HA_2_2_3 - Receiving invalid BU (unauthorization)
Router
NUT
|
--------+-------+-------+------- Link0
| |
R0 MN0
|
--------+-------+------- Link0X
|
MN0X
Link0 global 3ffe:501:ffff:100::/64 home link Link0X global 3ffe:501:ffff:1100::/64 foreign link R0 (Link0) global 3ffe:501:ffff:100::a0a0 ether 00:00:00:00:a0:a0 MN0 global 3ffe:501:ffff:100:200:ff:fe00:a2a2 home address MN0X global 3ffe:501:ffff:1100:200:ff:fe00:a2a2 care-of address
Check Link0 routing tableNUT (Link0) MN0X | | | <---- | Echo Request | ----> | Echo Reply | |
1. MN0X sends Echo Request 2. MN0X receives Echo Reply
Check home registrationNUT (Link0) MN0X | | | <---- | BU (A=1, lifetime=0x0010) | --X | no response (*1) | |
1. MN0X sends BU packet format is: IPv6 header (source = care-of address, destination = home agent) Destination Options header Home Address option (home address) Mobility header Binding Update Alternate Care-of Address option (care-of address) 2. no response (*1)Check BCENUT (Link0) MN0X | | | <---- | Echo Request w/ HaO | ----> | BE (*2) | |
1. MN0X sends Echo Request w/ HaO 2. MN0X receives BE (*2)
(*1) PASS: no response
(*2) PASS: MN0X receives BE
packet format is:
Binding_Error_message_from_HA_to_MN.gif
When a node receives a Binding Update, it MUST validate it and determine the type of Binding Update according to the steps described in Section 9.5.1. Furthermore, it MUST authenticate the Binding Update as described in Section 5.1. An authorization step specific for the home agent is also needed to ensure that only the right node can control a particular home address. This is provided through the home address unequivocally identifying the security association that must be used.