Question:

a) In route-optimized communication, a mobile node sends packets to a correspondent using the home address present in the destination option. Why does the design use a routing header in the reverse direction? Why not use destination option in both ways?

b) In the basic Return Routability mechanism, the mobile node reverse-tunnels the HoTI message to the home agent, which in turn forwards the packet to the correspondent. When the IPv4 address is co-located with the mobile node, the mobile node can reverse-tunnel the HoTI message using IPv4 addresses.

i. What implications does this have on the security association and signalling?

ii. What are the savings, if any?

c) Explicit the following statement: "The return routability procedure provides an address ownership proof mechanism."

d) Assuming that IP routing works on the Internet today and we send two different secrets along two different routing paths, why a proof that combines the two secrets sufficient for binding one address to another?

e) Reverse tunneling may be used in certain cases, such as when a network does not allow outgoing datagrams with a foreign source IP address, when enabled, rather than sending datagrams directly, the mobile node tunnels all transmissions back to the home agent, which sends them on the Internet. Consider MIP in a VPN scenario.

i. Explain how reverse tunneling could be risky if appropriate security measures are absent.

ii. Describe one security measure against reverse tunneling.

f) Assuming you are using authentication schemes for communications between

(i) a MN and a HA, (ii) a MN and a FA. Which one of (i) and (ii) is less secure?