Loading learning content...
With our understanding of Home Agents, Foreign Agents, and Care-of Addresses, we can now trace the complete path packets take in Mobile IP. When a correspondent node sends a packet to a mobile node that's away from home, the packet takes a peculiar route—it goes to the home network first, then gets tunneled to the mobile node's current location.
This routing pattern forms a geometric triangle: Correspondent → Home Network → Mobile Node. Even if the correspondent and mobile node are in the same building, packets may travel thousands of miles through the home network before arriving.
This triangle routing (also called dog-leg routing or 2-party routing) is a fundamental characteristic of basic Mobile IP that has significant implications for latency, bandwidth efficiency, and network design. Understanding triangle routing is essential for evaluating Mobile IP's trade-offs and appreciating why route optimization mechanisms were developed.
By the end of this page, you will understand the complete packet flow in Mobile IP including triangle routing, the reasons why this design was chosen, the performance and efficiency costs it incurs, and the route optimization mechanisms that can eliminate the triangle in some scenarios.
Let's trace a packet's journey from a correspondent node to a mobile node that's away from home, step by step.
Scenario Setup:
The Path Analysis:
In this scenario, the packet travels:
Optimal Path (if CN knew MN's location):
Tokyo (CN) → Tokyo (MN)
Distance: ~0 km, Latency: ~1-5 ms
Actual Path (Triangle Routing):
Tokyo (CN) → New York (HA) → Tokyo (MN)
Distance: ~10,000 km × 2 = ~20,000 km
Latency: ~100-150 ms (Tokyo-NY RTT) + ~100-150 ms (NY-Tokyo)
= ~200-300 ms one-way
Why Does This Happen?
The correspondent node only knows the mobile node's home address. IP routing sends packets toward the network that owns that address—the home network. There's no mechanism for the CN to discover that the MN is actually nearby.
Triangle routing isn't a bug—it's a deliberate design choice that enables transparency. The correspondent node doesn't need to know anything about Mobile IP, home agents, or care-of addresses. From CN's perspective, it's just sending packets to an IP address. The complexity is hidden in the network infrastructure.
The term "triangle routing" comes from the geometric shape formed by packet paths when we consider both directions of communication.
Bidirectional Traffic Pattern:
The Asymmetric Nature:
Interestingly, the return path (MN → CN) doesn't necessarily form the same triangle. Without reverse tunneling:
MN → CN Path (without reverse tunnel):
MN creates packet:
Source: 10.0.1.50 (home address, for connection continuity)
Dest: 203.0.113.100
Packet routes directly from MN's current location to CN
Result: Asymmetric paths!
CN → MN: Triangle (CN → HA → MN)
MN → CN: Direct (MN → CN)
With Reverse Tunneling:
MN → CN Path (with reverse tunnel):
MN creates packet:
Source: 10.0.1.50
Dest: 203.0.113.100
MN encapsulates:
Outer: Src=CoA, Dst=HA
Inner: Original packet
HA decapsulates, forwards to CN
Result: Symmetric paths (both directions through HA)
CN → MN: CN → HA → MN
MN → CN: MN → HA → CN
| Direction | Without Reverse Tunnel | With Reverse Tunnel |
|---|---|---|
| CN → MN | CN → HA → MN (triangle) | CN → HA → MN (triangle) |
| MN → CN | MN → CN (direct) | MN → HA → CN (reverse triangle) |
| Path symmetry | Asymmetric | Symmetric |
| Ingress filtering | May fail (src=home addr) | Passes (outer src=CoA) |
| Total latency | Lower (direct return) | Higher (both via HA) |
While the direct return path is more efficient, many networks implement ingress filtering (BCP38), which blocks packets with source addresses not belonging to the local network. This forces the use of reverse tunneling even though it's less efficient.
Triangle routing may seem inefficient, but the design choice was deliberate. Understanding the rationale helps appreciate both its benefits and limitations.
Design Principle: Correspondent Transparency
The primary goal was to enable mobility without requiring any changes to correspondent nodes. This was crucial for incremental deployment:
The Alternative: Direct Notification
An alternative design would have the mobile node inform correspondents of its current location:
Direct Notification Approach:
1. MN moves, gets new CoA
2. MN sends Binding Update to each CN:
"I am 10.0.1.50, now reachable at 172.16.5.23"
3. CN caches this binding
4. CN sends packets directly to CoA
Problems:
- CN must implement Mobile IP extensions
- Security: How does CN verify MN's claim?
- State: CN must maintain binding cache for every MN
- Scalability: Popular servers would receive millions of Binding Updates
- Updates: MN must track all correspondents to notify on moves
Mobile IPv6 actually implements this as optional Route Optimization, but with complex security mechanisms (Return Routability) to prevent attacks.
Mobile IPv4 was designed in the 1990s when computational and deployment considerations strongly favored simplicity. Triangle routing's correspondent transparency was seen as essential for real-world adoption. Today, with more capable devices and route optimization, the efficiency trade-off is evaluated differently.
Triangle routing introduces measurable performance overhead. Understanding these costs is essential for evaluating whether Mobile IP is suitable for a given application.
Latency Overhead:
The additional path through the home agent adds latency equal to the round-trip time between the home network and the mobile node's current location:
| Scenario | Direct Path | Triangle Path | Overhead |
|---|---|---|---|
| CN and MN same city, HA same continent | 5ms | 30ms + 30ms = 60ms | +55ms (11×) |
| CN and MN same city, HA different continent | 5ms | 150ms + 150ms = 300ms | +295ms (60×) |
| CN and MN different continents, HA near CN | 100ms | 100ms + 5ms = 105ms | +5ms (1.05×) |
| All parties different continents | 150ms | 200ms + 200ms = 400ms | +250ms (2.7×) |
The key insight: Triangle routing overhead is highest when MN and CN are close but HA is far. It's minimal when HA is located between or near CN.
Bandwidth and Throughput Impact:
Without Triangle Routing:
Bottleneck: Slowest link between CN and MN
Bandwidth: min(CN_upload, MN_download)
With Triangle Routing:
Bottleneck: Slowest of three legs
Bandwidth: min(CN_to_HA, HA_uplink, HA_to_MN)
Additionally:
- HA bandwidth consumed for every MN packet
- HA becomes traffic aggregation point
- HA uplink can become saturated
Encapsulation Overhead:
Original Packet: 1500 bytes (MTU)
After IP-in-IP Encapsulation: 1520 bytes
→ Requires fragmentation or MTU reduction
→ 20 bytes overhead per packet (1.3%)
→ For GRE: 24 bytes overhead (1.6%)
→ For IPsec tunnel: 40-60 bytes overhead (2.7-4%)
Application-Specific Impact:
| Application | Sensitivity | Impact | Acceptability |
|---|---|---|---|
| Web Browsing | Moderate (page loads) | Higher TTFB, slower page loads | Usually acceptable |
| File Transfer | Low (throughput matters) | Reduced throughput, longer transfers | Acceptable |
| VoIP | High (150ms target) | May exceed latency budget | Problematic if HA far |
| Video Conferencing | High (real-time) | Increased jitter, delay | Problematic if HA far |
| Online Gaming | Very High (<50ms ideal) | Unplayable with distant HA | Often unacceptable |
| IoT Telemetry | Low (infrequent updates) | Minimal impact | Acceptable |
For latency-sensitive applications like VoIP or gaming, triangle routing through a distant Home Agent can make the application unusable. In such cases, route optimization or alternative mobility solutions (like local breakout) are essential.
Triangle routing creates a centralized traffic pattern where all correspondence with mobile nodes flows through the Home Agent. This creates potential scalability and reliability issues.
Traffic Aggregation Problem:
Scenario: Enterprise with 10,000 mobile workers
Each worker: Average 1 Mbps when active
Active workers at peak: 5,000
Home Agent Traffic:
Inbound (from Internet): 5,000 × 1 Mbps = 5 Gbps
Outbound (to MNs): 5,000 × 1 Mbps = 5 Gbps
Total HA bandwidth: 10 Gbps
Without Mobile IP:
Traffic distributed across corporate WAN
HA bandwidth: 0 (no aggregation)
Single Point of Failure:
If the Home Agent fails or its connectivity is disrupted:
Mitigation Strategies:
1. HA Load Distribution:
Multiple Home Agents:
- Distribute MNs across multiple HAs
- Use DNS round-robin or anycast
- Each HA handles subset of traffic
Example:
10,000 MNs ÷ 10 HAs = 1,000 MNs per HA
Per-HA bandwidth: 1 Gbps instead of 10 Gbps
2. Geographic HA Distribution:
Regional Home Agents:
- HA-Americas for North/South America MNs
- HA-Europe for European MNs
- HA-Asia for Asian MNs
Benefit: Reduces triangle latency when CN is in same region
3. High-Performance HA Hardware:
Carrier-Grade HA Specifications:
- 100 Gbps+ throughput
- Hardware tunnel encapsulation
- Active-active clustering
- Sub-second failover
Modern cloud providers like AWS and Google Cloud deploy mobility-like services (for VPN, inter-region connectivity) with globally distributed anchor points. Traffic is always directed to the nearest anchor, minimizing the triangle effect through geographic distribution.
To address the inefficiency of triangle routing, Route Optimization mechanisms allow correspondents to learn the mobile node's current location and communicate directly.
Route Optimization Concept:
Instead of always going through the Home Agent, the correspondent can cache a binding for the mobile node and send packets directly to the Care-of Address:
Without Route Optimization:
CN → HA → MN (every packet)
With Route Optimization:
Initial: CN → HA → MN (binding unknown)
MN sends Binding Update to CN
Subsequent: CN → MN directly
Security Challenge: Return Routability
Route optimization creates a security problem: how does the correspondent know the Binding Update is legitimate? Without verification, an attacker could send:
Attack: "I am 10.0.1.50, send traffic to 198.51.100.99"
Mobile IPv6 solves this with the Return Routability Procedure:
Return Routability Steps:
1. MN → HA → CN: Home Test Init (HoTI)
(Proves MN is reachable at home address)
2. MN → CN: Care-of Test Init (CoTI)
(Proves MN is reachable at care-of address)
3. CN generates tokens:
- Home Keygen Token (sent via HA to home addr)
- Care-of Keygen Token (sent direct to CoA)
4. MN receives both tokens:
- Must be reachable at BOTH addresses
- Attacker can't receive home token
5. MN → CN: Binding Update (authenticated with both tokens)
- Proves MN controls both home addr and CoA
6. CN caches binding, sends direct
| Aspect | Without Route Optimization | With Route Optimization |
|---|---|---|
| CN complexity | None (transparent) | Must implement RO protocol |
| Path efficiency | Triangle always | Direct after binding |
| Setup latency | None | RR procedure adds ~2 RTT |
| Security model | Simple (HA trusted) | Complex (RR cryptography) |
| MN overhead | Low | Track all CNs, send updates |
| Handoff impact | Only HA update | Update HA + all CNs |
Route optimization is optional in Mobile IPv4 and was rarely deployed due to security complexities. Mobile IPv6 includes route optimization as an integral (though still optional) feature with the Return Routability procedure built into the specification (RFC 6275).
Beyond route optimization, several architectural approaches can reduce or eliminate the triangle routing penalty.
Approach 1: Local Home Agent (Distributed HA)
Deploy Home Agents close to where mobile nodes typically roam:
Traditional:
Single HA in corporate HQ (New York)
MNs travel globally
Triangle always involves New York
Distributed:
HA-US in New York
HA-EU in Frankfurt
HA-APAC in Singapore
MN assigned to nearest HA
Triangle is regional, not global
Approach 2: Proxy Mobile IP (PMIP)
Network-based mobility removes MN involvement entirely:
Proxy Mobile IP:
- MN doesn't implement Mobile IP
- Access network handles mobility
- Local Mobility Anchor (LMA) = Home Agent
- Mobile Access Gateway (MAG) = Foreign Agent
Benefit: LMA deployed in access network
Triangle stays within carrier network
Much shorter triangle legs
Approach 3: Hierarchical Mobile IP (HMIP)
Hierarchical Structure:
Global HA (home network)
↓
Regional HA/MAP (Mobility Anchor Point)
↓
Local Foreign Agent
↓
Mobile Node
Benefit:
- Micro-mobility (within region): Handled by MAP
- Only macro-mobility (between regions): Involves HA
- Reduces registration latency and global HA load
Approach 4: Local Breakout
For specific traffic types, bypass the triangle entirely:
Local Breakout Configuration:
- Traffic to corporate resources: Through HA (secure)
- Traffic to Internet: Direct from visited network
Implementation:
- Split tunneling at MN or FA
- Policy-based routing
- Only sensitive traffic gets triangle treatment
| Approach | Triangle Reduction | Complexity | Use Case |
|---|---|---|---|
| Route Optimization | Eliminated after setup | High (RR security) | Long-lived connections |
| Distributed HA | Regional not global | Medium (HA replication) | Global enterprises |
| Proxy Mobile IP | Within carrier network | Medium (network changes) | Mobile carriers |
| Hierarchical MIP | Intra-region only | High (hierarchy mgmt) | Large campuses |
| Local Breakout | For selected traffic | Medium (policy config) | Internet access |
Today's cellular networks (LTE, 5G) use variations of Proxy Mobile IP with distributed user plane functions. The 'home agent' equivalent is typically within the carrier's core network, keeping triangle routing within the operator's infrastructure where latency is controlled.
Triangle routing is both Mobile IP's defining characteristic and its primary limitation. It enables seamless mobility with correspondent transparency but at the cost of routing efficiency. Understanding this trade-off is essential for making informed decisions about mobility solutions.
Module Complete: Mobile IP Mastery
Congratulations! You've completed the Mobile IP module, gaining deep understanding of:
This knowledge forms the foundation for understanding modern mobility solutions in LTE, 5G, and enterprise networks—all of which build upon or address the concepts we've explored.
You now have comprehensive knowledge of Mobile IP, from the fundamental mobility problem through the protocol's architecture and its trade-offs. You can analyze mobility scenarios, understand why certain design decisions were made, and evaluate when Mobile IP is appropriate versus alternative solutions.