IKEv2 Mobility and Multihoming Protocol
Mobile VPN clients constantly switch networks (Wi-Fi to cellular, roaming between APs). Without MOBIKE, every IP change tears down the VPN and forces a full IKEv2 re-handshake. MOBIKE is why modern mobile VPN clients reconnect instantly.
What It Defines
Extends IKEv2 to support IP address changes without re-establishing the IKE SA and Child SAs. When a VPN client roams from Wi-Fi to cellular (IP address change), MOBIKE updates the peer addresses in the existing SA with an INFORMATIONAL exchange containing UPDATE_SA_ADDRESSES. No re-authentication or new Diffie-Hellman exchange required. Also supports multihoming — failover between multiple addresses on the same peer.
Canonical (Normative)
The canonical publication point for finalized RFCs. If a protocol is standardized as an RFC, the RFC Editor text is the normative final reference. Published by the IETF, IRTF, IAB, and independent stream.
Related Specs
IKEv2 is how IPsec tunnels are established and rekeyed. Every cloud VPN gateway (AWS, GCP, Azure), enterprise firewall, and mobile VPN client uses IKEv2. Phase 1/Phase 2 failures are the #1 VPN debugging scenario.
IPsec is the dominant VPN technology for enterprise site-to-site links (AWS VPN, Azure VPN Gateway, on-prem firewalls). Understanding tunnel vs transport mode, SAs, and the SPD is essential for configuring and debugging VPN connectivity.