1mip6d.conf(5) Mobile IPv6 and NEMO Daemon Configuration mip6d.conf(5)
2
3
4
6 mip6d.conf - MIPL Mobile IPv6 and NEMO Configuration file
7
9 /etc/mip6d.conf
10
11
13 MIPL Mobile IPv6 and NEMO daemon's configuration file
14
15 Below is a list of currently supported configuration options. All con‐
16 figuration lines are terminated with a semicolon. Sub-sections are
17 enclosed in '{' and '}'. Strings are quoted with double quotes.
18
19
21 The file contains the following common definitions:
22
23 NodeConfig CN | HA | MN;
24
25 Indicates if the daemon should run in Correspondent Node, Home
26 Agent or Mobile Node mode.
27
28 Default: CN
29
30
31 DebugLevel number;
32
33 Indicates the debug level of the daemon. If the value is
34 greater than zero, the daemon will not detach from tty (i.e.
35 debug messages will be printed on the controlling tty).
36
37 Default: 0
38
39
40 DoRouteOptimizationCN boolean;
41
42 Indicates if a node should participate in route optimization
43 with a Mobile Node.
44
45 Default: enabled
46
47
48 NonVolatileBindingCache boolean;
49
50 This option is currently ignored. Binding cache is always
51 stored in volatile memory, and is not retained between shutdown
52 and startup.
53
54
56 These options are used both in the Home Agent and Mobile Node:
57
58 Interface name;
59
60 Interface name {
61 MnIfPreference number;
62 IfType CN | HA | MN;
63 }
64
65 Specifies an interface and options associated with it. If no
66 options are present, Interface can be terminated with semi-
67 colon. This is used for home agent to specify which interfaces
68 are used for HA operation. For the home agent to function prop‐
69 erly, a Router Advertisement daemon (e.g. radvd) must broadcast
70 advertisements with the Home Agent bit and Home Agent Informa‐
71 tion Option set on these interfaces. This option is also used
72 by multihomed Mobile Nodes to define which interfaces are used
73 by it.
74
75 MnIfPreference sets the interface preference value for an inter‐
76 face in a multi-homed Mobile Node. The most preferred intefaces
77 have preference 1, the second most preferred have 2, etc. A
78 preference of zero means the interface will not be used.
79
80 Default: 5
81
82 IfType overrides the default node behavior for this interface.
83 If a MN doesn't wish to use this inteface for mobility, or a
84 node doesn't act as HA on this interface, the interface type
85 should be set to CN.
86
87 Default: same as NodeConfig
88
89
90
91 UseMnHaIPsec boolean;
92
93 Indicates if the MN-HA MIPv6 signalling should be protected with
94 IPsec.
95
96 Default: enabled
97
98
99 KeyMngMobCapability boolean;
100
101 If dynamic keying with MIPv6-aware IKE is used, this options
102 should be enabled. It turns on the K-bit for binding updates
103 and binding acknowledgements.
104
105 Default: disabled
106
107
108 IPsecPolicySet {
109 HomeAgentAddress address;
110 HomeAddress address/length;
111 IPsecPolicy ...
112 ...
113 }
114
115 IPsecPolicySet is a set of policies to apply for matching pack‐
116 ets. A policy set can contain multiple HomeAddress options, but
117 only one HomeAgentAddress option. For home agent, home agent
118 address field contains its own address, and home address fields
119 may contain any number of mobile nodes for which the same policy
120 applies.
121
122 IPsecPolicy has the following format:
123
124
125 IPsecPolicy type UseESPnumber number;
126
127 Field type can be one of HomeRegBinding, Mh, MobPfxDisc, ICMP,
128 any, TunnelMh, TunnelHomeTesting, or TunnelPayload. The any
129 option protects all transport mode communication between the MN
130 and HA. Currently only the ESP IPsec protocol is supported, but
131 in the future AH and IPComp might also be available. The two
132 remaining numeric fields are the IPsec reqid values, the first
133 one used for MN - HA, the second one for HA - MN communication.
134 If just one value is defined, the same reqid will be used in
135 both directions. If no reqid is given, reqid will not be used.
136
137 If more that one IPsec transport mode or tunnel mode policy is
138 defined between the MN and HA in each direction, reqid can be
139 used to provide an unambiguous one-to-one mapping between IPsec
140 policies and SAs. Otherwise the policies will just share a com‐
141 mon SA.
142
143
145 The following definitions are ignored unless the node is configured as
146 a HA:
147
148
149 HaMaxBindingLife number;
150
151 Limits the maximum lifetime (in seconds) for Mobile Node home
152 registrations.
153
154 Default: 262140
155
156
157 SendMobPfxAdvs boolean;
158
159 Controls whether home agent sends Mobile Prefix Advertisements
160 to mobile nodes in foreign networks.
161
162
163 SendUnsolMobPfxAdvs boolean;
164
165 Controls whether home agent send unsolicited Mobile Prefix
166 Advertisements to mobile nodes in foreign networks.
167
168
169 MinMobPfxAdvInterval number;
170
171 Sets a minimum interval (in seconds) for Mobile Prefix Adver‐
172 tisements.
173
174 Default: 600
175
176
177 MaxMobPfxAdvInterval number;
178
179 Sets a maximum interval (in seconds) for Mobile Prefix Adver‐
180 tisements.
181
182 Default: 86400
183
184
185 HaAcceptMobRtr enabled | disabled
186
187 Indicates if the HA accepts Mobile Router bindings.
188
189 Default: disabled;
190
191
192 HaServedPrefix prefix/length;
193
194 Prefix is an IPv6 prefix and length is the prefix length.
195 Defines the whole aggregated or extended prefix the HA serves.
196 This option is only used for MR bindings and is only needed if
197 the MRs derive their Home Addresses from their Mobile Network
198 Prefixes, instead of one of the home link prefixes.
199
200
201 BindingAclPolicy address MNP list allow | deny
202
203 Defines if a MN is allowed to register with the HA or not. The
204 home address of the MN is given in the address field. The
205 mobile network prefixes belonging a NEMO Mobile Router are
206 listed in the MNP list. The list can either be an empty string
207 or a comma separated list of network prefixes enclosed in
208 braces, for example: (3ffe:2620:6:3::/64, 3ffe:2620:6:4::/64)
209
210
211 DefaultBindingAclPolicy allow | deny
212
213 Defines the default policy if no matching BindingAclPolicy entry
214 is found for a MN.
215
216 Default: allow
217
218
220 The following definitions are ignored unless the node is configured as
221 a MN:
222
223
224 MnMaxHaBindingLife number;
225
226 Limits the maximum lifetime (in seconds) for Mobile Node home
227 registrations.
228
229 Default: 262140
230
231
232 MnMaxCnBindingLife number;
233
234 Limits the maximum lifetime (in seconds) for Mobile Node Corre‐
235 spondent Node registrations.
236
237 Default: 420
238
239
240 MnDiscardHaParamProb boolean;
241
242 Toggles if the Mobile Node should discard ICMPv6 Parameter Prob‐
243 lem messages from its Home Agent. As the ICMPv6 error messages
244 won't normally be protected by IPsec, a malicious third party
245 can quite easily impersonate the HA to the MN. Having the MN
246 accept these messages therefore leaves it open to Denial of Ser‐
247 vice attacks, even though its home registration signalling is
248 protected by IPsec.
249
250 Default: disabled
251
252
253 SendMobPfxSols boolean;
254
255 Controls whether mobile node sends Mobile Prefix Solicitations
256 to the home network.
257
258
259 DoRouteOptimizationMN boolean;
260
261 Indicates if the Mobile Node should initialize route optimiza‐
262 tion with Corresponent Nodes.
263
264 Default: enabled
265
266
267 MnUseAllInterfaces enabled | disabled
268
269 Indicates if all interfaces should be used for mobility. The
270 preference of these interfaces is always 1. Unless you use
271 dynamically created and named network interfaces you should nor‐
272 mally disable this option and use Interface options to explic‐
273 itly list the used interfaces.
274
275 Default: disabled
276
277
278 MobRtrUseExplicitMode enabled | disabled
279
280 Toggles between explicit or implicit mode home registrations in
281 the MR.
282
283 Default: enabled
284
285
286 UseCnBuAck boolean;
287
288 Indicates if the Acknowledge bit should be set in Binding
289 Updates sent to Corresponent Nodes.
290
291 Default: disabled
292
293
294 MnRouterProbes number;
295
296 Indicates how many times the MN should send Neighbor Unreacha‐
297 bility Detection probes to its old router after receiving a
298 Router Advertisement from a new one. If the option is set to
299 zero, the MN will move to the new router straight away.
300
301 Default: 0
302
303
304 MnRouterProbeTimeout decimal;
305
306 Indicates how long (in seconds) the MN should wait for a reply
307 during a access router Neighbor Unreachability Detection probe.
308 If set, it overrides any default Neighbor Solicitation Retrans‐
309 mit Timer value greater than MnRouterProbeTimeout. For example,
310 if the interface Retransmit Timer is 1 second, but MnRouterPro‐
311 beTimeout is just 0.2 seconds, the MN will only wait 0.2 seconds
312 for a Neighbor Advertisement before proceeding with the handoff.
313
314 Default: 0
315
316
317 OptimisticHandoff enabled | disabled
318
319 When a Mobile Node sends a Binding Update to the Home Agent, no
320 Route Optimized or reverse tunneled traffic is sent until a
321 Binding Acknowledgement is received. When enabled, this option
322 allows the Mobile Node to assume that the binding was successful
323 right after the BU has been sent, and does not wait for a posi‐
324 tive acknowledgement before using RO or reverse tunneling.
325
326 Default: disabled;
327
328
329 MnHomeLink name {
330 HomeAddress address/length MNP list;
331 HomeAgentAddress address;
332 MnRoPolicy ...
333 ...
334 }
335
336 Each MnHomeLink definition has a name. This is the name
337 (enclosed in double quotes) of the interface used for connecting
338 to the physical home link. To set up multiple Home Addresses on
339 the Mobile Node, you need to define multiple MnHomeLink struc‐
340 tures. The interface names don't have to be unique in these
341 definitions. All the home link specific definitions are
342 detailed below:
343
344
345 HomeAddress address/length MNP list;
346
347 Address is an IPv6 address, and length the prefix length of the
348 address, usually 64. The MNP list contains the mobile network
349 prefixes belonging to that particular NEMO Mobile Router. The
350 MNP list is of the same format as in BindingAclPolicy. This
351 option must be included in a home link definition.
352
353
354 HomeAgentAddress address;
355
356 Address is the IPv6 address of the Mobile Node's Home Agent.
357 DHAAD is used if it is the unspecified address ::.
358
359 Default: ::
360
361
362 IsMobRtr enabled | disabled
363
364 Defines if the MN is a NEMO MR.
365
366 Default: disabled
367
368
369 The route optimization policies are of the form:
370
371
372 MnRoPolicy address boolean;
373
374 Any number of these policies may be defined. If no policies are
375 defined default behavior depends on the DoRouteOptimizationMN
376 option.
377
378 The fields for a route optimization policy entry are as follows:
379 address defines the Correspondent Node this policy applies to,
380 if left undefined the uspecified address is used as a wildcard
381 value boolean sets route optimization either enabled or disabled
382 for packets matching this entry.
383
384
386 A NEMO Home Agent example:
387
388 NodeConfig HA;
389
390 Interface "eth0";
391
392 HaAcceptMobRtr enabled;
393
394 HaServedPrefix 3ffe:2620:6::/48;
395
396 DefaultBindingAclPolicy deny;
397 BindingAclPolicy 3ffe:2620:6:1::1234 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64) allow;
398 BindingAclPolicy 3ffe:2620:6:1::1235 allow;
399
400 UseMnHaIPsec disabled;
401
402
403 A NEMO Mobile Router example:
404
405 NodeConfig MN;
406
407 DoRouteOptimizationCN disabled;
408 DoRouteOptimizationMN disabled;
409
410 Interface "eth0";
411
412 MnRouterProbes 1;
413
414 MobRtrUseExplicitMode enabled;
415
416 MnHomeLink "eth0" {
417 IsMobRtr enabled;
418 HomeAgentAddress 3ffe:2620:6:1::1;
419 HomeAddress 3ffe:2620:6:1::1234/64 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64);
420 }
421
422 UseMnHaIPsec disabled;
423
424
425 A Correspondent Node example:
426
427 NodeConfig CN;
428
429 DoRouteOptimizationCN enabled;
430
431
432 A Home Agent example:
433
434 NodeConfig HA;
435
436 Interface "eth0";
437 Interface "eth1";
438
439 UseMnHaIPsec enabled;
440
441 IPsecPolicySet {
442 HomeAgentAddress 3ffe:2620:6:1::1;
443
444 HomeAddress 3ffe:2620:6:1::1234/64;
445 HomeAddress 3ffe:2620:6:1::1235/64;
446
447 IPsecPolicy HomeRegBinding UseESP;
448 IPsecPolicy TunnelMh UseESP;
449 }
450
451
452 A Mobile Node example:
453
454 NodeConfig MN;
455
456 DoRouteOptimizationCN enabled;
457
458 DoRouteOptimizationMN enabled;
459
460 UseCnBuAck enabled;
461
462 MnHomeLink "eth0" {
463 HomeAgentAddress 3ffe:2620:6:1::1;
464 HomeAddress 3ffe:2620:6:1::1234/64;
465
466 # address opt.
467 #MnRoPolicy 3ffe:2060:6:1::3 enabled;
468 #MnRoPolicy disabled;
469 }
470
471 UseMnHaIPsec enabled;
472
473 IPsecPolicySet {
474 HomeAgentAddress 3ffe:2620:6:1::1;
475 HomeAddress 3ffe:2620:6:1::1234/64;
476
477 IPsecPolicy HomeRegBinding UseESP;
478 IPsecPolicy TunnelMh UseESP;
479 }
480
481
483 mip6d(1), mipv6(7),
484
485 RFC3775: Mobility Support in IPv6,
486
487 RFC3776: Using IPsec to Protect Mobile IPv6 Signaling Between Mobile
488 Nodes and Home Agents
489
490
491
492 January 31, 2006 mip6d.conf(5)