WO2003096592A2 - Methods and apparatus for aggregating mip and aaa messages - Google Patents

Abstract

Aggregated signaling methods and apparatus which can be used to support the aggregation of Mobile IP binding registration information corresponding to multiple forwarding tunnels are described. Aggregated binding update message (280) are used to enable multiple home addresses from one or more home agents to be installed, refreshed and deleted using a single MIP signaling phase. The single MIP signaling phase may correspond to a single MIP binding update message. Aggregated message techniques can also be used to retrieve multiple home address specific policy profiles (282) via AAA signaling thereby reducing the number of AAA messages required to retrieve AAA information, e.g., profiles, corresponding to multiple home addresses.

Description

METHODS AND APPARATUS FOR AGGREGATING MIP AND AAA MESSAGES

RELATED APPLICATIONS

The present application claims the benefit of U.S. Provisional Patent Application S.N.

60/378,404 filed May 7, 2002 entitled: "COMMUNICATIONS METHODS AND APPARATUS" and is a continuation-in-part of U.S. Patent Application S.N. 10/357,265 filed

February 3, 3003 entitled: "A METHOD FOR EXTENDING MOBILE IP AND AAA TO

ENABLE INTEGRATED SUPPORT FOR LOCAL ACCESS AND ROAMING ACCESS

CONNECTIVITY" which claims the benefit of U.S. Provisional Patent Application S.N.

60/354,195 filed February 4, 2002 entitled: "A METHOD FOR EXTENDING MOBILE IP TO ENABLE INTEGRATED SUPPORT FOR LOCAL ACCESS AND ROAMING ACCESS

CONNECTIVITY", each of the preceding applications are expressly incorporated by reference into the present application.

FIELD OF THE INVENTION

The present invention is directed to methods and apparatus for supporting mobile communications and, more specifically, to methods and apparatus for using aggregated binding update messages and aggregated authentication, authorization and/or accounting messages to reduce message signaling in a mobile communications system.

BACKGROUND

Mobile IP (IETF RFC2002) enables a moving Internet host to connect to a Foreign

Agent (FA) access router in a foreign network, yet still be contactable on its persistent Host Home Address (HoA) that it uses on its home network and is likely included in the DNS (Domain Name Server) system. This is possible because the FA gives the host a temporary local address that is either unique to the host e.g., a Co-located Care of Address (CCoA), or is unique to the FA, e.g., a Care of Address (CoA). In an exemplary scenario, the FA registers its CoA into the Home Agent (HA) for the HoA address of its attached Mobile Node (MN) which corresponds to a user, e.g., a Caller. The HA then tunnels packets addressed to HoA of Caller to the Care of Address (CoA) of the FA. The FA forwards packets received from the MN HoA out to the Internet as normal. The Caller needs a Security Association (SA) with the HA and the FA, whilst the FA has a Security Association with the HA, to allow the signaling to be authenticated and potentially encrypted.

During a hand-off, the new FA changes the binding in the HA for the HoA to now map to the new CoA of the new FA. Complexity and problems arise when multiple network regions are involved in a handoff, e.g., because an end node is outside its home network region requiring signals to be communicated from one region to another so that a mobile node's Home Agent can be informed of the information, e.g., address information, needed to reach the mobile node in the foreign network region. For policy and other reasons local and remote network access may be handled differently particularly when a mobile node is in a foreign region. The need, in many cases, to treat local and remote packet forwarding operations differently further complicates matters in regard to updating of forwarding information included in various network nodes.

Figure 1 shows prior art MIP signaling between a first node 140 and a second node 150. A MIP Registration Request /Binding Update (RREQ/BU) message 180 is sent between the first node 140 and the second node 150 to install a binding in the second node that contains a mapping between the home address of an end node and the Care of Address of that end node. The home address is allocated to the end node out of an address prefix assigned to a home agent of the end node. The registration enables the second node 150/first node 140 to redirect packets addressed to the home address of the end node, between the second node 150/first node 140 and the first node 140/second node 150 as indicated by bi-directional IP packet flows for HoAl 182. The registration request message 180 has a MIP Registration Response/Binding Update Acknowledgement (RREP/BUack) message 181 which confirms that the binding has been installed and reports the nature of any errors. Messages 180 and 181 are specific to the Home address 1 (HoAl) of the end node from the home agent 1 (HAl) to be mapped to the CoA of the end node. Therefore, a different RREQ/BU message 184 and a different RREP/BUack message 185 are required to install the binding for home address 2 (HoA2) of the end node from home agent 1 (HAl) to be mapped to the CoA of the end node, so creating bi-directional IP packet flows for HoA2 186 between first node 140 and second node 150. Similarly, a RREQ/BU messages 187 and a RREP/BUack message 188 are required to install the binding for home address 3 (Ho A3) of the end node from home agent 2 (HA2) to be mapped to the CoA of the end node, so creating bi-directional IP packet flows for Ho A3 189 between first node 140 and second node 150. The first node 140 may be any of an end node, an access node containing a MIP agent such as a foreign agent or attendant, whilst the second node 150 can be an access node containing a MIP agent such as a foreign agent or attendant, or it may be a MIP home agent. It may be seen from figure 1 that when the end node has multiple home addresses that a significant amount of signaling is required to install and manage the bindings for an end node, especially during hand-off between access nodes.

Figure 3 shows detailed contents 380 of a prior art MIP registration message 380, such as, for example message 180 or message 181 of Fig 1. Message 380 includes a home agent address (HAl) 381, a single home address 1 (HoAl) 382 with a first prefix 382a that is allocated to and routable through the home agent using address 381. The message further includes a CoA of the end node 383 which is mapped with the home address 382 in a MIP binding. Finally, the prior art message includes MIP signaling fields 384 that contains additional signaling information such as flags, sequence numbers, security and prior art MIP extension fields etc used for correct operation of the signaling instance and to describe the type of processing and forwarding to be established for the binding between the home address 382 and the CoA 383 in a MIP mobility agent such as a home or foreign agent. Note that during an initial registration phase, the home address and home agent addresses may be undefined to indicate that the AAA system should dynamically allocate a home agent to the end node, and the AAA system or home agent should allocate a home address to the end node from a prefix at that home agent. Known MIP registration message do not include more than a single HoA.

For the purposes of the description, an address is associated with an address prefix of N bit length if that N Most Significant Bits of the prefix and that address are the same. In addition, whilst a single MIP signaling instance is already able to manage the allocation of multiple home addresses from a single Home Agent, this is only possible if those addresses are defined as a single subprefix of length M bits out of an N bit prefix managed by the Home Agent (where N<=M). Non-congruent addresses cannot be supported and specifically a single MIP signaling instance cannot manage home addresses from different Home Agent prefixes, nor in fact from different prefixes at different Home Agents. Therefore, existing Mobile IP (MIP) does not provide efficient support for multiple Home addresses, to support say both remote and local models concurrently via the use of two different Home addresses so that, e.g., a user can roam the Internet through the use of local access while in a foreign network region and also get corporate/home access at the same time via the use of remote access to the user's home network region. The need for this kind of duality has been seen previously, for example, on DSL Digital Subscriber Line access networks, so the requirement is not new. For example, a user might wish for either component to be started or dropped at any time and with full policy control by both the foreign and home operators as to what is allowed. The MN could then use an address (HoA) associated with the particular mobile which corresponds to the mobile's Home Agent node, an address (RoA) associated with the particular mobile that corresponds to the mobile's Regional Agent (RA) node in combination with packet source address information to select on a flow by flow basis to route packets and hence control connectivity features (location visibility, identity visibility and routing policy) for each users IP 'session' independently.

hi order to support different routing and treatment for different IP sessions or applications, e.g., corresponding to remote and local access, ranning on a mobile node, it may be necessary to run multiple instances of MIP on the mobie resulting in multiple HoA's being assigned to the same mobile and, using existing signaling, requiring at least one MIP registration message for each HoA corresponding to a mobile. This has the unfortunate effect of resulting in multiple M-P registration update messages having to be sent by a mobile, e.g., one per HoA or RoA being used, when a handoff occurs. Multiple MIP registration messages can have the unfortunate consequence of consuming bandwidth and signaling resources that might otherwise be used.

Figure 5 shows a prior art binding table 580 in a mobility agent. A separate MIP signaling instance, e.g., MIP registration request message and reply, is used to update or create a single entry in the binding table 580. The table 580 has entries for a multitude of end nodes such as Mobile Node X 581 and Mobile Node Y 582. hi the case of MN X which has three home addresses HoAl 587, HoA2 591 and HoA 3 595, the prior art signaling creates a binding entry for each MIP signaling instance and hence for each HA/HoA address pair. Entry 583 contains HAl 586, HoAl 587, MN X CoA 588 and MIP signaling state 589 associated with that signaling instance. Entry 584 contains HAl 590, HoA2 591, MN X CoA 592 and MIP signaling state 593 associated with that signaling instance. Thus, for each HA, HoA pair, there is a separate entry 583, 584, 585 resulting in similar information being stored multiple times in the memory used to implement the binding table. Entry 585 contains HA2 594, HoA3 595, MN X CoA 596 and MIP signaling state 597 associated with that signaling instance. It is clear that CoAs 588, 592 and 596 have the same value, that being the CoA of the MN X, and HAs 586 and 590 contains the same HA address. Further, if the forwarding and security requirements, of the MN X, is the same for each binding entry, then the signaling state 589, 593 and 597 is highly correlated and can be exactly the same through appropriate use of common lifetimes, security associations and sequence numbers. Therefore there is the potential for large amounts of redundancy in the stored state that implies inefficient storage and associated messaging.

Figure 7 shows prior art AAA signaling between an access node 740 and a AAA server 750 that is triggered by the arrival of a connect message such as a MIP Registration message at the access node 740. The AAA signaling is used to authenticate an end node for connection to the access node 740, and to authorize a set of communications services for the end node at that access node 740, and potentially a plurality of additional access nodes, as defined by an end node profile associated with the home address of an end node. The end node profile is stored in the access node 740 and used to configure and policy communication facilities at that access node 740. A AAA request message 760 is sent from access node 740 to AAA server 750 and contains the end node identity such as a MN X Network Access Identifier (NAI) 761 which also used to route the AAA request to the home AAA server of the end node. The message 760 will also contain MIP AAA request state used to request dynamic allocation of HA, HoA and security associations for the MIP service. The AAA request message 760 may also contain HAl address 763 and HoAl address 764 if the MN X has multiple profiles, each associated with a specific HA/ΗoA pair. HAl address 763 and HoAl address 764 can alternatively contain requirements on the AAA server for the dynamic allocation of a HAl and/or a HoAl, such as address types and location to ensure the appropriate connectivity and communications facilities become available to the MN X. A AAA response message 770 will then contain the MN X identity NAI 761 to ensure that the returned state is installed for the correct MN X. Dynamically assigned HAl address 772 and HoAl address 773 will also be returned but may, especially in the case of statically allocated HA and HoA addresses, be returned in the MN X profile for HoAl 775, along with the configuration and other policy state. Finally, the message 770 will typically include other MIP AAA response state 774 such as dynamically allocated security associations. Now when MN X has multiple HoAs 1, 2 and even 3, then the address are from different address prefixes (same or different Home agents) and therefore represent different connectivity and hence reachability for communciations services, which is essentially the motivation for a MN X having such multiple Home addresses. HoAl might be from a public Internet service provider whilst HoA 2 might be from a corporate network connected to the same network operator, and hence potentially reachable via a common Home agent HAl . HoA3 in contrast might be from a third party content provider that is not part of the common network operator for HoAl 12 and hence is reachable via a second Home agent HA2. In these cases, it is clear that different reachability is likely to be associated with different MN X profiles for each HoA. Therefore, the prior art AAA signaling will require additional AAA Request message 780 and AAA Response message 781 to fetch the dynamic configuration and MN X profile for HoA2 , and a third set of messages 782 and 783 to fetch the state for HoA3. Clearly, if the AAA server is common for all three AAA signaling instances, and part of the MN X profile state is common to more than a single HoA, then this approach is inefficient in storage and signaling bandwidth.

In light of the above discussion, it is clear that a better and more efficient method with supporting apparatus is needed to provide efficient support for multiple Home Addresses in MIP signaling.

SUMMARY OF THE INVENTION

In accordance with the invention, mobile node functionality is enhanced by supporting multiple parallel instances of M-P in a single mobile node. This allows local and remote access to be treated differently allowing for greater flexibility in network system policy, accounting, security and other issues that arise when a mobile node operates in a visited network region, e.g., foreign domain. While in a visited region, e.g., a foreign domain, local access refers to access within the visited region or domain. This may involve sending packets to, or receiving packets from, another end node located in the visited network region. Remote access may involve a mobile node in a visited network region accessing or exchanging packets with one or more nodes in the mobile node's home network region. In accordance with the present invention, this can be accomplished by running a separate instance of MIP in the mobile to deal with remote access separately from local access.

Thus, in accordance with the invention a mobile node may run parallel instances of MIP, one for each Home address. One instance used for local access may use a local HA (Home Agent) and HoA (Home Address), e.g., HAl and HoAl. Remote Access maybe supported via another, e.g., remote HA and a remote HoA, e.g., HA2 and HoA2. This gives the mobile node independent control of each M-P instance and its particular standard MIP features such as reverse tunneling, broadcasting etc, and can select between the two instances on a per IP session basis using source address selection. The distinct connectivity planes are both exposed to the local operator who can now manage and account both services. Either plane can be dropped and added as desired although a degree of persistence in the local configuration is desirable to avoid thrashing the AAA system and MIP signalling plane.

However, without various signaling improvements to M-P which are taught in the present application, the problems with this model can be severe in terms of the amount of M-P signaling which may occur, particularly as the number of parallel instances of M-P on individual mobile devices increases.

Absent various features of the invention,ultiple, e.g., independent, parallel MIP instances in the mobile naturally implies at least double the signaling, hand-off processing, security associations and management load due to two or more independent MIP instances, particularly where there is no or only partial integration of the AAA (Authentication, Authorization and Accounting) data for each instance. The more HoAs a MN has then the worse the hand-off overhead and complexity becomes.

ϋ)Using separate MIP signals as opposed to aggregated signals, each HoA specific hand-off may complete at significantly different times (out of phase) with each other and the local HA hand- off due to the different hand-off paths resulting in complex FA and MN state management. Normally local handoff signaling can be completed before remote region handoff signaling completes due to shorter path lengths relative to the mobile node and the network nodes which are updated. This can result in slow hand-off and chained FAs out of step with the local hand- off. A regional mobility agent can be deployed locally, e.g., in the visited region, in accordance with one feature or the invention provide the necessary localization for the remote access MIP hand-off.

Some ways of addressing some of the problems discussed above associated with multiple Home Addresses in MIP signaling, in accordance with various features of the invention, include:

a) A single phase of AAA exchanges through the foreign and home AAA servers that is used to configure both local and remote service options in parallel by returning a composite service profile covering both local and remote access, along with any dynamic IP addresses and security associations for HA, RN, HoA and RoA, where the

HoA is an address associated with the specific MN at the HA and the RoA is an address associated with the specific mobile at the RN. For purpose of explaining the invention, a Regional Node (RN) is a node which operates as a regional mobility agent in a visited region. An RN may be implemented as an HA in a visited region but is described herein as an RA to distinguish from a node's HA in its home domain. A Gateway Foreign

Agent is an example of a known RN. Notably, the RoA and HoA correspond to the same mobile node and are not shared with other mobile nodes allowing the RoA and HoA addresses to be mapped to a specific mobile node and serve as a mobile node identifier.

b) A single phase of MIP hand-off signalling can be used in accordance with the invention between the MN and FA, and between the new and old FAs to hand-off traffic to the newFA. This would signal the new CoA for multiple, e.g., all the HoAs of a MN and install standard inter-FA forwarding. This would enable the MN and the FAs to share the same Security Associations (SAs) for all the HoAs of a MN. Each oldFA (oFA) would store the last MIP reg sent to each HA and would CT (Context Transfer) these to the newFA (nFA) on hand-off. The newFA would then be responsible for issuing the proxy parallel MIP registrations to multiple, e..g, all, the HAs, secured by the nFA-HA and oFA-HA SA. Each such registration may and normally does include the old CoA and newCoA info and the present binding information at the HA to be updated to the newCoA. The nFA may, and often is, also responsible for clearing up if the MN hands- off again before the remote access MIP registration, for the HA/HoA, is completed towards that newFA. In accordance with the invention various novel aggregated messages are used to manage Mobile IP bindings for multiple home addresses of an end node. This reduces signaling requirements as compared to using multiple conventional MIP messages to perform the same or similar functions. Aggregated messages of the present invention, in contrast to convention MIP messages, carry multiple home addresses from the same home agent. These aggregated messages can be used between the end node and the home agent, between the end node and the foreign agent, between the foreign agent and the home agent and between two foreign agents during a hand-off. The invention is further directed to aggregated messages that enable bindings to be updated in a foreign agent for multiple home addresses that originate from different home agents. Novel aggregated AAA messages are also supported.

The invention is also directed to methods and apparatus for using and processing the novel messages of the present invention. The novel methods include a message de-aggregation, e.g., fan-out process, that may be implemented in the foreign agent that enables different messages to be generated and sent to multiple home agents as a result of a single aggregated message from an end node received at the foreign agent. The received aggregated message will normally include home addresses from, e.g., corresponding to, multiple different home agents which provide a mobility service to the mobile with which the aggregated message is associated. In support of the invention, and to reduce binding table requirements in various nodes, a novel aggregated binding table structure is also supported, hi addition to reducing memory requirements, the aggregated binding table structure of the present invention is well suited for being updated by the aggregated MIP registration messages of the present invention.

The invention further provides aggregated messages between the foreign agent and the

AAA server that can be triggered by an aggregated message from an end node to be used to fetch multiple home address specific end node profiles from the AAA server. Thus, novel aggregated authentication, authorization and/or accounting messages are also supported. Novel aggregated AAA messages normally included multiple HoAs corresponding to the same mobile node. The aggregated accounting messages reduce signaling overhead while enabling the end node to rapidly configure policy and connectivity for multiple home addresses in parallel. Use of a single aggregated message also operates to ensure that the AAA system receives requests and/or information corresponding to a handoff together thereby avoiding problems from receiving information associated with a handoff in different messages, some of which may be delayed or lost resulting in the potential for incomplete or inconsistent processing relating to a handoff by the AAA system. The novel aggregated AAA message can also be used between foreign agents, as part of a hand-off, to transfer policy state between the old and new foreign agents for the multitude of home addresses employed by an end node.

Various other features of the present invention are directed to a HoA list extension that is used to indicate the additional HoAs that are associated with a master HA/HoA pair included in an aggregated signaling message. Further, a HA/HoA list extension is defined and supported. The HA/HoA list extension is used to indicate one or more additional HoAs at one or more alternative HAs which differ from the master HA of a signaling message. Both extensions may use INCLUDE/EXCLUDE flags to indicate whether the HA/HoA identified in the extension entry is to be installed (refreshed) or not refreshed (deleted). Thus, updates to a binding table may be applied selectively to HA/HoA information listed in the binding table. Thus, use of an aggregated registration message of the present invention does not necessarily result in updating of all binding entries corresponding to HA and/or HoA addresses included in the aggregated message of the invention.

Various additional features and benefits of the present invention will be apparent in view of the detailed description which follows.

DESCRIPTION OF FIGURES

Figure 1 shows three prior art MIP signaling instances between a first node and a second to manage the bindings for three separate Home addresses.

Figure 2 shows a single aggregated MIP signaling instance of the invention, between the first node and the second node, for managing the bindings for three Home Addresses at the same time.

Figure 3 shows the details of a prior art registration message used to manage the binding for a single home address. Figure 4 shows registration message details of an exemplary aggregated message of the invention used to manage the bindings for three home addresses at the same time.

Figure 5 shows the contents of a prior art binding table in a mobility agent, such as a foreign or home agent, for managing three home addresses.

Figure 6 shows the contents of an aggregated binding table entry of the invention for managing three home addresses.

Figure 7 shows three prior art AAA signaling instances between an access node and a AAA server for obtaining the end node profiles associated with three home addresses.

Figure 8 shows a single aggregated AAA signaling instance of the invention used to obtain three end node profiles at the same time.

Figure 9 illustrates an exemplary aggregated message which can be used as an aggregated authentication, authorization and/or accounting request message in accordance with the invention.

Figure 10 illustrates and exemplary aggregated reply message which may be returned in response to the messages of Fig. 9 or figure 12.

Figure 11 shows an exemplary communications system for using the invention for registering and handing off multiple home addresses with a single MIP signaling instance.

Figure 12 illustrates an alternative exemplary aggregated message which can be used as an aggregated authentication, authorization and accounting message in accordance with the invention. DETAILED DESCRIPTION

Figure 2 shows the passing of aggregated messages between first and second nodes 240, 250 in accordance with the invention. Node 240 includes memory 241 which is part of an interface used to buffer incoming and outgoing messages and data. Similarly, node 250 includes memory 242 which is part of an interface which buffers messages received by or transmitted from node 250. Fig. 4 illustrates an exemplary message which may be communicated between nodes 240, 250 while Figs. 9 and 11 illustrate various exemplary nodes which may be used as the first and second nodes 240, 250. The first node 240 may be an end node, such as end node 910, or an access node such as access node 930 of Fig. 11. The second node 240 may be, e.g., a home agent 930 or an access node such as access node 920. The registration signaling coreesponds to an aggregated MIP signaling instance, e.g., registration message and corresponding reply message, in accordance with the present invention that is used to efficiently manage multiple bindings for a first end node 240. A single aggregated MIP registration request or binding update message 280 is sent from a first node 240 (similar to first node 140 of Fig. 1) to a second node 250 (similar to second node 150 of Fig 1), carrying sufficient information to install multiple bindings in the second node 250 for multiple home addresses associated potentially with multiple home agents, which map to the same CoA of the end node. An aggregated MIP Registration Response or Binding Update Acknowledgement message 281 then reports the result of the binding installation for each of the home addresses of the end node back to the first node 240. The use of a single signaling instance to update registration information corresponding to multiple HoAs, made possible by the use of aggregated messages, enables the amount of signaling bandwidth and signaling state to be reduced as compared to using conventional M-P messages. Three bi-directional IP packets flows, represented as dashed line 282, are routed based on information included in the aggregated signals 280, 281 which are used to install bindings into the second node 250 for the three home addresses HoAl, HoA2 and HoA3 of the first end node 240.

Figure 4 shows detailed contents 480 of an exemplary aggregated registration message, such as, for example, message 280 or 281 of Figure 2, in accordance with the present invention. Aggregated message contents 480 includes a home agent address (HAl) 481 which identifies a node 930 (see Fig. 11), a home address 1 (HoAl) 482 with a first prefix 482a assigned to the identified node 930, a CoA 483 associated with the second address 482 and MIP signaling fields 484. In addition, the message contents 480 includes a second home address (HoA2) 485 with a second prefix 485a, said second prefix 485a being different from said first prefix 482 and being from the first home agent identified by address 481. Alternatively or additionally, the message contents 480 includes a third home address (HoA3) 487 with a third prefix 487a where said third prefix 487a is from the second home agent address (HoA2) 486. The aggregated message may include any number N of HoAs where N is equal to at least 2. The contents 480 of the message are arranged so that the receiving node can uniquely determine the pair comprising the Home agent address and the home address at that home agent that is mapped to the common CoA 483. Therefore, the aggregated message 480 can describe multiple home addresses from a single home agent, multiple home addresses from different home agents as well as additional combinations of home and home agent addresses. In an exemplary embodiment, the aggregate message would use the pair HAl 481 + HoAl 482 as the master binding, whilst a MIP extension is used to describe an INCLUDE/EXCLUDE list of additional HoAs at the master HA, followed by a additional HA+HoA pairs not at the master HA. The include/exclude list structure indicates that the included address pairs should be included or excluded (as indicated by flags) from the binding table entries associated with this end node CoA as indicated by the include/exclude list. The include/exclude structure provides additional aggregation advantages as compared to a message without such a list especially as the number of address pairs grows large. The MIP signaling fields 484 in the aggregated message maybe unchanged from that of the prior art message only when all address pairs use the same signaling fields. When address pairs have different forwarding requirements then additional address pair specific signaling state 488 is appended to the signaling state for the individual address pairs. Thus, different signaling state 488 may be included for the first address pair HAl HoAl, second address pair HAl/HoA2 and third address pair HA2/HoA3. MIP flags which are the same for all pairs included in the message 480 may occur only once in the message, e.g., as part of the set of common MIP signaling fields 484.

In response to receiving an aggregated binding message, e.g., message 250, the receiving node will update its binding table entries, e.g., a single aggregated binding table entry will be updated in response to receiving an aggregated update message 250. As shown in Fig. 6, the single binding table entry may include multiple HAs and HoAs. As part of the receiving and updating process, the aggregated message 250 may and often is, temporarily stored in memory included in the receiving node. Figure 6 shows an aggregated binding table structure 680 in accordance with the present invention, showing entries 681 and 682 for MN X and MN Y. MN X has three home addresses HoAl 482 from HA 1 481, HoA2 486 also from HAl 481 and HoA3 487 from HA2 486. A binding table of the type illustrated in Fig. 6 may be used in each of the nodes 920, 930, 950- shown in fig. 9 and may be implemented in memory included in the node 920, 930, 950 in which the table is located. These three address pairs share the same CoA 483 and MIP signal state 689 entries as a single aggregated message used to manage these bindings, in accordance with the invention, using the address pair HoAl at HAl as the master binding. Note that HoA2 485 is listed below HoAl 482 and has no HA field defined because it inherits the value from the master binding, shown in the first row of entry 683. In alternative embodiments, the binding table can be split so that the address pairs can be searched in the binding table and the CoA and MIP sig state (which is in a separate table) is indexed by a pointer associated with the matching address pair. Where differences exist between the MIP sig state for each address pair, these can be further indexed out of the binding table by an additional index to a third table. Essentially though, all embodiments, in accordance with the present invention, share the property of removing redundant information and facilitating the use of aggregated signaling messages.

Figure 8 extends the aggregated signaling and storage concept of the present invention to a AAA Request message 860 and a AAA Response message 870 which are passed between an access node 840 and AAA server 850, with AAA server 850 including aggregated policy state 855 for the HoAs corresponding to the MN X Network Access Identifier (NAI) 1. The aggregated policy state includes Profile 875 for a statically allocated HAl / HoAl address pair for the MN X. Profile 876 is for a second statically allocated HoA2 at the same HAl as profile 875. Profile 877 is for a dynamically allocated Ho A3 address as a statically allocated HA3 address, the AAA server is responsible for the address allocation in this example but this is for purposes of the example and is not intended to indicate a loss of generality. The profile 878 is associated with an NAI 2 (Network Access Identifier 2) that is different from the MN X NAI 1 associated with profiles 875, 876, 877. Profile 878 is for a dynamically allocated HA and HoA from the domain identified in that NAI 2. Messages 860, 870 are stored, at least temporarily in memory included in each of the receiving and transmitting nodes, e.g., as part of the transmitting and receiving process. Fig. 9 is a detailed example of an exemplary request message, an AAA message 860, which can be used as an authentication, authorization and/or accounting message. The message 860 comprises a MN identifier 861, a state request field 862, a first aggregated HA/HoA address grouping 869 including HAl 863 and statically allocated HoAl 864, and a dynamically allocated address HoA3 865 whose value is not known at the time of the sending of the request message 860. Both HoAl and HoA3 correspond to the first HA address HAl 863. Therefore elements 863, 864, 865 represent two HA, HoA pairs 880, 882. The message 860 further includes a request for a third HA/HoA address pair 884, which includes HA4 866 and HoA4 867, associated with an NAI 2 which is associated with MN X, said NAI 2 is different from said NAI 1. Note that normally neither HA4 nor Ho A4 are known in advance of sending the aggregated request message 860 as they will be dynamically allocated, said dynamic allocation being guided or controlled by the NAI 2 HA4 and HoA4 requests 866, 867, and the associated profile state 878. HA/HoA address pairs and request form the first part of what can be called an included exclude list. An include flag 871 is used to indicate that the profiles in the AAA server associated with address pairs 880, 882 and 884 should be returned to the access node 840, these profiles being profiles 875, 877 and 878. The fact that the address pair HAl/HoA2 associated with profile 876 is missing from a request with the include flag set indicates that the access node 840 does not need the profile 876 to be returned for the MN X. A particular exemplary request message is shown in figure 12 where the exemplary aggregated request message 860 again includes the MN X NAI 1 identity 861 and MIP AAA request state 862. This is followed by an address pair 881 comprising HAl address 868 and HoA2 address 869 associated with MN X NAI 1 861 and profile 876. The exclude flag 870 is then added to the message. This informs the AAA server 850 that the AAA request is for all profiles and associated allocations that are associated with MN X that are not mentioned in the AAA request message, these being the same profiles described in figure 9. An include flag is therefore generally preferable in a request message when the number of included entries is less than the number of excluded entries. Note however that the dynamic allocation of Ho A3, HA4 and HoA4 cannot now be guided by parameters in the missing request messages 865, 866 and 867 of figure 12 compared to figure 9, and must instead be fully guided by the Profile state 877 and 878. Therefore, a composite of include and exclude entries may be combined in a single message to provide control for dynamic allocation requests with maximum message efficiency. The include flag 871 and/or exclude flag 870 may be implemented as part of a M-P extension that also implements the list of HA/HoA address pairs, or could be an MIP header flag, or a specific AAA Attribute Value Pair (AVP) for example.

Contents of an exemplary AAA response message 870 are shown in figure 10 when using either the request message of figure 9 or figure 12. The MN X NAI 1 861 and MIP AAA response state 874 are returned to the access Node 840 along with address pairs 890, 892 and 894. Address pair 890 includes HAl address 863 and HoAl address 864 along with the associated profile 875. Address pair 892 includes HAl address 863 and dynamically allocated HoA3 address 895, and is followed by the associated profile 876. Address pair 894 comprises dynamically allocated HA4 address 896 and HoA4 address 897 followed by the associated profile 877, addresses 896,897 being allocated from the domain identified by MN X NAI 2.

In addition to providing message savings, any process at the AAA server, such as MN authentication, that may typically comprise multiple steps of messaging and processing that are not shown in figure 8, that is normally conducted for each AAA request message, may, and often is, conducted once for the aggregated message, providing additional benefits of the invention.

During a hand-off the MN X profile and associated configuration state is handed-off between access nodes. This can be performed using AAA in accordance with the invention. Therefore, an aggregated MIP hand-off message for multiple HoAs of a MN X can trigger an aggregated message to transfer the MN X profile for each HoA to the new access node, from the old access node, the old access node effectively becoming the AAA server 850 of figure 8.

The invention is summarized in an exemplary communications system of figure 11 for the case of an end node 910 which for example is a Mobile Node (MN 910), coupled to a first and a second access node 920, 940, respectively, which for example contain MIP v4 Foreign Agents or MIPv6 Attendents. Access Nodes 920, 940 may alternately be referred to as Foreign Agents (FAs) 920, 940, respectively, since they include FA modules which allow them to operate as FAs. FAs 920,940 are both coupled to first and second MIP Home Agents or Regional Agents 930, 950 (HAs 930, 950). The FA 920 also has a coupling with an Authorization and Authentication system 905 which enables the FA 920 to authenticate the MN 910 and to obtain an Authorization Profile called the MN Profile which is installed into the FA 920 and used to policy the communications activity of the MN 910. All nodes 905, 910, 920, 930, 940, 950 have a communications routine 907, 911, 921, 931, 941,951, respectively, used to send MIP and policy signaling for initial registration and for hand-off of the MN 910 between FAs 920, 940, as well as to forward packets between nodes. The nodes 910, 920, 930, 940, 950 have an Aggregated MIP Routine 912, 922, 932, 942, 952, respectively, which enable a single MIP signal, e.g., aggregated message, to affect binding state for more that one HoA at a single HA at a time. In addition, nodes 910, 920,940 have an extended routines 912, 922, 942, respectively, which also enable them to use a single MIP message to affect state associated with multiple HAs. Routines 912, 922, 932, 942 and 952 support and implement aggregation of MIP signaling such that a single MIP message can be used to manipulate various, e.g., all, MIP state for a MN 910, thereby eliminating the need for a multitude of MIP messages in order to manipulate the state, e.g., one message for each single HA/HoA pair as is normally done with conventional MIP signals. This enables a binding table 933, 953, 923, 943, 913 and other MIP state in the HA 930, HA 950, FA 920, FA 940, MN 910, respectively to store state as if a separate MIP signaling phase was being used for each distinct HoA thereby allowing an aggregated message to be used with a conventional type of binding table. In an alternative embodiment, aggregated binding table state such as the binding table 680 of Fig 6 of the invention can be employed where a single instance of MIP signaling state associated with a single MN 910 ( including MIP flags, security, lifetime, sequences numbers, challenges, tunnel types and other extensions) can be generated for a main Home Agent, Home Address and CoA triplet. Routines 922, 942 further manage the fan-out, e.g., de-aggregation, of MIP registration signaling to multiple HAs and the fan-in, e.g., aggregation, from the multiple associated MIP Replies.

When MN 910 connects to the first FA 920 it sends an aggregated MIP Registration

Request (M_Pv4) or Binding Update (MIPv6) message 970a to the FA 920 including its identity such as at least one Network Access Identifier. The FA 920 then sends a message 906a, such as a RADIUS access_request to the AAA system 905 to authenticate the MN 910 and fetch the Policy state 908 for mobility management of Home addresses HoAl, HoA2 and Ho A3 at the first and second HAs 930, 950. The HoAs and HAs may be predefined or dynamically allocated but an essential inventive step is to enable a multitude of Policy state to be returned to the FA 920 in the Access_Accept message 906b, triggered by a single MIP registration message 970a. If the multiple HoAs are to be allocated by the HA 930, 950 then they will not be in the returned policy state although the policy state for each yet to allocated address may be. The message 970a can include a HA/HoA list extension and associated address type information which can be used by the FA 920 to indicate to the AAA system which subset of all available policy state is needed for this MN 910 at this time. The HA HoA list can either name each HA domain and the address types in each domain, or it can actually include specific statically allocated HA and HoA identifiers. The named elements can be designated as an indication of which policy should, or should not be returned the FA 920, hence operating as either an INCLUDE or EXCLUDE list. The policy state also should include MIP security associations for securing communications between the FA 920 and the HAs 930, 950, between the MN 910 and the FAs 920, 940, and between the FAs 920, 940 themselves.

The policy state is stored in the FA 920 as part of the context state for the MN 910 and will normally include at least the address of each HA 930, 950 and a place holder for the requested address types from that HA. Such address types can be IPv4 public addresses, IPv4 private addresses, various IPv6 address types (link, site and global scope, with and without EUI- 64s) as well as addresses from specific address prefixes (address ranges) that correspond to different commercial entities. Providing multiple addresses from a common address prefix to a MN 910 is useful if that MN 910 is acting as a Mobile Router and can onward allocate those addresses. Allocating multiple home addresses to a MN 910 from different address prefixes at a HA, e.g., addresses which are not from a contiguous block of addresses, is useful because each address can be owned by different commercial operators with connectivity to that HA, such that each address provides different communications capabilities with associated policy constraints to the MN 910. For example, the same HA can allocate an address from the public ISP of the MN 910 as well as an address from the corporate network of the MN 910.

Message 970a for triple HAl HoAl CoA, including HA/HoA list extension for, HAl HoA2 and HA2 Ho A3, is converted by routine 922 into a partially aggregated message 970b including HoA list extension with HoA2 directed to the first HAl 930. The fan-out (deaggregation) process in the FA 920 also sends, in response to receiving an aggregated message 970, a deaggregated message 970c to the second HA 950 for HA2 HoA3 CoA. These messages are used to obtain any dynamically allocated HoAs from those HAs which are returned to the FA 920 and the MN 910 in the MIP reply messages. Note that the FA 920 aggregates reply codes and other information from reply messages received in separate reply messages from the two HAs for each of the HoAs 1, 2, 3 to enable a single aggregated Reply message to be returned by the FA 920 to the MN 910. These replies can also include per HA / HoA success failure information which is returned to the MN 910 intact so that it is fully aware of its evolving connectivity and can then attempt to repair any defects with aggregated or unaggregated signals. T he completion of the MIP registration / binding update signaling results in a single aggregated binding table entry, e.g., aggregated binding table entry 683, being installed in the FA 920 and the HA 930 for the HoA 1 and HoA2 which is mapped to the MN 910 and the Care of Address of the MN 910. Packet flow 960a from HA 930 to FA 920 then includes packets from peer nodes destined for either the HoA 1 or HoA 2 of the MN 910, packet flow 960c from HA 950 to FA 920 then includes packets from peer nodes destined to the HoA3 of the MN 910, addresses HoAl, 2,3 being assigned to interfaces on the MN 910. If the End Node CoA is assigned to another interface on the MN 910 then it is a Colocated CoA (CCoA) and packets from the peer nodes will be directed from HAs 930, 950 to the CCoA using redirection mechanisms such as tunneling or routing headers. If the end node CoA is the FA CoA of FA 920, then the HAs 930, 950 instead redirect packets to the FA CoA which then forwards them to the MN 910 using the binding information in table 680. Therefore packet flow 960b from FA 920 to MN 910 includes packets from both packet flows 960a and 960c.

As is well known in M-P, the bindings in the HA 930, 950 and FA 920 should be refreshed in advance of the binding lifetime expiring. Accordingly, to achieve a high level of aggregation the lifetimes and the CoAs for the bindings for the MN 910 should all be the same. MIP also includes a number of other parameters such as tunnel types, challenge and security mechanisms. The more the parameters are common for each of the HoAs at each of the HAs, then the greater is the aggregation benefit of the invention. Without loss of generality, this invention enables any MIP parameters to be common between the HoAs and the HAs other than of the course both the HA and HoA addresses themselves. If the MN 910 wishes to add or drop a specific HoA/HA from the aggregate, then the INCLUDE/EXCLUDE list extension (e.g., include or exclude flag) is used to communicate the change to the FA 920 and HAs 930, 950 so that the associated policy and MIP state can be amended.

Further aggregation benefits accrue during hand-off when the MN 910 moves to a new FA 940. The case for a reactive hand-off, whereby MIP signaling is sent via the new FA 940 will be described and is shown in figure 9, but an aggregated proactive hand-off whereby the MIP signaling is sent via the old FA 920 and triggers an MIP signal from the old FA 920 to the new FA 940 is also possible, in accordance with the present invention. The reactive hand-off requires the MN 910 to send an aggregated MIP registration request or Binding Update message 975 a to the new FA 940, including the HA/HoA list to indicate which packets to redirect to the new FA 940 and which to deprecate. The HA/HoA routine 942 will then issue an aggregated Binding Update (BU) message 975d to the old FA 920 to update the binding information in the binding table 923 in the old FA 920 with the CoA from the prefix of the new FA 940. This newCoA again may be a FA CoA or a CCoA but the modifications will only be applied to the bindings as indicated by the HA/HoA list in the BU 975d. Packets destined for the oldCoA in affected bindings are then redirected to newCoA by the FA 920 to create packet flow 960d from old Fa 920 to new FA 940 which is onward forwarded to the MN 910 as packet flow 960e. Unaffected bindings will continue to forward packets to the MN 910 as flow 960b which will terminate when the HAs 930, 950 stop directing packets towards the oldCoA or when the MN 910 decouples from the FA 920. The BU message 975d triggers a message 975e from the FA 920 to the FA 940 which transfers the policy state for the HoAs indicated by message 975d to enable policy state and MIP configuration, including security state to be transferred to the new FA 940. Undertaking the hand-off in parallel for all HoAs avoids the cost of multiple independent MIP hand-off signals which comsumes excessive bandwidth and which independently could fail or become desynchronized leading to significant complexity. Message 975a also triggers messages 975b and 975c to HA 930, 950, respectively, which are aggregated MIP signals for multiple HoAs at the same HA. These update the bindings 933, 953 in the HAs to replace the oldCoA with the newCoA. Packets are then no longer directed towards the MN 910 via FA 920 and instead go via FA 940.

In summary, significant aggregation benefits can be obtained when a MN has multiple

HoAs from a single HA, if the MN has a single HoA from multiple HAs, and as described in figure 9, multiple HoAs from multiple HAs which is the general case. The single MIP signaling phase from MN 910 back to MN 910 via FA and HA can be MIP v4 or MIPv6 based, but can reference a multitude of address types associated with HoAs and HAs. Note that a shared CCoA can be used for any combination of IPv4 and IPv6 addresses whilst a CoA can only be used for IPv4 addresses of different types. The aggregated hand-off signaling can be used after non-aggregated signaling is initially used to install bindings for each HoA into each HA, FA. During this initial deaggregated phase, the MN 910 can attempt to negotiate maximally uniform parameters across the MIP state for each HoA so that maximum aggregation benefit is obtained during hand-off.

The provisional applications incorporated by reference into the present application includes various exemplary embodiments which are not intended to limit the scope of the present application. Any mandatory language such as must, only, necessary, etc, found in the provisional applications is intended to be interpreted as applying to the exemplary embodiments described in the provisional applications and not to limiting the invention, claims or embodiments described in the present application in any way.

In various embodiments nodes described herein are implemented using one or more modules to perform the steps corresponding to one or more methods of the present invention, for example, signal processing, message generation and/or transmission steps. Thus, in some embodiments various features of the present invention are implemented using modules. Such modules may be implemented using software, hardware or a combination of software and hardware. Many of the above described methods or method steps can be implemented using machine executable instructions, such as software, included in a machine readable medium such as a memory device, e.g., RAM, floppy disk, etc. to control a machine, e.g., general purpose computer with or without additional hardware, to implement all or portions of the above described methods, e.g., in one or more nodes. Accordingly, among other things, the present invention is directed to machine-readable medium including machine executable instructions for causing a machine, e.g., processor and associated hardware, to perform one or more of the steps of the above-described method(s).

Numerous additional variations on the methods and apparatus of the present invention described above will be apparent to those skilled in the art in view of the above description of the invention. Such variations are to be considered within the scope of the invention. The methods and apparatus of the present invention may be, and in various embodiments are, used with CDMA, orthogonal frequency division multiplexing (OFDM), and/or various other types of communications techniques which may be used to provide wireless communications links between access nodes and mobile nodes. In some embodiments the access nodes are implemented as base stations which establish communications links with mobile nodes using OFDM and/or CDMA. In various embodiments the mobile nodes are implemented as notebook computers, personal data assistants (PDAs), or other portable devices including receiver/transmitter circuits and logic and/or routines, for implementing the methods of the present invention.

Claims

WHAT IS CLAIMED:

1. A communications method comprising the step of transmitting an aggregated binding message (280) from a first node (240) to a second node (250), said aggregated binding message for registering address binding information, said message comprising: a first address (481), said first address (481) identifying a node (930); a second address (482) including a first prefix (482a) assigned to the identified node (930); and a third address (483) being a binding address associated with the second address (482), said binding address being for use in establishing a binding entry (683) mapping said second address to the third address in at least the identified node(930); and a fourth address (485 or 487) (Home address2) with an additional prefix (485a or 487a), said additional prefix being different from said first prefix (482a), said fourth address (485 or 487) establishing an additional binding to said third address (483).

2. The method of claim 1 wherein said first address (481) is a home agent address, said second address (482) is a first home address, said third address (483) is a CoA, and said fourth address is a second home address (485), said first (481), second (482), third (483) and fourth (485) addresses.

3. The method of claim 1, wherein the additional prefix (485a) is allocated to the first identified node (930).

4. The method of claim 3, wherein the first node (240) is one of a mobile end node (910) and an access node (920) and wherein the second node (250) is said identified node (930).

5. The method of claim 4, further comprising: operating said second node (250) to install a single aggregated binding table entry (683) between the third address (483) and both of the second (482) and fourth addresses (485) in response to receiving said message (280).

6. The method of claim 3, wherein the first node (240) is one of an end node (910) and a first access node (930), and the second node (250) is a second access node (920).

7. The method of claim 6 further comprising: operating said second node (920) to install a single aggregated binding table entry (482) between the third address (483) and both of the second (482) and fourth addresses (485) in response to receiving said message (280).

8. The method of claim 1 wherein said message (280) further includes: a fifth address (486) assigned to a second identified node (950), said another prefix (487a) corresponding to the second identified node(950), said message further establishing a binding between the third address (483) and the fourth address (487) in the second identified node (950).

9. The method of claim 8, wherein said first node is an end node (910) and said second node is an access node (920), the method further comprising: operating said second node (920) to install an aggregated binding table entry (683) establishing a mapping between the third address (483) and the second address (482), and also a mapping of the third address (483) to the fourth address (487), said aggregated binding table entry (683) further including said first (481) and fifth addresses (486), operating said second node (250) to transmit a binding message (280) to each of said first (481) and fifth (486) addresses.

10. The method of claim 9, wherein said second node (250) is an access node (840), the method further comprising: operating said access node (840) to receive an aggregated AAA message (870) from a AAA server (850), said aggregated AAA message (870) including an end node identifier (861), MIP state dynamically allocated via said AAA server (867), and a plurality of end node policy profiles (875) (877), each of said profiles being associated with a different address from a group of addresses comprising; said second (864) and fourth addresses (867).

11. A memory device comprising: an aggregated addresses binding registration message for use in a communications system, said aggregated address binding registration message including: a plurality of Home Agent Address/Home Address pairs associated with an end node; a set of common M-P signaling flags which are the same for each of said plurality of Home Agent Address/Home Address pairs; and additional Home Agent Address/Home Address pair specific signaling information, said pair specific signaling information including information which is not the same for each of said plurality of Home Agent Address/Home Address pairs.

12. The memory device of claim 11 , wherein said pair specific signaling information includes at least one MIP signaling flag which is different from the MIP signaling flags included in said set of common MIP signaling flags.

13. The memory device of claim 12, wherein said MIP signaling flags included in said set of common MIP signaling flags are present only once in said message.

14. The memory device of claim 12, wherein said plurality of Home Agent Address/Home Address pairs include a fist Home Agent Address/Home Address pair, and a second Home Agent Address/Home Address pair, said message including a first Home Agent Address corresponding to both of said first and second Home Agent Address/Home Address pairs, said first Home Agent address being present only once in said message.

15. The memory device of claim 14, wherein a first Home Address corresponds to said first Home Agent Address/Home Address pair and wherein said second Home Address corresponds to said second Home Agent Address/Home Address pair, said first and second Home Addresses being from different non- contiguous blocks of addresses allocated to a Home Agent to which said first Home Agent Address corresponds.

16. The memory device of claim 15 , wherein said message further includes a third Home Agent Address/Home Address pair which includes a Home Agent Address which corresponds to another Home Agent.

17. The memory device of claim 13, wherein said message includes a single Care of Address corresponding to said end node.

18. A memory device comprising: an aggregated addresses binding registration message for use in a communications system, said aggregated address binding registration message including a first Home Agent Address corresponding to a first Home Agent Node, a single Care of Address to be used by said first Home Agent Node to forward packets being directed to an end node and a plurality of different home addresses assigned to said end node by said first Home Agent node, said plurality of different home addresses including at least a first and a second home address, one of said first and second home addresses being separated from each of the other home addresses included in said message by an address value difference greater than one, such that said one of said first and second home addresses is non-contiguous to any other home address in said message.

19. The memory device of claim 18, wherein said message further includes at least two different home addresses associated with said first Home Agent Address, each of said first and second home addresses including a different address prefix.

20. The memory of claim 18, wherein said message includes a single set of MIP signaling flags which are associated with each of the first and second home addresses, each MIP signaling flag in said single set of MIP signaling flags being included in said message only once.

21. The message of claim 20, wherein each Home Agent Address in said message corresponds to one Home Address included in said message thereby forming a plurality of Home Agent Address/Home Address pairs, said message further including first Home Agent Address/Home Address pair specific signaling state for a first Home Agent Address/Home Address pair; and second Home Agent Address/Home Address pair specific signaling state for a second Home Agent Address/Home Address pair.

22. The message of claim 21, wherein said first Home Agent Address/Home Address pair includes said first Home Agent Address and said first home address; and wherein said second Home Agent Address/Home Address pair includes said first Home Agent Address and said second home address.

23. The memory device of claim 19, wherein said message further includes: a second Home Agent Address and a third home address, said third home address being assigned by said second Home Agent for use in forwarding packets being directed to said end node.

24. The memory device of claim 19, wherein said third home address includes a prefix which is different from prefixes included in said first and second home addresses.