idnits 2.17.1 draft-ietf-netext-access-network-option-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 8, 2012) is 4280 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Obsolete informational reference (is this intentional?): RFC 2460 (Obsoleted by RFC 8200) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETEXT WG S. Gundavelli, Ed. 3 Internet-Draft Cisco 4 Intended status: Standards Track J. Korhonen, Ed. 5 Expires: February 9, 2013 Nokia Siemens Networks 6 M. Grayson 7 K. Leung 8 R. Pazhyannur 9 Cisco 10 August 8, 2012 12 Access Network Identifier (ANI) Option for Proxy Mobile IPv6 13 draft-ietf-netext-access-network-option-13.txt 15 Abstract 17 The local mobility anchor in a Proxy Mobile IPv6 domain is able to 18 provide access network and access operator specific handling or 19 policing of the mobile node traffic using information about the 20 access network to which the mobile node is attached. This 21 specification defines a mechanism and a related mobility option for 22 carrying the access network identifier and the access operator 23 identification information from the mobile access gateway to the 24 local mobility anchor over Proxy Mobile IPv6. 26 Status of this Memo 28 This Internet-Draft is submitted in full conformance with the 29 provisions of BCP 78 and BCP 79. 31 Internet-Drafts are working documents of the Internet Engineering 32 Task Force (IETF). Note that other groups may also distribute 33 working documents as Internet-Drafts. The list of current Internet- 34 Drafts is at http://datatracker.ietf.org/drafts/current/. 36 Internet-Drafts are draft documents valid for a maximum of six months 37 and may be updated, replaced, or obsoleted by other documents at any 38 time. It is inappropriate to use Internet-Drafts as reference 39 material or to cite them other than as "work in progress." 41 This Internet-Draft will expire on February 9, 2013. 43 Copyright Notice 45 Copyright (c) 2012 IETF Trust and the persons identified as the 46 document authors. All rights reserved. 48 This document is subject to BCP 78 and the IETF Trust's Legal 49 Provisions Relating to IETF Documents 50 (http://trustee.ietf.org/license-info) in effect on the date of 51 publication of this document. Please review these documents 52 carefully, as they describe your rights and restrictions with respect 53 to this document. Code Components extracted from this document must 54 include Simplified BSD License text as described in Section 4.e of 55 the Trust Legal Provisions and are provided without warranty as 56 described in the Simplified BSD License. 58 Table of Contents 60 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 61 2. Conventions and Terminology . . . . . . . . . . . . . . . . . 4 62 2.1. Conventions . . . . . . . . . . . . . . . . . . . . . . . 4 63 2.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5 64 3. Access Network Identifier Option . . . . . . . . . . . . . . . 5 65 3.1. Format of the Access Network Identifier Sub-Option . . . . 6 66 3.1.1. Network-Identifier Sub-Option . . . . . . . . . . . . 6 67 3.1.2. Geo-Location Sub-Option . . . . . . . . . . . . . . . 8 68 3.1.3. Operator-Identifier Sub-Option . . . . . . . . . . . . 9 69 4. Protocol Considerations . . . . . . . . . . . . . . . . . . . 10 70 4.1. Mobile Access Gateway Considerations . . . . . . . . . . . 10 71 4.2. Local Mobility Anchor Considerations . . . . . . . . . . . 12 72 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 73 6. Protocol Configuration Variables . . . . . . . . . . . . . . . 14 74 7. Security Considerations . . . . . . . . . . . . . . . . . . . 16 75 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 17 76 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 77 9.1. Normative References . . . . . . . . . . . . . . . . . . . 17 78 9.2. Informative References . . . . . . . . . . . . . . . . . . 17 79 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 81 1. Introduction 83 Proxy mobile IPv6 [RFC5213] can be used for supporting network-based 84 mobility management in various type of network deployments. The 85 network architectures, such as Service provider Wi-Fi access 86 aggregation or, WLAN integrated mobile packet core are examples where 87 Proxy Mobile IPv6 is a component of the overall architecture. Some 88 of these architectures require the ability of the local mobility 89 anchor (LMA) [RFC5213] to provide differentiated services and 90 policing of traffic to the mobile nodes based on the access network 91 to which they are attached. Policy systems in mobility architectures 92 such as Policy and Charging Control Framework (PCC) [TS23203] and 93 Access Network Discovery and Selection Function (ANDSF) [TS23402] in 94 3GPP system allow configuration of policy rules with conditions based 95 on the access network information. For example, the service 96 treatment for the mobile node's traffic may be different when they 97 are attached to a access network owned by the home operator than when 98 owned by a roaming partner. The service treatment can also be 99 different based on the configured Service Set Identifiers (SSID) in 100 case of IEEE 802.11 based access networks. Other examples of 101 location services include the operator's ability to display a 102 location specific web page, or apply tariff based on the location. 104 The Proxy Mobile IPv6 specification [RFC5213] requires the Access 105 Technology Type (ATT) option to be carried in from the mobile access 106 gateway (MAG) to the local mobility anchor. This is a mandatory 107 option. However, the Access Technology Type alone is not necessarily 108 sufficient for a suitable policy to be applied at the local mobility 109 anchor. Therefore, there is a need for additional access network 110 related information to be available at the local mobility anchor. 111 Learning the access network operator identity may not be possible for 112 a local mobility anchor without a support of a additional policy 113 framework that is able to provide required information out of band to 114 the local mobility anchor. Such a policy framework may not be 115 required for all Proxy Mobile IPv6 deployments and hence an 116 alternative approach for optionally carrying such information is 117 required to ensure that additional information related to the access 118 network is available. 120 This document defines a new mobility option, the Access Network 121 Identifier (ANI) option and its sub-options for Proxy Mobile IPv6, 122 that can be used by the mobile access gateway to signal the access 123 network information to the local mobility anchor. The specific 124 details on how the local mobility anchor uses the information 125 contained in the Access Network Identifier option are out-of-scope 126 for this document. This information is intended for use between 127 infrastructure nodes providing mobile management service and is not 128 exposed to outside entities, which ensures the location of the 129 network to which the mobile node is attached, or any other access 130 network specific information is not revealed to other mobile nodes 131 within the PMIPv6 Domain or to other nodes outside the PMIPv6 Domain. 132 However, the location and access information MAY be exposed to 133 specific parties outside the PMIPv6 Domain based on an agreement 134 approved by the subscriber, otherwise, this information MUST NOT be 135 exposed in the absence of such agreements. This mobility option is 136 optional and is not mandatory for the Proxy Mobile IPv6 protocol. 137 However, the Access Technology Type option continues to be a 138 mandatory option and it always needs to be carried in the Proxy 139 Mobile IPv6 signaling messages. 141 SSID: IETF-1 142 Geo-location: 37o49'11"N 122o28'43"W 143 Operator-Id: provider1.example.com 144 +--+ 145 |AP|-------. {Access Specific Policies) 146 +--+ | _-----_ | 147 +-----+ _( )_ +-----+ 148 | MAG |-=====( PMIPv6 )======-| LMA |- 149 +-----+ (_ Tunnel_) +-----+ 150 +--+ | '-----' 151 |AP|-------' 152 +--+ 153 SSID: IETF-2 154 Geo-location: 59o19'40.21"N 18o 3'18.36"E 155 Operator-Id: provider2.example.com 157 Figure 1: Access Networks attached to MAG 159 Figure 1 illustrates an example Proxy Mobile IPv6 deployment where 160 the mobile access gateway delivers the information elements related 161 to the access network to the local mobility anchor over Proxy Mobile 162 IPv6 signaling messages. In this example, the additional information 163 could comprise the SSID of the used IEEE 802.11 network, the geo- 164 location of the network to which the mobile node is attached, and the 165 identities of the operators running the IEEE 802.11 access network 166 infrastructure. 168 2. Conventions and Terminology 170 2.1. Conventions 172 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 173 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 174 document are to be interpreted as described in RFC 2119 [RFC2119]. 176 2.2. Terminology 178 All the mobility related terms used in this document are to be 179 interpreted as defined in the Proxy Mobile IPv6 specifications 180 [RFC5213] and [RFC5844]. Additionally, this document uses the 181 following abbreviations: 183 Service Set Identifier 185 Service Set Identifier (SSID) identifies the name of the IEEE 186 802.11 network. SSID differentiates from one network to the 187 other. 189 Operator ID 191 The Operator ID is the SMI Network Management Private Enterprise 192 Code of the IANA-maintained Private Enterprise Numbers registry 193 [SMI] running the network attached to a specific interface of the 194 mobile access gateway. 196 3. Access Network Identifier Option 198 The Access Network Identifier option is a mobility header option used 199 to exchange access network related information between a local 200 mobility anchor and a mobile access gateway. The option can be 201 included in both Proxy Binding Update (PBU) and Proxy Binding 202 Acknowledgement (PBA) messages, and there MUST NOT be more than a 203 single instance of this mobility option in a mobility message. The 204 Access Network Identifier mobility option MUST contain one or more 205 Access Network Identifier Sub-options. The Access Network Identifier 206 Sub-option is described in Section 3.1. 208 The alignment requirement for this option is 4n [RFC2460]. 210 0 1 2 3 211 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 212 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 213 | Type | Length | 214 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 215 ... ANI Sub-option(s) ... ~ 216 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 218 Figure 2: Access Network Identifier Option 220 Type: It MUST be set to value of (IANA-1) (to be defined by IANA), 221 indicating that its a Network-Identifier option. 223 Length: 8-bit unsigned integer indicating the length in octets of 224 the option, excluding the type and length fields. 226 3.1. Format of the Access Network Identifier Sub-Option 228 The Access Network Identifier Sub-Options are used for carrying 229 information elements related to the access network to which the 230 mobile node is attached to. These sub-options can be included in the 231 Access Network Identifier option defined in Section 3. The format of 232 this sub-option is as follows: 234 0 1 2 3 235 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 236 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 237 | ANI Type | ANI Length | Option Data ~ 238 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 240 Figure 3: Access Network Identifier Sub-Option 242 ANI Type: 8-bit unsigned integer indicating the type of the Access 243 Network Identifier sub-option. This specification defines the 244 following types: 246 0 - Reserved 248 1 - Network-Identifier Sub-option 250 2 - Geo-Location Sub-option 252 3 - Operator-Identifier Sub-option 254 ANI Length: 8-bit unsigned integer indicating the number of octets 255 needed to encode the Option Data, excluding the ANI Type and ANI 256 Length fields of the sub-option. 258 3.1.1. Network-Identifier Sub-Option 260 The Network-Identifier is a mobility sub-option carried in the Access 261 Network Identifier option defined in Section 3. This sub-option 262 carries the name of the access network (e.g., a SSID in case of IEEE 263 802.11 Access Network, or PLMN Identifier [TS23003] in case of 3GPP 264 access), to which the mobile node is attached. There MUST be no more 265 than a single instance of this specific sub-option in any Access 266 Network Identifier option. The format of this option is defined 267 below. 269 0 1 2 3 270 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 271 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 272 | ANI Type=1 | ANI Length |E| Reserved | Net-Name Len | 273 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 274 | Network Name (e.g., SSID or PLMNID) ~ 275 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 276 | AP-Name Len | Access-Point Name ~ 277 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 279 Figure 4: Network-Identifier Sub-option 281 ANI Type: It MUST be set to value of (1), indicating that its a 282 Network-Identifier sub-option 284 ANI Length: Total length of this sub option in octets, excluding the 285 ANI Type and ANI length fields. The value can be in the range of 286 5 to 32 octets. 288 'E'-bit: 1-bit flag indicating whether the network name is encoded 289 in UTF-8. If this flag is set to one (1), then the network name 290 is encoded using UTF-8 [RFC3629]. If the flag is set to zero (0), 291 this indicates that the encoding is undefined and is determined by 292 out-of-band mechanisms. Implementations SHOULD use UTF-8 293 encoding." " 295 Reserved: MUST be set to zero when sending and ignored when 296 received. 298 Net-Name Length: 8-bit field for representing the length of the 299 network name in octets to be followed. This field MUST NOT be set 300 to zero. 302 Network Name: The name of the access network to which the mobile 303 node is attached. The type of the network-name is dependent on 304 the Access Technology to which the mobile node is attached. If 305 its 802.11 access, the network-name MUST be the SSID of the 306 network. If the access network is 3GPP access, the network-name 307 is the PLMN Identifier of the network. If the access network is 308 3GPP2 access, the network-name is the Access Network Identifier 309 [ANI]. 311 When encoding the PLMN Identifier, both Mobile Network Code (MNC) 313 [TS23003] and Mobile Country Code (MCC) [TS23003] codes MUST be 3 314 digits. If the MNC in use only has 2 digits, then it MUST be 315 preceded with a '0'. Encoding MUST be UTF-8. 317 AP-Name Length: 8-bit field for representing the length of the 318 access point name in octets to be followed. If the access point 319 name is not included, then this length MUST be set to a value of 320 zero. 322 Access-Point Name: The name of the access point (physical device 323 name) to which the mobile node is attached. This is the 324 identifier that uniquely identifies the access point. While 325 Network Name (Ex: SSID) identifies the operator's access network, 326 Access-Point Name identifies a specific network-device in that 327 network to which the mobile node is attached. In some deployments 328 the Access-Point name can be set to the mac-address of the device, 329 or some unique identifier that can be used by the policy systems 330 in the operator network to unambiguously identifies the device. 331 The string is carried in UTF-8 representation. 333 3.1.2. Geo-Location Sub-Option 335 The Geo-Location is a mobility sub-option carried in the Access 336 Network Identifier option defined in Section 3. This sub-option 337 carries the Geo-location of the network to which the mobile node is 338 attached, as known to the mobile access gateway. There MUST be no 339 more than a single instance of this specific sub-option in any Access 340 Network Identifier option. The format of this option is defined 341 below and encodes the co-ordinates of an ellipsoid point. The format 342 is based on the coordinate reference system used is the World 343 Geodetic System 1984 [WGS84]. 345 0 1 2 3 346 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 347 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 348 | ANI Type=2 | ANI Length=6 | Latitude Degrees 349 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 350 | Longitude Degrees | 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 353 Figure 5: Geo-Location ANI sub-option 355 ANI Type: It MUST be set to value of (2), indicating that its Geo- 356 Location sub-option 358 ANI Length: Total length of this sub-option in octets, excluding the 359 ANI Type and ANI length fields. It MUST be set to a value of (6). 361 Latitude Degrees: A 24-bit latitude degree value encoded as a twos- 362 complement fixed point number with 9 whole bits. Positive degrees 363 correspond to the North hemisphere and negative degrees correspond 364 to the South hemisphere. The degrees range from -90o to +90o. 366 Longitude Degrees: A 24-bit longitude degree value encoded as a 367 twos-complement fixed point number with 9 whole bits. The degrees 368 range from -180o to +180o. 370 3.1.3. Operator-Identifier Sub-Option 372 The Operator-Identifier is a mobility sub-option carried in the 373 Access Network Identifier option defined in Section 3. This sub- 374 option carries the operator identifier of the access network to which 375 the mobile node is attached. There MUST be no more than a single 376 instance of this specific sub-option in any Access Network Identifier 377 option. The format of this option is defined below. 379 0 1 2 3 380 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 381 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 382 | ANI Type=3 | ANI Length | Op-ID Type | 383 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 384 Operator Identifier ~ 385 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 387 Figure 6: Operator-Identifier Sub-option 389 ANI Type: It MUST be set to value of (3), indicating that its 390 Operator-Identifier sub-option 392 ANI Length: Total length of this sub option in octets, excluding the 393 ANI Type and ANI length fields. 395 Operator Identifier (Op-ID) Type: 8-bit unsigned integer indicating 396 the type of the Operator Identifier. Currently the following 397 types are defined: 399 0 - Reserved. 401 1 - Operator ID as a variable length Private Enterprise Number 402 (PEN) [SMI] encoded in a network-byte order. The maximum PEN 403 value depends on the ANI Length and is calculated using the 404 formula: maximum PEN = 2^((ANI_length-1)*8)-1. For example, 405 the ANI Length of 4 allows for encoding PENs from 0 to 2^24-1 406 i.e. from 0 to 16777215, and uses 3 octets of Operator 407 Identifier space. 409 2 - Realm of the operator. Realm names are required to be 410 unique, and are piggybacked on the administration of the DNS 411 namespace. Realms meet the syntactic requirements of 412 requirements of the 'Preferred Name Syntax' defined in Section 413 2.3.1 of [RFC1035]. They are encoded as US-ASCII. 415 Operator Identifier: Up to 253 octets of the operator identifier. 416 The encoding of the identifier depends on the used Operator-ID 417 Type. For Operator IDs defined in this specification, the 418 operator identifier MUST NOT be empty. 420 4. Protocol Considerations 422 The following considerations apply to the local mobility anchor and 423 the mobile access gateway. 425 4.1. Mobile Access Gateway Considerations 427 o The conceptual Binding Update List entry data structure maintained 428 by the mobile access gateway, described in Section 6.1 of 429 [RFC5213], MUST be extended to store the access network related 430 information elements associated with the current session. 431 Specifically, the following parameters MUST be defined. 433 Network-Identifier 435 Access-Point-Name 437 Operator-Identifier 439 Geo-Location 441 o If the mobile access gateway is configured to support Access 442 Network Information option, it SHOULD include this option with the 443 specific sub-options in all Proxy Binding Update messages 444 (including in Proxy Binding Updates for lifetime extension and for 445 deregistration) that it sends to the local mobility anchor. The 446 Access Network Information option MUST be constructed as specified 447 in Section 3. It SHOULD include the ANI sub-option(s) that the 448 mobile access gateway is configured to carry in the Proxy Mobile 449 IPv6 messages. 451 o The access network information elements, such as Access-Network 452 Name, Geo-location and the Operator-Identifier, typically are 453 statically configured on the mobile access gateway on a per- 454 interface basis (Example: Access Point (AP-1) is attached through 455 interface-1, and the SSID is X, Geo-Location is Y). In some 456 deployments, this information can also be dynamically obtained, 457 such as through DHCP Option (82), which is the DHCP Relay Agent 458 Information option [RFC3046]. When the mobile node sends a DHCP 459 Request, the Access Points typically add the SSID information to 460 the Option 82 of the DHCP request and when the mobile access 461 gateway receives this request, it can parse the Option 82 of the 462 DHCP request and obtain the SSID name. The mobility access 463 gateway can also obtain this information from the DHCPv6 GeoLoc 464 Option [RFC6225]. The specific details on how the mobile access 465 gateway obtains these information elements are access technology 466 and deployment specific, and is out-side the scope of this 467 document. It is possible those information elements are 468 configured on the MAG on a per-interface basis, or dynamically 469 obtained through some of out-of-band means, such as based on 470 CAPWAP protocol. 472 o If the protocol configuration variable, 473 EnableANISubOptNetworkIdentifier (Section 6), is set to a value of 474 (1), the mobile access gateway SHOULD include the Network- 475 Identifier sub-option in the Access Network Identifier option 476 carried in the Proxy Binding Update. However, if the mobile 477 access gateway is unable to obtain the network identifier, then it 478 MUST NOT include this sub-option. For including the Network- 479 Identifier sub-option, the mobile access gateway needs to be aware 480 of the network name of the access network (Ex: SSID in case WLAN 481 Access Network) to which the mobile node is attached. This sub- 482 option also includes the access-point name for carrying the name 483 of the access point to which the mobile node is attached. The 484 access-point name is specially important for applying location 485 services and given that the network-name (Ex: SSID) may not 486 provide the needed uniqueness for identifying a location. This 487 sub-option when included MUST be constructed as described in 488 Section 3.1.1 490 o If the protocol configuration variable, EnableANISubOptGeoLocation 491 (Section 6), is set to a value of (1), the mobile access gateway 492 SHOULD include the Geo-Location sub-option in the Access Network 493 Identifier option carried in the Proxy Binding Update. However, 494 if the mobile access gateway is unable to obtain the Geo-location, 495 then it MUST NOT include this sub-option. For including the Geo- 496 Location sub-option, the mobile access gateway needs to be aware 497 of the GPS coordinates of the network to which the mobile node is 498 attached. This sub-option when included MUST be constructed as 499 described in Section 3.1.2. 501 o If the protocol configuration variable, 502 EnableANISubOptOperatorIdentifier (Section 6), is set to a value 503 of (1), the mobile access gateway SHOULD include the Operator- 504 Identifier sub-option in the Access Network Identifier option 505 carried in the Proxy Binding Update. For including the Operator- 506 Identifier sub-option, the mobile access gateway needs to be aware 507 of the operator identity of that access network. The access 508 network operator SHOULD obtain an identifier from the Private 509 Enterprise Number registry, in order for the mobile access gateway 510 to carry the operator identifier. If a given access network 511 operator has not obtained an identifier from the Private 512 Enterprise Number registry, or if the mobile access gateway is 513 unable to learn the operator identity for any other administrative 514 reasons, then it MUST NOT include this sub-option. This sub- 515 option when included MUST be constructed as described in 516 Section 3.1.3. 518 If the mobile access gateway had any of the Access Network 519 Information mobility option included the Proxy Binding Update sent to 520 a local mobility anchor, then the Proxy Binding Acknowledgement 521 received from the local mobility anchor SHOULD contain the Access 522 Network Information mobility option with the specific sub-options. 523 If the mobile access gateway receives a Proxy Binding Acknowledgement 524 with a successful Status Value but without an Access Network 525 Information mobility option, then the mobile access gateway SHOULD 526 log the event and based on its local policy MAY proceed to terminate 527 the mobility session. In this case the mobile access gateway knows 528 the local mobility anchor does not understand the Access Network 529 Information mobility option and therefore MAY consider it as a 530 misconfiguration of the Proxy Mobile IPv6 domain. 532 4.2. Local Mobility Anchor Considerations 534 o The conceptual Binding Cache entry data structure maintained by 535 the local mobility anchor, described in Section 5.1 of [RFC5213], 536 MUST be extended to store the access network related information 537 elements associated with the current session. Specifically, the 538 following parameters MUST be defined. 540 Network-Identifier 542 Access Point Name 544 Operator-Identifier 546 Geo-Location 548 o On receiving a Proxy Binding Update message [RFC5213] from a 549 mobile access gateway with the Access Network Information option, 550 the local mobility anchor must process the option and update the 551 corresponding fields in the Binding Cache entry. If the option is 552 not understood by that LMA implementation, it will skip the 553 option. 555 o If the local mobility anchor understands the Access Network 556 Identifier mobility option received in a Proxy Binding Update and 557 also supports the sub-option(s), then the local mobility anchor 558 MUST echo the Access Network Identifier mobility option with the 559 specific sub-option(s) that it accepted back to a mobile access 560 gateway in a Proxy Binding Acknowledgement. The Access Network 561 Identifier sub-options defined in this specification MUST NOT be 562 altered by the local mobility anchor. 564 o If the received Proxy Binding Update message does not include the 565 Access Network Information option, then the mobility session 566 associated with that Proxy Binding Update MUST be updated to 567 remove any access network information elements. 569 o The local mobility anchor MAY choose to use the access network 570 information sub-options for applying any access operator specific 571 handling or policing of the mobile node traffic. The specific 572 details on how these sub-options are used is outside the scope of 573 this document. 575 5. IANA Considerations 577 This document requires the following IANA actions. 579 o Action-1: This specification defines a new Mobility Header option, 580 the Access Network Identifier. This mobility option is described 581 in Section 3. The Type value for this option needs to be assigned 582 from the same numbering space as allocated for the other mobility 583 options, as defined in [RFC6275]. 585 o Action-2: This specification defines a new mobility sub-option 586 format, Access Network Information (ANI) sub-option. The format 587 of this mobility sub-option is described in Section 3.1. This 588 sub-option can be carried in Access Network Information option. 589 The type value for this sub-option needs to be managed by IANA, 590 under the Registry, Access Network Information sub-option. This 591 specification reserves the following type values. Approval of new 592 Access Network Information (ANI) sub-option type values are to be 593 made through IANA Expert Review. 595 +=========================================================+ 596 | 0 | Reserved | 597 +=========================================================+ 598 | 1 | Network-Identifier Sub-option | 599 +=========================================================+ 600 | 2 | Geo-Location Sub-option | 601 +=========================================================+ 602 | 3 | Operator-Identifier Sub-option | 603 +=========================================================+ 605 o Action-3: This specification defines a new mobility sub-option, 606 Operator-Identifier sub-option. The format of this mobility sub- 607 option is described in Section 3.1.3. The Operator Identifier 608 (Op-Id) Type field of this sub-option introduces a new number 609 space. This number space needs to be managed by IANA, under the 610 Registry, Operator Identifier Type Registry. This specification 611 reserves the following type values. Approval of new Operator 612 Identifier Type values are to be made through IANA Expert Review. 614 +=========================================================+ 615 | 0 | Reserved | 616 +===+=====================================================+ 617 | 1 | Operator ID as a four octet Private Ent. Number | 618 +===+=====================================================+ 619 | 2 | Realm of the Operator | 620 +===+=====================================================+ 622 6. Protocol Configuration Variables 624 This specification defines the following configuration variables that 625 control the use of Access Network Information related sub-options in 626 Proxy Mobile IPv6 signaling messages. The mobility entities, local 627 mobility anchor and the mobile access gateway MUST allow these 628 variables to be configured by the system management. The configured 629 values for these protocol variables MUST survive server reboots and 630 service restarts. 632 EnableANISubOptNetworkIdentifier 634 This flag indicates the operational state of the Network- 635 Identifier sub-option support. This configuration variable is 636 available at both in the mobile access gateway and at the local 637 mobility anchor. The default value for this flag is set to 638 (0), indicating that the support for Network-Identifier sub- 639 option is disabled. 641 When this flag on the mobile access gateway is set to a value 642 of (1), the mobile access gateway SHOULD include this sub- 643 option in the Proxy Binding Update messages that it sends to 644 the local mobility anchor, otherwise it SHOULD NOT include the 645 sub-option. There can be situations where the mobile access 646 gateway is unable to obtain the network-identifier and may not 647 be able to construct this sub-option. 649 Similarly, when this flag on the local mobility anchor is set 650 to a value of (1), the local mobility anchor SHOULD enable 651 support for this sub-option, otherwise it SHOULD ignore this 652 sub-option. 654 EnableANISubOptGeoLocation 656 This flag indicates the operational state of the Geo-Location 657 sub-option support. This configuration variable is available 658 at both in the mobile access gateway and at the local mobility 659 anchor. The default value for this flag is set to (0), 660 indicating that the support for Geo-Location sub-option is 661 disabled. 663 When this flag on the mobile access gateway is set to a value 664 of (1), the mobile access gateway SHOULD include this sub- 665 option in the Proxy Binding Update messages that it sends to 666 the local mobility anchor, otherwise it SHOULD NOT include the 667 sub-option. There can be situations where the mobile access 668 gateway is unable to obtain the geo-location information and 669 may not be able to construct this sub-option. 671 Similarly, when this flag on the local mobility anchor is set 672 to a value of (1), the local mobility anchor SHOULD enable 673 support for this sub-option, otherwise it SHOULD ignore this 674 sub-option. 676 EnableANISubOptOperatorIdentifier 678 This flag indicates the operational state of the Operator- 679 Identifier sub-option support. This configuration variable is 680 available at both in the mobile access gateway and at the local 681 mobility anchor. The default value for this flag is set to 682 (0), indicating that the support for Operator-Identifier sub- 683 option is disabled. 685 When this flag on the mobile access gateway is set to a value 686 of (1), the mobile access gateway SHOULD include this sub- 687 option in the Proxy Binding Update messages that it sends to 688 the local mobility anchor, otherwise it SHOULD NOT include the 689 sub-option. There can be situations where the mobile access 690 gateway is unable to obtain the operator-identifier information 691 and may not be able to construct this sub-option. 693 Similarly, when this flag on the local mobility anchor is set 694 to a value of (1), the local mobility anchor SHOULD enable 695 support for this sub-option, otherwise it SHOULD ignore this 696 sub-option. 698 7. Security Considerations 700 The Access Network Information option defined in this specification 701 is for use in Proxy Binding Update and Proxy Binding Acknowledgement 702 messages. This option is carried like any other mobility header 703 option as specified in [RFC6275] and does not require any special 704 security considerations. 706 The Geo-location sub-option carried in the Access Network Information 707 option exposes the geo-location of the network to which the mobile 708 node is attached. This information is considered to be very 709 sensitive and so care must be taken to secure the Proxy Mobile IPv6 710 signaling messages when carrying this sub-option. The base Proxy 711 Mobile IPv6 specification [RFC5213] specifies the use of IPsec for 712 securing the signaling messages and those mechanisms can be enabled 713 for protecting this information. Operators can potentially apply 714 IPsec ESP with confidentiality and integrity protection for 715 protecting the location information. 717 The Access Network specific Information elements that the mobile 718 access gateway sends may have been dynamically learnt over DHCP, or 719 using other protocols. If there is no proper security mechanisms in 720 place, the exchanged information may be potentially compromised with 721 the mobile access gateway sending incorrect access network parameters 722 to the local mobility anchor. This situation may potentially result 723 in incorrect service policy enforcement at the local mobility anchor 724 and impact to other services that depend on this access network 725 information. This threat can be mitigated by ensuring the 726 communication path between the mobile access gateway and the access 727 points is properly secured by the use of IPsec, TLS or other security 728 protocols. 730 8. Acknowledgements 732 The authors would like to thank Basavaraj Patil, Carlos Bernardos, 733 Gerardo Gieratta, Eric Voit, Hidetoshi Yokota, Ryuji Wakikawa, 734 Sangram Kishore, William Wan, Stefano Faccin and Brian Haberman for 735 all the discussions related to this topic. The authors would also 736 like to acknowledge the IESG reviews from Benoit Claise, Stephen 737 Farrell, Pete Resnick, Robert Spark, Martin Thomson and Ralph Droms. 739 9. References 741 9.1. Normative References 743 [RFC1035] Mockapetris, P., "Domain names - implementation and 744 specification", STD 13, RFC 1035, November 1987. 746 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 747 Requirement Levels", BCP 14, RFC 2119, March 1997. 749 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 750 10646", STD 63, RFC 3629, November 2003. 752 [RFC5213] Gundavelli, S., Leung, K., Devarapalli, V., Chowdhury, K., 753 and B. Patil, "Proxy Mobile IPv6", RFC 5213, August 2008. 755 [RFC5844] Wakikawa, R. and S. Gundavelli, "IPv4 Support for Proxy 756 Mobile IPv6", RFC 5844, May 2010. 758 [RFC6275] Perkins, C., Johnson, D., and J. Arkko, "Mobility Support 759 in IPv6", RFC 6275, July 2011. 761 9.2. Informative References 763 [ANI] 3GPP2 TSG-A, "Interoperability Specification (IOS) for 764 High Rate Packet Data (HRPD) Radio Access Network 765 Interfaces with Session Control in the Access Network", 766 A.S0008-A v3.0, October 2008. 768 [RFC2460] Deering, S. and R. Hinden, "Internet Protocol, Version 6 769 (IPv6) Specification", RFC 2460, December 1998. 771 [RFC3046] Patrick, M., "DHCP Relay Agent Information Option", 772 RFC 3046, January 2001. 774 [RFC6225] Polk, J., Linsner, M., Thomson, M., and B. Aboba, "Dynamic 775 Host Configuration Protocol Options for Coordinate-Based 776 Location Configuration Information", RFC 6225, July 2011. 778 [SMI] IANA, "PRIVATE ENTERPRISE NUMBERS", SMI Network Management 779 Private Enterprise Codes, February 2011. 781 [TS23003] 3GPP, "Numbering, addressing and identification", 2012. 783 [TS23203] 3GPP, "Policy and Charging Control Architecture", 2012. 785 [TS23402] 3GPP, "Architecture enhancements for non-3GPP accesses", 786 2012. 788 [WGS84] NIMA, "World Geodetic System 1984, Third Edition, NIMA 789 TR8350.2, January 2000.", 2010. 791 Authors' Addresses 793 Sri Gundavelli (editor) 794 Cisco 795 170 West Tasman Drive 796 San Jose, CA 95134 797 USA 799 Email: sgundave@cisco.com 801 Jouni Korhonen (editor) 802 Nokia Siemens Networks 803 Linnoitustie 6 804 Espoo FIN-02600 805 Finland 807 Email: jouni.nospam@gmail.com 808 Mark Grayson 809 Cisco 810 11 New Square Park 811 Bedfont Lakes, FELTHAM TW14 8HA 812 ENGLAND 814 Email: mgrayson@cisco.com 816 Kent Leung 817 Cisco 818 170 West Tasman Drive 819 San Jose, CA 95134 820 USA 822 Email: kleung@cisco.com 824 Rajesh Pazhyannur 825 Cisco 826 170 West Tasman Drive 827 San Jose, CA 95134 828 USA 830 Email: rpazhyan@cisco.com