Thomas Kunz
Systems and Computer Engineering
29
Mobile IP with Reverse Tunneling
nRouter accept often only “topological correct“ addresses
(firewall!)
–a packet
from the MN encapsulated by the FA is now topological correct
–furthermore
multicast and TTL problems solved (TTL in the home network correct, but MN is too far away from the
receiver)
nReverse tunneling does not solve
–problems
with firewalls, the reverse tunnel can be abused to circumvent security mechanisms (tunnel hijacking)
–optimization
of data paths, i.e. packets will be forwarded through the tunnel via the HA to a sender (double triangular
routing)
nThe standard is backwards compatible
–the
extensions can be implemented easily and cooperate with current implementations without these extensions
–Agent
Advertisements can carry requests for reverse tunneling