Mobile IPv6 for Linux Guide (with USAGI patch)

[Japanese version]


This article provides a tutorial on setting up Mobile IPv6(MIPv6) on Linux.

Basic kernel configuration, IPv6 networking operation, configuration experience and basic MIPv6 knowledge are needed. If you use IPsec, basic IPsec knowledge and IPv6 tunnel gateway configuration experience is also required.

See Known issues at first.

Old information is moved to umip-0.3 or umip-0.1 page.


For all nodes (HA, MN and CN)

For HA

For HA and MN

Building kernel and mip6d


After mip6d is installed, you can see mip6d.conf(5) which has useful information about configuration.

HA specific configuration

MN specific configuration

CN specific configuration

IPsec configuration

Boot sequence

HA boot sequence

  1. Before starting mip6d, the following conditions should be satisfied:
    • Be ready as a router
    • Be ready for proxying ND (when using returning-home)
    • Assigned a global unicast address on home link interface, as HA address
    • Configured IPsec SA (when using IPsec with static keying)
  2. Run mip6d
  3. After started mip6d:
    • Start RD

An easy example boot script to do the above is

MN boot sequence

  1. Before starting mip6d, the following conditions should be satisfied:
    • The interface is brought up before you run mip6d.
    • IPsec SA configuration (while using IPsec with static keying).
  2. After you made sure these conditions, you can run mip6d.

An easy example boot script is

CN boot sequence

  1. Run mip6d

An easy example boot script is

Another examples



Binding cache

Binding update list

Route optimization

We don't have an easy and good route optimization test for both-direction (other than using TAHI test or dumping packet). On the other hand, with ping6 command from USAGI git iputils-mip6 tree, you can check whether inbound echo reply is route-optimized or not.


Known issues

Kernel support status

Here is the mainline kernel support status (as of 2.6.23).

HA OK*1 OK*1 OK*3
MN OK*2 OK*4 OK*4,*3
CN OK*1 -*5,*1 -

Known issues

[MN] MN incorrectly sends bidirectional RO before both BCEs are ready on Inter-MN RO
This issue is proceeded at the following steps:
(1) Two MNs are on (each) foreign link and the both MNs bind each other i.e. bidirectional RO (IPv6-RH2-HAO) communication has been successful.
(2) One MN(a) goes to another foreign link.
(3) The other MN(b) sends unidirectional RO (IPv6-IPv6-HAO) echo request before MN(a) completes binding to MN(b).
(4) MN(a) receives the echo request and sends echo reply back over bidirectional RO incorrectly.
[HA,MN,CN] TCP over RO issue (fixed with USAGI kernel patch or 2.6.24)
If the node starts TCP connection without RO, the node incorrectly continues the connection without RO even after RO is ready on kernel. This issue is occurred for TCP over IPsec, too.
[HA] HA sends wrong Redirect for IPsec tunneled packet (fixed with USAGI kernel patch or 2.6.24)
IPsec tunnel gateway incorrectly sends redirect to router or sender when network device the IPsec tunneled packet is arrived is the same as the one the de-capsulated packet is sent.
[MN] IPsec tunnel configuration "TunnelMh" and "TunnelPayload" do not work
This is because the daemon has not supported yet to deal with kernel change to use XFRM selector without specified if-index.
[MN] MN sends RO packet to default router's MAC address (fixed with USAGI git (linux-2.6.24-mip6 branch or later) or scheduled for 2.6.26)
When MN are on the link where CN is placed, the MN sends RO packet to the CN with not the CN's but default router's MAC address of the link without sending any NS. (The packet may be forwarded to the CN by the router.)
[MN] MN does not learn from Redirect targeted for CN
When MN and CN are on the same link and the MN created a BCE on the CN, the MN does not make neighbor cache for the CN even when the MN is received Redirect targeted the CN from a router on the link.
[MN] MN internally blocks to send BU to HA for the first boot time
(The detailed condition is not determined but) this is occurred when IPsec is disabled or IPsec is enabled with "HomeRegBinding" and "MobPfxDisc". This can be fixed if the daemon restarts.

$Id: index.html.en,v 1.53 2008-03-31 04:50:34 nakam Exp $
Copyright ©2006,2007 USAGI/WIDE Project, All Rights Reserved.