. Returning Home .....................................29
           2.4.4. Sequence Numbers and Rollover Handling .............29
   3. Registration ...................................................29
      3.1. Registration Overview .....................................30
      3.2. Authentication ............................................31
      3.3. Registration Request ......................................32
      3.4. Registration Reply ........................................34
      3.5. Registration Extensions ...................................38
           3.5.1. Computing Authentication Extension Values ..........38
           3.5.2. Mobile-Home Authentication Extension ...............39
           3.5.3. Mobile-Foreign Authentication Extension ............40
           3.5.4. Foreign-Home Authentication Extension ..............40
      3.6. Mobile Node Considerations ................................41
           3.6.1. Sending Registration Requests ......................43
           3.6.2. Receiving Registration Replies .....................47
           3.6.3. Registration Retransmission ........................50
      3.7. Foreign Agent Considerations ..............................50
           3.7.1. Configuration and Registration Tables ..............51
           3.7.2. Receiving Registration Requests ....................52
           3.7.3. Receiving Registration Replies .....................56
        
      3.8. Home Agent Considerations .................................58
           3.8.1. Configuration and Registration Tables ..............58
           3.8.2. Receiving Registration Requests ....................59
           3.8.3. Sending Registration Replies .......................64
   4. Routing Considerations .........................................66
      4.1. Encapsulation Types .......................................67
      4.2. Unicast Datagram Routing ..................................67
           4.2.1. Mobile Node Considerations .........................67
           4.2.2. Foreign Agent Considerations .......................68
           4.2.3. Home Agent Considerations ..........................69
      4.3. Broadcast Datagrams .......................................70
      4.4. Multicast Datagram Routing ................................71
      4.5. Mobile Routers ............................................72
      4.6. ARP, Proxy ARP, and Gratuitous ARP ........................74
   5. Security Considerations ........................................77
      5.1. Message Authentication Codes ..............................77
      5.2. Areas of Security Concern in This Protocol ................78
      5.3. Key Management ............................................78
      5.4. Picking Good Random Numbers ...............................78
      5.5. Privacy ...................................................79
      5.6. Ingress Filtering .........................................79
      5.7. Replay Protection for Registration Requests ...............79
           5.7.1. Replay Protection Using Timestamps .................80
           5.7.2. Replay Protection Using Nonces .....................81
   6. IANA Considerations ............................................82
      6.1. Mobile IP Message Types ...................................82
      6.2. Extensions to RFC 1256 Router Advertisement Messages ......83
      6.3. Extensions to Mobile IP Registration Messages .............83
      6.4. Code Values for Mobile IP Registration Reply Messages .....84
   7. Acknowledgments ................................................84
   8. References .....................................................86
      8.1. Normative References ......................................86
      8.2. Informative References ....................................87
   Appendix A. Link-Layer Considerations .............................90
   Appendix B. TCP Considerations ....................................90
      B.1. TCP Timers ................................................90
      B.2. TCP Congestion Management .................................91
   Appendix C.  Example Scenarios ....................................92
      C.1. Registering with a Foreign Agent Care-of Address ..........92
      C.2. Registering with a Co-Located Care-of Address .............93
      C.3. Deregistration ............................................94
   Appendix D. Applicability of Prefix-Lengths Extension .............94
   Appendix E. Interoperability Considerations .......................95
   Appendix F. Changes since RFC 3344 ................................96
   Appendix G. Example Messages ......................................98
      G.1. Example ICMP Agent Advertisement Message Format ...........98
      G.2. Example Registration Request Message Format ...............99
      G.3. Example Registration Reply Message Format ................100
        
      3.8. Home Agent Considerations .................................58
           3.8.1. Configuration and Registration Tables ..............58
           3.8.2. Receiving Registration Requests ....................59
           3.8.3. Sending Registration Replies .......................64
   4. Routing Considerations .........................................66
      4.1. Encapsulation Types .......................................67
      4.2. Unicast Datagram Routing ..................................67
           4.2.1. Mobile Node Considerations .........................67
           4.2.2. Foreign Agent Considerations .......................68
           4.2.3. Home Agent Considerations ..........................69
      4.3. Broadcast Datagrams .......................................70
      4.4. Multicast Datagram Routing ................................71
      4.5. Mobile Routers ............................................72
      4.6. ARP, Proxy ARP, and Gratuitous ARP ........................74
   5. Security Considerations ........................................77
      5.1. Message Authentication Codes ..............................77
      5.2. Areas of Security Concern in This Protocol ................78
      5.3. Key Management ............................................78
      5.4. Picking Good Random Numbers ...............................78
      5.5. Privacy ...................................................79
      5.6. Ingress Filtering .........................................79
      5.7. Replay Protection for Registration Requests ...............79
           5.7.1. Replay Protection Using Timestamps .................80
           5.7.2. Replay Protection Using Nonces .....................81
   6. IANA Considerations ............................................82
      6.1. Mobile IP Message Types ...................................82
      6.2. Extensions to RFC 1256 Router Advertisement Messages ......83
      6.3. Extensions to Mobile IP Registration Messages .............83
      6.4. Code Values for Mobile IP Registration Reply Messages .....84
   7. Acknowledgments ................................................84
   8. References .....................................................86
      8.1. Normative References ......................................86
      8.2. Informative References ....................................87
   Appendix A. Link-Layer Considerations .............................90
   Appendix B. TCP Considerations ....................................90
      B.1. TCP Timers ................................................90
      B.2. TCP Congestion Management .................................91
   Appendix C.  Example Scenarios ....................................92
      C.1. Registering with a Foreign Agent Care-of Address ..........92
      C.2. Registering with a Co-Located Care-of Address .............93
      C.3. Deregistration ............................................94
   Appendix D. Applicability of Prefix-Lengths Extension .............94
   Appendix E. Interoperability Considerations .......................95
   Appendix F. Changes since RFC 3344 ................................96
   Appendix G. Example Messages ......................................98
      G.1. Example ICMP Agent Advertisement Message Format ...........98
      G.2. Example Registration Request Message Format ...............99
      G.3. Example Registration Reply Message Format ................100
        
1. Introduction
1. 介绍

IP version 4 assumes that a node's IP address uniquely identifies the node's point of attachment to the Internet. Therefore, a node must be located on the network indicated by its IP address in order to receive datagrams destined to it; otherwise, datagrams destined to the node would be undeliverable. For a node to change its point of attachment without losing its ability to communicate, currently one of the two following mechanisms must typically be employed:

IP版本4假设一个节点的IP地址唯一地标识该节点到Internet的连接点。因此,节点必须位于由其IP地址指示的网络上,以便接收目的地为其的数据报;否则,发送到节点的数据报将无法传递。为了使节点在不丧失通信能力的情况下改变其连接点,目前必须采用以下两种机制之一:

o the node must change its IP address whenever it changes its point of attachment, or

o 当节点更改其连接点时,必须更改其IP地址,或者

o host-specific routes must be propagated throughout much of the Internet routing fabric.

o 特定于主机的路由必须在大部分Internet路由结构中传播。

Both of these alternatives are often unacceptable. The first makes it impossible for a node to maintain transport and higher-layer connections when the node changes location. The second has obvious and severe scaling problems, especially relevant considering the explosive growth in sales of notebook (mobile) computers.

这两种选择通常都是不可接受的。第一种情况是,当节点改变位置时,节点不可能保持传输和更高层的连接。第二个问题明显且严重,尤其是考虑到笔记本(移动)电脑销量的爆炸性增长。

A new, scalable mechanism is required for accommodating node mobility within the Internet. This document defines such a mechanism, which enables nodes to change their point of attachment to the Internet without changing their IP address.

需要一种新的、可扩展的机制来适应互联网中的节点移动性。本文档定义了这样一种机制,使节点能够在不更改IP地址的情况下更改其到Internet的连接点。

Changes between this revised specification for Mobile IP and the original specifications (see [44], [14], [15], [20], [4], and [50]) are detailed in Appendix F.

本修订版移动IP规范与原始规范(见[44]、[14]、[15]、[20]、[4]和[50])之间的变更详见附录F。

1.1. Protocol Requirements
1.1. 协议要求

A mobile node must be able to communicate with other nodes after changing its link-layer point of attachment to the Internet, yet without changing its IP address.

移动节点必须能够在更改其连接到Internet的链路层连接点后与其他节点通信,但不更改其IP地址。

A mobile node must be able to communicate with other nodes that do not implement these mobility functions. No protocol enhancements are required in hosts or routers that are not acting as any of the new architectural entities introduced in Section 1.5.

移动节点必须能够与未实现这些移动功能的其他节点通信。不作为第1.5节中介绍的任何新体系结构实体的主机或路由器不需要协议增强。

All messages used to update another node as to the location of a mobile node must be authenticated in order to protect against remote redirection attacks.

所有用于更新另一个节点的移动节点位置的消息都必须经过身份验证,以防止远程重定向攻击。

1.2. Goals
1.2. 目标

The link by which a mobile node is directly attached to the Internet may often be a wireless link. This link may thus have a substantially lower bandwidth and higher error rate than traditional wired networks. Moreover, mobile nodes are likely to be battery powered, and minimizing power consumption is important. Therefore, the number of administrative messages sent over the link by which a mobile node is directly attached to the Internet should be minimized, and the size of these messages should be kept as small as is reasonably possible.

移动节点通过其直接连接到因特网的链路通常可以是无线链路。因此,与传统有线网络相比,该链路可能具有显著更低的带宽和更高的错误率。此外,移动节点可能由电池供电,因此最大限度地降低功耗非常重要。因此,通过移动节点直接连接到因特网的链路发送的管理消息的数量应该最小化,并且这些消息的大小应该保持尽可能小。

1.3. Assumptions
1.3. 假设

The protocols defined in this document place no additional constraints on the assignment of IP addresses. That is, a mobile node can be assigned an IP address by the organization that owns the machine.

本文档中定义的协议对IP地址的分配没有附加限制。也就是说,拥有机器的组织可以为移动节点分配IP地址。

This protocol assumes that mobile nodes will generally not change their point of attachment to the Internet more frequently than once per second.

该协议假设移动节点通常不会以超过每秒一次的频率更改其与Internet的连接点。

This protocol assumes that IP unicast datagrams are routed based on the Destination Address in the datagram header (and not, for example, by source address).

该协议假设IP单播数据报是基于数据报报头中的目标地址(而不是源地址)路由的。

1.4. Applicability
1.4. 适用性

Mobile IP is intended to enable nodes to move from one IP subnet to another. It is just as suitable for mobility across homogeneous media as it is for mobility across heterogeneous media. That is, Mobile IP facilitates node movement from one Ethernet segment to another, as well as from an Ethernet segment to a wireless LAN, as long as the mobile node's IP address remains the same after such a movement.

移动IP旨在使节点能够从一个IP子网移动到另一个IP子网。它既适用于异构介质的移动,也适用于异构介质的移动。也就是说,移动IP促进节点从一个以太网段移动到另一个以太网段,以及从以太网段移动到无线LAN,只要移动节点的IP地址在这种移动之后保持不变。

One can think of Mobile IP as solving the "macro" mobility management problem. It is less well suited for more "micro" mobility management applications -- for example, handoff amongst wireless transceivers, each of which covers only a very small geographic area. As long as node movement does not occur between points of attachment on different IP subnets, link-layer mechanisms for mobility (i.e., link-layer handoff) may offer faster convergence and far less overhead than Mobile IP.

人们可以将移动IP视为解决“宏观”移动管理问题。它不太适合更“微型”的移动管理应用——例如,无线收发器之间的切换,每个收发器只覆盖很小的地理区域。只要不同IP子网上的连接点之间不发生节点移动,用于移动的链路层机制(即链路层切换)可以提供比移动IP更快的收敛速度和更少的开销。

1.5. New Architectural Entities
1.5. 新的建筑实体

Mobile IP introduces the following new functional entities:

移动IP引入了以下新的功能实体:

Mobile Node

移动节点

A host or router that changes its point of attachment from one network or subnetwork to another. A mobile node may change its location without changing its IP address; it may continue to communicate with other Internet nodes at any location using its (constant) IP address, assuming link-layer connectivity to a point of attachment is available.

将其连接点从一个网络或子网络更改为另一个网络的主机或路由器。移动节点可以在不改变其IP地址的情况下改变其位置;假设连接点的链路层连接可用,它可以使用其(恒定)IP地址继续与任何位置的其他Internet节点通信。

Home Agent

国内代理

A router on a mobile node's home network that tunnels datagrams for delivery to the mobile node when it is away from home, and maintains current location information for the mobile node.

移动节点家庭网络上的一种路由器,用于在移动节点离家时传输数据报,并维护移动节点的当前位置信息。

Foreign Agent

外国代理人

A router on a mobile node's visited network that provides routing services to the mobile node while registered. The foreign agent detunnels and delivers to the mobile node datagrams that were tunneled by the mobile node's home agent. For datagrams sent by a mobile node, the foreign agent may serve as a default router for registered mobile nodes.

移动节点访问网络上的路由器,在注册时向移动节点提供路由服务。外部代理将由移动节点的主代理通过隧道传输的数据报卸载并传递给移动节点。对于移动节点发送的数据报,外部代理可以用作注册移动节点的默认路由器。

A mobile node is given a long-term IP address on a home network. This home address is administered in the same way that a "permanent" IP address is provided to a stationary host. When away from its home network, a "care-of address" is associated with the mobile node and reflects the mobile node's current point of attachment. The mobile node uses its home address as the source address of all IP datagrams that it sends, except where otherwise described in this document for datagrams sent for certain mobility management functions (e.g., as in Section 3.6.1.1).

移动节点在家庭网络上被赋予一个长期的IP地址。该家庭地址的管理方式与向固定主机提供“永久”IP地址的方式相同。当离开其家庭网络时,“转交地址”与移动节点相关联,并反映移动节点的当前连接点。移动节点使用其家庭地址作为其发送的所有IP数据报的源地址,除非本文件中另有说明,用于某些移动性管理功能的数据报(如第3.6.1.1节)。

1.6. Terminology
1.6. 术语

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [1].

本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照RFC 2119[1]中所述进行解释。

In addition, this document frequently uses the following terms:

此外,本文件经常使用以下术语:

Authorization-Enabling Extension

授权启用扩展

An authentication that makes a (registration) message acceptable to the ultimate recipient of the registration message. An authorization-enabling extension MUST contain a Security Parameter Index (SPI).

使(注册)消息为注册消息的最终接收者所接受的一种身份验证。授权启用扩展必须包含安全参数索引(SPI)。

In this document, all uses of authorization-enabling extension refer to authentication extensions that enable the Registration Request message to be acceptable to the home agent. Using additional protocol structures specified outside of this document, it may be possible for the mobile node to provide authentication of its registration to the home agent, by way of another authenticating entity within the network that is acceptable to the home agent (for example, see RFC 2794 [2]).

在本文档中,授权启用扩展的所有用途均指使注册请求消息为归属代理所接受的身份验证扩展。使用本文档之外指定的附加协议结构,移动节点可以通过归属代理可接受的网络内的另一认证实体(例如,参见RFC 2794[2])向归属代理提供其注册的认证。

Agent Advertisement

代理广告

An advertisement message constructed by attaching a special Extension to a Router Advertisement [5] message.

通过在路由器广告[5]消息上附加一个特殊扩展来构造的一种广告消息。

Authentication

认证

The process of verifying (using cryptographic techniques, for all applications in this specification) the identity of the originator of a message.

验证(对于本规范中的所有应用程序,使用加密技术)消息发起人身份的过程。

Care-of Address

转交地址

The termination point of a tunnel toward a mobile node, for datagrams forwarded to the mobile node while it is away from home. The protocol can use two different types of care-of address: a "foreign agent care-of address" is an address of a foreign agent with which the mobile node is registered, and a "co-located care-of address" is an externally obtained local address that the mobile node has associated with one of its own network interfaces.

通向移动节点的隧道的终止点,用于在移动节点离家时转发给移动节点的数据报。该协议可以使用两种不同类型的转交地址:“外来代理转交地址”是移动节点注册的外来代理的地址,“同处转交地址”是移动节点已与其自身网络接口之一关联的外部获得的本地地址。

Correspondent Node

对应节点

A peer with which a mobile node is communicating. A correspondent node may be either mobile or stationary.

移动节点与之通信的对等方。对应节点可以是移动的或静止的。

Foreign Network

外网

Any network other than the mobile node's home network.

移动节点的家庭网络以外的任何网络。

Gratuitous ARP

无故ARP

An Address Resolution Protocol (ARP) packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache [45]. See Section 4.6.

由一个节点发送的地址解析协议(ARP)数据包,用于自发地使其他节点更新其ARP缓存中的条目[45]。见第4.6节。

Home Address

家庭住址

An IP address that is assigned for an extended period of time to a mobile node. It remains unchanged regardless of where the node is attached to the Internet.

分配给移动节点一段较长时间的IP地址。无论节点连接到Internet的位置如何,它都保持不变。

Home Network

家庭网络

A network, possibly virtual, having a network prefix matching that of a mobile node's home address. Note that standard IP routing mechanisms will deliver datagrams destined to a mobile node's home address to the mobile node's home network.

一种网络,可能是虚拟的,其网络前缀与移动节点的家庭地址匹配。请注意,标准IP路由机制将向移动节点的家庭网络发送目的地为移动节点家庭地址的数据报。

Link

链接

A facility or medium over which nodes can communicate at the link layer. A link underlies the network layer.

节点可在链路层上进行通信的设施或介质。链接位于网络层的下方。

Link-Layer Address

链路层地址

The address used to identify an endpoint of some communication over a physical link. Typically, the link-layer address is an interface's Media Access Control (MAC) address.

用于通过物理链路标识某些通信的端点的地址。通常,链路层地址是接口的媒体访问控制(MAC)地址。

Mobility Agent

流动剂

Either a home agent or a foreign agent.

要么是国内代理人,要么是国外代理人。

Mobility Binding

迁移率绑定

The association of a home address with a care-of address, along with the remaining Lifetime of that association.

家庭地址与转交地址的关联,以及该关联的剩余生命周期。

Mobility Security Association

移动安全协会

A collection of security contexts, between a pair of nodes, which may be applied to Mobile IP protocol messages exchanged between them. Each context indicates an authentication algorithm and mode (Section 5.1), a secret (a shared key, or appropriate public/ private key pair), and a style of replay protection in use (Section 5.7).

一对节点之间的安全上下文集合,可应用于它们之间交换的移动IP协议消息。每个上下文表示一种身份验证算法和模式(第5.1节)、一个秘密(共享密钥或适当的公钥/私钥对)和使用中的重播保护类型(第5.7节)。

Node

节点

A host or a router.

主机或路由器。

Nonce

暂时

A randomly chosen value, different from previous choices, inserted in a message to protect against replays.

一个随机选择的值,与以前的选择不同,插入到消息中以防止重播。

Security Parameter Index (SPI)

安全参数索引(SPI)

An index identifying a security context between a pair of nodes, among the contexts available in the Mobility Security Association. SPI values 0 through 255 are reserved and MUST NOT be used in any Mobility Security Association.

在移动安全关联中可用的上下文中,标识一对节点之间的安全上下文的索引。SPI值0到255是保留的,不得在任何移动安全关联中使用。

Tunnel

地下通道

The path followed by a datagram while it is encapsulated. The model is that, while it is encapsulated, a datagram is routed to a knowledgeable decapsulating agent, which decapsulates the datagram and then correctly delivers it to its ultimate destination.

封装时数据报所遵循的路径。模型是,当数据报被封装时,它被路由到一个知识渊博的去封装代理,该代理对数据报进行去封装,然后正确地将其传递到最终目的地。

Virtual Network

虚拟网络

A network with no physical instantiation beyond a router (with a physical network interface on another network). The router (e.g., a home agent) generally advertises reachability to the virtual network using conventional routing protocols.

在路由器之外没有物理实例化的网络(在另一个网络上有物理网络接口)。路由器(例如,归属代理)通常使用常规路由协议来宣传虚拟网络的可达性。

Visited Network

访问网络

A network other than a mobile node's home network, to which the mobile node is currently connected.

除移动节点的家庭网络之外的网络,移动节点当前连接到该网络。

Visitor List

访问者列表

The list of mobile nodes visiting a foreign agent.

访问外部代理的移动节点列表。

1.7. Protocol Overview
1.7. 协议概述

The following support services are defined for Mobile IP:

为移动IP定义了以下支持服务:

Agent Discovery

代理发现

Home agents and foreign agents may advertise their availability on each link for which they provide service. A newly arrived mobile node can send a solicitation on the link to learn if any prospective agents are present.

国内代理商和国外代理商可在其提供服务的每个链接上公布其可用性。新到达的移动节点可以在链接上发送请求,以了解是否存在任何潜在代理。

Registration

登记

When the mobile node is away from home, it registers its care-of address with its home agent. Depending on its method of attachment, the mobile node will register either directly with its home agent, or through a foreign agent that forwards the registration to the home agent.

当移动节点离开家时,它向其归属代理注册其转交地址。根据其连接方法,移动节点将直接向其归属代理注册,或通过将注册转发给归属代理的外部代理注册。

Silently Discard

默默地抛弃

The implementation discards the datagram without further processing, and without indicating an error to the sender. The implementation SHOULD provide the capability of logging the error, including the contents of the discarded datagram, and SHOULD record the event in a statistics counter.

实现丢弃数据报,无需进一步处理,也不会向发送方指示错误。实现应提供记录错误的能力,包括丢弃数据报的内容,并应在统计计数器中记录事件。

The following steps provide a rough outline of operation of the Mobile IP protocol:

以下步骤大致概述了移动IP协议的操作:

o Mobility agents (i.e., foreign agents and home agents) advertise their presence via Agent Advertisement messages (Section 2). A mobile node may optionally solicit an Agent Advertisement message from any locally attached mobility agents through an Agent Solicitation message.

o 移动代理(即外国代理和本国代理)通过代理广告消息宣传其存在(第2节)。移动节点可以可选地通过代理请求消息从任何本地连接的移动代理请求代理广告消息。

o A mobile node receives these Agent Advertisements and determines whether it is on its home network or a foreign network.

o 移动节点接收这些代理播发并确定它是在其家庭网络上还是在外部网络上。

o When the mobile node detects that it is located on its home network, it operates without mobility services. If returning to its home network from being registered elsewhere, the mobile node deregisters with its home agent, through exchange of a Registration Request and Registration Reply message with it.

o 当移动节点检测到它位于其家庭网络上时,它在没有移动服务的情况下运行。如果从别处注册返回其家庭网络,则移动节点通过与其交换注册请求和注册回复消息,向其家庭代理注销注册。

o When a mobile node detects that it has moved to a foreign network, it obtains a care-of address on the foreign network. The care-of address can either be determined from a foreign agent's

o 当移动节点检测到它已移动到外部网络时,它在外部网络上获得转交地址。转交地址可根据外国代理人的地址确定

advertisements (a foreign agent care-of address), or by some external assignment mechanism such as DHCP [34] (a co-located care-of address).

广告(外国代理转交地址),或通过某些外部分配机制,如DHCP[34](同一地点转交地址)。

o The mobile node operating away from home then registers its new care-of address with its home agent through exchange of a Registration Request and Registration Reply message with the home agent, possibly via a foreign agent (Section 3).

o 然后,在家外操作的移动节点通过与归属代理交换注册请求和注册回复消息(可能通过外部代理)向其归属代理注册其新的转交地址(第3节)。

o Datagrams sent to the mobile node's home address are intercepted by its home agent, tunneled by the home agent to the mobile node's care-of address, received at the tunnel endpoint (either at a foreign agent or at the mobile node itself), and finally delivered to the mobile node (Section 4.2.3).

o 发送到移动节点的主地址的数据报被其主代理截获,由主代理通过隧道传输到移动节点的转交地址,在隧道端点处接收(在外部代理处或在移动节点本身处),最后发送到移动节点(第4.2.3节)。

o In the reverse direction, datagrams sent by the mobile node are generally delivered to their destination using standard IP routing mechanisms, not necessarily passing through the home agent.

o 在相反的方向上,移动节点发送的数据报通常使用标准IP路由机制传送到其目的地,而不一定通过归属代理。

When away from home, Mobile IP uses protocol tunneling to hide a mobile node's home address from intervening routers between its home network and its current location. The tunnel terminates at the mobile node's care-of address. The care-of address must be an address to which datagrams can be delivered via conventional IP routing. At the care-of address, the original datagram is removed from the tunnel and delivered to the mobile node.

离开家时,移动IP使用协议隧道来隐藏移动节点的家庭地址,以防其家庭网络和当前位置之间的路由器介入。隧道终止于移动节点的转交地址。转交地址必须是数据报可以通过常规IP路由传送到的地址。在转交地址处,原始数据报从隧道中移除并传送到移动节点。

Mobile IP provides two alternative modes for the acquisition of a care-of address:

移动IP为获取转交地址提供了两种可选模式:

a. A "foreign agent care-of address" is a care-of address provided by a foreign agent through its Agent Advertisement messages. In this case, the care-of address is an IP address of the foreign agent. In this mode, the foreign agent is the endpoint of the tunnel and, upon receiving tunneled datagrams, decapsulates them and delivers the inner datagram to the mobile node. This mode of acquisition is preferred because it allows many mobile nodes to share the same care-of address and therefore does not place unnecessary demands on the already limited IPv4 address space.

a. “外国代理转交地址”是外国代理通过其代理广告消息提供的转交地址。在这种情况下,转交地址是外部代理的IP地址。在这种模式下,外部代理是隧道的端点,在接收到隧道数据报时,将其解封并将内部数据报传递给移动节点。这种获取模式是首选的,因为它允许许多移动节点共享相同的转交地址,因此不会对已经有限的IPv4地址空间提出不必要的要求。

b. A "co-located care-of address" is a care-of address acquired by the mobile node as a local IP address through some external means, which the mobile node then associates with one of its own network interfaces. The address may be dynamically acquired as a temporary address by the mobile node, such as through DHCP [34], or may be owned by the mobile node as a long-term address for its use only while visiting some foreign network. Specific external methods of acquiring a local IP address for use as a co-located

b. “同处转交地址”是移动节点通过一些外部手段获得的作为本地IP地址的转交地址,然后移动节点将其与自己的网络接口之一相关联。该地址可以由移动节点动态地获取作为临时地址,例如通过DHCP[34],或者可以由移动节点拥有作为长期地址,仅在访问某个外部网络时使用。获取本地IP地址以用作同一地址的特定外部方法

care-of address are beyond the scope of this document. When using a co-located care-of address, the mobile node serves as the endpoint of the tunnel and itself performs decapsulation of the datagrams tunneled to it.

转交地址不在本文件范围内。当使用同一位置的转交地址时,移动节点充当隧道的端点,并且自身执行隧道传输到它的数据报的解除封装。

The mode of using a co-located care-of address has the advantage that it allows a mobile node to function without a foreign agent, for example, in networks that have not yet deployed a foreign agent. It does, however, place additional burden on the IPv4 address space because it requires a pool of addresses within the foreign network to be made available to visiting mobile nodes. It is difficult to efficiently maintain pools of addresses for each subnet that may permit mobile nodes to visit.

使用共同定位的转交地址的模式的优点是,它允许移动节点在没有外部代理的情况下工作,例如,在尚未部署外部代理的网络中。但是,它确实给IPv4地址空间带来了额外的负担,因为它要求外部网络中的地址池可供访问的移动节点使用。很难有效地维护允许移动节点访问的每个子网的地址池。

It is important to understand the distinction between the care-of address and the foreign agent functions. The care-of address is simply the endpoint of the tunnel. It might indeed be an address of a foreign agent (a foreign agent care-of address), but it might instead be an address temporarily acquired by the mobile node (a co-located care-of address). A foreign agent, on the other hand, is a mobility agent that provides services to mobile nodes. See Sections 3.7 and 4.2.2 for additional details.

理解转交地址和外国代理人职能之间的区别很重要。转交地址只是隧道的端点。它可能确实是外部代理的地址(外部代理转交地址),但它可能是移动节点临时获取的地址(共址转交地址)。另一方面,外部代理是向移动节点提供服务的移动代理。更多详情见第3.7节和第4.2.2节。

A home agent MUST be able to attract and intercept datagrams that are destined to the home address of any of its registered mobile nodes. Using the proxy and gratuitous ARP mechanisms described in Section 4.6, this requirement can be satisfied if the home agent has a network interface on the link indicated by the mobile node's home address. Other placements of the home agent relative to the mobile node's home location MAY also be possible using other mechanisms for intercepting datagrams destined to the mobile node's home address. Such placements are beyond the scope of this document.

归属代理必须能够吸引和拦截发送到其任何注册移动节点的归属地址的数据报。使用第4.6节中描述的代理和免费ARP机制,如果归属代理在由移动节点的归属地址指示的链路上具有网络接口,则可以满足该要求。归属代理相对于移动节点的归属位置的其他放置也可以使用用于截取目的地为移动节点的归属地址的数据报的其他机制。此类放置超出了本文件的范围。

Similarly, a mobile node and a prospective or current foreign agent MUST be able to exchange datagrams without relying on standard IP routing mechanisms; that is, those mechanisms that make forwarding decisions based upon the network-prefix of the Destination Address in the IP header. This requirement can be satisfied if the foreign agent and the visiting mobile node have an interface on the same link. In this case, the mobile node and foreign agent simply bypass their normal IP routing mechanism when sending datagrams to each other, addressing the underlying link-layer packets to their respective link-layer addresses. Other placements of the foreign agent relative to the mobile node MAY also be possible using other mechanisms to exchange datagrams between these nodes, but such placements are beyond the scope of this document.

类似地,移动节点和预期的或当前的外部代理必须能够在不依赖标准IP路由机制的情况下交换数据报;也就是说,那些根据IP报头中目标地址的网络前缀做出转发决策的机制。如果外部代理和访问的移动节点在同一链路上具有接口,则可以满足此要求。在这种情况下,移动节点和外部代理在相互发送数据报时只是绕过它们的正常IP路由机制,将底层链路层数据包寻址到它们各自的链路层地址。也可以使用其他机制来在这些节点之间交换数据报,但是这种放置不在本文档的范围之内。

2) Datagram is intercepted 3) Datagram is by home agent and detunneled and is tunneled to the delivered to the care-of address. mobile node.

2) 数据报被截获3)数据报被归属代理截获,并被删除,然后通过隧道传送到转交地址。移动节点。

                     +-----+          +-------+         +------+
                     |home | =======> |foreign| ------> |mobile|
                     |agent|          | agent | <------ | node |
                     +-----+          +-------+         +------+
    1) Datagram to    /|\         /
       mobile node     |        /   4) For datagrams sent by the
       arrives on      |      /        mobile node, standard IP
       home network    |    /          routing delivers each to its
       via standard    |  |_           destination.  In this figure,
       IP routing.   +----+            the foreign agent is the
                     |host|            mobile node's default router.
                     +----+
        
                     +-----+          +-------+         +------+
                     |home | =======> |foreign| ------> |mobile|
                     |agent|          | agent | <------ | node |
                     +-----+          +-------+         +------+
    1) Datagram to    /|\         /
       mobile node     |        /   4) For datagrams sent by the
       arrives on      |      /        mobile node, standard IP
       home network    |    /          routing delivers each to its
       via standard    |  |_           destination.  In this figure,
       IP routing.   +----+            the foreign agent is the
                     |host|            mobile node's default router.
                     +----+
        

Figure 1: Operation of Mobile IPv4

图1:移动IPv4的操作

If a mobile node is using a co-located care-of address (as described in item (b) above), the mobile node MUST be located on the link identified by the network prefix of this care-of address. Otherwise, datagrams destined to the care-of address would be undeliverable.

如果移动节点使用同一位置的转交地址(如上文第(b)项所述),则移动节点必须位于由该转交地址的网络前缀标识的链路上。否则,发送到转交地址的数据报将无法发送。

For example, Figure 1 illustrates the routing of datagrams to and from a mobile node away from home, once the mobile node has registered with its home agent. In Figure 1, the mobile node is using a foreign agent care-of address, not a co-located care-of address.

例如,图1说明了在移动节点向其归属代理注册后,数据报往返于远离家乡的移动节点的路由。在图1中,移动节点使用的是外部代理转交地址,而不是同一位置的转交地址。

1.8. Message Format and Protocol Extensibility
1.8. 消息格式和协议扩展性

Mobile IP defines a set of new control messages, sent with UDP [17] using well-known port number 434. The following two message types are defined in this document:

移动IP定义了一组新的控制消息,使用众所周知的端口号434通过UDP[17]发送。本文档中定义了以下两种消息类型:

1 Registration Request

1注册申请

3 Registration Reply

3注册回复

Up-to-date values for the message types for Mobile IP control messages are specified in the IANA online database [48].

IANA在线数据库中指定了移动IP控制消息的消息类型的最新值[48]。

In addition, for Agent Discovery, Mobile IP makes use of the existing Router Advertisement and Router Solicitation messages defined for ICMP Router Discovery [5].

此外,对于代理发现,移动IP利用为ICMP路由器发现定义的现有路由器公告和路由器请求消息[5]。

Mobile IP defines a general Extension mechanism to allow optional information to be carried by Mobile IP control messages or by ICMP Router Discovery messages. Some extensions have been specified to be encoded in the simple Type-Length-Value format described in Section 1.9.

移动IP定义了一种通用扩展机制,允许移动IP控制消息或ICMP路由器发现消息携带可选信息。一些扩展已指定为第1.9节中描述的简单类型长度值格式编码。

Extensions allow variable amounts of information to be carried within each datagram. The end of the list of extensions is indicated by the total length of the IP datagram.

扩展允许在每个数据报中携带不同数量的信息。扩展列表的末尾由IP数据报的总长度表示。

Two separately maintained sets of numbering spaces, from which Extension Type values are allocated, are used in Mobile IP:

在移动IP中使用两组单独维护的编号空间,从中分配扩展类型值:

o The first set consists of those Extensions that may appear in Mobile IP control messages (those sent to and from UDP port number 434). In this document, the following types are defined for Extensions appearing in Mobile IP control messages:

o 第一组由可能出现在移动IP控制消息中的扩展(发送到UDP端口号434或从UDP端口号434发送的扩展)组成。在本文档中,为出现在移动IP控制消息中的扩展定义了以下类型:

0 One-byte Padding (encoded with neither Length nor Data field) 32 Mobile-Home Authentication 33 Mobile-Foreign Authentication 34 Foreign-Home Authentication

0单字节填充(既不使用长度也不使用数据字段编码)32移动家庭身份验证33移动外部身份验证34外部家庭身份验证

o The second set consists of those Extensions that may appear in ICMP Router Discovery messages [5]. In this document, the following types are defined for Extensions appearing in ICMP Router Discovery messages:

o 第二组由可能出现在ICMP路由器发现消息[5]中的扩展组成。在本文档中,为ICMP路由器发现消息中出现的扩展定义了以下类型:

0 One-byte Padding (encoded with neither Length nor Data field) 16 Mobility Agent Advertisement 19 Prefix-Lengths

0单字节填充(既不使用长度也不使用数据字段编码)16移动代理播发19前缀长度

Each individual Extension is described in detail in a separate section later in this document. Up-to-date values for these Extension Type numbers are specified in the IANA online database [48].

本文档后面的单独章节将详细描述每个扩展。IANA在线数据库中指定了这些扩展类型编号的最新值[48]。

Due to the separation (orthogonality) of these sets, it is conceivable that two Extensions that are defined at a later date could have identical Type values, so long as one of the Extensions may be used only in Mobile IP control messages and the other may be used only in ICMP Router Discovery messages.

由于这些集合的分离(正交性),可以想象,以后定义的两个扩展可以具有相同的类型值,只要其中一个扩展可以仅用于移动IP控制消息,而另一个扩展可以仅用于ICMP路由器发现消息。

The Type field in the Mobile IP extension structure can support up to 255 (skippable and non-skippable) uniquely identifiable extensions. When an Extension numbered in either of these sets within the range 0 through 127 is encountered but not recognized, the message containing that Extension MUST be silently discarded. When an Extension

移动IP扩展结构中的类型字段最多可支持255个(可跳过和不可跳过)唯一标识的扩展。当遇到一个编号在0到127范围内的扩展名但无法识别时,包含该扩展名的消息必须以静默方式丢弃。当一个分机

numbered in the range 128 through 255 is encountered that is not recognized, that particular Extension is ignored, but the rest of the Extensions and message data MUST still be processed. The Length field of the Extension is used to skip the Data field in searching for the next Extension.

如果遇到无法识别的编号在128到255之间的扩展名,则忽略该特定扩展名,但仍必须处理其余扩展名和消息数据。扩展名的长度字段用于在搜索下一个扩展名时跳过数据字段。

Unless additional structure is utilized for the extension types, new developments or additions to Mobile IP might require so many new extensions that the available space for extension types might run out. Two new extension structures are proposed to solve this problem. Certain types of extensions can be aggregated, using subtypes to identify the precise extension, for example as has been done with the Generic Authentication Keys extensions [46]. In many cases, this may reduce the rate of allocation for new values of the Type field.

除非扩展类型使用额外的结构,否则移动IP的新开发或添加可能需要如此多的新扩展,以至于扩展类型的可用空间可能会耗尽。提出了两种新的扩展结构来解决这个问题。某些类型的扩展可以聚合,使用子类型来标识精确的扩展,例如,通用身份验证密钥扩展[46]。在许多情况下,这可能会降低类型字段新值的分配率。

Since the new extension structures will cause an efficient usage of the extension type space, it is recommended that new Mobile IP extensions follow one of the two new extension formats whenever there may be the possibility of grouping related extensions together.

由于新的扩展结构将有效地利用扩展类型空间,因此建议在可能将相关扩展分组在一起时,新的移动IP扩展遵循两种新扩展格式之一。

The following subsections provide details about three distinct structures for Mobile IP extensions:

以下小节详细介绍了移动IP扩展的三种不同结构:

o The simple extension format

o 简单扩展格式

o The long extension format

o 长扩展格式

o The short extension format

o 短扩展格式

1.9. Type-Length-Value Extension Format for Mobile IP Extensions
1.9. 移动IP扩展的类型长度值扩展格式

The Type-Length-Value format illustrated in Figure 2 is used for extensions that are specified in this document. Since this simple extension structure does not encourage the most efficient usage of the extension type space, it is recommended that new Mobile IP extensions follow one of the two new extension formats specified in Section 1.10 or Section 1.11 whenever there may be the possibility of grouping related extensions together.

图2中所示的类型长度值格式用于本文档中指定的扩展。由于这种简单的扩展结构不鼓励最有效地使用扩展类型空间,因此建议新的移动IP扩展遵循第1.10节或第1.11节中规定的两种新扩展格式之一,只要有可能将相关扩展分组在一起。

               0                   1                   2
               0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
              |     Type      |    Length     |    Data ...
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
        
               0                   1                   2
               0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
              |     Type      |    Length     |    Data ...
              +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
        

Figure 2: Type-Length-Value Extension Format for Mobile IPv4

图2:移动IPv4的类型长度值扩展格式

Type Indicates the particular type of Extension.

类型指示扩展的特定类型。

Length Indicates the length (in bytes) of the Data field within this Extension. The length does NOT include the Type and Length bytes.

Length表示此扩展中数据字段的长度(以字节为单位)。长度不包括类型和长度字节。

Data The particular data associated with this Extension. This field may be zero or more bytes in length. The format and length of the Data field is determined by the Type and Length fields.

数据与此扩展关联的特定数据。此字段的长度可以是零个或多个字节。数据字段的格式和长度由类型和长度字段决定。

1.10. Long Extension Format
1.10. 长扩展格式

This format is applicable for non-skippable extensions that carry information of more than 256 bytes. Skippable extensions can never use the long format, because the receiver is not required to include parsing code and is likely to treat the 8 bits immediately following the Type as the Length field.

此格式适用于携带超过256字节信息的不可跳过扩展。可跳过扩展永远不能使用长格式,因为接收器不需要包含解析代码,并且可能会将紧跟在类型后面的8位视为长度字段。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |  Sub-Type     |           Length              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Data      .....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |  Sub-Type     |           Length              |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Data      .....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The Long Extension format requires that the following fields be specified as the first fields of the extension.

长扩展名格式要求将以下字段指定为扩展名的第一个字段。

Type is the type, which describes a collection of extensions having a common data type.

类型是类型,它描述具有公共数据类型的扩展集合。

Sub-Type is a unique number given to each member in the aggregated type.

子类型是为聚合类型中的每个成员指定的唯一编号。

Length indicates the length (in bytes) of the Data field within this Extension. It does NOT include the Type, Length, and Sub-Type bytes.

Length表示此扩展中数据字段的长度(以字节为单位)。它不包括类型、长度和子类型字节。

Data is the data associated with the subtype of this extension. This specification does not place any additional structure on the subtype data.

数据是与此扩展的子类型关联的数据。本规范不在子类型数据上放置任何附加结构。

Since the Length field is 16 bits wide, the extension data can exceed 256 bytes in length.

由于长度字段为16位宽,因此扩展数据的长度可以超过256字节。

1.11. Short Extension Format
1.11. 短扩展格式

This format is compatible with the skippable extensions defined in Section 1.9. It is not applicable for extensions that require more than 256 bytes of data; for such extensions, use the format described in Section 1.10.

此格式与第1.9节中定义的可跳过扩展兼容。它不适用于需要超过256字节数据的扩展;对于此类扩展,请使用第1.10节中描述的格式。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |   Length      |    Sub-Type   |    Data ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |   Length      |    Sub-Type   |    Data ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

The Short Extension format requires that the following fields be specified as the first fields of the extension:

短扩展名格式要求将以下字段指定为扩展名的第一个字段:

Type is the type, which describes a collection of extensions having a common data type.

类型是类型,它描述具有公共数据类型的扩展集合。

Sub-Type is a unique number given to each member in the aggregated type.

子类型是为聚合类型中的每个成员指定的唯一编号。

Length 8-bit unsigned integer. Length of the extension, in bytes, excluding the extension Type and the extension Length fields. This field MUST be set to 1 plus the total length of the Data field.

长度为8位无符号整数。扩展的长度(字节),不包括扩展类型和扩展长度字段。此字段必须设置为1加上数据字段的总长度。

Data is the data associated with this extension. This specification does not place any additional structure on the subtype data.

Data是与此扩展关联的数据。本规范不在子类型数据上放置任何附加结构。

2. Agent Discovery
2. 代理发现

Agent Discovery is the method by which a mobile node determines whether it is currently connected to its home network or to a foreign network, and by which a mobile node can detect when it has moved from one network to another. When connected to a foreign network, the methods specified in this section also allow the mobile node to determine the foreign agent care-of address being offered by each foreign agent on that network.

代理发现是一种方法,通过该方法,移动节点确定其当前是连接到其家庭网络还是连接到外部网络,并且通过该方法,移动节点可以检测其何时从一个网络移动到另一个网络。当连接到外部网络时,本节中指定的方法还允许移动节点确定该网络上的每个外部代理提供的外部代理转交地址。

Mobile IP extends ICMP Router Discovery [5] as its primary mechanism for Agent Discovery. An Agent Advertisement is formed by including a Mobility Agent Advertisement Extension in an ICMP Router Advertisement message (Section 2.1). An Agent Solicitation message is identical to an ICMP Router Solicitation, except that its IP Time

移动IP将ICMP路由器发现[5]扩展为其代理发现的主要机制。通过在ICMP路由器广告消息中包括移动代理广告扩展来形成代理广告(第2.1节)。代理请求消息与ICMP路由器请求相同,只是其IP时间不同

to Live (TTL) MUST be set to 1 (Section 2.2). This section describes the message formats and procedures by which mobile nodes, foreign agents, and home agents cooperate to realize Agent Discovery.

生存时间(TTL)必须设置为1(第2.2节)。本节描述移动节点、外部代理和本地代理协作实现代理发现的消息格式和过程。

Agent Advertisement and Agent Solicitation may not be necessary for link layers that already provide this functionality. The method by which mobile nodes establish link-layer connections with prospective agents is outside the scope of this document (but see Appendix A). The procedures described below assume that such link-layer connectivity has already been established.

对于已经提供此功能的链接层,可能不需要代理广告和代理请求。移动节点与潜在代理建立链路层连接的方法不在本文档的范围内(但请参见附录A)。下面描述的过程假设已经建立了这样的链路层连接。

No authentication is required for Agent Advertisement and Agent Solicitation messages. They MAY be authenticated using the IP Authentication Header [9], which is unrelated to the messages described in this document. Further specification of the way in which Advertisement and Solicitation messages may be authenticated is outside of the scope of this document.

代理播发和代理请求消息不需要身份验证。可以使用IP身份验证头[9]对它们进行身份验证,这与本文档中描述的消息无关。广告和征集消息认证方式的进一步说明不在本文件范围内。

2.1. Agent Advertisement
2.1. 代理广告

Agent Advertisements are transmitted by a mobility agent to advertise its services on a link. Mobile nodes use these advertisements to determine their current point of attachment to the Internet. An Agent Advertisement is an ICMP Router Advertisement that has been extended to also carry a Mobility Agent Advertisement Extension (Section 2.1.1) and, optionally, a Prefix-Lengths Extension (Section 2.1.2), One-byte Padding Extension (Section 2.1.3), or other Extensions that might be defined in the future.

代理播发由移动代理发送,以在链路上播发其服务。移动节点使用这些广告来确定其当前的互联网连接点。代理播发是一种ICMP路由器播发,该播发已扩展为还携带移动代理播发扩展(第2.1.1节)和可选的前缀长度扩展(第2.1.2节)、一字节填充扩展(第2.1.3节)或将来可能定义的其他扩展。

Within an Agent Advertisement message, ICMP Router Advertisement fields of the message are required to conform to the following additional specifications:

在代理播发消息中,消息的ICMP路由器播发字段需要符合以下附加规范:

- Link-Layer Fields

- 链接层字段

Destination Address

目的地址

The link-layer Destination Address of a unicast Agent Advertisement MUST be the same as the source link-layer address of the Agent Solicitation that prompted the Advertisement.

单播代理播发的链路层目标地址必须与提示播发的代理请求的源链路层地址相同。

- IP Fields

- IP字段

TTL The TTL for all Agent Advertisements MUST be set to 1.

TTL所有代理播发的TTL必须设置为1。

Destination Address

目的地址

As specified for ICMP Router Discovery [5], the IP Destination Address of a multicast Agent Advertisement MUST be either the "all systems on this link" multicast address (224.0.0.1) [6] or the "limited broadcast" address (255.255.255.255). The subnet-directed broadcast address of the form <prefix>.<-1> cannot be used since mobile nodes will not generally know the prefix of the foreign network. When the Agent Advertisement is unicast to a mobile node, the IP home address of the mobile node SHOULD be used as the Destination Address.

按照ICMP路由器发现[5]的规定,多播代理播发的IP目标地址必须是“此链路上的所有系统”多播地址(224.0.0.1)[6]或“有限广播”地址(255.255.255.255)。无法使用形式为<prefix><-1>的子网定向广播地址,因为移动节点通常不知道外部网络的前缀。当代理广告单播到移动节点时,应将移动节点的IP家庭地址用作目的地地址。

- ICMP Fields

- ICMP字段

Code The Code field of the Agent Advertisement is interpreted as follows:

代码代理广告的代码字段解释如下:

0 The mobility agent handles common traffic -- that is, it acts as a router for IP datagrams not necessarily related to mobile nodes.

0移动代理处理公共流量——也就是说,它充当不一定与移动节点相关的IP数据报的路由器。

16 The mobility agent does not route common traffic. However, all foreign agents MUST (minimally) forward to a default router any datagrams received from a registered mobile node (Section 4.2.2).

16移动代理不路由公共业务。但是,所有外部代理必须(至少)将从注册移动节点接收到的任何数据报转发给默认路由器(第4.2.2节)。

Lifetime

一生

The maximum length of time that the Advertisement is considered valid in the absence of further Advertisements.

在没有其他广告的情况下,广告被视为有效的最长时间。

Router Address(es)

路由器地址

See Section 2.3.1 for a discussion of the addresses that may appear in this portion of the Agent Advertisement.

关于代理广告这一部分中可能出现的地址的讨论,请参见第2.3.1节。

Num Addrs

地址数

The number of router addresses advertised in this message. Note that in an Agent Advertisement message, the number of router addresses specified in the ICMP Router Advertisement portion of the message MAY be set to 0. See Section 2.3.1 for details.

此消息中公布的路由器地址数。注意,在代理播发消息中,在消息的ICMP路由器播发部分中指定的路由器地址的数目可以设置为0。详见第2.3.1节。

If sent periodically, the nominal interval at which Agent Advertisements are sent SHOULD be no longer than 1/3 of the advertisement Lifetime given in the ICMP header. This interval MAY be shorter than 1/3 the advertised Lifetime. This allows a mobile node to miss three successive advertisements before deleting the agent from its list of valid agents. The actual transmission time for each advertisement SHOULD be slightly randomized [5] in order to avoid synchronization and subsequent collisions with other Agent Advertisements that may be sent by other agents (or with other Router Advertisements sent by other routers). Note that this field has no relation to the "Registration Lifetime" field within the Mobility Agent Advertisement Extension defined below.

如果定期发送,则发送代理播发的标称间隔应不超过ICMP标头中给出的播发生存期的1/3。此间隔可能短于公布寿命的1/3。这允许移动节点在从其有效代理列表中删除代理之前错过三个连续广告。每个广告的实际传输时间应稍微随机化[5],以避免与其他代理发送的其他代理广告(或与其他路由器发送的其他路由器广告)的同步和后续冲突。请注意,此字段与下面定义的移动代理广告扩展中的“注册寿命”字段无关。

2.1.1. Mobility Agent Advertisement Extension
2.1.1. 移动代理广告扩展

The Mobility Agent Advertisement Extension follows the ICMP Router Advertisement fields. It is used to indicate that an ICMP Router Advertisement message is also an Agent Advertisement being sent by a mobility agent. The Mobility Agent Advertisement Extension is defined as follows:

Mobility Agent播发扩展遵循ICMP路由器播发字段。它用于指示ICMP路由器广告消息也是由移动代理发送的代理广告。移动代理广告扩展定义如下:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |    Length     |        Sequence Number        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Registration Lifetime      |R|B|H|F|M|G|r|T|U|X|I|reserved |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                  zero or more Care-of Addresses               |
    |                              ...                              |
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |    Length     |        Sequence Number        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Registration Lifetime      |R|B|H|F|M|G|r|T|U|X|I|reserved |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                  zero or more Care-of Addresses               |
    |                              ...                              |
        

Type 16

类型16

Length (6 + 4*N), where 6 accounts for the number of bytes in the Sequence Number, Registration Lifetime, flags, and reserved fields, and N is the number of care-of addresses advertised.

长度(6+4*N),其中6表示序列号、注册生存期、标志和保留字段中的字节数,N表示公布的转交地址数。

Sequence Number

序列号

The count of Agent Advertisement messages sent since the agent was initialized (Section 2.3.2).

自代理初始化以来发送的代理播发消息的计数(第2.3.2节)。

Registration Lifetime

注册寿命

The longest lifetime (measured in seconds) that this agent is willing to accept in any Registration Request. A value of 0xffff indicates infinity. This field has no relation to the "Lifetime" field within the ICMP Router Advertisement portion of the Agent Advertisement.

此代理在任何注册请求中愿意接受的最长生存期(以秒为单位)。0xffff值表示无穷大。此字段与代理播发的ICMP路由器播发部分中的“生存期”字段无关。

R Registration required. Registration with this foreign agent (or another foreign agent on this link) is required even when using a co-located care-of address.

R需要注册。即使使用同一地点的转交地址,也需要向该外国代理(或此链接上的其他外国代理)注册。

B Busy. The foreign agent will not accept registrations from additional mobile nodes.

B很忙。外部代理将不接受来自其他移动节点的注册。

H Home agent. This agent offers service as a home agent on the link on which this Agent Advertisement message is sent.

H国内代理人。此代理作为本地代理在发送此代理广告消息的链接上提供服务。

F Foreign agent. This agent offers service as a foreign agent on the link on which this Agent Advertisement message is sent.

F外国代理人。此代理作为外部代理在发送此代理广告消息的链接上提供服务。

M Minimal encapsulation. This agent implements receiving tunneled datagrams that use minimal encapsulation [15].

M最小封装。此代理实现接收使用最小封装的隧道数据报[15]。

G Generic Routing Encapsulation (GRE) encapsulation. This agent implements receiving tunneled datagrams that use GRE encapsulation [13].

G通用路由封装(GRE)封装。此代理实现接收使用GRE封装的隧道数据报[13]。

r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.

r发送为零;接待时被忽略。不应分配给任何其他用途。

T Foreign agent supports reverse tunneling as specified in [12].

T外部代理支持[12]中规定的反向隧道。

U Mobility agent supports UDP Tunneling as specified in [27].

U Mobility agent支持[27]中指定的UDP隧道。

X Mobility agent supports Registration Revocation as specified in [28].

X Mobility agent支持[28]中规定的注册撤销。

I Foreign agent supports Regional Registration as specified in [29].

I外国代理支持[29]中规定的区域注册。

reserved Sent as zero; ignored on reception.

保留发送为零;接待时被忽略。

Care-of Address(es)

转交地址

The advertised foreign agent care-of address(es) provided by this foreign agent. An Agent Advertisement MUST include at least one care-of address if the 'F' bit is set. The number of care-of addresses present is determined by the Length field in the Extension.

该外国代理提供的广告外国代理转交地址。如果设置了“F”位,代理广告必须至少包含一个转交地址。存在的转交地址数由扩展名中的长度字段确定。

A home agent MUST always be prepared to serve the mobile nodes for which it is the home agent. A foreign agent may at times be too busy to serve additional mobile nodes; even so, it must continue to send Agent Advertisements, so that any mobile nodes already registered with it will know that they have not moved out of range of the foreign agent and that the foreign agent has not failed. A foreign agent may indicate that it is "too busy" to allow new mobile nodes to register with it, by setting the 'B' bit in its Agent Advertisements. An Agent Advertisement message MUST NOT have the 'B' bit set if the 'F' bit is not also set. Furthermore, at least one of the 'F' bit and the 'H' bit MUST be set in any Agent Advertisement message sent.

归属代理必须始终准备为其作为归属代理的移动节点提供服务。外部代理有时可能太忙,无法为其他移动节点提供服务;即使如此,它也必须继续发送代理广告,以便已经向其注册的任何移动节点都知道它们没有移出外部代理的范围,并且外部代理没有失败。外部代理可以通过在其代理播发中设置“B”位来指示其“太忙”,无法允许新的移动节点向其注册。如果未设置“F”位,则代理播发消息不得设置“B”位。此外,在发送的任何代理广告消息中,必须至少设置“F”位和“H”位中的一个。

When a foreign agent wishes to require registration even from those mobile nodes that have acquired a co-located care-of address, it sets the 'R' bit to one. Because this bit applies only to foreign agents, an agent MUST NOT set the 'R' bit to one unless the 'F' bit is also set to one.

当外部代理希望要求注册,即使是从那些已获得共同定位转交地址的移动节点注册时,它会将“R”位设置为1。由于此位仅适用于外部代理,代理不得将“R”位设置为1,除非“F”位也设置为1。

2.1.2. Prefix-Lengths Extension
2.1.2. 前缀长度扩展

The Prefix-Lengths Extension MAY follow the Mobility Agent Advertisement Extension. It is used to indicate the number of bits of network prefix that applies to each router address listed in the ICMP Router Advertisement portion of the Agent Advertisement. Note that the prefix lengths given DO NOT apply to care-of address(es) listed in the Mobility Agent Advertisement Extension. The Prefix-Lengths Extension is defined as follows:

前缀长度扩展可以跟随移动代理广告扩展。它用于指示应用于代理播发的ICMP路由器播发部分中列出的每个路由器地址的网络前缀位数。注意,给出的前缀长度不适用于移动代理广告扩展中列出的转交地址。前缀长度扩展定义如下:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     | Prefix Length |      ....
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |    Length     | Prefix Length |      ....
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Type 19 (Prefix-Lengths Extension)

类型19(前缀长度扩展)

Length N, where N is the value (possibly zero) of the Num Addrs field in the ICMP Router Advertisement portion of the Agent Advertisement.

长度N,其中N是代理播发的ICMP路由器播发部分中Num Addrs字段的值(可能为零)。

Prefix Length(s)

前缀长度(s)

The number of leading bits that define the network number of the corresponding router address listed in the ICMP Router Advertisement portion of the message. The prefix length for each router address is encoded as a separate byte, in the order that the router addresses are listed in the ICMP Router Advertisement portion of the message.

前导位数,用于定义消息的ICMP路由器公告部分中列出的相应路由器地址的网络号。每个路由器地址的前缀长度编码为一个单独的字节,按照路由器地址在消息的ICMP路由器公告部分中列出的顺序。

See Section 2.4.2 for information about how the Prefix-Lengths Extension MAY be used by a mobile node when determining whether it has moved. See Appendix D for implementation details about the use of this Extension.

有关移动节点在确定其是否已移动时如何使用前缀长度扩展的信息,请参见第2.4.2节。有关使用此扩展的实施细节,请参见附录D。

2.1.3. One-Byte Padding Extension
2.1.3. 单字节填充扩展

Some IP protocol implementations insist upon padding ICMP messages to an even number of bytes. If the ICMP length of an Agent Advertisement is odd, this Extension MAY be included in order to make the ICMP length even. Note that this Extension is NOT intended to be a general-purpose Extension to be included in order to word- or long-align the various fields of the Agent Advertisement. An Agent Advertisement SHOULD NOT include more than one One-byte Padding Extension and if present, this Extension SHOULD be the last Extension in the Agent Advertisement.

一些IP协议实现坚持将ICMP消息填充到偶数字节。如果代理播发的ICMP长度为奇数,则可以包括此扩展以使ICMP长度为偶数。请注意,此扩展不打算作为通用扩展,以便对代理广告的各个字段进行字对齐或长对齐。代理播发不应包含多个单字节填充扩展名,如果存在,则此扩展名应是代理播发中的最后一个扩展名。

Note that, unlike other Extensions used in Mobile IP, the One-byte Padding Extension is encoded as a single byte, with no Length nor Data field present. The One-byte Padding Extension is defined as follows:

请注意,与移动IP中使用的其他扩展不同,单字节填充扩展被编码为单字节,不存在长度或数据字段。单字节填充扩展定义如下:

        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |     Type      |
       +-+-+-+-+-+-+-+-+
        
        0 1 2 3 4 5 6 7
       +-+-+-+-+-+-+-+-+
       |     Type      |
       +-+-+-+-+-+-+-+-+
        

Type 0 (One-byte Padding Extension)

类型0(单字节填充扩展名)

2.2. Agent Solicitation
2.2. 招揽代理人

An Agent Solicitation is identical to an ICMP Router Solicitation with the further restriction that the IP TTL Field MUST be set to 1.

代理请求与ICMP路由器请求相同,但进一步限制IP TTL字段必须设置为1。

2.3. Foreign Agent and Home Agent Considerations
2.3. 国外代理和国内代理的考虑因素

Any mobility agent that cannot be discovered by a link-layer protocol MUST send Agent Advertisements. An agent that can be discovered by a link-layer protocol SHOULD also implement Agent Advertisements.

链路层协议无法发现的任何移动代理都必须发送代理播发。可以通过链路层协议发现的代理也应该实现代理播发。

However, the Advertisements need not be sent, except when the site policy requires registration with the agent (i.e., when the 'R' bit is set), or as a response to a specific Agent Solicitation. All mobility agents MUST process packets that they receive addressed to the Mobile-Agents multicast group, at address 224.0.0.11. A mobile node MAY send an Agent Solicitation to 224.0.0.11. All mobility agents SHOULD respond to Agent Solicitations.

但是,不需要发送广告,除非站点策略要求向代理注册(即,设置了“R”位),或者作为对特定代理请求的响应。所有移动代理必须处理它们接收的数据包,这些数据包的地址是移动代理多播组,地址为224.0.0.11。移动节点可向224.0.0.11发送代理请求。所有移动代理都应响应代理请求。

The same procedures, defaults, and constants are used in Agent Advertisement messages and Agent Solicitation messages as specified for ICMP Router Discovery [5], except that:

为ICMP路由器发现[5]指定的代理播发消息和代理请求消息中使用相同的过程、默认值和常量,但以下情况除外:

o a mobility agent MUST limit the rate at which it sends broadcast or multicast Agent Advertisements; the maximum rate SHOULD be chosen so that the Advertisements do not consume a significant amount of network bandwidth, AND

o 移动代理必须限制其发送广播或多播代理广告的速率;应选择最大速率,以便广告不会占用大量网络带宽,以及

o a mobility agent that receives a Router Solicitation MUST NOT require that the IP Source Address is the address of a neighbor (i.e., an address that matches one of the router's own addresses on the arrival interface, under the subnet mask associated with that address of the router).

o 接收路由器请求的移动代理不得要求IP源地址是邻居的地址(即,在与路由器地址相关联的子网掩码下,与到达接口上的路由器自身地址之一相匹配的地址)。

o a mobility agent MAY be configured to send Agent Advertisements only in response to an Agent Solicitation message.

o 移动代理可被配置为仅响应于代理请求消息而发送代理广告。

If the home network is not a virtual network, then the home agent for any mobile node SHOULD be located on the link identified by the mobile node's home address, and Agent Advertisement messages sent by the home agent on this link MUST have the 'H' bit set. In this way, mobile nodes on their own home network will be able to determine that they are indeed at home. Any Agent Advertisement messages sent by the home agent on another link to which it may be attached (if it is a mobility agent serving more than one link), MUST NOT have the 'H' bit set unless the home agent also serves as a home agent (to other mobile nodes) on that other link. A mobility agent MAY use different settings for each of the 'R', 'H', and 'F' bits on different network interfaces.

如果归属网络不是虚拟网络,则任何移动节点的归属代理应位于由移动节点的归属地址标识的链路上,并且归属代理在此链路上发送的代理广告消息必须设置“H”位。这样,他们自己家庭网络上的移动节点将能够确定他们确实在家。由归属代理在其可能连接到的另一链路上发送的任何代理广告消息(如果它是服务于多个链路的移动代理),不得设置“H”位,除非归属代理也在该另一链路上充当归属代理(到其他移动节点)。移动代理可以对不同网络接口上的“R”、“H”和“F”比特中的每一个使用不同的设置。

If the home network is a virtual network, the home network has no physical realization external to the home agent itself. In this case, there is no physical network link on which to send Agent Advertisement messages advertising the home agent. Mobile nodes for which this is the home network are always treated as being away from home.

如果家庭网络是虚拟网络,则家庭网络在家庭代理自身之外没有物理实现。在这种情况下,没有物理网络链路可用于发送代理广告消息以宣传归属代理。这是家庭网络的移动节点总是被视为远离家庭。

On a particular subnet, either all mobility agents MUST include the Prefix-Lengths Extension or all of them MUST NOT include this Extension. Equivalently, it is prohibited for some agents on a given subnet to include the Extension but for others not to include it. Otherwise, one of the move detection algorithms designed for mobile nodes will not function properly (Section 2.4.2).

在特定子网上,所有移动代理都必须包含前缀长度扩展,或者所有移动代理都不能包含此扩展。同样,禁止给定子网上的某些代理包含扩展,但禁止其他代理不包含扩展。否则,为移动节点设计的移动检测算法之一将无法正常工作(第2.4.2节)。

2.3.1. Advertised Router Addresses
2.3.1. 公布的路由器地址

The ICMP Router Advertisement portion of the Agent Advertisement MAY contain one or more router addresses. An agent SHOULD only put its own addresses, if any, in the advertisement. Whether or not its own address appears in the router addresses, a foreign agent MUST route datagrams it receives from registered mobile nodes (Section 3.7).

代理播发的ICMP路由器播发部分可以包含一个或多个路由器地址。代理商只应在广告中注明自己的地址(如有)。无论其自身地址是否出现在路由器地址中,外部代理必须路由其从注册移动节点接收的数据报(第3.7节)。

2.3.2. Sequence Numbers and Rollover Handling
2.3.2. 序列号和翻转处理

The sequence number in Agent Advertisements ranges from 0 to 0xffff. After booting, an agent MUST use the number 0 for its first advertisement. Each subsequent advertisement MUST use the sequence number one greater, with the exception that the sequence number 0xffff MUST be followed by sequence number 256. In this way, mobile nodes can distinguish a reduction in the sequence number that occurs after a reboot from a reduction that results in rollover of the sequence number after it attains the value 0xffff.

代理播发中的序列号范围为0到0xffff。启动后,代理必须将数字0用于其第一次播发。每个后续播发必须使用大于1的序列号,但序列号0xffff后面必须跟序列号256。通过这种方式,移动节点可以区分重新启动后发生的序列号减少和在序列号达到值0xffff后导致序列号滚动的减少。

2.4. Mobile Node Considerations
2.4. 移动节点注意事项

Every mobile node MUST implement Agent Solicitation. Solicitations SHOULD only be sent in the absence of Agent Advertisements and when a care-of address has not been determined through a link-layer protocol or other means. The mobile node uses the same procedures, defaults, and constants for Agent Solicitation as specified for ICMP Router Solicitation messages [5], except that the mobile node MAY solicit more often than once every three seconds, and that a mobile node that is currently not connected to any foreign agent MAY solicit more times than MAX_SOLICITATIONS.

每个移动节点都必须实现代理请求。只有在没有代理广告以及未通过链路层协议或其他方式确定转交地址的情况下,才应发送请求。移动节点使用与ICMP路由器请求消息[5]中指定的相同的代理请求过程、默认值和常量,但移动节点可能每三秒请求一次以上,并且当前未连接到任何外部代理的移动节点可能请求超过MAX_请求的次数。

The rate at which a mobile node sends solicitations MUST be limited by the mobile node. The mobile node MAY send three initial solicitations at a maximum rate of one per second while searching for an agent. After this, the rate at which solicitations are sent MUST be reduced so as to limit the overhead on the local link. Subsequent solicitations MUST be sent using a binary exponential backoff mechanism, doubling the interval between consecutive solicitations,

移动节点发送请求的速率必须受到移动节点的限制。移动节点可以在搜索代理时以每秒一个的最大速率发送三个初始请求。在此之后,必须降低发送请求的速率,以限制本地链路上的开销。后续请求必须使用二进制指数退避机制发送,使连续请求之间的间隔加倍,

up to a maximum interval. The maximum interval SHOULD be chosen appropriately based upon the characteristics of the media over which the mobile node is soliciting. This maximum interval SHOULD be at least one minute between solicitations.

最大间隔。最大间隔应基于移动节点正在请求的媒体的特征来适当地选择。两次招标之间的最大间隔应至少为一分钟。

While still searching for an agent, the mobile node MUST NOT increase the rate at which it sends solicitations unless it has received a positive indication that it has moved to a new link. After successfully registering with an agent, the mobile node SHOULD also increase the rate at which it will send solicitations when it next begins searching for a new agent with which to register. The increased solicitation rate MAY revert to the maximum rate, but then MUST be limited in the manner described above. In all cases, the recommended solicitation intervals are nominal values. Mobile nodes MUST randomize their solicitation times around these nominal values as specified for ICMP Router Discovery [5].

当仍在搜索代理时,移动节点不得增加其发送请求的速率,除非其已收到移动到新链路的肯定指示。在成功地向代理注册之后,移动节点还应该提高其在下一次开始搜索要注册的新代理时发送请求的速率。增加的征集率可以恢复为最高率,但必须以上述方式加以限制。在所有情况下,建议的招标间隔均为标称值。移动节点必须按照ICMP路由器发现[5]的规定,围绕这些标称值随机化其请求时间。

Mobile nodes MUST process received Agent Advertisements. A mobile node can distinguish an Agent Advertisement message from other uses of the ICMP Router Advertisement message by examining the number of advertised addresses and the IP Total Length field. When the IP total length indicates that the ICMP message is longer than needed for the number of advertised addresses, the remaining data is interpreted as one or more Extensions. The presence of a Mobility Agent Advertisement Extension identifies the advertisement as an Agent Advertisement.

移动节点必须处理接收到的代理播发。移动节点可以通过检查播发地址的数量和IP总长度字段,将代理播发消息与ICMP路由器播发消息的其他用途区分开来。当IP总长度指示ICMP消息的长度超过播发地址数所需的长度时,剩余数据将被解释为一个或多个扩展。移动代理广告扩展的存在将广告标识为代理广告。

If there is more than one advertised address, the mobile node SHOULD pick the first address for its initial registration attempt. If the registration attempt fails with a status code indicating rejection by the foreign agent, the mobile node MAY retry the attempt with each subsequent advertised address in turn.

如果有多个播发地址,移动节点应为其初始注册尝试选择第一个地址。如果注册尝试失败,并且状态代码指示被外部代理拒绝,则移动节点可以依次使用每个后续播发地址重试该尝试。

When multiple methods of agent discovery are in use, the mobile node SHOULD first attempt registration with agents including Mobility Agent Advertisement Extensions in their advertisements, in preference to those discovered by other means. This preference maximizes the likelihood that the registration will be recognized, thereby minimizing the number of registration attempts.

当使用多个代理发现方法时,移动节点应首先尝试向代理注册,包括在其广告中的移动代理广告扩展,优先于通过其他手段发现的那些。这种偏好最大化了注册被识别的可能性,从而最小化了注册尝试的次数。

A mobile node MUST ignore reserved bits in Agent Advertisements, as opposed to discarding such advertisements. In this way, new bits can be defined later, without affecting the ability for mobile nodes to use the advertisements even when the newly defined bits are not understood.

移动节点必须忽略代理播发中的保留位,而不是丢弃此类播发。这样,可以稍后定义新比特,而不影响移动节点使用广告的能力,即使在不理解新定义的比特时也是如此。

2.4.1. Registration Required
2.4.1. 需要注册

When the mobile node receives an Agent Advertisement with the 'R' bit set, the mobile node SHOULD register through the foreign agent, even when the mobile node might be able to acquire its own co-located care-of address. This feature is intended to allow sites to enforce visiting policies (such as accounting) that require exchanges of authorization.

当移动节点接收到设置了“R”位的代理广告时,移动节点应通过外部代理注册,即使移动节点可能能够获取其自己的同址转交地址。此功能旨在允许站点强制执行需要交换授权的访问策略(如记帐)。

If formerly reserved bits require some kind of monitoring/enforcement at the foreign link, foreign agents implementing the new specification for the formerly reserved bits can set the 'R' bit. This has the effect of forcing the mobile node to register through the foreign agent, so the foreign agent could then monitor/enforce the policy.

如果以前保留的位需要在外部链路上进行某种监视/强制,则为以前保留的位实施新规范的外部代理可以设置“R”位。这具有强制移动节点通过外部代理注册的效果,因此外部代理随后可以监视/实施策略。

2.4.2. Move Detection
2.4.2. 移动检测

Two primary mechanisms are provided for mobile nodes to detect when they have moved from one subnet to another. Other mechanisms MAY also be used. When the mobile node detects that it has moved, it SHOULD register (Section 3) with a suitable care-of address on the new foreign network. However, the mobile node MUST NOT register more frequently than once per second on average, as specified in Section 3.6.3.

当移动节点从一个子网移动到另一个子网时,为其提供了两种主要的检测机制。也可以使用其他机制。当移动节点检测到它已经移动时,它应该在新的外部网络上用适当的转交地址注册(第3节)。但是,如第3.6.3节所述,移动节点的注册频率不得超过平均每秒一次。

2.4.2.1. Algorithm 1
2.4.2.1. 算法1

The first method of move detection is based upon the Lifetime field within the main body of the ICMP Router Advertisement portion of the Agent Advertisement. A mobile node SHOULD record the Lifetime received in any Agent Advertisements, until that Lifetime expires. If the mobile node fails to receive another advertisement from the same agent within the specified Lifetime, it SHOULD assume that it has lost contact with that agent. If the mobile node has previously received an Agent Advertisement from another agent for which the Lifetime field has not yet expired, the mobile node MAY immediately attempt registration with that other agent. Otherwise, the mobile node SHOULD attempt to discover a new agent with which to register.

第一种移动检测方法基于代理广告的ICMP路由器广告部分的主体内的生存期字段。移动节点应记录在任何代理播发中接收的生存期,直到该生存期到期。如果移动节点在指定的生存期内未能从同一代理接收到另一个广告,则应假定它已与该代理失去联系。如果移动节点先前已经从另一个代理接收到代理广告,其生存期字段尚未过期,则移动节点可以立即尝试向该另一个代理注册。否则,移动节点应尝试发现要注册的新代理。

2.4.2.2. Algorithm 2
2.4.2.2. 算法2

The second method uses network prefixes. The Prefix-Lengths Extension MAY be used in some cases by a mobile node to determine whether or not a newly received Agent Advertisement was received on the same subnet as the mobile node's current care-of address. If the prefixes differ, the mobile node MAY assume that it has moved. If a mobile node is currently using a foreign agent care-of address, the

第二种方法使用网络前缀。在某些情况下,移动节点可以使用前缀长度扩展来确定新接收的代理广告是否在与移动节点的当前转交地址相同的子网上接收。如果前缀不同,则移动节点可假定其已移动。如果移动节点当前正在使用外部代理转交地址,则

mobile node SHOULD NOT use this method of move detection unless both the current agent and the new agent include the Prefix-Lengths Extension in their respective Agent Advertisements; if this Extension is missing from one or both of the advertisements, this method of move detection SHOULD NOT be used. Similarly, if a mobile node is using a co-located care-of address, it SHOULD NOT use this method of move detection unless the new agent includes the Prefix-Lengths Extension in its Advertisement and the mobile node knows the network prefix of its current co-located care-of address. On the expiration of its current registration, if this method indicates that the mobile node has moved, rather than re-registering with its current care-of address, a mobile node MAY choose instead to register with the foreign agent sending the new Advertisement with the different network prefix. The Agent Advertisement on which the new registration is based MUST NOT have expired according to its Lifetime field.

移动节点不应该使用这种移动检测方法,除非当前代理和新代理在各自的代理广告中都包括前缀长度扩展;如果一个或两个广告中缺少此扩展,则不应使用此移动检测方法。类似地,如果移动节点正在使用同一位置的转交地址,则其不应使用这种移动检测方法,除非新代理在其广告中包括前缀长度扩展,并且移动节点知道其当前同一位置的转交地址的网络前缀。在其当前注册到期时,如果该方法指示移动节点已经移动,而不是使用其当前转交地址重新注册,则移动节点可以选择改为向发送具有不同网络前缀的新广告的外部代理注册。根据其生存期字段,新注册所基于的代理广告不得过期。

2.4.3. Returning Home
2.4.3. 回家

A mobile node can detect that it has returned to its home network when it receives an Agent Advertisement from its own home agent. If so, it SHOULD deregister with its home agent (Section 3). Before attempting to deregister, the mobile node SHOULD configure its routing table appropriately for its home network (Section 4.2.1). In addition, if the home network is using ARP [16], the mobile node MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP.

当移动节点从它自己的归属代理接收代理广告时,它可以检测到它已经返回到它的归属网络。如果是这样,则应向其国内代理注销注册(第3节)。在尝试注销之前,移动节点应为其家庭网络适当配置其路由表(第4.2.1节)。此外,如果家庭网络使用ARP[16],移动节点必须遵循第4.6节中描述的有关ARP、代理ARP和免费ARP的程序。

2.4.4. Sequence Numbers and Rollover Handling
2.4.4. 序列号和翻转处理

If a mobile node detects two successive values of the sequence number in the Agent Advertisements from the foreign agent with which it is registered, the second of which is less than the first and inside the range 0 to 255, the mobile node SHOULD register again. If the second value is less than the first but is greater than or equal to 256, the mobile node SHOULD assume that the sequence number has rolled over past its maximum value (0xffff), and that re-registration is not necessary (Section 2.3).

如果移动节点检测到来自其注册的外部代理的代理广告中的序列号的两个连续值,其中第二个值小于第一个值并且在0到255范围内,则移动节点应再次注册。如果第二个值小于第一个值但大于或等于256,则移动节点应假定序列号已超过其最大值(0xffff),并且无需重新注册(第2.3节)。

3. Registration
3. 登记

Mobile IP registration provides a flexible mechanism for mobile nodes to communicate their current reachability information to their home agent. It is the method by which mobile nodes:

移动IP注册为移动节点提供了一种灵活的机制,用于将其当前可达性信息传递给其归属代理。它是移动节点执行以下操作的方法:

o request forwarding services when visiting a foreign network,

o 访问外部网络时请求转发服务,

o inform their home agent of their current care-of address,

o 将其当前转交地址告知其国内代理商,

o renew a registration that is due to expire, and/or

o 续订到期的注册,和/或

o deregister when they return home.

o 当他们回家时注销注册。

Registration messages exchange information between a mobile node, (optionally) a foreign agent, and the home agent. Registration creates or modifies a mobility binding at the home agent, associating the mobile node's home address with its care-of address for the specified Lifetime.

注册消息在移动节点(可选)外部代理和归属代理之间交换信息。注册在归属代理处创建或修改移动绑定,将移动节点的归属地址与其指定生存期内的转交地址相关联。

Several other (optional) capabilities are available through the registration procedure, which enable a mobile node to:

通过注册过程,还可以使用其他几种(可选)功能,这些功能使移动节点能够:

o discover its home address, if the mobile node is not configured with this information,

o 发现其家庭地址,如果移动节点未配置此信息,

o maintain multiple simultaneous registrations, so that a copy of each datagram will be tunneled to each active care-of address,

o 维护多个同时注册,以便将每个数据报的副本通过隧道传输到每个主动转交地址,

o deregister specific care-of addresses while retaining other mobility bindings, and

o 取消注册特定转交地址,同时保留其他移动绑定,以及

o discover the address of a home agent if the mobile node is not configured with this information.

o 如果移动节点未配置此信息,则查找归属代理的地址。

3.1. Registration Overview
3.1. 注册概述

Mobile IP defines two different registration procedures, one via a foreign agent that relays the registration to the mobile node's home agent, and one directly with the mobile node's home agent. The following rules determine which of these two registration procedures to use in any particular circumstance:

移动IP定义了两种不同的注册过程,一种是通过将注册转发给移动节点的归属代理的外部代理,另一种是直接与移动节点的归属代理。以下规则确定在任何特定情况下使用这两种注册程序中的哪一种:

o If a mobile node is registering a foreign agent care-of address, the mobile node MUST register via that foreign agent.

o 如果移动节点正在注册外部代理转交地址,则移动节点必须通过该外部代理进行注册。

o If a mobile node is using a co-located care-of address, and receives an Agent Advertisement from a foreign agent on the link on which it is using this care-of address, the mobile node SHOULD register via that foreign agent (or via another foreign agent on this link) if the 'R' bit is set in the received Agent Advertisement message.

o 如果移动节点正在使用同一位置的转交地址,并且在其使用该转交地址的链路上从外部代理接收代理广告,则如果在接收到的代理广告消息中设置了“R”位,则移动节点应通过该外部代理(或通过该链路上的另一外部代理)注册。

o If a mobile node is otherwise using a co-located care-of address, the mobile node MUST register directly with its home agent.

o 如果移动节点以其他方式使用同一位置的转交地址,则移动节点必须直接向其归属代理注册。

o If a mobile node has returned to its home network and is (de)registering with its home agent, the mobile node MUST register directly with its home agent.

o 如果移动节点已返回其家庭网络并且正在向其家庭代理(取消)注册,则移动节点必须直接向其家庭代理注册。

Both registration procedures involve the exchange of Registration Request and Registration Reply messages (Section 3.3 and Section 3.4). When registering via a foreign agent, the registration procedure requires the following four messages:

两种注册程序都涉及注册请求和注册回复信息的交换(第3.3节和第3.4节)。通过外国代理注册时,注册过程需要以下四条消息:

a. The mobile node sends a Registration Request to the prospective foreign agent to begin the registration process.

a. 移动节点向预期的外部代理发送注册请求以开始注册过程。

b. The foreign agent processes the Registration Request and then relays it to the home agent.

b. 外国代理处理注册请求,然后将其转发给本国代理。

c. The home agent sends a Registration Reply to the foreign agent to grant or deny the Request.

c. 本国代理向外国代理发送注册回复,以批准或拒绝请求。

d. The foreign agent processes the Registration Reply and then relays it to the mobile node to inform it of the disposition of its Request.

d. 外部代理处理注册回复,然后将其转发给移动节点,以通知其请求的处理情况。

When the mobile node instead registers directly with its home agent, the registration procedure requires only the following two messages:

当移动节点直接向其归属代理注册时,注册过程只需要以下两条消息:

a. The mobile node sends a Registration Request to the home agent.

a. 移动节点向归属代理发送注册请求。

b. The home agent sends a Registration Reply to the mobile node, granting or denying the Request.

b. 归属代理向移动节点发送注册回复,批准或拒绝请求。

The registration messages defined in Sections 3.3 and 3.4 use the User Datagram Protocol (UDP) [17]. A nonzero UDP checksum SHOULD be included in the header, and MUST be checked by the recipient. A zero UDP checksum SHOULD be accepted by the recipient. The behavior of the mobile node and the home agent with respect to their mutual acceptance of packets with zero UDP checksums SHOULD be defined as part of the Mobility Security Association that exists between them.

第3.3节和第3.4节中定义的注册消息使用用户数据报协议(UDP)[17]。标头中应包含非零UDP校验和,并且必须由收件人进行检查。收件人应接受零UDP校验和。移动节点和归属代理相互接受UDP校验和为零的数据包的行为应定义为它们之间存在的移动安全关联的一部分。

3.2. Authentication
3.2. 认证

Each mobile node, foreign agent, and home agent MUST be able to support a Mobility Security Association for mobile entities, indexed by their SPI and IP address. In the case of the mobile node, this must be its home address. See Section 5.1 for requirements for support of authentication algorithms. Registration messages between a mobile node and its home agent MUST be authenticated with an authorization-enabling extension, e.g., the Mobile-Home Authentication Extension (Section 3.5.2). This extension MUST be the

每个移动节点、外部代理和归属代理必须能够支持移动实体的移动安全关联,并根据其SPI和IP地址进行索引。对于移动节点,这必须是其家庭地址。有关认证算法支持的要求,请参见第5.1节。移动节点及其归属代理之间的注册消息必须通过授权启用扩展进行身份验证,例如,移动归属身份验证扩展(第3.5.2节)。此扩展必须是

first authentication extension; other foreign-agent-specific extensions MAY be added to the message after the mobile node computes the authentication.

第一认证扩展;在移动节点计算认证之后,可以向消息添加其他特定于外部代理的扩展。

3.3. Registration Request
3.3. 注册申请

A mobile node registers with its home agent using a Registration Request message so that its home agent can create or modify a mobility binding for that mobile node (e.g., with a new Lifetime). The Request may be relayed to the home agent by the foreign agent through which the mobile node is registering, or it may be sent directly to the home agent in the case in which the mobile node is registering a co-located care-of address.

移动节点使用注册请求消息向其归属代理注册,以便其归属代理可以为该移动节点创建或修改移动绑定(例如,具有新的生存期)。该请求可以由移动节点正在通过其注册的外部代理转发给归属代理,或者在移动节点正在注册共同定位的转交地址的情况下,该请求可以直接发送给归属代理。

IP fields:

IP字段:

Source Address

源地址

Typically the interface address from which the message is sent.

通常是发送消息的接口地址。

Destination Address

目的地址

Typically that of the foreign agent or the home agent.

通常是外国代理或本国代理的代理。

See Sections 3.6.1.1 and 3.7.2.2 for details.

详见第3.6.1.1节和第3.7.2.2节。

UDP fields:

UDP字段:

Source Port variable

源端口变量

Destination Port 434

目的港434

The UDP header is followed by the Mobile IP fields shown below:

UDP标头后面是移动IP字段,如下所示:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |S|B|D|M|G|r|T|x|          Lifetime             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Care-of Address                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Extensions ...
    +-+-+-+-+-+-+-+-
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |S|B|D|M|G|r|T|x|          Lifetime             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Care-of Address                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Extensions ...
    +-+-+-+-+-+-+-+-
        

Type 1 (Registration Request)

第1类(注册申请)

S Simultaneous bindings. If the 'S' bit is set, the mobile node is requesting that the home agent retain its prior mobility bindings, as described in Section 3.6.1.2.

S同时绑定。如果设置了“S”位,则移动节点请求归属代理保留其先前的移动绑定,如第3.6.1.2节所述。

B Broadcast datagrams. If the 'B' bit is set, the mobile node requests that the home agent tunnel to it any broadcast datagrams that it receives on the home network, as described in Section 4.3.

B广播数据报。如果设置了“B”位,则移动节点请求归属代理将其在归属网络上接收到的任何广播数据报通过隧道传送给它,如第4.3节所述。

D Decapsulation by mobile node. If the 'D' bit is set, the mobile node will itself decapsulate datagrams that are sent to the care-of address. That is, the mobile node is using a co-located care-of address.

D通过移动节点解除封装。如果设置了“D”位,移动节点将自行对发送到转交地址的数据报进行解密。也就是说,移动节点正在使用共同定位的转交地址。

M Minimal encapsulation. If the 'M' bit is set, the mobile node requests that its home agent use minimal encapsulation [16] for datagrams tunneled to the mobile node.

M最小封装。如果设置了“M”位,则移动节点请求其归属代理对隧道传输到移动节点的数据报使用最小封装[16]。

G GRE encapsulation. If the 'G' bit is set, the mobile node requests that its home agent use GRE encapsulation [13] for datagrams tunneled to the mobile node.

G-GRE封装。如果设置了“G”位,则移动节点请求其归属代理对隧道传输到移动节点的数据报使用GRE封装[13]。

r Sent as zero; ignored on reception. SHOULD NOT be allocated for any other uses.

r发送为零;接待时被忽略。不应分配给任何其他用途。

T Reverse Tunneling requested; see [12].

T要求反向隧道;见[12]。

x Sent as zero; ignored on reception.

x作为零发送;接待时被忽略。

Lifetime

一生

The number of seconds remaining before the registration is considered expired. A value of zero indicates a request for deregistration. A value of 0xffff indicates infinity.

注册被视为过期之前剩余的秒数。值为零表示请求注销。0xffff值表示无穷大。

Home Address

家庭住址

The IP address of the mobile node.

移动节点的IP地址。

Home Agent

国内代理

The IP address of the mobile node's home agent.

移动节点的归属代理的IP地址。

Care-of Address

转交地址

The IP address for the end of the tunnel.

隧道末端的IP地址。

Identification

识别

A 64-bit number, constructed by the mobile node, used for matching Registration Requests with Registration Replies, and for protecting against replay attacks of registration messages. See Sections 5.4 and 5.7.

由移动节点构造的64位数字,用于将注册请求与注册回复进行匹配,并用于防止注册消息的重播攻击。见第5.4节和第5.7节。

Extensions

扩展

The fixed portion of the Registration Request is followed by one or more of the Extensions listed in Section 3.5. An authorization-enabling extension MUST be included in all Registration Requests. See Sections 3.6.1.3 and 3.7.2.2 for information on the relative order in which different extensions, when present, MUST be placed in a Registration Request message.

注册请求的固定部分后面是第3.5节中列出的一个或多个扩展。所有注册请求中必须包含授权启用扩展。有关注册请求消息中不同扩展(如果存在)的相对顺序的信息,请参见第3.6.1.3节和第3.7.2.2节。

3.4. Registration Reply
3.4. 注册回复

A mobility agent typically returns a Registration Reply message to a mobile node that has sent a Registration Request message. If the mobile node is requesting service from a foreign agent, that foreign agent will typically receive the Reply from the home agent and

移动代理通常向已发送注册请求消息的移动节点返回注册回复消息。如果移动节点正在请求来自外部代理的服务,则该外部代理通常将接收来自归属代理的应答,并且

subsequently relay it to the mobile node. Reply messages contain the necessary codes to inform the mobile node about the status of its Request, along with the lifetime granted by the home agent, which MAY be smaller than the original Request.

随后将其中继到移动节点。回复消息包含必要的代码,用于通知移动节点其请求的状态以及归属代理授予的生存期,该生存期可能小于原始请求。

The foreign agent MUST NOT increase the Lifetime selected by the mobile node in the Registration Request, since the Lifetime is covered by an authentication extension that enables authorization by the home agent. Such an extension contains authentication data that cannot be correctly (re)computed by the foreign agent. The home agent MUST NOT increase the Lifetime selected by the mobile node in the Registration Request, since doing so could increase it beyond the maximum Registration Lifetime allowed by the foreign agent. If the Lifetime received in the Registration Reply is greater than that in the Registration Request, the Lifetime in the Request MUST be used. When the Lifetime received in the Registration Reply is less than that in the Registration Request, the Lifetime in the Reply MUST be used.

外部代理不得增加移动节点在注册请求中选择的生存期,因为该生存期由启用归属代理授权的认证扩展覆盖。此类扩展包含外部代理无法正确(重新)计算的身份验证数据。归属代理不得增加移动节点在注册请求中选择的生存期,因为这样做可能会使其超过外部代理允许的最大注册生存期。如果注册回复中接收的生存期大于注册请求中的生存期,则必须使用请求中的生存期。当注册回复中接收的生存期小于注册请求中的生存期时,必须使用回复中的生存期。

IP fields:

IP字段:

Source Address

源地址

Typically copied from the Destination Address of the Registration Request to which the agent is replying. See Sections 3.7.2.3 and 3.8.3.2 for complete details.

通常从代理答复的注册请求的目标地址复制。完整详情见第3.7.2.3节和第3.8.3.2节。

Destination Address

目的地址

Copied from the source address of the Registration Request to which the agent is replying.

从代理答复的注册请求的源地址复制。

UDP fields:

UDP字段:

Source Port

源端口

Copied from the UDP Destination Port of the corresponding Registration Request.

从相应注册请求的UDP目标端口复制。

Destination Port

目的港

Copied from the source port of the corresponding Registration Request (Section 3.7.1).

从相应注册请求的源端口复制(第3.7.1节)。

The UDP header is followed by the Mobile IP fields shown below:

UDP标头后面是移动IP字段,如下所示:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Code      |           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Extensions ...
    +-+-+-+-+-+-+-+-
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Code      |           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    | Extensions ...
    +-+-+-+-+-+-+-+-
        

Type 3 (Registration Reply)

第3类(注册回复)

Code

密码

A value indicating the result of the Registration Request. See below for a list of currently defined code values.

指示注册请求结果的值。有关当前定义的代码值列表,请参见下文。

Lifetime

一生

If the Code field indicates that the registration was accepted, the Lifetime field is set to the number of seconds remaining before the registration is considered expired. A value of zero indicates that the mobile node has been deregistered. A value of 0xffff indicates infinity. If the Code field indicates that the registration was denied, the contents of the Lifetime field are unspecified and MUST be ignored on reception.

如果“代码”字段指示注册已被接受,则“生存期”字段将设置为注册到期前剩余的秒数。值为零表示移动节点已取消注册。0xffff值表示无穷大。如果代码字段指示注册被拒绝,则生命周期字段的内容未指定,在接收时必须忽略。

Home Address

家庭住址

The IP address of the mobile node.

移动节点的IP地址。

Home Agent

国内代理

The IP address of the mobile node's home agent.

移动节点的归属代理的IP地址。

Identification

识别

A 64-bit number used for matching Registration Requests with Registration Replies, and for protecting against replay attacks of registration messages. The value is based on the Identification field from the Registration Request message from the mobile node, and on the style of replay protection used in the security context between the mobile node and its home agent (defined by the Mobility Security Association between them, and SPI value in the authorization-enabling extension). See Sections 5.4 and 5.7.

一个64位数字,用于将注册请求与注册回复进行匹配,并用于防止注册消息的重播攻击。该值基于来自移动节点的注册请求消息的标识字段,以及移动节点与其归属代理之间的安全上下文中使用的重播保护类型(由它们之间的移动安全关联和授权启用扩展中的SPI值定义)。见第5.4节和第5.7节。

Extensions

扩展

The fixed portion of the Registration Reply is followed by one or more of the Extensions listed in Section 3.5. An authorization-enabling extension MUST be included in all Registration Replies returned by the home agent. See Sections 3.7.2.2 and 3.8.3.3 for rules on placement of extensions to Reply messages.

注册回复的固定部分后面是第3.5节中列出的一个或多个扩展。归属代理返回的所有注册回复中必须包含授权启用扩展。请参见第3.7.2.2节和第3.8.3.3节,了解回复消息扩展的放置规则。

The following values are defined for use within the Code field. Registration successful:

定义了以下值,以便在“代码”字段中使用。注册成功:

0 registration accepted 1 registration accepted, but simultaneous mobility bindings unsupported

0注册已接受1注册已接受,但不支持同时移动绑定

Registration denied by the foreign agent:

外国代理拒绝注册:

64 reason unspecified 65 administratively prohibited 66 insufficient resources 67 mobile node failed authentication 68 home agent failed authentication 69 requested Lifetime too long 70 poorly formed Request 71 poorly formed Reply 72 requested encapsulation unavailable 73 reserved and unavailable 77 invalid care-of address 78 registration timeout 80 home network unreachable (ICMP error received) 81 home agent host unreachable (ICMP error received) 82 home agent port unreachable (ICMP error received) 88 home agent unreachable (other ICMP error received) 194 Invalid Home Agent Address

64原因未指定65管理禁止66资源不足67移动节点身份验证失败68归属代理身份验证失败69请求的生存期太长70格式错误请求71格式错误回复72请求的封装不可用73保留和不可用77无效转交地址78注册超时80家庭网络不可访问(收到ICMP错误)81家庭代理主机不可访问(收到ICMP错误)82家庭代理端口不可访问(收到ICMP错误)88家庭代理不可访问(收到其他ICMP错误)194家庭代理地址无效

Registration denied by the home agent:

注册被总部代理拒绝:

128 reason unspecified 129 administratively prohibited 130 insufficient resources 131 mobile node failed authentication 132 foreign agent failed authentication 133 registration Identification mismatch 134 poorly formed Request 135 too many simultaneous mobility bindings 136 unknown home agent address

128原因未指定129管理禁止130资源不足131移动节点身份验证失败132外部代理身份验证失败133注册标识不匹配134格式错误请求135太多同时移动绑定136未知归属代理地址

Up-to-date values of the Code field are specified in the IANA online database [48].

IANA在线数据库中指定了代码字段的最新值[48]。

3.5. Registration Extensions
3.5. 注册延期
3.5.1. Computing Authentication Extension Values
3.5.1. 计算身份验证扩展值

The Authenticator value computed for each authentication Extension MUST protect the following fields from the registration message:

为每个身份验证扩展计算的身份验证程序值必须保护以下字段不受注册消息的影响:

o the UDP payload (that is, the Registration Request or Registration Reply data),

o UDP有效负载(即注册请求或注册回复数据),

o all prior Extensions in their entirety, and

o 所有先前扩展的全部内容,以及

o the Type, Length, and SPI of this Extension.

o 此扩展的类型、长度和SPI。

The default authentication algorithm uses HMAC-MD5 [10] to compute a 128-bit "message digest" of the registration message. The data over which the HMAC is computed is defined as:

默认身份验证算法使用HMAC-MD5[10]计算注册消息的128位“消息摘要”。计算HMAC的数据定义为:

o the UDP payload (that is, the Registration Request or Registration Reply data),

o UDP有效负载(即注册请求或注册回复数据),

o all prior Extensions in their entirety, and

o 所有先前扩展的全部内容,以及

o the Type, Length, and SPI of this Extension.

o 此扩展的类型、长度和SPI。

Note that the Authenticator field itself and the UDP header are NOT included in the computation of the default Authenticator value. See Section 5.1 for information about support requirements for message authentication codes, which are to be used with the various authentication Extensions.

请注意,验证器字段本身和UDP标头不包括在默认验证器值的计算中。有关消息身份验证代码的支持要求的信息,请参见第5.1节,消息身份验证代码将与各种身份验证扩展一起使用。

The Security Parameter Index (SPI) within any of the authentication Extensions defines the security context that is used to compute the Authenticator value and that MUST be used by the receiver to check that value. In particular, the SPI selects the authentication algorithm and mode (Section 5.1) and secret (a shared key, or appropriate public/private key pair) used in computing the Authenticator. In order to ensure interoperability between different implementations of the Mobile IP protocol, an implementation MUST be able to associate any SPI value with any authentication algorithm and mode that it implements. In addition, all implementations of Mobile IP MUST implement the default authentication algorithm (HMAC-MD5) specified above.

任何身份验证扩展中的安全参数索引(SPI)定义了用于计算验证器值的安全上下文,接收方必须使用该上下文来检查该值。具体而言,SPI选择用于计算认证器的认证算法和模式(第5.1节)以及机密(共享密钥或适当的公钥/私钥对)。为了确保移动IP协议的不同实现之间的互操作性,实现必须能够将任何SPI值与其实现的任何认证算法和模式相关联。此外,移动IP的所有实现都必须实现上面指定的默认身份验证算法(HMAC-MD5)。

3.5.2. Mobile-Home Authentication Extension
3.5.2. 移动家庭认证扩展

At least one authorization-enabling extension MUST be present in all Registration Requests, and also in all Registration Replies generated by the home agent. The Mobile-Home Authentication Extension is always an authorization-enabling extension for registration messages specified in this document. This requirement is intended to eliminate problems [30] that result from the uncontrolled propagation of remote redirects in the Internet. The location of the authorization-enabling extension marks the end of the data to be authenticated by the authorizing agent interpreting that authorization-enabling extension.

所有注册请求中以及由归属代理生成的所有注册回复中必须至少存在一个授权启用扩展。移动家庭身份验证扩展始终是本文档中指定的注册消息的授权启用扩展。该要求旨在消除因互联网中远程重定向的不受控传播而导致的问题[30]。授权启用扩展的位置标志着要由解释该授权启用扩展的授权代理进行身份验证的数据的结束。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Type 32

类型32

Length 4 plus the number of bytes in the Authenticator.

长度4加上验证器中的字节数。

SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).

SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。

Authenticator

验证者

(variable length) (See Section 3.5.1.)

(可变长度)(见第3.5.1节)

3.5.3. Mobile-Foreign Authentication Extension
3.5.3. 移动国外认证扩展

This Extension MAY be included in Registration Requests and Replies in cases in which a Mobility Security Association exists between the mobile node and the foreign agent. See Section 5.1 for information about support requirements for message authentication codes.

在移动节点和外部代理之间存在移动安全关联的情况下,该扩展可以包括在注册请求和应答中。有关消息身份验证代码支持要求的信息,请参见第5.1节。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Type 33

类型33

Length 4 plus the number of bytes in the Authenticator.

长度4加上验证器中的字节数。

SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).

SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。

Authenticator

验证者

(variable length) (See Section 3.5.1.)

(可变长度)(见第3.5.1节)

3.5.4. Foreign-Home Authentication Extension
3.5.4. 外国家庭身份验证扩展

This Extension MAY be included in Registration Requests and Replies in cases in which a Mobility Security Association exists between the foreign agent and the home agent, as long as the Registration Request is not a deregistration (i.e., the mobile node requested a nonzero Lifetime and the home address is different than the care-of address). The Foreign-Home Authentication extension MUST NOT be applied to deregistration messages. See Section 5.1 for information about support requirements for message authentication codes.

在外地代理和归属代理之间存在移动安全关联的情况下,只要注册请求不是注销(即,移动节点请求非零生存期且归属地址不同于转交地址),该扩展可以包括在注册请求和回复中。外国家庭身份验证扩展不能应用于注销消息。有关消息身份验证代码支持要求的信息,请参见第5.1节。

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Length    |         SPI  ....
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
           ... SPI (cont.)          |       Authenticator ...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Type 34

类型34

Length 4 plus the number of bytes in the Authenticator.

长度4加上验证器中的字节数。

SPI Security Parameter Index (4 bytes). An opaque identifier (see Section 1.6).

SPI安全参数索引(4字节)。不透明标识符(见第1.6节)。

Authenticator

验证者

(variable length) (See Section 3.5.1).

(可变长度)(见第3.5.1节)。

In order to perform the authentication, the home agent and the foreign agent are configured with a Mobility Security Association that is indexed by the SPI (in the appended Foreign-Home Authentication Extension) and the IP Source Address of the Registration Request. When the extension is used with a Registration Reply message, the foreign agent address MUST be used as the Destination IP Address in the IP header.

为了执行认证,归属代理和外部代理配置有由SPI(在附加的外部归属认证扩展中)和注册请求的IP源地址索引的移动安全关联。当扩展与注册回复消息一起使用时,外部代理地址必须用作IP头中的目标IP地址。

When this extension is applied to a Registration Request message, the Mobility Security Association for verifying the correctness of the authentication data is selected by the home agent based on the value of the Source IP Address field of the Registration Request and the SPI of the Authentication extension. The Source IP Address will be the same as the Care-of Address field of the Registration Request (see Section 3.7.2.2).

当该扩展应用于注册请求消息时,归属代理基于注册请求的源IP地址字段的值和认证扩展的SPI选择用于验证认证数据的正确性的移动安全关联。源IP地址将与注册请求的转交地址字段相同(见第3.7.2.2节)。

When this extension is applied to a Registration Reply message, the Mobility Security Association for verifying the correctness of the authentication data is selected by the foreign agent based on the value of the home agent Address field of the Registration Reply.

当该扩展应用于注册应答消息时,外部代理基于注册应答的归属代理地址字段的值选择用于验证认证数据的正确性的移动安全关联。

If the Care-of Address in the Registration Request is not in the Agent Advertisement, then the foreign agent MUST NOT append the Foreign-Home Authentication Extension when relaying the message to the home agent. Moreover, for a deregistration message (i.e., Lifetime = 0), the foreign agent MUST NOT append the Foreign-Home Authentication Extension when relaying the message to the home agent. Consequently, when the home agent (HA) receives a deregistration request that does not contain a Foreign-Home Authentication Extension, it MUST NOT for this reason discard the request as part of security association processing.

如果注册请求中的转交地址不在代理公告中,则外部代理在将消息中继到归属代理时不得附加外部归属身份验证扩展。此外,对于注销消息(即,生存期=0),当将消息中继到归属代理时,外部代理不得附加外部归属认证扩展。因此,当归属代理(HA)接收到不包含外部归属身份验证扩展的注销请求时,它不得因此放弃该请求,作为安全关联处理的一部分。

3.6. Mobile Node Considerations
3.6. 移动节点注意事项

A mobile node MUST be configured (statically or dynamically) with a netmask and a Mobility Security Association for each of its home agents. In addition, a mobile node MAY be configured with its home address, and the IP address of one or more of its home agents; otherwise, the mobile node MAY discover a home agent using the procedures described in Section 3.6.1.2.

移动节点必须(静态或动态)为其每个归属代理配置网络掩码和移动安全关联。此外,移动节点可配置有其归属地址以及其一个或多个归属代理的IP地址;否则,移动节点可以使用第3.6.1.2节中描述的过程来发现归属代理。

If the mobile node is not configured with a home address, it MAY use the Mobile Node Network Access Identifier (NAI) extension [2] to identify itself, and set the Home Address field of the Registration Request to 0.0.0.0. In this case, the mobile node MUST be able to assign its home address after extracting this information from the Registration Reply from the home agent.

如果移动节点未配置家庭地址,则其可使用移动节点网络接入标识符(NAI)扩展[2]来识别自身,并将注册请求的家庭地址字段设置为0.0.0.0。在这种情况下,移动节点必须能够在从归属代理的注册回复中提取该信息之后分配其归属地址。

For each pending registration, the mobile node maintains the following information:

对于每个挂起的注册,移动节点维护以下信息:

o the link-layer address of the foreign agent to which the Registration Request was sent, if applicable,

o 注册请求发送到的外国代理的链路层地址(如适用),

o the IP Destination Address of the Registration Request,

o 注册请求的IP目标地址,

o the care-of address used in the registration,

o 注册时使用的转交地址,

o the Identification value sent in the registration,

o 注册中发送的标识值,

o the originally requested Lifetime, and

o 最初请求的生存期,以及

o the remaining Lifetime of the pending registration.

o 挂起注册的剩余生存期。

A mobile node SHOULD initiate a registration whenever it detects a change in its network connectivity. See Section 2.4.2 for methods by which mobile nodes MAY make such a determination. When it is away from home, the mobile node's Registration Request allows its home agent to create or modify a mobility binding for it. When it is at home, the mobile node's (de)Registration Request allows its home agent to delete any previous mobility binding(s) for it. A mobile node operates without the support of mobility functions when it is at home.

当移动节点检测到其网络连接发生变化时,应发起注册。请参阅第2.4.2节,了解移动节点可通过哪些方法进行此类确定。当移动节点离家时,移动节点的注册请求允许其归属代理为其创建或修改移动绑定。当移动节点在家中时,移动节点的(取消)注册请求允许其归属代理删除其之前的任何移动绑定。移动节点在家时不支持移动功能。

There are other conditions under which the mobile node SHOULD (re)register with its foreign agent, such as when the mobile node detects that the foreign agent has rebooted (as specified in Section 2.4.4) and when the current registration's Lifetime is near expiration.

在其他条件下,移动节点应(重新)向其外部代理注册,例如当移动节点检测到外部代理已重新启动(如第2.4.4节所述)以及当前注册的生存期即将到期时。

In the absence of link-layer indications of changes in point of attachment, Agent Advertisements from new agents SHOULD NOT cause a mobile node to attempt a new registration, if its current registration has not expired and it is still also receiving Agent Advertisements from the foreign agent with which it is currently registered. In the absence of link-layer indications, a mobile node MUST NOT attempt to register more often than once per second.

在没有连接点变化的链路层指示的情况下,如果移动节点的当前注册尚未过期,并且仍然从当前注册的外部代理接收代理广告,则来自新代理的代理广告不应导致移动节点尝试新注册。在没有链路层指示的情况下,移动节点尝试注册的频率不得超过每秒一次。

A mobile node MAY register with a different agent when transport-layer protocols indicate excessive retransmissions. A mobile node MUST NOT consider reception of an ICMP Redirect from a foreign agent that is currently providing service to it as reason to register with a new foreign agent. Within these constraints, the mobile node MAY register again at any time.

当传输层协议指示过度重传时,移动节点可以向不同的代理注册。移动节点不能考虑从当前提供服务的外部代理接收ICMP重定向,作为向新的外部代理登记的理由。在这些约束内,移动节点可以随时再次注册。

Appendix C shows some examples of how the fields in registration messages would be set up in some typical registration scenarios.

附录C展示了在一些典型注册场景中如何设置注册消息中的字段的一些示例。

3.6.1. Sending Registration Requests
3.6.1. 发送注册请求

The following sections specify details for the values that the mobile node MUST supply in the fields of Registration Request messages.

以下各节指定移动节点必须在注册请求消息字段中提供的值的详细信息。

3.6.1.1. IP Fields
3.6.1.1. IP字段

This section provides the specific rules by which mobile nodes pick values for the IP header fields of a Registration Request.

本节提供了移动节点为注册请求的IP头字段选择值的特定规则。

IP Source Address:

IP源地址:

o When registering on a foreign network with a co-located care-of address, the IP source address MUST be the care-of address.

o 当使用同一位置的转交地址在外部网络上注册时,IP源地址必须是转交地址。

o Otherwise, if the mobile node does not have a home address, the IP source address MUST be 0.0.0.0.

o 否则,如果移动节点没有家庭地址,则IP源地址必须为0.0.0.0。

o In all other circumstances, the IP source address MUST be the mobile node's home address.

o 在所有其他情况下,IP源地址必须是移动节点的家庭地址。

IP Destination Address:

IP目标地址:

o When the mobile node has discovered the agent with which it is registering, through some means (e.g., link-layer) that does not provide the IP address of the agent (the IP address of the agent is unknown to the mobile node), then the "All Mobility Agents" multicast address (224.0.0.11) MUST be used. In this case, the mobile node MUST use the agent's link-layer unicast address in order to deliver the datagram to the correct agent.

o 当移动节点通过一些不提供代理的IP地址(移动节点不知道代理的IP地址)的手段(例如,链路层)发现其正在注册的代理时,则必须使用“所有移动代理”多播地址(224.0.0.11)。在这种情况下,移动节点必须使用代理的链路层单播地址,以便将数据报传递给正确的代理。

o When registering with a foreign agent, the address of the agent as learned from the IP source address of the corresponding Agent Advertisement MUST be used. This MAY be an address that does not appear as an advertised care-of address in the Agent Advertisement. In addition, when transmitting this Registration

o 在向外国代理注册时,必须使用从相应代理广告的IP源地址得知的代理地址。这可能是一个地址,在代理广告中不作为广告的转交地址出现。此外,在传输此注册时

Request message, the mobile node MUST use a link-layer Destination Address copied from the link-layer source address of the Agent Advertisement message in which it learned this foreign agent's IP address.

请求消息时,移动节点必须使用从代理广告消息的链路层源地址复制的链路层目的地地址,在该消息中,移动节点获知了该外部代理的IP地址。

o When the mobile node is registering directly with its home agent and knows the (unicast) IP address of its home agent, the Destination Address MUST be set to this address.

o 当移动节点直接向其归属代理注册并且知道其归属代理的(单播)IP地址时,必须将目标地址设置为该地址。

o If the mobile node is registering directly with its home agent, but does not know the IP address of its home agent, the mobile node may use dynamic home agent address resolution to automatically determine the IP address of its home agent (Section 3.6.1.2). In this case, the IP Destination Address is set to the subnet-directed broadcast address of the mobile node's home network. This address MUST NOT be used as the Destination IP Address if the mobile node is registering via a foreign agent, although it MAY be used as the home agent address in the body of the Registration Request when registering via a foreign agent.

o 如果移动节点直接向其归属代理注册,但不知道其归属代理的IP地址,则移动节点可使用动态归属代理地址解析来自动确定其归属代理的IP地址(第3.6.1.2节)。在这种情况下,IP目的地地址被设置为移动节点的家庭网络的子网定向广播地址。如果移动节点通过外部代理注册,则该地址不得用作目的地IP地址,尽管在通过外部代理注册时,该地址可以用作注册请求正文中的归属代理地址。

IP Time to Live:

IP生存时间:

o The IP TTL field MUST be set to 1 if the IP Destination Address is set to the "All Mobility Agents" multicast address as described above. Otherwise, a suitable value should be chosen in accordance with standard IP practice [18].

o 如果IP目标地址如上所述设置为“所有移动代理”多播地址,则IP TTL字段必须设置为1。否则,应根据标准IP实践选择合适的值[18]。

3.6.1.2. Registration Request Fields
3.6.1.2. 注册请求字段

This section provides specific rules by which mobile nodes pick values for the fields within the fixed portion of a Registration Request.

本节提供了移动节点为注册请求的固定部分内的字段选择值的特定规则。

A mobile node MAY set the 'S' bit in order to request that the home agent maintain prior mobility binding(s). Otherwise, the home agent deletes any previous binding(s) and replaces them with the new binding specified in the Registration Request. Multiple simultaneous mobility bindings are likely to be useful when a mobile node using at least one wireless network interface moves within wireless transmission range of more than one foreign agent. IP explicitly allows duplication of datagrams. When the home agent allows simultaneous bindings, it will tunnel a separate copy of each arriving datagram to each care-of address, and the mobile node will receive multiple copies of datagrams destined to it.

移动节点可以设置“S”位以请求归属代理保持先前的移动绑定。否则,归属代理将删除任何以前的绑定,并将其替换为注册请求中指定的新绑定。当使用至少一个无线网络接口的移动节点在多个外部代理的无线传输范围内移动时,多个同时移动绑定可能是有用的。IP明确允许复制数据报。当归属代理允许同时绑定时,它将通过隧道将每个到达的数据报的一个单独副本传送到每个转交地址,并且移动节点将接收到它的多个数据报副本。

The mobile node SHOULD set the 'D' bit if it is registering with a co-located care-of address. Otherwise, the 'D' bit MUST NOT be set.

如果移动节点正在使用同一位置的转交地址注册,则应设置“D”位。否则,不得设置“D”位。

A mobile node MAY set the 'B' bit to request its home agent to forward to it a copy of broadcast datagrams received by its home agent from the home network. The method used by the home agent to forward broadcast datagrams depends on the type of care-of address registered by the mobile node, as determined by the 'D' bit in the mobile node's Registration Request:

移动节点可设置“B”位以请求其归属代理向其转发其归属代理从归属网络接收的广播数据报的副本。归属代理用于转发广播数据报的方法取决于移动节点注册的转交地址的类型,由移动节点的注册请求中的“D”位确定:

o If the 'D' bit is set, then the mobile node has indicated that it will decapsulate any datagrams tunneled to this care-of address itself (the mobile node is using a co-located care-of address). In this case, to forward such a received broadcast datagram to the mobile node, the home agent MUST tunnel it to this care-of address. The mobile node detunnels the received datagram in the same way as any other datagram tunneled directly to it.

o 如果设置了“D”位,则移动节点已指示它将对通过隧道传输到此转交地址本身的任何数据报解除封装(移动节点正在使用一个位于同一位置的转交地址)。在这种情况下,为了将这样一个接收到的广播数据报转发给移动节点,归属代理必须通过隧道将其转发到这个转交地址。移动节点以与直接通过隧道传输到它的任何其他数据报相同的方式解除接收到的数据报的传输。

o If the 'D' bit is NOT set, then the mobile node has indicated that it is using a foreign agent care-of address, and that the foreign agent will thus decapsulate arriving datagrams before forwarding them to the mobile node. In this case, to forward such a received broadcast datagram to the mobile node, the home agent MUST first encapsulate the broadcast datagram in a unicast datagram addressed to the mobile node's home address, and then MUST tunnel this resulting datagram to the mobile node's care-of address.

o 如果未设置“D”位,则移动节点已指示其正在使用外部代理转交地址,并且外部代理将因此在将到达的数据报转发到移动节点之前对其解除封装。在这种情况下,为了将这种接收到的广播数据报转发给移动节点,归属代理必须首先将广播数据报封装在寻址到移动节点的归属地址的单播数据报中,然后必须将该结果数据报隧道到移动节点的转交地址。

When decapsulated by the foreign agent, the inner datagram will thus be a unicast IP datagram addressed to the mobile node, identifying to the foreign agent the intended destination of the encapsulated broadcast datagram, and will be delivered to the mobile node in the same way as any tunneled datagram arriving for the mobile node. The foreign agent MUST NOT decapsulate the encapsulated broadcast datagram and MUST NOT use a local network broadcast to transmit it to the mobile node. The mobile node thus MUST decapsulate the encapsulated broadcast datagram itself, and thus MUST NOT set the 'B' bit in its Registration Request in this case unless it is capable of decapsulating datagrams.

当外部代理解除封装时,内部数据报因此将是寻址到移动节点的单播IP数据报,向外部代理标识封装的广播数据报的预期目的地,并且将以与到达移动节点的任何隧道数据报相同的方式被递送到移动节点。外部代理不得解除封装的广播数据报的封装,也不得使用本地网络广播将其传输到移动节点。因此,移动节点必须对封装的广播数据报本身进行去封装,因此在这种情况下不得在其注册请求中设置“B”位,除非其能够对数据报进行去封装。

The mobile node MAY request alternative forms of encapsulation by setting the 'M' bit and/or the 'G' bit, but only if the mobile node is decapsulating its own datagrams (the mobile node is using a co-located care-of address) or if its foreign agent has indicated support for these forms of encapsulation by setting the corresponding bits in the Mobility Agent Advertisement Extension of an Agent Advertisement received by the mobile node. Otherwise, the mobile node MUST NOT set these bits.

移动节点可通过设置“M”位和/或“G”位来请求替代形式的封装,但仅当移动节点正在解封装其自己的数据报时(移动节点正在使用共同定位的转交地址)或者,如果其外部代理已经通过在移动节点接收的代理广告的移动代理广告扩展中设置相应比特来指示对这些封装形式的支持。否则,移动节点不得设置这些位。

The Lifetime field is chosen as follows:

寿命字段的选择如下所示:

o If the mobile node is registering with a foreign agent, the Lifetime SHOULD NOT exceed the value in the Registration Lifetime field of the Agent Advertisement message received from the foreign agent. When the method by which the care-of address is learned does not include a Lifetime, the default ICMP Router Advertisement Lifetime (1800 seconds) MAY be used.

o 如果移动节点正在向外部代理注册,则生存期不应超过从外部代理接收的代理广告消息的注册生存期字段中的值。当学习转交地址的方法不包括生存期时,可以使用默认的ICMP路由器广告生存期(1800秒)。

o The mobile node MAY ask a home agent to delete a particular mobility binding, by sending a Registration Request with the care-of address for this binding, with the Lifetime field set to zero (Section 3.8.2).

o 移动节点可以请求归属代理删除特定的移动绑定,方法是发送带有该绑定的转交地址的注册请求,并将生存期字段设置为零(第3.8.2节)。

o Similarly, a Lifetime of zero is used when the mobile node deregisters all care-of addresses, such as upon returning home.

o 类似地,当移动节点取消注册所有转交地址时,例如在返回家乡时,使用零生存期。

The Home Address field MUST be set to the mobile node's home address, if this information is known. Otherwise, the Home Address field MUST be set to zeroes.

如果已知此信息,则必须将“家庭地址”字段设置为移动节点的家庭地址。否则,家庭地址字段必须设置为零。

The Home Agent field MUST be set to the address of the mobile node's home agent, if the mobile node knows this address. Otherwise, the mobile node MAY use dynamic home agent address resolution to learn the address of its home agent. In this case, the mobile node MUST set the Home Agent field to the subnet-directed broadcast address of the mobile node's home network. Each home agent receiving such a Registration Request with a broadcast Destination Address MUST reject the mobile node's registration and SHOULD return a rejection Registration Reply indicating its unicast IP address for use by the mobile node in a future registration attempt.

如果移动节点知道该地址,则必须将“归属代理”字段设置为移动节点的归属代理的地址。否则,移动节点可以使用动态归属代理地址解析来学习其归属代理的地址。在这种情况下,移动节点必须将归属代理字段设置为移动节点的归属网络的子网定向广播地址。接收到具有广播目的地地址的这样的注册请求的每个归属代理必须拒绝移动节点的注册,并且应当返回指示其单播IP地址的拒绝注册回复,以供移动节点在将来的注册尝试中使用。

The Care-of Address field MUST be set to the value of the particular care-of address that the mobile node wishes to (de)register. In the special case in which a mobile node wishes to deregister all care-of addresses, it MUST set this field to its home address.

转交地址字段必须设置为移动节点希望(取消)注册的特定转交地址的值。在移动节点希望取消注册所有转交地址的特殊情况下,它必须将此字段设置为其家庭地址。

The mobile node chooses the Identification field in accordance with the style of replay protection it uses with its home agent. This is part of the Mobility Security Association the mobile node shares with its home agent. See Section 5.7 for the method by which the mobile node computes the Identification field.

移动节点根据其与归属代理一起使用的重播保护的类型来选择标识字段。这是移动节点与其归属代理共享的移动安全关联的一部分。有关移动节点计算标识字段的方法,请参见第5.7节。

3.6.1.3. Extensions
3.6.1.3. 扩展

This section describes the ordering of any mandatory and any optional Extensions that a mobile node appends to a Registration Request. This ordering is REQUIRED:

本节描述移动节点附加到注册请求的任何强制扩展和任何可选扩展的顺序。此订购是必需的:

a. The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration Request, followed by

a. IP标头,后跟UDP标头,后跟注册请求的固定长度部分,后跟

b. If present, any non-authentication Extensions expected to be used by the home agent or other authorizing agent (which may or may not also be useful to the foreign agent), followed by

b. 如果存在,则预期由本国代理或其他授权代理使用的任何非认证扩展(可能对外国代理有用,也可能不有用),然后是

c. All authorization-enabling extensions (see Section 1.6), followed by

c. 所有授权启用扩展(见第1.6节),然后是

d. If present, any non-authentication Extensions used only by the foreign agent, followed by

d. 如果存在,则为仅由外部代理使用的任何非身份验证扩展,后跟

e. The Mobile-Foreign Authentication Extension, if present.

e. 移动外部身份验证扩展(如果存在)。

Note that items (a) and (c) MUST appear in every Registration Request sent by the mobile node. Items (b), (d), and (e) are optional. However, item (e) MUST be included when the mobile node and the foreign agent share a Mobility Security Association.

注意,项目(a)和(c)必须出现在移动节点发送的每个注册请求中。(b)、(d)和(e)项为可选项。然而,当移动节点和外部代理共享移动安全关联时,必须包括(e)项。

3.6.2. Receiving Registration Replies
3.6.2. 收到注册回复

Registration Replies will be received by the mobile node in response to its Registration Requests. Registration Replies generally fall into three categories:

移动节点将接收注册回复以响应其注册请求。登记答复一般分为三类:

o the registration was accepted,

o 注册被接受了,

o the registration was denied by the foreign agent, or

o 外国代理人拒绝注册,或

o the registration was denied by the home agent.

o 注册被国内代理拒绝。

The remainder of this section describes the Registration Reply handling by a mobile node in each of these three categories.

本节的其余部分描述了移动节点在这三个类别中的每一个类别中的注册应答处理。

3.6.2.1. Validity Checks
3.6.2.1. 有效性检查

Registration Replies with an invalid, non-zero UDP checksum MUST be silently discarded.

必须以静默方式放弃具有无效、非零UDP校验和的注册回复。

In addition, the low-order 32 bits of the Identification field in the Registration Reply MUST be compared to the low-order 32 bits of the Identification field in the most recent Registration Request sent to the replying agent. If they do not match, the Reply MUST be silently discarded.

此外,必须将注册应答中标识字段的低阶32位与发送给应答代理的最新注册请求中标识字段的低阶32位进行比较。如果它们不匹配,则必须默默地放弃答复。

Also, the Registration Reply MUST be checked for presence of an authorization-enabling extension. For all Registration Reply messages containing a status code indicating status from the home agent, the mobile node MUST check for the presence of an authorization-enabling extension, acting in accordance with the Code field in the Reply. The rules are as follows:

此外,必须检查注册回复是否存在授权启用扩展。对于包含指示来自归属代理的状态的状态代码的所有注册应答消息,移动节点必须根据应答中的代码字段检查授权启用扩展的存在。规则如下:

a. If the mobile node and the foreign agent share a Mobility Security Association, exactly one Mobile-Foreign Authentication Extension MUST be present in the Registration Reply, and the mobile node MUST check the Authenticator value in the Extension. If no Mobile-Foreign Authentication Extension is found, or if more than one Mobile-Foreign Authentication Extension is found, or if the Authenticator is invalid, the mobile node MUST silently discard the Reply and SHOULD log the event as a security exception.

a. 如果移动节点和外部代理共享移动安全关联,则注册回复中必须正好存在一个移动外部身份验证扩展,并且移动节点必须检查扩展中的验证器值。如果未找到移动外部身份验证扩展,或者如果找到多个移动外部身份验证扩展,或者如果验证器无效,则移动节点必须以静默方式放弃回复,并应将事件记录为安全异常。

b. If the Code field indicates that service is denied by the home agent, or if the Code field indicates that the registration was accepted by the home agent, exactly one Mobile-Home Authentication Extension MUST be present in the Registration Reply, and the mobile node MUST check the Authenticator value in the Extension. If the Registration Reply was generated by the home agent but no Mobile-Home Authentication Extension is found, or if more than one Mobile-Home Authentication Extension is found, or if the Authenticator is invalid, the mobile node MUST silently discard the Reply and SHOULD log the event as a security exception.

b. 如果代码字段指示归属代理拒绝服务,或者如果代码字段指示归属代理接受注册,则注册回复中必须正好存在一个移动归属身份验证扩展,并且移动节点必须检查扩展中的验证器值。如果注册回复由归属代理生成,但未找到移动归属身份验证扩展,或者如果找到多个移动归属身份验证扩展,或者如果身份验证程序无效,则移动节点必须以静默方式放弃该回复,并应将该事件记录为安全异常。

If the Code field indicates an authentication failure, either at the foreign agent or the home agent, then it is quite possible that any authenticators in the Registration Reply will also be in error. This could happen, for example, if the shared secret between the mobile node and home agent was erroneously configured. The mobile node SHOULD log such errors as security exceptions.

如果代码字段指示身份验证失败,无论是在外国代理还是在本国代理,则很可能注册回复中的任何身份验证程序也会出错。例如,如果移动节点和归属代理之间的共享秘密配置错误,则可能发生这种情况。移动节点应将此类错误记录为安全异常。

3.6.2.2. Registration Request Accepted
3.6.2.2. 注册申请已获接纳

If the Code field indicates that the request has been accepted, the mobile node SHOULD configure its routing table appropriately for its current point of attachment (Section 4.2.1).

如果代码字段指示请求已被接受,则移动节点应针对其当前连接点适当配置其路由表(第4.2.1节)。

If the mobile node is returning to its home network and that network is one that implements ARP, the mobile node MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP.

如果移动节点返回其家庭网络,并且该网络是实现ARP的网络,则移动节点必须遵循第4.6节中描述的有关ARP、代理ARP和免费ARP的程序。

If the mobile node has registered on a foreign network, it SHOULD re-register before the expiration of the Lifetime of its registration. As described in Section 3.6, for each pending Registration Request, the mobile node MUST maintain the remaining lifetime of this pending registration, as well as the original Lifetime from the Registration Request. When the mobile node receives a valid Registration Reply, the mobile node MUST decrease its view of the remaining lifetime of the registration by the amount by which the home agent decreased the originally requested Lifetime. This procedure is equivalent to the mobile node starting a timer for the granted Lifetime at the time it sent the Registration Request, even though the granted Lifetime is not known to the mobile node until the Registration Reply is received. Since the Registration Request is certainly sent before the home agent begins timing the registration Lifetime (also based on the granted Lifetime), this procedure ensures that the mobile node will re-register before the home agent expires and deletes the registration, in spite of possibly non-negligible transmission delays for the original Registration Request and Reply that started the timing of the Lifetime at the mobile node and its home agent.

如果移动节点已在外部网络上注册,则应在其注册有效期到期之前重新注册。如第3.6节所述,对于每个未决注册请求,移动节点必须保持该未决注册的剩余生存期,以及注册请求的原始生存期。当移动节点接收到有效的注册回复时,移动节点必须将其对注册剩余生存期的查看减少归属代理减少最初请求的生存期的量。此过程相当于移动节点在发送注册请求时启动所授予生存期的计时器,即使在收到注册回复之前移动节点不知道所授予的生存期。由于注册请求肯定是在归属代理开始计时注册生存期(也基于授予的生存期)之前发送的,因此该过程确保移动节点将在归属代理到期之前重新注册并删除注册,尽管原始注册请求和应答可能存在不可忽略的传输延迟,但这会在移动节点及其归属代理处开始生命周期的计时。

3.6.2.3. Registration Request Denied
3.6.2.3. 注册请求被拒绝

If the Code field indicates that service is being denied, the mobile node SHOULD log the error. In certain cases, the mobile node may be able to "repair" the error. These include:

如果代码字段指示服务被拒绝,则移动节点应记录错误。在某些情况下,移动节点可能能够“修复”错误。这些措施包括:

Code 69: (Denied by foreign agent, requested Lifetime too long)

代码69:(被外国代理拒绝,请求的生存期太长)

In this case, the Lifetime field in the Registration Reply will contain the maximum Lifetime value that the foreign agent is willing to accept in any Registration Request. The mobile node MAY attempt to register with this same agent, using a Lifetime in the Registration Request that MUST be less than or equal to the value specified in the Reply.

在这种情况下,注册回复中的生存期字段将包含外国代理在任何注册请求中愿意接受的最大生存期值。移动节点可以尝试使用注册请求中必须小于或等于应答中指定的值的生存期向该同一代理注册。

Code 133: (Denied by home agent, registration Identification mismatch)

代码133:(由国内代理拒绝,注册标识不匹配)

In this case, the Identification field in the Registration Reply will contain a value that allows the mobile node to synchronize with the home agent, based upon the style of replay protection in effect (Section 5.7). The mobile node MUST adjust the parameters it uses to compute the Identification field based upon the information in the Registration Reply, before issuing any future Registration Requests.

在这种情况下,注册回复中的标识字段将包含一个值,该值允许移动节点基于有效的重播保护样式与归属代理同步(第5.7节)。在发出任何未来的注册请求之前,移动节点必须根据注册回复中的信息调整其用于计算标识字段的参数。

Code 136: (Denied by home agent, unknown home agent address)

代码136:(被家庭代理拒绝,家庭代理地址未知)

This code is returned by a home agent when the mobile node is performing dynamic home agent address resolution as described in Sections 3.6.1.1 and 3.6.1.2. In this case, the Home Agent field within the Reply will contain the unicast IP address of the home agent returning the Reply. The mobile node MAY then attempt to register with this home agent in future Registration Requests. In addition, the mobile node SHOULD adjust the parameters it uses to compute the Identification field based upon the corresponding field in the Registration Reply, before issuing any future Registration Requests.

如第3.6.1.1和3.6.1.2节所述,当移动节点执行动态归属代理地址解析时,归属代理返回该代码。在这种情况下,应答中的归属代理字段将包含返回应答的归属代理的单播IP地址。然后,移动节点可以在将来的注册请求中尝试向该归属代理注册。此外,在发出任何未来的注册请求之前,移动节点应根据注册回复中的相应字段调整其用于计算标识字段的参数。

3.6.3. Registration Retransmission
3.6.3. 注册重传

When no Registration Reply has been received within a reasonable time, another Registration Request MAY be transmitted. When timestamps are used, a new registration Identification is chosen for each retransmission; thus, it counts as a new registration. When nonces are used, the unanswered Request is retransmitted unchanged; thus, the retransmission does not count as a new registration (Section 5.7). In this way, a retransmission will not require the home agent to resynchronize with the mobile node by issuing another nonce in the case in which the original Registration Request (rather than its Registration Reply) was lost by the network.

如果在合理时间内未收到注册回复,则可以发送另一个注册请求。当使用时间戳时,为每次重传选择新的注册标识;因此,它被视为新的注册。当使用nonce时,未响应的请求将不加更改地重新传输;因此,重新传输不算作新的注册(第5.7节)。这样,在原始注册请求(而不是其注册回复)被网络丢失的情况下,重传将不需要归属代理通过发出另一个nonce来与移动节点重新同步。

The maximum time until a new Registration Request is sent SHOULD be no greater than the requested Lifetime of the Registration Request. The minimum value SHOULD be large enough to account for the size of the messages, twice the round-trip time for transmission to the home agent, and at least an additional 100 milliseconds to allow for processing the messages before responding. The round-trip time for transmission to the home agent will be at least as large as the time required to transmit the messages at the link speed of the mobile node's current point of attachment. Some circuits add another 200 milliseconds of satellite delay in the total round-trip time to the home agent. The minimum time between Registration Requests MUST NOT be less than 1 second. Each successive retransmission timeout period SHOULD be at least twice the previous period, as long as that is less than the maximum as specified above.

发送新注册请求之前的最长时间不应大于注册请求的请求生存期。最小值应足够大,以说明消息的大小,传输到归属代理的往返时间的两倍,以及至少额外的100毫秒,以允许在响应之前处理消息。发送到归属代理的往返时间将至少与以移动节点的当前连接点的链路速度发送消息所需的时间相同。一些电路在到归属代理的总往返时间中再增加200毫秒的卫星延迟。注册请求之间的最短时间不得少于1秒。每个连续的重新传输超时时间应至少是前一个时间段的两倍,只要该时间段小于上述规定的最大值。

3.7. Foreign Agent Considerations
3.7. 外国代理人的考虑

The foreign agent plays a mostly passive role in Mobile IP registration. It relays Registration Requests between mobile nodes and home agents, and, when it provides the care-of address,

外来代理在移动IP注册中扮演着被动的角色。它在移动节点和归属代理之间转发注册请求,并且在提供转交地址时,

decapsulates datagrams for delivery to the mobile node. It SHOULD also send periodic Agent Advertisement messages to advertise its presence as described in Section 2.3, if not detectable by link-layer means.

解除对数据报的封装以传送到移动节点。如果链路层无法检测到,则还应发送周期性代理广告消息,以按照第2.3节所述宣传其存在。

A foreign agent MUST NOT transmit a Registration Request, unless the request is being relayed from a mobile node to that mobile node's home agent. A foreign agent MUST NOT transmit a Registration Reply except when relaying a Registration Reply received from a mobile node's home agent, or when replying to a Registration Request received from a mobile node in the case in which the foreign agent is denying service to the mobile node. In particular, a foreign agent MUST NOT generate a Registration Request or Reply because a mobile node's registration Lifetime has expired. A foreign agent also MUST NOT originate a Registration Request message that asks for deregistration of a mobile node; however, it MUST relay well-formed (de)Registration Requests originated by a mobile node.

外部代理不得发送注册请求,除非该请求正从移动节点中继到该移动节点的归属代理。外部代理不得发送注册回复,除非在中继从移动节点的归属代理接收到的注册回复时,或者在外部代理拒绝向移动节点提供服务的情况下,在答复从移动节点接收到的注册请求时。特别是,外部代理不得生成注册请求或回复,因为移动节点的注册生存期已过期。外部代理也不得发起请求撤销移动节点注册的注册请求消息;但是,它必须中继由移动节点发起的格式良好的(取消)注册请求。

3.7.1. Configuration and Registration Tables
3.7.1. 配置和注册表

Each foreign agent MUST be configured with a care-of address. In addition, for each pending or current registration the foreign agent MUST maintain a visitor list entry containing the following information obtained from the mobile node's Registration Request:

每个外部代理必须配置一个转交地址。此外,对于每个待定或当前注册,外部代理必须维护一个访客列表条目,其中包含从移动节点的注册请求中获得的以下信息:

o the link-layer source address of the mobile node

o 移动节点的链路层源地址

o the IP Source Address (the mobile node's home address) or its co-located care-of address (see description of the 'R' bit in Section 2.1.1)

o IP源地址(移动节点的家庭地址)或其共同定位的转交地址(参见第2.1.1节中的“R”位描述)

o the IP Destination Address (as specified in Section 3.6.1.1)

o IP目标地址(如第3.6.1.1节所述)

o the UDP Source Port

o UDP源端口

o the home agent address

o 国内代理地址

o the Identification field

o 标识字段

o the requested registration Lifetime, and

o 请求的注册生存期,以及

o the remaining Lifetime of the pending or current registration

o 挂起或当前注册的剩余生存期

If there is an NAI extension in the Registration Request message (often, for example, when the mobile node's Home Address is zero), then the foreign agent MUST follow the procedures specified in RFC

如果注册请求消息中存在NAI扩展(通常,例如,当移动节点的家庭地址为零时),则外部代理必须遵循RFC中指定的过程

2794 [2]. In particular, if the foreign agent cannot manage pending Registration Request records with such a zero Home Address for the mobile node, the foreign agent MUST return a Registration Reply with a code indicating NONZERO_HOMEADDR_REQD (see [2]).

2794 [2]. 特别是,如果外部代理无法使用移动节点的此类零家庭地址管理挂起的注册请求记录,则外部代理必须返回一个注册回复,其代码指示非零家庭地址请求(参见[2])。

The foreign agent MAY configure a maximum number of pending registrations that it is willing to maintain (typically 5). Additional registrations SHOULD then be rejected by the foreign agent with Code 66. The foreign agent MAY delete any pending Registration Request after the request has been pending for more than 7 seconds; in this case, the foreign agent SHOULD reject the Request with Code 78 (registration timeout).

外国代理可以配置其愿意维护的最大未决注册数(通常为5)。然后,代码为66的外国代理应拒绝额外注册。外国代理可以在请求被挂起超过7秒后删除任何挂起的注册请求;在这种情况下,外部代理应拒绝代码为78(注册超时)的请求。

As with any node on the Internet, a foreign agent MAY also share Mobility Security Associations with any other nodes. When relaying a Registration Request from a mobile node to its home agent, if the foreign agent shares a Mobility Security Association with the home agent, it MUST add a Foreign-Home Authentication Extension to the Request. In this case, when the Registration Reply has nonzero Lifetime, the foreign agent MUST check the required Foreign-Home Authentication Extension in the Registration Reply from the home agent (Sections 3.3 and 3.4). Similarly, when receiving a Registration Request from a mobile node, if the foreign agent shares a Mobility Security Association with the mobile node, it MUST check the required Mobile-Foreign Authentication Extension in the Request and MUST add a Mobile-Foreign Authentication Extension to the Registration Reply to the mobile node.

与Internet上的任何节点一样,外部代理也可以与任何其他节点共享移动安全关联。当将注册请求从移动节点中继到其归属代理时,如果外部代理与归属代理共享移动安全关联,则必须向请求添加外部归属身份验证扩展。在这种情况下,当注册回复具有非零生存期时,外国代理必须在来自本国代理的注册回复中检查所需的外国本国身份验证扩展(第3.3节和第3.4节)。类似地,当从移动节点接收注册请求时,如果外部代理与移动节点共享移动安全关联,则其必须检查请求中所需的移动外部认证扩展,并且必须将移动外部认证扩展添加到对移动节点的注册回复中。

3.7.2. Receiving Registration Requests
3.7.2. 接收注册请求

If the foreign agent accepts a Registration Request from a mobile node, it checks to make sure that the indicated home agent address does not belong to any network interface of the foreign agent. If not, the foreign agent then MUST relay the Request to the indicated home agent. Otherwise, if the foreign agent denies the Request, it MUST send a Registration Reply to the mobile node with an appropriate denial code, except in cases where the foreign agent would be required to send out more than one such denial per second to the same mobile node. The following sections describe this behavior in more detail.

如果外部代理接受来自移动节点的注册请求,它将检查以确保所指示的归属代理地址不属于外部代理的任何网络接口。如果没有,则外国代理必须将请求转发给指定的本国代理。否则,如果外部代理拒绝该请求,则它必须向移动节点发送带有适当拒绝代码的注册回复,除非要求外部代理每秒向同一移动节点发送多个此类拒绝。以下各节将更详细地描述此行为。

If the foreign agent has configured one of its network interfaces with the IP address specified by the mobile node as its home agent address, the foreign agent MUST NOT forward the Request again. If the foreign agent serves the mobile node as a home agent, the foreign agent follows the procedures specified in Section 3.8.2. Otherwise,

如果外部代理已将其网络接口之一配置为移动节点指定的IP地址作为其归属代理地址,则外部代理不得再次转发请求。如果外部代理作为归属代理服务于移动节点,则外部代理遵循第3.8.2节中规定的程序。否则

if the foreign agent does not serve the mobile node as a home agent, the foreign agent rejects the Registration Request with Code 194 (Invalid Home Agent Address).

如果外部代理不作为归属代理服务于移动节点,则外部代理拒绝代码为194(无效的归属代理地址)的注册请求。

If a foreign agent receives a Registration Request from a mobile node in its visitor list, the existing visitor list entry for the mobile node SHOULD NOT be deleted or modified until the foreign agent receives a valid Registration Reply from the home agent with a code indicating success. The foreign agent MUST record the new pending Request as a separate part of the existing visitor list entry for the mobile node. If the Registration Request asks for deregistration, the existing visitor list entry for the mobile node SHOULD NOT be deleted until the foreign agent has received a successful Registration Reply. If the Registration Reply indicates that the Request (for registration or deregistration) was denied by the home agent, the existing visitor list entry for the mobile node MUST NOT be modified as a result of receiving the Registration Reply.

如果外部代理从其访客列表中的移动节点接收到注册请求,则不应删除或修改移动节点的现有访客列表条目,直到外部代理从归属代理接收到有效的注册回复(代码表示成功)。外部代理必须将新的挂起请求记录为移动节点现有访客列表条目的一个单独部分。如果注册请求要求取消注册,则在外部代理收到成功的注册回复之前,不应删除移动节点的现有访客列表条目。如果注册回复表明请求(注册或注销)被归属代理拒绝,则移动节点的现有访客列表条目不得因收到注册回复而被修改。

3.7.2.1. Validity Checks
3.7.2.1. 有效性检查

Registration Requests with an invalid, non-zero UDP checksum MUST be silently discarded. Requests with non-zero bits in reserved fields MUST be rejected with Code 70 (poorly formed Request). Requests with the 'D' bit set to 0, nonzero Lifetime, and specifying a care-of address not offered by the foreign agent, MUST be rejected with Code 77 (invalid care-of address).

必须以静默方式放弃具有无效、非零UDP校验和的注册请求。保留字段中具有非零位的请求必须以代码70(格式错误的请求)被拒绝。“D”位设置为0、非零生存期并指定外部代理未提供的转交地址的请求必须以代码77(无效转交地址)拒绝。

Also, the authentication in the Registration Request MUST be checked. If the foreign agent and the mobile node share a Mobility Security Association, exactly one Mobile-Foreign Authentication Extension MUST be present in the Registration Request, and the foreign agent MUST check the Authenticator value in the Extension. If no Mobile-Foreign Authentication Extension is found, or if more than one Mobile-Foreign Authentication Extension is found, or if the Authenticator is invalid, the foreign agent MUST silently discard the Request and SHOULD log the event as a security exception. The foreign agent also SHOULD send a Registration Reply to the mobile node with Code 67.

此外,必须检查注册请求中的身份验证。如果外部代理和移动节点共享移动安全关联,则注册请求中必须正好存在一个移动外部身份验证扩展,并且外部代理必须检查扩展中的验证器值。如果未找到移动外部身份验证扩展,或者找到多个移动外部身份验证扩展,或者如果身份验证程序无效,则外部代理必须以静默方式放弃请求,并应将事件记录为安全异常。外部代理还应向移动节点发送代码为67的注册回复。

3.7.2.2. Forwarding a Valid Request to the Home Agent
3.7.2.2. 向归属代理转发有效请求

If the foreign agent accepts the mobile node's Registration Request, it MUST relay the Request to the mobile node's home agent as specified in the Home Agent field of the Registration Request. The foreign agent MUST NOT modify any of the fields beginning with the fixed portion of the Registration Request up through and including the Mobile-Home Authentication Extension or other authentication extension supplied by the mobile node as an authorization-enabling

如果外部代理接受移动节点的注册请求,则必须按照注册请求的“归属代理”字段中的指定,将该请求转发给移动节点的归属代理。外部代理不得修改从注册请求的固定部分开始的任何字段,直到移动归属认证扩展或移动节点作为授权启用提供的其他认证扩展

extension for the home agent. Otherwise, an authentication failure is very likely to occur at the home agent. In addition, the foreign agent proceeds as follows:

家庭代理的分机。否则,很可能在归属代理上发生身份验证失败。此外,外国代理人的收益如下:

o It MUST process and remove any extensions that do not precede any authorization-enabling extension,

o 它必须处理并删除任何不在授权启用扩展之前的扩展,

o It MAY append any of its own non-authentication Extensions of relevance to the home agent, if applicable, and

o 如果适用,它可以将其自身的任何相关非认证扩展附加到归属代理,以及

o If the foreign agent shares a Mobility Security Association with the home agent, and the Request has Lifetime != 0, then it MUST append the Foreign-Home Authentication Extension.

o 如果外部代理与归属代理共享移动安全关联,并且请求具有生存期!=0,则必须附加外部主身份验证扩展。

Specific fields within the IP header and the UDP header of the relayed Registration Request MUST be set as follows:

中继注册请求的IP标头和UDP标头中的特定字段必须设置如下:

IP Source Address

IP源地址

The care-of address offered by the foreign agent for the mobile node sending the Registration Request.

外部代理为发送注册请求的移动节点提供的转交地址。

IP Destination Address

IP目的地址

Copied from the Home Agent field within the Registration Request.

从注册请求中的Home Agent字段复制。

UDP Source Port

UDP源端口

variable

变量

UDP Destination Port

UDP目标端口

434

434

After forwarding a valid Registration Request to the home agent, the foreign agent MUST begin timing the remaining lifetime of the pending registration based on the Lifetime in the Registration Request. If this lifetime expires before receiving a valid Registration Reply, the foreign agent MUST delete its visitor list entry for this pending registration.

在将有效注册请求转发给归属代理之后,外部代理必须根据注册请求中的生存期开始计时挂起注册的剩余生存期。如果此生存期在收到有效的注册回复之前过期,则外部代理必须删除此挂起注册的访客列表条目。

3.7.2.3. Denying Invalid Requests
3.7.2.3. 拒绝无效请求

If the foreign agent denies the mobile node's Registration Request for any reason, it SHOULD send the mobile node a Registration Reply with a suitable denial code. In such a case, the Home Address, Home Agent, and Identification fields within the Registration Reply are copied from the corresponding fields of the Registration Request.

如果外部代理出于任何原因拒绝移动节点的注册请求,则应向移动节点发送带有适当拒绝代码的注册回复。在这种情况下,从注册请求的相应字段复制注册回复中的家庭地址、家庭代理和标识字段。

If the Reserved field is nonzero, the foreign agent MUST deny the Request and SHOULD return a Registration Reply with Status Code 70 to the mobile node. If the Request is being denied because the requested Lifetime is too long, the foreign agent sets the Lifetime in the Reply to the maximum Lifetime value it is willing to accept in any Registration Request, and sets the Code field to 69. Otherwise, the Lifetime SHOULD be copied from the Lifetime field in the Request.

如果保留字段非零,则外部代理必须拒绝该请求,并应向移动节点返回状态代码为70的注册回复。如果请求被拒绝,因为请求的生存期太长,则外部代理会将应答中的生存期设置为它愿意在任何注册请求中接受的最大生存期值,并将代码字段设置为69。否则,应该从请求中的Lifetime字段复制生存期。

Specific fields within the IP header and the UDP header of the Registration Reply MUST be set as follows:

注册回复的IP头和UDP头中的特定字段必须设置如下:

IP Source Address

IP源地址

Copied from the IP Destination Address of the Registration Request, unless the "All Agents Multicast" address was used. In this case, the foreign agent's address (on the interface from which the message will be sent) MUST be used.

从注册请求的IP目标地址复制,除非使用了“所有代理多播”地址。在这种情况下,必须使用外部代理的地址(在发送消息的接口上)。

IP Destination Address

IP目的地址

If the Registration Reply is generated by the foreign agent in order to reject a mobile node's Registration Request, and the Registration Request contains a Home Address that is not 0.0.0.0, then the IP Destination Address is copied from the Home Address field of the Registration Request. Otherwise, if the Registration Reply is received from the home agent, and contains a Home Address that is not 0.0.0.0, then the IP Destination Address is copied from the Home Address field of the Registration Reply. Otherwise, the IP Destination Address of the Registration Reply is set to be 255.255.255.255.

如果注册回复由外部代理生成以拒绝移动节点的注册请求,并且注册请求包含不是0.0.0.0的家庭地址,则从注册请求的家庭地址字段复制IP目的地地址。否则,如果从归属代理接收到注册回复,并且包含不是0.0.0.0的归属地址,则从注册回复的归属地址字段复制IP目标地址。否则,注册回复的IP目标地址设置为255.255.255.255。

UDP Source Port

UDP源端口

434

434

UDP Destination Port

UDP目标端口

Copied from the UDP Source Port of the Registration Request.

从注册请求的UDP源端口复制。

3.7.3. Receiving Registration Replies
3.7.3. 收到注册回复

The foreign agent updates its visitor list when it receives a valid Registration Reply from a home agent. It then relays the Registration Reply to the mobile node. The following sections describe this behavior in more detail.

外国代理在收到本国代理的有效注册回复后更新其访客列表。然后,它将注册回复转发给移动节点。以下各节将更详细地描述此行为。

If upon relaying a Registration Request to a home agent, the foreign agent receives an ICMP error message instead of a Registration Reply, then the foreign agent SHOULD send to the mobile node a Registration Reply with an appropriate "home agent unreachable" failure code (within the range 80-95, inclusive). See Section 3.7.2.3 for details on building the Registration Reply.

如果在将注册请求中继到归属代理时,外部代理收到ICMP错误消息而不是注册回复,则外部代理应向移动节点发送带有适当的“归属代理不可访问”故障代码(在80-95范围内,包括80-95)的注册回复。有关建立注册回复的详细信息,请参见第3.7.2.3节。

3.7.3.1. Validity Checks
3.7.3.1. 有效性检查

Registration Replies with an invalid, non-zero UDP checksum MUST be silently discarded.

必须以静默方式放弃具有无效、非零UDP校验和的注册回复。

When a foreign agent receives a Registration Reply message, it MUST search its visitor list for a pending Registration Request with the same mobile node home address as indicated in the Reply. If there are multiple entries with the same home address, and if the Registration Reply has the Mobile Node NAI extension [2], the foreign agent MUST use the NAI to disambiguate the pending Registration Requests with the same home address. If no matching pending Request is found, and if the Registration Reply does not correspond with any pending Registration Request with a zero mobile node home address (see Section 3.7.1), the foreign agent MUST silently discard the Reply. The foreign agent MUST also silently discard the Reply if the low-order 32 bits of the Identification field in the Reply do not match those in the Request.

当外部代理收到注册回复消息时,它必须在其访客列表中搜索具有与回复中所示相同的移动节点主地址的挂起注册请求。如果有多个条目具有相同的家庭地址,并且如果注册回复具有移动节点NAI扩展[2],则外部代理必须使用NAI来消除具有相同家庭地址的未决注册请求的歧义。如果未找到匹配的挂起请求,并且如果注册回复与任何具有零移动节点主地址的挂起注册请求不一致(请参阅第3.7.1节),则外部代理必须以静默方式放弃回复。如果应答中标识字段的低位32位与请求中的不匹配,则外部代理还必须悄悄地放弃应答。

Also, the authentication in the Registration Reply MUST be checked. If the foreign agent and the home agent share a Mobility Security Association, exactly one Foreign-Home Authentication Extension MUST be present in the Registration Reply, and the foreign agent MUST check the Authenticator value in the Extension. If no Foreign-Home Authentication Extension is found, or if more than one Foreign-Home Authentication Extension is found, or if the Authenticator is invalid, the foreign agent MUST silently discard the Reply and SHOULD log the event as a security exception. The foreign agent also MUST reject the mobile node's registration and SHOULD send a Registration Reply to the mobile node with Code 68.

此外,必须检查注册回复中的身份验证。如果外部代理和归属代理共享移动安全关联,则注册回复中必须正好存在一个外部归属身份验证扩展,并且外部代理必须检查扩展中的身份验证程序值。如果未找到外部家庭身份验证扩展,或者如果找到多个外部家庭身份验证扩展,或者如果验证器无效,则外部代理必须以静默方式放弃回复,并应将事件记录为安全异常。外部代理还必须拒绝移动节点的注册,并应向移动节点发送代码为68的注册回复。

3.7.3.2. Forwarding Replies to the Mobile Node
3.7.3.2. 将答复转发到移动节点

A Registration Reply that satisfies the validity checks of Section 3.8.2.1 is relayed to the mobile node. The foreign agent MUST also update its visitor list entry for the mobile node to reflect the results of the Registration Request, as indicated by the Code field in the Reply. If the code indicates that the home agent has accepted the registration and the Lifetime field is nonzero, the foreign agent SHOULD set the Lifetime in the visitor list entry to the minimum of the following two values:

满足第3.8.2.1节有效性检查的注册回复被中继到移动节点。外部代理还必须更新移动节点的访客列表条目,以反映注册请求的结果,如回复中的代码字段所示。如果代码表明本国代理已接受注册且寿命字段为非零,则外国代理应将访客列表条目中的寿命设置为以下两个值中的最小值:

o the value specified in the Lifetime field of the Registration Reply, and

o 在注册回复的生存期字段中指定的值,以及

o the foreign agent's own maximum value for allowable registration Lifetime.

o 外国代理自身允许的注册生存期的最大值。

If, instead, the code indicates that the Lifetime field is zero, the foreign agent MUST delete its visitor list entry for the mobile node. Finally, if the code indicates that the registration was denied by the home agent, the foreign agent MUST delete its pending registration list entry, but not its visitor list entry, for the mobile node.

相反,如果代码指示Lifetime字段为零,则外部代理必须删除移动节点的访问者列表条目。最后,如果代码指示注册被归属代理拒绝,则对于移动节点,外部代理必须删除其挂起的注册列表条目,而不是其访客列表条目。

The foreign agent MUST NOT modify any of the fields beginning with the fixed portion of the Registration Reply up through and including the Mobile-Home Authentication Extension. Otherwise, an authentication failure is very likely to occur at the mobile node. In addition, the foreign agent SHOULD perform the following additional procedures:

外部代理不得修改从注册回复的固定部分开始的任何字段,包括移动家庭身份验证扩展。否则,很可能在移动节点处发生认证失败。此外,外国代理应执行以下附加程序:

o It MUST process and remove any Extensions that are not covered by any authorization-enabling extension,

o 它必须处理并删除任何授权启用扩展未涵盖的任何扩展,

o It MAY append its own non-authentication Extensions that supply information to the mobile node, if applicable, and

o 如果适用,它可以附加其自己的非认证扩展,该扩展向移动节点提供信息,以及

o It MUST append the Mobile-Foreign Authentication Extension, if the foreign agent shares a Mobility Security Association with the mobile node.

o 如果外部代理与移动节点共享移动安全关联,则必须附加移动外部身份验证扩展。

Specific fields within the IP header and the UDP header of the relayed Registration Reply are set according to the same rules specified in Section 3.7.2.3.

中继注册回复的IP报头和UDP报头中的特定字段根据第3.7.2.3节中规定的相同规则进行设置。

After forwarding a valid Registration Reply to the mobile node, the foreign agent MUST update its visitor list entry for this registration as follows. If the Registration Reply indicates that

在将有效的注册回复转发给移动节点后,外部代理必须按如下所示更新此注册的访客列表条目。如果注册回复表明

the registration was accepted by the home agent, the foreign agent resets its timer of the lifetime of the registration to the Lifetime granted in the Registration Reply; unlike the mobile node's timing of the registration lifetime as described in Section 3.6.2.2, the foreign agent considers this lifetime to begin when it forwards the Registration Reply message, ensuring that the foreign agent will not expire the registration before the mobile node does. On the other hand, if the Registration Reply indicates that the registration was rejected by the home agent, the foreign agent deletes its visitor list entry for this attempted registration.

注册已被本国代理接受,外国代理将其注册有效期计时器重置为注册回复中授予的有效期;与第3.6.2.2节中描述的移动节点的注册生存期定时不同,外部代理在转发注册回复消息时认为该生存期开始,以确保外部代理不会在移动节点之前使注册过期。另一方面,如果注册回复表明注册被本国代理拒绝,则外国代理将删除该尝试注册的访客列表条目。

3.8. Home Agent Considerations
3.8. 国内代理考虑事项

Home agents play a reactive role in the registration process. The home agent receives Registration Requests from the mobile node (perhaps relayed by a foreign agent), updates its record of the mobility bindings for this mobile node, and issues a suitable Registration Reply in response to each.

家庭代理在注册过程中扮演被动角色。归属代理接收来自移动节点的注册请求(可能由外部代理中继),更新其关于该移动节点的移动绑定的记录,并响应于每个请求发出合适的注册回复。

A home agent MUST NOT transmit a Registration Reply except when replying to a Registration Request received from a mobile node. In particular, the home agent MUST NOT generate a Registration Reply to indicate that the Lifetime has expired.

归属代理不得发送注册回复,除非在回复从移动节点接收的注册请求时。特别是,归属代理不得生成注册回复以指示生存期已过期。

3.8.1. Configuration and Registration Tables
3.8.1. 配置和注册表

Each home agent MUST be configured with an IP address and with the prefix size for the home network. The home agent MUST be configured with the Mobility Security Association of each authorized mobile node that it is serving as a home agent.

每个家庭代理必须配置一个IP地址和家庭网络的前缀大小。归属代理必须配置其作为归属代理服务的每个授权移动节点的移动安全关联。

When the home agent accepts a valid Registration Request from a mobile node that it serves as a home agent, the home agent MUST create or modify the entry for this mobile node in its mobility binding list containing:

当归属代理接受来自其作为归属代理的移动节点的有效注册请求时,归属代理必须在其移动绑定列表中为该移动节点创建或修改包含以下内容的条目:

o the mobile node's home address

o 移动节点的主地址

o the mobile node's care-of address

o 移动节点的转交地址

o the Identification field from the Registration Reply

o 注册回复中的标识字段

o the remaining Lifetime of the registration

o 注册的剩余生存期

The home agent MAY optionally offer the capability to dynamically associate a home address to a mobile node upon receiving a Registration Request from that mobile node. The method by which a home address is allocated to the mobile node is beyond the scope of

归属代理可以可选地提供在接收到来自移动节点的注册请求时将归属地址动态地关联到该移动节点的能力。将归属地址分配给移动节点的方法超出了本发明的范围

this document, but see [2]. After the home agent makes the association of the home address to the mobile node, the home agent MUST put that home address into the Home Address field of the Registration Reply.

请参阅本文档,但请参见[2]。在归属代理将归属地址与移动节点关联之后,归属代理必须将该归属地址放入注册回复的归属地址字段中。

The home agent MAY also maintain Mobility Security Associations with various foreign agents. When receiving a Registration Request from a foreign agent, if the home agent shares a Mobility Security Association with the foreign agent, the home agent MUST check the Authenticator in the required Foreign-Home Authentication Extension in the message, based on this Mobility Security Association, unless the Lifetime field equals 0. When processing a Registration Request with Lifetime = 0, the HA MAY skip checking for the presence and validity of a Foreign-Home Authentication Extension. Similarly, when sending a Registration Reply to a foreign agent, if the home agent shares a Mobility Security Association with the foreign agent, the home agent MUST include a Foreign-Home Authentication Extension in the message, based on this Mobility Security Association.

归属代理还可以与各种外国代理保持移动安全关联。当接收到来自外部代理的注册请求时,如果归属代理与外部代理共享移动安全关联,则归属代理必须基于此移动安全关联检查消息中所需的外部归属身份验证扩展中的验证器,除非生存期字段等于0。当处理生存期为0的注册请求时,HA可能会跳过检查外国家庭身份验证扩展的存在性和有效性。类似地,当向外部代理发送注册回复时,如果归属代理与外部代理共享移动安全关联,则归属代理必须基于该移动安全关联在消息中包括外部归属认证扩展。

3.8.2. Receiving Registration Requests
3.8.2. 接收注册请求

If the home agent accepts an incoming Registration Request, it MUST update its record of the mobile node's mobility binding(s) and SHOULD send a Registration Reply with a suitable code. Otherwise (the home agent has denied the Request), it SHOULD in most cases send a Registration Reply with an appropriate code specifying the reason the Request was denied. The following sections describe this behavior in more detail. If the home agent does not support broadcasts (see Section 4.3), it MUST ignore the 'B' bit (as opposed to rejecting the Registration Request).

如果归属代理接受传入的注册请求,它必须更新其移动节点的移动绑定记录,并应发送带有适当代码的注册回复。否则(归属代理拒绝了请求),在大多数情况下,它应该发送一个注册回复,并用适当的代码指定拒绝请求的原因。以下各节将更详细地描述此行为。如果归属代理不支持广播(参见第4.3节),则必须忽略“B”位(而不是拒绝注册请求)。

3.8.2.1. Validity Checks
3.8.2.1. 有效性检查

Registration Requests with an invalid, non-zero UDP checksum MUST be silently discarded by the home agent.

具有无效、非零UDP校验和的注册请求必须由归属代理自动放弃。

The authentication in the Registration Request MUST be checked. This involves the following operations:

必须检查注册请求中的身份验证。这涉及以下操作:

a. The home agent MUST check for the presence of at least one authorization-enabling extension, and ensure that all indicated authentications are carried out. At least one authorization-enabling extension MUST be present in the Registration Request, and the home agent MUST either check the Authenticator value in the extension or verify that the Authenticator Value has been checked by another agent with which it has a security association.

a. 归属代理必须检查是否存在至少一个授权启用扩展,并确保执行所有指示的身份验证。注册请求中必须至少存在一个授权启用扩展,并且归属代理必须检查扩展中的验证器值,或者验证验证器值是否已由与其具有安全关联的另一个代理检查。

If the home agent receives a Registration Request from a mobile node with which it does not have any security association, the home agent MUST silently discard the Registration Request.

如果归属代理从其没有任何安全关联的移动节点接收到注册请求,则归属代理必须以静默方式放弃该注册请求。

If the home agent receives a Registration Request without any authorization-enabling extension, the home agent MUST silently discard the Registration Request.

如果归属代理在没有任何授权启用扩展的情况下收到注册请求,则归属代理必须以静默方式放弃注册请求。

If the Authenticator is invalid, the home agent MUST reject the mobile node's registration. Further action to be taken in this case depends upon whether the Request has a valid Foreign-Home authentication extension (as follows):

如果验证器无效,则归属代理必须拒绝移动节点的注册。在这种情况下要采取的进一步行动取决于请求是否具有有效的外国家庭身份验证扩展(如下所示):

* If there is a valid Foreign-Home authentication extension, the home agent MUST send a Registration Reply with Code 131.

* 如果存在有效的外国家庭身份验证扩展,则家庭代理必须发送代码为131的注册回复。

* Otherwise, if there is no Foreign-Home Security Association, the home agent MAY send a Registration Reply with Code 131. If the home agent sends a Registration Reply, it MUST contain a valid Mobile-Home Authentication Extension. In constructing the Reply, the home agent SHOULD choose a security association that is likely to exist in the mobile node; for example, this may be an older security association or one with a longer lifetime than the one that the mobile node attempted to use in its Request. Deployments should take care when updating security associations to ensure that there is at least one common security association shared between the mobile node and home agent. In any case of a failed Authenticator, the home agent MUST then discard the Request without further processing and SHOULD log the error as a security exception.

* 否则,如果没有外国家庭安全协会,则家庭代理可以发送代码为131的注册回复。如果归属代理发送注册回复,则必须包含有效的移动归属身份验证扩展。在构造应答时,归属代理应选择可能存在于移动节点中的安全关联;例如,这可能是较旧的安全关联,也可能是比移动节点在其请求中尝试使用的安全关联的生存期更长的安全关联。在更新安全关联时,部署应注意确保移动节点和归属代理之间至少共享一个公共安全关联。在任何身份验证失败的情况下,归属代理必须放弃该请求而无需进一步处理,并应将该错误记录为安全异常。

b. The home agent MUST check that the registration Identification field is correct using the context selected by the SPI within the authorization-enabling extension that the home agent used to authenticate the mobile node's Registration Request. See Section 5.7 for a description of how this is performed. If incorrect, the home agent MUST reject the Request and SHOULD send a Registration Reply to the mobile node with Code 133, including an Identification field computed in accordance with the rules specified in Section 5.7. The home agent MUST do no further processing with such a Request, though it SHOULD log the error as a security exception.

b. 归属代理必须使用由SPI在归属代理用于认证移动节点的注册请求的授权启用扩展中选择的上下文来检查注册标识字段是否正确。有关如何执行此操作的说明,请参见第5.7节。如果不正确,归属代理必须拒绝请求,并应向移动节点发送代码为133的注册回复,包括根据第5.7节规定的规则计算的标识字段。归属代理不得对此类请求进行进一步处理,但应将错误记录为安全异常。

c. If the home agent shares a Mobility Security Association with the foreign agent, and this is a Registration Request (has non-zero Lifetime), the home agent MUST check for the presence of a valid Foreign-Home Authentication Extension. Exactly one Foreign-Home Authentication Extension MUST be present in the Registration

c. 如果归属代理与外部代理共享移动安全关联,并且这是一个注册请求(具有非零生存期),则归属代理必须检查是否存在有效的外部归属身份验证扩展。注册中必须仅存在一个外国家庭身份验证扩展

Request in this case, and the home agent MUST check the Authenticator Value in the Extension. If no Foreign-Home Authentication Extension is found, or if more than one Foreign-Home Authentication Extension is found, or if the Authenticator is invalid, the home agent MUST reject the mobile node's registration and SHOULD send a Registration Reply to the mobile node with Code 132. The home agent MUST then discard the Request and SHOULD log the error as a security exception.

在这种情况下请求,并且归属代理必须检查扩展中的验证器值。如果未找到外部家庭身份验证扩展,或者如果找到多个外部家庭身份验证扩展,或者如果验证器无效,则家庭代理必须拒绝移动节点的注册,并应向移动节点发送注册回复,代码为132。然后,归属代理必须放弃该请求,并将该错误记录为安全异常。

d. If the home agent and the foreign agent do not share a Mobility Security Association, and the Registration contains a Foreign-Home Authentication Extension, the home agent MUST discard the Request and SHOULD log the error as a security exception.

d. 如果归属代理和外部代理不共享移动安全关联,并且注册包含外部归属身份验证扩展,则归属代理必须放弃该请求,并应将错误记录为安全异常。

In addition to checking the authentication in the Registration Request, home agents MUST deny Registration Requests that are sent to the subnet-directed broadcast address of the home network (as opposed to being unicast to the home agent). The home agent MUST discard the Request and SHOULD return a Registration Reply with a Code of 136. In this case, the Registration Reply will contain the home agent's unicast address, so that the mobile node can re-issue the Registration Request with the correct home agent address.

除了检查注册请求中的身份验证外,归属代理还必须拒绝发送到归属网络的子网定向广播地址的注册请求(而不是单播到归属代理)。归属代理必须放弃该请求,并应返回代码为136的注册回复。在这种情况下,注册回复将包含归属代理的单播地址,以便移动节点可以使用正确的归属代理地址重新发出注册请求。

Note that some routers change the IP Destination Address of a datagram from a subnet-directed broadcast address to 255.255.255.255 before injecting it into the destination subnet. In this case, home agents that attempt to pick up dynamic home agent discovery requests by binding a socket explicitly to the subnet-directed broadcast address will not see such packets. Home agent implementors should be prepared for both the subnet-directed broadcast address and 255.255.255.255 if they wish to support dynamic home agent discovery.

请注意,某些路由器将数据报的IP目标地址从子网定向广播地址更改为255.255.255.255,然后再将其注入目标子网。在这种情况下,试图通过将套接字显式绑定到子网定向广播地址来拾取动态归属代理发现请求的归属代理将看不到此类数据包。如果归属代理实现者希望支持动态归属代理发现,则应为子网定向广播地址和255.255.255.255做好准备。

3.8.2.2. Accepting a Valid Request
3.8.2.2. 接受有效的请求

If the Registration Request satisfies the validity checks in Section 3.8.2.1, and the home agent is able to accommodate the Request, the home agent MUST update its mobility binding list for the requesting mobile node and MUST return a Registration Reply to the mobile node. In this case, the code in the Registration Reply will be either 0 if the home agent supports simultaneous mobility bindings, or 1 if it does not. See Section 3.8.3 for details on building the Registration Reply message.

如果注册请求满足第3.8.2.1节中的有效性检查,并且归属代理能够适应该请求,则归属代理必须更新其请求移动节点的移动绑定列表,并且必须向移动节点返回注册回复。在这种情况下,如果归属代理支持同时移动绑定,则注册回复中的代码将为0,如果不支持,则为1。有关建立注册回复消息的详细信息,请参见第3.8.3节。

The home agent updates its record of the mobile node's mobility bindings as follows, based on the fields in the Registration Request:

归属代理根据注册请求中的字段更新其移动节点的移动绑定记录,如下所示:

o If the Lifetime is zero and the Care-of Address equals the mobile node's home address, the home agent deletes all of the entries in the mobility binding list for the requesting mobile node. This is how a mobile node requests that its home agent cease providing mobility services.

o 如果生存期为零且转交地址等于移动节点的归属地址,则归属代理删除请求移动节点的移动绑定列表中的所有条目。这就是移动节点请求其归属代理停止提供移动服务的方式。

o If the Lifetime is zero and the Care-of Address does not equal the mobile node's home address, the home agent deletes only the entry containing the specified Care-of Address from the mobility binding list for the requesting mobile node. Any other active entries containing other care-of addresses will remain active.

o 如果生存期为零且转交地址不等于移动节点的归属地址,则归属代理仅从请求移动节点的移动绑定列表中删除包含指定转交地址的条目。包含其他转交地址的任何其他活动条目将保持活动状态。

o If the Lifetime is nonzero, the home agent adds an entry containing the requested Care-of Address to the mobility binding list for the mobile node. If the 'S' bit is set and the home agent supports simultaneous mobility bindings, the previous mobility binding entries are retained. Otherwise, the home agent removes all previous entries in the mobility binding list for the mobile node.

o 如果生存期非零,则归属代理将包含请求的转交地址的条目添加到移动节点的移动绑定列表中。如果设置了“S”位,并且归属代理支持同时移动绑定,则保留以前的移动绑定条目。否则,归属代理移除移动节点的移动绑定列表中的所有先前条目。

In all cases, the home agent MUST send a Registration Reply to the source of the Registration Request, which might indeed be a different foreign agent than that whose care-of address is being (de)registered. If the home agent shares a Mobility Security Association with the foreign agent whose care-of address is being deregistered, and that foreign agent is different from the one that relayed the Registration Request, the home agent MAY additionally send a Registration Reply to the foreign agent whose care-of address is being deregistered. The home agent MUST NOT send such a Reply if it does not share a Mobility Security Association with the foreign agent. If no Reply is sent, the foreign agent's visitor list will expire naturally when the original Lifetime expires.

在所有情况下,本国代理必须向注册请求的来源发送注册回复,该来源可能确实是与其托管地址正在(注销)注册的外国代理不同的外国代理。如果归属代理与托管地址被注销的外国代理共享移动安全关联,并且该外国代理与转发注册请求的外国代理不同,则归属代理还可以向托管地址被注销的外国代理发送注册回复。如果本国代理未与外国代理共享移动安全关联,则不得发送此类回复。如果未发送回复,则当原始生存期到期时,外国代理的访客列表将自然过期。

When a foreign agent relays a deregistration message containing a care-of address that it does not own, it MUST NOT add a Foreign-Home Authentication Extension to that deregistration. See Section 3.5.4 for more details.

当外部代理转发包含其不拥有的转交地址的注销消息时,它不得向该注销添加外部家庭身份验证扩展。详见第3.5.4节。

The home agent MUST NOT increase the Lifetime above that specified by the mobile node in the Registration Request. However, it is not an error for the mobile node to request a Lifetime longer than the home agent is willing to accept. In this case, the home agent simply reduces the Lifetime to a permissible value and returns this value in the Registration Reply. The Lifetime value in the Registration Reply informs the mobile node of the granted Lifetime of the registration, indicating when it SHOULD re-register in order to maintain continued

归属代理不得将生存期增加到超过移动节点在注册请求中指定的生存期。然而,移动节点请求比归属代理愿意接受的生存期更长的生存期并不是错误。在这种情况下,归属代理只是将生存期减少到允许的值,并在注册回复中返回该值。注册回复中的生存期值通知移动节点已授予的注册生存期,指示移动节点应在何时重新注册以保持连续性

service. After the expiration of this registration Lifetime, the home agent MUST delete its entry for this registration in its mobility binding list.

服务在该注册生存期到期后,归属代理必须在其移动绑定列表中删除该注册的条目。

If the Registration Request duplicates an accepted current Registration Request, the new Lifetime MUST NOT extend beyond the Lifetime originally granted. A Registration Request is a duplicate if the home address, care-of address, and Identification fields all equal those of an accepted current registration.

如果注册请求与已接受的当前注册请求重复,则新的生存期不得超过最初授予的生存期。如果家庭地址、转交地址和标识字段均与当前已接受的注册相同,则注册请求为重复。

In addition, if the home network implements ARP [16], and the Registration Request asks the home agent to create a mobility binding for a mobile node that previously had no binding (the mobile node was previously assumed to be at home), then the home agent MUST follow the procedures described in Section 4.6 with regard to ARP, proxy ARP, and gratuitous ARP. If the mobile node already had a previous mobility binding, the home agent MUST continue to follow the rules for proxy ARP described in Section 4.6.

此外,如果家庭网络实现ARP[16],并且注册请求要求家庭代理为之前没有绑定的移动节点创建移动绑定(移动节点之前假设在家),则家庭代理必须遵循第4.6节中描述的关于ARP、代理ARP、,和免费的ARP。如果移动节点已经具有先前的移动绑定,则归属代理必须继续遵循第4.6节中描述的代理ARP规则。

3.8.2.3. Denying an Invalid Request
3.8.2.3. 拒绝无效的请求

If the Registration Request does not satisfy all of the validity checks in Section 3.8.2.1, or the home agent is unable to accommodate the Request, the home agent SHOULD return a Registration Reply to the mobile node with a Code that indicates the reason for the error. If a foreign agent was involved in relaying the Request, this allows the foreign agent to delete its pending visitor list entry. Also, this informs the mobile node of the reason for the error such that it may attempt to fix the error and issue another Request.

如果注册请求未满足第3.8.2.1节中的所有有效性检查,或者归属代理无法满足该请求,则归属代理应向移动节点返回注册回复,并带有指示错误原因的代码。如果某个外部代理参与转发请求,则允许该外部代理删除其挂起的访客列表条目。此外,这将通知移动节点错误的原因,以便它可以尝试修复错误并发出另一个请求。

This section lists a number of reasons the home agent might reject a Request, and provides the code value it should use in each instance. See Section 3.8.3 for additional details on building the Registration Reply message.

本节列出了归属代理拒绝请求的许多原因,并提供了在每个实例中应该使用的代码值。有关构建注册回复消息的更多详细信息,请参见第3.8.3节。

Many reasons for rejecting a registration are administrative in nature. For example, a home agent can limit the number of simultaneous registrations for a mobile node, by rejecting any registrations that would cause its limit to be exceeded, and returning a Registration Reply with a Code of 135. Similarly, a home agent may refuse to grant service to mobile nodes that have entered unauthorized service areas by returning a Registration Reply with a Code of 129.

拒绝注册的许多理由是行政性质的。例如,归属代理可以通过拒绝任何可能导致超出其限制的注册,并返回代码为135的注册回复,来限制移动节点的同时注册数量。类似地,归属代理可以通过返回代码为129的注册回复来拒绝向进入未经授权服务区域的移动节点授予服务。

Requests with non-zero bits in reserved fields MUST be rejected with Code 134 (poorly formed Request).

保留字段中具有非零位的请求必须以代码134(格式错误的请求)被拒绝。

3.8.3. Sending Registration Replies
3.8.3. 发送注册回复

If the home agent accepts a Registration Request, it then MUST update its record of the mobile node's mobility binding(s) and SHOULD send a Registration Reply with a suitable Code. Otherwise (the home agent has denied the Request), it SHOULD in most cases send a Registration Reply with an appropriate Code specifying the reason the Request was denied. The following sections provide additional detail for the values the home agent MUST supply in the fields of Registration Reply messages.

如果归属代理接受注册请求,则它必须更新其移动节点的移动绑定记录,并应发送带有适当代码的注册回复。否则(归属代理拒绝了请求),在大多数情况下,它应该发送一个注册回复,并用适当的代码指定拒绝请求的原因。以下各节提供了归属代理必须在注册回复消息字段中提供的值的其他详细信息。

3.8.3.1. IP/UDP Fields
3.8.3.1. IP/UDP字段

This section provides the specific rules by which home agents pick values for the IP and UDP header fields of a Registration Reply.

本节提供了家庭代理为注册回复的IP和UDP头字段选择值的特定规则。

IP Source Address

IP源地址

Copied from the IP Destination Address of the Registration Request, unless a multicast or broadcast address was used. If the IP Destination Address of the Registration Request was a broadcast or multicast address, the IP Source Address of the Registration Reply MUST be set to the home agent's (unicast) IP address.

从注册请求的IP目标地址复制,除非使用了多播或广播地址。如果注册请求的IP目标地址是广播或多播地址,则注册回复的IP源地址必须设置为归属代理的(单播)IP地址。

IP Destination Address

IP目的地址

Copied from the IP Source Address of the Registration Request.

从注册请求的IP源地址复制。

UDP Source Port

UDP源端口

Copied from the UDP Destination Port of the Registration Request.

从注册请求的UDP目标端口复制。

UDP Destination Port

UDP目标端口

Copied from the UDP Source Port of the Registration Request.

从注册请求的UDP源端口复制。

When sending a Registration Reply in response to a Registration Request that requested deregistration of the mobile node (the Lifetime is zero and the Care-of Address equals the mobile node's home address) and in which the IP Source Address was also set to the mobile node's home address (this is the normal method used by a mobile node to deregister when it returns to its home network), the IP Destination Address in the Registration Reply will be set to the mobile node's home address, as copied from the IP Source Address of the Request.

当发送注册回复以响应请求撤销移动节点注册的注册请求时(生存期为零,转交地址等于移动节点的家庭地址),其中IP源地址也被设置为移动节点的家庭地址(这是移动节点返回其家庭网络时取消注册的正常方法),注册回复中的IP目的地地址将设置为移动节点的家庭地址(从请求的IP源地址复制)。

In this case, when transmitting the Registration Reply, the home agent MUST transmit the Reply directly onto the home network as if the mobile node were at home, bypassing any mobility binding list entry that may still exist at the home agent for the destination mobile node. In particular, for a mobile node returning home after being registered with a care-of address, if the mobile node's new Registration Request is not accepted by the home agent, the mobility binding list entry for the mobile node will still indicate that datagrams addressed to the mobile node should be tunneled to the mobile node's registered care-of address; when sending the Registration Reply indicating the rejection of this Request, this existing binding list entry MUST be ignored, and the home agent MUST transmit this Reply as if the mobile node were at home.

在这种情况下,当发送注册应答时,归属代理必须将应答直接发送到归属网络上,就像移动节点在家一样,绕过可能仍然存在于目的地移动节点的归属代理中的任何移动性绑定列表条目。特别地,对于在使用转交地址注册之后返回家乡的移动节点,如果归属代理不接受该移动节点的新注册请求,移动节点的移动性绑定列表条目仍将指示发往移动节点的数据报应通过隧道传输到移动节点的注册转交地址;当发送指示拒绝此请求的注册回复时,必须忽略此现有绑定列表条目,并且归属代理必须像移动节点在家一样发送此回复。

3.8.3.2. Registration Reply Fields
3.8.3.2. 注册回复字段

This section provides the specific rules by which home agents pick values for the fields within the fixed portion of a Registration Reply.

本节提供了家庭代理为注册回复的固定部分内的字段选择值的特定规则。

The Code field of the Registration Reply is chosen in accordance with the rules specified in the previous sections. When replying to an accepted registration, a home agent SHOULD respond with Code 1 if it does not support simultaneous registrations.

注册回复的代码字段是根据前面章节中规定的规则选择的。在回复已接受的注册时,如果不支持同时注册,则国内代理应以代码1进行回复。

The Lifetime field MUST be copied from the corresponding field in the Registration Request, unless the requested value is greater than the maximum length of time the home agent is willing to provide the requested service. In such a case, the Lifetime MUST be set to the length of time that service will actually be provided by the home agent. This reduced Lifetime SHOULD be the maximum Lifetime allowed by the home agent (for this mobile node and care-of address).

必须从注册请求中的相应字段复制生存期字段,除非请求的值大于归属代理愿意提供请求的服务的最大时间长度。在这种情况下,生存期必须设置为归属代理实际提供服务的时间长度。此缩短的生存期应该是归属代理允许的最大生存期(对于此移动节点和转交地址)。

If the Home Address field of the Registration Request is non-zero, it MUST be copied into the Home Address field of the Registration Reply message. If the home agent cannot support the specified nonzero unicast address in the Home Address field of the Registration Request, then the home agent MUST reject the Registration Request with a Code of 129.

如果注册请求的家庭地址字段非零,则必须将其复制到注册回复消息的家庭地址字段中。如果归属代理无法支持注册请求的归属地址字段中指定的非零单播地址,则归属代理必须使用代码129拒绝注册请求。

Otherwise, if the Home Address field of the Registration Request is zero as specified in Section 3.6, the home agent SHOULD arrange for the selection of a home address for the mobile node, and insert the selected address into the Home Address field of the Registration Reply message. See [2] for further relevant details in the case where mobile nodes identify themselves using an NAI instead of their IP home address.

否则,如果按照第3.6节的规定,注册请求的家庭地址字段为零,则家庭代理应安排为移动节点选择家庭地址,并将所选地址插入注册回复消息的家庭地址字段。有关移动节点使用NAI而不是IP主地址标识自己的情况,请参见[2]。

If the Home Agent field in the Registration Request contains a unicast address of this home agent, then that field MUST be copied into the Home Agent field of the Registration Reply. Otherwise, the home agent MUST set the Home Agent field in the Registration Reply to its unicast address. In this latter case, the home agent MUST reject the registration with a suitable code (e.g., Code 136) to prevent the mobile node from possibly being simultaneously registered with two or more home agents.

如果注册请求中的Home Agent字段包含此Home Agent的单播地址,则必须将该字段复制到注册回复的Home Agent字段中。否则,归属代理必须将注册回复中的归属代理字段设置为其单播地址。在后一种情况下,归属代理必须用合适的代码(例如,代码136)拒绝注册,以防止移动节点可能同时向两个或多个归属代理注册。

3.8.3.3. Extensions
3.8.3.3. 扩展

This section describes the ordering of any required and any optional Mobile IP Extensions that a home agent appends to a Registration Reply. The following ordering MUST be followed:

本节描述归属代理在注册回复后附加的任何必需和可选移动IP扩展的顺序。必须遵循以下顺序:

a. The IP header, followed by the UDP header, followed by the fixed-length portion of the Registration Reply,

a. IP报头,后跟UDP报头,后跟注册回复的固定长度部分,

b. If present, any non-authentication Extensions used by the mobile node (which may or may not also be used by the foreign agent),

b. 如果存在,移动节点使用的任何非认证扩展(外部代理也可以使用,也可以不使用),

c. The Mobile-Home Authentication Extension,

c. 移动家庭认证扩展,

d. If present, any non-authentication Extensions used only by the foreign agent, and

d. 如果存在,仅由外部代理使用的任何非身份验证扩展,以及

e. The Foreign-Home Authentication Extension, if present.

e. 外国家庭身份验证扩展(如果存在)。

Note that items (a) and (c) MUST appear in every Registration Reply sent by the home agent. Items (b), (d), and (e) are optional. However, item (e) MUST be included when the home agent and the foreign agent share a Mobility Security Association.

请注意,项目(a)和(c)必须出现在由国内代理发送的每个注册回复中。(b)、(d)和(e)项为可选项。但是,当本国代理和外国代理共享移动安全关联时,必须包括(e)项。

4. Routing Considerations
4. 路由考虑

This section describes how mobile nodes, home agents, and (possibly) foreign agents cooperate to route datagrams to/from mobile nodes that are connected to a foreign network. The mobile node informs its home agent of its current location using the registration procedure described in Section 3. See the protocol overview in Section 1.7 for the relative locations of the mobile node's home address with respect to its home agent, and the mobile node itself with respect to any foreign agent with which it might attempt to register.

本节描述移动节点、归属代理和(可能的)外部代理如何合作,将数据报路由到连接到外部网络的移动节点或从移动节点路由到外部网络。移动节点使用第3节中描述的注册过程通知其归属代理其当前位置。请参阅第1.7节中的协议概述,了解移动节点的家庭地址相对于其家庭代理的相对位置,以及移动节点自身相对于其可能尝试注册的任何外部代理的相对位置。

4.1. Encapsulation Types
4.1. 封装类型

Home agents and foreign agents MUST support tunneling datagrams using IP in IP encapsulation [14]. Any mobile node that uses a co-located care-of address MUST support receiving datagrams tunneled using IP in IP encapsulation. Minimal encapsulation [15] and GRE encapsulation [13] are alternate encapsulation methods that MAY optionally be supported by mobility agents and mobile nodes. The use of these alternative forms of encapsulation, when requested by the mobile node, is otherwise at the discretion of the home agent.

本地代理和外部代理必须支持使用IP-in-IP封装的隧道数据报[14]。任何使用同一位置转交地址的移动节点都必须支持接收使用IP-in-IP封装进行隧道传输的数据报。最小封装[15]和GRE封装[13]是可选的封装方法,可由移动代理和移动节点支持。当移动节点请求时,这些替代封装形式的使用由归属代理自行决定。

4.2. Unicast Datagram Routing
4.2. 单播数据报路由
4.2.1. Mobile Node Considerations
4.2.1. 移动节点注意事项

When connected to its home network, a mobile node operates without the support of mobility services. That is, it operates in the same way as any other (fixed) host or router. The method by which a mobile node selects a default router when connected to its home network, or when away from home and using a co-located care-of address, is outside the scope of this document. ICMP Router Advertisement [5] is one such method.

当连接到其家庭网络时,移动节点在不支持移动服务的情况下运行。也就是说,它的运行方式与任何其他(固定)主机或路由器相同。当移动节点连接到其家庭网络时,或当移动节点离开家并使用同一位置的转交地址时,移动节点选择默认路由器的方法不在本文档的范围内。ICMP路由器广告[5]就是这样一种方法。

When registered on a foreign network, the mobile node chooses a default router by the following rules:

当在外部网络上注册时,移动节点根据以下规则选择默认路由器:

o If the mobile node is registered using a foreign agent care-of address, it MAY use its foreign agent as a first-hop router. The foreign agent's MAC address can be learned from the foreign agent's Agent Advertisement message. Otherwise, the mobile node MUST choose its default router from among the router addresses advertised in the ICMP Router Advertisement portion of that Agent Advertisement message.

o 如果移动节点使用外部代理转交地址注册,则它可以使用其外部代理作为第一跳路由器。外部代理的MAC地址可以从外部代理的代理广告消息中获知。否则,移动节点必须从该代理播发消息的ICMP路由器播发部分中播发的路由器地址中选择其默认路由器。

o If the mobile node is registered directly with its home agent using a co-located care-of address, then the mobile node SHOULD choose its default router from among those advertised in any ICMP Router Advertisement message that it receives for which its externally obtained care-of address and the router address match under the network prefix. If the mobile node's externally obtained care-of address matches the IP source address of the Agent Advertisement under the network prefix, the mobile node MAY also consider that IP source address as another possible choice for the IP address of a default router. The network prefix MAY be obtained from the Prefix-Lengths Extension in the Router Advertisement, if present. The prefix MAY also be obtained through other mechanisms beyond the scope of this document.

o 如果移动节点使用同一位置的转交地址直接向其归属代理注册,则移动节点应从其接收的任何ICMP路由器公告消息中的公告中选择其默认路由器,其外部获得的转交地址和路由器地址在网络前缀下匹配。如果移动节点的外部获得的地址与网络前缀下的代理广告的IP源地址相匹配,则移动节点还可以考虑IP源地址作为默认路由器的IP地址的另一个可能选择。如果存在,则可以从路由器公告中的前缀长度扩展中获得网络前缀。前缀也可以通过本文件范围以外的其他机制获得。

While they are away from the home network, mobile nodes MUST NOT broadcast ARP packets to find the MAC address of another Internet node. Thus, the (possibly empty) list of router addresses from the ICMP Router Advertisement portion of the message is not useful for selecting a default router, unless the mobile node has some means not involving broadcast ARP and not specified within this document for obtaining the MAC address of one of the routers in the list. Similarly, in the absence of unspecified mechanisms for obtaining MAC addresses on foreign networks, the mobile node MUST ignore redirects to other routers on foreign networks.

当移动节点远离家庭网络时,不得通过广播ARP数据包来查找另一个互联网节点的MAC地址。因此,来自消息的ICMP路由器广告部分的路由器地址的(可能为空)列表对于选择默认路由器不有用,除非移动节点具有一些不涉及广播ARP且在本文档中未指定用于获取列表中的路由器之一的MAC地址的手段。类似地,在没有用于在外部网络上获取MAC地址的未指定机制的情况下,移动节点必须忽略到外部网络上的其他路由器的重定向。

4.2.2. Foreign Agent Considerations
4.2.2. 外国代理人的考虑

Upon receipt of an encapsulated datagram sent to its advertised care-of address, a foreign agent MUST compare the inner Destination Address to those entries in its visitor list. When the Destination does not match the address of any mobile node currently in the visitor list, the foreign agent MUST NOT forward the datagram without modifications to the original IP header, because otherwise a routing loop is likely to result. The datagram SHOULD be silently discarded. ICMP Destination Unreachable MUST NOT be sent when a foreign agent is unable to forward an incoming tunneled datagram. Otherwise, the foreign agent forwards the decapsulated datagram to the mobile node.

在收到发送到其广告转交地址的封装数据报后,外部代理必须将内部目标地址与其访客列表中的条目进行比较。当目的地与访客列表中当前任何移动节点的地址不匹配时,外部代理不得在不修改原始IP报头的情况下转发数据报,否则可能导致路由循环。数据报应该被悄悄地丢弃。当外部代理无法转发传入的隧道数据报时,不得发送无法到达的ICMP目标。否则,外部代理将解除封装的数据报转发给移动节点。

The foreign agent MUST NOT advertise to other routers in its routing domain, nor to any other mobile node, the presence of a mobile router (Section 4.5) or mobile node in its visitor list.

外部代理不得向其路由域中的其他路由器或任何其他移动节点通告其访客列表中是否存在移动路由器(第4.5节)或移动节点。

The foreign agent MUST route datagrams it receives from registered mobile nodes. At a minimum, this means that the foreign agent must verify the IP Header Checksum, decrement the IP Time To Live, recompute the IP Header Checksum, and forward such datagrams to a default router.

外部代理必须路由它从注册的移动节点接收的数据报。至少,这意味着外部代理必须验证IP报头校验和,减少IP生存时间,重新计算IP报头校验和,并将此类数据报转发到默认路由器。

A foreign agent MUST NOT use broadcast ARP for a mobile node's MAC address on a foreign network. It may obtain the MAC address by copying the information from an Agent Solicitation or a Registration Request transmitted from a mobile node. A foreign agent's ARP cache for the mobile node's IP address MUST NOT be allowed to expire before the mobile node's visitor list entry expires, unless the foreign agent has some way other than broadcast ARP to refresh its MAC address associated with the mobile node's IP address.

外部代理不得将广播ARP用于外部网络上移动节点的MAC地址。它可以通过复制来自代理请求或从移动节点发送的注册请求的信息来获得MAC地址。移动节点IP地址的外部代理ARP缓存不得在移动节点的访客列表条目到期之前过期,除非外部代理使用广播ARP以外的其他方式刷新其与移动节点IP地址关联的MAC地址。

Each foreign agent SHOULD support the mandatory features for reverse tunneling [12].

每个外国代理应支持反向隧道的强制性功能[12]。

4.2.3. Home Agent Considerations
4.2.3. 国内代理考虑事项

The home agent MUST be able to intercept any datagrams on the home network addressed to the mobile node while the mobile node is registered away from home. Proxy and gratuitous ARP MAY be used in enabling this interception, as specified in Section 4.6.

当移动节点在外地注册时,归属代理必须能够截获归属网络上发往移动节点的任何数据报。根据第4.6节的规定,可以使用代理和无偿ARP来实现此拦截。

The home agent must examine the IP Destination Address of all arriving datagrams to see if it is equal to the home address of any of its mobile nodes registered away from home. If so, the home agent tunnels the datagram to the mobile node's currently registered care-of address or addresses. If the home agent supports the optional capability of multiple simultaneous mobility bindings, it tunnels a copy to each care-of address in the mobile node's mobility binding list. If the mobile node has no current mobility bindings, the home agent MUST NOT attempt to intercept datagrams destined for the mobile node, and thus will not in general receive such datagrams. However, if the home agent is also a router handling common IP traffic, it is possible that it will receive such datagrams for forwarding onto the home network. In this case, the home agent MUST assume the mobile node is at home and simply forward the datagram directly onto the home network.

归属代理必须检查所有到达的数据报的IP目的地地址,以查看它是否等于在离家注册的任何移动节点的归属地址。如果是这样,归属代理将数据报隧道传输到移动节点当前注册的转交地址。如果归属代理支持多个同时移动绑定的可选功能,则它将一个副本隧道到移动节点的移动绑定列表中的每个转交地址。如果移动节点没有当前的移动绑定,则归属代理不得尝试截获目的地为移动节点的数据报,因此通常不会接收此类数据报。然而,如果归属代理也是处理公共IP通信的路由器,则它有可能接收这样的数据报以转发到归属网络。在这种情况下,归属代理必须假设移动节点在家中,并简单地将数据报直接转发到归属网络上。

For multihomed home agents, the source address in the outer IP header of the encapsulated datagram MUST be the address sent to the mobile node in the Home Agent field of the Registration Reply. That is, the home agent cannot use the address of some other network interface as the source address.

对于多宿家庭代理,封装数据报的外部IP报头中的源地址必须是注册回复的家庭代理字段中发送给移动节点的地址。也就是说,归属代理不能使用某些其他网络接口的地址作为源地址。

See Section 4.1 regarding methods of encapsulation that may be used for tunneling. Nodes implementing tunneling SHOULD also implement the "tunnel soft state" mechanism [14], which allows ICMP error messages returned from the tunnel to correctly be reflected back to the original senders of the tunneled datagrams.

关于隧道可能使用的封装方法,请参见第4.1节。实现隧道的节点还应实现“隧道软状态”机制[14],该机制允许从隧道返回的ICMP错误消息正确反映回隧道数据报的原始发送方。

Home agents MUST decapsulate packets addressed to themselves, sent by a mobile node for the purpose of maintaining location privacy, as described in Section 5.5. This feature is also required for support of reverse tunneling [12].

如第5.5节所述,出于维护位置隐私的目的,家庭代理必须对移动节点发送的发往自己的数据包进行解密。支持反向隧道也需要此功能[12]。

If the Lifetime for a given mobility binding expires before the home agent has received another valid Registration Request for that mobile node, then that binding is deleted from the mobility binding list. The home agent MUST NOT send any Registration Reply message simply because the mobile node's binding has expired. The entry in the visitor list of the mobile node's current foreign agent will expire naturally, probably at the same time as the binding expired at the home agent. When a mobility binding's lifetime expires, the home

如果给定移动绑定的生存期在归属代理接收到该移动节点的另一有效注册请求之前到期,则该绑定将从移动绑定列表中删除。归属代理不能仅仅因为移动节点的绑定已过期而发送任何注册回复消息。移动节点的当前外部代理的访问者列表中的条目将自然过期,可能与归属代理的绑定过期的时间相同。当移动绑定的生存期到期时,家庭

agent MUST delete the binding, but it MUST retain any other (non-expired) simultaneous mobility bindings that it holds for the mobile node.

代理必须删除绑定,但它必须保留它为移动节点保留的任何其他(未过期)同时移动绑定。

When a home agent receives a datagram, intercepted for one of its mobile nodes registered away from home, the home agent MUST examine the datagram to check if it is already encapsulated. If so, special rules apply in the forwarding of that datagram to the mobile node:

当一个归属代理接收到一个数据报,该数据报是为其在离家注册的一个移动节点截获的,归属代理必须检查该数据报以检查它是否已经被封装。如果是,则在将该数据报转发到移动节点时应用特殊规则:

o If the inner (encapsulated) Destination Address is the same as the outer Destination Address (the mobile node), then the home agent MUST also examine the outer Source Address of the encapsulated datagram (the source address of the tunnel). If this outer Source Address is the same as the mobile node's current care-of address, the home agent MUST silently discard that datagram in order to prevent a likely routing loop. If, instead, the outer Source Address is NOT the same as the mobile node's current care-of address, then the home agent SHOULD forward the datagram to the mobile node. In order to forward the datagram in this case, the home agent MAY simply alter the outer Destination Address to the care-of address, rather than re-encapsulating the datagram.

o 如果内部(封装)目标地址与外部目标地址(移动节点)相同,则归属代理还必须检查封装数据报的外部源地址(隧道的源地址)。如果该外部源地址与移动节点的当前转交地址相同,则归属代理必须悄悄地丢弃该数据报,以防止可能的路由循环。相反,如果外部源地址与移动节点的当前转交地址不同,则归属代理应将数据报转发给移动节点。为了在这种情况下转发数据报,归属代理可以简单地将外部目的地地址更改为转交地址,而不是重新封装数据报。

o Otherwise (the inner Destination Address is NOT the same as the outer Destination Address), the home agent SHOULD encapsulate the datagram again (nested encapsulation), with the new outer Destination Address set equal to the mobile node's care-of address. That is, the home agent forwards the entire datagram to the mobile node in the same way as any other datagram (encapsulated already or not).

o 否则(内部目的地地址与外部目的地地址不同),归属代理应再次封装数据报(嵌套封装),新的外部目的地地址设置等于移动节点的转交地址。也就是说,归属代理以与任何其他数据报(已封装或未封装)相同的方式将整个数据报转发到移动节点。

4.3. Broadcast Datagrams
4.3. 广播数据报

When a home agent receives a broadcast datagram, it MUST NOT forward the datagram to any mobile nodes in its mobility binding list other than those that have requested forwarding of broadcast datagrams. A mobile node MAY request forwarding of broadcast datagrams by setting the 'B' bit in its Registration Request message (Section 3.3). For each such registered mobile node, the home agent SHOULD forward received broadcast datagrams to the mobile node, although it is a matter of configuration at the home agent as to which specific categories of broadcast datagrams will be forwarded to such mobile nodes.

当归属代理接收到广播数据报时,它不得将该数据报转发给其移动绑定列表中的任何移动节点,但已请求转发广播数据报的移动节点除外。移动节点可通过在其注册请求消息中设置“B”位来请求广播数据报的转发(第3.3节)。对于每个这样注册的移动节点,归属代理应当将接收到的广播数据报转发给移动节点,尽管归属代理处关于哪些特定类别的广播数据报将被转发给这样的移动节点是配置问题。

If the 'D' bit was set in the mobile node's Registration Request message, indicating that the mobile node is using a co-located care-of address, the home agent simply tunnels appropriate broadcast IP datagrams to the mobile node's care-of address. Otherwise (the 'D' bit was NOT set), the home agent first encapsulates the broadcast

如果在移动节点的注册请求消息中设置了“D”位,指示移动节点正在使用同一位置的转交地址,则归属代理只是将适当的广播IP数据报隧道传输到移动节点的转交地址。否则(未设置“D”位),归属代理首先封装广播

datagram in a unicast datagram addressed to the mobile node's home address, and then tunnels this encapsulated datagram to the foreign agent. This extra level of encapsulation is required so that the foreign agent can determine which mobile node should receive the datagram after it is decapsulated. When received by the foreign agent, the unicast encapsulated datagram is detunneled and delivered to the mobile node in the same way as any other datagram. In either case, the mobile node must decapsulate the datagram it receives in order to recover the original broadcast datagram.

将单播数据报中的数据报发送到移动节点的主地址,然后通过隧道将此封装的数据报发送到外部代理。需要这种额外的封装级别,以便外部代理可以确定哪个移动节点应该在数据报解除封装后接收数据报。当外部代理接收到单播封装的数据报时,以与任何其他数据报相同的方式解除单播封装的数据报并将其传送到移动节点。在任何一种情况下,移动节点都必须解除其接收的数据报的封装,以便恢复原始广播数据报。

4.4. Multicast Datagram Routing
4.4. 多播数据报路由

As mentioned previously, a mobile node that is connected to its home network functions in the same way as any other (fixed) host or router. Thus, when it is at home, a mobile node functions identically to other multicast senders and receivers. This section therefore describes the behavior of a mobile node that is visiting a foreign network.

如前所述,连接到其家庭网络的移动节点以与任何其他(固定)主机或路由器相同的方式工作。因此,当移动节点在家中时,其功能与其他多播发送方和接收方相同。因此,本节描述访问外部网络的移动节点的行为。

In order to receive multicasts, a mobile node MUST join the multicast group in one of two ways. First, a mobile node MAY join the group via a (local) multicast router on the visited subnet. This option assumes that there is a multicast router present on the visited subnet. If the mobile node is using a co-located care-of address, it SHOULD use this address as the source IP address of its IGMP [6] messages. Otherwise, it MAY use its home address.

为了接收多播,移动节点必须以两种方式之一加入多播组。首先,移动节点可以通过访问子网上的(本地)多播路由器加入该组。此选项假定访问的子网上存在多播路由器。如果移动节点使用同一位置的转交地址,则应使用该地址作为其IGMP[6]消息的源IP地址。否则,它可以使用其家庭地址。

Alternatively, a mobile node that wishes to receive multicasts MAY join groups via a bidirectional tunnel to its home agent, assuming that its home agent is a multicast router. The mobile node tunnels IGMP messages to its home agent, and the home agent forwards multicast datagrams down the tunnel to the mobile node. For packets tunneled to the home agent, the source address in the IP header SHOULD be the mobile node's home address.

或者,希望接收多播的移动节点可以通过双向隧道加入到其归属代理的组,假设其归属代理是多播路由器。移动节点通过隧道将IGMP消息传送给其归属代理,归属代理通过隧道将多播数据报转发给移动节点。对于通过隧道传输到归属代理的数据包,IP报头中的源地址应该是移动节点的归属地址。

The rules for multicast datagram delivery to mobile nodes in this case are identical to those for broadcast datagrams (Section 4.3). Namely, if the mobile node is using a co-located care-of address (the 'D' bit was set in the mobile node's Registration Request), then the home agent SHOULD tunnel the datagram to this care-of address; otherwise, the home agent MUST first encapsulate the datagram in a unicast datagram addressed to the mobile node's home address and then MUST tunnel the resulting datagram (nested tunneling) to the mobile node's care-of address. For this reason, the mobile node MUST be capable of decapsulating packets sent to its home address in order to receive multicast datagrams using this method.

在这种情况下,向移动节点传送多播数据报的规则与广播数据报的规则相同(第4.3节)。即,如果移动节点正在使用同一位置的转交地址(在移动节点的注册请求中设置了“D”位),则归属代理应将数据报隧道到该转交地址;否则,归属代理必须首先将数据报封装在寻址到移动节点的归属地址的单播数据报中,然后必须将得到的数据报(嵌套隧道)隧道到移动节点的转交地址。因此,移动节点必须能够解封装发送到其家庭地址的分组,以便使用该方法接收多播数据报。

A mobile node that wishes to send datagrams to a multicast group also has two options: (1) send directly on the visited network; or (2) send via a tunnel to its home agent. Because multicast routing in general depends upon the IP source address, a mobile node that sends multicast datagrams directly on the visited network MUST use a co-located care-of address as the IP source address. Similarly, a mobile node that tunnels a multicast datagram to its home agent MUST use its home address as the IP source address of both the (inner) multicast datagram and the (outer) encapsulating datagram. This second option assumes that the home agent is a multicast router.

希望向多播组发送数据报的移动节点也有两个选项:(1)直接在访问的网络上发送;或(2)通过隧道发送给其国内代理。由于多播路由通常取决于IP源地址,因此直接在访问的网络上发送多播数据报的移动节点必须使用同一位置的转交地址作为IP源地址。类似地,将多播数据报隧道传输到其归属代理的移动节点必须使用其归属地址作为(内部)多播数据报和(外部)封装数据报的IP源地址。第二个选项假定归属代理是多播路由器。

4.5. Mobile Routers
4.5. 移动路由器

A mobile node can be a router that is responsible for the mobility of one or more entire networks moving together, perhaps on an airplane, a ship, a train, an automobile, a bicycle, or a kayak. The nodes connected to a network served by the mobile router may themselves be fixed nodes or mobile nodes or routers. In this document, such networks are called "mobile networks".

移动节点可以是路由器,负责一个或多个整体网络的移动性,这些网络可能在飞机、轮船、火车、汽车、自行车或皮划艇上一起移动。连接到由移动路由器服务的网络的节点本身可以是固定节点或移动节点或路由器。在本文件中,此类网络称为“移动网络”。

A mobile router MAY act as a foreign agent and provide a foreign agent care-of address to mobile nodes connected to the mobile network. Typical routing to a mobile node via a mobile router in this case is illustrated by the following example:

移动路由器可以充当外部代理并向连接到移动网络的移动节点提供外部代理转交地址。在这种情况下,通过移动路由器到移动节点的典型路由由以下示例说明:

a. A laptop computer is disconnected from its home network and later attached to a network port in the seat back of an aircraft. The laptop computer uses Mobile IP to register on this foreign network, using a foreign agent care-of address discovered through an Agent Advertisement from the aircraft's foreign agent.

a. 笔记本电脑与家庭网络断开连接,然后连接到飞机座椅靠背的网络端口。笔记本电脑使用移动IP在该外国网络上注册,使用通过飞机外国代理的代理广告发现的外国代理转交地址。

b. The aircraft network is itself mobile. Suppose the node serving as the foreign agent on the aircraft also serves as the default router that connects the aircraft network to the rest of the Internet. When the aircraft is at home, this router is attached to some fixed network at the airline's headquarters, which is the router's home network. While the aircraft is in flight, this router registers from time to time over its radio link with a series of foreign agents below it on the ground. This router's home agent is a node on the fixed network at the airline's headquarters.

b. 飞机网络本身是移动的。假设飞机上充当外部代理的节点也充当默认路由器,将飞机网络连接到互联网的其余部分。当飞机在家时,该路由器连接到航空公司总部的某个固定网络,该网络是路由器的家庭网络。当飞机飞行时,该路由器不时通过其无线电链路与地面上的一系列外国特工进行注册。该路由器的主代理是航空公司总部固定网络上的一个节点。

c. Some correspondent node sends a datagram to the laptop computer, addressing the datagram to the laptop's home address. This datagram is initially routed to the laptop's home network.

c. 一些通信节点向笔记本电脑发送数据报,将数据报寻址到笔记本电脑的家庭地址。该数据报最初路由到笔记本电脑的家庭网络。

d. The laptop's home agent intercepts the datagram on the home network and tunnels it to the laptop's care-of address, which in this example is an address of the node serving as the router and foreign agent on the aircraft. Normal IP routing will route the datagram to the fixed network at the airline's headquarters.

d. 笔记本电脑的家庭代理截取家庭网络上的数据报,并将其传输到笔记本电脑的转交地址,在本例中,该地址是飞机上用作路由器和外部代理的节点的地址。正常的IP路由将数据报路由到航空公司总部的固定网络。

e. The aircraft router and foreign agent's home agent there intercept the datagram and tunnel it to its current care-of address, which in this example is some foreign agent on the ground below the aircraft. The original datagram from the correspondent node has now been encapsulated twice: once by the laptop's home agent and again by the aircraft's home agent.

e. 飞机路由器和外国代理的本地代理在那里拦截数据报并将其传输到其当前转交地址,在本例中,该地址是飞机下方地面上的某个外国代理。来自通讯节点的原始数据报现在已经封装了两次:一次是由笔记本电脑的home agent封装,另一次是由飞机的home agent封装。

f. The foreign agent on the ground decapsulates the datagram, yielding a datagram still encapsulated by the laptop's home agent, with a Destination Address of the laptop's care-of address. The ground foreign agent sends the resulting datagram over its radio link to the aircraft.

f. 地面上的外国代理对数据报进行解密,生成一个仍由笔记本电脑的本地代理封装的数据报,其目标地址为笔记本电脑的转交地址。地面外部代理通过其无线电链路向飞机发送生成的数据报。

g. The foreign agent on the aircraft decapsulates the datagram, yielding the original datagram from the correspondent node, with a Destination Address of the laptop's home address. The aircraft foreign agent delivers the datagram over the aircraft network to the laptop's link-layer address.

g. 飞机上的外部代理对数据报进行解密,从对应节点生成原始数据报,目标地址为笔记本电脑的家庭地址。飞机外部代理通过飞机网络将数据报发送到笔记本电脑的链路层地址。

This example illustrates the case in which a mobile node is attached to a mobile network. That is, the mobile node is mobile with respect to the network, which itself is also mobile (here with respect to the ground). If, instead, the node is fixed with respect to the mobile network (the mobile network is the fixed node's home network), then either of two methods may be used to cause datagrams from correspondent nodes to be routed to the fixed node.

该示例说明了移动节点连接到移动网络的情况。也就是说,移动节点相对于网络是移动的,网络本身也是移动的(这里相对于地面)。相反,如果节点相对于移动网络是固定的(移动网络是固定节点的家庭网络),则可以使用两种方法中的任一种来使得来自对应节点的数据报路由到固定节点。

For the fixed node, a home agent MAY be configured to have a permanent registration that indicates the mobile router's address as the fixed host's care-of address. The mobile router's home agent will normally be used for this purpose. The home agent is then responsible for advertising connectivity using normal routing protocols to the fixed node. Any datagrams sent to the fixed node will thus use nested tunneling as described above.

对于固定节点,归属代理可被配置为具有永久注册,该永久注册指示移动路由器的地址作为固定主机的转交地址。移动路由器的归属代理通常用于此目的。然后,归属代理负责使用到固定节点的正常路由协议进行广告连接。因此,发送到固定节点的任何数据报都将使用如上所述的嵌套隧道。

Alternatively, the mobile router MAY advertise connectivity to the entire mobile network using normal IP routing protocols through a bidirectional tunnel to its own home agent. This method avoids the need for nested tunneling of datagrams.

可选地,移动路由器可以使用普通IP路由协议通过双向隧道向其自己的归属代理通告到整个移动网络的连接。这种方法避免了数据报嵌套隧道的需要。

4.6. ARP, Proxy ARP, and Gratuitous ARP
4.6. ARP、代理ARP和免费ARP

The use of ARP [16] requires special rules for correct operation when wireless or mobile nodes are involved. The requirements specified in this section apply to all home networks in which ARP is used for address resolution.

ARP[16]的使用需要特殊规则,以便在涉及无线或移动节点时正确操作。本节规定的要求适用于所有使用ARP进行地址解析的家庭网络。

In addition to the normal use of ARP for resolving a target node's link-layer address from its IP address, this document distinguishes two special uses of ARP:

除了正常使用ARP从目标节点的IP地址解析目标节点的链路层地址外,本文档还区分了ARP的两种特殊用途:

o A Proxy ARP [49] is an ARP Reply sent by one node on behalf of another node that is either unable or unwilling to answer its own ARP Requests. The sender of a Proxy ARP reverses the Sender and Target Protocol Address fields as described in [16], but supplies some configured link-layer address (generally, its own) in the Sender Hardware Address field. The node receiving the Reply will then associate this link-layer address with the IP address of the original target node, causing it to transmit future datagrams for this target node to the node with that link-layer address.

o 代理ARP[49]是一个节点代表另一个节点发送的ARP回复,该节点无法或不愿意回答自己的ARP请求。代理ARP的发送方反转发送方和目标协议地址字段,如[16]中所述,但在发送方硬件地址字段中提供一些配置的链路层地址(通常为自己的)。然后,接收回复的节点将该链路层地址与原始目标节点的IP地址相关联,从而使其将该目标节点的未来数据报发送到具有该链路层地址的节点。

o A Gratuitous ARP [45] is an ARP packet sent by a node in order to spontaneously cause other nodes to update an entry in their ARP cache. A gratuitous ARP MAY use either an ARP Request or an ARP Reply packet. In either case, the ARP Sender Protocol Address and ARP Target Protocol Address are both set to the IP address of the cache entry to be updated, and the ARP Sender Hardware Address is set to the link-layer address to which this cache entry should be updated. When using an ARP Reply packet, the Target Hardware Address is also set to the link-layer address to which this cache entry should be updated (this field is not used in an ARP Request packet).

o 免费ARP[45]是节点发送的ARP数据包,目的是自发地使其他节点更新其ARP缓存中的条目。免费的ARP可以使用ARP请求或ARP应答数据包。在任何一种情况下,ARP发送方协议地址和ARP目标协议地址都设置为要更新的缓存项的IP地址,ARP发送方硬件地址设置为该缓存项应更新到的链路层地址。使用ARP应答数据包时,目标硬件地址也设置为该缓存项应更新到的链路层地址(ARP请求数据包中不使用该字段)。

In either case, for a gratuitous ARP, the ARP packet MUST be transmitted as a local broadcast packet on the local link. As specified in [16], any node receiving any ARP packet (Request or Reply) MUST update its local ARP cache with the Sender Protocol and Hardware Addresses in the ARP packet, if the receiving node has an entry for that IP address already in its ARP cache. This requirement in the ARP protocol applies even for ARP Request packets, and for ARP Reply packets that do not match any ARP Request transmitted by the receiving node [16].

在任何一种情况下,对于免费的ARP,ARP数据包必须作为本地链路上的本地广播数据包传输。如[16]中所述,如果接收节点的ARP缓存中已经有该IP地址的条目,则接收任何ARP数据包(请求或回复)的任何节点必须使用ARP数据包中的发送方协议和硬件地址更新其本地ARP缓存。ARP协议中的这一要求甚至适用于ARP请求数据包,以及与接收节点发送的任何ARP请求不匹配的ARP应答数据包[16]。

While a mobile node is registered on a foreign network, its home agent uses proxy ARP [49] to reply to ARP Requests it receives that seek the mobile node's link-layer address. When receiving an ARP Request, the home agent MUST examine the target IP address of the Request, and if this IP address matches the home address of any

当移动节点在外部网络上注册时,其归属代理使用代理ARP[49]来回复其接收到的ARP请求,以查找移动节点的链路层地址。当收到ARP请求时,归属代理必须检查请求的目标IP地址,以及该IP地址是否与任何请求的归属地址匹配

mobile node for which it has a registered mobility binding, the home agent MUST transmit an ARP Reply on behalf of the mobile node. After exchanging the sender and target addresses in the packet [49], the home agent MUST set the sender link-layer address in the packet to the link-layer address of its own interface over which the Reply will be sent.

对于已注册移动绑定的移动节点,归属代理必须代表移动节点发送ARP应答。交换数据包[49]中的发送方和目标地址后,归属代理必须将数据包中的发送方链路层地址设置为其自身接口的链路层地址,应答将通过该接口发送。

When a mobile node leaves its home network and registers a binding on a foreign network, its home agent uses gratuitous ARP to update the ARP caches of nodes on the home network. This causes such nodes to associate the link-layer address of the home agent with the mobile node's home (IP) address. When registering a binding for a mobile node for which the home agent previously had no binding (the mobile node was assumed to be at home), the home agent MUST transmit a gratuitous ARP on behalf of the mobile node. This gratuitous ARP packet MUST be transmitted as a broadcast packet on the link on which the mobile node's home address is located. Since broadcasts on the local link (such as Ethernet) are typically not guaranteed to be reliable, the gratuitous ARP packet SHOULD be retransmitted a small number of times to increase its reliability.

当移动节点离开其家庭网络并在外部网络上注册绑定时,其家庭代理使用免费的ARP更新家庭网络上节点的ARP缓存。这使得此类节点将归属代理的链路层地址与移动节点的归属(IP)地址相关联。当注册归属代理以前没有绑定的移动节点的绑定(移动节点假定在家中)时,归属代理必须代表移动节点发送免费的ARP。这个免费的ARP数据包必须作为广播数据包在移动节点的家庭地址所在的链路上传输。由于本地链路(如以太网)上的广播通常不保证可靠,因此免费的ARP数据包应重新传输少量次以提高其可靠性。

When a mobile node returns to its home network, the mobile node and its home agent use gratuitous ARP to cause all nodes on the mobile node's home network to update their ARP caches to once again associate the mobile node's own link-layer address with the mobile node's home (IP) address. Before transmitting the (de)Registration Request message to its home agent, the mobile node MUST transmit this gratuitous ARP on its home network as a local broadcast on this link. The gratuitous ARP packet SHOULD be retransmitted a small number of times to increase its reliability, but these retransmissions SHOULD proceed in parallel with the transmission and processing of the mobile node's (de)Registration Request.

当移动节点返回其家庭网络时,移动节点及其家庭代理使用免费ARP使移动节点家庭网络上的所有节点更新其ARP缓存,以再次将移动节点自身的链路层地址与移动节点的家庭(IP)地址相关联。在将(取消)注册请求消息发送给其归属代理之前,移动节点必须在其归属网络上将此免费ARP作为本地广播在该链路上传输。免费的ARP数据包应该被重新传输少量次以增加其可靠性,但是这些重新传输应该与移动节点的(取消)注册请求的传输和处理并行进行。

When the mobile node's home agent receives and accepts this (de)Registration Request, the home agent MUST also transmit a gratuitous ARP on the mobile node's home network. This gratuitous ARP also is used to associate the mobile node's home address with the mobile node's own link-layer address. A gratuitous ARP is transmitted by both the mobile node and its home agent, since in the case of wireless network interfaces, the area within transmission range of the mobile node will likely differ from that within range of its home agent. The ARP packet from the home agent MUST be transmitted as a local broadcast on the mobile node's home link, and SHOULD be retransmitted a small number of times to increase its reliability; these retransmissions, however, SHOULD proceed in parallel with the transmission and processing of the mobile node's (de)Registration Reply.

当移动节点的归属代理接收并接受该(取消)注册请求时,归属代理还必须在移动节点的归属网络上发送免费的ARP。此免费ARP还用于将移动节点的家庭地址与移动节点自己的链路层地址相关联。免费的ARP由移动节点及其归属代理发送,因为在无线网络接口的情况下,移动节点的传输范围内的区域可能与其归属代理范围内的区域不同。来自归属代理的ARP数据包必须作为本地广播在移动节点的归属链路上传输,并且应该重新传输少量次以增加其可靠性;然而,这些重传应与移动节点的(取消)注册应答的传输和处理并行进行。

While the mobile node is away from home, it MUST NOT transmit any broadcast ARP Request or ARP Reply messages. Finally, while the mobile node is away from home, it MUST NOT reply to ARP Requests in which the target IP address is its own home address unless the ARP Request is unicast by a foreign agent with which the mobile node is attempting to register or a foreign agent with which the mobile node has an unexpired registration. In the latter case, the mobile node MUST use a unicast ARP Reply to respond to the foreign agent. Note that if the mobile node is using a co-located care-of address and receives an ARP Request in which the target IP address is this care-of address, then the mobile node SHOULD reply to this ARP Request. Note also that, when transmitting a Registration Request on a foreign network, a mobile node may discover the link-layer address of a foreign agent by storing the address as it is received from the Agent Advertisement from that foreign agent, but not by transmitting a broadcast ARP Request message.

当移动节点不在家时,它不得发送任何广播ARP请求或ARP回复消息。最后,当移动节点不在家时,其不得回复其中目标IP地址为其自己的家庭地址的ARP请求,除非ARP请求由移动节点试图注册的外部代理或移动节点具有未过期注册的外部代理单播。在后一种情况下,移动节点必须使用单播ARP应答来响应外部代理。注意,如果移动节点正在使用同一位置的转交地址并接收到目标IP地址为该转交地址的ARP请求,则移动节点应回复该ARP请求。还注意,当在外部网络上发送注册请求时,移动节点可以通过存储从该外部代理的代理广告接收到的地址而不是通过发送广播ARP请求消息来发现该外部代理的链路层地址。

The specific order in which each of the above requirements for the use of ARP, proxy ARP, and gratuitous ARP are applied, relative to the transmission and processing of the mobile node's Registration Request and Registration Reply messages when leaving home or returning home, are important to the correct operation of the protocol.

上述ARP、代理ARP和免费ARP的使用要求中的每一个的应用的具体顺序,相对于离开家或回家时移动节点的注册请求和注册回复消息的传输和处理,对于协议的正确操作是重要的。

To summarize the above requirements, when a mobile node leaves its home network, the following steps, in this order, MUST be performed:

为了总结上述要求,当移动节点离开其家庭网络时,必须按此顺序执行以下步骤:

o The mobile node decides to register away from home, perhaps because it has received an Agent Advertisement from a foreign agent and has not recently received one from its home agent.

o 移动节点决定离开家乡注册,可能是因为它已经从外地代理接收到代理广告,并且最近没有从其家乡代理接收到代理广告。

o Before transmitting the Registration Request, the mobile node disables its own future processing of any ARP Requests it may subsequently receive requesting the link-layer address corresponding to its home address, except insofar as necessary to communicate with foreign agents on visited networks.

o 在发送注册请求之前,移动节点禁用其自己未来对其随后可能接收到的任何ARP请求的处理,该ARP请求请求对应于其归属地址的链路层地址,除非在访问网络上与外部代理通信是必要的。

o The mobile node transmits its Registration Request.

o 移动节点发送其注册请求。

o When the mobile node's home agent receives and accepts the Registration Request, it performs a gratuitous ARP on behalf of the mobile node, and begins using proxy ARP to reply to ARP Requests that it receives requesting the mobile node's link-layer address. In the gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the home agent. If, instead, the home agent rejects the Registration Request, no ARP processing (neither gratuitous nor proxy) is performed by the home agent.

o 当移动节点的归属代理接收并接受注册请求时,它代表移动节点执行免费的ARP,并开始使用代理ARP来回复它接收到的请求移动节点链路层地址的ARP请求。在免费ARP中,ARP发送方硬件地址设置为归属代理的链路层地址。相反,如果归属代理拒绝注册请求,则归属代理不执行ARP处理(既不是无偿的,也不是代理)。

When a mobile node later returns to its home network, the following steps, in this order, MUST be performed:

当移动节点稍后返回其家庭网络时,必须按此顺序执行以下步骤:

o The mobile node decides to register at home, perhaps because it has received an Agent Advertisement from its home agent.

o 移动节点决定在家中注册,可能是因为它已经从其家代理接收到代理广告。

o Before transmitting the Registration Request, the mobile node re-enables its own future processing of any ARP Requests it may subsequently receive requesting its link-layer address.

o 在发送注册请求之前,移动节点重新启用其自己未来对其随后可能接收到的请求其链路层地址的任何ARP请求的处理。

o The mobile node performs a gratuitous ARP for itself. In this gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the mobile node.

o 移动节点为自己执行免费的ARP。在此免费ARP中,ARP发送方硬件地址设置为移动节点的链路层地址。

o The mobile node transmits its Registration Request.

o 移动节点发送其注册请求。

o When the mobile node's home agent receives and accepts the Registration Request, it stops using proxy ARP to reply to ARP Requests that it receives requesting the mobile node's link-layer address, and then performs a gratuitous ARP on behalf of the mobile node. In this gratuitous ARP, the ARP Sender Hardware Address is set to the link-layer address of the mobile node. If, instead, the home agent rejects the Registration Request, the home agent MUST NOT make any change to the way it performs ARP processing (neither gratuitous nor proxy) for the mobile node. In this latter case, the home agent should operate as if the mobile node has not returned home, and continue to perform proxy ARP on behalf of the mobile node.

o 当移动节点的归属代理接收并接受注册请求时,它停止使用代理ARP来回复它接收到的请求移动节点的链路层地址的ARP请求,然后代表移动节点执行免费ARP。在此免费ARP中,ARP发送方硬件地址设置为移动节点的链路层地址。相反,如果归属代理拒绝注册请求,则归属代理不得对其为移动节点执行ARP处理(既不是免费的,也不是代理)的方式进行任何更改。在后一种情况下,归属代理应该像移动节点没有返回家乡一样操作,并且继续代表移动节点执行代理ARP。

5. Security Considerations
5. 安全考虑

The mobile computing environment is potentially very different from the ordinary computing environment. In many cases, mobile computers will be connected to the network via wireless links. Such links are particularly vulnerable to passive eavesdropping, active replay attacks, and other active attacks.

移动计算环境可能与普通计算环境非常不同。在许多情况下,移动计算机将通过无线链路连接到网络。此类链接特别容易受到被动窃听、主动重放攻击和其他主动攻击。

5.1. Message Authentication Codes
5.1. 消息认证码

Home agents and mobile nodes MUST be able to perform authentication. The default algorithm is HMAC-MD5 [10], with a key size of 128 bits. The foreign agent MUST also support authentication using HMAC-MD5 and key sizes of 128 bits or greater, with manual key distribution. Keys with arbitrary binary values MUST be supported.

家庭代理和移动节点必须能够执行身份验证。默认算法是HMAC-MD5[10],密钥大小为128位。外部代理还必须支持使用HMAC-MD5和128位或更大的密钥大小以及手动密钥分发的身份验证。必须支持具有任意二进制值的键。

The "prefix+suffix" use of MD5 to protect data and a shared secret is considered vulnerable to attack by the cryptographic community. Where backward compatibility with existing Mobile IP implementations

使用MD5“前缀+后缀”来保护数据和共享机密被认为容易受到加密社区的攻击。与现有移动IP实现的向后兼容性

that use this mode is needed, new implementations SHOULD include keyed MD5 [19] as one of the additional authentication algorithms for use when producing and verifying the authentication data that is supplied with Mobile IP registration messages, for instance, in the extensions specified in Sections 3.5.2, 3.5.3, and 3.5.4.

如果需要使用这种模式,新的实现应该包括keyed MD5[19],作为额外的认证算法之一,用于生成和验证随移动IP注册消息提供的认证数据,例如,在第3.5.2节、第3.5.3节和第3.5.4节中指定的扩展中。

More authentication algorithms, algorithm modes, key distribution methods, and key sizes MAY also be supported for all of these extensions.

所有这些扩展还可能支持更多的身份验证算法、算法模式、密钥分发方法和密钥大小。

5.2. Areas of Security Concern in This Protocol
5.2. 本议定书中的安全关切领域

The registration protocol described in this document will result in a mobile node's traffic being tunneled to its care-of address. This tunneling feature could be a significant vulnerability if the registration were not authenticated. Such remote redirection, for instance, as performed by the mobile registration protocol, is widely understood to be a security problem in the current Internet if not authenticated [30]. Moreover, the Address Resolution Protocol (ARP) is not authenticated, and can potentially be used to steal another host's traffic. The use of gratuitous ARP (Section 4.6) brings with it all of the risks associated with the use of ARP.

本文档中描述的注册协议将导致移动节点的通信量通过隧道传输到其转交地址。如果注册未经过身份验证,此隧道功能可能是一个严重的漏洞。例如,这种由移动注册协议执行的远程重定向被广泛理解为当前互联网中的一个安全问题,如果没有经过身份验证[30]。此外,地址解析协议(ARP)没有经过身份验证,可能被用来窃取另一个主机的通信量。使用免费ARP(第4.6节)会带来与使用ARP相关的所有风险。

5.3. Key Management
5.3. 密钥管理

This specification requires a strong authentication mechanism (keyed MD5) that precludes many potential attacks based on the Mobile IP registration protocol. However, because key distribution is difficult in the absence of a network key management protocol, messages with the foreign agent are not all required to be authenticated. In a commercial environment it might be important to authenticate all messages between the foreign agent and the home agent, so that billing is possible and service providers do not provide service to users that are not legitimate customers of that service provider.

该规范需要一个强大的身份验证机制(密钥MD5),它可以防止基于移动IP注册协议的许多潜在攻击。然而,由于在没有网络密钥管理协议的情况下密钥分发是困难的,因此不需要对具有外部代理的消息全部进行身份验证。在商业环境中,验证外部代理和本地代理之间的所有消息可能很重要,这样就可以进行计费,并且服务提供商不会向不是该服务提供商的合法客户的用户提供服务。

5.4. Picking Good Random Numbers
5.4. 挑选好的随机数

The strength of any authentication mechanism depends on several factors, including the innate strength of the authentication algorithm, the secrecy of the key used, the strength of the key used, and the quality of the particular implementation. This specification requires implementation of keyed MD5 for authentication, but does not preclude the use of other authentication algorithms and modes. For keyed MD5 authentication to be useful, the 128-bit key must be both secret (that is, known only to authorized parties) and pseudo-random.

任何身份验证机制的强度都取决于几个因素,包括身份验证算法的固有强度、所用密钥的保密性、所用密钥的强度以及特定实现的质量。本规范要求实现密钥MD5进行身份验证,但不排除使用其他身份验证算法和模式。要使键控MD5身份验证有用,128位密钥必须是机密的(即,只有授权方知道)和伪随机的。

If nonces are used in connection with replay protection, they must also be selected carefully. RFC 4086 [8] written by Eastlake, et al. provides more information on generating pseudo-random numbers.

如果将nonce与重播保护结合使用,则还必须仔细选择它们。Eastlake等人编写的RFC 4086[8]提供了有关生成伪随机数的更多信息。

5.5. Privacy
5.5. 隐私

Users who have sensitive data that they do not wish others to see should use mechanisms outside the scope of this document (such as encryption) to provide appropriate protection. Users concerned about traffic analysis should consider appropriate use of link encryption. If absolute location privacy is desired, the mobile node can create a tunnel to its home agent. Then, datagrams destined for correspondent nodes will appear to emanate from the home network, and it may be more difficult to pinpoint the location of the mobile node. Such mechanisms are all beyond the scope of this document.

拥有不希望他人看到的敏感数据的用户应使用本文档范围之外的机制(如加密)提供适当的保护。关注流量分析的用户应考虑适当使用链路加密。如果需要绝对位置隐私,移动节点可以创建到其归属代理的隧道。然后,发送给对应节点的数据报似乎来自家庭网络,并且可能更难精确定位移动节点的位置。这些机制都超出了本文件的范围。

5.6. Ingress Filtering
5.6. 入口过滤

Many routers implement security policies such as "ingress filtering" [35] that do not allow forwarding of packets that have a Source Address that appears topologically incorrect. In environments where this is a problem, mobile nodes may use reverse tunneling [12] with the foreign agent supplied care-of address as the Source Address. Reverse-tunneled packets will be able to pass normally through such routers, while ingress filtering rules will still be able to locate the true topological source of the packet in the same way as packets from non-mobile nodes.

许多路由器实施安全策略,如“入口过滤”[35],不允许转发源地址在拓扑上不正确的数据包。在存在此问题的环境中,移动节点可以使用反向隧道[12],外部代理提供的转交地址作为源地址。反向隧道数据包将能够正常通过此类路由器,而入口过滤规则仍将能够以与来自非移动节点的数据包相同的方式定位数据包的真实拓扑源。

5.7. Replay Protection for Registration Requests
5.7. 注册请求的重播保护

The Identification field is used to let the home agent verify that a registration message has been freshly generated by the mobile node, not replayed by an attacker from some previous registration. Two methods are described in this section: timestamps (mandatory) and "nonces" (optional). All mobile nodes and home agents MUST implement timestamp-based replay protection. These nodes MAY also implement nonce-based replay protection.

标识字段用于让归属代理验证注册消息是否由移动节点新生成,而不是由攻击者从以前的某个注册中重播。本节描述了两种方法:时间戳(强制)和“nonces”(可选)。所有移动节点和归属代理都必须实现基于时间戳的重播保护。这些节点还可以实现基于nonce的重播保护。

The style of replay protection in effect between a mobile node and its home agent is part of the Mobility Security Association. A mobile node and its home agent MUST agree on which method of replay protection will be used. The interpretation of the Identification field depends on the method of replay protection as described in the subsequent subsections.

移动节点与其归属代理之间有效的重播保护类型是移动安全关联的一部分。移动节点及其归属代理必须就将使用哪种重播保护方法达成一致。识别字段的解释取决于后续小节中描述的重放保护方法。

Whatever method is used, the low-order 32 bits of the Identification field MUST be copied unchanged from the Registration Request to the Reply. The foreign agent uses those bits (and the mobile node's home

无论使用哪种方法,标识字段的低阶32位必须从注册请求复制到应答中,保持不变。外部代理使用这些位(以及移动节点的主节点)

address) to match Registration Requests with corresponding replies. The mobile node MUST verify that the low-order 32 bits of any Registration Reply are identical to the bits it sent in the Registration Request.

地址)以将注册请求与相应的答复相匹配。移动节点必须验证任何注册回复的低阶32位与它在注册请求中发送的位相同。

The Identification field in a new Registration Request MUST NOT be the same as in an immediately preceding Request, and SHOULD NOT repeat while the same security context is being used between the mobile node and the home agent. Retransmission as in Section 3.6.3 is allowed.

新注册请求中的标识字段不得与前一个请求中的标识字段相同,并且在移动节点和归属代理之间使用相同的安全上下文时不应重复。允许按照第3.6.3节的规定重新传输。

5.7.1. Replay Protection Using Timestamps
5.7.1. 使用时间戳的重播保护

The basic principle of timestamp replay protection is that the node generating a message inserts the current time of day, and the node receiving the message checks that this timestamp is sufficiently close to its own time of day. Unless specified differently in the security association between the nodes, a default value of 7 seconds MAY be used to limit the time difference. This value SHOULD be greater than 3 seconds. Obviously the two nodes must have adequately synchronized time-of-day clocks. As with any messages, time synchronization messages may be protected against tampering by an authentication mechanism determined by the security context between the two nodes.

时间戳重放保护的基本原理是,生成消息的节点插入当前时间,接收消息的节点检查该时间戳是否足够接近其自己的时间。除非在节点之间的安全关联中有不同的指定,否则可以使用默认值7秒来限制时间差。该值应大于3秒。显然,这两个节点必须具有充分同步的时钟。与任何消息一样,时间同步消息可以通过由两个节点之间的安全上下文确定的认证机制来防止篡改。

If timestamps are used, the mobile node MUST set the Identification field to a 64-bit value formatted as specified by the Network Time Protocol [11]. The low-order 32 bits of the NTP format represent fractional seconds, and those bits that are not available from a time source SHOULD be generated from a good source of randomness. Note, however, that when using timestamps, the 64-bit Identification used in a Registration Request from the mobile node MUST be greater than that used in any previous Registration Request, as the home agent uses this value as a sequence number. Without such a sequence number, it would be possible for a delayed duplicate of an earlier Registration Request to arrive at the home agent (within the clock synchronization required by the home agent), and thus be applied out of order, mistakenly altering the mobile node's current registered care-of address.

如果使用时间戳,移动节点必须将标识字段设置为64位值,该值的格式由网络时间协议指定[11]。NTP格式的低阶32位表示分数秒,时间源中不可用的那些位应该从良好的随机性源中生成。然而,注意,当使用时间戳时,来自移动节点的注册请求中使用的64位标识必须大于在任何先前的注册请求中使用的标识,因为归属代理将该值用作序列号。如果没有这样的序列号,则早期注册请求的延迟副本可能到达归属代理(在归属代理要求的时钟同步内),并且因此被无序应用,从而错误地改变移动节点的当前注册转交地址。

Upon receipt of a Registration Request with an authorization-enabling extension, the home agent MUST check the Identification field for validity. In order to be valid, the timestamp contained in the Identification field MUST be close enough to the home agent's time-of-day clock, and the timestamp MUST be greater than all previously accepted timestamps for the requesting mobile node. Time tolerances and resynchronization details are specific to a particular Mobility Security Association.

在收到具有授权启用扩展的注册请求后,国内代理必须检查标识字段的有效性。为了有效,包含在标识字段中的时间戳必须足够接近归属代理的时间时钟,并且时间戳必须大于请求移动节点的所有先前接受的时间戳。时间容差和重新同步细节特定于特定的移动安全关联。

If the timestamp is valid, the home agent copies the entire Identification field into the Registration Reply it returns to the mobile node. If the timestamp is not valid, the home agent copies only the low-order 32 bits into the Registration Reply, and supplies the high-order 32 bits from its own time of day. In this latter case, the home agent MUST reject the registration by returning Code 133 (registration Identification mismatch) in the Registration Reply.

如果时间戳有效,归属代理将整个标识字段复制到它返回给移动节点的注册回复中。如果时间戳无效,归属代理仅将低阶32位复制到注册应答中,并从其自己的时间提供高阶32位。在后一种情况下,归属代理必须通过在注册回复中返回代码133(注册标识不匹配)来拒绝注册。

As described in Section 3.6.2.1, the mobile node MUST verify that the low-order 32 bits of the Identification field in the Registration Reply are identical to those in the rejected registration attempt, before using the high-order bits for clock resynchronization.

如第3.6.2.1节所述,在使用高阶位进行时钟重新同步之前,移动节点必须验证注册应答中标识字段的低阶32位与被拒绝注册尝试中的低阶32位相同。

5.7.2. Replay Protection Using Nonces
5.7.2. 使用nonce的重放保护

The basic principle of nonce replay protection is that node A includes a new random number in every message to node B, and checks that node B returns that same number in its next message to node A. Both messages use an authentication code to protect against alteration by an attacker. At the same time, node B can send its own nonces in all messages to node A (to be echoed by node A), so that it too can verify that it is receiving fresh messages.

nonce replay保护的基本原理是,节点A在发送给节点B的每条消息中包含一个新的随机数,并检查节点B是否在发送给节点A的下一条消息中返回相同的数字。这两条消息都使用身份验证码来防止攻击者的更改。同时,节点B可以在所有消息中向节点A发送其自己的nonce(由节点A回送),以便它也可以验证它正在接收新消息。

The home agent may be expected to have resources for computing pseudo-random numbers useful as nonces [8]. It inserts a new nonce as the high-order 32 bits of the Identification field of every Registration Reply. The home agent copies the low-order 32 bits of the Identification field from the Registration Request message into the low-order 32 bits of the Identification field in the Registration Reply. When the mobile node receives an authenticated Registration Reply from the home agent, it saves the high-order 32 bits of the Identification field for use as the high-order 32 bits of its next Registration Request.

归属代理可能被期望具有用于计算可用作nonce的伪随机数的资源[8]。它插入一个新的nonce作为每个注册应答的标识字段的高阶32位。归属代理将来自注册请求消息的标识字段的低阶32位复制到注册应答中标识字段的低阶32位。当移动节点从归属代理接收经认证的注册应答时,它保存标识字段的高阶32位以用作其下一个注册请求的高阶32位。

The mobile node is responsible for generating the low-order 32 bits of the Identification field in each Registration Request. Ideally, it should generate its own random nonces. However, it may use any expedient method, including duplication of the random value sent by the home agent. The method chosen is of concern only to the mobile node, because it is the node that checks for valid values in the Registration Reply. The high-order and low-order 32 bit values of the identification chosen SHOULD both differ from their previous values. The home agent uses a new high-order value, and the mobile node uses a new low-order value for each registration message. The foreign agent uses the low-order value (and the mobile host's home address) to correctly match registration replies with pending Requests (Section 3.7.1).

移动节点负责在每个注册请求中生成标识字段的低阶32位。理想情况下,它应该生成自己的随机nonce。然而,它可以使用任何方便的方法,包括复制由归属代理发送的随机值。选择的方法仅与移动节点有关,因为它是检查注册回复中有效值的节点。所选标识的高阶和低阶32位值应与其先前的值不同。归属代理使用新的高阶值,移动节点为每个注册消息使用新的低阶值。外部代理使用低阶值(和移动主机的家庭地址)将注册回复与未决请求正确匹配(第3.7.1节)。

If a registration message is rejected because of an invalid nonce, the Reply always provides the mobile node with a new nonce to be used in the next registration. Thus, the nonce protocol is self-synchronizing.

如果注册消息由于无效的nonce而被拒绝,则应答总是向移动节点提供一个新的nonce以用于下一次注册。因此,nonce协议是自同步的。

6. IANA Considerations
6. IANA考虑

Mobile IP specifies several new number spaces for values to be used in various message fields. These number spaces include the following:

移动IP为要在各种消息字段中使用的值指定几个新的数字空间。这些数字空间包括以下内容:

o Mobile IP message types sent to UDP port 434, as defined in Section 1.8.

o 发送到UDP端口434的移动IP消息类型,如第1.8节所定义。

o types of extensions to Registration Request and Registration Reply messages (see Sections 3.3 and 3.4, and also consult [12], [43], [2], [3], and [7]).

o 注册请求和注册回复消息的扩展类型(参见第3.3节和第3.4节,也可参考[12]、[43]、[2]、[3]和[7])。

o values for the code in the Registration Reply message (see Section 3.4, and also consult [12], [43], [2], [3], and [7]).

o 注册回复消息中的代码值(参见第3.4节,也可参考[12]、[43]、[2]、[3]和[7])。

o Mobile IP defines so-called Agent Solicitation and Agent Advertisement messages. These messages are in fact Router Discovery messages [5] augmented with Mobile-IP-specific extensions. Thus, they do not define a new name space, but do define additional Router Discovery extensions as described below in Section 6.2. Also see Section 2.1, and consult [3] and [7].

o 移动IP定义了所谓的代理请求和代理广告消息。这些消息实际上是路由器发现消息[5],并通过特定于移动IP的扩展进行了扩展。因此,它们没有定义新的名称空间,而是定义了额外的路由器发现扩展,如下文第6.2节所述。另见第2.1节,并参考[3]和[7]。

There are additional Mobile IP numbering spaces specified in [3].

[3]中规定了额外的移动IP编号空间。

Information about assignment of Mobile IP numbers derived from specifications external to this document is given by IANA at http://www.iana.org/protocols. From that URL, see the "Mobile Internet Protocol (IP) Numbers" section.

IANA在以下地址提供了根据本文件外部规范获得的移动IP号码分配信息:http://www.iana.org/protocols. 从该URL,请参阅“移动互联网协议(IP)编号”部分。

In this revised specification, a new code value (for the field in the Registration Reply message) is needed within the range typically used for foreign agent messages. This error code is needed to indicate the status "Invalid Home Agent Address". See Section 3.7.2 for details.

在此修订规范中,在通常用于外部代理消息的范围内,需要一个新的代码值(用于注册回复消息中的字段)。需要此错误代码来指示状态“无效的归属代理地址”。详见第3.7.2节。

6.1. Mobile IP Message Types
6.1. 移动IP消息类型

Mobile IP messages are defined to be those that are sent to a message recipient at port 434 (UDP or TCP). The number space for Mobile IP messages is specified in Section 1.8. Approval of new extension

移动IP消息定义为发送到端口434(UDP或TCP)的消息收件人的消息。第1.8节规定了移动IP消息的数字空间。批准新的延期

numbers is subject to Expert Review, and a specification is required [22]. The currently standardized message types have the following numbers, and are specified in the indicated sections.

数字需经专家审查,并需要一份规范[22]。当前标准化的消息类型具有以下编号,并在指定的部分中指定。

     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     1     Registration Request                             3.3
     3     Registration Reply                               3.4
        
     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     1     Registration Request                             3.3
     3     Registration Reply                               3.4
        
6.2. Extensions to RFC 1256 Router Advertisement
6.2. RFC 1256路由器广告的扩展

RFC 1256 defines two ICMP message types, Router Advertisement and Router Solicitation. Mobile IP defines a number space for extensions to Router Advertisement, which could be used by protocols other than Mobile IP. The extension types currently standardized for use with Mobile IP have the following numbers.

RFC1256定义了两种ICMP消息类型,路由器公告和路由器请求。移动IP为路由器广告的扩展定义了一个数字空间,可由移动IP以外的协议使用。当前与移动IP一起使用的标准化扩展类型有以下编号。

     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     0     One-byte Padding                                 2.1.3
     16    Mobility Agent Advertisement                     2.1.1
     19    Prefix-Lengths                                   2.1.2
        
     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     0     One-byte Padding                                 2.1.3
     16    Mobility Agent Advertisement                     2.1.1
     19    Prefix-Lengths                                   2.1.2
        

Approval of new extension numbers for use with Mobile IP is subject to Expert Review, and a specification is required [22].

与移动IP一起使用的新分机号码的批准需经过专家审查,并且需要一份规范[22]。

6.3. Extensions to Mobile IP Registration Messages
6.3. 移动IP注册信息的扩展

The Mobile IP messages specified within this document and listed in Sections 1.8 and 6.1 may have extensions. Mobile IP message extensions all share the same number space, even if they are to be applied to different Mobile IP messages. The number space for Mobile IP message extensions is specified within this document. Approval of new extension numbers is subject to Expert Review, and a specification is required [22].

本文件中规定并在第1.8节和第6.1节中列出的移动IP消息可能具有扩展名。移动IP消息扩展共享相同的数字空间,即使它们将应用于不同的移动IP消息。本文档中指定了移动IP消息扩展的数字空间。新分机号的批准需经专家审查,并需要一份规范[22]。

     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     0     One-byte Padding
     32    Mobile-Home Authentication                       3.5.2
     33    Mobile-Foreign Authentication                    3.5.3
     34    Foreign-Home Authentication                      3.5.4
        
     Type  Name                                             Section
     ----  --------------------------------------------     ---------
     0     One-byte Padding
     32    Mobile-Home Authentication                       3.5.2
     33    Mobile-Foreign Authentication                    3.5.3
     34    Foreign-Home Authentication                      3.5.4
        
6.4. Code Values for Mobile IP Registration Reply Messages
6.4. 移动IP注册回复消息的代码值

The Mobile IP Registration Reply message, specified in Section 3.4, has a Code field. The number space for the Code field values is also specified in Section 3.4. The Code number space is structured according to whether the registration was successful, the foreign agent denied the Registration Request, or the home agent denied the Registration Request, as follows:

第3.4节中规定的移动IP注册回复消息具有代码字段。第3.4节还规定了代码字段值的数字空间。代码编号空间根据注册是否成功、外国代理是否拒绝注册请求或本国代理是否拒绝注册请求来构造,如下所示:

   +---------+------------------------------------------------------+
   | Code #s |                       Guideline                      |
   +---------+------------------------------------------------------+
   |   0-8   |                     Success Codes                    |
   |         |                                                      |
   |   9-63  | Allocation guidelines not specified in this document |
   |         |                                                      |
   |  64-127 |          Error Codes from the Foreign Agent          |
   |         |                                                      |
   | 128-192 |            Error Codes from the Home Agent           |
   |         |                                                      |
   | 193-200 |    Error Codes from the Gateway Foreign Agent [29]   |
   |         |                                                      |
   | 201-255 | Allocation guidelines not specified in this document |
   +---------+------------------------------------------------------+
        
   +---------+------------------------------------------------------+
   | Code #s |                       Guideline                      |
   +---------+------------------------------------------------------+
   |   0-8   |                     Success Codes                    |
   |         |                                                      |
   |   9-63  | Allocation guidelines not specified in this document |
   |         |                                                      |
   |  64-127 |          Error Codes from the Foreign Agent          |
   |         |                                                      |
   | 128-192 |            Error Codes from the Home Agent           |
   |         |                                                      |
   | 193-200 |    Error Codes from the Gateway Foreign Agent [29]   |
   |         |                                                      |
   | 201-255 | Allocation guidelines not specified in this document |
   +---------+------------------------------------------------------+
        

Approval of new code values requires Expert Review [22].

新代码值的批准需要专家审查[22]。

Table 1: Guidelines for Allocation of Code Values

表1:代码值分配指南

7. Acknowledgments
7. 致谢

Special thanks to Steve Deering (Xerox PARC), along with Dan Duchamp and John Ioannidis (JI) (Columbia University), for forming the working group, chairing it, and putting so much effort into its early development. Columbia's early Mobile IP work can be found in [37], [38], [39].

特别感谢史蒂夫·迪林(施乐PARC)、丹·杜尚(Dan Duchamp)和约翰·伊奥尼迪斯(John Ioannidis)(哥伦比亚大学)组建工作组,担任工作组主席,并为其早期发展付出了巨大努力。哥伦比亚大学早期的移动IP工作可以在[37]、[38]、[39]中找到。

Thanks also to Kannan Alaggapan, Greg Minshall, Tony Li, Jim Solomon, Erik Nordmark, Basavaraj Patil, and Phil Roberts for their contributions to the group while performing the duties of chairperson, as well as for their many useful comments.

还要感谢Kannan Alaggapan、Greg Minshall、Tony Li、Jim Solomon、Erik Nordmark、Basavaraj Patil和Phil Roberts在履行主席职责时对小组的贡献,以及他们的许多有用意见。

Thanks to the active members of the Mobile IP Working Group, particularly those who contributed text, including (in alphabetical order)

感谢移动IP工作组的积极成员,特别是那些提供文本的成员,包括(按字母顺序排列)

Ran Atkinson (Naval Research Lab) Samita Chakrabarti (Sun Microsystems) Ken Imboden (Candlestick Networks, Inc.) Dave Johnson (Carnegie Mellon University) Frank Kastenholz (FTP Software) Anders Klemets (KTH) Chip Maguire (KTH) Alison Mankin (ISI) Andrew Myles (Macquarie University) Thomas Narten (IBM) Al Quirt (Bell Northern Research) Yakov Rekhter (IBM) Fumio Teraoka (Sony) Alper Yegin (NTT DoCoMo)

阿特金森(海军研究实验室)萨米塔·查克拉巴蒂(太阳微系统公司)肯·因博登(烛台网络公司)戴夫·约翰逊(卡内基梅隆大学)弗兰克·卡斯滕霍尔兹(FTP软件)安德斯·克莱梅茨(KTH)芯片马奎尔(KTH)艾莉森·曼金(ISI)安德鲁·迈尔斯(麦格理大学)托马斯·纳腾(IBM)阿尔·奎特(贝尔北方研究院)雅科夫·雷克特(IBM)Teraoka(索尼)阿尔珀·耶金(NTT DoCoMo)

Thanks to Charlie Kunzinger and to Bill Simpson, the editors who produced the first drafts of this document, reflecting the discussions of the working group. Much of the new text in the later revisions preceding RFC 2002 is due to Jim Solomon and Dave Johnson.

感谢查理·昆辛格(Charlie Kunzinger)和比尔·辛普森(Bill Simpson),这两位编辑编写了本文件的初稿,反映了工作组的讨论情况。RFC 2002之前的后期修订版中的大部分新文本都是由Jim Solomon和Dave Johnson编写的。

Thanks to Greg Minshall (Novell), Phil Karn (Qualcomm), Frank Kastenholz (FTP Software), and Pat Calhoun (Sun Microsystems) for their generous support in hosting interim working group meetings.

感谢Greg Minshall(Novell)、Phil Karn(高通公司)、Frank Kastenholz(FTP软件)和Pat Calhoun(Sun Microsystems)在主持临时工作组会议方面给予的慷慨支持。

Sections 1.10 and 1.11, which specify new extension formats to be used with aggregatable extension types, were included from a specification document (entitled "Mobile IP Extensions Rationalization (MIER)", which was written by

第1.10节和第1.11节规定了与可聚合扩展类型一起使用的新扩展格式,该节包含在一份规范文件中(标题为“移动IP扩展合理化(MIER)”,该文件由

Mohamed Khalil (Nortel Networks) Raja Narayanan (nVisible Networks) Haseeb Akhtar (Nortel Networks) Emad Qaddoura (Nortel Networks)

Mohamed Khalil(北电网络)Raja Narayanan(nVisible Networks)Haseeb Akhtar(北电网络)Emad Qaddoura(北电网络)

Thanks to these authors, and also for the additional work on MIER, which was contributed by Basavaraj Patil, Pat Calhoun, Neil Justusson, N. Asokan, and Jouni Malinen.

感谢这些作者,也感谢巴萨瓦拉吉·帕蒂尔、帕特·卡尔霍恩、尼尔·贾斯图森、N.阿育冈和朱尼·马利南对MIER的额外工作。

Thanks to Vijay Devarapalli, who put in many hours to convert the source for this text document into XML format.

多亏了Vijay Devarapalli,他花了很多时间将这个文本文档的源代码转换成XML格式。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[1] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[2] Calhoun, P. and C. Perkins, "Mobile IP Network Access Identifier Extension for IPv4", RFC 2794, March 2000.

[2] Calhoun,P.和C.Perkins,“IPv4移动IP网络访问标识符扩展”,RFC 27942000年3月。

[3] Perkins, C., Calhoun, P., and J. Bharatia, "Mobile IPv4 Challenge/Response Extensions (Revised)", RFC 4721, January 2007.

[3] Perkins,C.,Calhoun,P.,和J.Bharatia,“移动IPv4挑战/响应扩展(修订版)”,RFC 47212007年1月。

[4] Cong, D., Hamlen, M., and C. Perkins, "The Definitions of Managed Objects for IP Mobility Support using SMIv2", RFC 2006, October 1996.

[4] Cong,D.,Hamlen,M.,和C.Perkins,“使用SMIv2的IP移动性支持的托管对象定义”,RFC 2006,1996年10月。

[5] Deering, S., Ed., "ICMP Router Discovery Messages", RFC 1256, September 1991.

[5] Deering,S.,编辑,“ICMP路由器发现消息”,RFC 1256,1991年9月。

[6] Deering, S., "Host extensions for IP multicasting", STD 5, RFC 1112, August 1989.

[6] Deering,S.,“IP多播的主机扩展”,STD 5,RFC 1112,1989年8月。

[7] Dommety, G. and K. Leung, "Mobile IP Vendor/Organization-Specific Extensions", RFC 3115, April 2001.

[7] Dommety,G.和K.Leung,“移动IP供应商/特定于组织的扩展”,RFC3115,2001年4月。

[8] Eastlake 3rd, D., Schiller, J., and S. Crocker, "Randomness Requirements for Security", BCP 106, RFC 4086, June 2005.

[8] Eastlake 3rd,D.,Schiller,J.和S.Crocker,“安全的随机性要求”,BCP 106,RFC 4086,2005年6月。

[9] Kent, S., "IP Authentication Header", RFC 4302, December 2005.

[9] Kent,S.,“IP认证头”,RFC 4302,2005年12月。

[10] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[10] Krawczyk,H.,Bellare,M.和R.Canetti,“HMAC:用于消息身份验证的键控哈希”,RFC 2104,1997年2月。

[11] Mills, D., Martin, J., Ed., Burbank, J., and W. Kasch, "Network Time Protocol Version 4: Protocol and Algorithms Specification", RFC 5905, June 2010.

[11] Mills,D.,Martin,J.,Ed.,Burbank,J.,和W.Kasch,“网络时间协议版本4:协议和算法规范”,RFC 59052010年6月。

[12] Montenegro, G., Ed., "Reverse Tunneling for Mobile IP, revised", RFC 3024, January 2001.

[12] 黑山,G.,编辑,“移动IP反向隧道,修订版”,RFC 3024,2001年1月。

[13] Farinacci, D., Li, T., Hanks, S., Meyer, D., and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 2784, March 2000.

[13] Farinaci,D.,Li,T.,Hanks,S.,Meyer,D.,和P.Traina,“通用路由封装(GRE)”,RFC 27842000年3月。

[14] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.

[14] Perkins,C.,“IP内的IP封装”,RFC 2003,1996年10月。

[15] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October 1996.

[15] Perkins,C.,“IP内的最小封装”,RFC 2004,1996年10月。

[16] Plummer, D., "Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware", STD 37, RFC 826, November 1982.

[16] Plummer,D.,“以太网地址解析协议:或将网络协议地址转换为48位以太网地址,以便在以太网硬件上传输”,STD 37,RFC 826,1982年11月。

[17] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.

[17] Postel,J.,“用户数据报协议”,STD 6,RFC 768,1980年8月。

[18] Postel, J., "Internet Protocol", STD 5, RFC 791, September 1981.

[18] Postel,J.,“互联网协议”,STD 5,RFC 7911981年9月。

[19] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[19] Rivest,R.,“MD5消息摘要算法”,RFC1321,1992年4月。

[20] Solomon, J., "Applicability Statement for IP Mobility Support", RFC 2005, October 1996.

[20] Solomon,J.,“IP移动性支持的适用性声明”,RFC 2005,1996年10月。

[21] Perkins, C., Ed., "IP Mobility Support for IPv4", RFC 3344, August 2002.

[21] Perkins,C.,编辑,“IPv4的IP移动支持”,RFC 3344,2002年8月。

[22] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008.

[22] Narten,T.和H.Alvestrand,“在RFCs中编写IANA注意事项部分的指南”,BCP 26,RFC 5226,2008年5月。

8.2. Informative References
8.2. 资料性引用

[23] Solomon, J. and S. Glass, "Mobile-IPv4 Configuration Option for PPP IPCP", RFC 2290, February 1998.

[23] Solomon,J.和S.Glass,“PPP IPCP的移动IPv4配置选项”,RFC 2290,1998年2月。

[24] Montenegro, G., Dawkins, S., Kojo, M., Magret, V., and N. Vaidya, "Long Thin Networks", RFC 2757, January 2000.

[24] 黑山,G.,道金斯,S.,科乔,M.,马格里特,V.,和N.瓦迪亚,“长细网络”,RFC 2757,2000年1月。

[25] Allman, M., Glover, D., and L. Sanchez, "Enhancing TCP Over Satellite Channels using Standard Mechanisms", BCP 28, RFC 2488, January 1999.

[25] Allman,M.,Glover,D.,和L.Sanchez,“使用标准机制增强卫星信道上的TCP”,BCP 28,RFC 2488,1999年1月。

[26] Paxson, V. and M. Allman, "Computing TCP's Retransmission Timer", RFC 2988, November 2000.

[26] Paxson,V.和M.Allman,“计算TCP的重传计时器”,RFC 2988,2000年11月。

[27] Levkowetz, H. and S. Vaarala, "Mobile IP Traversal of Network Address Translation (NAT) Devices", RFC 3519, April 2003.

[27] Levkowetz,H.和S.Vaarala,“网络地址转换(NAT)设备的移动IP遍历”,RFC 3519,2003年4月。

[28] Glass, S. and M. Chandra, "Registration Revocation in Mobile IPv4", RFC 3543, August 2003.

[28] Glass,S.和M.Chandra,“移动IPv4中的注册撤销”,RFC 3543,2003年8月。

[29] Fogelstroem, E., Jonsson, A., and C. Perkins, "Mobile IPv4 Regional Registration", RFC 4857, June 2007.

[29] Fogelstroem,E.,Jonsson,A.,和C.Perkins,“移动IPv4区域注册”,RFC 4857,2007年6月。

[30] Bellovin, S., "Security Problems in the TCP/IP Protocol Suite", ACM Computer Communications Review, 19(2), March 1989.

[30] Bellovin,S.,“TCP/IP协议套件中的安全问题”,ACM计算机通信评论,19(2),1989年3月。

[31] Border, J., Kojo, M., Griner, J., Montenegro, G., and Z. Shelby, "Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations", RFC 3135, June 2001.

[31] Border,J.,Kojo,M.,Griner,J.,黑山,G.,和Z.Shelby,“旨在缓解链路相关降级的性能增强代理”,RFC 31352001年6月。

[32] Caceres, R. and L. Iftode, "Improving the Performance of Reliable Transport Protocols in Mobile Computing Environments", IEEE Journal on Selected Areas in Communication, 13(5):850-857, June 1995.

[32] Caceres,R.和L.Iftode,“提高移动计算环境中可靠传输协议的性能”,IEEE通信选定领域杂志,13(5):850-857,1995年6月。

[33] Dawkins, S., Montenegro, G., Kojo, M., Magret, V., and N. Vaidya, "End-to-end Performance Implications of Links with Errors", BCP 50, RFC 3155, August 2001.

[33] Dawkins,S.,黑山,G.,Kojo,M.,Magret,V.,和N.Vaidya,“有错误链接的端到端性能影响”,BCP 50,RFC 3155,2001年8月。

[34] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131, March 1997.

[34] Droms,R.,“动态主机配置协议”,RFC 2131,1997年3月。

[35] Ferguson, P. and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing", BCP 38, RFC 2827, May 2000.

[35] Ferguson,P.和D.Senie,“网络入口过滤:击败利用IP源地址欺骗的拒绝服务攻击”,BCP 38,RFC 2827,2000年5月。

[36] Jacobson, V., "Compressing TCP/IP Headers for Low-Speed Serial Links", RFC 1144, February 1990.

[36] Jacobson,V.,“压缩低速串行链路的TCP/IP报头”,RFC 1144,1990年2月。

[37] Ioannidis, J., Duchamp, D., and G. Maguire, "IP-Based Protocols for Mobile Internetworking", In Proceedings of the SIGCOMM '01 Conference: Communications Architectures and Protocols, pages 235-245, September 1991.

[37] Ioannidis,J.,Duchamp,D.,和G.Maguire,“基于IP的移动互联网协议”,载于SIGCOMM'01会议记录:通信架构和协议,第235-245页,1991年9月。

[38] Ioannidis, J. and G. Maguire, "The Design and Implementation of a Mobile Internetworking Architecture", In Proceedings of the Winter USENIX Technical Conference, pages 489-500, January 1993.

[38] Ioannidis,J.和G.Maguire,“移动互联网体系结构的设计和实现”,《冬季USENIX技术会议记录》,第489-500页,1993年1月。

[39] Ioannidis, J., "Protocols for Mobile Internetworking", PhD Dissertation - Columbia University in the City of New York, July 1993.

[39] Ioannidis,J.,“移动互联网协议”,博士论文-纽约市哥伦比亚大学,1993年7月。

[40] Jacobson, V., "Congestion Avoidance and Control", In Proceedings of the SIGCOMM '88 Workshop, ACM SIGCOMM, ACM Press, pages 314-329, August 1998.

[40] Jacobson,V.,“拥塞避免和控制”,载于SIGCOM88研讨会论文集,ACM SIGCOMM,ACM出版社,第314-329页,1998年8月。

[41] McCloghrie, K. and F. Kastenholz, "The Interfaces Group MIB", RFC 2863, June 2000.

[41] McCloghrie,K.和F.Kastenholz,“接口组MIB”,RFC 28632000年6月。

[42] McGregor, G., "The PPP Internet Protocol Control Protocol (IPCP)", RFC 1332, May 1992.

[42] McGregor,G.“PPP互联网协议控制协议(IPCP)”,RFC 1332,1992年5月。

[43] Montenegro, G. and V. Gupta, "Sun's SKIP Firewall Traversal for Mobile IP", RFC 2356, June 1998.

[43] 黑山,G.和V.Gupta,“Sun的移动IP跳过防火墙穿越”,RFC 2356,1998年6月。

[44] Perkins, C., Ed., "IP Mobility Support", RFC 2002, October 1996.

[44] Perkins,C.,编辑,“IP移动支持”,RFC 2002,1996年10月。

[45] Stevens, R., "TCP/IP Illustrated, Volume 1: The Protocols", Addison-Wesley, Reading, Massachusetts, 1994.

[45] Stevens,R.,“TCP/IP图解,第1卷:协议”,Addison Wesley,雷丁,马萨诸塞州,1994年。

[46] Perkins, C. and P. Calhoun, "Authentication, Authorization, and Accounting (AAA) Registration Keys for Mobile IPv4", RFC 3957, March 2005.

[46] Perkins,C.和P.Calhoun,“移动IPv4的身份验证、授权和计费(AAA)注册密钥”,RFC 3957,2005年3月。

[47] Simpson, W., Ed., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994.

[47] 辛普森,W.,编辑,“点对点协议(PPP)”,STD 51,RFC 1661994年7月。

[48] IANA, "Mobile IPv4 Numbers", http://www.iana.org.

[48] IANA,“移动IPv4号码”,http://www.iana.org.

[49] Postel, J., "Multi-LAN address resolution", RFC 925, October 1984.

[49] Postel,J.,“多局域网地址解析”,RFC 925,1984年10月。

[50] Perkins, C., Ed., "IP Mobility Support for IPv4", RFC 3220, January 2002.

[50] Perkins,C.,编辑,“IPv4的IP移动支持”,RFC3220,2002年1月。

Appendix A. Link-Layer Considerations
附录A.链路层注意事项

The mobile node MAY use link-layer mechanisms to decide that its point of attachment has changed. Such indications include the Down/ Testing/Up interface status [41], and changes in cell or administration. The mechanisms will be specific to the particular link-layer technology, and are outside the scope of this document.

移动节点可以使用链路层机制来确定其连接点已经改变。此类指示包括下降/测试/上升接口状态[41],以及电池或管理的变化。这些机制将特定于特定的链路层技术,不在本文档的范围内。

The Point-to-Point-Protocol (PPP) [47] and its Internet Protocol Control Protocol (IPCP) [42] negotiate the use of IP addresses.

点对点协议(PPP)[47]及其互联网协议控制协议(IPCP)[42]协商IP地址的使用。

The mobile node SHOULD first attempt to specify its home address, so that if the mobile node is attaching to its home network, the unrouted link will function correctly. When the home address is not accepted by the peer, but a transient IP address is dynamically assigned to the mobile node, and the mobile node is capable of supporting a co-located care-of address, the mobile node MAY register that address as a co-located care-of address. When the peer specifies its own IP address, that address MUST NOT be assumed to be a foreign agent care-of address or the IP address of a home agent. PPP extensions for Mobile IP have been specified in RFC 2290 [23]. Please consult that document for additional details for how to handle care-of address assignment from PPP in a more efficient manner.

移动节点应首先尝试指定其家庭地址,以便在移动节点连接到其家庭网络时,未路由的链路将正常工作。当对等方不接受归属地址,但是动态地将瞬时IP地址分配给移动节点,并且移动节点能够支持同一位置的转交地址时,移动节点可以将该地址注册为同一位置的转交地址。当对等方指定其自己的IP地址时,该地址不得假定为外部代理转交地址或本地代理的IP地址。RFC 2290[23]中规定了移动IP的PPP扩展。有关如何以更有效的方式处理PPP转交地址分配的更多详细信息,请参阅该文件。

Appendix B. TCP Considerations
附录B.TCP注意事项
B.1. TCP Timers
B.1. TCP定时器

When high-delay (e.g., SATCOM) or low-bandwidth (e.g., High-Frequency Radio) links are in use, some TCP stacks may have insufficiently adaptive (non-standard) retransmission timeouts. There may be spurious retransmission timeouts, even when the link and network are actually operating properly, but just with a high delay because of the medium in use. This can cause an inability to create or maintain TCP connections over such links, and can also cause unneeded retransmissions that consume already scarce bandwidth. Vendors are encouraged to follow the algorithms in RFC 2988 [26] when implementing TCP retransmission timers. Vendors of systems designed for low-bandwidth, high-delay links should consult RFCs 2757 and 2488 [24], [25]. Designers of applications targeted to operate on mobile nodes should be sensitive to the possibility of timer-related difficulties.

当使用高延迟(例如,卫星通信)或低带宽(例如,高频无线电)链路时,一些TCP堆栈可能具有不充分自适应(非标准)的重传超时。即使链路和网络实际运行正常,也可能会出现虚假的重新传输超时,但由于使用的介质,延迟很高。这可能导致无法在此类链路上创建或维护TCP连接,也可能导致不必要的重新传输,从而消耗已经很稀少的带宽。鼓励供应商在实施TCP重传计时器时遵循RFC 2988[26]中的算法。为低带宽、高延迟链路设计的系统供应商应咨询RFCs 2757和2488[24],[25]。针对在移动节点上运行的应用程序的设计者应该对计时器相关困难的可能性保持敏感。

B.2. TCP Congestion Management
B.2. TCP拥塞管理

Mobile nodes often use media that are more likely to introduce errors, effectively causing more packets to be dropped. This introduces a conflict with the mechanisms for congestion management found in modern versions of TCP [40]. Now, when a packet is dropped, the correspondent node's TCP implementation is likely to react as if there were a source of network congestion, and initiate the slow-start mechanisms [40] designed for controlling that problem. However, those mechanisms are inappropriate for overcoming errors introduced by the links themselves, and have the effect of magnifying the discontinuity introduced by the dropped packet. This problem has been analyzed by Caceres, et al. [32]. TCP approaches to the problem of handling errors that might interfere with congestion management are discussed in documents from the PILC working group [31] [33]. While such approaches are beyond the scope of this document, they illustrate that providing performance transparency to mobile nodes involves understanding mechanisms outside the network layer. Problems introduced by higher media error rates also indicate the need to avoid designs that systematically drop packets; such designs might otherwise be considered favorably when making engineering tradeoffs.

移动节点通常使用更容易引入错误的媒体,从而有效地导致更多数据包被丢弃。这与现代TCP版本中的拥塞管理机制产生了冲突[40]。现在,当一个数据包被丢弃时,对应节点的TCP实现可能会做出反应,就好像存在网络拥塞源一样,并启动设计用于控制该问题的慢启动机制[40]。然而,这些机制不适合克服链路本身引入的错误,并且具有放大丢包引入的不连续性的效果。Caceres等人对这个问题进行了分析[32]。PILC工作组的文件[31][33]讨论了处理可能干扰拥塞管理的错误的TCP方法。虽然这些方法超出了本文档的范围,但它们说明了为移动节点提供性能透明性需要理解网络层之外的机制。较高的媒体错误率带来的问题也表明需要避免系统性丢弃数据包的设计;在进行工程权衡时,此类设计可能会被认为是有利的。

Appendix C. Example Scenarios
附录C.情景示例

This section shows example Registration Requests for several common scenarios.

本节显示了几个常见场景的注册请求示例。

C.1. Registering with a Foreign Agent Care-of Address
C.1. 在外国代理人转交地址注册

The mobile node receives an Agent Advertisement from a foreign agent and wishes to register with that agent using the advertised foreign agent care-of address. The mobile node wishes only IP-in-IP encapsulation, does not want broadcasts, and does not want simultaneous mobility bindings:

移动节点从外部代理接收代理广告,并希望使用广告的外部代理转交地址向该代理注册。移动节点只希望IP封装中的IP,不希望广播,也不希望同时移动绑定:

        IP fields:
          Source Address = mobile node's home address
          Destination Address = copied from the IP source address of the
            Agent Advertisement
          Time to Live = 1
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=0,D=0,M=0,G=0
          Lifetime = the Registration Lifetime copied from the
            Mobility Agent Advertisement Extension of the
            Router Advertisement message
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = the Care-of Address copied from the
            Mobility Agent Advertisement Extension of the
            Router Advertisement message
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          An authorization-enabling extension (e.g., the Mobile-Home
            Authentication Extension)
        
        IP fields:
          Source Address = mobile node's home address
          Destination Address = copied from the IP source address of the
            Agent Advertisement
          Time to Live = 1
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=0,D=0,M=0,G=0
          Lifetime = the Registration Lifetime copied from the
            Mobility Agent Advertisement Extension of the
            Router Advertisement message
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = the Care-of Address copied from the
            Mobility Agent Advertisement Extension of the
            Router Advertisement message
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          An authorization-enabling extension (e.g., the Mobile-Home
            Authentication Extension)
        
C.2. Registering with a Co-Located Care-of Address
C.2. 在同一地点的转交地址登记

The mobile node enters a foreign network that contains no foreign agents. The mobile node obtains an address from a DHCP server [34] for use as a co-located care-of address. The mobile node supports all forms of encapsulation (IP-in-IP, minimal encapsulation, and GRE), desires a copy of broadcast datagrams on the home network, and does not want simultaneous mobility bindings:

移动节点进入不包含外部代理的外部网络。移动节点从DHCP服务器[34]获取地址以用作共同定位的转交地址。移动节点支持所有形式的封装(IP-in-IP、最小封装和GRE),希望在家庭网络上获得广播数据报的副本,并且不希望同时进行移动绑定:

        IP fields:
          Source Address = care-of address obtained from DHCP server
          Destination Address = IP address of home agent
          Time to Live = 64
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=1,D=1,M=1,G=1
          Lifetime = 1800 (seconds)
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = care-of address obtained from DHCP server
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          The Mobile-Home Authentication Extension
        
        IP fields:
          Source Address = care-of address obtained from DHCP server
          Destination Address = IP address of home agent
          Time to Live = 64
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=1,D=1,M=1,G=1
          Lifetime = 1800 (seconds)
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = care-of address obtained from DHCP server
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          The Mobile-Home Authentication Extension
        
C.3. Deregistration
C.3. 注销

The mobile node returns home and wishes to deregister all care-of addresses with its home agent:

移动节点返回家乡并希望向其家乡代理注销所有转交地址:

        IP fields:
          Source Address = mobile node's home address
          Destination Address = IP address of home agent
          Time to Live = 1
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=0,D=0,M=0,G=0
          Lifetime = 0
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = the mobile node's home address
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          An authorization-enabling extension (e.g., the Mobile-Home
            Authentication Extension)
        
        IP fields:
          Source Address = mobile node's home address
          Destination Address = IP address of home agent
          Time to Live = 1
        UDP fields:
          Source Port = <any>
          Destination Port = 434
        Registration Request fields:
          Type = 1
          S=0,B=0,D=0,M=0,G=0
          Lifetime = 0
          Home Address = the mobile node's home address
          Home Agent = IP address of mobile node's home agent
          Care-of Address = the mobile node's home address
          Identification = Network Time Protocol timestamp or Nonce
        Extensions:
          An authorization-enabling extension (e.g., the Mobile-Home
            Authentication Extension)
        
Appendix D. Applicability of Prefix-Lengths Extension
附录D.前缀长度扩展的适用性

Caution is indicated with the use of the Prefix-Lengths Extension over wireless links, due to the irregular coverage areas provided by wireless transmitters. As a result, it is possible that two foreign agents advertising the same prefix might indeed provide different connectivity to prospective mobile nodes. The Prefix-Lengths Extension SHOULD NOT be included in the advertisements sent by agents in such a configuration.

由于无线发射机提供的覆盖区域不规则,因此在无线链路上使用前缀长度扩展时应注意。因此,两个广告相同前缀的外国代理可能确实为潜在的移动节点提供不同的连接。在这种配置中,代理发送的播发中不应包括前缀长度扩展。

Foreign agents using different wireless interfaces would have to cooperate using special protocols to provide identical coverage in space, and thus be able to claim to have wireless interfaces situated on the same subnetwork. In the case of wired interfaces, a mobile node disconnecting and subsequently connecting to a new point of attachment may well send in a new Registration Request no matter whether the new advertisement is on the same medium as the last recorded advertisement. And, finally, in areas with dense populations of foreign agents it would seem unwise to require the propagation via routing protocols of the subnet prefixes associated with each individual wireless foreign agent; such a strategy could lead to quick depletion of available space for routing tables,

使用不同无线接口的外国代理必须使用特殊协议进行合作,以提供相同的空间覆盖,从而能够声称无线接口位于同一子网络上。在有线接口的情况下,移动节点断开并随后连接到新的连接点很可能发送新的注册请求,而不管新的广告是否与最后记录的广告在同一介质上。最后,在外来代理人口密集的地区,要求通过与每个单独的无线外来代理相关联的子网前缀的路由协议进行传播似乎是不明智的;这种策略可能会导致路由表可用空间的快速消耗,

unwarranted increases in the time required for processing routing updates, and longer decision times for route selection if routes (which are almost always unnecessary) are stored for wireless "subnets".

如果为无线“子网”存储了路由(几乎总是不必要的),则处理路由更新所需的时间会不必要地增加,路由选择的决策时间也会延长。

Appendix E. Interoperability Considerations
附录E.互操作性注意事项

This document specifies revisions to RFC 2002 that are intended to improve interoperability by resolving ambiguities contained in the earlier text. Implementations that perform authentication according to the new more precisely specified algorithm would be interoperable with earlier implementations that did what was originally expected for producing authentication data. That was a major source of non-interoperability before.

本文件规定了对RFC 2002的修订,旨在通过解决先前文本中的歧义来提高互操作性。根据新的更精确的指定算法执行身份验证的实现可以与早期实现进行互操作,早期实现完成了最初用于生成身份验证数据的预期。这是以前互操作性不强的一个主要原因。

However, this specification does have new features that, if used, would cause interoperability problems with older implementations. All features specified in RFC 2002 will work with the new implementations, except for V-J compression [36]. The following list details some of the possible areas of compatibility problems that may be experienced by nodes conforming to this revised specification, when attempting to interoperate with nodes obeying RFC 2002.

然而,该规范确实有一些新特性,如果使用这些特性,将导致与旧实现的互操作性问题。RFC 2002中指定的所有功能都将与新的实现一起使用,除了V-J压缩[36]。以下列表详细说明了符合本修订规范的节点在尝试与遵守RFC 2002的节点进行互操作时可能遇到的一些兼容性问题。

o A client that expects some of the newly mandatory features (like reverse tunneling) from a foreign agent (FA) would still be interoperable as long as it pays attention to the 'T' bit.

o 如果客户端希望从外部代理(FA)获得一些新的强制性功能(如反向隧道),那么只要它注意到“T”位,就仍然可以进行互操作。

o Mobile nodes (MNs) that use the NAI extension to identify themselves would not work with old mobility agents.

o 使用NAI扩展来标识自己的移动节点(MN)将无法与旧的移动代理一起工作。

o Mobile nodes that use a zero home address and expect to receive their home address in the Registration Reply would not work with old mobility agents.

o 使用零家庭地址并期望在注册回复中接收其家庭地址的移动节点将无法与旧的移动代理一起工作。

o Mobile nodes that attempt to authenticate themselves without using the Mobile-Home authentication extension will be unable to successfully register with their home agent.

o 尝试在不使用移动家庭身份验证扩展的情况下对自己进行身份验证的移动节点将无法成功地向其家庭代理注册。

In all of these cases, a robust and well-configured mobile node is very likely to be able to recover if it takes reasonable actions upon receipt of a Registration Reply with an error code indicating the cause for rejection. For instance, if a mobile node sends a Registration Request that is rejected because it contains the wrong kind of authentication extension, then the mobile node could retry the registration with a mobile-home authentication extension, since the foreign agent and/or home agent in this case will not be configured to demand the alternative authentication data.

在所有这些情况下,如果一个健壮且配置良好的移动节点在收到带有指示拒绝原因的错误代码的注册回复后采取合理的措施,那么它很可能能够恢复。例如,如果移动节点发送的注册请求因包含错误类型的身份验证扩展而被拒绝,则移动节点可以使用移动家庭身份验证扩展重试注册,因为在这种情况下,外部代理和/或本地代理将不会配置为要求替代身份验证数据。

Appendix F. Changes since RFC 3344
附录F.自RFC 3344以来的变化

The following revisions to details of the specification in this document were made after RFC 3344 was published. A list of changes from RFC 2002 made during the development of RFC 3344 [21] may be found in the latter document. For items marked with issue numbers, more information is available by consulting the MIP4 mailing list archives.

RFC 3344发布后,对本文件中的规范细节进行了以下修订。在RFC 3344[21]的开发过程中,对RFC 2002所做的变更列表可在后一份文件中找到。对于标有发行号的项目,可通过查阅MIP4邮件列表档案获取更多信息。

o Showed more bit definitions in the Agent Advertisement message structure (see Section 2.1.1). New advertisement bits have been defined by other specification documents, but not reflected in previous publications of this specification; this has led to confusion. Citations for the other specification documents have also been included.

o 在代理广告消息结构中显示了更多位定义(见第2.1.1节)。新的广告位已由其他规范文件定义,但未反映在本规范以前的出版物中;这导致了混乱。其他规范文件的引用也包括在内。

o (Issue 6) The behavior of the home agent was changed to avoid mandating error replies to Registration Requests that were invalidated because the foreign agent failed authentication. The intention is to make the home agent more robust against Denial of Service attacks in which the malicious device has no intention of providing a valid Registration Request but only wants to congest traffic on the home network. See Section 3.8.2.1.

o (问题6)更改了归属代理的行为,以避免强制对注册请求进行错误回复,这些注册请求因外部代理身份验证失败而无效。其目的是使归属代理对拒绝服务攻击更具鲁棒性,在拒绝服务攻击中,恶意设备无意提供有效的注册请求,而只想阻塞归属网络上的流量。见第3.8.2.1节。

o Due to non-unique assignment of IPv4 addresses in many domains, it is possible for different mobile nodes to have the same home address. If they use the NAI, the foreign agent can still distinguish them. Language was added to Section 3.7.1 and Section 3.7.3.1 to specify that the foreign agent MUST use the NAI to distinguish mobile nodes with the same home address.

o 由于许多域中IPv4地址的分配不唯一,不同的移动节点可能具有相同的家庭地址。如果他们使用NAI,外国特工仍然可以识别他们。第3.7.1节和第3.7.3.1节增加了语言,以规定外国代理必须使用NAI来区分具有相同家庭地址的移动节点。

o (Issue 45) Specified that a foreign agent MUST NOT apply a Foreign-Home Authentication extension to a mobile node's deregistration request. Also, the foreign agent MUST NOT apply a Foreign-Home Authentication extension unless the Care-of Address in the Registration Request matches an address advertised by the foreign agent.

o (问题45)规定外部代理不得对移动节点的注销请求应用外部归属身份验证扩展。此外,除非注册请求中的转交地址与外国代理公布的地址匹配,否则外国代理不得应用外国家庭身份验证扩展。

o Specified that the Mobility Security Association to be used by the foreign agent and home agent depends upon values contained in the message data, not the IP headers.

o 指定由外部代理和归属代理使用的移动安全关联取决于消息数据中包含的值,而不是IP头。

o (Issues 9, 18) Created a new error code for use by the foreign agent, for the case when the foreign agent does not serve the mobile node as a home agent. Formerly, the foreign agent could use an error Code of 136 for this case.

o (问题9、18)创建了一个新的错误代码,供外部代理在外部代理不作为归属代理服务于移动节点的情况下使用。以前,外国代理可以在这种情况下使用错误代码136。

o (Issue 17) Specified that, if the home agent cannot support the requested nonzero unicast address in the Home Address field of the Registration Request, then it MUST reject the registration with an error Code of 129. See Section 3.8.3.2.

o (问题17)规定,如果归属代理无法在注册请求的归属地址字段中支持请求的非零单播地址,则它必须拒绝注册,错误代码为129。见第3.8.3.2节。

o (Issue 19) Specified that multiple authorization-enabling extensions may be present in the Registration Request message, but that the home agent has to (somehow) ensure that all have been checked (see Section 3.8.3.1).

o (第19期)规定,注册请求消息中可能存在多个授权启用扩展,但归属代理必须(以某种方式)确保所有扩展都已检查(见第3.8.3.1节)。

o (Issue 20) Specified that the foreign agent SHOULD NOT modify any of the fields of the Registration Reply message that are covered by the Mobile-Home Authentication Extension, when it relays the packet to the mobile node.

o (问题20)规定,当外部代理将数据包中继到移动节点时,不应修改移动归属认证扩展所涵盖的注册回复消息的任何字段。

o (Issue 21) Clarified that the foreign agent removes extensions that do not precede any authorization-enabling extension, not just the Mobile-Home Authentication extension (Section 3.7.3.2).

o (第21期)澄清,外国代理删除了不在任何授权启用扩展之前的扩展,而不仅仅是移动家庭认证扩展(第3.7.3.2节)。

o (Issue 44) Specified that the address advertised by the foreign agent in Agent Advertisements is the care-of address offered on that network interface, not necessarily the address of the network interface (Section 3.7.2.2).

o (第44版)规定,外国代理在代理广告中公布的地址是该网络接口上提供的转交地址,不一定是网络接口的地址(第3.7.2.2节)。

o (Issue 45) Clarification in Section 3.7.2.1 that Code 77 can only apply to a Registration Request with nonzero Lifetime.

o (问题45)第3.7.2.1节中的澄清,代码77仅适用于非零生存期的注册请求。

o Created a new error code for use when a foreign agent can detect that the Home Agent address field is incorrect.

o 创建了一个新的错误代码,供外部代理检测到“归属代理地址”字段不正确时使用。

o Prohibited the use of the Foreign-Home Authorization Extension on deregistration messages.

o 禁止在注销消息上使用“外国家庭授权扩展”。

o Cleaned up some more wording having to do with authorization-enabling extensions.

o 清理了更多与授权支持扩展有关的措辞。

o For consistency, changed some wording about copying UDP ports.

o 为保持一致性,更改了有关复制UDP端口的一些措辞。

o Added wording to clearly not disallow dynamically configuring netmask and security information at the mobile node.

o 添加了明确不允许在移动节点上动态配置网络掩码和安全信息的措辞。

o Revamped Changes section.

o 修改了更改部分。

o Updated citations.

o 更新引文。

Appendix G. Example Messages

附录G.示例信息

G.1. Example ICMP Agent Advertisement Message Format
G.1. 示例ICMP代理广告消息格式
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Code      |           Checksum            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Num Addrs   |Addr Entry Size|           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Router Address[1]                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Preference Level[1]                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Router Address[2]                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Preference Level[2]                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        ....                                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 16   |     Length    |      Sequence Number          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Registration Lifetime      |R|B|H|F|M|G|r|T|U|X|I|reserved |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Care-of Address[1]                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Care-of Address[2]                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         ....                                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :                     Optional  Extensions                      :
    :   ....                ......                      ......      :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type      |     Code      |           Checksum            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Num Addrs   |Addr Entry Size|           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Router Address[1]                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Preference Level[1]                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                       Router Address[2]                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                      Preference Level[2]                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        ....                                   |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 16   |     Length    |      Sequence Number          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |    Registration Lifetime      |R|B|H|F|M|G|r|T|U|X|I|reserved |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Care-of Address[1]                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                     Care-of Address[2]                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         ....                                  |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :                     Optional  Extensions                      :
    :   ....                ......                      ......      :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
G.2. Example Registration Request Message Format
G.2. 注册请求消息格式示例

The UDP header is followed by the Mobile IP fields shown below:

UDP标头后面是移动IP字段,如下所示:

     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type = 1  |S|B|D|M|G|r|T|x|          Lifetime             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Care-of Address                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Optional Non-Auth Extensions for HA ...        |
    |                     ( variable length )                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 32   |      Length   |           SPI                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          SPI (cont.)          |                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
    :         MN-HA Authenticator ( variable length )               :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :           Optional  Non-Auth Extensions for FA .........
    :           Optional  MN-FA  Authentication Extension...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |     Type = 1  |S|B|D|M|G|r|T|x|          Lifetime             |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                        Care-of Address                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                Optional Non-Auth Extensions for HA ...        |
    |                     ( variable length )                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 32   |      Length   |           SPI                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          SPI (cont.)          |                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
    :         MN-HA Authenticator ( variable length )               :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :           Optional  Non-Auth Extensions for FA .........
    :           Optional  MN-FA  Authentication Extension...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
G.3. Example Registration Reply Message Format
G.3. 注册回复消息格式示例

The UDP header is followed by the Mobile IP fields shown below:

UDP标头后面是移动IP字段,如下所示:

     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 3    |     Code      |           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                 Optional  HA  Non-Auth Extensions ...         |
    |                     ( variable length )                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 32   |      Length   |           SPI                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          SPI (cont.)          |                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
    :         MN-HA Authenticator ( variable length )               :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :           Optional  Extensions used by FA.........
    :           Optional  MN-FA Authentication Extension...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 3    |     Code      |           Lifetime            |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                          Home Address                         |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Home Agent                          |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                                                               |
    +                         Identification                        +
    |                                                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                 Optional  HA  Non-Auth Extensions ...         |
    |                     ( variable length )                       |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |   Type = 32   |      Length   |           SPI                 |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |          SPI (cont.)          |                               |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
    :         MN-HA Authenticator ( variable length )               :
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    :           Optional  Extensions used by FA.........
    :           Optional  MN-FA Authentication Extension...
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
        

Author's Address

作者地址

Charles E. Perkins (editor) WiChorus Inc. 3590 N. 1st Street, Suite 300 San Jose, CA 95134 USA

Charles E.Perkins(编辑)WiChorus Inc.美国加利福尼亚州圣何塞市第一大街北3590号300室,邮编95134

   EMail: charliep@computer.org
        
   EMail: charliep@computer.org