1mip6d.conf(5) Mobile IPv6 and NEMO Daemon Configuration mip6d.conf(5)
2
6 mip6d.conf - MIPL Mobile IPv6 and NEMO Configuration file
7
9 /etc/mip6d.conf
10
13 MIPL Mobile IPv6 and NEMO daemon's configuration file
14 Below is a list of currently supported configuration options. All con‐
16 figuration lines are terminated with a semicolon. Sub-sections are
17 enclosed in '{' and '}'. Strings are quoted with double quotes.
18
21 The file contains the following common definitions:
22 NodeConfig CN | HA | MN;
24 Indicates if the daemon should run in Correspondent Node, Home
26 Agent or Mobile Node mode.
27 Default: CN
29 DebugLevel number;
32 Indicates the debug level of the daemon. If the value is
34 greater than zero, the daemon will not detach from tty (i.e.
35 debug messages will be printed on the controlling tty).
36 Default: 0
38 DoRouteOptimizationCN boolean;
41 Indicates if a node should participate in route optimization
43 with a Mobile Node.
44 Default: enabled
46 NonVolatileBindingCache boolean;
49 This option is currently ignored. Binding cache is always
51 stored in volatile memory, and is not retained between shutdown
52 and startup.
53
56 These options are used both in the Home Agent and Mobile Node:
57 Interface name;
59 Interface name {
61 MnIfPreference number;
62 IfType CN | HA | MN;
63 }
64 Specifies an interface and options associated with it. If no
66 options are present, Interface can be terminated with semi-
67 colon. This is used for home agent to specify which interfaces
68 are used for HA operation. For the home agent to function prop‐
69 erly, a Router Advertisement daemon (e.g. radvd) must broadcast
70 advertisements with the Home Agent bit and Home Agent Informa‐
71 tion Option set on these interfaces. This option is also used
72 by multihomed Mobile Nodes to define which interfaces are used
73 by it.
74 MnIfPreference sets the interface preference value for an inter‐
76 face in a multi-homed Mobile Node. The most preferred intefaces
77 have preference 1, the second most preferred have 2, etc. A
78 preference of zero means the interface will not be used.
79 Default: 5
81 IfType overrides the default node behavior for this interface.
83 If a MN doesn't wish to use this inteface for mobility, or a
84 node doesn't act as HA on this interface, the interface type
85 should be set to CN.
86 Default: same as NodeConfig
88 UseMnHaIPsec boolean;
92 Indicates if the MN-HA MIPv6 signalling should be protected with
94 IPsec.
95 Default: enabled
97 KeyMngMobCapability boolean;
100 If dynamic keying with MIPv6-aware IKE is used, this options
102 should be enabled. It turns on the K-bit for binding updates
103 and binding acknowledgements.
104 Default: disabled
106 IPsecPolicySet {
109 HomeAgentAddress address;
110 HomeAddress address/length;
111 IPsecPolicy ...
112 ...
113 }
114 IPsecPolicySet is a set of policies to apply for matching pack‐
116 ets. A policy set can contain multiple HomeAddress options, but
117 only one HomeAgentAddress option. For home agent, home agent
118 address field contains its own address, and home address fields
119 may contain any number of mobile nodes for which the same policy
120 applies.
121 IPsecPolicy has the following format:
123 IPsecPolicy type UseESPnumber number;
126 Field type can be one of HomeRegBinding, Mh, MobPfxDisc, ICMP,
128 any, TunnelMh, TunnelHomeTesting, or TunnelPayload. The any
129 option protects all transport mode communication between the MN
130 and HA. Currently only the ESP IPsec protocol is supported, but
131 in the future AH and IPComp might also be available. The two
132 remaining numeric fields are the IPsec reqid values, the first
133 one used for MN - HA, the second one for HA - MN communication.
134 If just one value is defined, the same reqid will be used in
135 both directions. If no reqid is given, reqid will not be used.
136 If more that one IPsec transport mode or tunnel mode policy is
138 defined between the MN and HA in each direction, reqid can be
139 used to provide an unambiguous one-to-one mapping between IPsec
140 policies and SAs. Otherwise the policies will just share a com‐
141 mon SA.
142
145 The following definitions are ignored unless the node is configured as
146 a HA:
147 HaMaxBindingLife number;
150 Limits the maximum lifetime (in seconds) for Mobile Node home
152 registrations.
153 Default: 262140
155 SendMobPfxAdvs boolean;
158 Controls whether home agent sends Mobile Prefix Advertisements
160 to mobile nodes in foreign networks.
161 SendUnsolMobPfxAdvs boolean;
164 Controls whether home agent send unsolicited Mobile Prefix
166 Advertisements to mobile nodes in foreign networks.
167 MinMobPfxAdvInterval number;
170 Sets a minimum interval (in seconds) for Mobile Prefix Adver‐
172 tisements.
173 Default: 600
175 MaxMobPfxAdvInterval number;
178 Sets a maximum interval (in seconds) for Mobile Prefix Adver‐
180 tisements.
181 Default: 86400
183 HaAcceptMobRtr enabled | disabled
186 Indicates if the HA accepts Mobile Router bindings.
188 Default: disabled;
190 HaServedPrefix prefix/length;
193 Prefix is an IPv6 prefix and length is the prefix length.
195 Defines the whole aggregated or extended prefix the HA serves.
196 This option is only used for MR bindings and is only needed if
197 the MRs derive their Home Addresses from their Mobile Network
198 Prefixes, instead of one of the home link prefixes.
199 BindingAclPolicy address MNP list allow | deny
202 Defines if a MN is allowed to register with the HA or not. The
204 home address of the MN is given in the address field. The
205 mobile network prefixes belonging a NEMO Mobile Router are
206 listed in the MNP list. The list can either be an empty string
207 or a comma separated list of network prefixes enclosed in
208 braces, for example: (3ffe:2620:6:3::/64, 3ffe:2620:6:4::/64)
209 DefaultBindingAclPolicy allow | deny
212 Defines the default policy if no matching BindingAclPolicy entry
214 is found for a MN.
215 Default: allow
217
220 The following definitions are ignored unless the node is configured as
221 a MN:
222 MnMaxHaBindingLife number;
225 Limits the maximum lifetime (in seconds) for Mobile Node home
227 registrations.
228 Default: 262140
230 MnMaxCnBindingLife number;
233 Limits the maximum lifetime (in seconds) for Mobile Node Corre‐
235 spondent Node registrations.
236 Default: 420
238 MnDiscardHaParamProb boolean;
241 Toggles if the Mobile Node should discard ICMPv6 Parameter Prob‐
243 lem messages from its Home Agent. As the ICMPv6 error messages
244 won't normally be protected by IPsec, a malicious third party
245 can quite easily impersonate the HA to the MN. Having the MN
246 accept these messages therefore leaves it open to Denial of Ser‐
247 vice attacks, even though its home registration signalling is
248 protected by IPsec.
249 Default: disabled
251 SendMobPfxSols boolean;
254 Controls whether mobile node sends Mobile Prefix Solicitations
256 to the home network.
257 DoRouteOptimizationMN boolean;
260 Indicates if the Mobile Node should initialize route optimiza‐
262 tion with Corresponent Nodes.
263 Default: enabled
265 MnUseAllInterfaces enabled | disabled
268 Indicates if all interfaces should be used for mobility. The
270 preference of these interfaces is always 1. Unless you use
271 dynamically created and named network interfaces you should nor‐
272 mally disable this option and use Interface options to explic‐
273 itly list the used interfaces.
274 Default: disabled
276 MobRtrUseExplicitMode enabled | disabled
279 Toggles between explicit or implicit mode home registrations in
281 the MR.
282 Default: enabled
284 UseCnBuAck boolean;
287 Indicates if the Acknowledge bit should be set in Binding
289 Updates sent to Corresponent Nodes.
290 Default: disabled
292 MnRouterProbes number;
295 Indicates how many times the MN should send Neighbor Unreacha‐
297 bility Detection probes to its old router after receiving a
298 Router Advertisement from a new one. If the option is set to
299 zero, the MN will move to the new router straight away.
300 Default: 0
302 MnRouterProbeTimeout decimal;
305 Indicates how long (in seconds) the MN should wait for a reply
307 during a access router Neighbor Unreachability Detection probe.
308 If set, it overrides any default Neighbor Solicitation Retrans‐
309 mit Timer value greater than MnRouterProbeTimeout. For example,
310 if the interface Retransmit Timer is 1 second, but MnRouterPro‐
311 beTimeout is just 0.2 seconds, the MN will only wait 0.2 seconds
312 for a Neighbor Advertisement before proceeding with the handoff.
313 Default: 0
315 OptimisticHandoff enabled | disabled
318 When a Mobile Node sends a Binding Update to the Home Agent, no
320 Route Optimized or reverse tunneled traffic is sent until a
321 Binding Acknowledgement is received. When enabled, this option
322 allows the Mobile Node to assume that the binding was successful
323 right after the BU has been sent, and does not wait for a posi‐
324 tive acknowledgement before using RO or reverse tunneling.
325 Default: disabled;
327 MnHomeLink name {
330 HomeAddress address/length MNP list;
331 HomeAgentAddress address;
332 MnRoPolicy ...
333 ...
334 }
335 Each MnHomeLink definition has a name. This is the name
337 (enclosed in double quotes) of the interface used for connecting
338 to the physical home link. To set up multiple Home Addresses on
339 the Mobile Node, you need to define multiple MnHomeLink struc‐
340 tures. The interface names don't have to be unique in these
341 definitions. All the home link specific definitions are
342 detailed below:
343 HomeAddress address/length MNP list;
346 Address is an IPv6 address, and length the prefix length of the
348 address, usually 64. The MNP list contains the mobile network
349 prefixes belonging to that particular NEMO Mobile Router. The
350 MNP list is of the same format as in BindingAclPolicy. This
351 option must be included in a home link definition.
352 HomeAgentAddress address;
355 Address is the IPv6 address of the Mobile Node's Home Agent.
357 DHAAD is used if it is the unspecified address ::.
358 Default: ::
360 IsMobRtr enabled | disabled
363 Defines if the MN is a NEMO MR.
365 Default: disabled
367 The route optimization policies are of the form:
370 MnRoPolicy address boolean;
373 Any number of these policies may be defined. If no policies are
375 defined default behavior depends on the DoRouteOptimizationMN
376 option.
377 The fields for a route optimization policy entry are as follows:
379 address defines the Correspondent Node this policy applies to,
380 if left undefined the uspecified address is used as a wildcard
381 value boolean sets route optimization either enabled or disabled
382 for packets matching this entry.
383
386 A NEMO Home Agent example:
387 NodeConfig HA;
389 Interface "eth0";
391 HaAcceptMobRtr enabled;
393 HaServedPrefix 3ffe:2620:6::/48;
395 DefaultBindingAclPolicy deny;
397 BindingAclPolicy 3ffe:2620:6:1::1234 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64) allow;
398 BindingAclPolicy 3ffe:2620:6:1::1235 allow;
399 UseMnHaIPsec disabled;
401 A NEMO Mobile Router example:
404 NodeConfig MN;
406 DoRouteOptimizationCN disabled;
408 DoRouteOptimizationMN disabled;
409 Interface "eth0";
411 MnRouterProbes 1;
413 MobRtrUseExplicitMode enabled;
415 MnHomeLink "eth0" {
417 IsMobRtr enabled;
418 HomeAgentAddress 3ffe:2620:6:1::1;
419 HomeAddress 3ffe:2620:6:1::1234/64 (3ffe:2620:6:2::/64, 3ffe:2620:6:3::/64);
420 }
421 UseMnHaIPsec disabled;
423 A Correspondent Node example:
426 NodeConfig CN;
428 DoRouteOptimizationCN enabled;
430 A Home Agent example:
433 NodeConfig HA;
435 Interface "eth0";
437 Interface "eth1";
438 UseMnHaIPsec enabled;
440 IPsecPolicySet {
442 HomeAgentAddress 3ffe:2620:6:1::1;
443 HomeAddress 3ffe:2620:6:1::1234/64;
445 HomeAddress 3ffe:2620:6:1::1235/64;
446 IPsecPolicy HomeRegBinding UseESP;
448 IPsecPolicy TunnelMh UseESP;
449 }
450 A Mobile Node example:
453 NodeConfig MN;
455 DoRouteOptimizationCN enabled;
457 DoRouteOptimizationMN enabled;
459 UseCnBuAck enabled;
461 MnHomeLink "eth0" {
463 HomeAgentAddress 3ffe:2620:6:1::1;
464 HomeAddress 3ffe:2620:6:1::1234/64;
465 # address opt.
467 #MnRoPolicy 3ffe:2060:6:1::3 enabled;
468 #MnRoPolicy disabled;
469 }
470 UseMnHaIPsec enabled;
472 IPsecPolicySet {
474 HomeAgentAddress 3ffe:2620:6:1::1;
475 HomeAddress 3ffe:2620:6:1::1234/64;
476 IPsecPolicy HomeRegBinding UseESP;
478 IPsecPolicy TunnelMh UseESP;
479 }
480
483 mip6d(1), mipv6(7),
484 RFC3775: Mobility Support in IPv6,
486 RFC3776: Using IPsec to Protect Mobile IPv6 Signaling Between Mobile
488 Nodes and Home Agents
489 January 31, 2006 mip6d.conf(5)