HA_2_2_6 - Receiving invalid BU (unauthorization)
Router
MN1X
|
--------+-------+------- Link1X
|
R1
|
--------+-------+--------------- Link1
|
NUT
|
--------+---------------+------- Link0
|
MN0
Link0 global 3ffe:501:ffff:100::/64 home link Link1 global 3ffe:501:ffff:101::/64 foreign link Link1X global 3ffe:501:ffff:1101::/64 foreign link R1 (Link1) global 3ffe:501:ffff:101::a1a1 ether 00:00:00:00:a1:a1 MN0 global 3ffe:501:ffff:100:200:ff:fe00:a2a2 home address MN1X global 3ffe:501:ffff:1101:200:ff:fe00:a2a2 care-of address
Check Link1 routing tableNUT (Link0) MN1X | | | <---- | Echo Request | ----> | Echo Reply | |
1. MN1X sends Echo Request 2. MN1X receives Echo Reply
Check home registrationNUT (Link0) MN1X | | | <---- | BU (A=1, lifetime=0x0010) | --X | no response (*1) | |
1. MN1X sends BU packet format is: IPv6 header (source = care-of address, destination = home agent) Destination Options header Home Address option (home address) Mobility header Binding Update Alternate Care-of Address option (care-of address) 2. no response (*1)Check BCENUT (Link0) MN1X | | | <---- | Echo Request w/ HaO | ----> | BE (*2) | |
1. MN1X sends Echo Request w/ HaO 2. MN1X receives BE (*2)
(*1) PASS: no response
(*2) PASS: MN1X receives BE
packet format is:
Binding_Error_message_from_HA_to_MN.gif
When a node receives a Binding Update, it MUST validate it and determine the type of Binding Update according to the steps described in Section 9.5.1. Furthermore, it MUST authenticate the Binding Update as described in Section 5.1. An authorization step specific for the home agent is also needed to ensure that only the right node can control a particular home address. This is provided through the home address unequivocally identifying the security association that must be used.